What Changed

Added 6 new analytic rules and 2 hunting queries targeting Microsoft Security Copilot activity monitoring, plus a comprehensive workbook for visibility into AI assistant usage.

Detection Logic

Primary data source: CopilotActivity table

New Analytic Rules:

  • Copilot - File Uploads Disabled: Detects when file upload capabilities are disabled, potentially indicating attackers covering their tracks by disabling evidence collection mechanisms
  • Copilot - Jailbreak Attempt Detected: Identifies prompt injection attempts where users try to bypass Copilot security controls and guardrails
  • Copilot - Plugin Created by Non-Admin User: Flags non-administrative users creating plugins, which could establish persistence or inject malicious capabilities
  • Copilot - Plugin Tampering: Correlates enable/disable actions within 5-minute windows, indicating reconnaissance of security boundaries

Key Detection Patterns:

  • Jailbreak detection uses LLMEventData has “JailbreakDetected” with JSON parsing to extract the boolean flag
  • Plugin creation monitoring filters on ActorUserType != “Admin” for privilege boundary violations
  • External access detection excludes RFC 1918 private IP ranges to identify unauthorized location usage
  • File upload disabling tracks Property changes from “Enabled” to “Disabled” state

Entity Mappings: Account (ActorName) and IP (SrcIpAddr) across all rules for investigation pivoting

MITRE Mapping

  • T1078 (Valid Accounts): External IP access detection
  • T1087 (Account Discovery): Plugin tampering reconnaissance
  • T1098 (Account Manipulation): Non-admin plugin creation for persistence
  • T1110 (Brute Force): Jailbreak attempt correlation
  • T1546 (Event Triggered Execution): Plugin-based persistence mechanisms
  • T1562/T1562.001 (Impair Defenses): File upload disabling, plugin tampering to evade controls
  • T1565 (Data Manipulation): Jailbreak attempts targeting data integrity

Security Impact

These detections address critical AI security blind spots where traditional security tools lack visibility into LLM interactions. Organizations using Microsoft Security Copilot now have coverage for:

  • AI Abuse Scenarios: Jailbreak attempts represent a novel attack vector specific to AI assistants
  • Insider Threat Detection: Non-admin plugin creation and external access monitoring
  • Defense Evasion Coverage: File upload disabling and rapid plugin state changes indicate attacker operational security measures
  • Privilege Boundary Enforcement: Plugin creation restrictions prevent unauthorized capability expansion

The workbook provides operational dashboards for SOC teams to monitor AI assistant usage patterns and security events.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/CopilotActivity.json
Solutions/Microsoft Copilot/Analytic Rules/CopilotFileUploadsDisabled.yaml
Solutions/Microsoft Copilot/Analytic Rules/CopilotJailbreakAttempt.yaml
Solutions/Microsoft Copilot/Analytic Rules/CopilotPluginCreatedByNonAdmin.yaml
Solutions/Microsoft Copilot/Analytic Rules/CopilotPluginTampering.yaml
Solutions/Microsoft Copilot/Hunting Queries/CopilotExternalIPAccess.yaml
Solutions/Microsoft Copilot/Hunting Queries/CopilotPluginReEnabled.yaml
Solutions/Microsoft Copilot/Package/testParameters.json
Solutions/Microsoft Copilot/Workbooks/Images/Preview/MicrosoftCopilotActivityMonitoringWorkbookBlack.png
Solutions/Microsoft Copilot/Workbooks/Images/Preview/MicrosoftCopilotActivityMonitoringWorkbookWhite.png
Solutions/Microsoft Copilot/Workbooks/MicrosoftCopilotActivityMonitoring.json
Workbooks/Images/Logos/Copilot_logo.svg
Workbooks/Images/Preview/MicrosoftCopilotActivityMonitoringWorkbookBlack.png
Workbooks/Images/Preview/MicrosoftCopilotActivityMonitoringWorkbookWhite.png
Workbooks/MicrosoftCopilotActivityMonitoring.json
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.0.2.zip, ReleaseNotes.md, Solution_MicrosoftCopilot.json, createUiDefinition.json, mainTemplate.json)