Staying ahead of the evolving email threat landscape

Email remains the most exploited gateway for cyberattacks and the threat landscape is evolving fast. Cyberattackers are increasingly leveraging AI to automate and amplify their campaigns, making each attack vector more sophisticated and harder to detect. Our latest Microsoft Digital Defense Report reveals how business email compromise (BEC) has evolved from a low-volume scam into a professionalized, service-driven economy.

This industrialization of email-based crime and the growing use of AI by threat actors is one reason why we’ve doubled down on strengthening protections for our customers. Over the past year, we’ve introduced advanced defenses against emerging attack types, enhanced social engineering safeguards, and expanded coverage across collaboration tools like Microsoft Teams.

This growing cyberthreat landscape is why we need to fight AI with AI and lead with a unified platform approach to defend against sophisticated, multimodal attacks holistically.

Innovating to defend email with agentic AI

Our research shows that phishing attacks remain one of the most persistent and damaging threats to organizations worldwide. Security teams are under constant pressure to investigate a growing number of user-reported phishing emails daily, aiming for accurate verdicts and timely responses. Defender for Office 365 is focused on protecting against this evolving email and collaboration threat landscape by infusing AI agents and agentic workflows into the core of our security solution and security operations center (SOC) operations to strengthen our defenses, automate repetitive tasks, and accelerate investigations. Our recent innovations to defend against phishing attacks and more include:

• Agentic email grading system uses advanced, AI-powered analysis when admins or users submit phishing emails to Microsoft for review. By integrating language models and agentic workflows into Defender for Office 365, the system delivers rapid, transparent verdicts and provides the submitter with context-rich explanations for each reported message. This approach reduces reliance on manual reviews, thereby shortening Microsoft’s response times, and it helps deliver consistent, high-quality outcomes. A built-in feedback loop enables continuous learning for both humans and models and adapts based on new cyberthreats, so that our evaluation considers the latest threat landscape.
• Microsoft Security Copilot Phishing Triage Agent is designed to autonomously handle user-submitted phishing reports at scale in Defender for Office 365. The agent enables SOC teams by classifying incoming alerts, resolving false positives, and escalating only malicious cases that require human expertise. It automates repetitive tasks, accelerates investigations, and provides full transparency in every decision, allowing security teams to focus on what matters most—investigating real cyberthreats and strengthening the overall security posture. Early results prove how it is transforming analyst showing measurable impact of 40% reduction in time to resolution and significant decrease in manual triage workload. To make it easier than ever for organizations to harness the power of Security Copilot agents to protect at the speed and scale of AI, Security Copilot will be included for all Microsoft 365 E5 customers.*
• Email bombing protection—Email bombs send large volumes of emails to overflow a mailbox, overwhelm the user and distract attention from important email messages indicating a security breach. Defender for Office 365 now intelligently tracks message volumes across different sources and leverages historical patterns of the sender and signals related to spam content to identify these types of attacks. It automatically sends them straight to the junk folder, keeping the user’s inbox clean and the organization protected.

Driving transparency in the industry across ICES and SEG vendor effectiveness

At Microsoft, we believe that transparency is foundational to trust, and we are committed to delivering it through clear, actionable insights. By providing in-product transparency reports, we give customers visibility into security performance and outcomes. As both an email platform and a security provider, we want to work together with our ecosystem and do more to empower customers to understand email security effectiveness. That’s why earlier this year we introduced comparative benchmarking reports designed to assist customers in evaluating the benefits of integrating multiple email security solutions.

Testing these benchmarks relies on real-world email threats observed across the Microsoft ecosystem, rather than synthetic data or artificial testing environments. The study compares environments protected exclusively by Defender for Office 365 with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.

The future of email security

As email-based attacks continue to grow in sophistication and are increasingly fueled by AI, the need for AI-powered defenses and end-to-end AI security platforms becomes more urgent. Microsoft is committed to leading this transformation by:

• Investing in agentic AI to empower defenders with autonomous capabilities.
• Using the latest AI technology in our technology stack to defend against emerging cyberthreats.
• Expand our capabilities to new attack surfaces like Microsoft Teams and attack patterns like deepfakes.

We’re not just building tools; we’re shaping the future of cybersecurity. Our roadmap is guided by the real-world challenges faced by security teams and the outcomes they strive for: effective protection, fast detection, and smarter response.

We’re honored by the Gartner recognition and deeply grateful to our customers, partners, and the analyst community for their continued trust and collaboration.

Learn more

You can learn more by reading the full 2025 Gartner® Magic Quadrant™ for Email Security report. To learn more about Microsoft Defender for Office 365, visit our website. 

Are you a regular user of Microsoft Defender for Office 365? Share your insights on Microsoft Defender for Office 365 and get rewarded with a $25 gift card on Gartner Peer Insights™.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

*Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

**This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner and Magic Quadrant are trademarks of Gartner, Inc., and/or its affiliates.

Gartner, Magic Quadrant for Email Security, 1 December 2025, By Max Taggett, Nikul Patel

The post Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security appeared first on Microsoft Security Blog.

Strengthening cyber defense in the age of agentic AI with Microsoft Sentinel

Microsoft Sentinel has now evolved beyond a cloud-native SIEM into a unified, AI-powered security platform, connecting analytics and context across ecosystems at scale. With a centralized, purpose-built security data lake and graph capabilities, organizations gain deeper insights and richer context for more effective cyberthreat detection and investigation. The Model Context Protocol (MCP) server and agentic tools make data agent-ready, paving the way for seamless integration with autonomous security agents and unlocking new possibilities for proactive defense.

We realized that we needed to uplift our capability in the security operations center. We wanted a platform that could help us face the challenges of offensive use of AI so we could defend at machine speed.

