St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents | Microsoft Customer Stories
Security teams often struggle with a lack of unified visibility across their tools, which delays the detection and neutralization of threats. St. Luke's addressed this challenge by implementing Microsoft Security Copilot to integrate its security stack. This integration drastically reduced the time spent on phishing triage, saving the organization nearly 200 hours every month. Read the full story to learn how they achieved these results.
How did St. Luke’s use Security Copilot to unify its security operations?
St. Luke’s University Health Network used Microsoft Security Copilot as an AI layer across its existing Microsoft security stack to unify operations and gain real-time visibility.
Before Security Copilot, the team relied on strong but disconnected tools, including Microsoft Defender, Microsoft Sentinel, Microsoft Entra, and Microsoft Purview. Analysts had to move between multiple portals and dashboards to understand what was happening, which slowed investigations and made it harder to see how individual alerts were related.
Security Copilot in Microsoft Defender became the “connective tissue” across these platforms. It:
- Consolidates alerts, access controls, and vulnerability data into a single, AI-powered view.
- Correlates signals from endpoints, email, identity, applications, and cloud workloads.
- Surfaces insights in real time so analysts can anticipate and disrupt attacks earlier in the chain.
By embedding AI-driven guidance directly into daily workflows, St. Luke’s reimagined how its Security Operations Center (SOC) works. Analysts now:
- See cross-platform threats in one place instead of jumping between tools.
- Use AI-generated context and recommendations to make faster, data-driven decisions.
- Identify gaps and weaknesses in coverage, then use that information to shape security roadmaps and strategies.
In short, Security Copilot helped St. Luke’s move from a set of siloed tools to a more unified, AI-first security posture that supports both day-to-day operations and long-term planning.
What measurable impact did the Phishing Triage Agent have at St. Luke’s?
The Phishing Triage Agent in Microsoft Defender delivered clear, measurable impact for St. Luke’s, particularly around efficiency and analyst focus.
Key results:
- Nearly **200 hours saved every month** on phishing alert triage.
- Thousands of **false positive alerts** are now handled and closed autonomously.
- Triage work that previously took **hours per day** now takes **minutes**, because everything is consolidated in one place.
How it works in practice:
- The agent uses advanced language model–based analysis to understand the content and intent of user-reported emails.
- It classifies submissions as genuine phishing attempts or false alarms and provides plain-text explanations for its decisions.
- Over time, the St. Luke’s team gained confidence in the accuracy of these classifications and no longer needs to double-check every incident.
Business and team impact:
- SOC analysts have shifted from **reactive triage** to **proactive threat hunting**, focusing on real threats instead of routine noise.
- The reduction in repetitive work supports **analyst satisfaction** and helps reduce burnout.
- The agent effectively acts as a 24/7 digital team member, doing the heavy lifting so human analysts can apply their expertise where it matters most.
For a large healthcare network with 15 campuses, 300 outpatient sites, and more than 2.5 petabytes of data and patient records in motion, these time savings and focus gains are significant. They help St. Luke’s protect patient care operations while managing a high volume of phishing attempts, which the organization identifies as its biggest attack vector.
How does Security Copilot improve incident response and reporting for St. Luke’s?
Security Copilot has helped St. Luke’s streamline incident response and reporting by embedding AI into the tools analysts already use and automating time-consuming steps.
Faster triage and investigation:
- Before Security Copilot, analysts spent **hours** each day triaging and understanding hundreds of alerts, often digging through multiple portals and tabs.
- With Security Copilot, alerts and related context are consolidated, so triage now takes **minutes** instead of hours.
- AI-generated summaries and correlations help analysts quickly see how alerts are connected and what to prioritize.
More efficient incident reporting:
- St. Luke’s has more than **23,000 employees** and manages millions of patient records, so compliance and clear documentation are critical.
- Previously, creating a detailed incident report by hand could take **hours**.
- With Security Copilot in Defender, the team can generate clear, sequential incident reports in **minutes**. Analysts then add any needed context and escalate to leadership or forensics with confidence.
Operational and collaboration benefits:
- Routine, repetitive tasks are automated, allowing analysts to focus on higher-value work such as threat hunting and strategic improvements.
- All relevant incident information is available in one location, which improves collaboration across the security team and reduces the need to switch between tools.
- By highlighting where visibility is limited or where gaps exist, Security Copilot supports ongoing improvements to St. Luke’s security roadmap.
Overall, Security Copilot helps St. Luke’s rethink incident response from a manual, fragmented process to a more integrated, AI-assisted workflow that supports both operational efficiency and regulatory requirements in a complex healthcare environment.
St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents | Microsoft Customer Stories
published by Fidelitech Solutions Inc.
Experience Secure and Reliable SMART IT Solutions that works for you
At Fidelitech Solutions, we have been proudly serving as a Compliance and Managed IT Support and Advanced Security Services Provider since 2001. As a service-disabled veteran-owned and operated company based in Salt Lake City, Utah, we are committed to delivering top-notch solutions to our valued customers.
Our dedicated team includes courteous professionals, some with a background in the United States Marine Corps. With ongoing training in a wide range of standards and technologies, we have the expertise to provide confident and fast services. Rest assured, our solutions are reliable and secure, giving you the total peace of mind you deserve.
Choose Fidelitech Solutions for all your IT needs and sleep soundly, knowing you are secure with us.
Here’s why so many businesses depend on Fidelitech Solutions:
- Solid Performing: A partner that is dedicated, driven, and passionate about the success of your business! We are focused on providing Lightning-Fast response times resolving complex issues promptly. We have been in business over two-decades servicing smiling small businesses owners.
- Managed Services that reduce network, server, and desktop downtime through automation, SMART and secure tools, and knowledgeable professionals. We have a Proactive service philosophy enabling you and our technicians to live a higher quality lifestyle while not having to react to typical technology related fires. Be SMART not Reactive.
- Affordable Solutions: We enable you to reduce capital waste through SMART purchasing decisions, resourceful advisors, and technology solutions catered to your organization’s actual needs and requirements. 100% Satisfaction – Guaranteed. Our team will go the extra mile to ensure you are always completely satisfied with our service and support.
- Reliable and Cyber Security focused technology partner enabling your organization to strengthen security and protect your assets while maintaining compliance and standard’s requirements. Our team is trained and experienced in helping organizations plan, implement, and maintain a HIPAA, NIST, CMMC, PCI, and SOC compliancy.
- Technology Advisors with extensive experience providing organizations like yours with unique perspectives, advice, and solutions to their Information Technology, Cybersecurity, and Compliance needs. No Geek-Speak PLAIN ENGLISH answers to your questions. Our technicians will also not talk down to you or make you feel stupid because you don’t understand how all this “technology” works. That’s our job! Our custom service packages deliver what you need and want without overstepping the boundaries of your budget. From cloud services to data backup, Fidelitech Solutions is here to team up with you and your company for expert support.
Our custom service packages deliver what you need and want without overstepping the boundaries of your budget. From cloud services to data backup, Fidelitech Solutions is here to team up with you and your company for expert support.
Sign in with LinkedIn