This topic refers to "Guided Security operations" and opt-in feature soon to be available in Overe
Primary purpose and audience
Microsoft Security Copilot is primarily designed for security analysts and SOC teams. It is used to investigate and understand security incidents and attack patterns by summarising alerts, correlating signals, and answering analyst-driven questions across Microsoft security tools such as Defender, Entra, Sentinel, and Purview. Its core strength is accelerating investigation and response after an incident has occurred.
Overe applies AI to support day-to-day Microsoft 365 security operations across prevention, detection, and response. It is designed for MSPs and IT administrators who are responsible for maintaining secure configuration, monitoring risk, and responding to security events across one or many tenants, often without dedicated security analysts.
Prevention versus investigation
Security Copilot focuses on helping analysts reason about incidents, understand what happened, and frame an appropriate response.
Overe focuses on operational security across prevention, detection, and response. Through capabilities such as Guided Security Operations, Overe helps teams understand their tenant’s real configuration and policy state, prioritise the next best actions, and respond effectively to risk, while also reducing operational drift before incidents occur.
The goal is to make strong security practices sustainable over time, not just easier to investigate after the fact.
How AI is applied and controlled
Overe’s AI capabilities are opt-in, deterministic, and grounded in real tenant configuration and policy data. They do not act autonomously, do not train on customer data, and require human oversight and approval for sensitive or high-impact actions.
AI is used as an assistive layer to guide decisions across configuration, monitoring, and response, not replace human judgement or accountability.
Security Copilot is conversational and analyst-driven, responding to prompts and questions to assist investigation workflows rather than guiding ongoing configuration or posture management.
Accessibility and pricing model
Microsoft Security Copilot uses a consumption-based pricing model built around Security Compute Units, or SCUs. Organisations provision compute capacity and are billed based on usage, rather than a simple per-user licence. Included capacity depends on licences such as Microsoft 365 E5, with additional usage requiring explicit provisioning. This model can be harder to predict and budget for in MSP and mid-market environments.
Overe is designed to be more accessible and predictable for MSPs and mid-sized organisations. Its AI capabilities do not require specialist security analyst roles, premium enterprise licences, or consumption-based compute provisioning, making them easier to adopt and operate at scale.
Can they be used together?
They can, but for most organisations it isn’t necessary.
Microsoft Security Copilot requires E5 licensing which puts it out of reach for many organisations. It is primarily aimed at teams with dedicated security analysts who want a conversational, ad hoc way to explore complex investigations.
Overe is designed to run day-to-day Microsoft 365 security operations across prevention, detection, investigation, and response, using guided workflows grounded in each tenant’s real configuration, policies, and signals.
For MSPs and IT teams, this covers the practical operational work of securing Microsoft 365 in one place.