Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Content types

Products and services

Topics

Last week, the Microsoft Security team attended the RSA conference in San Francisco, California. We made several key announcements about Microsoft Threat Protection, the solution which provides end users optimal security from the moment they log in, use email, work on documents, or utilize cloud applications and offers security professionals the benefit of minimal complexity while staying ahead of threats to their organization. As we previously alluded to, Microsoft Threat Protection is on a journey to provide organizations seamless, integrated, and comprehensive security across multiple attack vectors. In this RSA edition, we want to share where we are in this journey, the most recent new capabilities launched, and the vision of where we’re going as we continue executing toward our goal of offering best-in-class security for modern organizations.

The journey taken

Microsoft Threat Protection is supported by tremendous investment and focus across multiple engineering teams. Each month, we report discrete enhancements to the solution, but Figure 1 shows the many years of strategic investments and designed capabilities which helped create the solution we offer today. As the timeline demonstrates, each discrete enhancement is tied to the larger vision of Microsoft Threat Protection and our effort to ensure customers are offered the best and most secure threat protection available on the market. The roots of Microsoft Threat Protection stretch back to 2014, with the launch of advanced identity protection capabilities offered in Azure Active Directory Premium. Development of the Microsoft Intelligent Security Graph, which weaves our security services together, began shortly thereafter. Building on these strong foundations in identity protection (including security for on-premises identities) and intelligence, we then launched services securing email and documents, cloud apps, endpoints, and infrastructure. Over the last few years, we have leveraged the connectivity of the Intelligent Security Graph to integrate and seamlessly correlate signals across all our services, to help provide an optimized security experience with minimal complexity for customers.

The development timeline of Microsoft Threat Protection

Figure 1. The development timeline of Microsoft Threat Protection.

The journey is continuing, as we further enhance and develop capabilities which secure customers with Microsoft Threat Protection. Next, we look at announcements made at RSA this year, which are significant strides on our evolution toward the full potential Microsoft Threat Protection.

Tomorrow’s SIEM, available today

Many organizations leverage Security Information and Events Management (SIEM) products to support their digital transformation. As the value of digital information continues to increase, so does the volume and sophistication of attacks. Several customers have told us their existing SIEM products are unable to keep pace.

To address this need, at RSA we announced the launch of Microsoft Azure Sentinel, which adds the benefits of a next-gen SIEM to the Microsoft Threat Protection solution. Azure Sentinel is a cloud-native solution, providing intelligent security analytics for the entire organization. With Azure Sentinel (Figure 2), collection of security data across the entire hybrid organization from devices, to users, to apps, to servers on any cloud is easy. It includes built-in artificial intelligence (AI) to help ensure threats are identified quickly and significantly reduces the burden of traditional SIEMs by eliminating the need to spend time setting up, maintaining, and scaling infrastructure. Since it is built on Azure, it offers nearly limitless cloud scale and speed to address your security needs. Traditional SIEMs are also expensive to own and operate, often requiring high upfront costs and continued high costs for infrastructure maintenance and data ingestion. With Azure Sentinel there are no upfront costs as you pay for what you use.  Additionally, organizations can bring their Office 365 activity data to Azure Sentinel for free. It takes just a few clicks to retain your Office 365 data within the Microsoft cloud. Learn more about Azure Sentinel and opt in for a trial today.

The Azure Sentinel - Overview portal

Figure 2. The Azure Sentinel – Overview portal.

Combining artificial intelligence with human expertise for unparalleled security

Human expertise will always be pivotal for strong security. However, by 2021, there will be an estimated shortage of 3.5 million security professionals. To help organizations benefit from the knowledge of seasoned security analysts, we announced Microsoft Threat Experts at RSA adding another significant capability to Microsoft Threat Protection to augment customers Security Operation Centers (SOCs). Microsoft Threat Experts is currently offered as part of our endpoint security service, Windows Defender ATP and blends the benefits of human analysts with our industry leading endpoint security service. Soon, Threat Experts will extend to cover more components of Microsoft Threat Protection. It is a new managed threat hunting service providing proactive hunting, prioritization, and additional context and data-driven insights, further helping SOCs identify and respond to threats quickly and accurately. Microsoft Threat Experts enables SOCs to jump-start threat investigations by providing context-rich intelligence. The feature offers:

  • Targeted attack notifications: Offers monitoring by Microsoft’s threat experts and provides notifications to customers in case a breach is identified. In cases where a full incident response becomes necessary, seamless transition to Microsoft incident response (IR) services is available.
  • Experts on demand (Figure 3): Security experts provide technical consultation on relevant detections and adversaries.
Microsoft Threat Experts "Ask a Threat Expert" button

Figure 3. Microsoft Threat Experts “Ask a Threat Expert” button.

Learn more about Microsoft Threat Experts and check out these case studies that showcase the significant benefit of combined human and artificial intelligence. Get started on a Windows Defender ATP trial and begin your preview of Microsoft Threat Experts.

Experience the evolution of Microsoft Threat Protection

Take a moment to learn more about Microsoft Threat Protection, read our previous monthly updates, and visit Integrated and automated securityOrganizations have already transitioned to Microsoft Threat Protection and partners are leveraging its powerful capabilities. Begin a trial of Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace. And check out part 2 of this blog, where we discuss a new unified SecOps experience, powerful new features to strengthen your cloud app security, unique automation capabilities launching in Office 365, and an early look at the full vision and scope of Microsoft Threat Protection.

Microsoft

Microsoft Security Team

See Microsoft Security Team posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads