Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Security Copilot agents are available in Microsoft Intune.
Available agents
Vulnerability Remediation Agent in Microsoft Intune
The Vulnerability Remediation Agent in Intune uses data from Microsoft Defender Vulnerability Management to identify the individual Common Vulnerabilities and Exposures (CVEs) and Windows vulnerabilities on your managed devices. The results are prioritized for remediation and include step-by-step instructions to guide you in using Intune to remediate the threat. Use of this Copilot Agent by your security team can help you reduce the time it takes to investigate, identify, and remediate threats from hours to only a few minutes.
Use of this Copilot Agent by your security team can reduce the time it takes to investigate, identify, and remediate threats from hours to only a few minutes.
| Attribute | Description |
|---|---|
| Identity | Runs as the user who first set up the agent and requires reauthentication after 90 days |
| Licenses | Microsoft Intune Plan 1 Microsoft Defender for Endpoint P2 or Defender Vulnerability Management Standalone |
| Permissions | Run hunting queries Read vulnerability data from Defender Read managed apps in Intune Read device configurations in Intune |
| Products | Security Copilot Microsoft Intune Microsoft Defender Vulnerability Management |
| Plugins | Intune Microsoft Defender |
| Role-based access | Microsoft Intune: Intune Read Only Operator Microsoft Defender XDR: - With Unified RBAC: Microsoft Entra ID Security Reader - With granular RBAC: A custom role with permissions equivalent to the Unified RBAC Security Reader |
| Trigger | Runs manually, on demand |