—David Boda, Chief Security and Resilience Officer, Nationwide

Optimizing costs and coverage

Now generally available, the Microsoft Sentinel data lake serves as the foundation for modern, AI-powered security operations. Purpose-built for security, it features a cloud-native architecture that centralizes all security data from more than 350 sources across platforms and clouds. The Microsoft Sentinel data lake simplifies data management, eliminating silos, and enables cost-effective long-term retention, empowering organizations to maintain strong security postures while optimizing budget. By unifying historical and real-time security data, the data lake helps AI agents and automation perform advanced analytics, detect anomalies, and execute autonomous cyberthreat responses with precision and speed.

To further help organizations optimize their security operations, Microsoft Sentinel has native features like:

• SOC optimization helps security teams improve coverage, reduce costs, and streamline operations by providing AI-powered recommendations on data usage, cyberthreat detection gaps, and analytics efficiency. These insights empower defenders to make smarter decisions and maximize return on investment.
• New cost management features in preview help customers with cost predictability, billing transparency, and operational efficiency.

Accelerating the SOC with advanced analytics and AI

Microsoft Sentinel is transforming security operations with advanced analytics, agentic AI, and MCP server. Microsoft Sentinel data lake centralizes security data from hundreds of sources, enabling real-time detection, contextual analysis, and autonomous response. The integration of agentic AI and Microsoft Security Copilot allows defenders to automate investigations, correlate complex signals, and respond to cyberthreats at machine speed. The MCP server further enhances these capabilities by making security data agent-ready. Support for tools like Kusto Query Language (KQL) queries, Spark notebooks, and machine learning models within the Microsoft Sentinel data lake empowers agentic systems to continuously learn, adapt, and act on emerging cyberthreats, driving smarter, faster, and more contextual security operations across the SOC. This AI-powered approach reduces alert fatigue and accelerates decision-making, strengthening security posture across the SOC.

Together, these capabilities empower SOC teams to operate at the speed of AI, reduce noise, and focus on high-impact investigations, driving clarity, efficiency, and resilience across the security lifecycle.

Empowering defenders with industry-leading SIEM

Microsoft Sentinel enhances security operations by unifying SIEM, security orchestration, automation, and response (SOAR), user and entity behavior analytics (UEBA), and threat intelligence into a single, integrated experience. With full integration into the Microsoft Defender portal, Microsoft Sentinel delivers a consolidated view for detection, investigation, and response across endpoints, identities, cloud, and network—streamlining workflows and enhancing efficiency for SOC teams.

• Advanced correlation algorithms combine behavioral analytics, machine learning, and threat intelligence to connect events and deliver comprehensive security insights.
• Custom rules and MITRE ATT&CK® mapping allow defenders to tailor detection strategies for their specific needs.
• Built-in orchestration and automation capabilities reduce manual effort, accelerate incident response, and free analysts to focus on high-value tasks.
• UEBA powered by AI provide deep behavioral insights to detect anomalies and insider threats.
• Integrated threat intelligence enriches investigations with real-time insights, enabling faster detection, deeper context, and more accurate response across the SOC.
• Embedded AI and machine learning accelerate threat detection, reduce false positives, and enable advanced hunting and automated investigations—helping SOC teams respond faster and with precision.

Microsoft Sentinel has comprehensive machine learning threat analytics models that allow us to hunt and detect any security threat, no matter how sophisticated or hidden they are. Microsoft Sentinel has intelligent security event management features which help us to accurately investigate security threats to understand the origin, making it easy to identify the most appropriate way to handle them.

—Software Development Project Manager, Software Industry (Source: Gartner Peer Insights™)

Download the report

To learn more about why Microsoft was named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM, download the full report.

Looking forward

As cyberthreats grow in sophistication, the need for intelligent, adaptive, and end-to-end AI security platforms becomes more urgent. Microsoft is committed to leading this transformation by:

• Investing in agentic AI to empower defenders with autonomous capabilities.
• Empowering defenders with a cost-effective data lake for deeper insights and scalable analytics.
• Enhancing cross-platform integrations for holistic protection.
• Driving community collaboration through open content hubs and shared analytics.

We’re not just building tools; we’re shaping the future of cybersecurity. Our roadmap is guided by the real-world challenges faced by SOCs and the outcomes they strive for: faster detection, smarter response, and stronger resilience.

We’re honored by the Gartner recognition and deeply grateful to our customers, partners, and the analyst community for their continued trust and collaboration.

Are you a regular user of Microsoft Sentinel? Share your insights and get rewarded with a $25 gift card on Gartner Peer Insights™.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Eric Ahlm, Angel Berrios, Darren Livingstone, 8 October 2025

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant and Peer Insights are registered trademarks of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved.

The post Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM appeared first on Microsoft Security Blog.

Defender for Endpoint’s ability to disrupt ransomware at scale stems from our commitment to empowering security analysts against the most sophisticated cyberthreats. We are honored to be recognized once again as a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms—our sixth consecutive time. Microsoft was recognized for its completeness of vision and ability to execute, which we believe underscores the effectiveness of Defender for Endpoint in the face of an ever-shifting digital threat environment.

Microsoft Defender for Endpoint is an endpoint security solution that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across Windows, Linux, macOS, Android, iOS, and Internet of Things (IoT) devices. It is core to Microsoft Defender’s unified security operations platform and built on global threat intelligence informed by more than 84 trillion daily signals and more than 10,000 security experts.¹

We thank our customers and partners for their essential role in advancing Microsoft Security.

