News
Microsoft Broadens Defender Experts Portfolio with New Threat Intelligence Service and Expanded Hybrid Cloud Protection
- By Chris Paoli
- July 17, 2026
Microsoft is extending its managed security services by adding a new Defender Experts Threat Intelligence offering while widening the reach of Defender Experts for Servers to cover more hybrid and multi-cloud environments. The updates are designed to help security teams prioritize relevant threats and strengthen incident response across increasingly diverse enterprise infrastructures, according to Microsoft's announcement.
The new Threat Intelligence service delivers analyst-curated briefings, proactive alerts and recommendations tailored to an organization's industry, geography and risk profile. At the same time, Microsoft has expanded Defender Experts for Servers beyond Azure to provide managed detection and response support for workloads running across Amazon Web Services (AWS), Google Cloud Platform (GCP) and on-premises environments, reflecting the reality that many enterprises now operate across multiple clouds rather than a single platform. Microsoft is also expanding Defender Experts MDR with third-party and multicloud coverage powered by Microsoft Sentinel.
Aarti Borkar, corporate vice president of Microsoft Security, described the problem as an "intelligence-to-action gap" between recognizing a threat and determining how an organization should respond.
"That space between knowing a threat exists and acting on it is the intelligence-to-action gap, and it's where most breaches are won or lost," said Borkar in Microsoft's announcement.
Security teams already collect alerts from endpoints, identities, cloud workloads and third-party tools. But Microsoft says more feeds and dashboards do not always make it easier to identify the threats that matter most.
Defender Experts Threat Intelligence plans to cut through that noise with guidance from dedicated Microsoft security experts. Those specialists will compare global threat activity with each customer’s industry, location and technology environment, then recommend which risks to address first.
Customers will receive early warnings about relevant attacks, updates as threats change and regular briefings on geopolitical, industry and global risks. The service will also give executives a broader view of the threat landscape while providing security teams with technical steps they can take.
"The goal is simple: help you reduce risk before an attack reaches your environment, not explain what happened after the fact," Borkar said.
Microsoft didn't provide pricing, licensing details or a general availability date for the new threat intelligence service in its announcement.
Microsoft also announced an expansion of Microsoft Defender Experts MDR, formerly known as Defender Experts for XDR. The service will use Microsoft Sentinel to collect security signals from Microsoft and third-party products across cloud, identity, email, network and endpoint systems.
This broader view will help Microsoft’s security specialists track attacks as they move across different platforms. The service combines expert-built detections with automated investigation, response tools and guidance from Microsoft’s security team.
"With support for leading non-Microsoft sources across cloud, identity, email, network and endpoint environments, our experts can follow attacks wherever they move, not just where Microsoft products operate," Borkar wrote.
The expanded coverage will be sold as Defender Experts MDR Plan 2. Existing Defender Experts for XDR capabilities will continue without changes under the Defender Experts MDR Plan 1 name.
Plan 2 adds round-the-clock monitoring, cross-platform threat analysis and recommendations for improving security operations. Microsoft said the service will distill high-volume telemetry into prioritized incidents while providing a unified account of attacks spanning Microsoft and third-party environments.
Microsoft plans to demonstrate the new services at Black Hat USA. Pricing and availability for Defender Experts MDR Plan 2 should also be verified with Microsoft before publication.