Microsoft has released Copilot for Security as a specialized tool to help protect at the speed and scale of AI. The scenario is to turn questions into action. By asking Copilot for Security questions in a natural language, we can receive actionable responses within seconds. We are all eager to test this. Let’s examine how to test Microsoft Copilot for Security on a Budget.
Table of Contents
Microsoft Copilot for Security Pricing
The power and capabilities of Copilot for Security have been widely discussed, generating expectations and a desire to test out its functionality. What hasn’t been talked about as much, leading to a lot of uncertainty, is the pricing aspect.
The first time I saw something official about the pricing was at Experts Live Denmark, where Rod Trent presented the pricing structure based on Security Compute Units (SCU).
The Secure Compute Unit
A Security Compute Unit (SCU) is basically how Copilot for Security measures the computing power needed to run a workload. One SCU will cover approximately 10 prompts per day, depending on the complexity of the prompt. The complexity of the workload determines how many SCUs you’ll require. The SCU is not limited to a user like a traditional license is.
The Enormous Minimum Cost
As seen in Microsoft Copilot for Security pricing calculator, the price is $4 per SCU per hour.
To use Copilot for Security, you’ve got to have at least one SCU up and running. Implementing this, will run 24/7/365 and give a cost for a year of $35,040 USD ($4 per SCU * 24 hours per day * 365 days per year). That is the minimum solution of one SCU. You can have maximum 100 SCUs assigned.
How to Test Microsoft Copilot for Security on a Budget
This will be a steep cost if you want to give the technology a test drive or if you only need access to the solution during normal work hours.
Microsoft documentation says Copilot for Security follows a provisioned capacity model, meaning it’s billed hourly. You can allocate security compute units (SCUs) and adjust them as needed. Billing is done hourly, with a minimum charge of one hour. I am eager to test the Copilot for Security without breaking the bank. My goal is to utilize Microsoft Copilot for Security on a budget. Can I adjust the number of SCUs to zero to save cost when I am not actively using the solution in my lab?
Spinning Up Copilot for Security
I will spin up Copilot for Security in my tenant to get some hands on experience.
Getting Started
I am signing in to Copilot for Security (https://securitycopilot.microsoft.com/) as a Global Administrator.
After clicking the “Get started” button, my tenant is being prepared.
I need an Azure Subscription to set up my Copilot for Security capacity. I’m as thrifty as they come! I stick to just one SCU to keep things running on a budget.
Since I am based in Europe, I guess I am getting some extra information I need to accept 😁
I get the option to help improve Copilot.
Now some information on who will have access to the Copilot for Security. The important part here is responses will vary based on existing user permissions to Microsoft Security products.
Finally, everything is set.
The security workers can now access https://securitycopilot.microsoft.com to get access to Microsoft Copilot for Security.
Navigating Azure Resources
After implementing Copilot for Security, I can examine the Microsoft Azure portal to see the Services, Resources and Resource Groups supporting the solution.
Looking at the Service, I can see my estimated monthly cost of $2880 by running only 1 SCU!
This cost will definitely break the bank! I need to get on top of this to run Microsoft Copilot for Security on a budget!
Test Microsoft Copilot for Security
As mentioned earlier, billing is done hourly with a minimum charge of one hour. I might as well do some testing within the current hour.
I can tap into Microsoft Copilot for Security features either through its standalone interface or through easy-to-use integrations within other Microsoft security products like Microsoft Intune.
The Standalone Microsoft Copilot for Security Portal
Navigating to https://securitycopilot.microsoft.com/, I find the standalone Microsoft Copilot for Security portal.
On the portal homepage, I find quick access to my previous sessions (1), quick access to promptbooks and promptbook libraries (2), a prompt for starting new queries (3), and a menu giving access to configuring the service.
The Copilot for Security Menu
The menu system is easily understandable, and I don’t think any deep dive is necessary at this point.
Take 10 minutes and look around the menu to familiarize yourself with the options available.
The Copilot for Security Prompt Experience
A typical place to start for many of us is by submitting prompts in clear text. Rod Trent has a Copilot for Security Prompt library on Github holding samples, templates, and promptbooks: GitHub – rod-trent/Copilot-for-Security
Asking should be as simple as writing your questions in natural language.
I will not get an answer if I ask questions outside my assigned privileges.
Some queries might link to further actions directly from the response. In the following example, I am requesting advanced hunting help.
The response has a KQL query (1), a preview of the result (2), and even a button to take me directly to go hunting in Microsoft 365 Defender(3).
I can pin queries I like on my pin board.
The Pinboard will also hold a summary of the current session.
I am really looking forward to testing more of the standalone Microsoft Copilot for Security Portal. Here are some sample prompts I plan to check out:
- Device questions:
- Give me information about Device1?
- What applications are discovered on Device1?
- What devices are user Simon using?
- Tell me about devices used by Simon
- Policy questions:
- Which groups are App1 assigned to?
- Which apps are Group1 assigned to?
- How many devices are App1 assigned to?
- Tell me about Policy1
The Integrated Microsoft Copilot for Security Experience
The integrated Microsoft Copilot experience in Microsoft Intune is even more interesting for me. Copilot is now available as a preview under the Tenant administration blade in Microsoft Intune.