Over the past year, Microsoft has introduced key advancements to endpoint security that have empowered defenders to stay ahead of evolving cyberthreats, including:

• Proactively securing digital environments with exposure management capabilities spanning pre-to-post breach: Reducing exposure risks like vulnerabilities and misconfigurations is foundational to endpoint security. Defender for Endpoint’s unique visibility into a device estate helps security operations center (SOC) analysts see and harden against their organization’s level of exposure to weaknesses and exploits with an actionable risk score (endpoint security initiative). In the case of a cyberattack, analysts can further protect the organization and accelerate response with potential attack paths embedded into the incident. Analysts gain end-to-end visibility into attack paths bad actors may take across devices to reach high-value assets, enabling fast, informed decisions when it matters most.

• Disrupting ransomware attacks even earlier in the cyberattack chain with automatic attack disruption: Unique to Microsoft, automatic attack disruption is a built-in self-defense capability that contains in-progress cyberattacks to prevent further lateral movement and damage to an organization. The most pervasive cyberthreat to network-connected devices is ransomware, one of the many scenarios covered by attack disruption. Up to 90% of successful ransomware campaigns leverage unmanaged endpoints, which are typically personal devices that people bring to work.¹ Automatic attack disruption now extends to unmanaged shadow IT devices and critical assets. Defender for Endpoint can detect and contain malicious IP addresses associated with unmanaged or undiscovered devices. It stops threat actors from exploiting vulnerable entry points, preventing lateral movement before it starts. Attack disruption now also granularly isolates cyberthreats on critical assets such as domain controllers, helping defenders preserve key network functions and ensure operational continuity during an attack.

• Enhancing Linux support: Microsoft supports even more Linux distributions, including ARM64 and has reduced resource requirements. These releases reflect the continual progress we’ve made for securing Linux servers on top of our strategic shift over a year ago to eBPF sensor technology that improves system control, minimizes resource demands, and boosts security performance. We’ve also continued delivering cross-platform innovation across Windows, macOS, iOS, Android, and IoT for comprehensive endpoint security.

• Unifying our agent across XDR workloads: The single agent makes it faster and easier to activate and manage core capabilities across endpoint, operational technology (OT), identity, and data loss prevention workloads so you can quickly unlock the value of AI-powered protection. Organizations simply deploy it once and then enable each solution as needed. Microsoft applies its long-established safe deployment practices in delivering the latest protections to help organizations outpace evolving cyberthreats without compromising operational stability. As a part of this process, admins have full control over these software updates.

• Accelerating SOC operations with Microsoft Security Copilot: It is the cybersecurity industry’s first generative AI solution, generally available as of April 2024. Built into the Microsoft Defender portal, it helps SOC analysts investigate, contain, and remediate cyberthreats in minutes. It delivers endpoint-specific capabilities such as recommending tailored guided responses related to devices, analyzing suspicious scripts, and translating natural language questions into ready-to-run Kusto Query Language (KQL) queries. Microsoft Security Copilot agents, introduced this year, automate routine tasks by fitting naturally into existing workflows across the security stack. These agents align to Microsoft’s Zero Trust principles, learn from feedback, and remain under SOC control.

• Supporting a global SOC: Security analysts navigate many complexities in their daily operations—language barriers should not be one of them. The Microsoft Defender portal provides experiences in more than 100 languages and dialects. Documentation covers more than 60 languages. This extensive language coverage ensures that analysts can easily navigate, understand, and act with confidence in their native tongue. Wherever the analyst is, Defender likely speaks their language. 

• Extending your SOC team with Microsoft Defender Experts for XDR: Sophisticated threats span beyond endpoints. We’ve been continually enhancing the capabilities and improving the efficiencies of Microsoft Defender Experts for XDR, our managed XDR service. Defender Experts for XDR offers around-the-clocl, expert-led managed triage, investigation, and response across domains, along with proactive threat hunting—strengthening SOC capabilities around the clock.

Market leadership isn’t just about responding to current needs—it’s about driving the next wave of innovation. Microsoft is investing significantly in helping SOC teams quickly scale their endpoint defenses through foundational enhancements designed to radically simplify deployment and advanced AI-powered autonomous capabilities spanning pre-to-post breach, to name just a couple of highlights for what’s ahead.

Thank you to all our customers and partners. Your partnership drives our mission forward as we work side by side to build a safer, more secure world.

Learn more

If you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform. 

Are you a regular user of Microsoft Defender for Endpoint? Share your insights on Microsoft Defender for Endpoint and get rewarded with a $25 gift card on Gartner Peer Insights™.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2024.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Deepak Mishra, Franz Hinner. July 14, 2025.

Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

The key to fighting ransomware at scale is Microsoft’s unwavering commitment to simplifying, automating, and augmenting security analyst workstreams to meet the demands of today’s and tomorrow’s cyberthreat environment. We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner^® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time. We believe this announcement reflects Microsoft’s continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center (SOC) teams.

Microsoft Defender for Endpoint is an endpoint security platform that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across Windows, Linux, macOS, Android, iOS, and Internet of Things (IoT) devices. It is core to Microsoft Defender XDR and built on global threat intelligence—informed by more than 78 trillion daily signals and more than 10,000 security experts—empowering security teams to fend off sophisticated threats.²

Our customers and partners have been an invaluable part of this multiyear journey, and we are grateful for both their business and their partnership. Read the complimentary report providing more details on our positioning as a Leader.

Microsoft Defender for Endpoint is built from the ground up with operational resilience in mind. It starts with our agent architecture that follows best practices for Windows by limiting its reliance on kernel mode while protecting customers in real-time. It does not load content updates from files in the kernel mode driver. As an added safeguard, we deliver updates to customers applying Microsoft’s long-established safe deployment practices (SDP) model. Customers have full control over how these updates are delivered and how controls are applied to their device estate. This model of shared control helps provide security and resiliency. 

Over the last 12 months, Microsoft has delivered significant innovations that have helped defenders gain the upper hand against cyberthreats including: improved attack disruption, Microsoft Copilot for Security, a new Linux agent, simplified settings management, the unified security operations platform and Microsoft Defender Experts for XDR.

