Microsoft has integrated Azure Firewall with its AI-powered Security Copilot platform, bringing natural language threat investigation capabilities to cloud network security teams.
The new integration allows security analysts to investigate malicious network traffic using conversational prompts instead of complex query languages.
AI-Powered Threat Investigation
Security Copilot is Microsoft’s generative AI solution designed to enhance security operations at machine speed and scale.
The platform supports security professionals across multiple scenarios, including incident response, threat hunting, intelligence gathering, and posture management through a natural language interface.
Azure Firewall is a cloud-native network firewall security service that provides threat protection for Azure cloud workloads.
It operates as a fully stateful firewall with built-in high availability and unrestricted cloud scalability.
The integration with Security Copilot specifically enhances the Intrusion Detection and Prevention System (IDPS) feature, enabling analysts to investigate intercepted malicious traffic across their entire firewall fleet using simple questions.
Security teams can access the integration through two experiences: the standalone Security Copilot portal or the embedded Azure Copilot experience within the Azure portal.
Both options provide the same AI-powered investigation capabilities powered by security compute units.
The integration enables several critical investigation functions through natural language prompts.
Analysts can retrieve top IDPS signature hits for specific firewalls without manually constructing complex queries.
Security teams can ask questions such as identifying the top attacks over specific timeframes or checking for malicious traffic intercepted by particular firewalls.
The system provides threat enrichment beyond basic log information, offering additional context about IDPS signatures and associated threats.
Analysts can request explanations for severity classifications or learn about attacker profiles and associated CVE vulnerabilities.
The Microsoft Threat Intelligence plugin serves as an additional source for enriching IDPS signature information.
Fleet-wide threat searches represent another powerful capability, allowing security teams to search for specific IDPS signatures across entire tenants, subscriptions, or resource groups.
This eliminates manual searching across multiple firewalls and provides comprehensive visibility into threat distribution.
Organizations must configure Azure Firewall to generate resource-specific structured logs for IDPS and send them to a Log Analytics workspace.
Users need appropriate Azure role-based access control permissions to access firewalls and associated Log Analytics workspaces.
Once the prerequisites are met, enabling the integration is as simple as turning on the Azure Firewall plugin in Security Copilot.
The system automatically discovers the necessary data from properly configured Log Analytics workspaces, requiring no additional configuration steps for users with the required permissions.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.