Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

For Microsoft, Security is a $10 Billion Business

Microsoft Building

Microsoft Building

NEWS ANALYSIS: Microsoft generated a whopping $10 billion in security-related revenues in just the last 12 months and is now positioned as an enterprise cybersecurity powerhouse.

Microsoft’s decades-long transformation from an embarrassment to a legitimate powerhouse in cybersecurity is showing significant financial returns: more than $10 billion in security-related revenues in just the last 12 months.

The $10 billion figure, deliberately broken out during Microsoft CEO Satya Nadella’s last earnings call (transcript), comes from what Redmond describes as “advanced security and compliance offerings” sold to hundreds of thousands of corporate customers.

The products and services sold include Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection. 

Nadella was downright boastful about the company’s performance — and ambition — in the lucrative cybersecurity business.  “This [$10 billion-a-year] milestone is a testament to the deep trust organizations place in us and we will continue to invest in new capabilities across all our products and services to protect our customers,” Nadella said. 

For business analysts and industry watchers, the windfall is final confirmation that Microsoft has figured out its place as a prominent security vendor after multiple hits-and-misses over the years.

“Ten billion dollars in revenue with 400,000 customers cements the vendor as a cybersecurity behemoth, without a doubt,” Forrester analysts Jeff Pollard and Joseph Blankenship wrote in a research note.

“As more and more businesses move to cloud, the idea of rationalizing the number of vendors they work with and simplifying security continues to appeal to CISOs, CIOs, and CFOs alike. Fears of “lock in” are disregarded in favor of “good enough” and “integrated.”

Advertisement. Scroll to continue reading.

“With offerings spanning everything from the operating system to the cloud — and everything in between, it seems — Microsoft has achieved its goal of being a mega-security vendor,” the Forrester analysts said.

The results are also an ominous sign for startups and entrepreneurs selling security bolt-ons atop Microsoft’s OS and cloud offerings.  “This makes [Microsoft] an existential threat for many companies, especially if they compete in the security analytics, endpoint, identity, and email security markets,” Pollard and Blankenship wrote.

For many years, Microsoft struggled to figure out its place in the anti-malware market, investing heavily in a range of consumer paid suites (remember Windows Live OneCare?) before settling on the strategy of bundling Windows Defender into the operating system and cloud services.

The company also doubled down on its investments in security and risk management and found instant success with the Microsoft Azure Sentinel product, a product that falls neatly within the security information event management (SIEM) and security orchestration automated response (SOAR) categories.

“What we have built is very helpful in times of crisis and there is a big crisis right now,” Nadella said in a Yahoo Finance interview. “But you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”  

As businesses speed up digital transformation plans, Microsoft now sits in an enviable position of being able to sell hybrid and cloud offerings and then sell “advanced security and compliance offerings” to those enterprise licensees.

With hundreds of millions of Windows users globally generating data and telemetry to beef up its security capabilities, Microsoft is set up to cash in even more.  The company processes 30 billion+ authentications daily across Azure AD’s 425 million users and boasts that it analyzes upwards of eight trillion security signals across its platforms and services. 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.