Microsoft Defender: New Threat Hunting Services


August 15, 2022

Nicholas McCourtAccording to its announcement last year, Microsoft is going in big on cybersecurity, to the tune of $50 billion in new investments over the next five years. Now we’re starting to see some significant new products coming out of that investment. Most notably, the amping up of Microsoft Defender, the company’s centralized threat hunting products on their platforms, is now managed for your company by Microsoft engineers.

This announcement is big news for a few reasons. First, it shows that significant platform companies commit to integrating enterprise-grade cybersecurity products into their productivity platforms. And second, it proves that they’re willing to hire engineers that will manage threat hunting affordably for companies with small and medium-sized businesses (SMBs) with less than 300 employees.


Microsoft Defender: Part of a Growing Market

It’s important to mention that Microsoft is hardly the only player in this space. Other major companies like Artic Wolf and CrowdStrike have been offering similar “concierge security” services for years, also priced at a per-user level that’s doable for most small or medium-sized businesses.

What’s significant here is not necessarily the increase in competition. It is the commitment to cybersecurity consolidation Microsoft is showing. Microsoft joined a cadre of tech firms last year, pledging to help fill 500,000 cybersecurity jobs in the U.S. alone. Rest assured, many of those jobs will create customer and MSP-facing cybersecurity experts who can help mitigate threats from Microsoft headquarters.

What Microsoft does, other tech companies are sure to follow. Whenever there’s that much investment and movement around cybersecurity, it’s great for business. It means that in the future, we’ll likely see similar investments from other platform companies and app developers, and we’ll be able to stitch together security capabilities from more sources. It’s a whole new level of choice in the market.

So, what kinds of services can you expect from Microsoft Defender? Let’s take a closer look.

Microsoft’s New Cybersecurity Offerings: Breaking It Down

Microsoft’s new lineup of security products centralizes the management of security monitoring at Microsoft and much of the mitigation, too, so clients can take a more global view of their security posture. The company also has partner programs that will manage platform security in concert with a managed service IT provider if your company is working with one.

Specifically, Microsoft has announced it has:

  • Launched Microsoft Defender Threat Hunting Services, which uses a complex web of AI and Microsoft experts to flag issues in subscriber devices, as well as systems running the Office 365 Productivity platform, Microsoft cloud applications, and identity programs. This program is available as an upgraded feature for current customers with the Microsoft Business Premium service or as a standalone program for $3 per user per month.


  • Built out Microsoft Defender Experts for XDR (Extended Detection Response), which offers everything Defender does, but with more advanced data, reporting, and management tools, as well as a cadre of Microsoft engineers who stand by to help companies act on and mitigate threats. By the time you make tweaks and additions to this program, it usually costs an added $10 to $14 a month for the service per user.


As of March 1st, Microsoft made Defender for Business available to its Microsoft 365 Business Premium customers, with MSP partners able to manage it through its Lighthouse platform.

Microsoft touts its money and time-saving benefits. I agree with them in most circumstances. If most of your business runs in the Microsoft/Azure universe, Microsoft Defender can help you eliminate the need for using multiple-point solutions.


Microsoft Defender:  What Can You Expect?

Clients who are using the new defender system can expect a lot of cybersecurity bells and whistles for their money, including:

  • Cybersecurity protection for all your favorite collaboration tools like Microsoft Teams and Microsoft Office
  • Defender for Office 365, which protects your company email against phishing and other cyber threats
  • Microsoft Intune, which helps you provide security around managing your company devices
  • Azure AD Premium Plan 1 for Identity protection and secure remote access
  • Azure Information protection for sensitive data
  • Microsoft Exchange Online Archiving
  • Cross Platform Endpoint Protection (EDR) for Windows, macOS, iOS, and Android
  • Automated Investigation and Remediation
  • Phishing protection
  • Microsoft Intune for managing devices
  • AD plans for identity protection and remote access
  • Azure information protection
  • DLP for data protection
  • Microsoft Exchange Online Archiving
  • Cross-Platform Endpoint Protection for Windows, MacOS, iOS, and Android
  • Endpoint Detection Response
  • Automated Remediation and Investigation

And with the advanced packages, you also benefit from engineering oversight.

Clearly, there’s a lot to be excited about here. Microsoft has bundled a lot of functionality into this system. It’s tight, it’s consolidated, and it’s all on one platform. This is an excellent option if you’re a company with most of your business in the Microsoft universe.

