St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents
Lack of unified, real-time visibility is a roadblock to disrupting cyber attacks and responding to emerging threats promptly. When St. Luke's University Health Network faced these challenges, it launched a strategy to close visibility gaps by creating a unified security platform integrating Security Copilot agents with Microsoft Defender. This customer story shows how St. Luke's has benefited-including how it has reclaimed nearly 200 hours a month of phishing triage time. Read the customer story to explore how AI-powered Security Copilot agents can accelerate incident response and improve organizational outcomes.
How did Security Copilot help St. Luke’s save nearly 200 hours every month?
St. Luke’s University Health Network is saving close to 200 hours every month primarily by automating phishing alert triage with Security Copilot agents in Microsoft Defender.
Here’s how the time savings break down:
- **Phishing Triage Agent in Defender**: This agent autonomously handles and closes thousands of false positive phishing alerts each month.
- **From manual to automated triage**: Previously, analysts had to manually review large volumes of user‑reported suspicious emails, moving between multiple portals and tabs. Triage and understanding hundreds of alerts could take hours each day.
- **Now in minutes, not hours**: With Security Copilot, alerts are consolidated in one place and triage takes minutes. The Phishing Triage Agent uses language model–based analysis to understand the content and intent of emails and classify them as malicious or benign.
Because the agent explains its decisions in clear, plain text, the St. Luke’s team has built confidence in its accuracy and no longer needs to double‑check every incident. The result is:
- **~200 hours saved monthly** on phishing alert triage.
- Analysts shifting from **reactive triage** to **proactive threat hunting** and higher‑value work.
- Less time spent on repetitive tasks, which also supports analyst satisfaction and reduces burnout.
What role does Security Copilot play in unifying St. Luke’s security stack?
Before adopting Security Copilot, St. Luke’s had a strong but fragmented security stack that included Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Microsoft Purview, and other tools. The main gap was **unified, real‑time visibility** across these platforms.
Security Copilot acts as an **AI layer and connective tissue** across this environment by:
- **Consolidating views** of alerts, access controls, and vulnerabilities from multiple tools into a single, AI‑powered experience.
- **Correlating threats across workflows**, so analysts can see how signals from endpoints, email, identity, applications, and cloud workloads relate to each other.
- **Eliminating silos** between tools, which previously forced analysts to jump between multiple dashboards and tabs.
- **Embedding AI guidance into daily workflows**, providing context and recommendations directly where analysts work.
In practice, this means St. Luke’s can:
- Identify threats in **real time** instead of after the fact.
- Use Security Copilot’s insights to understand **where visibility gaps and weaknesses exist** in their environment.
- Support their security roadmap with data‑driven evidence about where to close those gaps.
St. Luke’s also uses several Security Copilot agents beyond phishing triage, including:
- **Conditional Access Optimization Agent** in Microsoft Entra.
- **Vulnerability Remediation Agent** in Microsoft Intune.
- **Alert Triage Agents** in Microsoft Purview DLP and IRM.
Together, these agents help St. Luke’s reimagine security operations as a more unified, AI‑first system that scales with thousands of endpoints, identities, and cloud workloads.
How does Security Copilot improve incident response and reporting at St. Luke’s?
Security Copilot has reshaped incident response and reporting at St. Luke’s by making investigations faster, more consistent, and easier to communicate across the organization.
Key improvements include:
1. **Faster triage and investigation**
- Before Security Copilot, triaging and understanding hundreds of alerts could take **hours each day**, with analysts digging through multiple portals.
- Now, Security Copilot brings relevant information into **one place**, and triage typically takes **minutes**.
- AI‑driven context and recommendations help analysts make quicker, data‑backed decisions.
2. **Clear, sequential incident reports**
- With more than **23,000 employees** and millions of patient records, St. Luke’s has strict compliance and reporting needs.
- Previously, creating an incident report by hand could take **hours**.
- Security Copilot in Defender now generates **clear, sequential incident reports in minutes**. The team can copy the report, add any needed context, and escalate to leadership or forensics with confidence.
3. **Better use of analyst time and reduced burnout**
- Routine, repetitive tasks like reviewing false positives and assembling reports are largely automated.
- Analysts can focus on **true threats, proactive threat hunting, and strategic improvements** instead of manual data gathering.
- This shift supports higher job satisfaction and helps reduce burnout.
Overall, Security Copilot helps St. Luke’s:
- Respond more quickly to real threats.
- Maintain a consistent, auditable incident history.
- Collaborate more effectively across the security team, since all incident information is centralized and easier to share.
St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents
published by Innovative Technology Solutions
Could you imagine having someone to call the moment your network went down? How about the ability to recover a document from a previous saved state?
Even worse, you have to recover your entire file system because you have the crypt-o-wall virus. That’s what your MSP is all about. Innovative Technology Solutions, LLC provides Managed IT Services to small businesses in the Flint, MI area.
We are based out of Swartz Creek, MI and provide all of our clients with 24/7 emergency support and service. We also monitor your network 24/7 to prevent your emergency from happening. All of our clients receive full antivirus and back up services included with your contract. You also receive a network router that allows for simple VPN connections and remote monitoring tools.
We offer all potential clients a FREE Network Audit. Call us today or complete the form on this page to schedule your audit!
Innovative Technology Solutions, LLC began in 2007 as a small computer repair shop. It was always the vision of the company to provide high quality, professional services to small businesses at an affordable cost. We have spend the last 10 years learning from other managed service providers in the state. Innovative Technology Solutions has developed the best Managed IT program for your company.
Learn more here: https://www.youtube.com/watch?v=llXgF4GVc8c&feature=emb_err_watch_on_yt
.png "Innovative Technology Solutions")
Sign in with LinkedIn