Microsoft Declares 'General Availability' of Threat Experts Security Service

Microsoft announced this week that part of its new threat-hunting service for organizations has reached the "general availability" (GA) commercial release stage.

The new Microsoft Threat Experts service has two elements: "targeted attack notifications" and "experts on demand." The targeted attack notifications part reached the GA stage, while the experts-on-demand part is still at preview. GA signifies that Microsoft considers the service to be ready for use in production environments.

Targeted attack notifications are alerts that are sent by Microsoft about critical threats found in an organization's network. The notifications deliver information about a critical threat's "timeline, scope of breach and methods."

Oddly, the ability of organizations to ask personnel with expertise about these critical threats -- the experts-on-demand part of Microsoft's service -- is still at the limited preview stage. Here's how this Microsoft document explained it:

The Microsoft Threat Experts' experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved.

Organizations wanting the Microsoft Threat Experts service apparently get it via a subscription to the Windows Defender Advanced Threat Protection (ATP) service. Windows Defender ATP is a "post-breach detection, automated investigation and response" service that went GA back in 2016 for Windows 10, although Microsoft recently extended it to support Windows 7 and Windows 8.1 clients.

Windows Defender ATP is available via the top-tier Microsoft 365 E5 subscription plan. Back in March, Microsoft changed the name of Windows Defender ATP to "Microsoft Defender ATP" because it added support for Mac clients (at the preview stage), alongside Windows clients. However, Microsoft's documentation still generally uses the older Windows Defender ATP descriptor.

Even though Microsoft Threat Experts was declared as being at the GA stage (or half of it, at least), licensing details seem murky. Possibly, a Microsoft Premier technical support contract needs to be established -- at least to use the experts-on-demand aspect of the service. That idea is suggested in this Microsoft document as follows:

To experience the full Microsoft Threat Experts preview capability in Windows Defender ATP, you need to have a Premier customer service and support account. However, you will not be charged for the Experts-on-demand service during the preview.

The Microsoft Premier contract requirement wasn't described. However, the experts-on-demand aspect of the service does allow organizations to connect with a Microsoft response team in certain cases, apparently at Microsoft's discretion, according to the document:

Microsoft Threat Experts is a managed cybersecurity hunting service and not an incident response service. However, the experts can seamlessly transition the investigation to Microsoft Cybersecurity Solutions Group (CSG)'s Detection and Response Team (DART) services, when necessary. You can also opt to engage with your own incident response team to address issues that require an incident response.  

Microsoft had originally unveiled Microsoft Threat Experts back in February prior to the 2019 RSA Conference. The service is aimed for use by the security operations centers of organizations, offering a combination of machine learning and artificial intelligence to deliver threat detection alerts, as well as access to security personnel for interpretation of the threat data.

"Experts provide the insights our customers need to get additional clarification on alerts," explained Ann Johnson, corporate vice president for cybersecurity solutions at Microsoft, back then about the experts-on-demand element of the service.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Microsoft Uniting OneDrive and SharePoint Admin Portals Next Month

    Microsoft is converging its OneDrive and SharePoint Admin Center management portals, with a consolidated portal expected to arrive for Microsoft 365 subscribers "through February."

  • Phishing Tops Concerns in Microsoft Study of Remote Work

    Potential phishing attacks were a top concern of most IT security professionals when organizations switched to remote-work conditions early last year.

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

comments powered by Disqus