+- ContentEngagementFY23

+- ContentEngagementFY23

+[Time to rethink mandatory password changes](https://go.microsoft.com/fwlink/p/?linkid=861018).

+Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them.

+- ContentEngagementFY23

+- ContentEngagementFY23

+- ContentEngagementFY23

+

+> For emails that you auto-apply by identifying sensitive information, all mailboxes are automatically included, which includes mailboxes from Microsoft 365 groups. By default, the **Exchange email** location isn't selected for adaptive scopes when you have this configuration. Even if you can select the location, retention labels won't apply to the Exchange items.

+search.appverid:

+## Policy templates

+This table lists all policy templates and the sensitive information types (SIT) that they cover.

+|Privacy| Germany Personally Identifiable Information (PII) Data|- [Germany driver's license number](sit-defn-germany-drivers-license-number.md) </br> - [Germany passport number](sit-defn-germany-passport-number.md)|

+|Privacy| Israel Personally Identifiable Information (PII) Data|- [Israel national identification number](sit-defn-israel-national-identification-number.md)|

+DLP policies detect sensitive items by matching them to a sensitive information type (SIT), or to a sensitivity label, or a retention label. Each location supports different methods of defining sensitive content. When you combine locations in a policy, how the content can be defined can change from how it can be defined by a single location.

+Priority for rules on endpoints is also assigned according to the order in which it's created. That means, the rule created first has first priority, the rule created second has second priority, and so on.

+> Users who have non-guest accounts in a host organization's Active Directory or Azure Active Directory tenant are considered as people inside the organization.

+- [Trainable Classifiers](classifier-learn-about.md) (in preview)

+- Sender is

+- Sender domain is

+- Recipient domain is

+- Recipient is

+- (preview) Document or attachment is password protected (.pdf, Office files and Symantec PGP encrypted files are fully supported).This predicate doesnΓÇÖt detect digital rights managed (DRM) encrypted or permission protected files.

+- (preview) The user accessed a sensitive website from Edge. See, [Scenario 6 Monitor or restrict user activities on sensitive service domains (preview)](endpoint-dlp-using.md#scenario-6-monitor-or-restrict-user-activities-on-sensitive-service-domains) for more information.

+In rules, exceptions define conditions that are used to exclude an item from the policy. Logically, exclusive conditions that are evaluated after the inclusive conditions and context. They tell the rule &#8212; when you find an item that looks like *this* and is being used like *that* it's a match and the rest of the actions in the policy should be taken on it ***except if***... &#8212;

+- **Except if** content contains

+### Actions

+ - Block everyone. Only the content owner, last modifier, and site admin will continue to have access

+ - Block only people from outside your organization. Users inside your organization will continue to have access.

+- **Copy to a USB removable drive**

+##### Restricted app activities

+See, [Restricted apps and app groups](dlp-configure-endpoint-settings.md#restricted-apps-and-app-groups) for more information.

+- all actions for non-Exchange locations

+Whether an action takes effect or not depends on how you configure the mode of the policy. You can choose to run the policy in test mode with or without showing policy tip by selecting the **Test it out first** option. You choose to run the policy as soon as an hour after it is created by selecting the **Turn it on right away** option, or you can choose to just save it and come back to it later by selecting the **Keep it off** option.

+<!--This section introduces the business need for user notifications, what they are, their benefit, how to use them, how to customize them, and links out to

+- /microsoft-365/compliance/use-notifications-and-policy-tips

+- /microsoft-365/compliance/dlp-policy-tips-reference

+>

+ - email notifications to the user who sent, shared, or last modified the content

+ OR

+ - notify specific people

+

+*%%AppliedActions%% File name %%FileName%% via %%ProcessName%% is not allowed by your organization. Click 'Allow' if you want to bypass the policy %%PolicyName%%*

+>

+To learn more about user notification and policy tip configuration and use, including how to customize the notification and tip text, see

+The intent of **User overrides** is to give users a way to bypass, with justification, DLP policy blocking actions on sensitive items in Exchange, SharePoint, OneDrive, or Teams so that they can continue their work. User overrides are enabled only when **Notify users in Office 365 services with a policy tip** is enabled, so user overrides go hand-in-hand with Notifications and Policy tips.

+Typically, user overrides are useful when your organization is first rolling out a policy. The feedback that you get from any override justifications and identifying false positives helps in tuning the policy.

+<!-- This section covers what they are and how to best use them in conjunction with Test/Turn it on right away and link out to where to find the business justification for the override (DLP reports? /microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide) /microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide#view-the-justification-submitted-by-a-user-for-an-override-->

+/microsoft-365/compliance/view-the-dlp-reports?view=o365-worldwide

+/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worldwide-->

+> Retention policies also support messages posted with the [chat with yourself](https://support.microsoft.com/office/start-a-chat-in-teams-0c71b32b-c050-4930-a887-5afbe742b3d8?storagetype=live#bkmk_chatwithself) feature.

+Next, identify your phase 1 pilot community and make sure it includes actual frontline workers in the smallest logical grouping for your organization. For example, one restaurant, one division of a department store, one store, one clinical ward, one precinct, one plant, one distribution center, etc. The key is to optimize around the average frontline worker being part of one team only. Managers or specialists may be in more than one.

+For more information about this architecture, including deployment objectives for your entire digital estate, see [Zero Trust Rapid Modernization Plan (RaMP)](/security/zero-trust/zero-trust-ramp-overview).

+### [Advanced hunting](/microsoft-365/security/defender/advanced-hunting-overview)

+You first need to [create an app](/microsoft-365/security/defender-endpoint/apis-intro).

+ ```

+ let

+ AdvancedHuntingQuery = "DeviceEvents | where ActionType contains 'Anti' | limit 20",

+

+ HuntingUrl = "https://api.securitycenter.microsoft.com/api/advancedqueries",

+

+ Response = Json.Document(Web.Contents(HuntingUrl, [Query=[key=AdvancedHuntingQuery]])),

+

+ TypeMap = #table(

+ { "Type", "PowerBiType" },

+ {

+ { "Double", Double.Type },

+ { "Int64", Int64.Type },

+ { "Int32", Int32.Type },

+ { "Int16", Int16.Type },

+ { "UInt64", Number.Type },

+ { "UInt32", Number.Type },

+ { "UInt16", Number.Type },

+ { "Byte", Byte.Type },

+ { "Single", Single.Type },

+ { "Decimal", Decimal.Type },

+ { "TimeSpan", Duration.Type },

+ { "DateTime", DateTimeZone.Type },

+ { "String", Text.Type },

+ { "Boolean", Logical.Type },

+ { "SByte", Logical.Type },

+ { "Guid", Text.Type }

+ }),

+

+ Schema = Table.FromRecords(Response[Schema]),

+ TypedSchema = Table.Join(Table.SelectColumns(Schema, {"Name", "Type"}), {"Type"}, TypeMap , {"Type"}),

+ Results = Response[Results],

+ Rows = Table.FromRecords(Results, Schema[Name]),

+ Table = Table.TransformColumnTypes(Rows, Table.ToList(TypedSchema, (c) => {c{0}, c{2}}))

+

+ in Table

+ ```

+9. Select **Connect**.

+The only difference from the previous example is the query inside the editor. Follow steps 1-3 above.

+- [Defender for Endpoint APIs](apis-intro.md)

+- [Advanced Hunting API](run-advanced-query-api.md)

+> [!IMPORTANT]

+>

+> While you're going through the process of planning, auditing, and enable ASR rules, it's recommended that you enable the following three _standard protection rules_. See [Attack surface reduction rules by type](attack-surface-reduction-rules-reference.md#attack-surface-reduction-rules-by-type) for important details about the two types of ASR rules.

