Skip to main content
Who is this for? MSP/MSSP Partners, Security Engineers
December 22, 2023 · ContraForce Team · 3 min read ContraForce is excited to introduce our Microsoft Defender XDR Standalone Module, designed specifically for MSPs and MSSPs who want to operationalize Microsoft Defender XDR across their customer base without the complexity of deploying Microsoft Sentinel.

Hyperautomate XDR for MSPs and MSSPs

The Defender XDR Standalone Module enables service providers to:
  • Ingest Defender XDR incidents from all customer tenants into a single ContraForce workspace
  • Run Gamebooks for automated investigation and response across Defender for Endpoint, Identity, Office 365, and Cloud Apps
  • Execute response actions including device isolation, account disabling, and file quarantine
  • Scale operations without the infrastructure requirements of a full SIEM deployment

Why a Standalone Module?

Many MSPs and MSSPs have customers who are invested in Microsoft 365 and Defender XDR but haven’t yet deployed Microsoft Sentinel. The Defender XDR Standalone Module allows service providers to:
  • Start delivering MXDR services immediately
  • Avoid the complexity of SIEM deployment for smaller customers
  • Provide a clear upgrade path to full Sentinel integration when ready

Deployment in Minutes

The Defender XDR Module deploys in 15-20 minutes with no Azure resources required:
  1. Configure the module in your ContraForce workspace
  2. Complete the consent flow for each customer tenant
  3. Authorize Gamebook response actions
  4. Start receiving incidents and executing automated response

What’s Included

CapabilityDescription
Incident IngestionAll Defender XDR incidents from connected tenants
Gamebook ExecutionAutomated investigation and response workflows
Response ActionsDevice isolation, account actions, file quarantine
Multi-Tenant ManagementSingle pane of glass for all customer tenants

Quick Summary

  • The Defender XDR Standalone Module lets MSPs operationalize Microsoft Defender XDR without deploying Sentinel.
  • Ingest incidents from all customer tenants into a single ContraForce workspace.
  • Run Gamebooks for automated investigation and response across Defender products.
  • Deploy in 15-20 minutes with no Azure resources required.
  • Provides a clear upgrade path to full Sentinel integration when customers are ready.

Deploy Defender XDR Module

Step-by-step deployment guide

Defender Capability Matrix

See available response actions
Questions? Contact us at [email protected].