Microsoft is expanding the functionality offered through Defender, its threat detection software that is a core element of the recently launched Agent 365 AI control plane, with new services for identifying and rooting out threats as well as designated security engineers to build resilient defensive strategies.
The new Microsoft Defender Experts Suite adds managed extended detection and response (MXDR), proactive and reactive incident response, and access to designated Microsoft security advisors that promises to benefit customers using Defender itself as well as the Agent 365 platform for managing their expanding AI agent estates.
The company says the new services — powered by automation and agentic AI — help customers defend against threats, increase cyber resilience, and modernize security operations (SecOps). Below, I break down the services comprising the Defender Experts Suite.
Threat Defense and Response
Microsoft Defender Experts for XDR delivers MXDR through a security analyst team that investigates, triages, and responds to incidents across endpoints, identities, and cloud workloads with the goal of reducing alert fatigue and improving efficiency of the security operations center (SOC).
Defender Experts for XDR includes Microsoft Defender Experts for Hunting, which proactively searches across domains to uncover emerging cyberthreats quickly and efficiently, before they escalate.
Customers have a designated security engineer who provides ongoing recommendations to strengthen their security posture and advise how to act on recommendations as their environment evolves. They can also connect with Microsoft experts on demand to review specific incidents, attack vectors, or newly emerging cyberthreats and their sources.
AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.
Building Cyber Resilience
Microsoft Incident Response offers proactive and reactive services that help organizations prevent, manage through, and recover quickly after cyber incidents occur. Backed by Microsoft threat intelligence, proprietary investigation tools, and engagement with product engineers, Microsoft Incident Response strengthens security posture and resilience.
Proactive services — such as incident response planning, assessments, and simulation exercises — enhance readiness, improve response capabilities, and provide tailored insights on current cyberthreats. Assessment services identify gaps, vulnerabilities, and risks in customers’ environments, which the security advisor will help address for increased resilience.
When an incident does occur, Microsoft Incident Response investigates, removes the cyberattacker, and works to accelerate recovery with speed and precision.
Modernizing SecOps
Microsoft Enhanced Designated Engineering provides direct access to Microsoft security advisors who partner with customers to strengthen security posture and SecOps maturity.
These experts ensure Microsoft security technologies are configured for optimal security outcomes and Defender workloads are deployed securely, supported by ongoing assessments and continuous improvement. They also collaborate with security teams to modernize processes and apply Microsoft best practices, along with the latest threat intelligence, as cyberthreats evolve.
Concluding Thoughts
Agent 365, incorporating Microsoft Defender as part of an AI control plane, was one of the top strategic directions — and deliverables — from the recent Ignite conference.
With this addition of engineering services and technology, Microsoft is equipping the large base of customers using agents in pilot or production mode with defenses that will raise their level of confidence in deploying and using AI. That’s a noteworthy advance in Defender and in both the proactive and reactive security tooling that’s building up around Microsoft’s AI ecosystem.
Ask Cloud Wars AI Agent about this analysis
