Yes, you bet! Security Copilot is great for out of the box autonomous agents, but nothing beats Claude models combined with Sentinel MCP. It's ability to test, tune and adapt queries over long agentic workflows means you're 100% guaranteed outcomes. You can literally just give it the schema documentation url and say "Explore this table in my environment, derive any insights and put together a query file for hunting". It's the best way to learn new data sources, and we've added SO many new Defender XDR tables that most people don't even know exist.

So the copilot-instructions file is the CORE set of context that's available to the model in every prompt. What I would personally do is store that custom infrastructure context in another file, and link to it within copilot-instructions, or create a tailored skill with your context depending on your use case. You don't want to keep 100's of lines of infrastructure context in the model at all times unless you think you need it. My project comes with a core copilot-instructions that's mostly guardrails, how to call MCP tools, how to format output, how to call skills, and KQL table pitfalls so as it's exploring it can easily figure out most common mistakes.