5.7 C
New York
Saturday, March 2, 2024

Is there a case for Microsoft as your solely enterprise safety accomplice?

In current GigaOm analysis, we evaluated whether or not there was a great argument to make use of a single safety accomplice to guard a corporation or if a number of “better of breed” options are nonetheless the way in which to go.

We checked out two use circumstances. Microsoft, utilizing the broad capabilities of its M365 E3 platform with its E5 safety add-on, in comparison with choosing particular person options from a number of main enterprise safety distributors, together with Crowdstrike, OKTA and Proofpoint.

The analysis consisted of value evaluation, technical comparisons, and conversations with senior IT decision-makers to grasp among the standards they used when evaluating know-how.

Our evaluation confirmed that technically and commercially, Microsoft’s instruments and companies provide a horny single-vendor proposition. Nevertheless, it additionally uncovered that, whereas this was the case, there was additionally a pervading angle from quite a few CxOs, that not solely was Microsoft not their major alternative, however for some, they might not even contemplate Microsoft as a safety accomplice.

That raised the query as as to whether Microsoft did, actually, current a powerful sufficient proposition to be a single safety accomplice for an enterprise and whether or not it was doable to beat the issues of CxOs. To aim to reply these questions, we needed to overview our analysis and convey a contemporary CxO perspective to it. To do this, we enrolled our personal CTO, Howard Holton, to offer further CxO perception into the outcomes of our work.

The analysis round Microsoft as a safety accomplice

The intention of this publish is to not share all of the analysis. It’s to offer a abstract of our findings which will help reply among the questions decision-makers would ask when evaluating a single-vendor versus multi-vendor strategy for cybersecurity instruments and companies.

Analysis scope

Earlier than offering that abstract, it’s helpful to stipulate the scope of our analysis. You will need to be aware that this was not a hands-on technical analysis, detailed performance testing, or TCO evaluation. The scope of the analysis was to offer a C-level briefing that regarded on the following;

  • Resolution capabilities

  • Excessive-level value evaluation

  • Different operational overhead/enterprise dangers


We evaluated these areas to grasp whether or not the single-vendor versus multi-vendor strategy might;

  • Scale back complexity

  • Scale back value 

  • Keep/improve safety


We utilized these questions throughout a number of enterprise safety challenges. The Microsoft E5 Safety Add-on covers every of those areas, and we in contrast that to the seller listed in every class;

  • Endpoint together with cell – Crowdstrike

  • Identification Administration – Okta

  • E-mail Safety together with BEC, phishing safety, virus, and malware protection – Proofpoint

  • MFA and adaptive entry controls – Okta/Proofpoint

  • Instruments to watch menace and failure – Crowdstrike

  • Knowledge Loss Prevention and Related Knowledge Safety Applied sciences – Proofpoint

  • Cloud Software Safety/Cloud Entry Service Dealer – Proofpoint


These areas precisely mirror the important thing safety focus we discover in all kinds of organizations. Due to this fact, evaluating the potential of any instrument in opposition to them was a helpful strategy to examine options and functionality, their value, and whether or not they would meet the wants of a corporation’s fashionable safety calls for.

The professionals and cons of Microsoft as a safety accomplice

Microsoft’s E3 + E5 Safety add-on affords a complete vary of safety instruments for customers of its Microsoft 365 and Azure companies. Its breadth of functionality would supply a corporation with wide-reaching safety and complete safety by way of a single vendor.

The Microsoft Safety Toolset

Microsoft’s safety protection is broad and break up throughout quite a few core service suites. This contains;

  • Microsoft Defender for EDR, anti-virus, Cloud App safety, anti-phishing, and information loss prevention throughout desktop, server, Mac, cell, and naturally, Cloud

  • Microsoft Entra supplies id safety

  • Alternate On-line Safety defends in opposition to phishing and BEC and affords malware safety


This vary of safety instruments is tightly built-in into Microsoft Azure and M365 to offer prospects with a complete, seamless safety expertise. For these prospects, the analysis highlighted that the only vendor, single platform strategy reduces each technical and business complexity, making a compelling safety providing.

