MDR on Microsoft Defender XDR: native protection on M365.
The Fortgale European SOC 24·7·365 on Defender + Sentinel. 287 tools and actors profiled against European markets, <30 min median containment, native cross-domain response (endpoint · email · identity · cloud).
European SOC 24·7·365L2/L3 analysts · direct interaction
Fortgale
◇
Multi-domain AI tier-zeroNoise reduced >90% by day 30
Fortgale
⚡
Native Defender responseHost isolation in seconds
Live
◈
Proprietary intelligence34,000+ IoCs per week · European actors
Fortgale
MDR live, Defender + Fortgale SOC active
Compliance
ISO/IEC 27001
NIS2 ready
DORA aligned
GDPR · ENISA
Technology partnership
Microsoft Defender XDR
MITRE ATT&CK aligned
OpenCTI
Why Fortgale + Microsoft Defender
The unified Microsoft platform, operated with proprietary European intelligence.
Microsoft Defender XDR + Sentinel is the most adopted security stack in European M365 enterprises. Fortgale operates it with European analysts who know NIS2 and apply CTI on actors active against European markets.
01 ·
Defender XDR · cross-domain native
Single console for endpoint, email, identity, cloud, SaaS. Fortgale SOC validation, Microsoft Threat Intel built-in. Gartner Leader Magic Quadrant XDR 2026, deep integration with Sentinel SIEM. Fortgale delivers detection and response on the platform modules Microsoft Defender for Endpoint · Defender for Identity · Defender for Office 365 · Defender for Cloud Apps · Microsoft Sentinel.
02 ·
European SOC 24·7·365
L2/L3 analysts with experience on identity-based attacks, BEC, M365 phishing. <15 min triage on Defender alerts. KQL custom rules and Sentinel notebooks. 34,000+ IoCs per week on European markets.
03 ·
Native Defender response
Automatic containment: device isolation, AAD lockout, email quarantine, file collection. Logic Apps playbooks orchestrated by the Fortgale SOC. Full NIS2 national CSIRT notification support.
How it works · architecture
Four blocks, one MDR cycle on Defender.
From M365 telemetry ingestion to native response, all governed by Fortgale with European analysts and proprietary intelligence on European markets.
01 ·
01 · Ingestion
Defender + Sentinel active
Microsoft Defender for Endpoint, Office 365, Identity, Cloud, all connected to Sentinel. Telemetry duplicated in Fortgale data fabric for cross-customer correlation.
02 ·
02 · Tier-zero
AI correlation + KQL
Sentinel AI + custom KQL rules tuned by Fortgale on European TTPs. Fortgale analyst validation integrated. False positives reduced by over 90%.
03 ·
03 · Analysts
Our L2/L3 on the console
European SOC specialised on M365 attacks: AiTM, OAuth abuse, MFA bypass, BEC. Direct interaction in your business language, time zone and regulation included.
04 ·
04 · Response
Native Defender + IR
~8 second device isolation, full M365 cycle response (email, identity, files, sessions). Direct escalation to Fortgale IR for critical incidents.
Proof · service metrics
Four numbers that hold MDR on Defender up.
Metrics measured on real customer telemetry, Q1 2026, updated quarterly.
<30 min
Median containment from confirmed Defender alert
>90 %
Noise reduced by AI tier-zero + KQL
Cross
Endpoint · email · ID · cloud unified detection
12 days
Full onboarding Defender + Sentinel
The problems MDR must solve
Five reasons Defender alone is not enough.
The platform produces telemetry. What is missing is the people who read it around the clock, prioritise it and turn it into decisions.
01 ·
Alert fatigue
Tier-zero AI filters, analysts decide: noise reduced >90% by day 30. Every alert that reaches you is already a qualified case.
02 ·
Defender expertise
L2/L3 analysts who operate the Defender console every day: detection tuning, MITRE-mapped runbooks, native response on your platform.
03 ·
Operational experience
European SOC, headquartered in Milan since 2017, 24·7·365: median TTD <15 minutes, median TTC <30 minutes.
Proprietary CTI on 287 tracked adversary groups and attack tools: advisories, IOCs and actor profiles feed directly into detection on your platform.
Threat intelligence · attacks detected on Defender XDR
Identity-first attacks contained on Defender XDR by the European SOC.
Selection of identity & cloud-native threats observed on M365 tenants of Fortgale customers. Defender XDR is our front-line console for AiTM phishing, OAuth abuse and post-Entra ID lateral movement.
Executive reports MTTD/MTTR, technical reports per incident, NIS2/ISO 27001/GDPR audit documentation. Custom Sentinel Workbook with real-time KPIs.
