
-
Get a Demo Get a Demo
-
24X7 Hotline 24X7 Hotline


Kroll Responder for Office 365
Immediately elevate your Office 365 security with 24x7 monitoring, analysis, and automated response using Kroll Responder for Office 365. Detect and respond to threats targeting email, Sharepoint, and third-party plugins leveraging frontline threat intelligence.
Get a Demo
The move from on-premise email to the cloud-based Office 365 suite has expanded the attack surface to all its related applications and third-party plugins, resulting in a surge of targeted cyber attacks targeting businesses across all industries.
Responder for Office 365 accelerates detection and response to threats targeting your email and identities such as business email compromises, phishing attacks, misuse of privileged accounts or unauthorized access and sensitive files stored online.
Unlock the full power of your Microsoft technology investments, layering the expertise of the Kroll Responder team to quickly identify threats.

Rapid Threat Detection of Office 365-related Threats | Automated Investigation and Containment | Frontline Intelligence Driving Faster Detection of Email-Based Threats |
---|---|---|
Merging Kroll SOC expertise with the power of Microsoft Defender for Office 365 technology provides 24x7 detection of validated email-based cyber threats, including phishing attacks, business email compromises, misuse of privileged accounts or unauthorized access and sensitive files stored online. |
Our playbooks ensure faster identification and mitigation of threats before they impact your business by automating response actions including revoking user session, deleting mailbox rule and disabling user. |
Real-time intelligence on the business risks posed to portfolio companies that could cause reputational, financial, operational or physical harm. |
Merging Kroll SOC expertise with the power of Microsoft Defender for Office 365 technology provides 24x7 detection of validated email-based cyber threats, including phishing attacks, business email compromises, misuse of privileged accounts or unauthorized access and sensitive files stored online.
Our playbooks ensure faster identification and mitigation of threats before they impact your business by automating response actions including revoking user session, deleting mailbox rule and disabling user.
Real-time intelligence on the business risks posed to portfolio companies that could cause reputational, financial, operational or physical harm.
Kroll Responder for Office 365 Overview
What’s Included
24x7 Monitoring and Analysis of Rich Telemetry
24x7 monitoring, analysis of alerts from Defender of Office 365 as well as Office 365 Unified Audit Logs and Azure AD Audit Logs.
High Fidelity Detection With OOTB & Custom Use Cases
Reduce false positives with custom detection use cases from Kroll threat intelligence incident response cases in addition to out-of-the-box use cases.
Automated Response and Remediation Guidance
Automated response actions including revoking user session, deleting mailbox rule and deleting user.
Unified Threat Management Portal
Access to the Redscan portal to view alerts actions taken by our SOC team.
Threat Intelligence
Out-of-Band Threat Notifications and Weekly Threat Intelligence report to stay on top of the changing threat landscape.
Customer Support
Access to a Pool of support resources when you need them, supplemented by a quarterly service review.
Powered by Redscan – Our Unified Threat Management Platform

Redscan ingests all alerts from Microsoft Defender for Office 365 as well as relevant telemetry from Office 365 Management Activity, Azure AD logs and Graph API logs.

Contextualization and Enrichment

Redscan provides contextual information about validated alerts once they’ve been triaged and investigated by our analysts along with threat intelligence IOCs enrichment, actions taken by our global SOC team and actionable remediation guidance.

Responder MDR Covers the Entire Microsoft Portfolio
The Kroll Responder Advantage



Why Responder MDR for Microsoft?
- Faster Detection of Indicators Across the Attack Lifecycle
By correlating telemetry across the Microsoft Defender suite and layering our threat detection, hunting, and forensic-led incident response expertise, our experts can quickly identify and piece together each step of an attack. - Applied Frontline Intelligence
We ingest and apply frontline threat intelligence from 3000+ cyber incidents handled by our team every year to build and optimize detections in near real-time. - DFIR Expertise at No Extra Cost
We go beyond just containing a threat. We quickly determine root cause and remotely remediate across all affected systems. - $1m Incident Protection Warranty
Covering the costs related to a range of potential cyber incidents, including ransomware, BEC, compliance and regulatory failures, as well as business income loss.
Explore Our Microsoft MDR Solutions
Kroll Responder integrates with the full Microsoft 365 Defender and Defender for Cloud suite of security products including Defender for Endpoint, Defender for Office 365, Azure AD Identity Protection, Defender for Identity, Defender for Cloud Apps, Defender for Cloud and third-party technology sources.
ServicesStay Ahead With Kroll
Kroll Responder MDR
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll Responder MDR for Microsoft Security
Kroll Responder managed detection and response for Microsoft delivers enriched telemetry, frontline threat intelligence and Complete Response capabilities to maximize the value of your native endpoint and cloud technology.
24x7 Incident Response
Enlist experienced responders to handle the entire security incident lifecycle.
Penetration Testing Services
Validate your cyber defenses against real-world threats. Kroll’s world-class penetration testing services bring together front-line threat intelligence, thousands of hours of cyber security assessments completed each year and a team of certified cyber experts — the foundation for our sophisticated and scalable approach.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Business Email Compromise (BEC) Response and Investigation
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
Malware and Advanced Persistent Threat Detection
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.