Automatic attack disruption, unique to Microsoft, is a self-defense capability that stops in-progress cyberattacks by analyzing the attacker’s intent, identifying compromised assets, and isolating or disabling assets like users or devices at machine speed. For example, in July 2024 we discovered the CVE-2024-37085 vulnerability. Numerous ransomware operators exploited it to encrypt the entire file system and move laterally in the network. Attack disruption fends off such sophisticated ransomware attempts by blocking lateral movement and remote encryption in a decentralized way across all your device estate—in just three minutes on average.³ This is a capability that Microsoft continues to invest in to disrupt more scenarios even earlier in the cyberattack chain.  

Microsoft Copilot for Security is the industry’s first generative AI that empowers security teams to protect at the speed and scale of AI, generally available as of April 2024. Embedded within the Defender XDR experience, it assists analysts by providing enriched context for faster and smarter decisions. It accelerates investigation, containment, and remediation with prescriptive step-by-step guidance. Analysts can now easily understand attacker actions with intuitive script analysis and launch complex Kusto Query Language (KQL) queries using plain language. The results from a randomized controlled trial based on 147 security professionals showed significant efficiency gains including speed and quality improvements when using Copilot for Security. Security professionals were up to 22% faster across all tasks, and more than 93% of users wanted to use Copilot again.

A new Linux agent has been built from scratch, using eBPF sensor technology to deliver the performance and stability needed for mission-critical server workloads while providing visibility into cyberthreats. We continue prioritizing innovations across every type of endpoint from Windows, Linux, macOS, iOS, Android, and IoT to provide the holistic endpoint security that organizations need.

Simplified setup and change management help analysts configure devices correctly to minimize threat exposure. With the general availability of simplified settings management, SOC analysts can manage security policies without leaving the Defender XDR portal.

Unified security operations platform brings the foundational tools a SOC needs into a single experience, with a consistent data model, unified capabilities, and broad protection. This unification helps SOCs close critical security gaps and streamline their operations, delivering better overall protection, reducing their response time, and improving overall efficiency. Defender for Endpoint is core to this platform, which combines “the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security.” By working seamlessly across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Security, security analysts need only a single set of automation rules and playbooks. Plus, they can use plain language to execute complex tasks in an instant with Copilot for Security embedded in the platform.

Microsoft Defender Experts for XDR gives your security team coverage with around-the-clock access to Microsoft expertise. Recognizing that sophisticated cyberthreats go beyond the endpoint, Microsoft offers Microsoft Defender Experts for XDR. This managed service is available 24 hours a day, 7 days a week, helping organizations extend their SOC team to fully triage events and respond to incidents across domains.

Thank you to all our customers. You inspire us as together we work to create a safer world.

Learn more

If you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform. 

Are you a regular user of Microsoft Defender for Endpoint? Review your experience on Gartner Peer Insights™ and get a $25 gift card.    

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2024 Microsoft Digital Defense Report. Publishing October 15, 2024.

²Microsoft Digital Defense Report, Microsoft. 2023.

³Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

Are you a regular user of Microsoft Sentinel? Review your experience on Gartner Peer Insights™ and get a $25 gift card. 

Microsoft Sentinel is enriched by AI, automation, and Microsoft’s deep understanding of the threat landscape, empowering defenders to hunt and resolve critical threats at machine speed. Our comprehensive solution works seamlessly across multiple clouds, platforms, and security stacks offering many out-of-the-box connectors and customizable content to effectively protect the entire digital estate at scale. Leveraging our capabilities, customers have seen up to 234% return on investment (ROI) over a three-year period and have reduced costs as much as 44% by discontinuing legacy SIEM solutions.² 

Microsoft is on a mission to modernize security operations, enabling analysts to act swiftly and more efficiently with a robust, cost-optimized, and intuitive solution.

Microsoft Sentinel

Build next-generation security operations powered by the cloud and AI.

Try for free

Transforming Security Operations 

Tens of thousands of customers trust Microsoft Sentinel to accelerate protection of their organizations with a simplified, scalable, and comprehensive approach. Over the last year, our engineering team has been hard at work delivering new innovations in several key areas, including:    

• A comprehensive and unified security operations platform: The platform blends the best of SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience offering end-to-end protection by consolidating various security operations tools into a single, coherent experience, powered by generative AI. In the unified security operations platform, features are unified across Microsoft Sentinel and Microsoft Defender XDR, with embedded Copilot for Security, to deliver more comprehensive protection, speeding up time to respond and reducing the workload on analysts. 

• Robust out-of-the-box content: To effectively protect all clouds and platforms, Microsoft Sentinel offers pre-built content and solution packages that can be customized enabling detection, response, and defensive capabilities in the SOC. Over the last few months, we have enhanced our multicloud data collection (AWS and GCP), updated codeless connectors, expanded data coverage to more third-party sources, and extended protection to various critical business applications (SAP, Microsoft Dynamics 365, and Power Platform) among many more innovations. 

• Splunk SIEM migration tool: We announced the general availability of the new SIEM Migration tool to simplify and accelerate SIEM migrations to Microsoft with automated assistance. Today, the experience supports conversion of Splunk detections to Microsoft Sentinel analytics rules with more capabilities coming in the months ahead. 

• SOC efficiency: SOC optimization capability enables security teams to customize and manage their SIEM more efficiently for specific business and security requirements. With dynamic, research backed recommendations to optimize data usage, costs, and coverage against relevant threats, analysts can confidently identify opportunities to reduce costs, improve security posture, and see value more quickly. 

