Frequently asked questions

Applies to:

  • Microsoft 365 Defender


Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Questions Answers
How is Microsoft Defender Experts for XDR different from Microsoft Defender Experts for Hunting? Microsoft Defender Experts for Hunting provides threat hunting service to proactively find threats. This service is meant for customers that have a robust security operations center and want that deep expertise in hunting to expose advanced threats. Microsoft Defender Experts for XDR provides end-to-end security operations capabilities to monitor, investigate, and respond to security alerts. This service is meant for customers with constrained security operations centers (SOCs) that are overburdened with alert volume, in need of skilled experts, or both. Defender Experts for XDR also includes the proactive threat hunting offered by Defender Experts for Hunting
What products does Defender Experts for XDR operate on? Refer to the Prerequisites section for details.
Is there a minimum criteria or size requirements to get Defender Experts for XDR? Not in preview. We'll evaluate and provide these requirements as part of our general availability.
Does Defender Experts for XDR replace my SOC team? No. Defender Experts for XDR is meant to augment your SOC team reducing their workload and collaborating with them to protect your organization from threat actors. But we don't replace your SOC team or their processes.
What actions can your experts take during incident investigation? Our expert analysts can take actions based on the roles granted to them in your Microsoft 365 Defender portal. If our analysts are granted a security reader role, they can investigate and provide guided response for your SOC team to act on. If our analysts are granted a security operator role, they can also take specific remediation actions agreed upon with your SOC team. Finally, if they're granted a security administrator role, they can take higher privilege actions like managing certain settings as agreed upon with you.
Can your experts help me improve my security posture? Yes, our experts will provide necessary guidance before and during the preview to improve your security posture.
Can Defender Experts for XDR help with an active compromise or vulnerability? No, Defender Experts currently don't provide incident response services. Contact your Microsoft representative to engage Microsoft Detection and Response Team (DART) for incident response assistance.
How can my organization participate in the Defender Experts for XDR preview? We're gradually expanding the preview to more customers. Contact your Microsoft representative to access the preview.
When will Defender Experts for XDR be generally available? We'll announce general availability dates closer to the launch date.