St. Luke’s University Health Network used Security Copilot in Microsoft Defender as the connective layer across its existing security stack. Instead of treating alerts, access controls, and vulnerability data as separate streams, Security Copilot pulled them together into a single, AI-powered, agentic view. By consolidating this information, their security team could investigate issues faster, see relationships between events more clearly, and reduce the manual effort required to move between different tools. This helped them rethink how they manage day-to-day security operations and respond to potential threats.

St. Luke’s reports saving nearly **200 hours every month** by using AI-powered Security Copilot agents within Microsoft Defender. Those time savings come from: - Faster triage and investigation of security alerts - Reduced manual correlation of data across tools - A consolidated view of access controls and vulnerabilities that cuts down on repetitive work Freeing up roughly 200 hours monthly allows their security team to focus more on higher-value tasks, such as proactive threat hunting and strategic improvements to their security posture.

For St. Luke’s, Security Copilot in Microsoft Defender acts as an AI-powered, agentic layer that ties together data and workflows across their Microsoft security tools, including Microsoft Defender and Microsoft Sentinel. Instead of analysts jumping between separate consoles, Security Copilot provides a consolidated view of: - Security alerts from Defender - Access control information - Vulnerability data and related signals, including those surfaced in Sentinel This integrated approach helps organizations reimagine how their security stack works together—turning multiple tools into a more cohesive, AI-assisted environment that supports faster, more informed decision-making.