Merge pull request #54422 from MicrosoftDocs/NEW-configure-security-copilot-workspaces

Request push from release branch to main

Author: JamesJBarnett

learn-pr/wwl-sci/configure-security-copilot-workspaces/1-introduction.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.introduction
+metadata:
+  title: Introduction
+  description: Introduction to configuring workspaces for Microsoft Security Copilot
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Introduction
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/2-plan-workspace-deployment.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.plan-workspace-deployment
+metadata:
+  title: Plan a workspace deployment
+  description: Learn how to plan a Security Copilot workspace deployment by evaluating capacity, data residency, and role requirements.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Plan a workspace deployment
+durationInMinutes: 8
+content: |
+  [!include[](includes/2-plan-workspace-deployment.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/3-create-workspace.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.create-workspace
+metadata:
+  title: Create a Security Copilot workspace
+  description: Learn how to create a Security Copilot workspace with appropriate capacity, geo selection, and data sharing settings.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Create a Security Copilot workspace
+durationInMinutes: 7
+content: |
+  [!include[](includes/3-create-workspace.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/4-configure-workspace-access-settings.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.configure-workspace-access-settings
+metadata:
+  title: Configure workspace access and settings
+  description: Learn how to assign roles, manage permissions, and configure owner settings and plugins for Security Copilot workspaces.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Configure workspace access and settings
+durationInMinutes: 8
+content: |
+  [!include[](includes/4-configure-workspace-access-settings.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/5-assign-workspaces-integrated-agents.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.assign-workspaces-integrated-agents
+metadata:
+  title: Assign workspaces for integrated agents
+  description: Learn how to assign Security Copilot workspaces for integrated Microsoft Security agents and manage agent routing.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Assign workspaces for integrated agents
+durationInMinutes: 7
+content: |
+  [!include[](includes/5-assign-workspaces-integrated-agents.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/6-monitor-manage-workspace-capacity.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.monitor-manage-workspace-capacity
+metadata:
+  title: Monitor and manage workspace capacity
+  description: Learn how to monitor usage, adjust capacity, and manage Security Compute Units for Security Copilot workspaces.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Monitor and manage workspace capacity
+durationInMinutes: 7
+content: |
+  [!include[](includes/6-monitor-manage-workspace-capacity.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/7-knowledge-check.yml

@@ -0,0 +1,86 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.knowledge-check
+metadata:
+  title: Knowledge check
+  description: Check your knowledge of configuring workspaces for Microsoft Security Copilot.
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Knowledge check
+durationInMinutes: 3
+content: |
+  [!include[](includes/7-knowledge-check.md)]
+quiz:
+  title: Check your knowledge
+  questions:
+  - content: "Your organization needs to ensure that prompts and session data for the compliance team remain within the European Union for regulatory reasons. Which workspace configuration setting addresses this requirement?"
+    choices:
+    - content: "Prompt evaluation location"
+      isCorrect: false
+      explanation: "Incorrect. Prompt evaluation location determines where GPU resources process prompts, but data at rest is stored based on the data storage location setting."
+    - content: "Data storage location"
+      isCorrect: true
+      explanation: "Correct. The data storage location setting determines where Security Copilot stores session data at rest. For EU compliance, you select an EU geo during workspace creation. This setting is immutable after creation."
+    - content: "Data sharing preferences"
+      isCorrect: false
+      explanation: "Incorrect. Data sharing preferences control whether Microsoft can use data to improve the service, not where data is stored geographically."
+    - content: "Capacity resource group location"
+      isCorrect: false
+      explanation: "Incorrect. The Azure resource group location for capacity resources doesn't control where Security Copilot stores session data."
+  - content: "You need to assign the SOC team lead permissions to configure plugins and manage user access within the SOC workspace. Which Security Copilot role provides these capabilities?"
+    choices:
+    - content: "Contributor"
+      isCorrect: false
+      explanation: "Incorrect. Contributors can use Security Copilot features but can't configure workspace settings or manage access."
+    - content: "Security Administrator"
+      isCorrect: false
+      explanation: "Incorrect. While Security Administrators can perform some configuration tasks, workspace-specific permissions are managed through workspace roles."
+    - content: "Owner"
+      isCorrect: true
+      explanation: "Correct. The Owner role for a specific workspace enables configuration of plugins, promptbooks, role assignments, and other workspace settings. Owners can tailor the workspace to team needs."
+    - content: "Azure Contributor"
+      isCorrect: false
+      explanation: "Incorrect. Azure Contributor provides permissions for Azure resources like capacity but doesn't grant Security Copilot workspace management permissions."
+  - content: "Your organization sets 5 Security Compute Units (SCUs) for the sandbox workspace. During load testing, all SCUs are consumed and operations are throttled. You configured 3 overage units during creation. What happens next?"
+    choices:
+    - content: "Operations continue to be throttled until provisioned capacity is reduced below the limit"
+      isCorrect: false
+      explanation: "Incorrect. Overage units are designed to handle usage spikes beyond provisioned capacity."
+    - content: "Security Copilot automatically allocates up to 3 extra SCUs on-demand to handle the spike"
+      isCorrect: true
+      explanation: "Correct. Overage units provide extra Security Compute Units when available SCUs are depleted during usage spikes. You have 3 overage units configured. Security Copilot can allocate up to 3 more SCUs beyond the 5 provisioned units."
+    - content: "The workspace owner receives an alert but no extra capacity is made available"
+      isCorrect: false
+      explanation: "Incorrect. Overage units are automatically allocated when provisioned capacity is exhausted."
+    - content: "Users are automatically switched to the default workspace for continued operation"
+      isCorrect: false
+      explanation: "Incorrect. Workspaces operate independently. Overage units handle capacity spikes within the same workspace."
+  - content: "You assign the Defender XDR agent to the SOC workspace. What must you do before switching the agent assignment to a different workspace?"
+    choices:
+    - content: "Export all session history from the current workspace"
+      isCorrect: false
+      explanation: "Incorrect. While session history remains in the original workspace, exporting isn't a prerequisite for switching."
+    - content: "Turn off any scheduled or automatic agent triggers in the current workspace"
+      isCorrect: true
+      explanation: "Correct. Before switching workspace assignments for integrated agents, you must turn off scheduled or automatic agent triggers. After switching, you reconfigure agents in the new workspace. New agent setups can't access to previous workspace-specific data."
+    - content: "Increase the capacity allocation for the destination workspace"
+      isCorrect: false
+      explanation: "Incorrect. While ensuring adequate capacity is a good practice, it isn't a required prerequisite for switching agent workspace assignments."
+    - content: "Reassign all users from the source workspace to the destination workspace"
+      isCorrect: false
+      explanation: "Incorrect. User workspace access is managed independently from agent workspace assignments."
+  - content: "You update provisioned SCU capacity from 3 to 8 units for the compliance workspace. When does the new capacity take effect?"
+    choices:
+    - content: "Immediately upon saving the change"
+      isCorrect: false
+      explanation: "Incorrect. Capacity changes aren't instantaneous."
+    - content: "Within 30 minutes of the change"
+      isCorrect: true
+      explanation: "Correct. Capacity adjustments typically take effect within 30 minutes. Plan capacity changes in advance of anticipated usage spike to ensure availability."
+    - content: "At the start of the next billing cycle"
+      isCorrect: false
+      explanation: "Incorrect. Capacity changes take effect sooner than the next billing cycle."
+    - content: "After all users sign out and back in to the workspace"
+      isCorrect: false
+      explanation: "Incorrect. User sessions don't affect when capacity changes take effect."

