Security operations

The Microsoft Managed Desktop Security Operations Center (SOC) partners with your information security staff to keep your desktop environment secure. Our Service Engineering Team receives and responds to all security alerts on managed devices with expert analysis. When needed, we drive security incident response activities. For more information about working with the SOC, review operational documentation in your admin portal.

Our Security Operations Center (SOC) Team offers 24/7/365 coverage with expertise in the current and emerging threat landscape, including common attack methods through software, network, or human adversaries.

Our SOC team provides the following services:

Service	Description
Quick response to detected events	Respond to alerts received from Microsoft Managed Desktop devices Analyze event to identify the impact Assess the overall risk to a device or Microsoft Managed Desktop environment Determine if a security incident occurred
Drive the security incident response	Protect the Microsoft Managed Desktop environment from known or suspected compromises Reduce the compromise risk by preventing spread Ensure timely and accurate communication with your security team Provide analysis and recommendations based on events and risks
Advanced hunting	Provide analysis and recommendations based on events and risks Customized detections and alert suppression, across managed devices, are part of on-demand indicators and entities for both known and potential threats

Processes

Process	Description
Microsoft Managed Desktop Security Operations Center (SOC)	Microsoft Managed Desktop Security Operations is staffed by full-time Microsoft employees in partnership with Microsoft's Cyber Defense Operations Center. Our SOC uses collective signals from across our company, both internal and external, to protect your devices—even from things we haven't yet seen in Microsoft Managed Desktop.
Microsoft Managed Desktop security solutions	Microsoft security solutions align to many cybersecurity protection standards. SOC operations are based on the National Institute of Standards and Technology Computer Security Incident Response Handling Guide (NIST 800-61 r2). The process allows for: Proper collection of information and evidence Analysis and documentation Post-recovery insights to better defend your environment through the following phases: Preparation, detection, and analysis Containment Eradication Recovery Post-incident activity
Microsoft Defender Threat Experts Service	Microsoft Managed Desktop customers are eligible to enroll in the Microsoft Defender Experts - Endpoint Attack Notification service. The SOC Team liaises with this service to understand better the complex threats affecting the Microsoft Managed Desktop environment, including: Alert inquiries Potentially compromised devices Root cause of a suspicious network connection Other threat intelligence regarding ongoing advanced persistent threat campaigns. For more information, see Microsoft Threat Experts.