Why have been CxO’s not embracing Microsoft’s compelling providing?

Whereas Microsoft did make a powerful single-vendor case, why did potential prospects and their safety decision-makers meet this with the view that “Microsoft isn’t even a consideration” when evaluating safety options and companions?

Causes for not selecting Microsoft

What have been among the key causes we found?

  • I don’t wish to spend much more with Microsoft.

  • Whereas the options are broad, I don’t consider their capabilities are pretty much as good as specialist distributors.

  • I don’t want all my safety eggs in a single basket.

  • The pricing of migration from my present suppliers is important.

  • Can they supply me with hands-on menace response assist?

  • Is their menace response instrument one thing I might reclaim by way of my cyber insurance coverage?

Are these legitimate issues?

Whereas all issues are legitimate throughout our analysis, we discovered proof that could possibly be used to assist reply a few of them. This doesn’t imply the issues are unsuitable, however they supply further context that will alter a possible buyer’s notion.

I don’t wish to spend extra with Microsoft

There are good business the reason why this can be the case. We did additionally discover that there was a really sturdy monetary case made for the single-vendor strategy.

Primarily based on printed pricing, our analysis noticed potential financial savings near 80% when utilizing the Microsoft E5 safety add-on in comparison with utilizing three particular person distributors*. Whereas there could also be business causes to not spend extra with Microsoft, this can be a important determine, and one that ought to make for nearer examination, particularly the place budgets are below ever-increasing strain.

Microsoft’s capabilities are inferior to specialist distributors

This can be a complicated query, and because the analysis was not based mostly on performance testing, it was not definitively answered right here. Nevertheless, we’ve got present in different GigaOm analysis that Microsoft’s capabilities rating extremely in our security-based stories.

It must also be thought of that the single-vendor strategy will cut back the complexity that a number of distributors can create. We additionally found that Microsoft’s E5 strategy is extraordinarily complete and crammed gaps that have been left by the a number of main distributors we additionally evaluated.

I don’t want a single vendor

The worth of utilizing a number of best-of-breed distributors has benefits. To know if that may be a legitimate concern in any given occasion, you will need to perceive why the multi-vendor strategy is most popular and what it affords {that a} single vendor can’t. We discovered Microsoft’s strategy technically and commercially engaging. Our findings definitely made a case for the re-appraisal of the only vendor strategy in these cases.

Price of migration

This can be a sturdy and legitimate concern. As IT budgets stay strained, migration prices might convey unwelcome further strain. This could not imply it shouldn’t be thought of, as there are doubtlessly long-term financial savings available. Nevertheless, organizations ought to research the size of this return to determine its viability.

Menace response and cyber insurance coverage

One of many main questions raised when evaluating Microsoft with different main distributors was its functionality to offer menace response if a cyber incident ought to happen. Whereas Microsoft can certainly cowl menace response, we discovered service definitions and prices much less clear throughout our analysis than these of rivals equivalent to Crowdstrike.

An extra concern was whether or not they could be lined below cyber insurance coverage when partaking in such companies. Each issues are important and would require full readability when evaluating adopting or altering or single safety vendor strategy.

What have been the three key benefits we found?

In exploring this with GigaOm’s CTO Howard Holton, we found a number of key benefits of the only vendor strategy that the diligent tech evaluator ought to contemplate. None of these items is to say Microsoft or any single vendor is the precise reply, however there’s a case to discover, and as Howard talked about on the finish of our analysis, “not less than we’d have Microsoft within the dialog”.

  • Price discount: the potential right here is important. Whereas it ought to by no means be the principle criterion, it’s a consideration in a world of under-pressure budgets. Our comparability of Microsoft’s E3/E5 Add-on versus an amalgamated main vendor strategy confirmed potential financial savings within the area of 80%*. After all, in the true world, prospects are unlikely to pay full printed costs, however the saving potential does exist and have to be thought of.