• Copilot for Security: Copilot empowers security teams to make informed decisions in the SOC to protect at the speed and scale of AI. It offers skills to translate natural language to Kusto Query Language (KQL), accelerate incident investigation and response by automating manual tasks with customizable promptbooks, summarizes incidents with full context, helps prevent breaches with dynamic insights from Microsoft Threat Intelligence, and more. 

• Enhanced incident experience: The new incidents page experience provides more context for SOC analysts to efficiently triage, investigate, and respond quickly to incidents. Many new investigation, response, and incident management features offer the analysts the information and tools necessary to understand the incident and full scope of the breach while making navigation easy and context switching less frequent. New features include top insights, a new activity log for incident audits, a Log Analytics query window to investigate logs and more. 

Download the complimentary report to get more details on our positioning as a Leader. Our customers and partners have been an invaluable part of this multiyear journey. We owe our immense gratitude to you. 

Microsoft is here to help customers who may be re-evaluating their SIEM due to vendor acquisition and are looking to move to a market leader with an ongoing commitment to innovation.

Looking forward 

In 2024 we’ll continue to listen to customer needs and further enhance Microsoft Sentinel’s advanced threat-protection capabilities to empower defenders and drive efficiencies for SOC teams.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity

¹Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Mitchell Schneider, Rustam Malik, Eric Ahlm, May 8 2024.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. 

²The Total Economic Impact™ of Microsoft Sentinel, a commissioned study conducted by Forrester Consulting on behalf of Microsoft. Results are for a composite organization based on interviewed customers. 

The post Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ appeared first on Microsoft Security Blog.

Microsoft Entra is a unified identity and network access solution that protects any identity and secures access to any application or resource, in any cloud or on-premises. We’re grateful to all of you—our customers and partners, for your generous feedback that guides our product vision, roadmap, and innovation, and for the collaborative engineering approach that has enabled us to co-create modern identity and access solutions.  

Today, we are honored to announce that for the seventh year in a row, Microsoft has been named a Leader in the 2023 Gartner® Magic Quadrant ^TM for Access Management. We believe Microsoft’s placement in the Leaders quadrant validates our commitment to empowering our customers with a comprehensive solution powered by AI and automation.

Making it easier to secure access

Microsoft Entra’s mission is to help you stay ahead of the evolving digital threat landscape by making it easier to secure access to everything, for everyone, from anywhere. This year, we released several key innovations in pursuit of this goal. Here are a few recent highlights: 

First, we introduced Microsoft Entra ID Governance, our complete identity governance solution that helps ensure the right people have the right access to the right resources at the right time. This cloud-delivered product includes capabilities that were already available in Microsoft Entra ID, plus more advanced tools that automate identity and access lifecycle management, and simplify access governance for on-premises, software as a service, and cloud apps and resources.

Second, we made significant progress towards offering additional phishing-resistant authentication methods in alignment with Executive Order 14028: Users will be able to sign in using passkeys managed from the Microsoft Authenticator app, which is also Federal Information Processing Standards (FIPS) 140-compliant for both iOS and Android. We have also added more customization for our cloud-based certificate-based authentication (CBA) solution. 

Third, Microsoft Entra ID introduced a series of marquee features, including Microsoft Entra ID Protection that help you proactively block identity takeover in real-time. These innovations include a brand-new dashboard with improved security posture insights and recommendations, new risk detections that can prevent attacks in their early phases, and an integration with Microsoft Defender XDR to correlate incidents. Strict location enforcement capabilities have also been added to continuous access evaluation (CAE), which enables Microsoft Entra ID to use those signals to revoke access and remediate potential compromise if a change in location was detected in in near real-time. As part of an ongoing commitment to token protection, Microsoft Entra ID also released sign-in session token protection to help defend against token theft attacks. 

Fourth, we released the preview of new, unified capabilities in Microsoft Entra External ID, our next-generation customer identity and access management platform that unifies secure and engaging experiences for all external identities, including customers, partners, citizens, and others within a single integrated platform. These new capabilities deliver a more developer-centric platform with the latest security and governance capabilities of Microsoft Entra ID and deep integrations across Microsoft Security. 

Fifth, we launched our new identity-centric Security Service Edge solution with the release of two products, Microsoft Entra Internet Access and Microsoft Entra Private Access. This solution unifies identity and network access controls under a single policy engine, extending universal Conditional Access controls to any user and any resource across identity, endpoint and network. By bringing these two solutions into the Microsoft Entra portfolio, we’re expanding our reach beyond identity and access management to a comprehensive solution that can help secure access holistically.

We can’t wait to bring more innovations to the Microsoft Entra portfolio in this new year and continue making progress against our goal to simplify securing access to everything, for everyone.

Discover the Microsoft Entra product family

The Microsoft Entra product family includes:

• Microsoft Entra ID, part of Microsoft Entra, our flagship cloud identity product.
• Microsoft Entra Permissions Management, our cloud infrastructure entitlement management product.
• Microsoft Entra External ID, our customer identity and access management product.
• Microsoft Entra Verified ID, our decentralized identity product.
• Microsoft Entra Identity Governance, our complete identity governance product.
• Microsoft Entra Workload ID, our product that brings advanced security and governance to non-human identities.
• Microsoft Entra Internet Access, our identity-centric secure web gateway (SWG) product.
• Microsoft Entra Private Access, our identity-centric Zero Trust Network Access (ZTNA) product.

Are you a regular user of Microsoft Entra? Review your experience on Gartner Peer Insights™ and get a $25 gift card.

Microsoft Entra

Unified multicloud identity and network access help you protect and verify identities, manage permissions, and enforce intelligent access policies, all in one place.

Try for free

Learn more

You can learn more by reading the full 2023 Gartner^® Magic Quadrant^TM for Access Management report. To learn more about the Microsoft Entra portfolio and its products, visit our website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner, Magic Quadrant for Access Management, by Henrique Teixeira, Abhyuday Data, Nathan Harris, Robertson Pimentel. 16 November 2023.

