Important considerations for Microsoft Defender Experts for XDR

Applies to:

To realize the benefits of Microsoft Defender Experts for XDR, you and your security operations center (SOC) team must take note of the following considerations to ensure timely incident remediation, improve your organization's security posture, and protect your organization from threats.

  • Engage actively through the readiness assessment process – The readiness assessment when onboarding for Defender Experts for XDR is an integral part of the offering. Completing it successfully ensures prompt service coverage and protects your organization against known threats.
  • Act on managed responses in a timely manner – For any suspicious incidents and alerts, our experts provide a detailed investigation summary and managed responses for remediation. We expect your SOC team to act on these managed responses in a timely manner to prevent further impact from any malicious attempts.
  • Configure recommended settings and follow best practices to improve security posture – As part of our service, your service delivery manager and security analyst team share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.

Note about incident response

Defender Experts for XDR isn't an incident response (IR) service. While it augments your SOC team to triage, investigate, and remediate threats, Defender Experts for XDR won't be able to provide recovery and crisis management services if a major security incident has already occurred in your organization. You should engage instead with your own security IR provider to address urgent incident response issues.

If you don't have your own security IR team, Microsoft Incident Response can help mitigate a breach and recover your operations. If you're an existing unified or premier support customer, create a support request in the Microsoft Services Hub to engage with them. Otherwise, fill out the Experiencing a Cybersecurity Incident? form. We'll review the details and quickly call you with instructions to get started.

See also


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.