Microsoft Invests Big with New Threat Hunting Services


Microsoft is going in big on cybersecurity, to the tune of $50 billion in new investments over the next five years, according to its announcement last year. Now, we’re seeing one of the first results of this investment: Microsoft Defender. Microsoft will bring cloud based monitoring and engineer-driven mitigation to SMBs, delivered at scale, direct from the source.

This is big news, for a few reasons. First, it shows that major platform companies are committing to integrating enterprise-grade cybersecurity products into their productivity platforms. And second, it proves Microsoft is hiring cybersecurity engineers to service SMBs with less than 300 employees.

So what could Microsoft Defender, and products like it, mean to you in the future?


How Microsoft Defender Could Impact the Market

It’s important to mention here that Microsoft is hardly the only player in this space. Other major companies like Arctic Wolf and CrowdStrike have been offering similar “concierge security” services for years, also priced at a per user level that’s doable for most small or medium-sized businesses.

What’s significant here is not necessarily the increase in competition. It is the commitment to cybersecurity consolidation Microsoft is showing. Microsoft joined a cadre of other tech firms last year, pledging to help fill 500,000 cybersecurity jobs in the U.S. alone. Rest assured, many of those jobs will be aimed at creating customer and MSP-facing cybersecurity experts. Those experts will help mitigate threats, right from Microsoft headquarters.

“What Microsoft does, other tech companies are sure to follow,” said Nicholas McCourt, lead vCISO at Integris. “Whenever there’s that much investment and movement around cybersecurity, it’s a great thing for business. It means that in the future, we’ll be likely to see similar investments from other platform companies and app developers. As a result, MSPs will be able to stitch together security capabilities from more sources. It’s a whole new level of choice in the market.”

Let’s take a look at what that these new cybersecurity announcements include.


Microsoft’s New Cybersecurity Offerings: Breaking It Down

What kinds of cybersecurity is Microsoft offering? Specifically, the company has announced it has:

  • Launched Microsoft Defender Threat Hunting Services. It uses a complex web of AI and Microsoft experts to flag issues in subscriber devices. It does the same for systems running the Office 365 Productivity platform, Microsoft cloud applications and identity programs. This program is available as an upgraded feature for current customers with the Microsoft Business Premium service. It can also be billed as a standalone program for $3 per user, per month.
  • Built out Microsoft Defender Experts for XDR (Extended Detection Response). It offers everything Defender does, but with more advanced data, reporting and management tools. The service comes with a cadre of Microsoft engineers to help mitigate threats. By the time you make tweaks and additions to this program, it usually costs an added $10 to $14 a month for the service, per user.
  • As of March 1st, Microsoft made Defender for Business available to its Microsoft 365 Business Premium customers, with MSP partners able to manage it through its Lighthouse platform.

So, if you’re considering whether you should jump on the Microsoft Defender bandwagon, what should you expect? Let’s explore that in more detail.


What Does Microsoft Defender Include?

Clients who are using the new defender system can expect a lot of cybersecurity bells and whistles for their money, including:

  • Cybersecurity protection for all your favorite collaboration tools like Microsoft Teams and Microsoft Office
  • Defender for Office 365, which protects your company email against phishing and other cyberthreats
  • Microsoft Intune, which helps you provide security around managing your company devices
  • Azure AD Premium Plan 1 for Identity protection and secure remote access
  • Azure Information protection for sensitive data
  • Microsoft Exchange online Archiving
  • Cross Platform Endpoint Protection (EDR) for Windows, MacOS, iOS and Android
  • Automated Investigation and Remediation

“There’s a lot to be excited about here,” said McCourt. “Microsoft has bundled a lot of functionality into this system. It’s tight, it’s consolidated, and it’s all on one platform. If you’re a company that has most of your business in the Microsoft universe, this is a great option.”

Security experts are, in general, excited about these new options. But they’re also quick to point out it’s not always the best choice for everyone. Here’s how CISOs are weighing the options.


Is Microsoft Defender the Right Option for Your Business?

