Incident response playbooks

You need to respond quickly to security attacks to contain the attack and limit the damage. As new widespread cyberattacks happen, Microsoft will respond with detailed incident response guidance through various communication channels, primarily through the Microsoft Security Blog.

The following content is Microsoft best practice information, provided by Microsoft Incident Response. This team provides fast, flexible services that will remove a bad actor from your environment, build resilience for future attacks, and help mend your defenses after a breach.

Review the following incident response playbooks to understand how to detect and contain these different types of attacks:

Each playbook includes:

  • Prerequisites: The specific requirements you need to complete before starting the investigation. For example, logging that should be turned on and roles and permissions that are required.
  • Workflow: The logical flow that you should follow to perform the investigation.
  • Checklist: A list of tasks for the steps in the flow chart. This checklist can be helpful in highly-regulated environments to verify what you have done.
  • Investigation steps: Detailed step-by-step guidance for the specific investigation.

Also see Microsoft Incident Response ransomware approach and best practices.

Incident response resources