

Ontinue
Microsoft-exclusive MXDR service spun off from Open Systems in 2023. Uses agentic AI (ION IQ and Autonomous Investigator) to resolve 99.5% of incidents without customer involvement. 2023 Microsoft Security Services Innovator of the Year.
Buyer fit
Good fit when
- ✓Organizations heavily invested in Microsoft E5/Defender ecosystem
- ✓Teams wanting AI-augmented SOC with 99.5% autonomous incident resolution
- ✓Companies requiring data sovereignty (customer owns Sentinel instance)
Watch out when
- ×Organizations using non-Microsoft EDR (CrowdStrike, SentinelOne, etc.)
- ×Companies needing multi-vendor SIEM or cross-platform support
- ×Teams requiring OT/ICS coverage as standard (add-on only)
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –ION for Vulnerability Mitigation (add-on)
- –ION for IoT Security (add-on, launched Feb 2025)
- –ION for Enhanced Phishing Protection (add-on)
Cost caveats
- –Requires Microsoft E5 or Defender licenses as prerequisite
- –Microsoft Sentinel consumption costs are separate and usage-based
- –Add-on services (vulnerability mitigation, IoT, phishing) increase total cost
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
Gartner Peer Insights 4.8/5 (22 eligible reviews, 65 total ratings) with 97% willingness to recommend. Gartner Strong Performer in VoC for MDR 2024. Praised for Microsoft expertise and Teams-based collaboration.
What customers praise
- ✓Deep Microsoft ecosystem integration and Teams-based collaboration
- ✓AI-driven automation reducing manual work and accelerating investigation
- ✓Data stays in customer Sentinel instance with full portability
Common complaints
- ×Occasional slow incident response noted by some customers
- ×Limited to Microsoft ecosystem only
- ×Pricing not publicly transparent
Limited Reddit discussion. Mostly positive in Microsoft-focused communities.
Questions to ask
- 1.
What are the minimum Microsoft licensing requirements (E3 vs E5) to get full value from ION MXDR?
- 2.
How does the 99.5% incident resolution rate break down between automated vs. analyst-handled incidents?
- 3.
What Sentinel analytics rules and automation stay with us if we leave?
- 4.
How quickly can new Microsoft Defender features be incorporated into detection coverage?
Evidence
Sources reviewed
Main public source used for the provider profile.
Comprehensive overview of Ontinue ION MXDR service capabilities and Microsoft integration
Official Azure Marketplace listing with detailed service specifications and performance metrics
Detailed information about Ontinue's Microsoft-native MXDR service and partnership
Educational resource explaining MXDR concepts and Ontinue's approach to managed extended detection and response
Press release announcing ION IQ AI capabilities including Critical Asset Intelligence and Microsoft Teams integration
Announcement of Microsoft Cloud Security Advanced Specialization certification achievement
Press release announcing the launch of Ontinue as Open Systems' new MDR division
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.