But, as excited as security experts are about these new capabilities, they’re also quick to point out it’s not always the best choice for everyone. Here’s how our CISOs are weighing the options.

Is Microsoft Defender the Right Option for Your Business?

Like many MSPs, Integris has a deep relationship with Microsoft, setting up at least some part of Microsoft’s product platform for nearly every client we have. After all, we’re a Microsoft Gold Partner—a commitment that’s a part of the “premium” MSP service we offer.

But when choosing the right cyber-defense tools for our clients, our team evaluates what’s best for all your platforms and networks. We weigh several factors, including:

  • Whether you’ve already covered these bases—Are you already using another service that covers EDR, XDR, SIEM, and device management?
  • Whether you have cybersecurity coverage needs that fall outside the parameters of what Microsoft offers—If you have extensive properties running outside Microsoft/Azure, you may need to invest in the cybersecurity monitoring systems that can cover them all.
  • Whether going with Microsoft’s new system is a better deal—If you’ve cobbled together several different products and platforms, there’s a chance Microsoft’s bundled service might offer better coverage for less.
  • The quality of the monitoring and how the reporting platform will work with your existing systems—Microsoft offers an MSP/client-facing portal called Lighthouse that allows you to see and manage your Microsoft Defender cybersecurity efforts from one dashboard. How will you be able to handle this with any other service dashboards you operate? How will your staff or MSP use it for reporting? Are there any areas where this system will clash with your legacy cybersecurity systems?


Should My Small Company Get Microsoft Defender Products?

Whether or not you should get Microsoft Defender depends on a few factors, including:

–how you want to manage your threat mitigation

–whether you have systems that would fall outside the Microsoft architecture

–Your budget

–Your compliance load

Microsoft Defender has the makings of a great product. We’re very excited to see what it will bring as it continues to grow. But you and your MSP view the shift from all sides. Making platform switches always have unintended consequences. Sometimes the best choice might be Microsoft, and sometimes, it might be a competitor.


Microsoft Defender: The Future of Bundled Cybersecurity?

When Microsoft speaks, the industry listens. So, the company’s investment in cybersecurity will likely herald a sea-change in how companies think about security overall.

The big players in cybersecurity have invested big. Still, they have private equity companies, which doubled their investment in developing cybersecurity companies to the tune of $25 billion just last year. The race is on to find new tech and ways to consolidate companies’ cybersecurity functions.


Why We Expect Microsoft Defender Style Services to Be the New Norm

It would be easy to think that all the investment in cybersecurity is explicitly driven by the rise in cyberattacks and the pressure from global governments to tackle crime on the internet. But in reality, the landscape is far more complex than this. Market factors have created a perfect storm that’s driving the move to security consolidation, including:

  • A global shortage of employees in the cybersecurity industry leads the industry to look for new ways to consolidate and improve productivity at the platform level.
  • The increase in cloud adoption, up to 90 percent in all industries, according to a recent report, that’s now driving the need for more streamlined cloud-based security options.
  • Cloud fear that consolidated, cloud-based platforms could become a vector for cyber theft in light of massive incidents like the Kaseya breach.
  • A fragmented tech market, with thousands of companies coming up with thousands of solutions.


The implications of these market forces will impact the behavior of the big tech players for years to come. But I’m still enthusiastic about the potential of these products.

In the past, software-as-a-service companies only had to offer the product, usually without considering how their service would be secured. After all, cybersecurity was always something that other companies did. It was an add-on. But not anymore. The pressure’s on to create not just the best products, but the safest, most resilient, and easiest to monitor products, too. And that’s a win for everyone.

Want to learn more? Check out our podcast on this subject.

Nick McCourt is a vCISO, CISSP at Integris.

Keep reading

vCIO vs. vCISO: What’s The Difference? 

vCIO vs. vCISO: What’s The Difference? 

Managing your IT operations is a big job, especially if you're a small or mid-sized company without the resources to hire a full internal IT staff. In these cases, most companies hire a managed IT service provider to fill the gaps. Yet, knowing who to hire and what...

Retainers for vCIOs and vCISOs: A Comprehensive Guide

Retainers for vCIOs and vCISOs: A Comprehensive Guide

If you're running an IT department at a small to mid-size company, you know— the demands on your infrastructure are greater than ever. Cyber threats are growing at an alarming pace, primarily fueled by the accessibility of AI to hackers. Cloud productivity, system...