Microsoft Copilot

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index

---

Attribute	Value
Publisher	Microsoft
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	domains
Version	3.0.2
Author	Microsoft
First Published	2025-10-01
Last Updated	2026-04-03
Solution Folder	Microsoft Copilot
Marketplace	Azure Marketplace · Popularity: ⚪ Very Low (0%)

The Microsoft Copilot solution allows you to stream your Microsoft Copilot audit logs from M365 Copilot and Security Copilot into Microsoft Sentinel in order to track Copilot activities across your organization.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

• Office Management API

Contents

• Data Connectors
• Tables Used
• Content Items

Data Connectors

This solution provides 1 data connector(s):

• Microsoft Copilot

Tables Used

This solution uses 1 table(s):

Table	Used By Connectors	Used By Content
CopilotActivity	Microsoft Copilot	Analytics, Hunting, Workbooks

Content Items

This solution includes 7 content item(s):

Content Type	Count
Analytic Rules	4
Hunting Queries	2
Workbooks	1

Analytic Rules

Name	Severity	Tactics	Tables Used
Copilot - File Uploads Disabled	High	DefenseEvasion	CopilotActivity
Copilot - Jailbreak Attempt Detected	High	InitialAccess, CredentialAccess, Impact	CopilotActivity
Copilot - Plugin Created by Non-Admin User	High	Persistence, PrivilegeEscalation	CopilotActivity
Copilot - Plugin Tampering (Enable and Disable Within 5 Minutes)	Medium	Discovery, DefenseEvasion	CopilotActivity

Hunting Queries

Name	Tactics	Tables Used
Copilot - Access From External IP Address	InitialAccess	CopilotActivity
Copilot - Plugin Enabled After Being Disabled	DefenseEvasion	CopilotActivity

Workbooks

Name	Tables Used
MicrosoftCopilotActivityMonitoring	CopilotActivity

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.2	02-04-2026	Update Solution and Connector Descriptions. Added a Analytic rules, Hunting Queries and Workbook for Microsoft Copilot Activity Monitoring and detection. Solution push to GA.
3.0.1	12-12-2025	Update copilot table name from LLMActivity to CopilotActivity.
3.0.0	10-09-2025	Releasing a new Microsoft Copilot connector solution in Content Hub and Data Connector gallery.

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Solutions Index