+>

+> - [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](attack-surface-reduction-rules-reference.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem)

+> - [Block abuse of exploited vulnerable signed drivers](attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers)

+> - [Block persistence through Windows Management Instrumentation (WMI) event subscription](attack-surface-reduction-rules-reference.md#block-persistence-through-wmi-event-subscription)

+>

+> You can typically enable the standard protection rules with minimal noticeable impact to the end user. For an easy method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option).

+## Important pre-deployment caveat

+While you're going through the process of planning, auditing, and enable ASR rules, it's recommended that you enable the following three _standard protection rules_. See [Attack surface reduction rules by type](attack-surface-reduction-rules-reference.md#attack-surface-reduction-rules-by-type) for important details about the two types of ASR rules.

+- [Block credential stealing from the Windows local security authority subsystem (lsass.exe)](attack-surface-reduction-rules-reference.md#block-credential-stealing-from-the-windows-local-security-authority-subsystem)

+- [Block abuse of exploited vulnerable signed drivers](attack-surface-reduction-rules-reference.md#block-abuse-of-exploited-vulnerable-signed-drivers)

+- [Block persistence through Windows Management Instrumentation (WMI) event subscription](attack-surface-reduction-rules-reference.md#block-persistence-through-wmi-event-subscription)

+Typically, you can enable the standard protection rules with minimal-to-no noticeable impact to the end user. For an easy method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option)

+> [!NOTE]

+> For Customers who are using a non-Microsoft HIPS and are transitioning to Microsoft Defender for Endpoint attack surface reduction rules: Microsoft advises customers to run their HIPS solution side-by-side with their ASR rules deployment until the moment you shift from Audit to Block mode. Keep in mind that you must reach out to your 3rd-party antivirus vendor for exclusion recommendations.

+> [!IMPORTANT]

+> This guide provides images and examples to help you decide how to configure ASR rules; these images and examples might not reflect the best configuration options for your environment.

+## Attack surface reduction rules by type

+ASR rules are categorized as one of two types:

+1. **Standard protection rules**: Are the minimum set of rules which Microsoft recommends you always enable, while you are evaluating the impact and configuration needs of the other ASR rules. These rules typically have minimal-to-no noticeable impact on the end user.

+1. **Other rules**: Rules which require some measure of following the documented deployment steps [Plan > Test (audit) > Enable (block/warn modes)], as documented in the [Attack surface reduction (ASR) rules deployment guide](attack-surface-reduction-rules-deployment.md)

+For the easiest method to enable the standard protection rules, see: [Simplified standard protection option](attack-surface-reduction-rules-report.md#simplified-standard-protection-option).

+| ASR rule name: | Standard protection rule? | Other rule? |

+|:|:|:|

+| Block abuse of exploited vulnerable signed drivers| Yes | |

+| Block Adobe Reader from creating child processes | | Yes |

+| Block all Office applications from creating child processes | | Yes |

+| Block credential stealing from the Windows local security authority subsystem (lsass.exe) | Yes | |

+| Block executable content from email client and webmail | | Yes |

+| Block executable files from running unless they meet a prevalence, age, or trusted list criterion | | Yes |

+| Block execution of potentially obfuscated scripts | | Yes |

+| Block JavaScript or VBScript from launching downloaded executable content | | Yes |

+| Block Office applications from creating executable content | | Yes |

+| Block Office applications from injecting code into other processes | | Yes |

+| Block Office communication application from creating child processes | | Yes |

+| Block persistence through WMI event subscription | Yes | |

+| Block process creations originating from PSExec and WMI commands | | Yes |

+| Block untrusted and unsigned processes that run from USB | | Yes |

+| Block Win32 API calls from Office macros | | Yes |

+| Use advanced protection against ransomware | | Yes |

+keywords: ip, url, domain, manage, allowed, blocked, block, clean, malicious, file hash, ip address, urls, domain, IoC precedence, IoC conflict,

+## Overview

+By creating indicators for IPs and URLs or domains, you can now allow or block IPs, URLs, or domains based on your own threat intelligence. You can also warn users with a prompt if they open a risky app. The prompt won't stop them from using the app but you can provide a custom message and links to a company page that describes appropriate usage of the app. Users can still bypass the warning and continue to use the app if they need.

+To block malicious IPs/URLs (as determined by Microsoft), Defender for Endpoint can use:

+- Windows Defender SmartScreen for Microsoft browsers

+- Network Protection for non-Microsoft browsers, or calls made outside of a browser

+The threat-intelligence data set to block malicious IPs/URLs is managed by Microsoft.

+You can block malicious IPs/URLs through the settings page or by machine groups, if you deem certain groups to be more or less at risk than others.

+### Network Protection requirements

+URL/IP allow and block requires that the Microsoft Defender for Endpoint component _Network Protection_ is enabled in block mode. For more information on Network Protection and configuration instructions, see [Enable network protection](enable-network-protection.md).

+### Supported operating systems

+- Windows 10, version 1709 or later

+- Windows 11

+- Windows Server 2016

+- Windows Server 2012 R2

+- Windows Server 2019

+- Windows Server 2022

+- Android and iOS devices

+### Windows Server 2016 and Windows Server 2012 R2 requirements

+Windows Server 2016 and Windows Server 2012 R2 must be onboarded using the instructions in [Onboard Windows servers](configure-server-endpoints.md#windows-server-2012-r2-and-windows-server-2016).

+### Microsoft Defender Antivirus version requirements

+The _Antimalware client version_ must be 4.18.1906.x or later.

+### Custom network indicators requirements

+Ensure that **Custom network indicators** is enabled in **Microsoft 365 Defender** \> **Settings** \> **Advanced features**. For more information, see [Advanced features](advanced-features.md).

+For support of indicators on iOS, see [Microsoft Defender for Endpoint on iOS](/microsoft-365/security/defender-endpoint/ios-configure-features#configure-custom-indicators).

+For support of indicators on Android, see [Microsoft Defender for Endpoint on Android](/microsoft-365/security/defender-endpoint/android-configure#configure-custom-indicators).

+### IoC indicator list limitations

+Only external IPs can be added to the indicator list. Indicators cannot be created for internal IPs. For web protection scenarios, we recommend using the built-in capabilities in Microsoft Edge. Microsoft Edge leverages [Network Protection](network-protection.md) to inspect network traffic and allows blocks for TCP, HTTP, and HTTPS (TLS).

+### Non Microsoft Edge and Internet Explorer processes

+For processes other than Microsoft Edge and Internet Explorer, web protection scenarios leverage Network Protection for inspection and enforcement:

+- IP is supported for all three protocols (TCP, HTTP, and HTTPS (TLS))

+- Only single IP addresses are supported (no CIDR blocks or IP ranges) in custom indicators

+- Encrypted URLs (full path) can only be blocked on first party browsers (Internet Explorer, Edge)

+- Encrypted URLs (FQDN only) can be blocked in third party browsers (i.e. other than Internet Explorer, Edge)

+- Full URL path blocks can be applied for unencrypted URLs

+- If there are conflicting URL indicator policies, the longer path is applied. For example, the URL indicator policy `https://support.microsoft.com/office` takes precedence over the URL indicator policy `https://support.microsoft.com`.

+There may be up to 2 hours of latency (usually less) between the time the action is taken, and the URL and IP being blocked.

+### Warn mode controls

+When using warn mode, you can configure the following controls:

+- **Bypass ability**

+ - Allow button in Edge

+ - Allow button on toast (Non-Microsoft browsers)

+ - Bypass duration parameter on the indicator

+ - Bypass enforcement across Microsoft and Non-Microsoft browsers

+- **Redirect URL**

+ - Redirect URL parameter on the indicator

+ - Redirect URL in Edge

+ - Redirect URL on toast (Non-Microsoft browsers)

+## IoC IP URL and domain policy conflict handling order

+Policy conflict handling follows the below order:

+- MDCA creates an unsanctioned indicator for all users but URL is allowed for a specific device group, the specific device group is Blocked access to the URL.

