Tag: #Compliance

Posted on

Microsoft Security Hits $20B in Revenue

Microsoft Security Banner

In a blog post following Microsoft’s Q2 earning report this week, Microsoft shared how their security revenue had grown 33% from 2022 to 2023 and now stands at $20Billion driven massively by their global partners who have been helping customers strengthen their security posture while saving money through vendor consolidation. Microsoft stated that security remains the number one investment for businesses is where organisations spend the most, and easily justifiable for companies.

To put this into perspective, the $5 billion increase in Microsoft’s security business over the past twelve months is larger than the revenue generated by every pure-play cybersecurity vendor other than Palo Alto, which expects to hit $6.85 billion growth when they publish their results later this year.

We are taking share across all major categories we serve…..customers are consolidating on our security stack in order to reduce risk, complexity and cost.” – Satya Nadella.

Even in this economically challenging time, organisations still see security as the top priority.

Vasu Jakkal | CVP of Security, Compliance, Identity, & Management | Microsoft

Every Growing Market

According to McKinsey & Company, the cybersecurity market is now worth $2 trillion as more businesses realise that they lack the levels and breath of protection and detection measures to keep their data, identities, applications, devices, and networks and safe whilst the number of attacks continue to rise at alarming rates.

Despite Microsoft’s huge growth in this area, Microsoft pointed out that there is still a global shortage of cybersecurity professionals across the globe and in the USA alone, there are ~4 million unfilled cybersecurity jobs currently open, with salaries hugely inflated due to the high demand for these roles.

Organisations can save lots of money

In the Microsoft earnings call, Satya Nadella, called out their focus in helping customer “do more with less” saying that “this is a place where customers can save lots of money’
He talked about Microsoft’s breadth, depth, and integrated security portfolio, stating boldly that “Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy“.

Much of the value and cost savings Microsoft saves their customers is through their productivity suite bundles, such as Microsoft 365 E5, which combines advanced security, privacy, and compliance, along with Teams voice and rich analytics. Recent customers to go all-in on E5 licenses include IKEA, NTT, Boots, Rio Tinto and Marks and Spencer, and leading global law firm Baker McKenzie.

Data from 2021/2022 Forester report.



Microsoft also provide dedicated Security and Compliance add-on suites as well, as the ability to purchase their security offerings as point products such including their Enterprise Mobility and Security suite which grew 16% to more than 241 billion seats.

Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy

Satya Nadella | CEO | Microsoft

Microsoft called out an example of $4.46 billion, British Sports retailer Frasers Group, for its decision to consolidate tools and services from ten separate cybersecurity vendors to just Microsoft.

In another example, $2.76 billion, American digital media player manufacturer Roku moved its entire identity and access management business to the cloud with Azure Active Directory.

Market Bolstering Stats

  • SEIM: In October 2022, Microsoft Sentinel shot to the top of Gartner’s SIEM Magic Quadrant, zooming past IBM, Splunk, Securonix and Exabeam .
  • Identity & Access Management: IDC say Microsoft have 23.8% market share of the $13.6 billion identity and access management market, with Okta at a distant second at 9.2%.
  • Endpoint Security: Microsoft had 11.2% of the market in 2021 and 12.4% in 2022. Only CrowdStrike had a larger slice of the endpoint security market at 12.6% but has a lower growth. CrowdStrike, Microsoft &Trend Micro were of in April 22 Forrester Wave for EDR providers.

“Microsoft is the “only company” that offers “integrated end-to-end tools spanning identity, security, compliance, device management and privacy, informed and trained on over 65 trillion signals each day.”

Satya Nadella | CEO | Microsoft

The Role of Microsoft Partners

Despite the global shortage of Cyber Security professionals, Microsoft’s pointed out that their security business is surging partly due to the work many of their global Modern Work and Security partners are driving. Microsoft continues to invest significantly in partner skills enablement along with resources and funding to help their partners to help their customers. This ranges from funded discover and usage workshops, technology enablement funding, end user adoption funding (to help users work more securely), technical training initiatives, third party vendor displacement support and more.