  • Complexity discount: Complexity is the enemy of safety. The extra merchandise a corporation tries to convey collectively, the extra complicated it turns into to safe, the upper the operational overhead, and the extra doubtless there might be safety gaps. Microsoft is extraordinarily sturdy right here, if not excellent. Their options are managed from its single M365 platform however not essentially in a single console. It supplies consistency of safety coverage and process throughout the platform. And, in fact, the breadth of the platform ensures detailed insights and analytics from throughout a corporation are made out there to assist with menace investigation and looking. That is additionally augmented by each automated incident response and, extra lately, the additions of managed response by way of Microsoft Safety Consultants. This isn’t inconceivable to attain with third-party distributors, particularly those we checked out right here, who share a variety of tight product integrations that share intelligence to offer broad safety insights, but it surely does take further work.

  • Improved Safety: This one is much less clear. There isn’t a doubt that the breadth of protection and capabilities Microsoft supplies can definitely assist enhance safety posture, particularly for these utilizing E5 to fill present gaps. The E5 license affords a powerful resolution, particularly for these deeply invested in Microsoft’s cloud platforms. Nevertheless, it’s much less clear whether or not these already invested in different instruments would see the identical enhancements. Whereas in some circumstances, Microsoft will ship parity and even characteristic enchancment, there might be many circumstances the place best-of-breed rivals do issues Microsoft doesn’t. Safety have to be the principle criterion in these circumstances, no matter potential value financial savings.

Last ideas

In reply to the query we posed on this publish, the reply is sure, Microsoft could possibly be a single safety supplier for a corporation. Nevertheless, not for all. Whereas it supplies strong safety capabilities at a really engaging worth, there are gaps. In actuality, Microsoft’s strategy is barely going to be efficient for these with a powerful funding and strategic dedication to Microsoft Azure and M365 already.

There, in fact, would be the comparability of capabilities. Specialist distributors are, on the very least, perceived to offer “higher” safety capabilities than Microsoft’s native instruments and, in lots of circumstances, present issues Microsoft don’t. The concept that Microsoft supplies “adequate” safety is true, but it surely shouldn’t have destructive connotations. Adequate safety is strictly that, adequate to fulfill wants. Nevertheless, organizations should totally consider whether or not any potential options meet their wants.

More and more organizations additionally want companies to enhance their inside sources. Distributors like Crowdstrike provide complete skilled companies with menace and incident response groups. Microsoft does provide this, however the full course of its Safety Consultants service and the way that can examine is unclear. This might be a vital consideration.

This analysis confirmed us {that a} single vendor, particularly Microsoft, could make a powerful case when it comes to functionality, efficacy and price. They might both turn into a single vendor filling safety portfolio gaps, and even substitute different distributors in some cases.

Nevertheless, we additionally famous that best-of-breed market-leading options are perceived as that for a purpose, and that value alone should not be the one criterion for changing them. 

What was definitely true for individuals who take the time to totally consider Microsoft’s capabilities, as our CTO Howard Holton identified, it ought to not less than make Microsoft a part of the dialogue.


*Our worth comparisons have been based mostly on a 5000-user enterprise, 10,000 gadgets evaluating M365 E3 plus E5 safety versus Crowdstrike, Okta and Proofpoint as a part of Crowdstrike’s Spectra Alliance offering the identical safety protection. Primarily based on printed listing worth comparisons, analysis confirmed a 77% saving utilizing Microsoft’s instruments in comparison with an built-in strategy utilizing the three main distributors confirmed.

This didn’t embrace any discount in operational value, as this was exterior of the scope of this analysis. Nevertheless, it needs to be famous that in earlier analysis, trying on the impression of safety instrument consolidation, we’ve got seen reductions in operational prices of 3-7 occasions.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles