Maximise the value of your native Microsoft endpoint and cloud technology
Overview
Unlock the full power of your Microsoft technology
In partnership with Kroll Responder MDR, Microsoft’s email, cloud and endpoint technology provides an outcomes-driven solution to reduce cyber risk by identifying and stopping threat actors before they lead to costly damage. Kroll Responder managed detection and response for Microsoft provides enriched telemetry, frontline threat intelligence and complete response capabilities to enable you to maximise your native endpoint and cloud technology.
Kroll Responder MDR enhances Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organisation’s mailboxes, networks and endpoints.
Microsoft partnership
Microsoft and Kroll: the perfect partnership
After four decades of global threat investigations and over 3,000 incidents handled every year, we know a strategic response is the best way to successfully mitigate any incident.
Kroll Responder MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) to deliver enhanced visibility and rapidly shut down cyber threats. Kroll Responder simplifies your cyber security telemetry to draw out meaningful and actionable data and rapidly detect and close cyber events.
Benefits
MDR for Microsoft Security benefits
Full coverage
Kroll takes telemetry from Microsoft Sentinel and Microsoft Defender for Endpoint to identify, close and neutralise threats, working with your security teams for remediation activity.
Unified telemetry
Kroll Responder MDR utilises critical telemetry, along with any third-party EDR, network, cloud, and SaaS providers, to deliver enhanced visibility and shut down cyber threats.
Enriched threat intelligence
Kroll’s wide range of cyber functions, such as detection engineering, malware analysis, threat intelligence and incidence response, keeps your teams better informed.
Actionable intelligence
Using custom rules combined with Kroll’s centralised intelligence network, derived from front-line observations, ensures a swift reduction in the impact of a security incident.
Find out more
Get in touch
Packages
Microsoft MDR: Product Overview
| Package | Outcomes | Platform Coverage |
|---|---|---|
| Responder for MS 365 | • Unified alerting and reporting of O365 security controls • Monitoring of sensitive SharePoint and OneDrive files • Monitoring for account misuse or unauthorized access • Reduction in risk for BEC type compromises • 24x7 threat monitoring, triage, investigation and response • Integration of Kroll’s applied threat intelligence | Microsoft Defender for 365 Microsoft Defender for Identity Microsoft Azure Active Directory |
| Responder for MS Endpoint | • Containment and remediation of infected endpoint(s) • Prevention and isolation of malicious files and processes • Identification of persistence and eviction of the adversary • Major incident report, root cause analysis for major incidents • 24x7 threat monitoring, triage, investigation, remediation • 24x7 remote digital forensics and incident response (DFIR) • Integration of Kroll’s applied threat intelligence • Robust account management | Microsoft Defender for Endpoint |
| Responder for MS Cloud Networks | • Centralized log collection and long-term log storage • Visibility into IaaS, PaaS and SaaS workloads • Coverage across Azure and hybrid cloud environments • Advanced correlation rules and behavioural analytics • Identity and access monitoring across Azure AD • Proactive threat hunting and intelligence enrichment • 24x7 threat monitoring, triage, investigation and response • Advanced correlation rules and behavioural analytics • Proactive threat hunting • Integration of Kroll’s applied threat intelligence | Microsoft Defender for Cloud Microsoft Log Analytics Microsoft Sentinel IaaS, PaaS, SaaS On-Premise, hybrid and cloud environments |
What our customers say
4.8/5 - based on 54 Reviews
“Redscan staff are always on hand to provide swift, clear advice. They help us keep a constant eye on our network and respond quickly to incidents to ensure systems remain operational.”
IT Director
Private Healthcare Provider
“Redscan’s security experts work hand in hand with our in-house team, providing us with the insights we need to identify and eliminate threats across our environment 24/7.”
IT Security & Infrastructure Director
“Thanks to Redscan, we’re in an infinitely better place now. We have got more visibility than we ever had, and critically, in all the right places. I can now sleep easy knowing that Redscan’s expertise is protecting our business.”
Head of Technology & Cybersecurity
Housebuilding Company
“With so much organisational change, this is a time of incredible pressure on our small team. Partnering with Redscan is making it easier for us to address the security challenges of business consolidation.”
Head of IT Security
Global Plastics Manufacturer
“I can offer a higher level of assurance at board level about our information security now. Redscan gives us a broader lens on a complex and changing environment.”
IT Director
Global Asset Manager
“We now know we’ve got eyes on our critical assets and that those events are being looked at, scrutinised, triaged and qualified as legitimate or false positives. That is night and day in contrast with where we were before our relationship with Redscan.”
Head of Technology & Cybersecurity
Housebuilding Company
"Redscan's cost effective service gives us peace of mind that we are doing all we can to protect our clients, our business, our staff, our counterparties and other partners."
Head of IT Infrastructure
Asset Management Firm
“Faster incident alerting enables us to better understand what is going on in our network and react more quickly. From an advice side of things, it’s great to be able to talk to knowledgeable people and discuss solutions to help mitigate our security risks.”
