Manage Plugins in Microsoft Security Copilot

Implementation Effort: Medium — Admins must configure, approve, and govern plugin access, which requires a defined project effort.
User Impact: Low — All actions occur on the admin side; non‑privileged users do not need to take action.

Overview

Managing plugins in Microsoft Security Copilot allows administrators to control which external systems, security tools, threat‑intelligence sources, and internal data sources Copilot can access. Plugins extend Copilot’s ability to retrieve security context, execute actions, and connect to approved services. If plugins are not managed, the organization risks reduced Copilot effectiveness, inconsistent user experiences, or exposure of sensitive data to unapproved integrations.

This supports the Zero Trust principle of Verify Explicitly, because each plugin must be explicitly reviewed and authorized before use.

Admins can:

• Enable or disable Microsoft, third‑party, and custom plugins
• Review plugin permissions
• Manage Model Context Protocol (MCP) plugins
• Control which integrations are available across the organization

Reference

• Manage plugins in Microsoft Security Copilot
• Use plugins in Microsoft Security Copilot
• Plugins overview for Microsoft Security Copilot
• Model Context Protocol (MCP) plugins in Microsoft Security Copilot