With Copilot in Intune enabled, the Home blade has been enriched with more information on getting started with Copilot.
When asking Copilot questions in Microsoft Intune, the response is generated by Copilot for Security. The answer is based on data from my tenant and authoritative Microsoft documentation.
Currently, Copilot within Intune serves two main functions: Policy management and Troubleshooting. Microsoft’s documentation describes these possibilities excellently.
The beauty of Copilot for Security integrated in Intune, is the way it blends into the known user interfaces. Here is an example of the Copilot icon inviting to give more information on a random setting found in the Settings Catalog:
Read up on Start using Copilot in Intune directly on Microsoft’s pages.
Microsoft Copilot for Security on a budget
I am thrilled to have access to the powerful Copilot for Security in my environment, but I am terrified of ongoing expenses in my pilot environment. It’s time to get a handle on the costs to ensure I run Microsoft Copilot for Security on a budget!
Usage Monitoring
I find the Usage Monitor under the Menu at the Microsoft Copilot for Security.
My test thus far has been based on 1 Secure Compute Unit (SCU), which has been easily used from my side. Anyhow, I noticed that I had used 90% of the available units at one point in time. I still don’t get why it says 4.8 units used when I have a capacity of 1 unit pr. hour.
Cost Management
In Azure Cost Management, I can find an overview of the actual cost applied to the service.
As seen above, the Accumulated costs for the resource group holding the Copilot for Security peaked during my test writing this blog. I can change the currency in this view by clicking the amount.
The graph clearly shows that I need to control these costs. I can’t afford to let them run idle.
Limit Usage
Since I’m stingy and only spend 1 SCU, I must control what it’s used for. Most people today are used to tools like ChatGPT and how that can answer most questions. The user interfaces for both Copilot for Security and ChatGPT resemble each other, making it easy to misuse the tool, leading to potentially high costs. The following example shows how Copilot for Security can answer any irrelevant question you throw at it.
To avoid this, you should ensure you are disabling access to the public web for your prompts:
This way, you can ensure your capacity is available for the real deal.
Put an end to those runaway expenses!
I’ve finished today’s testing, but I’m uncomfortable incurring runaway expenses for a service I won’t use for a while. Checking the Azure service for Microsoft Copilot for Security compute capacities, reducing the number of SCUs below the minimum of 1 is impossible.
The only option left is to delete the compute capacity.
The service is gone within seconds, as is the running costs.
The next time I visit Copilot for Security, I am prompted to create a Security capacity.
This capacity can be created in the Azure Portal or the Microsoft Copilot for Security portal. Once the capacity is available again, I can access my old sessions. Microsoft retains my Copilot for Security data for 90 days, ensuring smooth continuity.
Be aware:
Once you create the capacity, the cost will apply for at least one hour.
Once you delete the capacity, you will lose access to it. It will not be available through the hour you actually paid for!
You will be billed for one hour if you apply for a capacity at 12:00.
If you delete the capacity at 12:20, you will lose the capacity at 12:20 even though you paid for the 12:00 to 13:00 timespan.
Checking in on my Azure Cost Management using the DailyCosts view, I can clearly see the price accumulating when I enable the service and how I control the runaway expenses by removing the compute capacity.
Be aware of the “AccumulatedCosts” view, which can fool you into thinking you have costs running every day.
The DailyCosts view is exactly what I need to see to be confident piloting the Microsoft Copilot for Security test on a budget!
Concluding Microsoft Copilot for Security Test on a Budget
At first glance, piloting a service with a potential $2880/month bill seemed daunting. However, after testing it out, I’m relieved. Deleting and recreating SCUs is straightforward and transparent, making exploring this exciting new service easy with minimal financial risk. It turns out I can actually run Microsoft Copilot for Security on a budget!
Calculate And Automate
MVP Morten Waltorp Knudsen has released a cost calculator for scalable capacity deployment for running the service for a non-24×7 scenario. This might be helpful if you need to plan costs for running this service on a larger scale than ad hoc.
If that is your case, you might also be interested in Aaron Hoffmann and his automated approach to creating and deleting Copilot for Security capacities using Logic Apps. Combining automation with Azure Budget thresholds in cost management could allow the necessary budget control to run Microsoft Copilot for Security on a budget!
MVP Jan Vidar Elven has also released his take on Automatic Provisioning and Deprovisioning of Copilot for Security Capacity Unit. His approach is to automate creating an SCU on weekday mornings and destroy it again in the afternoon.
I will use a manual approach to creating and deleting the capacity when I feel the need to test the service in my tiny piloting environment—it can be performed within a minute.
You and AI, Best Together
Just like any AI-powered tool, Copilot for Security isn’t perfect. I noticed this a few times during my brief trial. Responses were sometimes wrong, sometimes inaccurate, and sometimes even based on hallucinations. I need to give its responses a second look. The tool will not take my job, but it will be a great tool as long as I can control the cost of running Microsoft Copilot for Security on a budget.
[…] from the portal, but I can easily mark them up and copy them to my favorite script editor or AI tool for analysis. This is often just what I need to do a quick […]