Microsoft Security Experts: Enhancing Your SOC with Managed XDR and Incident Response

Hosted by Microsoft Events, this Ignite 2025 session features Brian Hooper and Andrew Rapp discussing how Microsoft Security Experts support SOCs with managed XDR, real-world threat intelligence, and incident response strategies.

Microsoft Security Experts: Enhancing Your SOC with Managed XDR and Incident Response

Speakers: Brian Hooper, Andrew Rapp
Event: Microsoft Ignite 2025 (BRK236)

Overview

This Microsoft Ignite session demonstrates how Microsoft Security Experts act as a force multiplier for Security Operations Centers (SOCs). The presentation walks through the latest managed detection and response offering (Defender Experts for XDR), proactive incident response, and collaboration between Microsoft’s threat analysts and customers.

Session Highlights

• Preventing Breaches Before They Become Headlines
  Discussion on the necessity of having expert allies to help prevent and detect cyber attacks.
• Launch of the Managed XDR Service - Defender Experts for XDR
  Introduction to Microsoft’s managed extended detection and response solution for advanced threat management.
• Customer Engagement Models
  Overview of ‘Experts on Demand,’ collaborative support, and real-world outcomes from customer engagements.
• Microsoft’s Broader Threat Insights
  Exploration of how Microsoft’s global visibility adds value to SOC operations, including a detailed study of exposure scenarios.
• Case Studies
  • SharePoint Vulnerability Response: Coordinated incident handling and mitigation in response to high-profile vulnerabilities.
  • Ransomware Containment & Recovery: Example of rapid detection, intelligence-driven response, and recovery using Microsoft’s threat intelligence.
• Introduction to Microsoft DART (Detection and Response Team)
  Insights into the DART team’s role, service offerings, and integration with managed SOC services.
• Proactive Services with DART
  • Incident response readiness
  • Assessment services
  • Integrated support for real-time and post-incident scenarios
• Collaboration Between Threat Hunting and Incident Response
  Explanation of how Microsoft’s internal teams work with customers to improve security postures.

Additional Resources

• Building Resilient Security - Ignite Resource
• Microsoft Ignite On-Demand Sessions

Key Takeaways

• Partnering with Microsoft Security Experts provides access to managed detection, response, and proactive incident services.
• Real-world case studies underscore the value of threat intelligence in responding to active threats like ransomware and vulnerability exploits.
• Integrating SOC operations with Microsoft’s tools and experts can reduce exposure and improve reaction times.