learn-pr/wwl-sci/configure-security-copilot-workspaces/8-summary.yml

@@ -0,0 +1,13 @@
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-security-copilot-workspaces.summary
+metadata:
+  title: Summary
+  description: Summary of configuring workspaces for Microsoft Security Copilot
+  ms.date: 03/19/2026
+  author: r-c-stewart
+  ms.author: roberts
+  ms.topic: unit
+title: Summary
+durationInMinutes: 2
+content: |
+  [!include[](includes/8-summary.md)]

learn-pr/wwl-sci/configure-security-copilot-workspaces/includes/1-introduction.md

@@ -0,0 +1,23 @@
+Contoso is a global financial services company with a growing security organization. The Security Office recently invested in Microsoft Security Copilot to accelerate threat detection and response across the SOC team. As adoption grows, the compliance team wants access to Security Copilot but requires all data storage and processing to remain within the European Union for regulatory compliance. The security architecture team also needs a sandbox environment to test custom plugins and promptbooks before rolling them out organization-wide.
+
+You're the Cloud and AI Security Engineer responsible for segmenting Security Copilot usage across these three distinct environments. Each team has different requirements for capacity allocation, data residency, role-based access, and agent configuration. Your task is to plan and configure Security Copilot workspaces that meet these diverse needs while maintaining compliance, optimizing costs, and enabling secure collaboration.
+
+In this module, you learn how to plan workspace deployments by evaluating capacity and compliance requirements, create workspaces with appropriate Security Compute Unit (SCU) configurations. Then you learn to assign roles and configure workspace-level settings, route integrated agent traffic to specific workspaces, and monitor capacity usage across your workspace portfolio.
+
+## Learning objectives
+
+By the end of this module, you're able to:
+
+- Plan a workspace deployment by evaluating capacity, data residency, and role requirements
+- Create a Security Copilot workspace with appropriate SCUs, geo selection, and data sharing settings
+- Assign and manage roles and permissions within a workspace
+- Configure workspace-level owner settings and plugins
+- Assign workspaces for integrated Microsoft Security Copilot agents
+- Monitor and adjust workspace capacity usage
+
+## Prerequisites
+
+- Familiarity with Microsoft Security Copilot concepts and features
+- Understanding of Azure Role Based Access Control (RBAC) and Azure subscription management
+- Knowledge of Microsoft Entra role-based access control
+- Completion of [Describe the core features of Microsoft Security Copilot](/training/modules/security-copilot-describe-core-features/) is recommended