Using the City's Microsoft 365 tenant the selected vendor shall establish a tenant-resident 24x7x365 Managed Detection and Response (MDR) service while providing full operational control of the SOC function. The vendor shall manage all detection, response, and tuning activities within the City's tenant. The vendor shall deliver Tier 1 endpoint detection, containment, and remediation services. The goal is to enable internal teams to focus on higher-tier analysis and strategic initiatives, while also building a sustainable, co-managed environment that remains fully functional and documented within the City's tenant. All telemetry, rules, alerts, playbooks, and configurations for optimal security operations will reside within the tenant to ensure portability and continuity over time. The initial scope centers on endpoint protection and Microsoft-native telemetry, but the architecture should be designed with future expansion in mind — including integration of identity, network, and infrastructure logs to support broader correlation and detection capabilities. This RFP anticipates the requirement of additional Microsoft licensing. The vendor's proposal must clearly identify any such requirements as part of the proposal. However, procurement of Microsoft licenses is not included within this solicitation and will be completed through the City's existing Microsoft EA.
