Security Copilot added to Microsoft 365 E5
Seattle WA, USA. 11 November 2025
This year at Microsoft Ignite 2025, Microsoft’s annual flagship conference held this year in San Francisco, Microsoft announced that Security Copilot will now be included in Microsoft 365 E5. In practical terms, this means that Security Copilot agents across Purview, Defender, Entra, and Intune will be built into the management console, available to the security teams during their typical operations, for any organization with E5 licensing.
This includes all chat, promptbook, and agentic scenarios built into the Microsoft admin portals across the solutions described above. The standalone Security Copilot experience and usage from Microsoft Sentinel are also included. From a developer perspective, the tools and APIs used to create custom agents, promptbooks, and integrations are included. Even the SCU usage for partner agents is included, although this may change in the future.
Some things are best defined by their opposites; let’s look at what is not included. Partner agents may require a subscription to use. This will vary on a partner-by-partner basis, and you can use the Security Store to see the licensing cost to a specific agent you are interested in. Custom Security Copilot agents or custom scenarios may include additional requirements that could require separate licensing. For example, if you are using Azure Logic Apps or Sentinel data lake with Security Copilot, these would incur a separate cost.
This is a game-changing event for all E5 organizations and it signals Microsoft’s continued commitment to helping organizations fight cyberthreats at Gen-AI speed. It’s also the perfect opportunity for security teams to really dive into how Security Copilot can help prioritize, surface, and remediate threats as bad actors continue to evolve their tactics. Today’s cybersecurity team needs to be more agile than ever, and this is another powerful weapon at our disposal, now available more broadly.

What does Security Copilot do?
Security Copilot offers a robust suite of features designed to empower security teams with gen-AI-driven insights and automation. Integrated seamlessly across solutions like Purview, Defender, Entra, and Intune, Security Copilot agents are accessible directly through the management console, enabling security professionals to interact via chat, promptbooks, and agentic scenarios. These built-in capabilities enable admins to speed up and level up their security operations. Additionally, custom agent creation, promptbook development, and integration APIs are available for organizations looking to tailor their security operations, making the platform highly flexible and extensible for various enterprise needs.
Beyond its core integration, Security Copilot also includes standalone experiences and compatibility with Microsoft Sentinel, further extending its reach within the security ecosystem. The platform facilitates rapid incident response and threat hunting by surfacing actionable intelligence and recommendations through intuitive interfaces. Security Copilot supports both standard and custom scenarios, enabling organizations to adapt its capabilities to unique environments or requirements.
When will this change take place?
It depends! Microsoft started rolling out this functionality on November 18th, beginning with organizations that already use Security Copilot. If you already leverage Security Copilot, you may see the features already. For everyone else, you will start to see Security Copilot in your Microsoft admin portals in the coming months. Microsoft will send you a 30-day advance notification prior to implementation, giving you some time to plan for this exciting change.
From a technical perspective, there is nothing you need to do to ready your tenant for this change. There are no prerequisites or setup required.
What is Microsoft 365 E5?
Microsoft 365 E5 is a comprehensive enterprise solution that combines Office 365, Windows 11 Enterprise, and advanced security, compliance, and analytics tools into a single subscription. It is designed to help organizations enhance productivity, improve collaboration, and protect their data with features such as advanced threat protection, information governance, and integrated communication services like Microsoft Teams. The E5 plan is the most feature-rich offering in the Microsoft 365 suite, making it ideal for businesses that require robust security and compliance capabilities alongside productivity applications.
- Providing richer identity data.
- Delivering improved behavioral context.
- Enabling cross-platform anomaly detection across hybrid and multicloud environments.
Licensing Model
If you have been following Security Copilot, you know that its pricing model is different from Microsoft 365 E5. Security Copilot uses a consumption-based model that leverages what Microsoft calls Security Compute Units (SCUs) as currency. Microsoft 365 E5 is licensed per user per month.
To square this circle, Microsoft is giving organizations 400 SCUs per month for every 1,000 licensed M365 E5 users, with a maximum of 10,000 SCUs per month. If you exceed this amount, you can pay as you go. These parameters are subject to change as Microsoft starts to see how Security Copilot is used across these newly enabled organizations. For the full details, see https://learn.microsoft.com/en-us/copilot/security/security-copilot-inclusion#licensing-and-capacity.
How can Synergy Advisors help?
Our Security Copilot architects can help you optimize your M365 environment for Security Copilot usage. Our team can help identify use cases and workflows that match your unique requirements and environment. We can help train your team to operationalize these new capabilities and hit the ground running according to best practices.
We can also help assess and remediate your M365 workloads to ensure they are configured in such a way as to maximize the capabilities of Security Copilot and, therefore, optimize your security posture. Security Copilot is dependent on the data ingested from M365; we review your tenant to find potential gaps that would prevent visibility and action.
Synergy Advisors is a consultancy specializing in optimizing Microsoft 365 environments, particularly for organizations implementing advanced security solutions like Security Copilot. Our team of architects helps businesses identify relevant use cases, streamline workflows, and train teams to maximize the benefits of new Microsoft capabilities. We also offer managed services and have developed our own set of E-Suite solutions, which build on top of M365 workloads to expand their features and scope.
For more information, email us at [email protected].
Author

Micah LaNasa
Consultant Lead