As such Microsoft partners can certify and specialise in different security and compliance areas, helping their customers find partners that can help them understand their risk profile, identity weaknesses or risks, deploy and adopt new tools and platforms and migrate from point product to improve their security whilst reducing cost.

Organisations can reach out to their Microsoft representative or speak to their Microsoft Partner for more information

Microsoft technology (through the help of their partners) can save the average 10,000 seat organisation more than $8.3M per annum through investing in Microsoft 365 E5 and Sentinel according to research conducted by Forrester.

On a recent fireside chat that I hosted, most organisations on my panel discussed how they were improving their security through investment in Microsoft 365 E5 with the help of their partners.

The Microsoft Security Portfolio

Microsoft has organised their security portfolio (which spans more than fifty product categories overall) into six product lines.

  1. Defender: The Defender portfolio includes Microsoft 365 Defender (Microsoft’s extended detection and response (XDR) platform for securing endpoints, email, applications, identities, and data, as well as their Defender solutions for endpoint, Cloud, IoT, vulnerability management, threat intelligence, DevOps and external attack surface management.
  2. Sentinel: Microsoft’s SEIM platform
  3. Entra: Microsoft’s identity management and security portfolio, which includes Azure AD
  4. Purview: Data protection, data loss prevention, inside risk management
  5. Priva: Their new privacy risk management solution following their acquisition of RiskIQ
  6. Intune: Microsoft’s multiple vendor, multi-category endpoint management suite.

Note: Whilst Microsoft do not have dedicated products that cover the network infrastructure, SIP, WAN and Wireless LAN spaces, but work in partnership with leading infrastructure vendors such as Cisco to provide seamless identity and access integration.

Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy

Satya Nadella | CEO | Microsoft
Microsoft Security 2023



You can read more on the official Microsoft security blog post here.

Posted on

Microsoft has just released a Data Loss Prevention Alert “Dashboard”

Data Loss Prevention (DLP) is used by organisations to define and enforce data protection policies that identify and prevent risky or inappropriate sharing, transfer or use of sensitive information across cloud, on-premise and endpoints within an organisation or establishment.

Until now it was possible to configure alerts, as a part of the DLP policy authoring experience which provide an effective way for admins or compliance officers  to get notified whenever a DLP policy is breached.

Microsoft has now announced the General Availability (GA) of their Data Loss Prevention “Alerts Dashboard” . This latest enhancement provides organisations with the ability to easily and holistically visualise and then investigate DLP policy violations across their entire infrastructure including:

New Alerts Dashboard enhances DLP experience

  • On-premises file shares
  • Exchange / Exchange Online
  • Teams
  • OneDrive
  • Other non msft cloud apps and SaaS apps
  • Devices (where endpoint DLP is used).

The alerts dashboard provides a list view of all of the DLP alerts. The relevant details can then be investigated by simply clicking on an alert. APIs of course exist to allow you to call these alerts from other event management platforms and SEIM products like Azure Sentinel for example.

Microsoft DLP dashboard (April 2021)

Microsoft DLP is of course just part of the comprehensive set of Gartner Magic Quadrant leading Information Protection, Compliance and Governance solutions that are part of the Microsoft 365 E5 (and Microsoft 365 Compliance stack).

Customers can easily sign up for a trial of Microsoft 365 E5 via the admin centre, or by speaking to your Microsoft Partner (like the company I work for at https://www.cisilion.com/microsoft) to get more information, arrange a demo or run a PoC.

More information on this with can be found on the Microsoft 365 blogs here.

Posted on

Exchange Online unlimited archiving… What you need to know.

I talk to a lot of customers about Exchange Online and about the need and desire to use 3rd party add on services like backup, DLP threat protection and archiving.

Many don’t realise or are not up to date on the continuous updates and improvements to Exchange Online in particular and it’s unlimited archive feature is just one of the services that could help you save costs and simplify your management. That’s not to say there is never a need for 3rd party complementary services (there is sometimes a use case), but I wanted to highlight the power and extent of this archive feature.

