MSPs managing Microsoft 365 environments often rely on separate tools for attack prevention, incident detection, and response. inforcer aims to bring those functions together in a single platform. The company has launched
inforcer Threat Detection and Response (TDR), an
early-access product for MSPs at Pax8 Beyond in Salt Lake City this week.
inforcer already provides a multi-tenant Microsoft 365 management platform. MSPs use it to apply security policies, monitor configuration drift, and manage customer tenants. TDR adds threat monitoring, incident response, and reporting. The product collects data from Microsoft Entra, Defender, Purview, Teams, and SharePoint. Inforcer says this gives MSPs more context when reviewing suspicious activity.
Jamie Daum, CEO of inforcer, told ChannelE2E, “Most identity threat detection tools watch a slice of the stack, usually just identity, and fire an alert when something looks off. inforcer TDR collects telemetry across the whole Microsoft 365 estate: Entra, Defender, Purview, Teams, and SharePoint.”
A multi-tenant security workflow
A sign-in alert does not always mean an account has been compromised. The risk depends on the customer’s security policies, account settings, and past activity. inforcer says its platform can use that tenant information when reviewing alerts. Because the company already tracks security policies and configuration changes, TDR can compare suspicious activity with the customer’s current security setup.
“A sign-in anomaly means something very different in a well-hardened tenant than in one that never had Conditional Access set up properly,” Daum said. “A general-purpose tool does not know the difference. We do, because that context is all we have ever worked with.”
This context helps MSPs decide which alerts need action and which ones are less serious. It may also help technicians understand why an attack succeeded and which policy changes could prevent it from happening again.
Bringing prevention and detection together
MSPs often manage preventive security and threat detection in separate systems. While one platform may be used to apply multifactor authentication, Conditional Access, and Microsoft Defender policies, another system may handle alerts and incident response. Those systems do not always share the context needed to explain why an incident occurred or which preventive control could have blocked it.
inforcer is addressing that by bringing tenant hardening and threat detection into the same operating layer.
“Today, those are two separate worlds,” Daum said. “MSPs harden tenants on one side and run a detection tool on the other, and the two never talk to each other. We close that loop.”
inforcer wants TDR to connect those workflows. When the platform detects an attack, it can also show whether an existing or missing policy affected the outcome.
That could help MSPs explain the value of preventive security work. Customers may not notice when policies stop an attack because nothing visible happens. “When an attack pattern matches something your policies would have blocked, we can show it,” Daum said. “That turns the prevention, which is normally invisible to the customer, into something MSPs can take to their customer as value.”
TDR covers detection, containment, and incident reporting
inforcer TDR operates across three parts of the MSP security workflow: detection, response, and reporting. The product monitors Microsoft 365 signals, supports incident management through PSA tickets, and can automate containment when an account is compromised.
“All three, and that is deliberate,” Daum said. “We do detection by monitoring signals across every layer of Microsoft 365. We do response through incident management, PSA tickets, and automated containment when an account is compromised.”
The platform also maintains six months of history, which can help an MSP rebuild the timeline of an attack and explain it to the customer.
“When an account is breached and contained, you do not just get an alert, you get the story,” Daum said. “The MSP can show the customer how the attack unfolded and why it was stopped.”
That timeline could include a phishing email, a clicked link, a malicious application consent, suspicious travel activity, and access to files or email.
inforcer is not trying to replace every security tool used by an MSP. MSPs with broader SIEM, MDR, or SOC requirements will likely continue to use other platforms for endpoint, network, cloud, and third-party application monitoring.
“We are not trying to be a SIEM or a general SOC platform,” Daum said. “We do one thing, Microsoft 365 for MSPs, and the layering is built around that scope rather than bolted on.”
Built to cut alert fatigue
Alert fatigue is a major problem for MSP security teams. Technicians may receive large numbers of alerts from identity, endpoint, email, and cloud security products. And when too many alerts are marked as urgent, real threats can be missed. Teams may also spend time investigating events that turn out to be harmless.
“Alert fatigue is exactly the problem we set out to solve, not add to,” Daum said. “Because we already hold the policy and configuration context for each tenant, the detection engine can use that to separate real threats from noise rather than pushing another raw queue at the technician.”
A service MSPs can sell
inforcer is also positioning TDR as part of a managed Microsoft 365 security service. MSPs can combine tenant management, security policies, monitoring, incident response, and reporting into one recurring offering.
Daum emphasized, “inforcer TDR is built to support a managed Microsoft 365 security service, not a narrow point feature. An MSP can run the preventative tenant management and the detection and response from the same platform, then sell that combined capability as a recurring security service.”
Reporting may help MSPs explain what they are doing for customers. It can show which attacks were detected, how they were stopped, and which controls reduced the risk.
“Most MSPs are already accountable for security at their customers in practice, even when the SLA does not spell it out, and they are the first call when something goes wrong,” Daum said. “This lets them show the work and charge for it.”
For partners, the goal is to manage Microsoft 365 security in one connected workflow and explain the value to customers. inforcer will still need to prove that TDR can reduce alert noise, provide useful incident details, and work well with the PSA and security tools MSPs already use.
