Trace Id is missing
Skip to main content
Microsoft Security

Learn how to bring innovative cybersecurity AI to your organization at Microsoft Secure.

Register now

Microsoft Digital Defense Report 2023

How we’re building and improving Cyber Resilience

Quote: Securing our future together

Securing our future together

Welcome to the Microsoft Digital Defense Report. As the digital domain continues to evolve, defenders around the world are innovating and collaborating more closely than ever. In this fourth annual edition of the report we share actionable steps and valuable insights from what we’re seeing for the reporting period from July 2022 through June 2023.

“Artificial Intelligence will be a critical component of successful defense. In the coming years, innovation in AI-powered cyber defense will help reverse the current rising tide of cyberattacks.”

Tom Burt, Corporate Vice President, Customer Security and Trust, Microsoft

Our unique vantage point

As a company committed to making the world a safer place, Microsoft has invested heavily in security research, innovation, and the global security community. While AI is transforming cybersecurity, using it to stay ahead of threats requires massive amounts of data. We have access to a diverse range of security data which puts us in a unique position to understand the state of cybersecurity and to identify indicators that can help predict the next moves of attackers.

This year's report draws on insights from these and other sources across Microsoft and the ecosystem:
Infographic image highlighting the key report insights

Telemetry sources: Microsoft Defender for Endpoint, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity, Microsoft Defender for Office 365, Microsoft Entra ID (formerly Azure AD), Microsoft Defender Threat Intelligence

Quote: The power of partnerships in building cyber resilience

Strengthening our defenses together

Strength in numbers. Stronger together. Together we stand. We think every individual and company should exist above the cyber poverty line. While organizations are focused on safeguarding their own systems, customers, and communities, partnership acts as a crucial force multiplier for collective resilience. Together, we can ensure that every individual and company exists above the cyber poverty line.

The opportunities for partnership across the public and private sectors, policy organizations, and standards bodies are multi-dimensional. From ensuring the technology community is building safer, more secure technology and collaborating on threat intelligence and trends to developing common standards to take down and block the tools cybercriminals use, strong and bi-directional partnerships between organizations are crucial.

Partnerships across the technology community are an absolute necessity to ensure organizations of all types and sizes, in every industry and region, can protect themselves. This means working together to push the boundaries of innovation, ensuring technical integration of products in the security space and addressing the end-to-end security needs of customers.

One crucial point stands out: the vast majority of successful cyberattacks could be thwarted by implementing a few fundamental security hygiene practices.

The fundamentals of cyber hygiene

Enable multifactor authentication (MFA)

This protects against compromised user passwords and helps to provide extra resilience for identities.

Apply Zero Trust principles

The cornerstone of any resilience plan is to limit the impact of an attack on an organization: explicitly verify, use least privilege access, and always assume breach.

Use extended detection and response (XDR) and antimalware

Implement software to detect and automatically block attacks and provide insights to the security operations software. Monitoring insights from threat detection systems is essential to being able to respond to threats in a timely fashion.

Keep up to date

Unpatched and out-of-date systems are a key reason many organizations fall victim to an attack. Ensure all systems are kept up to date including firmware, the operating system, and applications.

Protect data

Knowing your important data, where it is located, and whether the right defenses are implemented is crucial to implementing the appropriate protection.

Threat actors represented in the 2023 Microsoft Digital Defense Report

Threat actors and types discussed in the report include tracked activity from nation-state actors, ransomware groups, cyber mercenaries or private sector offensive actors, and “Storm” designations followed by a four-digit number refer to emerging or developing clusters of threat activity. Threat actor group naming: Russian groups end in “Blizzard”; Chinese groups end in “Typhoon”; Iranian groups end in “Sandstorm”; North Korean groups end in “Sleet”.

Explore other Microsoft Digital Defense Report chapters


The power of partnerships is key to overcoming adversity by strengthening defenses and holding cybercriminals accountable.

The State of Cybercrime

While cybercriminals remain hard at work, the public and private sectors are coming together to disrupt their technologies and support the victims of cybercrime.

Nation State Threats

Nation state cyber operations are bringing governments and tech industry players together to build resilience against threats to online security.

Critical Cybersecurity Challenges

As we navigate the ever-changing cybersecurity landscape, holistic defense is a must for resilient organizations, supply chains, and infrastructure.

Innovating for Security and Resilience

As modern AI takes a massive leap forward, it will play a vital role in defending and ensuring the resilience of businesses and society.

Collective Defense

As cyberthreats evolve, collaboration is strengthening knowledge and mitigation across the global security ecosystem.

More on security

Our commitment to earn trust

Microsoft is committed to the responsible use of AI, protecting privacy, and advancing digital safety and cybersecurity.

Cyber Signals

A quarterly cyberthreat intelligence brief informed by the latest Microsoft threat data and research. Cyber Signals gives trends analysis and guidance to help strengthen the first line of defense.

Nation State Reports

Semi-annual reports on specific nation state actors that serve to warn our customers and the global community of threats posed by influence operations and cyber activity, identifying specific sectors and regions at heightened risk.

Microsoft Digital Defense Reports archive

Explore previous Microsoft Digital Defense Reports and see how the threat landscape and online safety has changed in a few short years.

Follow Microsoft