Devicie | Microsoft Security Copilot

Bring endpoint context into Microsoft Security Copilot

Devicie extends Microsoft Security Copilot with endpoint and device context, helping security and IT teams investigate faster, understand device state more clearly, and move from question to answer without switching between disconnected tools.

With Devicie, teams can use natural language prompts in Microsoft Security Copilot to surface practical endpoint insights, including installed applications, device details, local administrator visibility, warranty status, and patch currency across managed devices.

This helps reduce the time spent manually searching across systems and gives teams a clearer view of what is happening at the device level.

Why Devicie + Microsoft Security Copilot

Security and IT teams are often asked to answer operational questions during investigations:

  • What applications are installed on this device?

    Which devices are running a specific application version?

    Which devices have local administrator accounts?

    Is this endpoint current on feature and quality updates?

    Is this hardware still under warranty?

These questions are not side issues. They are often essential to understanding exposure, prioritizing response, and taking the right next action.

Microsoft Security Copilot helps teams investigate using natural language. Devicie brings endpoint context into that experience so teams can better understand device state, software exposure, privilege risk, patch posture, and hardware lifecycle context.

Together, Devicie and Microsoft Security Copilot help reduce the distance between question and answer, and between answer and action.

 

What the Devicie agent supports

Application inventory

Use Devicie to identify applications installed on a device by username or hostname, or to find devices running a specific application version.

This can help teams investigate software exposure, version drift, and the potential impact of known vulnerabilities.

Example prompts

“Show me the applications installed on device [device name].”
“List applications installed for user [username].”
“Find devices running [application name] version [version number].”

Device lookup

Search for a device by name, filter by operating system, and review recent device activity. Results may include details such as username, timestamp, operating system, and Intune device ID.

This helps security and IT teams ground investigations in the correct device context.

Example prompts

“Find device [device name].”
“Show me Windows devices active in the last 90 days.”
“Show me macOS devices associated with user [username].”

Local administrator visibility

Identify devices with local administrator accounts by device name or primary user.

This helps support investigations related to privilege, access, and endpoint risk.

Example prompts

“Show local administrators for device [device name].”
“List devices where [username] has local administrator access.”
“Find devices with local administrator accounts.”

Warranty visibility

Check warranty status for a specific device, identify expired warranties, or find devices with warranties expiring within a defined number of days.

This gives teams additional lifecycle context that can support operational planning, device refresh decisions, and risk management.

Example prompts

“Show warranty status for device [device name].”
“List devices with expired warranties.”
“Show devices with warranties expiring in the next 90 days.”

Patch currency

Check whether a device is current on feature and quality versions across Windows and macOS.

This helps teams understand patch posture without manually switching between systems.

Example prompts

“Show patch status for device [device name].”
“List devices not current on quality updates.”
“Show Windows devices behind on feature updates.”

How It Works

The Devicie agent connects Microsoft Security Copilot to Devicie endpoint intelligence. Once installed and configured, authorized users can ask natural language questions in Microsoft Security Copilot and receive device-level insights from Devicie.

The agent is designed to support investigation and analysis workflows by surfacing endpoint context directly inside the Microsoft Security Copilot experience.

 

1200x1200_MSFTSecurityCopilot

Requirements

To use Devicie with Microsoft Security Copilot, customers need:

✔️ A Devicie tenant with supported endpoint data available.

✔️ Access to Microsoft Security Copilot.

✔️ Appropriate permissions to install and configure agents in Microsoft Security Copilot.

✔️ Authorized access to the relevant Devicie environment and device data.

Installation and configuration

1. In Microsoft Security Copilot, open the plugin or agent management experience.

2. Locate the Devicie agent.

3. Add or enable the Devicie agent for your environment.

4. Configure the required connection settings for your Devicie tenant.

5. Confirm that the required permissions are granted.

6. Run a test prompt to validate that the agent can return endpoint context.

7. Review the returned results to confirm that the expected device, application, warranty, local administrator, or patch data is available.

Using the Devicie agent

Once configured, users can ask questions directly in Microsoft Security Copilot using natural language.

For best results, include specific identifiers when available, such as:

  • Device name

  • Username

  • Hostname

  • Operating system

  • Application name

  • Application version

  • Warranty expiration window

  • Patch or update type

Example:

“Find devices running [application name] version [version number].”

The Devicie agent will use the provided parameters to return relevant endpoint information from Devicie.

Estimated SCU consumption

Microsoft Security Copilot usage may consume Security Compute Units, or SCUs. Actual SCU consumption can vary based on the prompt, investigation complexity, number of results returned, and how often the Devicie agent is used.

As a general planning estimate, each Devicie agent run should be treated as consuming approximately >0.1 SCUs per run.

Customers should monitor Security Copilot usage in their Microsoft environment to understand actual consumption over time.

Human judgment remains essential

Devicie helps surface endpoint context faster, but the results should be reviewed by qualified IT and security professionals before decisions are made or actions are taken.

