We’re honored to share that Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security. We believe this recognition highlights the value of Microsoft Defender for Office 365’s innovative capabilities in addressing today’s complex email security challenges.
Staying ahead of the evolving email threat landscape
Email remains the most exploited gateway for cyberattacks and the threat landscape is evolving fast. Cyberattackers are increasingly leveraging AI to automate and amplify their campaigns, making each attack vector more sophisticated and harder to detect. Our latest Microsoft Digital Defense Report reveals how business email compromise (BEC) has evolved from a low-volume scam into a professionalized, service-driven economy.
This industrialization of email-based crime and the growing use of AI by threat actors is one reason why we’ve doubled down on strengthening protections for our customers. Over the past year, we’ve introduced advanced defenses against emerging attack types, enhanced social engineering safeguards, and expanded coverage across collaboration tools like Microsoft Teams.
This growing cyberthreat landscape is why we need to fight AI with AI and lead with a unified platform approach to defend against sophisticated, multimodal attacks holistically.
Innovating to defend email with agentic AI
Our research shows that phishing attacks remain one of the most persistent and damaging threats to organizations worldwide. Security teams are under constant pressure to investigate a growing number of user-reported phishing emails daily, aiming for accurate verdicts and timely responses. Defender for Office 365 is focused on protecting against this evolving email and collaboration threat landscape by infusing AI agents and agentic workflows into the core of our security solution and security operations center (SOC) operations to strengthen our defenses, automate repetitive tasks, and accelerate investigations. Our recent innovations to defend against phishing attacks and more include:
- Agentic email grading system uses advanced, AI-powered analysis when admins or users submit phishing emails to Microsoft for review. By integrating language models and agentic workflows into Defender for Office 365, the system delivers rapid, transparent verdicts and provides the submitter with context-rich explanations for each reported message. This approach reduces reliance on manual reviews, thereby shortening Microsoft’s response times, and it helps deliver consistent, high-quality outcomes. A built-in feedback loop enables continuous learning for both humans and models and adapts based on new cyberthreats, so that our evaluation considers the latest threat landscape.
- Microsoft Security Copilot Phishing Triage Agent is designed to autonomously handle user-submitted phishing reports at scale in Defender for Office 365. The agent enables SOC teams by classifying incoming alerts, resolving false positives, and escalating only malicious cases that require human expertise. It automates repetitive tasks, accelerates investigations, and provides full transparency in every decision, allowing security teams to focus on what matters most—investigating real cyberthreats and strengthening the overall security posture. Early results prove how it is transforming analyst showing measurable impact of 40% reduction in time to resolution and significant decrease in manual triage workload. To make it easier than ever for organizations to harness the power of Security Copilot agents to protect at the speed and scale of AI, Security Copilot will be included for all Microsoft 365 E5 customers.*
- Email bombing protection—Email bombs send large volumes of emails to overflow a mailbox, overwhelm the user and distract attention from important email messages indicating a security breach. Defender for Office 365 now intelligently tracks message volumes across different sources and leverages historical patterns of the sender and signals related to spam content to identify these types of attacks. It automatically sends them straight to the junk folder, keeping the user’s inbox clean and the organization protected.
Driving transparency in the industry across ICES and SEG vendor effectiveness
At Microsoft, we believe that transparency is foundational to trust, and we are committed to delivering it through clear, actionable insights. By providing in-product transparency reports, we give customers visibility into security performance and outcomes. As both an email platform and a security provider, we want to work together with our ecosystem and do more to empower customers to understand email security effectiveness. That’s why earlier this year we introduced comparative benchmarking reports designed to assist customers in evaluating the benefits of integrating multiple email security solutions.
Testing these benchmarks relies on real-world email threats observed across the Microsoft ecosystem, rather than synthetic data or artificial testing environments. The study compares environments protected exclusively by Defender for Office 365 with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender.
The future of email security
As email-based attacks continue to grow in sophistication and are increasingly fueled by AI, the need for AI-powered defenses and end-to-end AI security platforms becomes more urgent. Microsoft is committed to leading this transformation by:
- Investing in agentic AI to empower defenders with autonomous capabilities.
- Using the latest AI technology in our technology stack to defend against emerging cyberthreats.
- Expand our capabilities to new attack surfaces like Microsoft Teams and attack patterns like deepfakes.
We’re not just building tools; we’re shaping the future of cybersecurity. Our roadmap is guided by the real-world challenges faced by security teams and the outcomes they strive for: effective protection, fast detection, and smarter response.
We’re honored by the Gartner recognition and deeply grateful to our customers, partners, and the analyst community for their continued trust and collaboration.
Learn more
You can learn more by reading the full 2025 Gartner® Magic Quadrant™ for Email Security report. To learn more about Microsoft Defender for Office 365, visit our website.
Are you a regular user of Microsoft Defender for Office 365? Share your insights on Microsoft Defender for Office 365 and get rewarded with a $25 gift card on Gartner Peer Insights™.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
*Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.
**This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner and Magic Quadrant are trademarks of Gartner, Inc., and/or its affiliates.
Gartner, Magic Quadrant for Email Security, 1 December 2025, By Max Taggett, Nikul Patel
