The ContraForce Agentic Security Delivery Platform is live

Years in the making. Built with Microsoft. An agentic platform that delivers 60× faster incident response, 10× more customer capacity per analyst, and 93% lower cost per incident. Purpose-built for Microsoft MSPs.

Related: What Are Security Delivery Agents? The Next Evolution Beyond SOAR | Automated Incident Response for Microsoft Defender XDR | Beyond Azure Lighthouse: What MSSPs Need for Sentinel at Scale | ContraForce vs Microsoft Security Copilot: What MSSPs Need to Know | The MSSP Platform Built for Microsoft Sentinel + Defender XDR

The ContraForce Agentic Security Delivery Platform is live

We've spent years working toward this, and today it's live: the ContraForce Agentic Security Delivery Platform, a multi-workspace MXDR platform built for Microsoft MSPs and MSSPs.

Every conversation we've had with managed service partners over the last four years pointed at the same problem. The Microsoft security stack is the most powerful set of tools your customers will ever own. Defender XDR, Sentinel, Entra ID. The telemetry is rich, the response actions are deep, and the licensing is already paid for. But operating it at scale, across dozens or hundreds of customer workspaces, has been the wall that breaks managed security delivery.

We built the platform we wished existed when we were running this work ourselves.

What we shipped

ContraForce is an agentic security delivery platform that sits on top of Microsoft Sentinel, Defender XDR, and Entra ID. Security Delivery Agents handle the work that used to consume tier-1 and tier-2 analyst hours: triage, classification, investigation, evidence gathering, response actions, ticket updates. Gamebooks turn your SOPs into executable, governed workflows that run consistently across every customer workspace. A single control plane gives the SOC manager visibility and override across all of it.

It's Microsoft-native at the core. SentinelOne and CrowdStrike are supported for customers who already run them. The data stays inside the customer's tenant. No log duplication, no third-party data custody.

The numbers we built it to deliver

These aren't ceiling-of-what's-possible numbers. They're what partners are seeing in production today, on the same Microsoft licenses their customers were already paying for.

Built with Microsoft

ContraForce was co-built with Microsoft engineers from day one. The platform runs on Microsoft Azure and Azure AI Foundry, integrates natively into the Defender, Sentinel, and Entra ID APIs, and has been refined alongside the security teams who build the products we sit on top of. That partnership is why the integration depth is what it is, and why response actions feel like part of the Microsoft stack rather than something bolted on.

A specific thank-you to Vasu Jakkal, Zia Mansoor, and the broader Microsoft Security and ISV team for being real co-build partners through this.

Who this is for

Microsoft-focused MSPs and MSSPs who want to scale managed detection and response without scaling headcount in lockstep. Practices that already serve customers on Microsoft 365 / Defender / Sentinel and need to turn that telemetry into a profitable, repeatable security service line. Teams that have hit the wall trying to build it themselves with SOAR, or that have been quietly losing margin on managed security and need the unit economics to flip.

If that's you, we'd love to show you the platform. Connect one workspace and you'll see your first AI-driven investigation complete inside a minute. Most partners are operational across their full customer book inside a week.

To everyone who has been with us through this: partners, customers, the team, our investors, the Microsoft folks who believed in it before there was a product to point at. Thank you. The work starts now.

More to share over the coming weeks. Stay tuned.