Mandiant Stories

Mandiant Managed Defense Now Supports Microsoft Defender for Endpoint

Marshall Heilman
May 03, 2021
3 min read
|   Last update Nov 08, 2023

Last September, Mandiant announced a collaboration with Microsoft to combat cyber attacks and threat actors. This collaboration represented our membership in the Microsoft Intelligence Security Association (MISA) and previewed our plan to extend Managed Defense to support Microsoft Defender for Endpoint. This integration combines Defender’s telemetry with Managed Defense’s expertise, powerful analytical capabilities, and industry-leading threat intelligence.

Today, we are pleased to announce that Mandiant Managed Defense for Defender for Endpoint is now available to our joint customers.

Threat Intelligence

In joining the Mandiant community, Defender for Endpoint customers benefit from nation-grade threat intelligence to identify and respond to the most impactful events. Customers will receive the expertise of our investigators to triage incidents, working with our Managed Defense Consultants to eradicate threats from their environments. The service also includes proactive threat hunting from our team of experts who are proficient in identifying unknown threats inside customer environments. Customers also gain advanced access to Mandiant Advantage, an industry-leading source of cyber threat intelligence. Finally, customers benefit from proactive security recommendations the Managed Defense Consultants provide based on our experience from the front lines (including all of the activity that does not get reported publicly!).

Adding support for Defender for Endpoint means better security outcomes and leverage of existing spend for Mandiant customers. Defender telemetry expands our visibility, providing widespread insight into today’s attackers. It also enhances security for Defender customers who can now benefit from Mandiant’s frontline visibility, threat research, and decades of investigation and response experience. We demonstrated our efficiency as a global Managed Detection and Response (MDR) provider in late 2020 during the SolarWinds Orion (SVR, according to the U.S. government) incident. As soon as our analysts and threat hunters identified SUNBURST, we worked to mitigate the impact of the backdoor across our customer base, performing triage and incident response as necessary around the globe in a compressed timeframe. Additionally, Managed Defense, and now Microsoft, customers benefit from up-to-the-minute cutting-edge detections deployed across the Managed Defense customer base.


In addition to live detection and response, Mandiant investigative findings quickly make their way into the workflows of the Managed Defense Proactive Hunting team. Pivoting on techniques observed “in the wild” and world-class threat intelligence, our hunting team brings their expertise to our customers using Defender for Endpoint. Defender allows our threat hunters to conduct threat hunts across the available Windows environment in seconds. With the accessibility of this data, Managed Defense can quickly test new threat hunting methodologies and validate the results.

Managed Defense threat hunting is transparent to our customers. Our hunts are mapped to MITRE’s ATT&CK Framework, allowing our customers to see exactly what we are hunting for and the threat actors associated with various techniques. We provide links to intelligence articles in Mandiant Advantage describing the actors and techniques we’re hunting for to ensure customers can learn more about threats we have observed and why they’re impactful.

The Journey Ahead

We are constantly improving our service to deliver more value for our customers. Integrating Microsoft Defender for Endpoint is just one step in expanding our data points and telemetry. All customers benefit from increased visibility and threat awareness, as we work together to detect and prevent even the most advanced attacks.

Today marks a step in a new direction for Managed Defense in providing direct support for third-party endpoint products, consistent with our security-controls agnostic approach. We look forward to the journey ahead.