Frequently Asked Questions (FAQ)

ContraForce is an AI Security Delivery Platform built for MSSPs, MSPs, and security operations teams. It is an instant AI overlay for Microsoft Sentinel and Microsoft Defender XDR, orchestrating Security Delivery Agents and Gamebooks to automate triage, investigation, and response across tenants. Teams use ContraForce to standardize execution, cut triage effort by up to 90%, and scale Microsoft-native MXDR without adding analysts.

Security Delivery Agents are AI-driven workflow operators that execute repeatable SOC tasks such as enrichment, investigation steps, recommendations, and response actions. They run under policy and approval controls, and every action is logged for auditability so teams can automate safely at scale.

ContraForce typically deploys in about 30 minutes within your Azure environment. Onboarding and configuring each customer workspace takes minutes. The platform uses federated access, so security data stays in the customer tenant and there is no complex data migration.

ContraForce connects to Microsoft Sentinel through secure federated access, enabling multi-tenant operations without copying data into another system. Security Delivery Agents triage and enrich incidents, execute investigation steps using Gamebooks (SOP-driven playbooks), and guide or execute response actions with approvals and full audit logging. The result is faster, more consistent delivery and less analyst context switching across portals.

ContraForce improves service margins by reducing the analyst time required per incident. Security Delivery Agents automate repetitive triage and investigation steps, while Gamebooks enforce consistent SOP execution across customers. Providers onboard more tenants without proportional headcount growth, improving unit economics while maintaining human-in-the-loop control.

ContraForce integrates with Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Entra ID. It also integrates with PSA and ticketing systems commonly used by service providers and can support additional ITSM workflows as needed.

No. ContraForce does not replace Microsoft Defender XDR or Microsoft Sentinel. Instead, ContraForce is an orchestration and automation layer that sits on top of these Microsoft security tools, enabling MSSPs to operationalize them at scale across multiple customer tenants. Microsoft provides the detection and response capabilities; ContraForce provides the multi-tenant management, AI automation, and service delivery workflows that MSSPs need to run an efficient MXDR business.

ContraForce is SOC 2 Type II audited. The platform is designed for compliance by keeping security data in the customer tenant through federated access, and by providing full auditability for Security Delivery Agent actions with human approval controls.

Microsoft’s Unified Security Operations Platform (USOP) brings together Microsoft Defender, Microsoft Sentinel, and Microsoft Security Copilot into a single, unified experience for detection, investigation, and response inside the Microsoft ecosystem. ContraForce sits on top of that foundation as the security delivery control plane built for MSSPs and Microsoft-native security teams that need to standardize and scale operations across many tenants and environments.

ContraForce competes in the MSSP/MSP security platform market. Alternatives include Arctic Wolf (which provides MDR as a service rather than a platform for MSSPs to deliver their own services), Blackpoint Cyber, Todyl, and Adlumin. ContraForce differentiates by being purpose-built for Microsoft-native environments, providing AI agent automation rather than just alert aggregation, and enabling MSSPs to maintain their own brand and customer relationships rather than white-labeling another vendor's SOC.