February 28, 2026February 28, 2026 Book review of Microsoft Security Copilot for Security Operations Table of Contents About the book Sami Lamppu and Raghu Boddu have made another book. This time it is all about the Security Copilot from Security operations point of view. Their previous book was this. The book contains 12 chapters which are divided to 4 sections. You can get this book from orangeava.com and from Amazon.com For who This is a comprehensive set of Microsoft Security Copilot. Whether you are beginner or pro you will definitely learn something new. This book is not just pure technical people. This book offers ROI calculations for business decicision makers. S0 anyone who needs to know, learn, or use the Security Copilot. This is for you. Content of the book The book has a lot of content and you can see the short description here of each chapter. Chapter1 will cover some of the basics of Gen AI’s role in Cybersecurity, examining the impact and its integral role in reshaping the security industry. Chapter2 describes the comprehensive overview of Microsoft Security Copilot capabilities and architecture. Chapter3 will further describe the integrations between SC and Defender XDR and Sentinel as primary focus. Chapter4. The art of prompt engineering and the power of promptbooks. Discover how Security Copilot integrates with Microsoft ecosystem. Chapter5 takes a closer look at the AI agents era, exploring how these agents can advice security teams worldwide. Chapter6 describes how SC elevates SOC capabilities, bridging cybersecurity skill gaps and empowering teams with intelligent insights. Chapter7 examines the benefits of Risk Operations Center (ROC) and how these paradigm signals a transformative shift in organizational security culture. And how automation driven by SC can streamline processes. Chapter8 examines the importance of conducting a thorough needs analysis, evaluate current security postures and perform gap assessments to identify vulnerabilities and areas for improvement. Chapter9 explains how SC eases AI automation and real-time monitoring with both Microsoft and non-Microsoft security tools. Chapter10 is for costs and pricing. Guidance for the SCU (Secure Compute Unit) purchase strategy and demonstration to effectively use the pricing calculator. Also a focus on ROI (Return of Investment) offering best practices to maximize the value of SC investment. Chapter11 offers a case study. Chapter12 presents a thorough collection of key resources to deepen your understanding of AI and security, including various SC content, third-party resources (blogs, tools, GitHub repositories). Some topics Gen AI in Cybersecurity use cases (from chapter 1) Gen AI is rapidly transforming the cybersecurity landscape presenting both exciting opportunities for enhanced defense and concerning new avenues for attack. It's ability to learn patterns, generate new data and automate complex tasks makes it powerful tool with a dual nature. Cybersecurity use cases - Property of SL & RB Good prompt vs bad prompt (from chapter 4) A good prompt is clear, spesific and detailed VS bad prompt is vague and ambiguous which leads to incomplete or inaccurate outputs. Good prompt example: “Analyze the last 24 hours of login attempts and identify any suscipious activity, including IP addresses and timestamps”. Bad prompt example: “Check recent logins”. SC prompt processing - property of SL & RB Cyber Risk Operations Center (from chapter 7) Benefits of adopting CROC is more than a tactical upgrade -> It's strategic investment that yields profound benefits across the entire spectrum of organizational performance. Cyber Life cycle - property of SL & RB Security Copilot Automation and monitoring (from chapter 9) An effective monitoring strategy is essential to maximize its value, ensure optimal performance and maintain security compliance across Data, Privacy and Security. Example of AiTM investigation flow with SC - property of SL & RB Summary The way Sami and Raghu have written the book is clear and understandable. Even the table of contents is very good. I see right away what I was looking for. There are easy use cases and this case study in chapter 11 with a fictional company describes a good way things could also do in real life. Every chapter has its key terms and further reading links available. To read and understand this book you it helps if you know something about Microsoft security products like Entra ID, Defender XDR, Sentinel and some Azure. This is book is not for dummies but still welcomes everyone to read it though the learning curve can be steep. And for me who does security with Microsoft security products this is a very good book since I have not been studying Security Copilot lately because I have focused to Sentinel and Defender for Cloud transitions. Jussi Metso Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. Share on Social Mediaxfacebooklinkedinwhatsapp Discover more from Jussi Metso Subscribe to get the latest posts sent to your email. Subscribe SECURITYCOPILOT #bookreview#cloudsecurity#defenderxdr#securitycopilot