Preemptive MDR for your Microsoft Ecosystem

The service is delivered through a combination of our global, follow-the-sun security operations center (SOC), cybersecurity advisors, and Rapid7’s SIEM technology which ingests and correlates security data from Microsoft Defender, the Rapid7 agent, and third-party tools.

Rapid7 MDR for Microsoft delivers a defense-in-depth approach that collects and correlates Microsoft signals, native telemetry, and risk exposure context to not only detect threats, but anticipate them. It includes unlimited log ingestion and incident response, providing predictable value with no surprise data overages or costs in the unlikely event of a breach. Customers gain long-term security program growth through regular guidance from a dedicated Cybersecurity Advisor.

Rapid7 doesn’t manage Microsoft Sentinel. Rather, MDR for Microsoft is delivered through Rapid7’s own SIEM technology to which you have full access – enabling full transparency into SOC analyst activity, service outcomes, and the ability to improve your internal investigation capabilities should you choose to.

Rapid7 can monitor other non-Microsoft tools in your environment. In addition to Microsoft’s and Rapid7’s native telemetry, our MDR services can provide expert SOC monitoring of additional third-party EDR tools, identity sources, and cloud platforms for maximum visibility and protection across your environment.

If you have already elected to receive SOC coverage of your preferred Microsoft Defender event sources, enhanced MDR for Microsoft capabilities will be delivered as part of your existing service. If you are not sure about your coverage, or would like to inquire about additional coverage, please contact your account team or submit a case through your customer portal.