Skip to main content
Microsoft Security

Microsoft Incident Response

Your first call before, during, and after a cybersecurity incident.

Announcing the Microsoft Incident Response Retainer

The Microsoft Incident Response Retainer is now generally available. This service provides prepaid blocks of hours for highly specialized incident response services before, during, and after a cybersecurity crisis.

Intelligence-driven incident response

Strengthen your security with an end-to-end portfolio of proactive and reactive incident response services.

Global scale

Rely upon global incident response all day, every day, with options for onsite and remote assistance.


Take advantage of the depth and breadth of Microsoft Threat Intelligence and unique access to product engineering.


Benefit from longstanding Microsoft partnerships with government agencies and global security organizations.

Included services

Dedicated experts work with you before, during, and after a cybersecurity incident.

Proactive incident response services

  • Compromise Assessment

    Receive a point-in-time, deep analysis of your environment, including proactive investigation for persistent threats and security risks.

Reactive incident response services

  • Incident Response

    Get global investigation and guidance—all day, every day—to help evaluate incident scope, contain attacks, and restore critical systems, with options for onsite and remote.

  • Compromise Recovery

    Remove attacker control from an environment, regain administrative control after a cybersecurity incident, and tactically harden high-impact controls to help prevent future incidents.

Incident Response Retainer

  • Retain Microsoft expertise to respond and recover fast

    Get peace of mind with the Incident Response Retainer, which provides flexible prepaid hours to help you prepare for and respond to cybersecurity attacks.

Experiencing a cybersecurity attack?

If you’re an enterprise, government, nonprofit, or education customer—new or existing—Microsoft can help evict bad actors from your environment and repair your defenses.

Existing Unified or Premier Support customers can get incident response support through Services Hub.
A person leaning over a coworker at their desk looking at a desktop monitor
Two people sitting at a desk looking at a laptop connected to two desktop monitors

Learn how Microsoft Incident Response helped secure Albania

Dive into this story and panel discussion about the nation-state sponsored attack on Albania and how Incident Response helped evict them and build back the country’s defenses.

Additional resources

Microsoft Security best practices

Get clear, actionable guidance for security-related decisions.

The Cyberattack Series

Go behind the scenes for an inside look at real-life cyberattack investigations in The Cyberattack Series.

Microsoft Security Experts Roundtable

Discover new vulnerabilities and learn from industry experts about critical security issues.

Get incident response services from experts

Let Microsoft Incident Response help before, during, and after a cybersecurity incident by removing bad actors, building resilience, and mending your defenses. Contact your Microsoft account executive to learn more.

Follow Microsoft