Get alert triage, incident analysis, and managed response, plus proactive recommendations around the clock—all with Defender Experts MDR.
This diagram describes how Microsoft conducts its four-step Defender Experts MDR process. It starts with triage and prioritizing Microsoft Defender incidents and alerts to alleviate alert fatigue. Microsoft then investigates and analyzes the most critical incidents first, documenting the process and findings. In the response step, Microsoft helps contain and mitigate incidents fast by delivering managed response and proactive remediation, with Defender Experts available on demand via live chat. Detailed recommendations and best practices are then provided to prevent future cyberattacks. This process delivers continuous security posture improvements around the clock.
VIDEO
Defend against evolving threats
See how Defender Experts stopped a ClickFix attack through early detection, threat intel, and expert-led response.
CUSTOMER STORIES
See how customers are benefiting from Defender Experts MDR
“We can make improvements to efficiency and response time because everything is designed to work together on Microsoft technology, and the people who support it are also Microsoft experts.”
Brad Klotzsche, Senior Adviser for Cyber Detect and Respond, Elanco
“I can’t overstate the peace of mind that Defender Experts MDR has brought us. We feel so much less overwhelmed knowing the school and the students are safe.”
Microsoft Defender Experts Hunting provides proactive threat hunting service to find threats. This service is meant for customers who have a robust security operations center (SOC) and want that deep expertise in hunting to expose advanced threats. Microsoft Defender Experts MDR provides end-to-end security operations capabilities to monitor, investigate, and respond to security alerts. This service is meant for customers with constrained SOCs that are overburdened with alert volume, in need of skilled experts, or both. Defender Experts MDR also includes the proactive threat hunting offered by Defender Experts Hunting.
Defender Experts MDR provides managed detection and response across any combination of the following Microsoft Defender products:
Defender for Endpoint
Defender for Office 365 P2
Defender for Identity
Defender for Cloud Apps
Microsoft Entra ID P2
Microsoft Defender for Cloud (with Defender Experts for Servers)
Microsoft expert analysts can take actions based on the roles granted to them in Microsoft Defender. These analysts can investigate and provide managed response for your SOC team to act on. They can also take specific remediation actions agreed upon with your SOC team.
Defender Experts MDR covers incidents categorized as High or Medium severity in Windows, Linux, and macOS devices. Incidents categorized as Compliance, Data Loss Prevention (DLP), or Custom Detections and those affecting internet of things (IoT), iOS, or Android devices are outside the service's scope.
Get started
Enhance your security with expert-led services
Help make your future more secure. Get started today.
Follow Microsoft Security