What is “unlimited archiving”

Exchange Online Archiving is an enterprise-class service that assists these organizations with their archiving, compliance, regulatory, and e-discovery challenges while simplifying their on-premises infrastructure, thereby saving costs and easing the IT management overhead. (source:Microsoft)

In Exchange Online, Microsoft provides archive mailboxes which provide users with additional mailbox storage space. Once a user’s archive mailbox is enabled (it’s not on by default), up to 100 GB of additional storage is made available automatically.

Previously, whilst this feature did exist, it was quite hidden away and the only way to active it was to contact Microsoft and request additional storage space for an archive mailbox. This is no longer required and the process is fully automated (if enabled).

This “unlimited archiving” feature called auto-expanding archiving, provides additional storage in archive mailboxes once the storage quota in the primary archive mailbox is reached. Exchange Online then automatically increases the size of the archive, meaning users won’t run out of mailbox storage space and Exchange Admins don’t need to traukt through storage alterts, respond to help desk requests or contact Microsoft to request additional storage for archive mailboxes.

How auto-expanding archiving works


Once enabled, Exchange Online periodically checks the size of the users archive mailbox. When an archive mailbox gets close to its storage limit, it automatically creates additional storage space for the archive. Should this space also run out (now that’s a lot of mail), more space is automatically added to the user’s mail archive meaning now additional management the archive is needed. Here’s how it works.

Image from docs.microsoft.com
  1. Archiving is enabled for a user mailbox or a shared mailbox. An archive mailbox with 100 GB of storage space is created, and the warning quota for the archive mailbox is set to 90 GB.
  2. Exchange Online admin enables auto-expanding archiving for the mailbox.
  3. When the archive mailbox (including the Recoverable Items folder) reaches 90 GB, it’s converted to an auto-expanding archive, and extra storage space is added to the archive.

What gets moved to the archive storage space?

The process is fully automatic. In order to make efficient use of auto-expanding archive storage, folders may get moved as part of the archive move.

What items and folders are moved is determined by Exchange Online whenever additional storage is added to the archive. Sometimes when a folder is moved, one or more subfolders are automatically created and items from the original folder are distributed to these folders to facilitate the moving process.

When viewing the archive portion of the folder list in Outlook or Outlook Online, these subfolders are displayed under the original folder.

The naming convention used to name these subfolders is <folder name>_yyyy (Created on mmm dd, yyyy h_mm), where:

  • yyyy is the year the messages in the folder were received.
  • mmm dd, yyyy h_m is the date and time that the subfolder was created by Office 365, based on the user’s time zone and regional settings in Outlook.

What about Compliance and Data Governance?

eDiscovery: if your organisation uses Office 365 eDiscovery, such as Content Search or In-Place eDiscovery, the additional storage areas in an auto-expanded archive are also searched.

Retention: When a mailbox is placed “on hold” by using tools such as Litigation Hold in Exchange Online or if an Office 365 eDiscovery case holds and retention policies in the security and compliance center, content located in an auto-expanded archive is also placed on hold.

Messaging records management (MRM): If you use MRM deletion policies in Exchange Online to permanently delete expired mailbox items, expired items located in the auto-expanded archive will also be deleted.

PST Import service: You can use the Office 365 Import service to import PST files to a user’s auto-expanded archivenof up to 100 GB of data.

Common Questions

Can I access my archive at anytime or does need IT input? You can access any folder in thearchive mailbox, including ones that were moved to the auto-expanded storage area.

What about search? Can I search items in the archive? Yep.. But the search process is a little different. You can search for items that were moved these additional storage area but only by searching the folder itself. If the archive folder contains subfolders, you have to search each subfolder separately. This is due to performance and speed since the archive folders are stored on lower tier disks within Exchange Online (well it is an archive).

Can I delete items from the mail archive? Yes, You can delete items in a subfolder that points to an auto-expanded storage area, but the folder itself cannot be deleted manually.

Interested to hear how other Exchange Online Archiving compares and if you see the need for 3rd parties still…?

Proudly powered by WordPress