The post Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​ appeared first on Microsoft Security Blog.

1.  Strong cloud adoption rates will continue

Macroeconomists may be pessimistic about gross domestic product growth in Europe and the United States in 2023, but even in weak macroeconomic scenarios, cloud growth rates remain stellar.¹ Gartner® predicts almost 30 percent growth for infrastructure as a service and almost 25 percent growth for platform as a service in 2023, as compared to 2022 in the worldwide public cloud user spending category. A September 2022 survey of chief technology officers (CTOs) by Evercore-ISI asked the top things they would do in response to reduced budgets or inflationary pressure.² The top answer (from 44 percent of CTOs): increase their use of the cloud. Gartner® predicts that by 2025 more than 90 percent of clients will use cloud-based unified endpoint management (UEM) tools, up from 50 percent in 2022. So, if you have not migrated your UEM to the cloud yet, 2023 is the year to start.

2. Security will remain the top issue for CTOs into 2023

When asked in September about their highest priority project (in terms of incremental spending), 42 percent of CTOs said cloud security. Network security was the second most common response, with analytics third.² Credit Suisse recently polled CTOs on how different categories in their IT budget would grow.³ In 2021 and 2022, security was ranked top, with an 11 percent increase. Asked to predict the growth in security spending in 2026, security again ranked highest, but the expected increase was even more: 14 percent. Underlying factors provide color to the raw growth numbers. The geopolitical storm continues, and new avenues continue to emerge for hackers. I expect to hear even more about deepfake videos and ransomware as a service in 2023. So, how do chief information security officers (CISOs) strengthen their organization’s defenses in 2023? We would propose two initiatives: first, ensure security software is suitably integrated with a unified console to enable fewer points of vulnerability and more automation. By extension, this might mean consolidating vendors. Second, tackle the human aspect: invest in upskilling staff on how best to be aware of potential attacks.⁴

3. Worker mobility will increase further

The past few years have changed the model for knowledge workers. 2023 will see several shifts that will add to the hybrid work from anywhere (and hence, protect everywhere) trend. Next year will see mass adoption of 5G capable devices: Juniper Research estimates that there will be 600 million more 5G connections added in 2023 alone.⁵ Technological trends will be compounded by demographic trends, such as “productivity paranoia,” where workers want to show they are being productive, no matter where they are. What does this mean for CISOs? New working styles, new networks, and new devices mean new attack vectors. In 2023, be ready to protect your workers who are working from anywhere, not just from home.

4. CTOs will need to pay more attention to local factors

There is always a balance between global and local initiatives, but in 2023, we expect that it will be increasingly difficult to just adopt a one-size-fits-all global shortcut. We are seeing an increasing number of national regulations related to data sovereignty, with implications for where that data is stored and secured.⁶ 2023 will see further digital transformation of public sector agencies. These agencies often have more country-specific security or compliance rules compared to their private sector counterparts. As such, CISOs need to ensure their endpoint management solutions (and, indeed, their entire technology architecture) can adapt to handle extra local requirements.

5. Truly transformative technology will rise to the top

My final prediction is that 2023 will see further clarity on the difference between genuinely transformative technology and tech that has been overhyped. One technology that I expect to compare favorably for enterprises in 2023 will be more advanced forms of automation, such as AI. AI start-ups have seen more than USD100 billion in venture capital investment since 2020, in everything from the development of new drugs to new ways to create art and writing (and, perhaps, eventually, transform how blogs are created!).⁷ Security represents a great opportunity for advanced automation and AI, given the nature of the ongoing problems CISOs must grapple with. As such, while new AI-generated images may garner the headlines, away from the limelight we expect many other enterprise software solutions to benefit from both sophisticated AI and simply greater automation.⁸ For example, in endpoint management, Gartner® sees that by 2027, UEM and digital employee experience tools will converge—to drive autonomous endpoint management, reducing human effort by at least 40 percent. The more that security tasks are automated, the more time is freed up for more strategic work by your key staff.

Learn more

I hope you found these 2023 trends thought-provoking. I would encourage you to continue to think about what the macro situation might mean specifically for your organization and translate that into an action plan for your Microsoft Intune assets in 2023. In the meantime, I wish you all a safe and thoughtful holiday season and wish you continued success in the new year.  

Learn more about how Microsoft Intune can simplify your endpoint management:

• Reduce your overall total cost of ownership with a new Microsoft Intune plan.
• Microsoft publishes new report on holistic insider risk management.
• Microsoft Intune blog.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹World Economic Outlook, October 2022: Countering the Cost-of-Living Crisis, IMF. October 15, 2022.

²Evercore-ISI Quarterly Enterprise Technology Spending Survey, September 15, 2022.

³Credit Suisse CIO Survey, Credit Suisse. October 6, 2022.

⁴What cybersecurity trends are expected in 2023? Muhammad Zulhusni, November 29, 2022.

⁵5G Service Revenue to Reach $315 Billion Globally in 2023, Juniper Research. October 23, 2022.

⁶Microsoft launches its Cloud for Sovereignty, Frederic Lardinois. July 19, 2022.

⁷State of AI Q2’22 Report, CB Insights. August 10, 2022.

⁸How a computer designed this week’s cover, The Economist. June 11, 2022.

The post Microsoft Intune: 5 endpoint management predictions for 2023 appeared first on Microsoft Security Blog.

When organizations respond to subject rights requests, they are both meeting their regulatory requirements and providing people with control over their personal data. Although responding to requests can be quite complex, Microsoft Priva Subject Rights Requests can help ease the process—and with the preview arrival of Right to be Forgotten, Priva Subject Rights Requests can further support how organizations respect the privacy of their customers and employees.