Like many MSPs, Integris has a deep relationship with Microsoft. After all, we are setting up at least some part of Microsoft’s product platform for nearly every client we have. We’re a Microsoft Gold Partner—a commitment that’s a part of the “premium” MSP service we offer.

But when it comes to choosing the right cyber-defense tools for our clients, our team evaluates what’s best for all your platforms and networks. Here’s what we look at when we evaluate Microsoft Defender and its competitors.


How an MSP Evaluates Your Cybersecurity Options

When a CISO looks at services like Microsoft Defender, we weigh a number of factors, including:

  • Whether you’ve already covered these bases—Are you already using another service that covers EDR, XDR, SIEM and device management?
  • Your cybersecurity coverage needs, and whether they fall outside the parameters of what Microsoft offers—If you have extensive properties running outside Microsoft/Azure, you may need to invest in the cybersecurity monitoring systems that can cover them all.
  • If Microsoft’s new system is a better deal—If you’ve cobbled together several different products and platforms, there’s a chance Microsoft’s bundled service might offer better coverage for less.
  • The quality of the monitoring, and how the reporting platform will work with your existing systems—Microsoft offers an MSP/client facing portal called Lighthouse that allows you to see and manage your Microsoft Defender cybersecurity efforts from one dashboard. How will you be able to manage this with any other service dashboards you operate? How will your staff and/or MSP use it for reporting? Are there any areas where this system will clash with your legacy cybersecurity systems?

“Microsoft Defender has the makings of a great product,” said McCourt. “And we’re very excited to see what it will bring as it continues to grow. But it’s important that you allow the cybersecurity experts in your company, or at your MSP, to look at the decision from all sides. Making platform switches always have unintended consequences. Sometimes the best choice might be Microsoft, and sometimes, it might be a competitor.”


The Future of Bundled Cybersecurity

When Microsoft speaks, the industry listens. So, the company’s investment in cybersecurity is likely to herald a sea-change in how companies think about security, overall.

The big players in cybersecurity have invested big, but so have private equity companies, which have doubled their investment in developing cybersecurity companies, to the tune of $25 billion just last year. The race is on to find new tech and new ways to consolidate the cybersecurity function at companies.

Why is this happening? The rise in cyberattacks is a reason, certainly. The pressure to shore up cybersecurity from governments, regulators and cyber risk insurers is also a big factor.  But in reality, the landscape is far more complex than this. Market factors have created a perfect storm that’s driving the move to security consolidation, including:

  • A global shortage of employees for the cybersecurity industry, leading the industry to look to new ways to consolidate and improve productivity at the platform level
  • The increase in cloud adoption, up to 90 percent in all industries, according to a recent report, that’s now driving the need for more streamlined cloud-based security options
  • Cloud fear, that consolidated, cloud-based platforms could become a vector for cyber theft, in light of massive incidents like the Kaseya breach
  • A fragmented tech market, with thousands of companies coming up with thousands of solutions.


Parting Thoughts

McCourt said these market forces will have an impact on the behavior of the big tech players for years to come.

“In the past, software-as-a-service companies only had to offer the product, usually without a thought to how their service would be secured,” McCourt said. “After all, cybersecurity was always something that other companies did. It was an add on. But not anymore. The pressure’s on to create not just the best products, but the safest, most resilient, and easiest to monitor products, too. And that’s a win, for everyone.”


Want to Know More?

If your company is looking for an analysis of your choices for cybersecurity vendors, Integris would love to help you. Contact us today for a free consultation.

Susan Gosselin is a Senior Content Writer for Integris. A career communicator and business journalist, she's written extensively on IT topics and trends for IT service providers like Iconic IT and ProCoders Ukraine, as well as business publications such as,, The Lane Report and many others. Connect with her on LinkedIn.

Keep reading

A Personal Twist on Zero Trust Security

A Personal Twist on Zero Trust Security

The massive Australian data breach in late September inspires me to share a personal twist on Zero Trust Security. What makes this incident colossal? BBC News Australia reports, "Australian telecommunications giant Optus revealed about 10 million customers - about 40%...

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...