Businesses of all sizes are increasingly reliant on productivity tools like Microsoft 365 — and attackers are using this to their advantage.
Business email compromise and account takeover attacks are prevalent, with adversaries accessing M365 environments using techniques that may evade detection by technology alone.
Organizations need 24/7 visibility and a fully staffed security operations center (SOC) to effectively defend against such attacks — which is a major challenge for many resource-constrained businesses.
Sophos MDR provides the people, processes, and technology to detect, investigate, and effectively respond to threats targeting Microsoft 365.
Our turnkey integrations and proprietary detection rules identified and thwarted almost 5,000 attacks on our customers’ Microsoft 365 environments last quarter alone.
We continually innovate and enhance Sophos MDR to extend and fortify your defenses. And now, the service is getting even stronger with the introduction of new response capabilities.
New analyst response actions for Microsoft 365
The ability to respond quickly to a cyber incident is crucial — the faster the attack can be detected, contained, and neutralized, the less damage the attacker can inflict.
This includes minimizing financial losses, reputational damage, and disruptions to business operations. A swift response can help prevent further data breaches and limit the exposure of sensitive information.
When an attack is detected in your Microsoft 365 environment, Sophos MDR analysts can now execute a range of response actions on your behalf — rapidly containing the threat and freeing up your team to focus on your business.
Microsoft 365 response actions now available
Block/enable user sign-in
Sophos MDR analysts can lock down a user’s account to prevent an adversary from accessing Microsoft 365 services and Azure resources using stolen credentials. Following clean-up, access to the user’s account can be restored in seconds.
Terminate current user sessions
By immediately revoking all currently active sessions for a specific user, Sophos MDR analysts can quickly eject an attacker who has already gained access to an account and remove their ability to reuse any stolen session tokens.
Disable suspicious inbox rules
Attackers routinely set up inbox rules in Microsoft 365 for business email compromise attacks in order to move, obfuscate, or delete emails that could otherwise alert the user. Sophos MDR analysts can disable specific inbox rules to regain control.
Easy setup and flexible response modes
The Sophos MDR service is customizable to meet your needs, with different service tiers and threat response modes. We can execute full-scale incident response on your behalf or collaborate with you to manage security incidents with detailed threat notifications and guidance.
The new response capabilities for Microsoft 365 are included with all Sophos MDR service tiers at no additional cost and enabled through a simple setup wizard in the Sophos Central cloud management console.
Choice of threat response modes
Sophos MDR lets you control how our team will interact with you when a cyber incident requires a response. Simply select your preferred threat response mode based on your organization’s needs and desires:
- “Authorize” mode: Our experts perform threat response on your behalf without your active involvement — and notify you of the actions taken. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will immediately execute those actions when needed to provide the most efficient response.
- “Collaborate” mode: Our experts conduct investigations, but do not perform response actions without your prior consent or active involvement. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will execute those actions on your behalf — once consent has been obtained. You can also choose to allow Sophos MDR to operate in “Authorize” mode if we are unable to reach you for consent.
The most robust MDR service for Microsoft environments
Sophos MDR services protect over 30,000 organizations worldwide – more than any other MDR service provider. In Gartner’s 2024 Voice of the Customer Report for Managed Detection and Response Services, Sophos once again had the highest number of reviews among all vendors and scored a 4.9/5.0 rating based on customer reviews.
Many of these businesses have also invested in Microsoft tools, leveraging Sophos MDR to defend against sophisticated attacks that technology alone can’t stop.
Get greater ROI from your Microsoft investment today with Sophos MDR:
Microsoft Certified experts
Extend your team with Microsoft Certified Security Operations Analysts specializing in detecting and responding to cyberattacks using custom Microsoft response playbooks.
Microsoft-specific threat detections
Sophos uses proprietary threat detection rules and world-class intelligence to identify and stop threats that could bypass Microsoft security solutions. We can accurately identify suspicious inbox rules, unauthorized user access patterns, and more.
NEW Analyst response actions for Microsoft 365
Sophos MDR analysts can now execute a range of additional response actions on your behalf, enabling rapid containment of threats with no action required by you. Disable user sign-in, terminate active user sessions, and more.
Comprehensive support for Microsoft solutions
Included at no additional cost, our turnkey integrations support a broad range of Microsoft solutions. Data from Microsoft 365, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and more, is collected, analyzed, correlated, and prioritized.
To learn more about Sophos MDR and how it can strengthen your Microsoft defenses, visit our website or speak with a security expert.
Gartner, Voice of the Customer for Managed Detection and Response, Peer Contributors, 28 November 2024.
GARTNER is a registered trademark and service mark, and the GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge and PEER INSIGHTS are trademarks and service marks, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.