+- If the IP, URL/Domain is allowed

+- If the IP, URL/Domain is not allowed

+- If the IP, URL/Domain is allowed

+- If the IP, URL/Domain is not allowed

+- If the IP, URL/Domain is allowed

+If there are conflicting file IoC policies with the same enforcement type and target, the policy of the more secure will be applied.

+Policy conflict handling for domains/URLs/IP addresses differ from policy conflict handling for Certs.

+Threat and vulnerability management's block vulnerable application features uses the file IoCs for enforcement and will follow the above conflict handling order.

+## Policy precedence

+Microsoft Defender for Endpoint policy has precedence over Microsoft Defender Antivirus policy. In situations when Defender for Endpoint is set to **Allow**, but Microsoft Defender Antivirus is set to **Block**, the policy will default to **Allow**.

+#### Precedence for multiple active policies

+Applying multiple different web content filtering policies to the same device will result in the more restrictive policy applying for each category. Consider the following scenario:

+- **Policy 1** blocks categories 1 and 2 and audits the rest

+- **Policy 2** blocks categories 3 and 4 and audits the rest

+The result is that categories 1-4 are all blocked. This is illustrated in the following image.

+ Title: Professional services supported by Microsoft 365 Defender

+description: See the list of professional services that Microsoft 365 Defender can integrate with.

+keywords: professional service, managed security services, m365 defender, m365 defender services, mssp, configure, integration, protect, evolve, educate, defender for endpoint, detection

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+search.appverid: met150

+# Professional services supported by Microsoft 365 Defender

+**Applies to:**

+- Microsoft 365 Defender

+- Microsoft Defender for Endpoint

+- Microsoft Defender for Vulnerability Management

+- Microsoft Defender for Office 365

+- Microsoft Defender for Identity

+- Microsoft Defender for Cloud Apps

+The following professional services can be integrated with Microsoft DefendersΓÇÖ products:

+## Manage

+Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.

+| Service name | Vendor | Description |

+| -- | | |

+| [Microsoft Defender Experts](https://go.microsoft.com/fwlink/?linkid=2203232)| Microsoft | Defender Experts for Hunting is a proactive threat hunting service for Microsoft 365 Defender. |

+| [Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671) | glueckkanja-gab AG| Monitors your Microsoft Security Solutions 24/7, responds to threats on your behalf and works closely with your IT to continuously improve your security posture.|

+| [Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480)| Wortell| Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models|

+| [CRITICALSTART® Managed Detection & Response Services for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202761)| CRITICALSTART| Critical Start Managed Detection and Response (MDR) services for Microsoft 365 Defender (M365D) extends security defenses to provide cross-domain threat protection and simplify breach prevention. Their team of Microsoft security experts leverages integration with M365D to detect, investigate and respond with the right actions to alerts from identity, to email and cloud – before they disrupt business operations.  |

+| [CRITICALSTART® Managed Detection & Response Services for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202844)  | CRITICALSTART| Critical Start Managed Detection & Response (MDR) service for Microsoft Defender for Endpoint (MDE) simplifies security across an expanded attack surface by combining Microsoft’s cross-enterprise visibility threat detection and auto investigation capabilities with optimized threat detection and response to deliver an 80% reduction in false positives on the first day of production monitoring.  |

+| [InSpark Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2202387) | InSpark| InSparks' Cloud Security Center is a 24x7 Managed Security Solution including SOC services. It continuously provides your Microsoft cloud platform with the highest level of security.   |

+| [Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)| Mandiant, Inc. | Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations. |

+| [Onevinn MDR](https://go.microsoft.com/fwlink/?linkid=2202390) | Onevinn| Onevinn MDR, Managed Detection and Response, built on Microsoft Defender and Microsoft Sentinel is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. |

+| [SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677) | Sepago GmbH  | SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|

+| [MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762) | Red Canary | MDR for Microsoft provides 24x7 managed detection, investigation, and response to threats across your Microsoft environment.  |

+| [Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843)  | BDO | BDO’s Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don’t. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don’t. |

+| [DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580) | DXC | DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. It's powered by Microsoft’s Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats, |

+| [Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)  | Dell Technologies | Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24 by 7 to serve customers with security monitoring and management. They help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response. |

+| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202385) | CSIS | Provides 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when, and how security incidents have taken place. |

+| [MDR for Endpoints](https://go.microsoft.com/fwlink/?linkid=2202676)| NTT Ltd. | MDR for Endpoints helps increase your cyber resilience with Managed Detection and Response (MDR) service. Combines 24/7 human & machine expertise, best-of-breed technologies, and global threat intelligence to detect and disrupt hard-to-find attacks, making it more secure. |

+| [BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673) | BlueVoyant | BlueVoyantΓÇÖs MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of MicrosoftΓÇÖs Defender product suite with BlueVoyantΓÇÖs elite 24x7 security operations team to identify, investigate and eradicate todayΓÇÖs most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more. |

+| [White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)  | White Hat IT Security| White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts. |

+| [eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582) | eSentire| MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.  |

+| [Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)| Aujas Cybersecurity   | Managed security services that assist organizations to detect threats early and help minimize the impact of a breach.|

+| [Expel for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202477) | Expel | Provides 24/7 detection and response for Microsoft Defender for Endpoint, Azure, and Office 365.|

+| [Managed XDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202386)  | CyberProof | CyberProof’s Managed XDR (Extended Detection and Response) for Microsoft identifies intrusions across your enterprise as you migrate to the cloud – from applications to endpoints, identities and data - enabling timely response to reduce the impact of the attack.   The combination of their human expertise and experience in security operations with Microsoft’s 365 Defender and Microsoft Sentinel technology reduces the costs and complexity of adopting and operating a cloud-native cyber defense architecture. |

+| [Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848) | Secureworks | Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.  |

+| [Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)  | The Collective| The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch. |

+| [Nedscaper Managed XDR](https://go.microsoft.com/fwlink/?linkid=2202478) | Nedscaper | Nedscaper Manager XDR (MDR) is a Managed Detect and Respond SaaS solution, which provides 24/7 Threat Protection, continues Vulnerability Management and combined Threat Intelligence built on Azure. The Microsoft (365 & Azure) Defender products, plus any non-Microsoft / 3P Security solution, is connected to Microsoft Sentinel as the core platform for the Security analysts. |

+| [dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)| dinext AG | Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment. |

+| [Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392)| Synergy Advisors LLC | E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance. |

+| [Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846) | Quorum Cyber | Quorum Cyber’s Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security. |

+|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)| Patriot Consulting | SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|

+|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895) | Open Systems| Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24×7 protection while reducing attack surfaces and MTTR.|

+## Respond

+Respond to security incidents quickly, effectively and at scale with complete incident response including investigation, containment, remediation, and crisis management.

