Sophos Managed Detection and Response Now Provides 24×7 Monitoring for Microsoft Defender

ProductsManaged Detection and Response (MDR)Managed Threat Response (MTR)

The integration with Microsoft Graph provides deeper context for detections and threat hunts

Microsoft customers are confronted with a diverse set of native security tools that come bundled with their enterprise licenses for Windows, which can create confusion on which features to use and how to manage them effectively. Due to an abundance of options and range of capabilities, many organizations need additional support to get the most value from their Microsoft investments.

Sophos Managed Detection and Response (MDR) can now provide 24×7 security monitoring, threat investigation, and response support for Microsoft security alerts. This option is available to all Sophos MDR Advanced customers at no additional cost.

Widen your threat detection net

Through the new Sophos MDR integration with Microsoft Graph Security API, threat events are correlated and evaluated in the Sophos data lake where they are then assigned a risk score. When high-risk Microsoft events are combined with Sophos detection logic, an investigation is triggered and performed by a member of the Sophos MDR team (that is to say, an expert human analyst). When a threat is confirmed, Sophos MDR will provide information on what happened with guidance on how best to respond.

In addition to monitoring and investigating the stream of Microsoft Graph Security event activity, the Sophos MDR team will use the available data to conduct proactive threat hunts for new and novel malicious behaviors.

Sophos MDR support extends across the following Microsoft Graph Security event sources:

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Cloud
  • Microsoft Defender for Identity
  • Azure Active Directory Identity Protection
  • Microsoft Defender for Cloud Apps
  • Azure Information Protection
  • Microsoft 365 (Default, Cloud Apps, Custom Alert)

Sophos MDR support for Microsoft Graph Security events further extends the enhanced threat investigation capabilities enabled through the Sophos XDR integration with Microsoft 365 in February 2022.

What can Microsoft Graph security alerts tell you?

Microsoft Graph Security alerts can help confirm a wide range of potentially malicious activity. For example, is a managed device actively participating in malware distribution? Has your managed infrastructure been compromised and hosting components for a phishing campaign? Collecting this data allows Sophos MDR analysts to investigate those indicators of compromise (IoCs) faster and neutralize confirmed threats before they can compromise your business.

How does this affect you/your customers?

Microsoft Graph Security support is available to all Sophos MDR Advanced customers at no additional cost. And it allows customers to get the most value from their Microsoft investments.

For more information about this new Sophos MDR integration, watch the SophSkills Microsoft Graph Security Integration webinar.