Category
stayInformed
Severity
normal
Major change
False
Last modified
2026-04-02 20:58:10
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
2026-04-15 00:00:00
Services
Microsoft Defender XDR
Tags
New feature, User impact, Admin impact
Master tags
User, Admin, Security, Copilot License
Roadmap IDs
One-line summary
Defender XDR adds AI-powered email summaries via Security Copilot on the Email Entity page, aiding security teams with faster threat analysis. Requires Security Copilot access and SCUs.
Similar updates
More like thisMC1187672 Get ready for security agents: Microsoft Security Copilot will be included in Microsoft 365 E5
Get ready for security agents: Microsoft Security Copilot will be included in Microsoft 365 E5 Security Copilot with new AI agents is now included at no extra cost for Microsoft 365 E5 customers, rolling out over the coming months across Defender, Entra, Intune, and Purview. Introduction: Microsoft Security Copilot agents are directly built into.
MC1163754 Enhancements to the Deep Analysis tab of Email Entity page by Microsoft Defender for Office 365
Enhancements to the Deep Analysis tab of Email Entity page by Microsoft Defender for Office 365 Defender for Office 365's Deep Analysis tab gains enhanced UI, improved detonation chains, expanded metadata, and exportable insights for better threat investigation, rolling out Nov 2025. We’re excited to share recent enhancements to the Deep.
MC1130610 (Updated) Microsoft Outlook: Enhanced search experience with Copilot across Web, Mac, and Mobile
(Updated) Microsoft Outlook: Enhanced search experience with Copilot across Web, Mac, and Mobile Immersive Search adds a Copilot side pane in Outlook search results, showing AI-generated summaries from emails, Teams, and documents; rollout starts late October 2025 and is on by default. Introduction We’re introducing Immersive Search , a new.
MC1162289 (Updated) Microsoft Outlook: Summarize email with Copilot chat
(Updated) Microsoft Outlook: Summarize email with Copilot chat Copilot chat in Outlook now lets users quickly summarize emails and attachments with one click; rollout starts mid-October 2025 for all Outlook platforms, no admin action needed. Updated October 2, 2025: We have updated the content. [Introduction] We're introducing a new way to.
MC1124564 (Updated) Microsoft Outlook: Copilot chat now available to summarize emails for more users
(Updated) Microsoft Outlook: Copilot chat now available to summarize emails for more users Outlook users with Copilot chat can now summarize email threads directly from the reading pane, even without a Copilot license; feature rolls out from mid-September 2025. Introduction We’re introducing a new way to quickly summarize email threads in Outlook.
MC1190188 Microsoft Copilot Studio – Increase sense of security for makers inside Copilot Studio
Microsoft Copilot Studio – Increase sense of security for makers inside Copilot Studio Copilot Studio now offers improved insights and security awareness, giving makers real-time agent status, blocked message details, and proactive security recommendations. We are announcing the introduction of improved insights and security awareness for your.
Details
Summary
Microsoft Defender XDR will add an AI-powered Email summary via Security Copilot on the Email entity page, launching in public preview mid-April 2026 and generally available by mid-May 2026. It provides concise threat insights, timeline analysis, URL and attachment assessments, requiring Security Copilot access and SCUs.
Body (from Message Center)
[Introduction]
We’re introducing Email summary powered by Security Copilot on the Email Entity page in Microsoft Defender XDR. This AI-driven capability helps security teams quickly understand and respond to email threats by summarizing email detection data into clear, actionable insights. This feature is designed to reduce investigation time and improve analyst efficiency by presenting key signals and analysis in one place.
[When this will happen]
- Public preview: Rollout begins in mid-April 2026 and is expected to complete by late April 2026.
- General availability (Worldwide): Rollout begins in early May 2026 and is expected to complete by mid-May 2026.