+| Service name | Vendor| Description|

+| -| | |

+| [Microsoft Detection and Response Team (DART)](https://go.microsoft.com/fwlink/?linkid=2203105) | Microsoft | The Cybersecurity Incident Response service is an effective way to respond to incidents due to the activities of todayΓÇÖs adversaries and sophisticated criminal organizations. This service seeks to determine whether systems are under targeted exploitation via investigation for signs of advanced implants and anomalous behavior. |

+| [Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)| Quorum Cyber| Quorum CyberΓÇÖs Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security. |

+| [Trustwave MDR](https://go.microsoft.com/fwlink/?linkid=2202849)| Trustwave | Trustwave offers a security service (Gartner Leader) for endpoint using Microsoft Defender for Endpoint. |

+| [Active Remediation](https://go.microsoft.com/fwlink/?linkid=) | Red Canary | Red Canary security experts respond to remediate threats on your endpoints, 24x7. Requires Red Canary MDR for Microsoft. |

+| [Onevinn DFIR](https://go.microsoft.com/fwlink/?linkid=2202584)  | Onevinn| Onevinn DFIR, Digital Defense and Incident Response team, when you're having a breach and you need urgent assistance to gain back control of your IT Environment. |

+| [Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671) | glueckkanja-gab AG| Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.|

+| [Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480) | Wortell| Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models |

+| [InSpark Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2202387) | InSpark| InSparks' Cloud Security Center is a 24x7 Managed Security Solution including SOC services. It continuously provides your Microsoft cloud platform with the highest level of security. |

+| [Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)| Mandiant, Inc. | Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations. |

+| [Onevinn MDR](https://go.microsoft.com/fwlink/?linkid=2202390) | Onevinn| Onevinn MDR, Managed Detection and Response, built on Microsoft Defender and Microsoft Sentinel is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. |

+| [MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762) | Red Canary | 24x7 managed detection, investigation, and response to threats across your Microsoft environment.|

+| [Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843) | BDO | BDO’s Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don’t. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don’t.  |

+| [DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580) | DXC | DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft’s Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,  |

+| [Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476)  | Dell Technologies | Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24/7 to serve customers with security monitoring and management. They help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.|

+| [CSIS Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202385) | CSIS | 24/7 monitoring and analysis of security alerts giving companies actionable insights into what, when, and how security incidents have taken place. |

+| [MDR for Endpoints](https://go.microsoft.com/fwlink/?linkid=2202676)  | NTT Ltd. | Increase your cyber resilience with Managed Detection and Response (MDR) service. Combining 24/7 human & machine expertise, best-of-breed technologies, and global threat intelligence to detect and disrupt hard-to-find attacks, making you more secure. |

+| [BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673) | BlueVoyant | BlueVoyantΓÇÖs MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of MicrosoftΓÇÖs Defender product suite with BlueVoyantΓÇÖs elite 24x7 security operations team to identify, investigate and eradicate todayΓÇÖs most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more. |

+| [White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)  | White Hat IT Security| White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.|

+| [eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)| eSentire | MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.  |

+| [Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672)| Aujas Cybersecurity   | Managed security services that assist organisations to detect threats early and help minimize the impact of a breach. |

+| [Accenture Managed Extended Detection & Response (MxDR)](https://go.microsoft.com/fwlink/?linkid=2202842)  | Accenture | Accenture's Managed Extended Detection & Response (MxDR) service provides a fully managed service that proactively finds and mitigates advanced cyber-attacks and malicious activity before they cause material business impact across IT and OT environments, both in the cloud and on-premises. |

+| [Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)  | Secureworks | Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.  |

+| [Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)  | The Collective | The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch. |

+| [dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581) | dinext AG | Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment. |

+| [Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392) | Synergy Advisors LLC | E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.  |

+| [SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)| Sepago GmbH  | SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|

+|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)| Patriot Consulting | SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|

+|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895) | Open Systems| Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24×7 protection while reducing attack surfaces and MTTR.|

+## Protect

+Protect your organization proactively by evaluating your organizationΓÇÖs ability to effectively prevent, detect, and respond to cyber threats before they disrupt your business.

+| Service name | Vendor| Description|

+| - | - | -- |

+| [Microsoft Defender Experts](https://go.microsoft.com/fwlink/?linkid=2203232) | Microsoft | Defender Experts for Hunting is a proactive threat hunting service for Microsoft 365 Defender.|

+| [Microsoft Consulting Services - Security Operations and Threat Protection Services](https://www.microsoft.com/en-us/industrysolutions/solutions/security?activetab=pivot1:primaryr4) | Microsoft | The Microsoft Consulting Services (MCS) Security Operations and Threat Protection Services (SOTPS), provides a structured approach to modern Security Operations Center (SOC) design and implementation using effective change management techniques so your security professionals can detect attacks faster and respond more effectively. |

+| [Onevinn Threat Hunting](https://go.microsoft.com/fwlink/?linkid=2202584)  | Onevinn| If your Internal SOC needs an extra pair of eyes looking for threats, Onevinn´s Threat Hunters can be purchased as your extended hunting team.  |

+| [Microsoft 365 Security Assessment](https://go.microsoft.com/fwlink/?linkid=2202389)  | Nedscaper | The Microsoft 365 Security assessment provides a risk-based approach to scan and analyze the security baseline (prevention is better than the cure) and settings of the Microsoft 365 Security products, from Microsoft 365 E3 security products like Azure AD Conditional Access and Microsoft Endpoint Manager (Microsoft Defender Antivirus policies) to the Microsoft 365 E5 Security products like Microsoft 365 Defender, Azure AD identity Protection and Microsoft Defender for Identity, Devices, Office 365 and Cloud Apps.|

+| [Invoke Monthly Microsoft 365 Security Assessments](https://go.microsoft.com/fwlink/?linkid=2202583)  | Invoke LLC | Provides monthly detailed assessment reports of active threats, vulnerabilities active and Phishing/malware campaigns targeted on your Microsoft 365 Environment. Helps with prescribed mitigations for active threats and improvement actions for recurring threats if any. Monitor Secure score and recommendations, giving your security teams an extra set of eyes to stay on top of risks. |

+| [Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671)| glueckkanja-gab AG| Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.|

+| [Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480) | Wortell| Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models |

+| [InSpark Cloud Security Center](https://go.microsoft.com/fwlink/?linkid=2202387)| InSpark| InSparks' Cloud Security Center is a 24x7 Managed Security Solution including SOC services. It continuously provides your Microsoft cloud platform with the highest level of security. |

+| [Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)| Mandiant, Inc. | Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations. |

+| [Onevinn MDR](https://go.microsoft.com/fwlink/?linkid=2202390)| Onevinn| Onevinn MDR, Managed Detection and Response, built on Microsoft Defender and Microsoft Sentinel is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks. |

+| [MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762)| Red Canary | 24x7 managed detection, investigation, and response to threats across your Microsoft environment.|

+| [Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843) | BDO | BDO’s Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don’t. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don’t.  |

+| [DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580)| DXC | DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft’s Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,  |

+| [Managed Security Services for Microsoft Defender Suite](https://go.microsoft.com/fwlink/?linkid=2202476) | Dell Technologies | Dell Technologies is a Global services delivery company with a distributed Security Operations Center that is available 24 by 7 to serve customers with security monitoring and management. Help onboard customers and improve their security posture and offload the burden of hiring and managing a full security team while reaping the benefits of 24 hour detection and response.|

+| [BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)| BlueVoyant | BlueVoyantΓÇÖs MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of MicrosoftΓÇÖs Defender product suite with BlueVoyantΓÇÖs elite 24x7 security operations team to identify, investigate and eradicate todayΓÇÖs most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more. |

+| [White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)  | White Hat IT Security| White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.|

+| [eSentire Managed Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202582)  | eSentire | MDR you can trust that provides 24/7 threat investigations and responses via Microsoft 365 Defender suite.  |

+| [Aujas Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202672) | Aujas Cybersecurity   | Managed security services that assist organizations to detect threats early and help minimize the impact of a breach. |

+| [Accenture Managed Extended Detection & Response (MxDR)](https://go.microsoft.com/fwlink/?linkid=2202842) | Accenture | Accenture's Managed Extended Detection & Response (MxDR) service provides a fully managed service that proactively finds and mitigates advanced cyber-attacks and malicious activity before they cause material business impact across IT and OT environments, both in the cloud and on-premises. |

+| [Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)  | Secureworks | Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.  |

+| [Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)  | The Collective | The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch. |

+| [dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581) | dinext AG | Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, dinext AG accompanies customers holistically on their way to a modern security environment. |

+| [Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392) | Synergy Advisors LLC | E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.  |

+| [Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)  | Quorum Cyber| Quorum Cyber’s Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security. |

+| [SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677)  | Sepago GmbH  | SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|

+|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)| Patriot Consulting | SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|

+|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895) | Open Systems| Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24×7 protection while reducing attack surfaces and MTTR.|

+## Evolve

+Evolve your organizationΓÇÖs security posture through improved processes and technologies that will up-level threat detection, containment, and remediation capabilities.

