Microsoft has announced the launch of Microsoft Defender Experts Threat Intelligence, a service designed to provide organizations with curated, expert-led insights into emerging cyber threats. This offering aims to bridge the gap between raw data feeds and actionable security measures by providing context tailored to a company's specific industry, geography, and technical environment. By leveraging Microsoft’s visibility across endpoints, identity, and cloud workloads, the service provides early-warning alerts and ongoing briefings to help security teams proactively adjust their defensive strategies.
The new service is intended to help organizations identify and mitigate risks before a campaign reaches their infrastructure. Designated experts translate global threat data into prioritized guidance, allowing leadership and technical teams to share a common understanding of the threat landscape. As attacker tactics and infrastructure evolve, these experts continuously refine their recommendations, providing updates that assist in hardening systems and improving response activities. This approach shifts the focus from post-incident analysis to preventative measures.
In addition to the new intelligence service, Microsoft is expanding its Microsoft Defender Experts MDR offering, previously known as Microsoft Defender Experts for XDR. This managed detection and response service now includes support for third-party and multi-cloud environments, powered by Microsoft Sentinel. By integrating signals from non-Microsoft sources across email, network, identity, and cloud platforms, the service aims to provide a unified incident narrative that follows threats as they traverse disparate security tools and domains.
The expanded MDR service provides 24/7 monitoring and investigation, with experts distilling high-volume telemetry into prioritized incidents. This is designed to reduce analyst fatigue and accelerate response times by correlating signals across a broader range of environments. Customers also receive ongoing operational guidance, including recommendations for detection tuning and data integration, to optimize their security operations and strengthen overall outcomes.
Furthermore, Microsoft has integrated its Microsoft Defender Threat Intelligence capabilities directly into the Defender portal. This convergence allows security teams to access intelligence in real-time across detection, investigation, and hunting workflows. By embedding these insights into a unified SecOps experience, the company aims to reduce the need for context switching and enable faster transitions from signal detection to decisive action.
