SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Modern soc security ops center mdr unified cloud monitoring hd
#
SIEM
#
Cloud Security
#
SOC

Rapid7 unveils MDR service built for Microsoft users

Thu, 22nd Jan 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Rapid7 has launched a managed detection and response service that integrates signals from Microsoft Defender and links them with Rapid7's security operations tooling and analysts.

The service, called Rapid7 MDR for Microsoft, targets organisations that run Microsoft as a core provider for productivity and security. Rapid7 said the service uses bi-directional integrations with Microsoft Defender and combines Microsoft telemetry with Rapid7 data sources.

Companies have increased their use of Microsoft security products for endpoints, identity, cloud workloads and email. That shift has increased the volume of security alerts and logs generated in many environments. Security teams have also faced growing pressure to show measurable outcomes and a clear return on spending.

The company positioned the new service as a way for customers to use Microsoft Defender signals inside Rapid7's monitoring and investigation workflows. Rapid7 said it offers a global security operations centre and its own SIEM as part of the service.

Defender signals

Rapid7 said MDR for Microsoft ingests and correlates Microsoft Defender telemetry with Rapid7's own data. The company said it includes bi-directional synchronisation between Rapid7 and Microsoft consoles. Rapid7 said endpoint alerts and analyst actions remain aligned between the two environments.

The company said the service includes investigation and response features alongside its monitoring. Rapid7 said it can perform remote containment and endpoint forensics. It said it uses Velociraptor, an open-source digital forensics and incident response framework, as part of that work.

Rapid7 said the service includes unlimited incident response. The company also said customers can run their own queries and view investigation workflows directly in the SIEM. Rapid7 said this provides visibility into analyst activity and the results of investigations over time.

Risk context

Rapid7 said MDR for Microsoft includes risk-aware analysis that combines vulnerability risk management with live threat activity. The company said it uses that combination to identify likely attack paths and add asset context during investigations.

Rapid7 also said the service includes a dedicated cybersecurity advisor. It said the advisor provides threat briefings, advice on hardening environments, programme governance and health checks.

The company said it provides always-on monitoring through a global security operations centre. Rapid7 said its teams monitor Microsoft and non-Microsoft environments on a 24x7x365 basis.

Commercial model

Rapid7 said the service includes unlimited log ingestion. It framed this as a way to remove SIEM cost constraints and keep investigations consistent regardless of data volume.

The company also said the service includes unlimited SOAR automation. It said it provides standard data retention for 13 months and customers can extend that period. Rapid7 said it also includes proactive threat hunting and AI-assisted investigation workflows.

Rapid7 referenced findings from an IDC study on the business value of Rapid7 MDR. The company cited the study as reporting a 422% three-year ROI for customers. It also cited figures of 87% faster threat identification and a 54% reduction in the likelihood of a major security event.

Microsoft focus

The launch comes as more organisations consolidate security tooling around large platform providers. Microsoft's Defender portfolio has expanded across endpoint, identity, cloud and email security. That growth has increased interest in services that manage alert volumes and respond across multiple Microsoft security products.

Rapid7 positioned MDR for Microsoft for security leaders who want to translate Microsoft security signals into operational decisions. The company said customers also want measurable outcomes and clarity on the value of security spending.

Rapid7 did not provide pricing or customer names for the new service.

"We are excited to announce the availability of Rapid7 MDR for Microsoft - a pre-emptive threat detection, investigation, and response service that brings together Rapid7's global SOC, our market-leading SIEM technology, and deeper bi-directional Microsoft Defender integrations," said Rapid7.

"As Microsoft continues to serve as the backbone of modern environments, the ability to translate security signals into consistent action becomes increasingly critical," said Rapid7.

Related stories
Ecommpay leader wins Women in Risk & Compliance award
Palo Alto warns on earnings as guidance disappoints
Gr4vy adds Sardine tools to unify fraud & payments
AI deepfakes erode trust and reshape UK dating apps
AI & endpoints reshape global information governance

Top stories

IT leaders rethink cloud, AI spend amid lock-in fears
12Port unveils AI session intelligence for PAM security
DryRun Security adds Andrew Peterson to drive AI shift
AI-driven phishing surge dominates 2025 cyberattacks
Tailscale unveils Aperture to govern workplace AI use