All Case StudiesAI / Enterprise Security

Security Copilots, Agents & DLP Analytics Engine

Building AI-powered security capabilities across Microsoft Purview

AI Principal Product Manager
2021 - 2025
Cross-functional (Engineering, Data Science, Design, Security Research)
16K+
Monthly Invocations
Copilot usage across security teams
30%
Faster Triage
Reduction in incident response time
50%
Cost Reduction
Manual process costs cut in half
20%
MoM Growth
Monthly Protected Users growth rate

Overview

Designed and delivered an AI layer on Microsoft's Security Platform - enabling Copilot for Security (CfS) skills, agents, and functions that give security practitioners AI-powered capabilities across data protection, compliance, insider risk, and threat management.

The Challenge

Enterprise security teams face an overwhelming volume of alerts, incidents, and compliance signals. Manual triage and investigation processes were slow, expensive, and didn't scale. Microsoft needed an AI-native approach to security operations that could augment human analysts across the entire security lifecycle.

Strategic Approach

The work spanned three interconnected workstreams that together position Microsoft as the only vendor delivering comprehensive, end-to-end AI integration across the security lifecycle:

  • Unified AI Platform Architecture - Grounded in competitive intelligence, designed a platform layer enabling AI capabilities across all Purview workloads
  • Horizontal CfS Skills - Built Copilot for Security skills to accelerate consumption across Purview and USX, making AI accessible to every security practitioner
  • Kendra (Deep Research Agent) - A security research agent for multi-day analytical tasks, enabling deep investigation beyond surface-level triage

GenAI Copilot & Agents for Purview

Spearheaded the development of GenAI-based Copilot and Agents for Microsoft Purview. These AI capabilities were designed to give security teams intelligent assistance in real-time - from summarizing incidents to recommending remediation actions. The system drove 16K+ monthly invocations and achieved 30% faster triage, fundamentally changing how security analysts work.

ML-Based DLP Analytics Engine

Launched an ML-based Data Loss Prevention Analytics Engine that surfaces sensitive data insights, identifies risk users, and detects policy anomalies. The engine's recommendations achieved 50%+ admin adoption, directly fueling 20% month-over-month growth in Monthly Protected Users - a key business metric for the platform.

Outcome & Impact

This initiative transformed Microsoft's security offering from reactive tooling to proactive AI-powered defense. The combination of Copilot skills, deep research agents, and ML-driven analytics created a flywheel: more AI usage leads to better models, which drives more adoption, which generates more value for customers.

Key Impact

  • 116K+ monthly Copilot invocations driving automated security triage
  • 230% faster incident triage across security teams
  • 350% reduction in manual process costs (USD 2M to USD 1M)
  • 450%+ admin adoption of ML-driven recommendations
  • 520% MoM growth in Monthly Protected Users (MPU)

Technologies

GenAICopilotMLDLPSecurityAzureEnterprise
Next Case Study

InclusiveMind - DEI Culture Index

Read Next