Managed Detection and Response (MDR) for Microsoft | Redscan
Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.

Overview

Unlock the full power of your Microsoft technology

In partnership with Kroll Responder MDR, Microsoft’s email, cloud and endpoint technology provides an outcomes-driven solution to reduce cyber risk by identifying and stopping threat actors before they lead to costly damage. Kroll Responder managed detection and response for Microsoft provides enriched telemetry, frontline threat intelligence and complete response capabilities to enable you to maximise your native endpoint and cloud technology.

Kroll Responder MDR enhances Microsoft’s technology by applying frontline threat intelligence from thousands of cyber incidents handled by our investigators every year, enabling deeper and more effective threat hunting across your organisation’s mailboxes, networks and endpoints.

Microsoft partnership

Microsoft and Kroll: the perfect partnership

After four decades of global threat investigations and over 3,000 incidents handled every year, we know a strategic response is the best way to successfully mitigate any incident.

Kroll Responder MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) to deliver enhanced visibility and rapidly shut down cyber threats. Kroll Responder simplifies your cyber security telemetry to draw out meaningful and actionable data and rapidly detect and close cyber events.

Benefits

MDR for Microsoft Security benefits

Full coverage

Kroll takes telemetry from Microsoft Sentinel and Microsoft Defender for Endpoint to identify, close and neutralise threats, working with your security teams for remediation activity.

Unified telemetry

Kroll Responder MDR utilises critical telemetry, along with any third-party EDR, network, cloud, and SaaS providers, to deliver enhanced visibility and shut down cyber threats.

Enriched threat intelligence

Kroll’s wide range of cyber functions, such as detection engineering, malware analysis, threat intelligence and incidence response, keeps your teams better informed.

Actionable intelligence

Using custom rules combined with Kroll’s centralised intelligence network, derived from front-line observations, ensures a swift reduction in the impact of a security incident.

Find out more

Get in touch

Packages

Microsoft MDR: Product Overview

Package Outcomes Platform Coverage
Responder for MS 365 • Unified alerting and reporting of O365 security controls
• Monitoring of sensitive SharePoint and OneDrive files
• Monitoring for account misuse or unauthorized access
• Reduction in risk for BEC type compromises
• 24x7 threat monitoring, triage, investigation and response
• Integration of Kroll’s applied threat intelligence		 Microsoft Defender for 365
Microsoft Defender for Identity
Microsoft Azure Active Directory
Responder for MS Endpoint • Containment and remediation of infected endpoint(s)
• Prevention and isolation of malicious files and processes
• Identification of persistence and eviction of the adversary
• Major incident report, root cause analysis for major incidents
• 24x7 threat monitoring, triage, investigation, remediation
• 24x7 remote digital forensics and incident response (DFIR)
• Integration of Kroll’s applied threat intelligence
• Robust account management		 Microsoft Defender for Endpoint
Responder for MS Cloud Networks • Centralized log collection and long-term log storage
• Visibility into IaaS, PaaS and SaaS workloads
• Coverage across Azure and hybrid cloud environments
• Advanced correlation rules and behavioural analytics
• Identity and access monitoring across Azure AD
• Proactive threat hunting and intelligence enrichment
• 24x7 threat monitoring, triage, investigation and response
• Advanced correlation rules and behavioural analytics
• Proactive threat hunting
• Integration of Kroll’s applied threat intelligence		 Microsoft Defender for Cloud
Microsoft Log Analytics
Microsoft Sentinel IaaS, PaaS, SaaS
On-Premise, hybrid and cloud environments

What our customers say

4.7/5 - based on 99 Reviews
“Redscan staff are always on hand to provide swift, clear advice. They help us keep a constant eye on our network and respond quickly to incidents to ensure systems remain operational.”
IT Director
Private Healthcare Provider
“Redscan’s security experts work hand in hand with our in-house team, providing us with the insights we need to identify and eliminate threats across our environment 24/7.
IT Security & Infrastructure Director
“Thanks to Redscan, we’re in an infinitely better place now. We have got more visibility than we ever had, and critically, in all the right places. I can now sleep easy knowing that Redscan’s expertise is protecting our business.”
Head of Technology & Cybersecurity
Housebuilding Company
“With so much organisational change, this is a time of incredible pressure on our small team. Partnering with Redscan is making it easier for us to address the security challenges of business consolidation.”
Head of IT Security
Global Plastics Manufacturer
“I can offer a higher level of assurance at board level about our information security now. Redscan gives us a broader lens on a complex and changing environment.”
IT Director
Global Asset Manager
“We now know we’ve got eyes on our critical assets and that those events are being looked at, scrutinised, triaged and qualified as legitimate or false positives. That is night and day in contrast with where we were before our relationship with Redscan.”
Head of Technology & Cybersecurity
Housebuilding Company
"Redscan's cost effective service gives us peace of mind that we are doing all we can to protect our clients, our business, our staff, our counterparties and other partners."
Head of IT Infrastructure
Asset Management Firm
“Faster incident alerting enables us to better understand what is going on in our network and react more quickly. From an advice side of things, it’s great to be able to talk to knowledgeable people and discuss solutions to help mitigate our security risks.”
Head of IT Security
Global Plastics Manufacturer
“With Redscan, we are able to understand and quickly identify any threats. Redscan’s support gives us the freedom to feel more secure and be more productive.”  
Head of IT
Global Shipping Company
“By working in partnership with Redscan, we have significantly improved our operational resilience.”  
Head of Cyber Security
Specialist bank
“Thanks to Redscan we now have a solution that gives us the ability to monitor, isolate and eliminate threats across our IT infrastructure.”
Head of IT
Private Hospital
“The personal approach is something I noticed from my first engagement with Redscan and it is still true today. We have 30 locations worldwide and it is valuable to have a third party being proactive in identifying potential security issues.”
Head of IT
Global Shipping Company
“Services like these are few and far between.”
Head of IT Infrastructure
Asset Management Firm
“I value the fact that Redscan aggregates insight about the cyber-attacks it sees on other customers and retrospectively applies it to other organisations, so we all benefit from that knowledge.”  
Head of Cyber Security
Specialist bank
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director
Global Asset Manager
93%
net promoter score for MDR services
94%
satisfaction with threat detection
92%
satisfaction with speed of response

