Automation in the SOC has traditionally required deep expertise in workflows, APIs, and scripting. But with the new AI-powered playbook generation in Microsoft Sentinel, that paradigm is changing.

In this session, we’ll explore how to use natural language to generate fully functional, code-based playbooks—transforming how security teams design and deploy automation. Powered by Microsoft Security Copilot, the playbook generator enables you to describe your intent and automatically produce Python-based workflows, complete with documentation and visual flow diagrams.

We’ll go beyond the basics and dive into advanced scenarios, including integration with external systems, enrichment pipelines, and decision-driven automation. You’ll learn how to design effective prompts, validate generated logic, and operationalize playbooks at scale using automation rules.

By the end of this session, you’ll understand how to shift from manual SOAR engineering to AI-assisted automation design, while still maintaining control, governance, and reliability.