New analyst response actions for Microsoft 365<\/strong><\/h2>\nThe ability to respond quickly to a cyber incident is crucial \u2014\u00a0the faster the attack can be detected, contained, and neutralized, the less damage the attacker can inflict. Now, when an attack is detected in a customer\u2019s Microsoft 365 environment, Sophos MDR analysts can execute a range of additional response actions, rapidly containing the threat and freeing up time for you and the customer.<\/p>\n
Microsoft 365 response actions now available<\/strong><\/p>\n\n\n\n![](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/gear.png\")
<\/td>\nBlock \/ enable user sign-in<\/strong>
\nSophos MDR analysts can lock down a user\u2019s account to prevent an adversary from accessing Microsoft 365 services and Azure resources using stolen credentials. Following clean-up, access to the user\u2019s account can be restored in seconds.<\/td>\n<\/tr>\n\n<\/td>\n Terminate current user sessions<\/strong>
\nBy immediately revoking all currently active sessions for a specific user, Sophos MDR analysts can quickly eject an attacker who has already gained access to an account and remove their ability to reuse any stolen session tokens.\u00a0<\/strong><\/td>\n<\/tr>\n\n<\/td>\n Disable suspicious inbox rules<\/strong>
\nAttackers routinely set up inbox rules in Microsoft 365 for business email compromise attacks in order to move, obfuscate, or delete emails that could otherwise alert the user. Sophos MDR analysts can disable specific inbox rules to regain control.\u00a0<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n
Easy setup in Sophos Central<\/strong><\/h2>\nThe new response capabilities for Microsoft 365 are included with all Sophos MDR service tiers at no additional cost and can be enabled in minutes by activating a new integration in Sophos Central.<\/p>\n
Threat response modes<\/strong><\/p>\nSophos provide the flexibility for your customers, and Sophos MSPs, to choose how our MDR team will interact with them when a cyber incident requires a response, by selecting their preferred threat response mode:<\/p>\n
\n- \u201cAuthorize\u201d mode:<\/strong>\u00a0Our experts perform threat response without prior consent or active involvement from the customer or MSP. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will immediately execute those actions when needed, to provide the most efficient response.<\/li>\n
- \u201cCollaborate\u201d mode:<\/strong>\u00a0Our experts conduct investigations, but do not take response actions without prior consent or active involvement from the customer or MSP. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will execute those actions only once consent has been obtained. Customers and MSPs can also choose to allow Sophos MDR to operate in \u201cAuthorize\u201d mode if we are unable to reach them for consent.<\/li>\n<\/ul>\n
<\/p>\n
The most robust MDR service for Microsoft environments<\/strong><\/h2>\nSophos MDR services protect over 30,000 organizations \u2013 more than any other MDR service provider in the world. In Gartner\u2019s 2024 Voice of the Customer Report for Managed Detection and Response Services, Sophos once again had the highest number of reviews among all vendors and scored a 4.9\/5.0 rating based on customer reviews.<\/p>\n
Many of these businesses have also invested in Microsoft tools, leveraging Sophos MDR to defend against sophisticated attacks that technology alone can\u2019t stop.<\/p>\n
| <\/td>\n | Block \/ enable user sign-in<\/strong> \nSophos MDR analysts can lock down a user\u2019s account to prevent an adversary from accessing Microsoft 365 services and Azure resources using stolen credentials. Following clean-up, access to the user\u2019s account can be restored in seconds.<\/td>\n<\/tr>\n <\/td>\nTerminate current user sessions<\/strong> | \nBy immediately revoking all currently active sessions for a specific user, Sophos MDR analysts can quickly eject an attacker who has already gained access to an account and remove their ability to reuse any stolen session tokens.\u00a0<\/strong><\/td>\n<\/tr>\n <\/td>\nDisable suspicious inbox rules<\/strong> | \nAttackers routinely set up inbox rules in Microsoft 365 for business email compromise attacks in order to move, obfuscate, or delete emails that could otherwise alert the user. Sophos MDR analysts can disable specific inbox rules to regain control.\u00a0<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n <\/p>\n Easy setup in Sophos Central<\/strong><\/h2>\nSophos provide the flexibility for your customers, and Sophos MSPs, to choose how our MDR team will interact with them when a cyber incident requires a response, by selecting their preferred threat response mode:<\/p>\n
|
![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/microsoft-certified-expert-badge.png\"){kind=icon}
<\/td>\n![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/shield.png\")
<\/td>\n![\"\"](\"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2025\/05\/microsoft.png\")
<\/td>\n