Microsoft Defender Experts for Hunting
Our proactive threat hunting process
Included capabilities

Threat hunting and analysis
Let Microsoft threat-hunting experts look deeper to expose advanced threats and correlate across the stack.

Experts on demand
Consult a Microsoft security expert about a specific incident, nation-state actor, or attack vector.

Targeted attack notifications
Receive incident notifications in Microsoft 365 Defender to help improve your security operations center (SOC) response.

Hunter-trained AI
Improve threat discovery and prioritization with automated tools trained by our security experts based on their learnings.

Reports
Receive an interactive experience showing what we hunted, our findings, and our recommendations.
This diagram describes how Microsoft hunts beyond endpoints and provides recommendations in a five-step process. Starting with formulating a hypothesis to explain data suggesting a potential threat, then finding context using artificial intelligence and observation. Then Microsoft hunts and collects more data to investigate and analyze the most critical threats. From there, Microsoft notifies customers of the findings with recommendations.