March 12, 2026
Strengthening Cyber Defense at Speed: Guardian 365, Inforcer, and the New IOC Feed
Share this post
Author
Cyber threats are evolving faster than ever — and the ability to respond quickly, consistently, and at scale has become a core requirement for modern security operations.
As part of ongoing enhancements to Guardian 365, Forsyte is introducing the Guardian 365 IOC Feed, a new capability powered by Inforcer that enables rapid deployment of defensive security controls across customer environments. To support this enhancement, all existing Guardian 365 customers are asked to complete (or re‑complete) Inforcer onboarding and formally confirm their participation in the IOC Feed by April 1, 2026.
Why This Matters Now
Recent geopolitical developments — including ongoing conflict in the Middle East — have coincided with increased cyber activity from both state‑aligned and opportunistic threat actors. These events reinforce a critical reality: threat actors move faster than traditional change control processes. Guardian 365 is designed to help organizations stay ahead of these threats. Inforcer enables Forsyte’s SOC to deploy defensive security configurations at speed, including:- Proactively blocking confirmed Indicators of Compromise (IOCs)
- Staging additional security configurations for customer review when credible intelligence indicates elevated risk
What Is the Guardian 365 IOC Feed?
The Guardian 365 IOC Feed allows Forsyte’s SOC to deploy blocking rules for confirmed malicious infrastructure, including:- Malicious IP addresses
- Domains
- Email sender addresses
- File hashes
How It Works
- IOC blocking rules are deployed immediately to provide instant protection
- Rules are applied across the Microsoft Defender XDR stack
- Customers receive an IOC bulletin prior to each deployment, including threat context and a full list of blocked indicators
Opt‑In vs. Opt‑Out: What’s the Difference?
Customers Who Opt In
By opting in, customers authorize Forsyte to:- Deploy IOC blocking rules automatically through Inforcer
- Respond rapidly to emerging threats on the customer’s behalf
- Apply consistent protection across the Guardian 365 customer community
Customers Who Opt Out
Customers who opt out will:- Continue receiving Guardian 365 threat communications and IOC details
- Assume responsibility for deploying defensive protections internally
What Is Inforcer and Why It Matters
Inforcer is a cloud platform used by Guardian 365 to manage and deploy Microsoft 365 security configurations across customer environments. Key capabilities include:- Centralized security configuration management
- Automated policy deployment
- Faster rollout of security protections
- Continuous monitoring for configuration drift on critical controls (such as Conditional Access and Defender for Office 365 – in progress)
Value of Inforcer for Existing Guardian 365 Customers
Inforcer enhances Guardian 365 by enabling the SOC to rapidly deploy protections informed by real‑world threat intelligence and operational experience, including:- Proactive IOC blocking
- Rapid deployment of Exchange transport rules for phishing campaigns
- Custom detection rules across Defender XDR
- Faster rollout of security posture improvements
Security‑First Deployment Approach
Security controls deployed through Inforcer follow a risk‑based deployment model:Deployed Actively
- IOC blocking rules are deployed in a live production state
- Used only for high‑urgency, validated threats
- Provide immediate protection against known malicious activity
Staged for Approval
- Policy changes, configuration updates, and structural improvements
- Deployed in report‑only, disabled, or unassigned states
- Activated only after customer review and approval
Inforcer Onboarding: What Customers Need to Do
To support the IOC Feed and ongoing Guardian 365 enhancements, customers must complete Inforcer onboarding by April 1, 2026.High‑Level Steps
- Accept the Microsoft Partner Center (Indirect Reseller) relationship
- Accept the GDAP delegated access request
- Confirm successful integration provisioning
Key Takeaway for IT & Security Leaders
The Guardian 365 IOC Feed and Inforcer onboarding are designed to help organizations:- Respond faster to emerging threats
- Reduce operational friction during high‑risk events
- Maintain consistent protection across Microsoft 365 environments
Action Required
Complete Inforcer onboarding and confirm IOC Feed participation by April 1, 2026. Contact your Guardian 365 CSAM to get started or ask questions.Ready to make security easy?
Find out where your organization stands. Our free security assessment gives you a clear picture of your current posture and a roadmap for what comes next.