Security

Defender Experts Adds Threat Intelligence and MDR

3 min read

Summary

Microsoft has launched Defender Experts Threat Intelligence and expanded Defender Experts MDR with third-party and multi-cloud coverage powered by Microsoft Sentinel. The update helps security teams turn threat intelligence into action faster by combining expert-led guidance, unified Defender portal workflows, and broader cross-platform incident response.

Need help with Security?Talk to an Expert

Microsoft expands Defender Experts for faster security action

Introduction

Microsoft is expanding its managed security offerings to help organizations close the gap between seeing a threat and acting on it. For IT and security teams dealing with high alert volumes, fragmented tooling, and multi-cloud environments, these updates are designed to deliver more context, less noise, and faster response.

What’s new

New: Microsoft Defender Experts Threat Intelligence

Microsoft announced Defender Experts Threat Intelligence, a new expert-delivered service that provides tailored, actionable threat intelligence instead of raw feeds or static reports.

Key capabilities include:

  • Early-warning alerts on emerging campaigns relevant to your organization
  • Campaign-evolution updates as attacks develop
  • Intelligence tailored to your industry, geography, and environment
  • Recurring briefings from designated Microsoft experts
  • Guidance for both technical teams and executive stakeholders

The goal is to help organizations reduce risk before an attack reaches their environment.

Microsoft Defender Threat Intelligence now integrated into Defender

Microsoft also said that Microsoft Defender Threat Intelligence (MDTI) capabilities are now fully integrated into the Defender portal.

This means defenders can access threat intelligence across:

  • Detection
  • Investigation
  • Response
  • Hunting
  • Automation

By bringing intelligence directly into daily SecOps workflows, Microsoft aims to reduce context switching and speed up decision-making.

Defender Experts MDR expands to third-party and multi-cloud

Microsoft is also expanding Defender Experts MDR with new third-party and multi-cloud coverage, powered by Microsoft Sentinel.

Highlights include:

  • 24/7 monitoring and investigation by Microsoft experts
  • Correlation across Microsoft and non-Microsoft security signals
  • Cross-platform incident narratives with vendor-aware guidance
  • Recommendations for detection tuning, integrations, and Sentinel content management
  • Business-focused summaries of risks, posture gaps, and improvements

Microsoft noted that the new coverage is available in Defender Experts MDR Plan 2, while existing Defender Experts for XDR capabilities continue as Plan 1.

Why this matters for administrators

For security operations teams, the biggest benefit is broader visibility with expert-led interpretation. Organizations using mixed security stacks or operating across cloud, identity, endpoint, email, and network tools may now get more unified incident handling without relying solely on Microsoft-native telemetry.

The Defender portal integration is also important for analysts who want intelligence embedded directly into investigations instead of switching between separate tools.

Next steps

Security leaders and administrators should:

  • Review whether current SOC workflows would benefit from expert-led threat intelligence briefings
  • Evaluate Defender Experts MDR Plan 2 if you use third-party security tools or multi-cloud environments
  • Assess Microsoft Sentinel readiness for broader data integration and response workflows
  • Train analysts on the new MDTI experience in the Defender portal

These changes show Microsoft is pushing toward a more unified, human-led managed defense model that combines platform telemetry with expert action.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Defender ExpertsMicrosoft Sentinelthreat intelligenceMDRMicrosoft Defender

Related Posts

Security

Salesforce OAuth Abuse: Microsoft Guidance on ShinyHunters

Microsoft detailed how threat activity associated with ShinyHunters abused trusted OAuth relationships in Salesforce to gain persistent access, exfiltrate CRM data, and evade traditional sign-in detections. The company also announced improved Salesforce telemetry and near-real-time detection in Defender for Cloud Apps, giving security teams better visibility into connected apps, OAuth scopes, and suspicious SaaS activity.

Security

Microsoft Entra ID Passkeys Default Rollout Dates

Microsoft will make passkeys the default authentication experience in Entra ID starting September 1, 2026, automatically prompting users currently using SMS or voice MFA to register a passkey. The change matters because Microsoft-provided SMS and voice authentication will be retired on February 1, 2027, pushing organizations toward phishing-resistant authentication and requiring admins to plan migrations now.

Security

Microsoft Secure Future Initiative July 2026 Update

Microsoft’s July 2026 Secure Future Initiative progress report highlights major security gains across identity, cloud resource isolation, vulnerability remediation, and AI-driven defense. The update matters to IT and security teams because it pairs measurable hardening progress with practical guidance on phishing-resistant MFA, secure defaults, composite attack paths, and post-quantum readiness.

Security

GigaWiper Malware: Microsoft Details Destructive Backdoor

Microsoft Threat Intelligence has published a deep analysis of GigaWiper, a Golang-based backdoor that combines command-and-control features with multiple destructive payloads, including disk wiping, fake ransomware, and system sabotage. The research matters because it shows attackers consolidating several malware families into a single modular implant, increasing flexibility while reducing deployment footprint.

Security

Microsoft SFI AI Hardens Cloud Security at Scale

Microsoft detailed an internal multi-agent AI system built under its Secure Future Initiative (SFI) to proactively evaluate and harden live cloud services. The approach speeds up deep security analysis from weeks to hours by correlating code, identity, network, configuration, and runtime signals to uncover composite risks that single-tool reviews can miss.

Security

Cloud Security Posture Management Trends for 2026

Frost & Sullivan’s 2025 Frost Radar shows cloud security posture management is shifting from periodic compliance checks to continuous, risk-based governance within CNAPP platforms. For IT and security teams, the key takeaway is clear: prioritize tools that unify posture, identity, workload, and data signals to reduce risk faster across multicloud environments.