Unable to Setup Copilot for Security – Can’t get account information

Starting a setup of Copilot for Security in a demo tenant led to an interesting issue where the expected bootstrap process was not launched.  As an eligible administrator, when you navigate to https://securitycopilot.microsoft.com  you will either access the previously deployed Copilot for Security (CfS) instance or be prompted to create it.  This assumes that you are logged on as either a Global Admin or Security Admin, or setup was completed and you were assigned a role via a different Entra ID group.


Starting Environment

This is a vanilla Entra ID tenant, and you will note that there are no Microsoft Copilot for Security Compute Capacities initially present.  This is the expected behaviour as CfS has not been deployed in this tenant.

No Microsoft Copilot for Security Compute Capacities Present

All good so far.

When accessing the standalone experience at https://securitycopilot.microsoft.com  things go slightly squirrley. We get a nice black screen with an error that states:

Can't get account information

Copilot for Security Setup Error - Can't get account information

The tenant ID is redacted on purpose.

OK - plan B then. Go straight to the setup URL.


Trying CfS Setup URL

Plan B was an attempt to bypass the initial page by going directly to the setup URL.  It was also not sucessful.  In the image below note that the setup prompt URL was pasted directly into the browser.  The URL is:


Issue Remains - Copilot for Security Setup Error - Can't get account information

No change.

What’s up with this account?  Why is this not working with the direct setup URL.  Time to review the account.

Starting GA Account

Note that there is a single Global Admin account in the tenant.  The details for the GA are shown below.  Some details are redacted - hence the extra bits of white space.

Initial GA - External Account

For example certain parts of the UPN are redacted.  What is important though is that the account is external - you can see the #EXT as part of the UPN.

This started to make more sense as this a guest account, and not directly a member of the tenant.  This was due to how the tenant was originally provisioned.

Let's create a new GA account that is part of the tenant.

New GA Account

Created a new GA account. After completing the first sign-in and registering for MFA let’s navigate to the CfS page at:


Now we have success.  The URL automatically changed to the aforementioned setup prompt.  This is shown in the image below:

Now Able To Initiate Copilot for Security Setup

Now we can use the setup prompt to get ourselves started!




Note that partner access to a CfS instance is supported through multiple mechanisms.  At the time of writing there are two.  This is documented here:

Grant partners access to Microsoft Copilot for Security

If you're working with a Microsoft Managed Security Solution Provider (MSSP), you can grant them access to your Microsoft Copilot for Security capabilities. When you grant an MSSP access, they're able to sign in and use Copilot for Security just like your security team.

There are two ways to allow a partner to manage your Microsoft Copilot for Security.

  1. GDAP
    Approve your partner to gain Security Copilot permissions for your tenant. They assign a security group the permissions needed using Granular Delegated Admin Privileges (GDAP).
  2. B2B collaboration
    Set up guest accounts for individuals from your MSSP to log into your tenant.

There are tradeoffs for both methods. Use the following table to help decide which method is best for your organization. It's possible to mix both methods for an overall partner strategy.



Rhoderick Milne [MSFT]

Leave a Reply

Your email address will not be published. Required fields are marked *