The goal is not to remove human judgment. It is to help teams access the right context faster so they can make better decisions with less manual effort.

Better together, by design

Microsoft Security Copilot brings a natural language experience to security workflows. Devicie brings endpoint context that helps make those investigations more actionable in practice.

Together, they support a simpler, more connected model for device management and security operations: one where teams can access the information they need faster, understand device risk more clearly, and move with greater confidence.

Frequently Asked Questions

What is Devicie for Microsoft Security Copilot?

Devicie for Microsoft Security Copilot is an agent that brings endpoint and device context from Devicie into the Microsoft Security Copilot experience. It allows authorized users to ask natural language questions about managed devices, installed applications, local administrator access, warranty status, and patch currency.

What does Devicie add to Microsoft Security Copilot?

Devicie adds endpoint-specific operational context to Microsoft Security Copilot. This includes application inventory, device lookup, local administrator visibility, warranty information, and patch status across supported Windows and macOS devices. These are the core capabilities outlined in the existing Devicie + Microsoft Security Copilot blog draft.

How does Devicie help security teams use Microsoft Security Copilot?

Devicie helps security teams investigate endpoint-related questions faster by surfacing device context directly inside Microsoft Security Copilot. Instead of manually checking multiple tools, teams can ask questions in natural language and receive relevant device-level information to support investigation and response.

What kinds of questions can I ask the Devicie agent in Microsoft Security Copilot?

Users can ask questions such as:

“Which devices are running this application version?”
“Show me the applications installed on this device.”
“Which devices have local administrator accounts?”
“Is this endpoint current on quality updates?”
“Which devices have warranties expiring in the next 90 days?”

Can Devicie show application inventory in Microsoft Security Copilot?

Yes. Devicie can help users list applications installed on a device by username or hostname, or identify devices running a specific application version. This can support investigations related to software exposure, version drift, and vulnerability impact.

Can Devicie help identify devices with local administrator accounts?

Yes. Devicie can help identify devices with local administrator accounts based on device name or primary user. This gives IT and security teams additional context when investigating privilege, access, and endpoint risk.

Can Devicie show device warranty information in Microsoft Security Copilot?

Yes. Devicie can help users check the warranty status of a specific device, identify expired warranties, or find devices with warranties expiring within a defined period. This adds hardware lifecycle context to security and operational investigations.

Can Devicie show patch status in Microsoft Security Copilot?

Yes. Devicie can help users check whether devices are current on feature and quality versions across Windows and macOS. This helps teams understand patch posture without switching between multiple systems.

Does Devicie replace Microsoft Intune or Microsoft Security Copilot?

No. Devicie works with Microsoft technologies to extend endpoint visibility, automation, and operational context. Microsoft Security Copilot provides the natural language investigation experience, while Devicie contributes device-level intelligence that helps make those investigations more actionable.

Who should use Devicie with Microsoft Security Copilot?

Devicie with Microsoft Security Copilot is designed for security teams, IT teams, endpoint administrators, and operations teams that need faster access to device context during investigations. It is especially useful for teams managing complex endpoint environments where device state, application posture, patch currency, and access risk matter.

What are the requirements to use Devicie with Microsoft Security Copilot?

Customers need a Devicie tenant, access to Microsoft Security Copilot, appropriate permissions to install and configure agents, and authorized access to relevant endpoint data. Microsoft’s certification feedback also requires the marketing page to include an overview of agent functionality and instructions for how to install, configure, and use the agent.

Does the Devicie agent consume Microsoft Security Copilot SCUs?

Yes, use of Microsoft Security Copilot may consume Security Compute Units, or SCUs. Actual consumption can vary depending on the prompt, the investigation, the amount of data returned, and how often the agent is used. Microsoft specifically requested that Devicie include an estimated SCU consumption statement as part of the plan overview.

Does Devicie take action automatically through Microsoft Security Copilot?

Devicie is designed to surface endpoint context that helps teams investigate and make informed decisions. Any results should be reviewed by qualified IT and security professionals before decisions are made or actions are taken.

Why does endpoint context matter in Microsoft Security Copilot?

Endpoint context helps teams understand what is actually happening at the device level. During an investigation, details like installed applications, patch status, local administrator access, warranty status, and device identity can help teams move faster from detection to decision.

How does Devicie support the future of AI-powered device management?

Devicie supports a more connected model for device management by making endpoint context easier to access through natural language experiences like Microsoft Security Copilot. This helps reduce manual lookups, disconnected workflows, and the operational drag that often slows down security and IT teams.

Bring Endpoint Context Into Your AI-Powered Security Workflow

With Devicie and Microsoft Security Copilot, teams can ask practical endpoint questions in natural language and surface device context faster, including application inventory, local administrator visibility, warranty status, and patch currency.

Get Started with Devicie:

Discover More About Microsoft Security Copilot: