‘We’ve spent the last few years helping MSPs protect Microsoft 365 tenants, and we’re now working with more than 1,200 MSPs protecting over 60,000 tenants. But through all of those conversations, it became really clear that there’s often a disconnect between what MSPs would love to do from a security perspective and what end customers are willing to accept,” says Will Connor, co-founder of Inforcer.
After spending the last three years helping MSPs lock down Microsoft 365 environments before attacks happen, Inforcer is taking aim at what comes next.
Today the London-based vendor unveiled its threat detection and response (TDR) offering, helping MSPs identify active threats, investigate incidents and respond to attacks across Microsoft 365 environments. The launch marks Inforcer’s expansion from left of boom prevention into right of boom detection and response.
For MSPs, the move is about more than adding another security tool, Inforcer executives said, and it completes a broader vision of giving partners a single platform to secure, manage and monitor Microsoft environments.
[Related: Inforcer Accelerates Microsoft AI Enablement With $35M Funding Round: ‘The Opportunity Was Now’]
“We’ve spent the last few years helping MSPs protect Microsoft 365 tenants, and we’re now working with more than 1,200 MSPs protecting over 60,000 tenants,” Will Connor, co-founder of Inforcer, told CRN. “But through all of those conversations, it became really clear that there’s often a disconnect between what MSPs would love to do from a security perspective and what end customers are willing to accept.
“Every MSP wants to lock everything down, but customers are balancing security against productivity,” he added. “That means MSPs aren’t always able to implement every protection they’d like. When that happens, they need visibility into what occurs if something slips through the cracks. That’s where threat detection and response comes in. We already had all of this telemetry and visibility across Microsoft 365, so it made sense for us to give MSPs one platform where they can protect tenants, detect incidents, respond to them and then use those insights to strengthen security across every customer they manage.”
Inforcer TDR monitors signals from across Microsoft’s ecosystem, including Entra ID, Defender, Purview, Teams and SharePoint. Connor said one of the biggest advantages comes from combining detection with prevention.
The launch also reflects the company’s larger strategy around Microsoft security and AI readiness.
Inforcer CEO Jamie Daum said MSPs increasingly need security, compliance and governance capabilities as foundational elements for future AI services.
“We’ve always believed an MSP should be able to run almost everything around Microsoft security and management from a platform purpose-built for MSPs,” Daum told CRN. “The challenge has always been that Microsoft builds for enterprise first. There’s no multi-tenancy. There’s no way to manage these environments efficiently at scale. That’s what we’ve been solving.
“Now, with TDR, we’re not just helping MSPs manage Microsoft’s security stack,” he added. “We’re helping them secure it end-to-end. The easiest analogy is your home. Left of boom is the fences, the gates, the locks and the dog in the yard. Right of boom is the burglar alarm and the police response when someone breaks in. Both matter. Every customer has a different risk tolerance, and MSPs need the flexibility to balance protection and productivity. We’re giving them both sides of that equation.”
He said that that capability becomes even more important as organizations embrace AI tools.
Chris Pottrell, managing director at U.K.-based Nebula IT Service Ltd., said Inforcer’s move into threat detection and response is “a natural evolution.”
One of the key advantages is that the new capabilities are built on telemetry already collected within the platform, eliminating the need for additional agents or management tools.
“We get meaningful detection without bolting on yet another agent or console,” Pottrell told CRN. “It isn’t just identity, we’re getting visibility right across the M365 security stack.”
He added that the integration of detection and response data with existing security baselines will help MSPs better understand and address security gaps.
“What really excites us is that the detection and response information ties directly back to the baseline protections we already deliver,” he said. “When we spot something, we can point straight at the control that should have caught it or needs tightening.”
For Matthe Smit, chief product officer at Inforcer, one of the biggest challenges MSPs face today is signal overload.
“Microsoft monitoring is notoriously noisy,” Smit told CRN. “MSPs know they need to monitor identities because identity has become the new perimeter, but many of the existing tools generate so much noise that people eventually stop paying attention. What we’re focused on is context. An impossible travel alert by itself doesn’t tell you much. But if we can show that a user was compromised, downloaded hundreds of files from OneDrive, created forwarding rules, installed enterprise applications and maintained access for weeks, suddenly you’re looking at a complete attack story. That’s what MSPs need. They need meaningful incidents, not endless alerts.”
He added that attackers often move gradually after gaining access which can make compromises harder to spot in their early stages. Inforcer correlates activity across the Microsoft stack to detect those patterns rather than relying on isolated identity events alone.
“There are a lot of companies trying to solve security across every platform imaginable,” Smit said. “We’re incredibly focused. We live and breathe Microsoft 365. We think that allows us to build a lower-noise, better-fit solution for MSPs because that’s all we do.”
