Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Content types

Products and services

Topics

Today, we announced the general availability of Microsoft Defender Experts for Hunting to support organizations and their cybersecurity employees with proactive threat hunting.

Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data. Defender Experts for Hunting is a proactive threat hunting service that goes beyond the endpoint to hunt across endpoints, Microsoft Office 365, cloud applications, and identity. Our experts will investigate anything they find, then hand off the contextual alert information along with remediation instructions so you can quickly respond. Our Defender Experts for Hunting explainer video walks you through how it works.

Capabilities include:

  • Threat hunting and analysis—Defender Experts look deeper to expose advanced threats and identify the scope and impact of malicious activity associated with human adversaries or hands-on-keyboard attacks.
  • Defender Experts Notifications—Notifications show up as incidents in Microsoft 365 Defender, helping to improve your security operations’ incident response with specific information about the scope and method of entry.
  • Experts on Demand—Click the “Ask Defender Experts” button in the Microsoft 365 Defender portal to get expert advice about threats your organization is facing. You can ask for help on a specific incident, nation-state actor, or attack vector.
  • Hunter-trained AI—Defender Experts share their learning back into the automated tools they use to improve threat discovery and prioritization.
  • Reports—An interactive report summarizing what we hunted and what we found.

Bridgewater Associates, the world’s largest hedge fund and one of Microsoft’s first customers to implement a Zero Trust framework, helped Microsoft develop Defender Experts for Hunting, contributing decades of knowledge on how to keep intellectual property and investment data secure. The firm now uses Defender Experts for Hunting to extend its security teams so they can focus on the most complex and immediate security issues. Igor Tsyganskiy, Chief Technology Officer at Bridgewater Associates, believes in working together to protect one another from threats.

“Cybersecurity is a cooperative rather than a competitive area,” he said. “It takes a village to keep us all safer…We are living in a digital world that is completely interconnected, and protecting ourselves singularly, separately from each other, is not going to work.”

More threats—not enough defenders

Modern adversaries are well-organized and possess skills and resources that can challenge even organizations without open cybersecurity roles. These adversaries are also relentless. Microsoft Security blocked more than 9.6 billion malware threats and more than 35.7 billion phishing and malicious emails in 2021. They’ve extended their attack focus from endpoints to identity, cloud apps, and email.

It’s getting harder every day for organizations to build and maintain a full security team, let alone one with the ever-expanding skillset required to meet the range of today’s security demands. Proactive threat hunting—one of the best ways to identify and respond to security threats—is time-consuming, and most security teams are too busy with alert triage and security posture improvement efforts to spend time on proactive hunting.

Additionally, organizations are struggling to recruit top security talent—more important than ever since cybercrime is expected to cost the world USD10.5 trillion a year by 2025 (a 75 percent increase from the USD6 trillion in 2021).1 With one in three security jobs in the United States unfilled, cybersecurity employees often face huge workloads once hired. As a result, the average detection of a breach has been pushed out to 287 days as the number and impact of attacks continue to grow.2

Technology alone is not enough to fight cybercrime

Many companies don’t face daily security attacks but need deep experience with threat hunting when they do, according to Tsyganskiy.  

“To manage security on its own, a company must sustain a very large and growing team,” he said. “It’s like trying to maintain your own police force. Given the low frequency of the most sophisticated attacks, this is an insane misallocation of resources 90 percent of the time.”

Microsoft is uniquely positioned to help customers meet today’s security challenges. We secure devices, identities, apps, and clouds—the fundamental fabric of our customers’ lives—with the full scale of our comprehensive multicloud, multiplatform solutions. Plus, we understand today’s security challenges because we live this fight ourselves every single day.

Now, our security expertise is your security expertise.

How Microsoft Defender Experts for Hunting works

Every day at Microsoft, threat hunters work alongside advanced systems to analyze billions of signals, looking for threats that might affect customers. Due to the sheer volume of data, we’re meticulous about surfacing threats that customers need to be notified about as quickly and accurately as possible. 

This flow diagram describes how Microsoft Defender Experts for Hunting can be split into three distinct steps. These are track, hunt, and analyze. These three steps form the basis of the service and allow Microsoft to proactively reveal the unseen threats impacting customers.

How we hunt:

  • Step 1: Microsoft Defender Experts monitor telemetry and look for malicious activity across the Microsoft 365 Defender platform associated with human adversaries or hands-on-keyboard attacks.
  • Step 2: If a threat is found to be valid, analysts conduct a deep-dive investigation, harnessing machine learning and gathering threat details, including scope and method of entry, to help protect your organization’s endpoints, email, cloud apps, and identities.
  • Step 3: Our AI system and human hunters prioritize threat signals. Defender expert notifications appear in Microsoft 365 Defender, alerting you to the threat and sharing threat details.

Get started

To start your proactive threat hunting journey with Microsoft Defender Experts for Hunting, please complete the customer interest form to request a follow-up from our field team. To learn more, visit the Defender Experts for Hunting product page, download the datasheet, or watch a short video.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

1Cybercrime To Cost The World USD10.5 Trillion Annually By 2025, Steve Morgan. November 13, 2020.

2Cost of a Data Breach Report 2021, IBM. 2021.

Microsoft Defender Experts

See Microsoft Defender Experts posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads