Expanded Microsoft Defender Experts for XDR preview

Applies to:


Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

The Microsoft Defender Experts for XDR (Defender Experts for XDR) preview is a managed detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft 365 Defender workloads: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Azure Active Directory (Azure AD).

Defender Experts for XDR augments your SOC by combining automation and Microsoft's security analyst expertise, helping you detect and respond to threats with confidence and improve your security posture. With deep product expertise powered by threat intelligence, we're uniquely positioned to help you:

  • Focus on incidents that matter - Our experts prioritize incidents and alerts that matter, alleviate alert fatigue, and drive SOC efficiency for your team
  • Manage response your way - Our experts provide detailed, step-by-step, actionable guidance to respond to incidents with the option to act on your behalf as needed
  • Access expertise when you need it - Extend your team's capacity with access to Defender Experts for assistance on an investigation
  • Stay ahead of emerging threats - Our experts proactively hunt for emerging threats in your environment, informed by unparalleled threat intelligence and visibility

In addition to the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft 365 Defender signals, as part of the preview, you'll receive guided response from our security analysts and support from Microsoft's security-focused service delivery managers (SDMs). In this preview, you can try the service for free and enjoy the following capabilities:

  • Managed detection and response - Expert analysts manage your Microsoft 365 Defender incident queue and handle triage and investigation on your behalf; they partner with you and your team to take action or guide you to respond to incidents
  • Proactive threat hunting - Microsoft Defender Experts for Hunting is built in to extend your team's threat hunting capabilities and prioritize significant threats
  • Live dashboards and reports - Transparent view of our operations on your behalf and noise free, actionable view into what matters for you coupled with detailed analytics
  • Proactive check-ins for continuous security improvements - Periodic check-ins with your named service delivery team to guide your Defender Experts for XDR experience and improve your security posture



The prerequisites specified in this section are currently applicable for preview.

To enable us to get started with this managed service, we require the following prerequisites:

  • Defender for Endpoint P2 must be licensed for devices and users in scope for the preview and Microsoft Defender Antivirus must be enabled in active mode on devices onboarded to Defender for Endpoint (required for endpoint detection and response capabilities)
  • Azure AD Premium P1 must be licensed for all users and enabled (required for enabling secure service provider access)

Aside from the requirements stated above, to get Defender Experts for XDR coverage for the following eligible products, you must have their appropriate product licenses:

  • Defender for Office 365 P2
  • Defender for Identity
  • Defender for Cloud Apps

This service is available worldwide for our customers in our commercial public clouds. We're gradually expanding the preview to more customers. If you're interested to learn more, reach out to your Microsoft account team.

Go to the next step

Get started