[How this affects your organization]
Who is affected
- Security teams and admins using Microsoft Defender XDR
- Microsoft 365 tenants with Security Copilot access and provisioned Security Compute Units (SCUs)
What will happen
- A new Email summary section will appear on the Email entity page in Microsoft Defender XDR:
- Security Copilot will generate AI-driven summaries that include:
- Email overview: A concise summary of detected threats, actions taken, overrides, and key indicators:
- Timeline event analysis: A chronological view of actions and outcomes across the email lifecycle:
- URL analysis: Assessment of URLs extracted from the email to identify known malicious behavior.
- Attachment analysis: Insights into attachments, highlighting suspicious or harmful files and associated risks.
- Email overview: A concise summary of detected threats, actions taken, overrides, and key indicators:
- This feature requires Security Copilot access and SCUs and is not enabled by default.
- Existing security policies, permissions, and investigation workflows are respected; no policy changes are required.
[What you can do to prepare]
- Ensure Security Copilot Security Compute Units (SCUs) are provisioned in your tenant.
- Verify that intended users have access to Security Copilot.
- Review and update internal investigation workflows or documentation, if applicable.
- Inform security analysts about the new Email summary experience so they can incorporate it into daily investigations.
Learn more:
- Get started with onboarding to Microsoft Security Copilot | Security Copilot | Security | Microsoft Learn
- Learn about Security Copilot for Microsoft 365 E5 included customers | Security Copilot | Security | Microsoft Learn
- Microsoft Security Copilot in Microsoft Defender | Microsoft Defender XDR | Microsoft Learn
[Compliance considerations]
| Question | Answer |
| Does the change alter how existing customer data is processed, stored, or accessed (for example, emails, detections, URLs, or attachments)? | Yes. This change alters how existing email detection data in Microsoft Defender XDR is processed by using Security Copilot to generate AI-based summaries from existing signals, metadata, and analysis results. No new customer data is stored, and existing data retention, residency, and access controls remain unchanged. |
| Does the change introduce or significantly modify AI/ML or agent capabilities that interact with or provide access to customer data? | Yes. This change introduces a generative AI capability through Security Copilot that summarizes existing Microsoft Defender XDR email data to provide contextual insights for security analysts. The AI output is derived from existing data and does not replace underlying security signals or detections. |
| Does the change provide end users any new way of interacting with generative AI, if so how? | Yes. Security analysts can view AI-generated summaries on the Email entity page, providing read-only insights generated by Security Copilot. The feature respects existing role-based access controls and does not grant access to data beyond what users are already permitted to view. |
| Does the change include an admin control, and can it be controlled through Entra ID group membership? | Yes. Access to this capability is controlled through Security Copilot licensing and the provisioning of Security Compute Units (SCUs). Administrative access can be managed using existing access controls, including Entra ID–based role assignments. |
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2026-04-15T00:00:00Z",
"ai_actions": [
"Provision Security Copilot Security Compute Units (SCUs)",
"Verify Security Copilot access for required users",
"Update investigation workflows if needed",
"Inform analysts about new email summary experience"
],
"ai_master_tags": [
"User",
"Admin",
"Security",
"Copilot License"
],
"ai_model": "gpt-4.1",
"ai_summary": "Defender XDR adds AI-powered email summaries via Security Copilot on the Email Entity page, aiding security teams with faster threat analysis. Requires Security Copilot access and SCUs.",
"ai_topics": [
"Defender",
"Copilot"
],
"category": "stayInformed",
"details_map": {
"Summary": "Microsoft Defender XDR will add an AI-powered Email summary via Security Copilot on the Email entity page, launching in public preview mid-April 2026 and generally available by mid-May 2026. It provides concise threat insights, timeline analysis, URL and attachment assessments, requiring Security Copilot access and SCUs."
},
"id": "MC1268924",
"importance": 4,
"is_major_change": false,
"last_modified": "2026-04-02T20:58:10Z",
"ms_products": [
"Defender"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Defender XDR"
],
"severity": "normal",
"tags": [
"New feature",
"User impact",
"Admin impact"
],
"title": "Microsoft Defender XDR: Email summary powered by Security Copilot on the email entity page"
}
}