Scope of Service includes Technologies managed: Microsoft Sentinel SIEM • Platform Design • Platform Build • Full Platform Management • Ingestion of high value log sources • Deployment of in-house developed advanced detection use cases Microsoft Defender XDR • Defender for Endpoint • Platform configuration and management. • Ingestion of Alerts into Managed XDR service • Leverage for response actions on endpoints. Microsoft Defender XDR – Defender for Identity • Platform configuration and management. • Ingestion of AD, AD FS, and Domain Controller related Alerts into Managed XDR service Microsoft Defender XDR – Defender for Office 365 • Platform configuration and management. • Ingestion of Office 365 related Alerts into Managed XDR service Microsoft Defender XDR – Defender for Cloud Apps • Platform configuration and management. • Ingestion of Cloud Apps related Alerts into Managed XDR service and leverage Microsoft Entra ID Protection (formerly Azure Active Directory Identity Protection) • Ingestion of Entra ID identity-related Alerts into Managed XDR service Microsoft Defender for Cloud • Ingestion of Defender for Cloud (Azure infrastructure) related Alerts into Managed XDR service Active Directory (AD) and Entra ID (Formerly Azure Active Directory) • Integration into Managed XDR service for Identity-based response actions Managed Detection and Response Service Features: Full Design, Build & Platform Management of in-scope platforms (see above) ✔ Alert ingestion from in-scope sources (see above) ✔ 24x7x365 fully staffed Service ✔ SOAR Powered ✔ Implementation of standard use cases + Continuous Evolution of Use Cases in Service ✔ Incident, Change and Problem Management ✔ Threat Intelligence Integration ✔ Automatic Alert enrichment ✔ Ongoing Alert tuning ✔ Customer Portal Access Incl. dashboard view of Service KPI’s ✔ Monthly Reporting ✔ 24x7 Security Alert Triage & Investigation ✔ Incident Notification and Reporting ✔ Incident Collaboration ✔ Response and Containment Features - Elective rules of engagement per use case ✔ - Defender for Endpoint integration for response containment actions ✔ - Active Directory Identity integration for response and containment actions ✔ - Entra ID (formerly Azure Active Directory) Identity integration for response and containment actions ✔ - Major Incident Response Retainer included as standard ✔ Suitable for organisations wishing to have a partner to get the most out of their Microsoft security investment, reduce their risk, and have round the clock vigilance around threat detection and response. Address the key challenges of 1. Reducing risk in the face of diverse and changing cyber threats 2. Addressing the cyber skills shortage and challenges in building and retaining Microsoft skills 3. Protecting the evolving complexity of the modern enterprise attack surface 4. Leveraging Microsoft license investments and consolidating security vendor sprawl with a consolidated best in class platform approach