General information on Defender Experts for XDR service

Applies to:

Questions Answers
How is Microsoft Defender Experts for XDR different from Microsoft Defender Experts for Hunting? Microsoft Defender Experts for Hunting provides proactive threat hunting service to proactively find threats. This service is meant for customers that have a robust security operations center and want that deep expertise in hunting to expose advanced threats. Microsoft Defender Experts for XDR provides end-to-end security operations capabilities to monitor, investigate, and respond to security alerts. This service is meant for customers with constrained security operations centers (SOCs) that are overburdened with alert volume, in need of skilled experts, or both. Defender Experts for XDR also includes the proactive threat hunting offered by Defender Experts for Hunting
Does Defender Experts for XDR require Microsoft Sentinel? No. Defender Experts can use Microsoft Defender XDR data in customers' original locations for each Microsoft Defender XDR product deployed.
What products does Defender Experts for XDR operate on? Refer to the Before you begin for details.
Does Defender Experts for XDR replace my SOC team? Defender Experts for XDR currently provide coverage for Microsoft Defender XDR incidents. It's the ideal way to augment your SOC team, reduce their workload, and collaborate with them to protect your organization from activity groups.
What actions can your experts take during incident investigation? Our expert analysts can take actions based on the roles granted to them in your Microsoft Defender portal. If our analysts are granted a security reader role, they can investigate and provide managed response for your SOC team to act on. If our analysts are granted a security operator role, they can also take specific remediation actions agreed upon with your SOC team.
What types of incidents can your experts investigate? Defender Experts for XDR covers incidents categorized as High or Medium severity in Windows, Linux, and macOS devices. Incidents categorized as Compliance, Data Loss Prevention (DLP), or Custom Detections and those affecting internet of things (IoT), iOS, or Android devices are outside the service's scope.
Can your experts help me improve my security posture? Yes, our experts provide necessary guidance regularly to improve your security posture.
Can Defender Experts for XDR help with an active compromise or vulnerability? No, Defender Experts currently don't provide incident response services. Contact your Microsoft representative or fill out the Experiencing a Cybersecurity Incident? form to engage Microsoft Incident Response for incident response assistance.
How can my organization participate in the Defender Experts for XDR service? Contact your Microsoft representative to express interest in Defender Experts for XDR.

See also

How Microsoft Defender Experts for XDR permissions work

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.