+| Service name | Vendor | Description|

+| -- | -- | |

+| [CRITICALSTART® Cybersecurity Consulting

+| [Sepago Adapt](https://go.microsoft.com/fwlink/?linkid=2202677)   | Sepago GmbH | Working with the full range of Microsoft Defender solutions requires a change in processes. Combining Microsoft and sepago best practices and your company-knowledge, together we'll build and establish processes for your organization to enable you to fully utilize the Defender solutions.|

+| [Zero Trust by Onevinn](https://go.microsoft.com/fwlink/?linkid=2202584) | Onevinn | Get started with Zero Trust by fully utilize your investment in Microsoft 365 Security Features |

+| [Cloud Security Operations Center](https://go.microsoft.com/fwlink/?linkid=2202671) | glueckkanja-gab AG | Monitors your Microsoft Security Solutions 24/7, respond to threats on your behalf and work closely with your IT to continuously improve your security posture.|

+| [Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480) | Wortell | Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models |

+| [Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388) | Mandiant, Inc.  | Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations. |

+| [MDR for Microsoft](https://go.microsoft.com/fwlink/?linkid=2202762) | Red Canary| 24x7 managed detection, investigation, and response to threats across your Microsoft environment.|

+| [Security Operations & MDR](https://go.microsoft.com/fwlink/?linkid=2202843)  | BDO| BDO’s Security Operations Center (SOC) provides continuous detection, protection and response for organizations globally. BDO MDR is like having eyes where you don’t. It's modern technology and experts make hunting, detecting and responding one less thing to keep up with. Because they have eyes where we don’t.  |

+| [DXC Managed Endpoint Threat Detection and Response](https://go.microsoft.com/fwlink/?linkid=2202580) | DXC| DXC Managed Endpoint Threat Detection and Response gives your organization the capability to successfully detect and respond to threats in your environment. Powered by Microsoft’s Defender for Endpoint and DXC Technology security experts with unparalleled knowledge of global threats,  |

+| [BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673) | BlueVoyant| BlueVoyantΓÇÖs MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of MicrosoftΓÇÖs Defender product suite with BlueVoyantΓÇÖs elite 24x7 security operations team to identify, investigate and eradicate todayΓÇÖs most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more. |

+| [White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)  | White Hat IT Security  | White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts.|

+| [Taegis XDR](https://go.microsoft.com/fwlink/?linkid=2202848)| Secureworks | Taegis™ ManagedXDR is Secureworks® 24x7 managed detection and response service, which helps you detect advanced threats and take the right action. Included threat hunting and incident response capabilities help you scale your security operations as Secureworks uses threat data collected across thousands of customers to improve your security posture. Secureworks' combination of proprietary security analytics software, SecOps expertise, incident response and threat hunting experience, threat intelligence capabilities, and 20-year history of service excellence helps reduce risk to your business.  |

+| [Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)   | The Collective | The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch. |

+| [dinext. pi-SOC](https://go.microsoft.com/fwlink/?linkid=2202581)| dinext AG| Through a close integration of deployment support, security operations and consulting in hardening and architectural improvements, it accompanies customers holistically on their way to a modern security environment. |

+| [Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846) | Quorum Cyber | Quorum Cyber’s Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security. |

+| [SepagoSOC](https://go.microsoft.com/fwlink/?linkid=2202677) | Sepago GmbH | SepagoSOC experts ensure that your environment is constantly monitored and protected utilizing the complete range of Microsoft 365 Defender solutions and Microsoft Sentinel. They help you to constantly evolve your security landscape with both technical and organizational experience.|

+|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)| Patriot Consulting | SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|

+|[Open Systems MDR+](https://go.microsoft.com/fwlink/?linkid=2208895) | Open Systems| Built for Microsoft security customers, MDR+ combines certified experts, exemplary processes, and seamless technology to deliver tailored, 24×7 protection while reducing attack surfaces and MTTR.|

+## Educate

+Mature and maintain your internal teamΓÇÖs security capabilities to prevent, detect, contain, and remediate threats.

+| Service name | Vendor | Description|

+| | -- | -- |

+| [CRITICALSTART® Cybersecurity Advisory

+| [Chief 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202584) | Onevinn | This course is aimed at IT security professionals and IT architects who want to get "Best Practices From the Field" within Microsoft 365 security and management of the Microsoft 365 Defender security suite.|

+| [Onevinn Chief Hunter](https://go.microsoft.com/fwlink/?linkid=2202584) | Onevinn | Onevinn Chief Hunter is a detection training on how to build proper detection in Microsoft Sentinel together with Microsoft 365 Defender.  |

+| [Defend Against Threats with SIEM Plus XDR](https://go.microsoft.com/fwlink/?linkid=2202479)  | Netrix | Enable customers with visibility into immediate threats across email, identity & data & how Microsoft Sentinel & Defender detect & quickly stop active threats|

+| [Defend Against Threats with SIEM Plus XDR Workshop](https://go.microsoft.com/fwlink/?linkid=2202479)| Netrix | Organizations today are managing a growing volume of data and alerts while dealing with tight budgets and vulnerable legacy systems. Get help achieving your broader security objectivesΓÇöand identify current and real threatsΓÇöby scheduling a Defend Against Threats with SIEM Plus XDR Workshop |

+| [Secure Multi-Cloud Environments Workshop](https://go.microsoft.com/fwlink/?linkid=2202479)  | Netrix | As the use of cloud services continues to grow, cyber risks and threats continue to evolve. Get help achieving your hybrid and multi-cloud security objectives—and identify current and real threats—by scheduling a Secure Multi-Cloud Environments Workshop. |

+| [Mitigate Compliance & Privacy Risks Workshop](https://go.microsoft.com/fwlink/?linkid=2202479)| Netrix | As your business-critical data expands and your workforce shifts to remote work, having an integrated approach that can help quickly identify, triage, and act on risky insider user activity is more important than ever. The Mitigate Compliance & Privacy Risks Workshop gives you the insights you need to understand insider and privacy risks in your organization. |

+| [Secure Identities & Access Workshop](https://go.microsoft.com/fwlink/?linkid=2202479)  | Netrix | Given the complexity of identities, data, applications, and devices, it’s essential to learn how to ensure the right people are accessing the right information, securely. In this workshop, we’ll show you how identity is the fundamental pillars of an integrated security philosophy and end-to-end security strategy. |

+| [Microsoft 365 Defender Professional Services](https://go.microsoft.com/fwlink/?linkid=2202675)   | Netwoven | Consulting and deployment services for the Defender suite |

+| [Wortell Protect](https://go.microsoft.com/fwlink/?linkid=2202480) | Wortell | Wortell offers a 24.7.365 Managed Detection and Response service, SOC-as-a-service, to secure your Azure subscriptions and Microsoft 365 environment. With this managed service, Wortell will provide security monitoring and incident response, and operate Microsoft Defender and (optionally) Microsoft Sentinel on your behalf. The service also includes threat intelligence feeds and custom machine learning models |

