Security operations
The Microsoft Managed Desktop Security Operations Center (SOC) partners with your information security staff to keep your desktop environment secure. Our team receives and responds to all security alerts on managed devices with expert analysis. When needed, we drive security incident response activities. For more information about working with the SOC, review operational documentation in your Admin portal.
The SOC offers 24/7/365 coverage from Microsoft full-time employees with expertise in the current and emerging threat landscape, including common attack methods through software, network, or human adversaries.
The SOC provides these services:
Service | Description |
---|---|
Quick and accurate response to detected events |
|
Device management and isolation actions |
|
Drive the security incident response | Ensure timely and accurate communication with your security team. |
Analysis and recommendations | Provide analysis and recommendations based on threat, and vulnerability data to identify and address risks before they're exploited. |
Advanced hunting | Across the managed devices to identify indicators and entities for both known and potential threats. |
Processes
Process | Description |
---|---|
Microsoft Managed Desktop Security Operations | Microsoft Managed Desktop Security Operations is staffed by full-time Microsoft employees in partnership with Microsoft's Cyber Defense Operations Center. |
SOC | Our SOC uses collective signals from across our company, both internal and external, to protect your devices—even from things we haven't yet seen in Microsoft Managed Desktop. |
Microsoft security solutions | Microsoft security solutions align to many cybersecurity protection standards. SOC operations are based on the National Institute of Standards and Technology Computer Security Incident Response Handling Guide (NIST 800-61 r2). The process allows for proper collection of information and evidence, for analysis and documentation and post-recovery insights into ways to better defend your environment through these phases:
|
Microsoft Threats Experts service | Microsoft Managed Desktop customers are eligible to enroll in the Microsoft Threat Experts service. The SOC liaises with this service to understand better the complex threats affecting your organization, including:
For more information, see Microsoft Threat Experts. |
SOC's Threat and Vulnerability Management | SOC's Threat and Vulnerability Management process uses some of Microsoft's services to help inform recommendations for your organization to protect against threats. The SOC consumes data from your Microsoft Defender for Endpoint Security Center and from relevant vulnerability data sources, within and outside of Microsoft, to discover vulnerabilities and misconfigurations to provide actionable reporting. |