This Knowledge Base article describes the features and capabilities of the ContraForce Security Service Delivery Platform for Microsoft Defender Products.
Legend
✓ Capability exists
✓(#) Capability exists but has dependencies
ContraForce Capabilities
Business Premium | Enterprise E3 | Enterprise E5 | |
Incident Investigation | |||
Incident Management | |||
Bi-directional streaming of incidents |
✓ |
✓ |
✓ |
Fetching incident entities |
✓ |
✓ |
✓ |
Fetching incident evidence (logs) |
✓ |
✓ |
✓ |
Incident alert timelines |
✓ |
✓ |
✓ |
Incident investigation audit |
✓ |
✓ |
✓ |
Entity Enrichment and Triage |
|||
Related incident search |
✓ |
✓ |
✓ |
User insights |
|||
Sign-in logs |
✓(1) |
✓(1) |
✓(1) |
Audit logs |
✓(1) |
✓(1) |
✓(1) |
Entra ID profile |
✓(1) |
✓(1) |
✓(1) |
IP address insights |
|||
Sign-in log activity |
✓(2) |
✓(2) |
✓(2) |
Related incidents |
✓(3) |
✓(3) |
✓ |
Device Insights |
|||
Timeline |
✓(3) |
✓(3) |
✓ |
Related incidents |
✓(3) |
✓(3) |
✓ |
Device info |
✓ |
✓ |
✓ |
Email insights |
|||
Related incidents |
✓ |
✓ |
✓ |
Email info |
✓(3) |
✓(3) |
✓ |
File insights |
|||
Related incidents |
✓ |
✓ |
✓ |
File info |
✓ |
✓ |
✓ |
URL insights |
|||
Related incidents |
✓ |
✓ |
✓ |
URL info |
✓(3) |
✓(3) |
✓ |
Log Search |
|
|
|
Log search |
✓(3) |
✓(3) |
✓ |
Endpoint Management |
|
|
|
View device list |
✓ |
✓ |
✓ |
View device info |
✓ |
✓ |
✓ |
Response and Case Management |
|
|
|
Gamebooks |
|
|
|
Endpoint |
|
|
|
Isolate endpoint |
✓ |
✓ |
✓ |
Anti-virus scan of endpoint |
✓ |
✓ |
✓ |
Remove from isolation |
✓ |
✓ |
✓ |
File |
|
|
|
Quarantine file |
✓ |
✓ |
✓ |
User |
|
|
|
Invalidate existing sessions |
✓(1) |
✓(1) |
✓(1) |
Reset user password |
✓(1) |
✓(1) |
✓(1) |
Lock out user |
✓(1) |
✓(1) |
✓(1) |
Unlock user |
✓(1) |
✓(1) |
✓(1) |
IP Address |
|
|
|
Block IP (from Azure Network Security Group) |
- |
- |
- |
|
|
|
|
Soft delete email |
✓(4) |
✓(4) |
✓(4) |
- Requires that Microsoft Entra ID is connected to the ContraForce Platform.
- Requires that Microsoft Sentinel is enabled and connected to the ContraForce Platform.
- Requires Microsoft Defender for Endpoint Plan 2 add-on.
- Requires Microsoft 365 Exchange license.