Head of IT Security
Global Plastics Manufacturer
“With Redscan, we are able to understand and quickly identify any threats. Redscan’s support gives us the freedom to feel more secure and be more productive.”
Head of IT
Global Shipping Company
“By working in partnership with Redscan, we have significantly improved our operational resilience.”
Head of Cyber Security
Specialist bank
“Thanks to Redscan we now have a solution that gives us the ability to monitor, isolate and eliminate threats across our IT infrastructure.”
Head of IT
Private Hospital
“The personal approach is something I noticed from my first engagement with Redscan and it is still true today. We have 30 locations worldwide and it is valuable to have a third party being proactive in identifying potential security issues.”
Head of IT
Global Shipping Company
“Services like these are few and far between.”
Head of IT Infrastructure
Asset Management Firm
“I value the fact that Redscan aggregates insight about the cyber-attacks it sees on other customers and retrospectively applies it to other organisations, so we all benefit from that knowledge.”
Head of Cyber Security
Specialist bank
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director
Global Asset Manager
93%
net promoter score for MDR services
94%
satisfaction with threat detection
92%
satisfaction with speed of response
Microsoft MDR FAQs
Frequently asked questions
- What is MDR?
-
Managed Detection and Response is a specialist type of security service designed to help organisations rapidly detect and respond to cyber threats across their network and endpoints. MDR services adopt a fully turnkey approach – providing the people, technology and intelligence as part of one overall service.
- How does Kroll MDR work in conjunction with Microsoft?
-
Kroll Responder Microsoft MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) in order to draw out meaningful and actionable data to deliver enhanced visibility and rapidly shut down cyber threats.
- What are the benefits of this approach to MDR?
-
Kroll Responder MDR for Microsoft helps businesses to achieve more from their investment in native endpoint and cloud technology. It provides them with enhanced threat visibility in one single view and comprehensive response capabilities. This approach also keeps your security team more up to date and better prepared to respond to potential security threats.
- Which Microsoft technology does Kroll Responder work with?
-
Kroll Responder MDR for Microsoft Security is available in three packages: Responder for MS O365, Responder for MS Endpoint and Responder for MS Cloud Networks. Specific features, outcomes and coverage will vary according to your choice of package. For more insight into the different options, view the Product Overview table above.
- What are the security outcomes of Kroll Responder Microsoft MDR?
-
Security outcomes of Kroll Responder for MS O365 include unified alerting and reporting or O365 security controls, and a reduction in risk for BEC-type compromises, while the outcomes of Responder for MS Endpoint include the identification of persistence mechanisms and eviction of the adversary and 24×7 threat monitoring, with triage, investigation, analysis and remediation. Outcomes for Responder for MS Cloud Networks include proactive human-led threat hunting and threat intelligence enrichment and 24×7 threat monitoring, with triage, investigation, analysis and response. View the table above for details of all outcomes for the three different options.
Meet some of our MDR team
“All of the SOC team undergo rigorous training to enable us to provide the best support and advice to our customers. Each of us loves what we do, which means we go the extra mile with every activity, from helping to tackle malware to forensic analysis.”
Juliette
SOC Team Lead
“Being technology-agnostic, we’re not limited by just one set technology stack. We use the best tools to deliver the optimum threat coverage and visibility for your business and integrate them seamlessly through our CyberOps platform.”
Jack
Lead Security Integration Engineer
“Staying on top of the latest threats is a constant challenge for organisations, but as your cyber security partner, we never take our eye off the ball. We use the latest open source threat intelligence to proactively hunt out threats to make sure you’re protected today and tomorrow.”
George
Head of Threat Intelligence
“To safeguard your business, you need to have confidence that a cyber security provider is putting your needs first. At Kroll, we give your organisation the attention it deserves. We work closely with you to support your security strategy over the long-term.”
Josh
Team Lead, Technical Account Management
Get in touch
Complete the form for a prompt response from our team.
Resources
Discover our latest content and resources
From the blog
From the blog Case studies Latest news
IoT vulnerabilities soar, creating additional entry points for attackers
New research shows that the number of internet of things (IoT) devices that contain vulnerabilities has soared by 136% compared to a year ago. The most vulnerable types of IoT devices were wireless access points, routers, printers, voice over Internet Protocol (VoIP) and IP cameras.
Ransomware on the rise despite law enforcement takedowns
A new report shows that ransomware activity grew in 2023 compared to 2022, despite major law enforcement operations against key ransomware groups.
Advanced phishing attacks soar by 341% in six months
New research has identified a 341% increase in malicious phishing links, business email compromise (BEC), QR code and attachment-based threats in the past six months.
70% of CISOs expect cyber-attacks in the next year
New research has found that 70% of chief information security officers (CISOs) think that their businesses will be at risk of a cyber-attack in the next year.
