Who is this for? MSP/MSSP Partners, Security Engineers
1. Unified Incident Queue
All incidents from all customer tenants flow into a single, prioritized queue:- No portal pivoting between customer environments
- Severity-based prioritization across the entire portfolio
- Context-aware grouping of related incidents
2. Cross-Tenant Entity Enrichment
When investigating an entity, ContraForce automatically enriches it with data from the relevant customer tenant:- User sign-in history from Entra ID
- Device details from Defender for Endpoint
- Activity logs from Microsoft 365
3. Gamebook-Driven Response
Pre-built response workflows execute consistently across all tenants:- Same investigation steps regardless of customer
- Consistent documentation and audit trails
- Reduced training burden for analysts
4. Automated Gamebook Mapping
Incidents automatically map to appropriate Gamebooks based on type and severity:- No manual selection required
- Consistent handling of similar incidents
- Faster time to first action
5. Security Delivery Agents
AI agents autonomously handle investigation and response:- Triage incidents at machine speed
- Execute response actions with supervision
- Document findings automatically
6. Centralized Detection Management (CMS)
Deploy and manage detection rules across all customer Sentinel workspaces:- Toggle-based rule deployment
- Bulk operations across tenants
- Version control and rollback
7. Multi-Tenant Response Actions
Execute response actions in any customer tenant without context switching:- Isolate devices across tenants
- Disable accounts in any customer Entra ID
- Block threats portfolio-wide
8. Unified Reporting
Generate reports across your entire customer portfolio:- Incident trends across all customers
- Response time metrics
- Coverage and gap analysis
9. Customer-Aware Context
Every action is performed in the context of the right customer:- Automatic tenant selection
- Customer-specific configurations respected
- Audit trails per customer
10. Scalable Architecture
The platform scales with your customer base:- Add customers without adding complexity
- Consistent performance as you grow
- No per-tenant infrastructure to manage
The Cumulative Effect
These 10 capabilities combine to enable:| Metric | Without ContraForce | With ContraForce |
|---|---|---|
| Customers per analyst | 10-15 | 100+ |
| Mean time to investigate | 30+ minutes | Minutes |
| Response consistency | Variable | 100% |
| Portal pivoting | Constant | Eliminated |
Quick Summary
- Unified incident queue eliminates portal pivoting with severity-based prioritization across all customers.
- Gamebooks and Security Delivery Agents ensure consistent, automated investigation and response.
- Centralized Detection Management (CMS) enables toggle-based rule deployment across all Sentinel workspaces.
- Multi-tenant response actions and customer-aware context enable portfolio-wide threat blocking.
- The result: 100+ customers per analyst, minutes to investigate, and 100% response consistency.
Multi-Tenant Features
Explore multi-tenant capabilities
Security Delivery Agents
Configure AI automation
Questions? Contact us at [email protected].