St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents
Lack of unified, real-time visibility is a roadblock to disrupting cyber attacks and responding to emerging threats promptly. When St. Luke's University Health Network faced these challenges, it launched a strategy to close visibility gaps by creating a unified security platform integrating Security Copilot agents with Microsoft Defender. This customer story shows how St. Luke's has benefited-including how it has reclaimed nearly 200 hours a month of phishing triage time. Read the customer story to explore how AI-powered Security Copilot agents can accelerate incident response and improve organizational outcomes.
How did Security Copilot help St. Luke’s save nearly 200 hours every month?
St. Luke’s University Health Network is saving close to 200 hours every month primarily by automating phishing alert triage with Security Copilot agents in Microsoft Defender.
Here’s how the time savings break down:
- **Phishing Triage Agent in Defender**: This agent autonomously handles and closes thousands of false positive phishing alerts each month.
- **From manual to automated triage**: Previously, analysts had to manually review large volumes of user‑reported suspicious emails, moving between multiple portals and tabs. Triage and understanding hundreds of alerts could take hours each day.
- **Now in minutes, not hours**: With Security Copilot, alerts are consolidated in one place and triage takes minutes. The Phishing Triage Agent uses language model–based analysis to understand the content and intent of emails and classify them as malicious or benign.
Because the agent explains its decisions in clear, plain text, the St. Luke’s team has built confidence in its accuracy and no longer needs to double‑check every incident. The result is:
- **~200 hours saved monthly** on phishing alert triage.
- Analysts shifting from **reactive triage** to **proactive threat hunting** and higher‑value work.
- Less time spent on repetitive tasks, which also supports analyst satisfaction and reduces burnout.
What role does Security Copilot play in unifying St. Luke’s security stack?
Before adopting Security Copilot, St. Luke’s had a strong but fragmented security stack that included Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Microsoft Purview, and other tools. The main gap was **unified, real‑time visibility** across these platforms.
Security Copilot acts as an **AI layer and connective tissue** across this environment by:
- **Consolidating views** of alerts, access controls, and vulnerabilities from multiple tools into a single, AI‑powered experience.
- **Correlating threats across workflows**, so analysts can see how signals from endpoints, email, identity, applications, and cloud workloads relate to each other.
- **Eliminating silos** between tools, which previously forced analysts to jump between multiple dashboards and tabs.
- **Embedding AI guidance into daily workflows**, providing context and recommendations directly where analysts work.
In practice, this means St. Luke’s can:
- Identify threats in **real time** instead of after the fact.
- Use Security Copilot’s insights to understand **where visibility gaps and weaknesses exist** in their environment.
- Support their security roadmap with data‑driven evidence about where to close those gaps.
St. Luke’s also uses several Security Copilot agents beyond phishing triage, including:
- **Conditional Access Optimization Agent** in Microsoft Entra.
- **Vulnerability Remediation Agent** in Microsoft Intune.
- **Alert Triage Agents** in Microsoft Purview DLP and IRM.
Together, these agents help St. Luke’s reimagine security operations as a more unified, AI‑first system that scales with thousands of endpoints, identities, and cloud workloads.
How does Security Copilot improve incident response and reporting at St. Luke’s?
Security Copilot has reshaped incident response and reporting at St. Luke’s by making investigations faster, more consistent, and easier to communicate across the organization.
Key improvements include:
1. **Faster triage and investigation**
- Before Security Copilot, triaging and understanding hundreds of alerts could take **hours each day**, with analysts digging through multiple portals.
- Now, Security Copilot brings relevant information into **one place**, and triage typically takes **minutes**.
- AI‑driven context and recommendations help analysts make quicker, data‑backed decisions.
2. **Clear, sequential incident reports**
- With more than **23,000 employees** and millions of patient records, St. Luke’s has strict compliance and reporting needs.
- Previously, creating an incident report by hand could take **hours**.
- Security Copilot in Defender now generates **clear, sequential incident reports in minutes**. The team can copy the report, add any needed context, and escalate to leadership or forensics with confidence.
3. **Better use of analyst time and reduced burnout**
- Routine, repetitive tasks like reviewing false positives and assembling reports are largely automated.
- Analysts can focus on **true threats, proactive threat hunting, and strategic improvements** instead of manual data gathering.
- This shift supports higher job satisfaction and helps reduce burnout.
Overall, Security Copilot helps St. Luke’s:
- Respond more quickly to real threats.
- Maintain a consistent, auditable incident history.
- Collaborate more effectively across the security team, since all incident information is centralized and easier to share.
St. Luke's saves nearly 200 hours monthly with AI-powered Security Copilot agents
published by Fidelitech Solutions Inc.
Experience Secure and Reliable SMART IT Solutions that works for you
At Fidelitech Solutions, we have been proudly serving as a Compliance and Managed IT Support and Advanced Security Services Provider since 2001. As a service-disabled veteran-owned and operated company based in Salt Lake City, Utah, we are committed to delivering top-notch solutions to our valued customers.
Our dedicated team includes courteous professionals, some with a background in the United States Marine Corps. With ongoing training in a wide range of standards and technologies, we have the expertise to provide confident and fast services. Rest assured, our solutions are reliable and secure, giving you the total peace of mind you deserve.
Choose Fidelitech Solutions for all your IT needs and sleep soundly, knowing you are secure with us.
Here’s why so many businesses depend on Fidelitech Solutions:
- Solid Performing: A partner that is dedicated, driven, and passionate about the success of your business! We are focused on providing Lightning-Fast response times resolving complex issues promptly. We have been in business over two-decades servicing smiling small businesses owners.
- Managed Services that reduce network, server, and desktop downtime through automation, SMART and secure tools, and knowledgeable professionals. We have a Proactive service philosophy enabling you and our technicians to live a higher quality lifestyle while not having to react to typical technology related fires. Be SMART not Reactive.
- Affordable Solutions: We enable you to reduce capital waste through SMART purchasing decisions, resourceful advisors, and technology solutions catered to your organization’s actual needs and requirements. 100% Satisfaction – Guaranteed. Our team will go the extra mile to ensure you are always completely satisfied with our service and support.
- Reliable and Cyber Security focused technology partner enabling your organization to strengthen security and protect your assets while maintaining compliance and standard’s requirements. Our team is trained and experienced in helping organizations plan, implement, and maintain a HIPAA, NIST, CMMC, PCI, and SOC compliancy.
- Technology Advisors with extensive experience providing organizations like yours with unique perspectives, advice, and solutions to their Information Technology, Cybersecurity, and Compliance needs. No Geek-Speak PLAIN ENGLISH answers to your questions. Our technicians will also not talk down to you or make you feel stupid because you don’t understand how all this “technology” works. That’s our job! Our custom service packages deliver what you need and want without overstepping the boundaries of your budget. From cloud services to data backup, Fidelitech Solutions is here to team up with you and your company for expert support.
Our custom service packages deliver what you need and want without overstepping the boundaries of your budget. From cloud services to data backup, Fidelitech Solutions is here to team up with you and your company for expert support.
Sign in with LinkedIn