Jamf plugin now available in public preview for Microsoft Copilot for Security

Learn what Microsoft Copilot for Security is, how you can leverage Jamf management and security, and what it means when tools and expertise combine to make your devices much more secure.

May 6 2024 by

Jesus Vigo

Introducing Microsoft Copilot for Security

In November 2023, at Microsoft Ignite, Microsoft introduced “the future of security with AI” — a tool that expands data security in AI, as well as AI within security.

Enter Microsoft Copilot for Security.

A new, generative AI solution that ushers a new era of enterprise security that:

  • Combines Microsoft’s extensive security tooling and expertise
  • Leverages specialized security vendors’ expertise and datasets
  • Ensures end-to-end security protections
  • Builds upon the principles of Zero Trust

By weaving in generative AI, the dynamic shift in protection allows security teams to stem the tide of myriad threats across the digital landscape while allowing administrators to do so more efficiently.

What is Microsoft Copilot for Security?

Microsoft Copilot for Security is an AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed and assess risk exposure within minutes. It combines an advanced large language model (LLM) with a security-specific orchestrator, alongside Microsoft's global threat intelligence with more than 78 trillion security signals daily. Cyber skills and promptbooks are also included to add generative AI to existing security workflows.

Copilot for Security aims to help security professionals quickly address threats using extensive signals and powerful generative AI. To make the most of available expertise and technologies, Copilot is built to be pluggable, meaning it is intended to integrate with partner (AI) tools and datasets. Given Jamf’s extensive expertise in Apple security and threat detection and response and our membership in the Microsoft Intelligent Security Association (MISA), Jamf is among a limited number of partners.

In lay terminology, Copilot for Security helps alleviate the following security challenges:

  • Disparate security toolsets
  • Talent gaps for cybersecurity and data science
  • Communication gaps between security team members
  • Dynamic vs static incident responses
  • Mitigating cyberattacks quickly
  • Adapting to evolving threats

Balancing each of these critical points as operational security teams struggle to manage their infrastructure in real-time. Proving that Microsoft’s solution, which aims to deliver an industry-defining vision, presents the first unified security operations platform to combine:

  • the power of leading solutions in security information and event management (SIEM)
  • extended detection and response (XDR)
  • generative AI for security

How does Copilot for Security work?

Copilot uses data from SIEM, XDR, Endpoint and other security solutions. It provides analysts with a unified incident experience that streamlines your security stack while providing end-to-end views of threat impacts across your entire infrastructure.

Furthermore, it enables automation between each of these solutions, enriching them with the use of natural language to coordinate incident response at each level. In other words, security analysts gain the ability to more quickly and easily perform tasks from triage through remediation.

But the automation doesn’t just stop at known threats. By gaining the ability to query all telemetry and endpoint security solutions data in a centrally stored location, Microsoft Copilot for Security drives threat-hunting processes, helping teams discover unknown threats — and execute the appropriate remediation workflows — before they have a chance to evolve into something far worse. All while powerful AI technologies provide security professionals with step-by-step guidance to easily resolve incidents. From providing recommended remediation actions to generating polished reports that summarize investigations, effectively updating company stakeholders.

Jamf as a launch partner

Jamf, a leader in Apple management and security — combining our strong partnership with MISA — continues its commitment to exploring innovative ways to secure enterprise devices and environments.

Enhance your macOS endpoint security by pairing Jamf’s security expertise, integrating our solutions with Microsoft's threat intelligence and AI capabilities to enhance detection and response. Security professionals relying on Microsoft solutions on macOS devices benefit from existing key benefits they’ve come to enjoy from Jamf while plugging them into Microsoft Copilot for Security’s advanced, security-specific LLM.

Introducing Jamf’s plugin for Copilot

When interpreting an alert, more telemetry data is often needed to quantify the threat than what is contained within the alert itself. Jamf’s plugin for Microsoft Copilot for Security streamlines how Security Analysts access data, facilitating seamless collaboration between IT and Security teams.

By making Jamf Pro's comprehensive MDM inventory insights readily available, the process of gathering crucial information is simplified. A security admin may, for example, choose to query the following device insights based on its serial number:

  • List all installed software, including suspicious applications
  • Obtain a list of all user accounts and their privilege levels
  • View complete inventory details
  • Show hardware and security configurations
  • Check FileVault status levels
  • Get the current firewall settings

Using the intuitive chat user interface of Copilot for Security, admins can receive answers to their queries directly within the LLM instead of having to toggle between multiple consoles, like Jamf Pro or Jamf Protect.

Enhanced by Copilot for Security’s global threat intelligence, this plugin supports quicker incident resolution, turning data access into actionable security insight. It's an efficient, effective tool for a more informed response to threats.

If you would like to try this plugin in public preview, locate the plugin marketplace within Microsoft Copilot for Security , search for "Jamf" and install the plugin. Then follow the steps below to easily set up the Jamf Pro API client and configure Copilot for Security:

Jamf Pro API Client Setup

  1. Log into your Jamf Pro instance.
  2. Follow the guide, API Roles and Clients in Jamf Pro, to customize your API client.
  3. Assign an API role to the client that has the "Read Computers" privilege.
  4. Securely copy the client ID, client secret and required scopes (scope number).

Copilot for Security Plugin Configuration

  1. Access the configuration settings for the Inventory Insights plugin in Microsoft Copilot for Security.
  2. Enter the following Jamf settings:
    • Instance URL (the URL of your Jamf Cloud instance)
    • ClientId
    • ClientSecret
    • TokenEndpoint (the URL of your Jamf Cloud instance, ending with /api/oauth/token)
    • Scopes: api-role:# (API scope number of the role you created in step 2 in the Jamf Pro API Client Setup)
    • AuthorizationContentType: application/x-www-form-urlencoded
Screenshot of Jamf plugin setting's screen

Discover how integrating Microsoft + Jamf provides a powerful security platform,

better safeguarding your environment with advanced automation and AI.