Understanding how people think about privacy

As many businesses around the world adapt their privacy practices, having both the tools that help address privacy requirements and a good understanding of how consumers perceive and feel about privacy are key to enabling trust with customers. Microsoft Priva, the brand category for Microsoft Security, was announced at Microsoft Ignite in 2021 by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity.² Priva solidified our commitment to supporting organizations in their privacy journey with products that help safeguard personal data and manage subject rights requests at scale. For organizations, having processes that help manage their privacy is critical, but it is also valuable to have a deep understanding of how people really think about privacy to guide their practices. We recently commissioned privacy research that explores the emotional textures of privacy and what triggers privacy vulnerability. We learned that when businesses empathize with the privacy concerns people have and transparently address them, they foster trust and differentiate themselves from competitors.

It’s important for organizations to assess the varying causes that spark privacy vulnerability for both their consumers and their business. For example, a consumer may feel anxious or helpless because they don’t know how their personal data is being used. However, if they are provided with transparency of how their data is being used and given clear options that enable the control of their data, their insecurities could be eased and trust in the process earned. For a business, privacy vulnerability could present itself through limited transparency or basic compliance—leaving room for privacy risk to potentially unfold. For instance, a business that might fulfill a data subject request unconvincingly, or with basic effort, could be managing its privacy at a vulnerable level. If that business were to practice a “beyond-compliance,” human-centered privacy approach, they could yield practices that help them build privacy resilience—helping them stand apart from their competitors while they earn trust from their customers.

Figure 1. The differing perspectives of consumers and businesses regarding privacy vulnerability versus privacy resilience.

The above figure demonstrates a privacy scale ranging from vulnerable to resilient and includes both consumer and business perspectives. On the consumer side, it ranges from feeling anxious, helpless, and lacking knowledge or motivation in protective coverage to secure, being in control, trusting the process, and being skilled in protective coverage. On the business side, it ranges from basic compliance, limited transparency, minimal control, and reactive approaches to beyond compliance, authentic privacy care, reciprocating data for value, and a proactive approach to consumer protection.

Microsoft Priva Subject Rights Requests can help

Many times, even though an organization may be focused on a proactive privacy approach, managing and responding to subject rights requests can be a tedious and cumbersome process. It can be extremely time-consuming and taxing as they are also time-bound, bringing extra complexity to the organization. Responding to these requests often requires a tremendous amount of collaboration and manual review, and producing just a single request can be quite expensive. Nonetheless, completing these requests is not just an obligatory requirement, but also a tangible way that expresses respect for customer and employee privacy.

Priva helps organizations more efficiently manage requests at scale—Priva Subject Rights Requests automates the search and collection of content relevant to the data subject and facilitates tasks such as in-line review, redaction, and collaboration, all from an easy-to-use dashboard. Admins can easily get started by leveraging request templates that help them create requests with recommended default configurations and use Microsoft Power Automate integration, as well as API support to better fit into their existing processes.

Figure 2. Priva Subject Rights Requests overview dashboard showing insights.

Priva Subject Rights Requests help admins meet the strict deadlines associated with regulations like GDPR and ease the administrative burden of tedious tasks related to collection, review, and redaction. Completing a request also often requires teamwork from various departments within the organization. Priva provides secure collaboration through Microsoft Teams and keeps a history tab, highlighting actions taken from all collaborators for easy auditing—streamlining the complexity of requests from beginning to post-completion.

Microsoft Priva Subject Rights Requests highlights:

• Automates discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
• In-place review and secure collaboration: Review files in place in their native views, perform redactions in-line with built-in tools, and consolidate collaboration within a protected platform.
• Ecosystem integration: Plugs into an organization’s existing process to manage requests in a unified way across the digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

The newest Priva Subject Rights Requests update, Right to be Forgotten, is here

Video 1. Microsoft Priva Subject Rights Requests (SRRs) new feature Right to be Forgotten is now in preview. See how we demonstrate going through a delete request using Microsoft Priva.

Both GDPR and CCPA include the Right to be Forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. For example, a former employee in an EU-based company believes she left documents containing her personal data in SharePoint. The employee can exercise her right to her personal data and make a subject rights request for deletion with that organization. As Priva Subject Rights Requests continues to evolve, we are excited to share the preview release of Right to be Forgotten, helping organizations meet requests such as the employee’s request for deletion.

This marks a significant update for Priva Subject Rights Requests as with this new feature, admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion—leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management. This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access to the reports tab where they can view their summary report and review results.

Figure 4. Delete request in the approval stage, showcasing approver details and the complete approval button.

Learn more

Although completing subject rights requests can be complex, Microsoft Priva Subject Rights Requests can help ease the process. As organizations continue to adapt to the privacy changes that impact their customers and their business, we are reminded that although changes to the privacy landscape are inevitable, there are resources to support these shifts. We invite you to learn more about Priva Subject Rights Requests by downloading our free eBook and encourage you to try Microsoft Priva Subject Rights Requests free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹State of Privacy: The Privacy Tech Driving a New Age of Data Wealth, Gartner®. August 2022.

²Protect your business with Microsoft Security’s comprehensive protection, Vasu Jakkal, Microsoft Security. November 2, 2021.

The post Simplify privacy protection with Microsoft Priva Subject Rights Requests appeared first on Microsoft Security Blog.

We are honored to announce that Microsoft has been named a Leader in the 2022 Gartner^® Magic Quadrant^TM for Access Management for Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.

We thank our customers who guide our strategy and product innovation, engage with us deeply in co-creating modern and secure identity solutions, and provide invaluable feedback that helps us continually raise the bar. We believe this incredible partnership has propelled us to be recognized as a Leader for the 6th year in a row and inspires us to grow our product portfolio, introducing innovative solutions so that our customers can do more with less.

