In our final benchmarking submit, Readability in complexity: New insights for clear e mail safety,1 we shared why transparency issues greater than ever in e mail safety and the way clear, constant benchmarking helps safety groups reduce by means of noise and make assured selections.
Right this moment, we’re persevering with that dialog. With the newest Microsoft benchmarking information, we’re sharing what real-world telemetry reveals about how successfully fashionable e mail threats are detected, mitigated, and stopped by Microsoft Defender, safe e mail gateway (SEG) suppliers, and built-in cloud e mail safety (ICES) options.
That is a part of our ongoing dedication to openness: usually publishing efficiency information so prospects can see how protections carry out at scale.
What’s new within the newest benchmarking information
The latest benchmarking outcomes mirror up to date telemetry throughout latest months and reinforce a number of constant traits:
- Microsoft Defender removes a mean of 70.8% of malicious e mail post-delivery, serving to cut back dwell time even when cyberthreats bypass preliminary filtering.
- Layered safety issues. When Defender operates alongside ICES companions, organizations profit from incremental detection beneficial properties throughout promotional, spam, and malicious messages.
- Overlapping detections stay, which means ICES options can flag the identical messages and the incremental value-add can fluctuate by state of affairs and e mail sort.
This type of data-driven visibility is essential for safety groups who need to perceive not simply whether or not cyberthreats are blocked, however how and the place defenses are including worth throughout the e-mail assault lifecycle.
Benchmarking outcomes for ICES distributors
Microsoft’s quarterly evaluation reveals that layering ICES options with Microsoft Defender proceed to offer a profit in decreasing advertising and bulk e mail, enhancing their filtering by a mean of 13.7%. This reduces inbox muddle and boosts person productiveness in environments with excessive volumes of promotional e mail. For filtering of spam and malicious messages, the incremental beneficial properties stay modest, and the newest quarter reveals a smaller uplift than the prior interval—averaging 0.29% and 0.24% respectively, in comparison with 1.65% and 0.5% within the prior report.
Focusing solely on malicious messages that reached the inbox, the newest quarter reveals Microsoft Defender’s zero hour auto purge performing nearly all of submit‑supply remediation—eradicating a mean of 70.8% of those threats. ICES distributors offered extra submit‑supply filtering, contributing a mean of 29.2%. Collectively, this highlights two factors: submit‑supply remediation is a essential backstop when cyberthreats evade preliminary filtering, and in these outcomes Microsoft Defender delivered a lot of the submit‑supply catch, whereas ICES distributors add incremental protection on this state of affairs.
Benchmarking outcomes for SEG distributors
For the SEG vendor benchmarking metrics, a cyberthreat was labeled as “missed” if it was not detected previous to supply. Utilizing this definition, Microsoft Defender missed fewer high-severity cyberthreats than different options evaluated within the research, per patterns noticed in our prior benchmarking report.
Reinforcing our dedication to the ICES vendor ecosystem
Transparency doesn’t cease at Microsoft’s personal detections. It additionally extends to how we work with companions.
After we launched the Microsoft Defender for Workplace 365 ICES vendor ecosystem, our objective was clear: allow prospects to combine trusted, non-Microsoft e mail safety options right into a unified Defender expertise, with out fragmenting workflows or visibility.
That dedication continues at this time.
- The ICES vendor ecosystem now contains 4 companions—Darktrace, KnowBe4, Cisco, and VIPRE Safety Group—all built-in straight into Microsoft Defender throughout experiences resembling Quarantine, Explorer, e mail entity pages, superior searching, and reporting.
- Prospects retain a single operational airplane within the Defender portal, even when layering a number of e mail safety applied sciences.
- Integrations are deliberate and additive, designed to boost safety and readability with out rising operational complexity.
- The ecosystem helps defense-in-depth methods whereas preserving a single, coherent safety expertise.
The latest additions reinforce our perception that e mail safety is strongest when it combines native platform intelligence with specialised associate capabilities, surfaced by means of a single pane of glass.
We proceed to actively consider extra partnerships primarily based on buyer demand, detection high quality, and the flexibility to ship significant, differentiated indicators.
Why this issues for safety groups
E-mail stays probably the most focused and exploited assault vectors, and fashionable campaigns not often depend on a single approach or management hole.
By pairing clear benchmarking with built-in, multi-vendor safety, safety groups acquire:
- Clear perception into detection protection throughout native and associate options.
- Decreased investigation friction with unified views and workflows.
- Confidence in layered defenses, backed by usually printed information.
This isn’t about claiming perfection. It’s about exhibiting the work, sharing the numbers, and giving prospects the knowledge they should make knowledgeable safety selections.
Wanting forward
We’ll proceed to publish up to date benchmarking insights regularly, alongside ongoing investments in Microsoft Defender and the ICES vendor ecosystem.
To discover the newest benchmarking information and study extra about how Defender and ICES companions work collectively, entry the benchmarking web site.
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our skilled protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.
1Readability in complexity: New insights for clear e mail safety, Microsoft. December 10, 2025.
