News

Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365. The initiative introduces tighter collaboration between Microsoft and third-party security vendors through open APIs and shared threat intelligence, aiming to create a unified and adaptable defense layer for enterprise e-mail.

Announced Tuesday, the ICES framework allows approved vendors to connect directly into Microsoft's security stack via Microsoft Graph API and Security Copilot. The goal is to enhance protection through pre-delivery filtering, real-time scanning and post-delivery remediation—all natively managed within the Defender for Office 365 platform.

Under the new ICES framework, Microsoft will invite partners to collaborate across three key areas: pre-delivery filtering, real-time scanning of links and attachments and post-delivery investigation and cleanup. The new model will enable these services to act directly within Defender via Microsoft Graph API and Security Copilot integrations.

"This partner ecosystem is about creating a cohesive defense fabric that enhances SOC efficiency with Microsoft Defender for Office 365 as the foundation," said Microsoft in the announcement blog. "The ecosystem also provides flexibility, scalability and preparedness for the complexities of contemporary enterprise security."

For customers, ICES provides several tangible benefits:

  • Reduced tool overlap. Enterprises can deprecate overlapping SEG controls by embedding partner detections within Defender.
  • Improved incident response. Partner alerts and forensics now feed into Microsoft 365 Defender's native workflows, improving SOC efficiency.
  • Faster remediation.  API-driven post-delivery actions (quarantine, bannering, etc.) supplement Microsoft's ZAP and Campaign Views tools.
  • Flexible adoption. Organizations can onboard ICES partners gradually, matching their risk posture and security maturity.

The ICES ecosystem is currently available to select partners, with broader vendor participation expected later this year. It represents a continuation of Microsoft's security unification strategy, which aims to consolidate identity, device, email and cloud protection under the Defender brand, the company said.

Microsoft has already announced the first firms to join its new ICES framework:

With this in mind, we are pleased to announce that our trusted ICES security vendors,  Darktrace and KnowBe4, have become the first launch partners within our ecosystem. They offer customers a seamless and collaborative defense framework where each solution enhances the strengths of the others. We welcome additional partners soon as we continue to expand this integrated ecosystem.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.