This tool is provided as-is for use by authorized security professionals and system administrators with proper authorization to manage Microsoft Defender for Endpoint environments.
- You must have proper authorization to use MDE Live Response on target systems
- Use only within environments where you have explicit permission
- The authors are not responsible for any misuse of this tool
Author: Alex Kefallonitis — LinkedIn Organization: FalconForce
Internal authentication flows are based on XDRInternals by Fabian Bader & Nathan McNulty.
Last updated: 2026-04-14