06
Identity Threat Detection
Defender for Identity + AAD logs to detect Pass-the-Hash, Pass-the-Ticket, Golden Ticket, MFA fatigue, AAD compromise. Detection tuned by Fortgale.
For whom · two angles
Same MDR on Defender, two angles.
The CISO decides on risk. The IT lead decides on the runbook. Fortgale MDR produces evidence for both.
For the CISO
A named runbook per actor, on the Defender stack.
Each month the CISO receives the profile of the 3 most likely actors against their sector, with the Fortgale MDR runbook already mapped to the Microsoft Defender XDR telemetry.
Monthly threat briefingActors, observed TTPs, campaigns in progress on your sector.
Defender runbookLive MITRE-mapped playbooks, executable on the Microsoft Defender XDR console.
Board-ready reportingRisk · impact · decision. No slideware technology.
Zero translator handover. European analysts on your Defender console.
When the Defender alert is real, decision time is containment time. Our L2/L3 analysts know the Microsoft Defender XDR console and have a mandate to decide.
Median containment ~11 minFrom confirmed alert to remediation in production.
Native Defender responseProcess kill, host isolation, network containment via Microsoft Defender XDR API.
End-to-end integrationDefender telemetry ingested into our multi-domain data fabric.
Everything to know before talking to our analysts.
What is the Fortgale MDR service on Microsoft Defender XDR?
Combines Microsoft Defender XDR (endpoint, email, identity, cloud) with the Fortgale European SOC 24·7·365. L2/L3 analysts monitor the M365 Defender console, apply MITRE-mapped runbooks and trigger native Defender response (device isolation, AAD lockout, email purge).
Do I need to already have Microsoft Defender XDR?
No. Fortgale handles the full cycle: E5/Defender licensing, deployment, Sentinel integration, detection tuning. If you already have the licence, we integrate the SOC on your instance. Otherwise we provide it as part of the service.
How long does activation take?
Microsoft Defender for Endpoint onboarding takes minutes per device. Full MDR activation, Sentinel connectors, KQL detection rules, Logic Apps playbooks, 24·7·365 monitoring, completes in 7-12 business days.
Is the service NIS2-compliant?
Yes. We support NIS2 transposition requirements: continuous monitoring, IoC collection for national CSIRT notification within 24 hours, technical documentation for 72-hour notifications, audit-ready reporting.
Does Defender XDR also cover email and identity?
Yes. Microsoft Defender XDR is a unified platform: endpoint (Defender for Endpoint), email (Defender for Office 365), identity (Defender for Identity, Azure AD), cloud (Defender for Cloud), SaaS (Defender for Cloud Apps). The Fortgale MDR service covers all these domains in a unified console.
One meeting. One NDA. One real runbook on Defender.
We bring you the Report on your sector with the most likely actors and a concrete MDR runbook on your Microsoft Defender XDR console.
Outlook Bookings · Fortgale
Book a meeting
Loading calendar…
Response · 1 business day
Speak with our analysts.
No nurturing sequences, no auto-replies. One of our analysts calls you back within one business day.
Document · Fortgale
PDF preview
Loading PDF…
Request · Fortgale Threat Intelligence Report
Request the Report
The full Report (executive summary · operational IoCs · technical runbook) is restricted. Share two details and one of our analysts contacts you with access and a short technical briefing.
See a real attack
IR · 24·7·365
Are you under attack?
Response in 30 minutes, containment in 1–4 hours. Even if you are not a Fortgale customer.
We use essential cookies required for site functionality and, with your consent, analytics and marketing cookies to measure traffic and personalise content. You can accept all cookies, reject them, or customise your preferences. For more details see the Cookie Policy and Privacy Policy.
Cookie preferences · Fortgale
Manage your preferences
Choose which cookies to allow. Essential cookies are required for the site to work and cannot be disabled. For the others, consent is always free, specific and revocable at any time.
EssentialAlways on
Required for the site to function (session, security, cookie preferences). The legal basis is the controller's legitimate interest (Art. 6(1)(f) GDPR). Without these cookies the site does not work correctly.
AnalyticsWe measure what works
Aggregated statistical cookies to understand how users browse the site (page views, session duration, traffic source). EU-friendly or anonymised providers. Legal basis: consent (Art. 6(1)(a) GDPR).
MarketingPersonalisation and remarketing
Third-party cookies (LinkedIn Insight Tag, possible campaign pixels) to measure ad campaign effectiveness and show relevant content. Legal basis: consent (Art. 6(1)(a) GDPR). Disabled by default.
You can change these choices at any time from the Cookie Policy page or by clicking the Cookie preferences link in the footer.