You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/additional-information-xdr.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ ms.custom:
19
19
- cx-ti
20
20
- cx-dex
21
21
search.appverid: met150
22
-
ms.date: 10/30/2024
22
+
ms.date: 03/05/2025
23
23
appliesto:
24
24
- Microsoft Defender XDR
25
25
---
@@ -34,7 +34,7 @@ To realize the benefits of Microsoft Defender Experts for XDR, you and your secu
34
34
35
35
-**Engage actively through the readiness assessment process** – The [readiness assessment](get-started-xdr.md#prepare-your-environment-for-the-defender-experts-service) when onboarding for Defender Experts for XDR is an integral part of the offering. Completing it successfully ensures prompt service coverage and protects your organization against known threats.
36
36
-**Act on managed responses in a timely manner** – For any suspicious incidents and alerts, our experts provide a detailed investigation summary and managed responses for remediation. We expect your SOC team to act on these managed responses in a timely manner to prevent further impact from any malicious attempts.
37
-
-**Configure recommended settings and follow best practices to improve security posture** – As part of our service, your service delivery manager and security analyst team share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
37
+
-**Configure recommended settings and follow best practices to improve security posture** – As part of our service, we will share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
Microsoft Defender Experts for XDR provides you with multiple channels of communication to discuss incidents with our experts, ask them questions on demand, or get service readiness or operations support from your service delivery managers (SDMs).
26
+
Microsoft Defender Experts for XDR provides you with multiple channels of communication to discuss incidents with our experts, ask them questions on demand, or get service readiness or operations support from your service delivery managers (SDMs), if included in your service.
27
27
28
28
## Incident and managed response notifications
29
29
@@ -79,6 +79,9 @@ While the previous scenarios involve our experts initiating communication with y
79
79
80
80
The service delivery manager (SDM) is responsible for managing the overall relationship for your organization with the Defender Experts for XDR service. They are your trusted advisor working along with XDR experts' team to help you protect your organization.
81
81
82
+
> [!NOTE]
83
+
> Service delivery managers are included if your Defender Experts for XDR service is licensed for 500 or more seats.
Copy file name to clipboardExpand all lines: defender-xdr/dex-xdr-overview.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ ms.custom:
17
17
- cx-ti
18
18
- cx-dex
19
19
search.appverid: met150
20
-
ms.date: 02/05/2025
20
+
ms.date: 03/05/2025
21
21
---
22
22
23
23
# Microsoft Defender Experts for XDR
@@ -40,18 +40,22 @@ Defender Experts for XDR augments your SOC by combining automation and Microsoft
40
40
-**Access expertise when you need it** - Extend your team's capacity with access to Defender Experts for assistance on an investigation
41
41
-**Stay ahead of emerging threats** - Our experts proactively hunt for emerging threats in your environment, informed by unparalleled threat intelligence and visibility
42
42
43
-
Apart from the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft Defender XDR signals, you also receive managed response from our security analysts andsupport from Microsoft's security-focused service delivery managers (SDMs). This service lets you enjoy the following capabilities:
43
+
Apart from the constantly updated research and intelligence tailored for the threats currently seen across the various Microsoft Defender XDR signals, you also receive managed response from our security analysts and, if your service includes it, support from Microsoft's security-focused service delivery managers (SDMs)*. This service lets you enjoy the following capabilities:
44
44
45
45
-**Managed detection and response** - Expert analysts manage your Microsoft Defender XDR incident queue and handle triage and investigation on your behalf; they partner with you and your team to take action or guide you to respond to incidents
46
46
-**Proactive threat hunting** - [Microsoft Defender Experts for Hunting](defender-experts-for-hunting.md) is built in to extend your team's threat hunting capabilities and prioritize significant threats
47
47
-**Ask Defender Experts** - Select [Ask Defender Experts](experts-on-demand.md) in the Microsoft Defender portal to get expert advice about threats your organization is facing. You can ask for help on a specific incident, nation-state actor, or attack vector-related notifications
48
48
-**Live dashboards and reports** - Transparent view of our operations on your behalf and noise free, actionable view into what matters for you coupled with detailed analytics
49
49
-**Proactive check-ins for continuous security improvements** - Periodic check-ins with your named service delivery team to guide your Defender Experts for XDR experience and improve your security posture
50
50
51
+
> [!NOTE]
52
+
> Service delivery managers are included if your Defender Experts for XDR service is licensed for 500 or more seats.
53
+
51
54
[Read the Defender Experts for XDR ebook](https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Defender-Experts-for-XDR-eBook-Final.pdf) and maximize the benefits of this product suite.
Copy file name to clipboardExpand all lines: defender-xdr/get-started-xdr.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,7 +17,7 @@ ms.custom:
17
17
- cx-ti
18
18
- cx-dex
19
19
search.appverid: met150
20
-
ms.date: 10/30/2024
20
+
ms.date: 03/05/2025
21
21
---
22
22
23
23
# Get started with Microsoft Defender Experts for XDR
@@ -131,7 +131,7 @@ Similar to the other excluded device or user groups, you instead get remediation
131
131
Defender Experts for XDR lets you determine the individuals or groups within your organization that need to be notified if there are critical incidents, service updates, occasional queries, and other recommendations:
132
132
133
133
-**Incident notification contacts** – These contacts are persons or teams that we can notify for managed response actions or any communication that requires immediate response. Given the urgent nature of the communications, we recommended that these contacts are always available.
134
-
-**Service review contacts** – These contacts are persons or teams that we can engage with for ongoing security briefings done by our service delivery team.
134
+
-**Service review contacts** – These contacts are persons or teams that will be engaged with for service updates and, if your service includes a service delivery manager, service briefings.
135
135
136
136
Once identified, the individuals or groups will receive an email notifying them that they were as a contact for incident notification or service review purposes.
137
137
@@ -204,7 +204,7 @@ The readiness assessment has two parts:
204
204
> [!IMPORTANT]
205
205
> Defender Experts for XDR reviews your readiness assessment periodically, especially if there are any changes to your environment, such as the addition of new devices and identities. It's important that you regularly monitor and run the readiness assessment beyond the initial onboarding to ensure that your environment has strong security posture to reduce risk.
206
206
207
-
After you complete all the required tasks and met the onboarding targets in your readiness assessment, your service delivery manager (SDM) initiates the monitoring phase of the Defender Experts for XDR service, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses.
207
+
After you complete all the required tasks and met the onboarding targets in your readiness assessment, the monitoring phase of your Defender Experts for XDR service will start, where, for a few days, our experts start monitoring your environment closely to identify latent threats, sources of risk, and normal activity. As we get better understanding of your critical assets, we can streamline the service and fine-tune our responses.
208
208
209
209
Once our experts begin to perform comprehensive response work on your behalf, you'll start receiving [notifications about incidents](managed-detection-and-response-xdr.md#incident-updates) that require remediation steps and targeted recommendations on critical incidents. You can also [chat with our experts](communicate-defender-experts-xdr.md) or your SDMs regarding important queries and regular business and security posture reviews. Additionally you can also [view real-time reports](reports-xdr.md) on the number of incidents we've investigated and resolved on your behalf.
0 commit comments