Security Copilot – Included for Microsoft 365 E5

March 8, 2026

Microsoft has now built Security Copilot directly into Microsoft 365 E5 for security teams. This means agents for Defender, Entra, Intune, and Purview are automatically available for eligible tenants—no setup, no Azure config, zero clicks.

Rollout started: 18 November 2025 for existing Security Copilot users with M365 E5.
Phased rollout: Continues over the next months for all M365 E5 tenants.
Notification: Eligible tenants get a 30-day advance warning before activation.

Why this matters: Security Copilot agents are now part of your daily workflow—think of them as built-in assistants that can help with alerts, phishing, access, compliance, and more.

Who Gets It?

All Microsoft 365 E5 customers automatically get Security Copilot.
No minimum user count—even small tenants are included.
MSPs managing E5 customers also get inclusion; no separate billing needed.
Customers without M365 E5 can still use Security Copilot, but under the old pricing model.

How It Works

Automatic Provisioning

Security Copilot is automatically added to your tenant.
No Azure setup or extra consent required.
Comes pre-configured with default settings, including:
- Customer data geography
- GPU processing location
- Data sharing off by default
- Default roles for Security Copilot owner and contributor

Just log in to the relevant Microsoft 365 product—Defender, Entra, Intune, Purview—or the Security Copilot standalone portal, and you’ll see the agents ready to use.

Compute & Capacity (SCUs)

Each M365 E5 customer gets 400 Security Compute Units (SCU) per 1,000 users/month, up to 10,000 SCUs.
SCUs are used every time Copilot processes queries or runs an agent.
SCUs reset monthly; they don’t roll over.

Example: