Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

For Microsoft, Security is a $10 Billion Business

Microsoft Building

Microsoft Building

NEWS ANALYSIS: Microsoft generated a whopping $10 billion in security-related revenues in just the last 12 months and is now positioned as an enterprise cybersecurity powerhouse.

Microsoft’s decades-long transformation from an embarrassment to a legitimate powerhouse in cybersecurity is showing significant financial returns: more than $10 billion in security-related revenues in just the last 12 months.

The $10 billion figure, deliberately broken out during Microsoft CEO Satya Nadella’s last earnings call (transcript), comes from what Redmond describes as “advanced security and compliance offerings” sold to hundreds of thousands of corporate customers.

The products and services sold include Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection. 

Nadella was downright boastful about the company’s performance — and ambition — in the lucrative cybersecurity business.  “This [$10 billion-a-year] milestone is a testament to the deep trust organizations place in us and we will continue to invest in new capabilities across all our products and services to protect our customers,” Nadella said. 

For business analysts and industry watchers, the windfall is final confirmation that Microsoft has figured out its place as a prominent security vendor after multiple hits-and-misses over the years.

“Ten billion dollars in revenue with 400,000 customers cements the vendor as a cybersecurity behemoth, without a doubt,” Forrester analysts Jeff Pollard and Joseph Blankenship wrote in a research note.

“As more and more businesses move to cloud, the idea of rationalizing the number of vendors they work with and simplifying security continues to appeal to CISOs, CIOs, and CFOs alike. Fears of “lock in” are disregarded in favor of “good enough” and “integrated.”

“With offerings spanning everything from the operating system to the cloud — and everything in between, it seems — Microsoft has achieved its goal of being a mega-security vendor,” the Forrester analysts said.

The results are also an ominous sign for startups and entrepreneurs selling security bolt-ons atop Microsoft’s OS and cloud offerings.  “This makes [Microsoft] an existential threat for many companies, especially if they compete in the security analytics, endpoint, identity, and email security markets,” Pollard and Blankenship wrote.

For many years, Microsoft struggled to figure out its place in the anti-malware market, investing heavily in a range of consumer paid suites (remember Windows Live OneCare?) before settling on the strategy of bundling Windows Defender into the operating system and cloud services.

The company also doubled down on its investments in security and risk management and found instant success with the Microsoft Azure Sentinel product, a product that falls neatly within the security information event management (SIEM) and security orchestration automated response (SOAR) categories.

“What we have built is very helpful in times of crisis and there is a big crisis right now,” Nadella said in a Yahoo Finance interview. “But you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”  

As businesses speed up digital transformation plans, Microsoft now sits in an enviable position of being able to sell hybrid and cloud offerings and then sell “advanced security and compliance offerings” to those enterprise licensees.

With hundreds of millions of Windows users globally generating data and telemetry to beef up its security capabilities, Microsoft is set up to cash in even more.  The company processes 30 billion+ authentications daily across Azure AD’s 425 million users and boasts that it analyzes upwards of eight trillion security signals across its platforms and services. 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.