Announcing Microsoft Threat Experts

Update [8/3/2022]: We’re announcing the general availability of Microsoft Defender Experts for Hunting. Defender Experts for Hunting is for customers who have a robust security operations center but want Microsoft to help them proactively hunt for threats across Microsoft Defender data, including endpoints, Office 365, cloud applications, and identity. Learn more about how to apply, set up, and use the service.

We’re excited to introduce Microsoft Threat Experts, an additional layer of expertise and optics that Microsoft customers can utilize to augment security operations capabilities as part of Microsoft 365. This new managed threat hunting service in Microsoft Defender Advanced Threat Protection provides proactive hunting, prioritization, and additional context and insights that further empower security operations centers (SOCs) to identify and respond to threats quickly and accurately.

Microsoft Threat Experts enables SOCs to jump-start threat investigations by providing context-rich intelligence. This release of the service includes 2 capabilities:

1. Targeted attack notifications: Alerts that are tailored to organizations provide as much information as can be quickly delivered to bring attention to critical threats in their network, including the timeline, scope of breach, and the methods of intrusion.
2. Experts on demand: When a threat exceeds the SOC’s capability to investigate, or when more actionable information is needed, security experts provide technical consultation on relevant detections and adversaries. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.

Microsoft Threat Experts

With Microsoft Threat Experts, SOCs can further improve defenses by tapping into our world-class security analysts. These experts deeply understand the security landscape and attacker techniques, have intimate knowledge of operating systems, and know how to get the most out of Microsoft Defender ATP’s features and capabilities. Our experience in battling attackers across more than a billion devices worldwide, together with the artificial intelligence (AI) necessary to harness such unprecedented optics and scale, makes our expert team unique and unmatched in the industry.

The next sections describe the two components of this new service in more detail.

Targeted attack notifications

Microsoft Threat Experts provides proactive hunting for the most important threats, such as human adversary intrusions, hands-on-keyboard attacks, and advanced attacks like cyberespionage. The managed threat hunting service includes:

• Threat monitoring and analysis, reducing attacker dwell time and risk to business
• Hunter-trained AI to discover and prioritize both known and unknown attacks
• Identifying the most important risks, helping SOCs maximize time and energy
• Scope of compromise and as much context as can be quickly delivered to enable fast SOC response

Custom Threat Experts alert in Microsoft Defender Security Center

Experts on demand

Customers can partner with Microsoft security experts, who can be engaged directly from within Microsoft Defender Security Center, for timely and accurate response. Experts provide insights needed to better understand complex threats, from the latest zero-day exploit to the root cause of a suspicious network connection. Through Microsoft Threat Experts, customers can:

• Get additional clarification on alerts including root cause or scope of the incident
• Gain clarity into suspicious machine behavior and recommended next steps if faced with an advanced attacker
• Determine risk and protection regarding threat actors, campaigns, or emerging attacker techniques
• Seamlessly transition to Microsoft Incident Response (IR) services when necessary

Ask a Threat Expert button in Microsoft Defender Security Center

Partnership for improved security

In today’s climate of cybersecurity challenges, organizations must fend off relentless attacks even as they go through their journey of building and maturing their security capabilities. Through Microsoft Threat Experts, customers can partner with Microsoft throughout this journey to augment security operations capabilities to prevent, detect, and respond to threats. Customers and Microsoft can build upon each other’s expertise, intelligence, and insight through this partnership, forming stronger defense against adversaries.

To illustrate the depth of intelligence and the value of the service to customers’ security defenses and overall security posture, we published two case studies for Microsoft Threat Experts on (1) human adversary-based activities related to a zero-day vulnerability and (2) complex “living off the land” threats.

Microsoft Defender ATP customers can now apply for preview through the Microsoft Defender Security Center. We will contact customers via email to confirm their participation.

Here are useful references:

• View the targeted attack notification
• Configure email alert notification
• Ask a Microsoft threat expert about suspicious cybersecurity activities in your organization
• Sample questions to ask Microsoft Threat Experts

Not yet reaping the benefits of Microsoft Defender ATP’s industry-leading optics and detection capabilities? Sign up for free trial today.

Update (April 30, 2019): Microsoft Threat Experts reaches general availability

On April 30, 2019, we announced the general availability of Microsoft Threat Experts targeted attack notification capability.

Update (October 28, 2019): Experts on demand is generally available

On October 28, we announced the general availability of Experts on demand: Your direct line to Microsoft security insight, guidance, and expertise.

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft Defender ATP community.

Follow us on Twitter @MsftSecIntel.