title | ms.reviewer | description | ms.service | ms.subservice | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.custom | search.appverid | ms.date | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Important considerations related to Defender Experts for XDR |
Additional information and important considerations related to Defender Experts for XDR |
defender-experts |
dex-xdr |
deploy |
library |
security |
vpattnaik |
vpattnai |
medium |
dansimp |
ITPro |
|
conceptual |
|
met150 |
10/30/2024 |
Applies to:
To realize the benefits of Microsoft Defender Experts for XDR, you and your security operations center (SOC) team must take note of the following considerations to ensure timely incident remediation, improve your organization's security posture, and protect your organization from threats.
- Engage actively through the readiness assessment process – The readiness assessment when onboarding for Defender Experts for XDR is an integral part of the offering. Completing it successfully ensures prompt service coverage and protects your organization against known threats.
- Act on managed responses in a timely manner – For any suspicious incidents and alerts, our experts provide a detailed investigation summary and managed responses for remediation. We expect your SOC team to act on these managed responses in a timely manner to prevent further impact from any malicious attempts.
- Configure recommended settings and follow best practices to improve security posture – As part of our service, your service delivery manager and security analyst team share ongoing recommendations to strengthen your security posture. These recommendations are based on incidents investigated in your organization. Your SOC team should review these recommendations and implement them as soon as possible to protect your organization against future threats.
Defender Experts for XDR isn't an incident response (IR) service. While it augments your SOC team to triage, investigate, and remediate threats, Defender Experts for XDR won't be able to provide recovery and crisis management services if a major security incident has already occurred in your organization. You should engage instead with your own security IR provider to address urgent incident response issues.
If you don't have your own security IR team, Microsoft Incident Response can help mitigate a breach and recover your operations. If you're an existing unified or premier support customer, create a support request in the Microsoft Services Hub to engage with them. Otherwise, fill out the Experiencing a Cybersecurity Incident? form. We'll review the details and quickly call you with instructions to get started.
- General information on Defender Experts for XDR service
- How Microsoft Defender Experts for XDR permissions work
[!INCLUDE Microsoft Defender XDR rebranding]