About SOC service

Nepali Sandhya 260 Reputation points

I want to Know what SOC exactly is?

Is it a part of Microsoft 365 ?

IS it a Group of member or Feature?

Where can I find it in M365 tenant?

Can It still be available in Business Premium Subscription?

IS it a cost service?

Please help me to know about SOC

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,738 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
148 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,395 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 27,486 Reputation points Microsoft Employee

    @Nepali Sandhya SOC is a process framework, its not part of Business Premium Subscription license. A security operations center (SOC) is a centralized function within an organization that integrates people, processes, and technology. A SOC implements the organization's overall cybersecurity framework. The SOC collaborates the organizational efforts to monitor, alert, prevent, detect, analyze, and respond to cybersecurity incidents. SOC teams, led by a SOC manager, may include incident responders, SOC analysts at levels 1, 2, and 3, threat hunters, and incident response managers.

    SOC teams use telemetry from across the organization's IT infrastructure, including networks, devices, applications, behaviors, appliances, and information stores. The teams then co-relate and analyze the data, to determine how to manage the data and which actions to take.

    As a Security Operations Center (SOC) manager, you need to have overall efficiency metrics and measures at your fingertips to gauge the performance of your team. You'll want to see incident operations over time by many different criteria, like severity, MITRE tactics, mean time to triage, mean time to resolve, and more. Microsoft Sentinel now makes this data available to you with the new SecurityIncident table and schema in Log Analytics and the accompanying Security operations efficiency workbook. You'll be able to visualize your team's performance over time and use this insight to improve efficiency. You can also write and use your own KQL queries against the incident table to create customized workbooks that fit your specific auditing needs and KPIs.

    Commonly used Microsoft Sentinel workbooks

    Overview of the SOC process framework



    Let me know if you have any further questions, feel free to post back.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. PauloMatos 170 Reputation points


    A SOC is the people, processes, and tools responsible for defending an organization from cyberattacks.

    I think this link have the information you need:


    I hope it helps

    Paulo Matos

    0 comments No comments

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  3. PauloMatos 170 Reputation points

    About pricing of SOC

    you can find some additional information on:

    Microsoft Defender for Cloud pricing


    I hope it helps

    Paulo Matos

    0 comments No comments