+| [Mandiant MDR for Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/?linkid=2202388)| Mandiant, Inc.  | Mandiant Managed Defense protects your business with a managed detection and response (MDR) service fueled by dedicated and frontline IR experts who protect against motivated adversaries with a combination of up-to-the-minute threat intelligence, data science and real-world expertise. Managed Defense helps customers optimize investments in Microsoft technology, maximize resources and accelerate investigations.  |

+| [BlueVoyant MDR for Microsoft 365 Defender](https://go.microsoft.com/fwlink/?linkid=2202673)| BlueVoyant| BlueVoyantΓÇÖs MDR (Managed Detection and Response) for Microsoft 365 Defender combines the power of MicrosoftΓÇÖs Defender product suite with BlueVoyantΓÇÖs elite 24x7 security operations team to identify, investigate and eradicate todayΓÇÖs most sophisticated and advanced cyberattacks. In addition to MDR, services can include implementation, assessments, training, concierge, third party integrations, and more. |

+| [White Hat Managed Security Services](https://go.microsoft.com/fwlink/?linkid=2202391)  | White Hat IT Security  | White Hat MSS offers zero trust approach to managed security on every platform – scalable and adaptive security from true experts. |

+| [Cloud Control - Managed Detection & Response](https://go.microsoft.com/fwlink/?linkid=2202678)  | The Collective | The Collective's Cloud Control Managed Protection, Detection and Response services is an enterprise grade managed service, delivering true Security Operations Center-as-a-Service (SOC) experience with a personal touch. |

+| [Synergy Advisors Teams App](https://go.microsoft.com/fwlink/?linkid=2202392) | Synergy Advisors LLC | E-Visor Teams App is a centralized place to involve and empower your end-users in the security and productivity of the organization by presenting unique information using data from Microsoft Defenders and Azure Active Directory while ensuring identity governance, and compliance.|

+| [Managed Microsoft XDR](https://go.microsoft.com/fwlink/?linkid=2202846)  | Quorum Cyber | Quorum Cyber’s Managed Microsoft XDR, a solution designed to enable customers to unleash the power of Microsoft security to reduce cyber risk and maximize return of investment in security. |

+|[SecureShield365](https://go.microsoft.com/fwlink/?linkid=2209718)| Patriot Consulting | SecureShield365 includes a full deployment of all Microsoft 365 Defender products including Intune plus 12 months of support. Microsoft XDR including Sentinel, Defender for Cloud, and MDR are available options.|

+## Related topics

+- [Configure managed service security provider integration](configure-mssp-support.md)

+ > The current SHA256 hash of 'XMDEClientAnalyzer.zip' that is downloaded from the above link is: 'BF102A79626C88FE58B5BE3034640835F96F54230292486716D72F515875966C'

+> - The current SHA256 hash of 'XMDEClientAnalyzerBinary.zip' that is downloaded from the above link is: '6FEB44EF2D9FEB8C8093A016FAB2B5F3ED580931008066BF134E8B1E04CAB222'

+ Title: Technological partners of Microsoft 365 Defender

+description: View technological partners of M365 Defender to enhance detection, investigation, and threat intelligence capabilities of the platform.

+keywords: partners, technological partner, applications, third-party, SIEM, threat intelligence, sentinel, SOAR, cross platform, m365 integrations, dns security, network protection

+ms.mktglfcycl: deploy

+ms.sitesec: library

+ms.pagetype: security

+ms.localizationpriority: medium

+audience: ITPro

+search.appverid: met150

+# Technological partners of Microsoft 365 Defender

+**Applies to:**

+- Microsoft 365 Defender

+- Microsoft Defender for Endpoint

+- Microsoft Defender for Vulnerability Management

+- Microsoft Defender for Office 365

+- Microsoft Defender for Identity

+- Microsoft Defender for Cloud Apps

+Microsoft 365 Defender supports third-party integrations to help secure users with effective threat protection, detection, investigation, and response, in various security fields of endpoints, vulnerability management, email, identities, cloud apps.

+The following are the solutionΓÇÖs categories:

+- Security information and event management (SIEM)

+- Security orchestration, automation, and response (SOAR)

+- Breach and attack simulation (BAS)

+- Threat intelligence

+- Network security/ DNS security

+- Identity security

+- Cross platform

+- Business cloud applications

+- Threat and vulnerability management

+- Secure service edge

+- Additional integrations

+## Supported integrations and partners

+### Security information and event management (SIEM)

+| Product name | Vendor | Description |

+| |||

+| [Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration) | Microsoft| Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. |

+| [Splunk](https://go.microsoft.com/fwlink/?linkid=2201963) | Splunk | The Microsoft Defender for Endpoint Add-on allows Splunk users to ingest all of the alerts and supporting information to their Splunk.|

+| [ArcSight](https://go.microsoft.com/fwlink/?linkid=2202142)| Micro Focus | ArcSight allows multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management. |

+| [Elastic Security](https://go.microsoft.com/fwlink/?linkid=2201772) | Elastic| Elastic Security combines SIEM threat detection features with endpoint prevention and response capabilities in one solution. |

+| [IBM Security QRadar SIEM](https://go.microsoft.com/fwlink/?linkid=2201876) | IBM| IBM Security QRadar SIEM enables centralized visibility and intelligent security analytics to detect, investigate and respond to your critical cybersecurity threats. |

+| [AttackIQ Platform](https://go.microsoft.com/fwlink/?linkid=2201971)| AttackIQ | AttackIQ Platform validates whether MDE is configured properly by launching continuous attacks safely on production assets.|

+### Security orchestration, automation, and response (SOAR)

+| Product name | Vendor | Description |

+| - | - | - |

+| [Microsoft Sentinel](https://go.microsoft.com/fwlink/?linkid=2201962)| Microsoft| Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. |

+| [ArcSight](https://go.microsoft.com/fwlink/?linkid=2202142)| Micro Focus  | ArcSight provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management. |

+| [Splunk SOAR](https://go.microsoft.com/fwlink/?linkid=2201773) | Splunk | Splunk SOAR orchestrates workflows and automates tasks in seconds to work smarter and respond faster. |

+| [Security Incident Response](https://go.microsoft.com/fwlink/?linkid=2201874)| ServiceNow | The ServiceNow® Security Incident Response application tracks the progress of security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post-incident review, knowledge base article creation, and closure.|

+| [Swimlane](https://go.microsoft.com/fwlink/?linkid=2202140)| Swimlane Inc | Automates your incident response capabilities with Swimlane (SOAR) and Microsoft Defender.  |

+| [InsightConnect](https://go.microsoft.com/fwlink/?linkid=2201877)  | Rapid7 | InsightConnect provides security orchestration, automation and response solution that accelerates incident response and vulnerability management processes. |

+| [Demisto, a Palo Alto Networks Company](https://go.microsoft.com/fwlink/?linkid=2201777) | Palo Alto Networks | Demisto integrates with Microsoft Defender for Endpoint to enable security teams to orchestrate and automate endpoint security monitoring, enrichment and response. |

+### Breach and attack simulation (BAS)

+| Product name | Vendor| Description|

+| --| -- | -- |

+| [SafeBreach](https://go.microsoft.com/fwlink/?linkid=2201775)| SafeBreach| SafeBreach continuously executes attacks, correlates results to help visualize security gaps, and leverages contextual insights to highlight remediation efforts. With its Hacker’s Playbook™, the industry’s most extensive collection of attack data enabled by state-of-the-art threat intelligence research, SafeBreach empowers organizations to get proactive about security with a simple approach that replaces hope with data.  |

+| [Extended Security Posture Management (XSPM)](https://go.microsoft.com/fwlink/?linkid=2201771) | Cymulate| Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture.  |

+| [Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2201967) | SkyBox| Develops a vulnerability program strategy that accurately analyzes exposure risk across hybrid attack surface and prioritize the remediation. |

