Skip to main content
Security Delivery Agents (SDAs) are AI-powered agents that handle incident response workflows autonomously. They can triage incoming incidents, investigate affected entities, select appropriate Gamebook response actions, and execute them — all without human intervention.

What SDAs Do

  • Triage — Evaluate incident severity and determine if response is needed
  • Investigate — Analyze affected entities using Entity Insights and context
  • Respond — Select and execute Gamebook response actions
  • Document — Log all decisions and actions for audit trail

Requirements

Organizational Admin + Workspace Owner roles
Agent Center deployed with Azure AI Foundry infrastructure
Workspace must have Gamebook service principals authorized

Three-Phase Adoption Model

SDAs are designed for gradual trust-building. See the Adoption Model for details on each phase:
  1. Manual — Agent suggests actions, human approves and executes
  2. Automatic — Agent executes based on severity thresholds
  3. Full Autonomous — Agent handles complete Gamebook execution without human intervention
For the full guide, see Configuring SDAs.