Engaging with Microsoft Threat Experts

Microsoft Threat Experts allows an organization to engage with security domain experts within Microsoft regarding a specific Microsoft Defender ATP system or security event.

From within the Azure portal, an organization’s own employees can escalate an issue into a question using the “Ask a threat expert” menu option.

After enough information has been provided in the request and a support ticket has formally been opened, it can be submitted.

In order to elicit a rapid and accurate response, these questions should be as specific and direct as possible rather than open-ended.

Microsoft has provided sample questions that it believes to be suitable for Threat Experts scenarios, including the following:

“Can you please help answer why we see “Unknown process observed?” This is seen quite frequently on many machines and we would appreciate input on whether this is related to malicious activity.”

“This morning, we detected a phishing email that delivered a malicious Word document to a user. This caused a series of suspicious events which triggered multiple Windows Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you please send me a link?”