Secure access for a connected world

As organizations have adopted new technologies to expand their digital environments, managing identities and access has become much more complex and time-consuming. To innovate without fear, organizations must ensure that they effectively protect their expanding digital estate as every new service immediately becomes a new attack surface. That’s why we’re building our identity solution as a pervasive trust fabric that can secure access to everything for everyone, whether that be within on-premises, Azure, Amazon Web Services, Google Cloud Platform, apps, websites, devices, or wherever organizations expand next.

To pave the way for the next generation of identity solutions, earlier this year as we announced Microsoft Entra, our new identity and access product family that can help any organization:

• Protect access to every app and every resource for every user.
• Effectively secure every identity including employees, customers, partners, apps, devices, and workloads across every environment.
• Discover and right-size permissions, manage access lifecycles, and ensure least privilege access for any identity.
• Keep users productive with simple sign-in experiences, intelligent security, and unified administration.

Discover the Microsoft Entra product family

Following our identity innovations announced at Microsoft Ignite 2022, the Microsoft Entra product family includes:

• Microsoft Azure Active Directory, part of Microsoft Entra, our flagship cloud identity product.
• Microsoft Entra Permissions Management, our cloud infrastructure entitlement management product.
• Microsoft Entra Verified ID, our decentralized Identity product.
• Microsoft Entra Identity Governance, our complete identity governance product.
• Microsoft Entra Workload Identities, our product that brings advanced security and governance to non-human identities.

Learn more

You can learn more by reading the full 2022 Gartner^® Magic Quadrant^TM for Access Management report. To learn more about the Microsoft Entra portfolio and its products, visit our website and check out our Ignite session covering our recent Microsoft Entra innovations.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner, Magic Quadrant for Access Management, By Henrique Teixeira, Abhyuday Data, Michael Kelley, James Hoover, Brian Guthrie. 2 November 2022.

The post Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year appeared first on Microsoft Security Blog.

As you see in the Magic Quadrant™ in Figure 1, Microsoft is positioned as a Leader in the 2022 Magic Quadrant™ for Unified Endpoint Management Tools. You will also see that Microsoft is highest on the “Ability to Execute” axis. Microsoft was also recognized as a Leader in the 2021 Magic Quadrant™ for Unified Endpoint Management Tools.

Figure 1. Magic Quadrant™ for Unified Endpoint Management Tools.

Why customers choose Microsoft for UEM

Let me summarize three reasons we hear from customers as to why they see Microsoft as a dependable and cost-effective solution for UEM.

1. Microsoft Endpoint Manager is the native Microsoft solution, providing deep integration with Microsoft 365 and Microsoft Azure to improve employee security and the IT administrator experience. Seamlessly integrating management, identity, and security with your employees’ digital experience has two advantages. It improves employee satisfaction as their workplace tools don’t need them to juggle multiple security add-ons. Further, it reduces the amount of platform integration your IT team needs to do, allowing IT to focus on higher-order priorities and save money. Microsoft 365 integration is an ongoing project for us: our advanced endpoint management strategy means we are bringing more solutions into the Microsoft 365 platform, driving down the number of add-ons you need to integrate.
2. Customers like being in control of when they migrate to the cloud. The improvements we have made in tenant attach and hybrid Microsoft Azure Active Directory (Azure AD) mean that customers can have many choices in how to co-manage their devices. This puts the customer firmly in control. The accelerated shift to hybrid work in the past two years has taught us that there is no “one size fits all” for digital transformation. Some organizations are now fully remote and in the cloud; others have leaders that are very keen on a full return to the office. Many are in between. Microsoft Endpoint Manager capabilities accommodate all scenarios, leaving customers in control.
3. Customers are reassured by Microsoft’s ongoing investments in Endpoint Manager. We continue to improve the IT administrator experience and the experience for frontline workers, as well as integrate with Azure Virtual Desktop, Windows 365, and Microsoft Defender for Endpoint. Other recent innovations include new support for managing Linux desktops (currently in preview), macOS enhancements such as support for DMG and other apps, remote help, and Endpoint analytics such as work-from-home readiness and other reports to power a hybrid workforce. We look forward to sharing further advances soon.

Continued momentum for Microsoft Endpoint Manager

Strong rationale from analysts and customers is backed up by metrics. As our Chief Executive Officer (CEO) Satya Nadella revealed on our Q3 2022 earnings call, “the number of Windows, Android, and iOS devices protected by [Microsoft] Intune grew over 60 percent year over year.” More broadly, “the number of customers who trust our security solutions grew nearly 50 percent year over year to 785,000.” We work with our industry-leading more than 15,000 partners to analyze 24 trillion threat signals a day to keep customers like Domino’s Pizza, Fujitsu, Heineken, and Petronas safe.

So, I would encourage you to read the Gartner® report and explore what actions you should take. Specifically, customers looking for a dependable, cost-effective solution in three specific situations may find it particularly relevant:

• If you are spending too much time managing third-party security plug-ins. Simplifying your endpoint management vendors could free up your time for other priorities.
• If your security, identity, or management software vendors are influencing the timing of your migration to the cloud. The ability to migrate at your own pace remains critical.
• If you selected your UEM vendor prior to the shift to hybrid work. The pandemic changed requirements for many customers and initiated deep investments to meet those new needs.

Learn more

You are invited to read the full 2022 Magic Quadrant™ for Unified Endpoint Management Tools report.

We believe any recognition from independent external analysts is an important milestone in building the best product we can; we thank our customers and partners for being on this journey with us.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Gartner, Magic Quadrant for Unified Endpoint Management Tools, Tom Cipolla, Dan Wilson, Chris Silva, Craig Fisler. August 1, 2022.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools appeared first on Microsoft Security Blog.