Kroll Responder for Office 365

Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.
Get a Demo
MDR Microsoft

The move from on-premise email to the cloud-based Office 365 suite has expanded the attack surface to all its related applications and third-party plugins, resulting in a surge of targeted cyber attacks targeting businesses across all industries.

Responder for Office 365 accelerates detection and response to threats targeting your email and identities such as business email compromises, phishing attacks, misuse of privileged accounts or unauthorized access and sensitive files stored online.

Unlock the full power of your Microsoft technology investments, layering the expertise of the Kroll Responder team to quickly identify threats.

Get a Demo

Rapid Threat Detection of Office 365-related Threats

Merging Kroll SOC expertise with the power of Microsoft Defender for Office 365 technology provides 24x7 detection of validated email-based cyber threats, including phishing attacks, business email compromises, misuse of privileged accounts or unauthorized access and sensitive files stored online.

Automated Investigation and Containment

Our playbooks ensure faster identification and mitigation of threats before they impact your business by automating response actions including revoking user session, deleting mailbox rule and disabling user.                   

Frontline Intelligence Driving Faster Detection of Email-Based Threats

Real-time intelligence on the business risks posed to portfolio companies that could cause reputational, financial, operational or physical harm. 


Kroll Responder for Office 365 Overview

Kroll Responder for Office 365

What’s Included

24x7 Monitoring and Analysis of Rich Telemetry

24x7 monitoring, analysis of alerts from Defender of Office 365 as well as Office 365 Unified Audit Logs and Azure AD Audit Logs.

High Fidelity Detection With OOTB & Custom Use Cases

Reduce false positives with custom detection use cases from Kroll threat intelligence incident response cases in addition to out-of-the-box use cases.

Automated Response and Remediation Guidance

Automated response actions including revoking user session, deleting mailbox rule and deleting user.

Unified Threat Management Portal

Access to the Redscan portal to view alerts actions taken by our SOC team.

Threat Intelligence

Out-of-Band Threat Notifications and Weekly Threat Intelligence report to stay on top of the changing threat landscape.

Customer Support

Access to a Pool of support resources when you need them, supplemented by a quarterly service review.

Powered by Redscan – Our Unified Threat Management Platform

Kroll Responder for Office 365

Redscan ingests all alerts from Microsoft Defender for Office 365 as well as relevant telemetry from Office 365 Management Activity, Azure AD logs and Graph API logs.

Contextualization and Enrichment

Kroll Responder Kroll Responder for Office 365

Redscan provides contextual information about validated alerts once they’ve been triaged and investigated by our analysts along with threat intelligence IOCs enrichment, actions taken by our global SOC team and actionable remediation guidance.


Responder MDR Covers the Entire Microsoft Portfolio

Microsoft Sentinel

The Kroll Responder Advantage

Enhanced Threat Visibility
Enhanced threat visibility
Total Visibility
Total visibility of your environment in a single view
Complete response capabilities
Complete response capabilities

Why Responder MDR for Microsoft?

Get a Customized Kroll Responder Demo

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.
  • Faster Detection of Indicators Across the Attack Lifecycle
    By correlating telemetry across the Microsoft Defender suite and layering our threat detection, hunting, and forensic-led incident response expertise, our experts can quickly identify and piece together each step of an attack.
  • Applied Frontline Intelligence
    We ingest and apply frontline threat intelligence from 3000+ cyber incidents handled by our team every year to build and optimize detections in near real-time.
  • DFIR Expertise at No Extra Cost
    We go beyond just containing a threat. We quickly determine root cause and remotely remediate across all affected systems.
  • $1m Incident Protection Warranty
    Covering the costs related to a range of potential cyber incidents, including ransomware, BEC, compliance and regulatory failures, as well as business income loss.

Explore Our Microsoft MDR Solutions

Kroll Responder integrates with the full Microsoft 365 Defender and Defender for Cloud suite of security products including Defender for Endpoint, Defender for Office 365, Azure AD Identity Protection, Defender for Identity, Defender for Cloud Apps, Defender for Cloud and third-party technology sources.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Kroll Responder MDR for Microsoft Security

Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.

Microsoft 365 Security Assessment

Fortify your defenses and maximize your technology investment with a Microsoft 365 security assessment from Kroll.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Penetration Testing Services

Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Business Email Compromise (BEC) Response and Investigation

In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.

Malware and Advanced Persistent Threat Detection

Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.