Skip to main content

Microsoft Threat Experts Is an On-Demand Security Team

Starting today, all Microsoft Defender ATP customers also have on-demand access to advice from Microsoft’s security experts, whether merely conducting a security investigation or under attack. Microsoft first previewed the new enterprise-targeting managed threat hunting service, called Microsoft Threat Experts, in February.

(Image credit: Shutterstock)

Microsoft claimed that its on-demand Threat Experts can also monitor an organization’s security overtime and know when a company may use some insecure software defaults, for instance, that could lead to compromise by malicious actors. 

The Threat Experts can be engaged from within the Microsoft Defender Security Center. Microsoft now offers a free 90-day trial to new Microsoft Defender ATP customers, which includes the Microsoft Threat Experts service.

Not all security issues can be solved with machine learning or other security techniques. Often, Microsoft's customers require personalized security advice, especially if it's a business under a sophisticated attack and its internal security team can’t manage the attack internally.

What Do Microsoft Threat Experts Do?

In announcing the new service, Microsoft pointed to a customer that was first notified by an automated target attack notification via Microsoft Defender ATP. The customer notified Microsoft about the attack. Microsoft experts were able to prevent the attack and improve the customer’s security infrastructure.

The attacker had implemented a malicious file onto a computer inside the customer’s network. Microsoft Threat Experts, who were already monitoring the customer’s network for attacks, sent the customer an attack notification and provided additional information about the incident.

Microsoft Threat experts also recommended a full investigation of the infected machine and for the customer’s security team to search the rest of the network for potentially related suspicious activities. Microsoft’s on-demand experts then verified that there were no signs of second-stage malware or further compromise.