Microsoft publishes AI activity playbook for Copilot investigations

Microsoft’s new playbook treats AI activity like incident response work instead of policy theater. The document is for investigations involving Microsoft 365 Copilot and Azure AI services, including prompt injection attempts, unexpected data access, anomalous usage, credential exposure alerts, and agent-based activity. The operating model is scope, context, signal: identify who used the AI system, when it happened, which service was involved, what resources were touched, and whether the resulting pattern looks normal, unauthorized, or hostile.

That is the right shape. AI investigations do not become useful because someone labels them AI governance. They become useful when an analyst can reconstruct identity, time, authorization, resource access, and detection signals into a timeline that counsel, security, and compliance can all read without inventing missing steps. Microsoft says the playbook pulls from telemetry already available across Purview, Defender, and Sentinel, and includes schema references, KQL queries, and detection logic.

The vendor caveat matters. This is a practical guide if the organization already lives in Microsoft’s security stack, and a more limited reference model if it does not. For practitioners, the Monday work is straightforward: confirm the relevant Copilot and Azure AI logging is enabled, map which teams can see Purview, Defender, and Sentinel data, and test whether an AI interaction can actually be reconstructed before the first incident forces the question.