MDR partner · Microsoft Defender XDR

MDR on Microsoft Defender XDR: native protection on M365.

The Fortgale European SOC 24·7·365 on Defender + Sentinel. 180+ adversaries profiled against European markets, ~11 min median containment, native cross-domain response (endpoint · email · identity · cloud).

Request the Report How it works
~11 minMedian containment
24·7·365European SOC
Cross-domainEndpoint · email · ID · cloud
Fortgale × Defender
MDR · live
Defender sensor activeEndpoint · cloud · identity telemetry
Defender
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
Multi-domain AI tier-zeroNoise reduced by 94%
Fortgale
Native Defender responseMedian host isolation ~8 s
Live
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live — Defender + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Microsoft Defender XDR
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Microsoft Defender

The unified Microsoft platform, operated with proprietary European intelligence.

Microsoft Defender XDR + Sentinel is the most adopted security stack in European M365 enterprises. Fortgale operates it with European analysts who know NIS2 and apply CTI on actors active against European markets.

01 ·

Defender XDR · cross-domain native

Single console for endpoint, email, identity, cloud, SaaS. Defender Experts validation, Microsoft Threat Intel built-in. Gartner Leader Magic Quadrant XDR 2026, deep integration with Sentinel SIEM.

02 ·

European SOC 24·7·365

L2/L3 analysts with experience on identity-based attacks, BEC, M365 phishing. <15 min triage on Defender alerts. KQL custom rules and Sentinel notebooks. 34,000+ IoCs per week on European markets.

03 ·

Native Defender response

Automatic containment: device isolation, AAD lockout, email quarantine, file collection. Logic Apps playbooks orchestrated by the Fortgale SOC. Full NIS2 national CSIRT notification support.

How it works · architecture

Four blocks, one MDR cycle on Defender.

From M365 telemetry ingestion to native response — all governed by Fortgale with European analysts and proprietary intelligence on European markets.

01 ·
01 · Ingestion

Defender + Sentinel active

Microsoft Defender for Endpoint, Office 365, Identity, Cloud — all connected to Sentinel. Telemetry duplicated in Fortgale data fabric for cross-customer correlation.

02 ·
02 · Tier-zero

AI correlation + KQL

Sentinel AI + custom KQL rules tuned by Fortgale on European TTPs. Defender Experts validation integrated. False positives reduced by 94%.

03 ·
03 · Analysts

Our L2/L3 on the console

European SOC specialised on M365 attacks: AiTM, OAuth abuse, MFA bypass, BEC. Direct interaction in your business language, time zone and regulation included.

04 ·
04 · Response

Native Defender + IR

~8 second device isolation, full M365 cycle response (email, identity, files, sessions). Direct escalation to Fortgale IR for critical incidents.

Proof · service metrics

Four numbers that hold MDR on Defender up.

Metrics measured on real customer telemetry — Q1 2026, updated quarterly.

~11 min
Median containment
from confirmed Defender alert
94 %
Noise reduced
by AI tier-zero + KQL
Cross
Endpoint · email · ID
· cloud unified detection
12 days
Full onboarding
Defender + Sentinel
What the service includes

MDR on Defender, in detail.

Every component is designed to ensure continuous operational protection on the M365 environment, from endpoint to identity.

01

Managed Defender XDR + Sentinel

Defender XDR licensing (or existing instance). Sentinel data connectors, KQL rules, Logic Apps playbooks managed by Fortgale. Tuning, maintenance, monthly health check.

02

Proactive M365 threat hunting

Monthly KQL hunting sessions on Defender + Sentinel. Focus on AiTM phishing, OAuth abuse, illicit consent grant, lateral movement Azure AD.

03

Proprietary CTI in Sentinel

34,000+ IoCs per week from Fortgale OpenCTI auto-imported into Sentinel Threat Intelligence. Focus on European actors and ransomware specialists.

04

Native cross-domain response

Containment via Defender + Sentinel SOAR: device isolation, AAD lockout, email quarantine, session revocation. Custom Logic Apps playbooks.

05

Reporting & governance

Executive reports MTTD/MTTR, technical reports per incident, NIS2/ISO 27001/GDPR audit documentation. Custom Sentinel Workbook with real-time KPIs.

06

Identity Threat Detection

Defender for Identity + AAD logs to detect Pass-the-Hash, Pass-the-Ticket, Golden Ticket, MFA fatigue, AAD compromise. Detection tuned by Fortgale.

For whom · two angles

Same MDR on Defender, two angles.

The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.

For the CISO

A named runbook per actor, on the Defender stack.

Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Microsoft Defender XDR telemetry.

  • Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
  • Defender runbookLive MITRE-mapped playbooks, executable on the Microsoft Defender XDR console.
  • Board-ready reportingRisk · impact · decision. No slideware technology.
Request the threat briefing →
For the IT lead

Zero translator handover. European analysts on your Defender console.

When the Defender alert is real, decision time is containment time. Our L2/L3 analysts know the Microsoft Defender XDR console and have a mandate to decide.

  • Median containment ~11 minFrom confirmed alert to remediation in production.
  • Native Defender responseProcess kill, host isolation, network containment via Microsoft Defender XDR API.
  • End-to-end integrationDefender telemetry ingested into our multi-domain data fabric.
See a real runbook →
FAQ · frequently asked

Everything to know before talking to our analysts.

What is the Fortgale MDR service on Microsoft Defender XDR?

Combines Microsoft Defender XDR (endpoint, email, identity, cloud) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the M365 Defender console, apply MITRE-mapped runbooks and trigger native Defender response (device isolation, AAD lockout, email purge).

Do I need to already have Microsoft Defender XDR?

No. Fortgale handles the full cycle: E5/Defender licensing, deployment, Sentinel integration, detection tuning. If you already have the licence, we integrate the SOC on your instance. Otherwise we provide it as part of the service.

How long does activation take?

Microsoft Defender for Endpoint onboarding takes minutes per device. Full MDR activation — Sentinel connectors, KQL detection rules, Logic Apps playbooks, 24·7·365 monitoring — completes in 7-12 business days.

Is the service NIS2-compliant?

Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications, audit-ready reporting.

Does Defender XDR also cover email and identity?

Yes. Microsoft Defender XDR is a unified platform: endpoint (Defender for Endpoint), email (Defender for Office 365), identity (Defender for Identity, Azure AD), cloud (Defender for Cloud), SaaS (Defender for Cloud Apps). The Fortgale MDR service covers all these domains in a unified console.

Talk to the outpost

One meeting. One NDA. One real runbook on Defender.

We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Microsoft Defender XDR console.

Tempo di risposta: < 1 giorno lavorativo.

Questo sito è protetto da reCAPTCHA e si applicano la Privacy Policy e i Termini di servizio di Google.