Microsoft Threat Protection Solutions

Supercharge Microsoft Defender ATP

Supercharge your Microsoft Defender ATP deployment by adding a proven 24×7 security operations team who are masters at finding and stopping threats, and an automation platform to quickly remediate and get back to business.

Request Demo Download Datasheet

Immediately enhance your detection coverage.

Red Canary is the fastest way to get value from your Microsoft Defender ATP implementation. Immediate onboarding. Investigation of all telemetry and alerts.


your detection coverage


detection and response


fewer false positives


Red Canary uses endpoint telemetry collected from Defender ATP. Endpoint telemetry is a continuous stream of everything that happens on a computer including process starts, file modifications, network connections, and more. Red Canary ingests the unfiltered stream of telemetry and standardizes it into our internal format for use by the Red Canary platform.

Q: How does Red Canary differ from any other Microsoft Defender ATP integration?

A: Unlike most managed detection and response (MDR) solutions and managed security security providers (MSSP) that simply take in alerts from security products, perform basic investigation and send them back to you, we are the only ones using raw telemetry that was designed in partnership with Microsoft.

Q: So you just look at the Microsoft Defender ATP alerts?

A: No, Red Canary’s main source of data from your environment is the raw endpoint telemetry used to perform our behavior-based detections that are continuously updated to keep pace with changes in attacker behavior.

Q:  How complicated is it to implement Red Canary?

A: Simply add a data export (from your Microsoft Defender ATP console) to start sending telemetry to our Event Hub. Within minutes we will begin ingesting, processing and examining all your endpoint data.

Q: How does Red Canary get access to my Microsoft Defender ATP telemetry?

A: It is all configured from your side.  Setting up a data export and allowing access to the Microsoft Defender ATP APIs is completely controlled by you and your Microsoft Defender ATP administrators.

Q: Is Red Canary 24/7?

A: Yes, our cyber incident response team (CIRT) monitors security events in your environment 24/7 and notifies your team when needed. For more detail on how this works, check out our post on Microsoft’s Security blog.


Uncompromised: Unpacking a malicious Excel macro


2020 Threat Detection Report: the conversation continues


The Third Amigo: detecting Ryuk ransomware


Detecting attacks leveraging the .NET Framework


Endpoint Security vs Network Security: Where to Invest Your Budget


Evaluating Endpoint Products in a Crowded, Confusing Market