+| [Attack Path Management](https://go.microsoft.com/fwlink/?linkid=2201774)| XM Cyber| Attack Path Management is a hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk.  |

+| [Better Mobile Security Platform](https://go.microsoft.com/fwlink/?linkid=2202043) | Better Mobile Security Inc. | Provides solution for Threat, Phishing and Privacy Protection and Simulation. |

+### Threat intelligence

+| Product name | Vendor | Description|

+| - | - | |

+| [ArcSight](https://go.microsoft.com/fwlink/?linkid=2202142)| Micro Focus  | Provides multiple analytics capabilities for correlation, search, UEBA, enhanced and automated response, and log management.  |

+| [MineMeld](https://go.microsoft.com/fwlink/?linkid=2202044)| Palo Alto Networks | Enriches your endpoint protection by extending Autofocus and other threat feeds to Microsoft Defender for Endpoint using MineMeld. |

+| [MISP (Malware Information Sharing Platform)](https://go.microsoft.com/fwlink/?linkid=2202247) | MISP | Integrates threat indicators from the Open Source Threat Intelligence Sharing Platform into your Microsoft Defender for Endpoint environment. |

+| [ThreatConnect](https://go.microsoft.com/fwlink/?linkid=2202246) | ThreatConnect| Alerts and/or blocks on custom threat intelligence from ThreatConnect Playbooks using Microsoft Defender for Endpoint indicators.|

+### Network security/ DNS security

+| Product name | Vendor | Description|

+| | - | - |

+| [Aruba ClearPass Policy Manager](https://go.microsoft.com/fwlink/?linkid=2201878)| Aruba, a Hewlett Packard Enterprise company  | Network Access Control applies consistent policies and granular security controls to wired and wireless networks |

+| [Vectra Network Detection and Response (NDR)](https://go.microsoft.com/fwlink/?linkid=2201969) | Vectra | Vectra applies AI & security research to detect and respond to cyber-attacks in real time. |

+| [Blue Hexagon for Network](https://go.microsoft.com/fwlink/?linkid=2201780)| Blue Hexagon | Blue Hexagon has built the industry's first real-time deep learning platform for network threat protection.|

+| [CyberMDX](https://go.microsoft.com/fwlink/?linkid=2201880)| CyberMDX | Cyber MDX integrates comprehensive healthcare assets visibility, threat prevention and repose into your Microsoft Defender for Endpoint environment. |

+| [HYAS Protect](https://www.hyas.com/hyas-protect) | HYAS | HYAS Protect utilizes authoritative knowledge of attacker infrastructure to proactively protect MDE endpoints from cyber attacks. |

+| [Better Mobile Security Platform](https://go.microsoft.com/fwlink/?linkid=2202043) | Better Mobile Security Inc.| Provides solution for Threat, Phishing and Privacy Protection and Simulation. |

+| [Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2201965) | Skybox security| Global security posture management leader with solutions for vulnerability management and network security policy management.  |

+| [Open NDR](https://go.microsoft.com/fwlink/?linkid=2201964)| Corelight| Augment device inventory in Microsoft 365 Defender with network evidence for complete visibility.  |

+### Identity security

+| Product name| Vendor | Description|

+| - | | - |

+| [Illusive Platform](https://go.microsoft.com/fwlink/?linkid=2201778)  | Illusive Networks  | Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls.  |

+| [Silverfort](https://go.microsoft.com/fwlink/?linkid=2201873) | Silverfort | Enforces Azure AD Conditional Access and MFA across any user system and environment on-prem and in the cloud.  |

+### Cross platform

+| Product name | Vendor | Description |

+| - | - | |

+| [Corrata Mobile Security](https://go.microsoft.com/fwlink/?linkid=2201879) | Corrata | Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks and data loss. |

+| [Better Mobile Security Platform](https://go.microsoft.com/fwlink/?linkid=2202043)  | Better Mobile Security Inc. | Provides solution for Threat, Phishing and Privacy Protection and Simulation.|

+| [Zimperium Mobile Threat Defense](https://go.microsoft.com/fwlink/?linkid=2202141)  | Zimperuim | Extends your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense. |

+| [Bitdefender](https://go.microsoft.com/fwlink/?linkid=2201968)  | Bitdefender  | Bitdefender GravityZone is a layered next generation endpoint protection platform offering comprehensive protection against the full spectrum of sophisticated cyber threats. |

+### Business cloud applications

+| Product name | Vendor | Description|

+| - | | --|

+| [Atlassian](https://go.microsoft.com/fwlink/?linkid=2202039)| Atlassian | Atlassian provides collaboration, development, and issue tracking software for teams. |

+| [Azure](https://go.microsoft.com/fwlink/?linkid=2202040) | Microsoft | Microsoft Azure provides tools and services to help you reach and scale to a global audience with cloud gaming services. |

+| [AWS](https://go.microsoft.com/fwlink/?linkid=2202041)| Amazon | Amazon Web Services provides information technology infrastructure services to businesses in the form of web services. |

+| [Box](https://go.microsoft.com/fwlink/?linkid=2202042)| Box | Box is an online file sharing and cloud content management service offering unlimited storage, custom branding, and administrative controls. |

+| [DocuSign](https://go.microsoft.com/fwlink/?linkid=2201767) | DocuSign| DocuSign is an Electronic Signature and Agreement Cloud enabling employees to securely send, sign and manage agreements. |

+| [Dropbox](https://go.microsoft.com/fwlink/?linkid=2202139) | Dropbox| Dropbox is a smart workspace company that provides secure file sharing, collaboration, and storage solutions. |

+| [Egnyte](https://go.microsoft.com/fwlink/?linkid=2201956) | Egnyte | Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization. |

+| [GITHUB](https://go.microsoft.com/fwlink/?linkid=2201957) | Microsoft | GitHub is a code hosting platform for collaboration and version control. It allows developers to work together on their projects right from planning and coding to shipping the software. |

+| [Google Workspace](https://go.microsoft.com/fwlink/?linkid=2201958)| Alphabet| Google Workspace plans provide a custom email for your business and includes collaboration tools like Gmail, Calendar, Meet, Chat, Drive, Docs, Sheets, Slides, Forms, Sites, and more. |

+| [Google Cloud Platform](https://go.microsoft.com/fwlink/?linkid=2202244) | Alphabet| Google Cloud Platform is a set of modular cloud-based services that allows you to create anything from simple websites to complex applications.|

+| [NetDocuments](https://go.microsoft.com/fwlink/?linkid=2201768) | NetDocuments | NetDocuments enables businesses of all sizes to create, secure, manage, access, and collaborate on documents and email anywhere, anytime. |

+| [Office 365](https://go.microsoft.com/fwlink/?linkid=2201959) | Microsoft | Microsoft Office 365 is a subscription-based online office and software services suite, which offers access to various services and software built around the Microsoft Office platform. |

+| [OKTA](https://go.microsoft.com/fwlink/?linkid=2201867)| OKTA | Okta is a management platform that secures critical resources from cloud to ground for workforce and customers. |

+| [OneLogin](https://go.microsoft.com/fwlink/?linkid=2201868) | OneLogin| OneLogin is a cloud identity and access management solution that enables enterprises to secure all apps for their users on all devices. |

+| [Salesforce](https://go.microsoft.com/fwlink/?linkid=2201869) | Salesforce | Salesforce is a global cloud computing company that offers customer relationship management (CRM) software & cloud computing for businesses of all sizes. |

+| [ServiceNow](https://go.microsoft.com/fwlink/?linkid=2201769) | ServiceNow | ServiceNow provides cloud-based solutions that define, structure, manage, and automate services for enterprise operations. |

+| [Slack](https://go.microsoft.com/fwlink/?linkid=2201870) | Slack| Slack is an enterprise software platform that allows teams and businesses of all sizes to communicate effectively. |

