Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. In this blog we will be focusing on the newly announced Azure Firewall integration in Copilot for Security.

How Copilot for Security works with the Azure Firewall plugin

The Azure Firewall integration in Copilot for Security helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience.

The Azure Firewall plugin enabled in the Copilot for Security standalone experience

These capabilities were announced at RSA. Take a look at this blog to learn more about the user journey and value that Copilot can deliver: Bringing generative AI to Azure network security with new Microsoft Copilot integrations.

There are four primary capabilities now in public preview which are outlined below.

Get top IDPS signature hits

This capability retrieves the top IDPS signature hits for an Azure Firewall. It helps the user get information about the traffic intercepted by the IDPS feature by simply asking natural language questions instead of the user having to construct KQL queries manually.

Get details on an IDPS signature

This capability enriches the threat profile of an IDPS signature beyond the information found in logs. It helps the user get additional details about an IDPS signature instead of requiring them to manually source this information. The Microsoft Defender Threat Intelligence plugin is another source that Copilot may use to provide threat intelligence for IDPS signatures.

Search across firewalls for an IDPS signature

This capability looks for a given IDPS signature across your tenant, subscription or resource group. It helps users perform a fleet-wide search (over any scope) for a threat across all their Firewalls instead of searching for the threat manually.

Secure your environment using IDPS

This capability generates recommendations to secure your environment using Azure Firewall’s IDPS feature. It helps users get information from documentation about using Azure Firewall’s IDPS feature to secure their environment instead of having to look up this information manually. Copilot for Security may also use the Ask Microsoft Documentation capability to provide this information.

Get started

Learn more in our documentation about these capabilities and how to access them in Microsoft Copilot for Security today!

Abhinav Sriram, 

Product Manager

​Microsoft Tech Community – Latest Blogs –Read More