Microsoft MDR FAQs

Frequently asked questions

What is MDR?

Managed Detection and Response is a specialist type of security service designed to help organisations rapidly detect and respond to cyber threats across their network and endpoints. MDR services adopt a fully turnkey approach – providing the people, technology and intelligence as part of one overall service.

How does Kroll MDR work in conjunction with Microsoft?

Kroll Responder Microsoft MDR unifies your security telemetry across the Microsoft ecosystem (as well as third-party endpoint detection and response (EDR), network, cloud and SaaS providers) in order to draw out meaningful and actionable data to deliver enhanced visibility and rapidly shut down cyber threats.

What are the benefits of this approach to MDR?

Kroll Responder MDR for Microsoft helps businesses to achieve more from their investment in native endpoint and cloud technology. It provides them with enhanced threat visibility in one single view and comprehensive response capabilities. This approach also keeps your security team more up to date and better prepared to respond to potential security threats.

Which Microsoft technology does Kroll Responder work with?

Kroll Responder MDR for Microsoft Security is available in three packages: Responder for MS O365, Responder for MS Endpoint and Responder for MS Cloud Networks. Specific features, outcomes and coverage will vary according to your choice of package. For more insight into the different options, view the Product Overview table above.

What are the security outcomes of Kroll Responder Microsoft MDR?

Security outcomes of Kroll Responder for MS O365 include unified alerting and reporting or O365 security controls, and a reduction in risk for BEC-type compromises, while the outcomes of Responder for MS Endpoint include the identification of persistence mechanisms and eviction of the adversary and 24×7 threat monitoring, with triage, investigation, analysis and remediation. Outcomes for Responder for MS Cloud Networks include proactive human-led threat hunting and threat intelligence enrichment and 24×7 threat monitoring, with triage, investigation, analysis and response. View the table above for details of all outcomes for the three different options.

Meet some of our MDR team

Juliette Hudson
“All of the SOC team undergo rigorous training to enable us to provide the best support and advice to our customers. Each of us loves what we do, which means we go the extra mile with every activity, from helping to tackle malware to forensic analysis.”    
Juliette
SOC Team Lead
Jack Akehurst
“Being technology-agnostic, we’re not limited by just one set technology stack. We use the best tools to deliver the optimum threat coverage and visibility for your business and integrate them seamlessly through our CyberOps platform.”
Jack
Lead Security Integration Engineer
George - Redscan team
“Staying on top of the latest threats is a constant challenge for organisations, but as your cyber security partner, we never take our eye off the ball.  We use the latest open source threat intelligence to proactively hunt out threats to make sure you’re protected today and tomorrow.”
George
Head of Threat Intelligence
Josh
“To safeguard your business, you need to have confidence that a cyber security provider is putting your needs first. At Kroll, we give your organisation the attention it deserves. We work closely with you to support your security strategy over the long-term.”
Josh
Team Lead, Technical Account Management

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
AI threat to rise in 2025, warns Google Cloud researchers
According to researchers at Google Cloud, the threat posed by AI will accelerate in 2025, with new sophisticated uses emerging.  
CISA warns manufacturers about critical software vulnerabilities in industrial devices
The US Cybersecurity and Infrastructure Security Agency (CISA) has advised manufacturers to apply mitigations after a number of key industrial control systems were found to be vulnerable to cyber-attacks.  
Government sector sees 236% rise in malware attacks
New research has shown that the government sector is increasingly being targeted with malware, with a significant rise in attempted attacks in the first three months of 2024.  
AI-powered attacks flooding retail websites
A new analysis has shown that retail websites were hit by over half a million AI-driven attacks per day in one six-month period alone. Types of threats included bots, distributed denial of service (DDoS) attacks and business logic abuse.