+| [SmartSheet](https://go.microsoft.com/fwlink/?linkid=2201871) | SmartSheet | Smartsheet is a cloud-based work management platform that empowers collaboration, drives better decision making, and accelerates innovation. |

+| [Webex](https://go.microsoft.com/fwlink/?linkid=2201872) | Cisco| Webex, a Cisco company, provides on-demand applications for businesses to conduct web conferencing, telework and application remote control. |

+| [Workday](https://go.microsoft.com/fwlink/?linkid=2201960) | Workday| Workday offers enterprise-level software solutions for human resource and financial management.|

+| [Zendesk](https://go.microsoft.com/fwlink/?linkid=2201961) | Zendesk| Zendesk is a customer service platform that develops software to empower organization and customer relationships.|

+### Threat and vulnerability management

+| Product name| Vendor | Description |

+| | -- | -- |

+| [Attack Path Management](https://go.microsoft.com/fwlink/?linkid=2201774) | XM Cyber| Hybrid cloud security company providing attack path management changing the ways organizations approach cyber risk.  |

+| [Corrata Mobile Security](https://go.microsoft.com/fwlink/?linkid=2201879) | Corrata | Corrata is an immune system for mobile devices and tablets that detects & protects mobile devices from the full spectrum of security threats like phishing, malware, man-in-the-middle attacks and data loss.  |

+| [Zimperium Mobile Threat Defense](https://go.microsoft.com/fwlink/?linkid=2202141)  | Zimperuim| Extend your Microsoft Defender for Endpoint to iOS and Android with Machine Learning-based Mobile Threat Defense.  |

+| [RiskAnalyzer](https://go.microsoft.com/fwlink/?linkid=2202245)   | DeepSurface Security  | DeepSurface RiskAnalyzer helps quickly and efficiently discover, analyze and prioritize cybersecurity risk  |

+| [Vulnerability Control](https://go.microsoft.com/fwlink/?linkid=2201965)| Skybox security| Global security posture management leader with solutions for vulnerability management and network security policy management.  |

+| [Vulcan Cyber risk management platform](https://go.microsoft.com/fwlink/?linkid=2201770)  | Vulcan Cyber  | Vulcan Cyber gives you the tools to effectively manage the vulnerability and risk lifecycle for all your cyber assets, including application, cloud, and infrastructure.  |

+| [Extended Security Posture Management (XSPM)](https://go.microsoft.com/fwlink/?linkid=2201771) | Cymulate| Cymulate's Extended Security Posture Management enables companies to challenge, assess, and optimize their cybersecurity posture. |

+| [Illusive Platform](https://go.microsoft.com/fwlink/?linkid=2201778)  | Illusive Networks  | Illusive continuously discovers and automatically remediates identity vulnerabilities, and it detects attacks using deceptive controls. |

+### Secure service edge

+| Product name | Vendor | Description |

+| | - | |

+| [Zscaler Internet Access](https://go.microsoft.com/fwlink/?linkid=2201779)  | Zscaler | Zscaler Internet Access is a cloud native security service edge (SSE) solution that builds on a decade of secure web gateway leadership. Offered as a scalable SaaS platform from the world’s largest security cloud, it replaces legacy network security solutions to stop advanced attacks and prevent data loss with a comprehensive zero trust approach. |

+### Additional integrations

+| Product name | Vendor | Description |

+| - | | -- |

+| [Morphisec](https://go.microsoft.com/fwlink/?linkid=2201966) | Morphisec | Provides Moving Target Defense-powered advanced threat prevention and integrates forensics data directly into WD Security Center dashboards to help prioritize alerts, determine device at-risk score and visualize full attack timeline including internal memory information. |

+| [THOR Cloud](https://go.microsoft.com/fwlink/?linkid=2201875) | Nextron systems | Provides on-demand live forensics scans using a signature base focused on persistent threats.  |

+## Recommended content

+- [Connect apps to get visibility and control | Microsoft Docs](/defender-cloud-apps/enable-instant-visibility-protection-and-governance-actions-for-your-apps)

+- [Partner applications in Microsoft Defender for Endpoint | Microsoft Docs](partner-applications.md)

+ Get-AtpPolicyForO365 | Format-List BlockUrls

+ Title: "Microsoft Defender for Office 365 trial user guide"

+description: "Microsoft Defender for Office 365 solutions trial user guide."

+# Trial user guide: Microsoft Defender for Office 365

+Welcome to the Microsoft Defender for Office 365 trial user guide! This user guide will help you make the most of your free trial by teaching you how to safeguard your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.

+## What is Defender for Office 365?

+Defender for Office 365 helps organizations secure their enterprise by offering a comprehensive slate of capabilities including threat protection policies, reports, threat investigation and response capabilities and automated investigation and response capabilities.

+In addition to the detection of advanced threats, the following video shows how the SecOps capabilities of Defender for Office 365 can help your team respond to threats:

+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RWMmIe]

+### Audit mode vs. blocking mode for Defender for Office 365

+Do you want your Defender for Office 365 experience to be active or passive? These are the two modes that you can select from:

+- **Audit mode**: Special *evaluation policies* are created for anti-phishing (which includes impersonation protection), Safe Attachments, and Safe Links. These evaluation policies are configured to *detect* threats only. Defender for Office 365 detects harmful messages for reporting, but the messages aren't acted upon (for example, detected messages aren't quarantined). The settings of these evaluation policies are described in the [Policies in audit mode](try-microsoft-defender-for-office-365.md#policies-in-audit-mode) section later in this article.

+ Audit mode provides access to customized reports for threats detected by Defender for Office 365 on the **Evaluation mode** page at <https://security.microsoft.com/atpEvaluation>.

+- **Blocking mode**: The Standard template for [preset security policies](preset-security-policies.md) is turned on and used for the trial, and the users you specify to include in the trial are added to the Standard preset security policy. Defender for Office 365 *detects* and *takes action on* harmful messages (for example, detected messages are quarantined).

+ The default and recommended selection is to scope these Defender for Office 365 policies to all users in the organization. But during or after the setup of your trial, you can change the policy assignment to specific users, groups, or email domains in the Microsoft 365 Defender portal or in [Policy settings associated with Defender for Office 365 trials](try-microsoft-defender-for-office-365.md#policy-settings-associated-with-defender-for-office-365-trials)

+ Blocking mode does not provide customized reports for threats detected by Defender for Office 365. Instead, the information is available in the regular reports and investigation features of Defender for Office 365 Plan 2.

+A key factor in audit mode vs. blocking mode is how email is delivered to your Microsoft 365 organization:

+- Mail from the internet flows directly Microsoft 365, but your current subscription has only [Exchange Online Protection (EOP)](exchange-online-protection-overview.md) or [Defender for Office 365 Plan 1](overview.md#microsoft-defender-for-office-365-plan-1-vs-plan-2-cheat-sheet).

+ 

+ In these environments, you can select **audit mode** or **blocking mode**.

+- You're currently using a third-party service or device for email protection of your Microsoft 365 mailboxes. Mail from the internet flows through the protection service before delivery into your Microsoft 365 organization. Microsoft 365 protection is as low as possible (it's never completely off; for example, malware protection is always enforced).

+ 

+ In these environments, you can select **audit mode** only. You don't need to change your mail flow (MX records).

+- [Learn more](automated-investigation-response-office.md) about investigation user guides.

+> If a Whiteboard is stored in OneDrive and already attached to a meeting, it cannot be initiated on a Surface Hub or Microsoft Teams Rooms device. An authenticated user on another device will need to do so. We plan to enable this functionality in a future release.

+[Network requirements for Microsoft Defender of Cloud Apps](/defender-cloud-apps/network-requirements)