Microsoft Defender Experts for XDR

Applies to:


Microsoft Defender Experts for XDR is sold separately from other Microsoft Defender XDR products. If you're a Microsoft Defender XDR customer and are interested in purchasing Defender Experts for XDR, please contact your account manager.


Any incident response services offered by Defender Experts will be offered under the Defender Experts Service Terms.

Microsoft Defender Experts for XDR is a managed extended detection and response service that helps your security operations centers (SOCs) focus and accurately respond to incidents that matter. It provides extended detection and response for customers who use Microsoft Defender XDR services: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra ID.

Defender Experts for XDR augments your SOC by combining automation and Microsoft's security analyst expertise, helping you detect and respond to threats with confidence and improve your security posture. With deep product expertise powered by threat intelligence, we're uniquely positioned to help you:

  • Focus on incidents that matter - Our experts prioritize incidents and alerts that matter, alleviate alert fatigue, and drive SOC efficiency for your team
  • Manage response your way - Our experts provide detailed, step-by-step, actionable guidance to respond to incidents with the option to act on your behalf as needed
  • Access expertise when you need it - Extend your team's capacity with access to Defender Experts for assistance on an investigation
  • Stay ahead of emerging threats - Our experts proactively hunt for emerging threats in your environment, informed by unparalleled threat intelligence and visibility

In addition to the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft Defender XDR signals, you'll receive managed response from our security analysts and support from Microsoft's security-focused service delivery managers (SDMs). This service lets you enjoy the following capabilities:

  • Managed detection and response - Expert analysts manage your Microsoft Defender XDR incident queue and handle triage and investigation on your behalf; they partner with you and your team to take action or guide you to respond to incidents
  • Proactive threat hunting - Microsoft Defender Experts for Hunting is built in to extend your team's threat hunting capabilities and prioritize significant threats
  • Live dashboards and reports - Transparent view of our operations on your behalf and noise free, actionable view into what matters for you coupled with detailed analytics
  • Proactive check-ins for continuous security improvements - Periodic check-ins with your named service delivery team to guide your Defender Experts for XDR experience and improve your security posture

Next step

Before you begin


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.