News
Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365
- By Chris Paoli
- June 17, 2025
Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365. The initiative introduces tighter collaboration between Microsoft and third-party security vendors through open APIs and shared threat intelligence, aiming to create a unified and adaptable defense layer for enterprise e-mail.
Announced Tuesday, the ICES framework allows approved vendors to connect directly into Microsoft's security stack via Microsoft Graph API and Security Copilot. The goal is to enhance protection through pre-delivery filtering, real-time scanning and post-delivery remediation—all natively managed within the Defender for Office 365 platform.
Under the new ICES framework, Microsoft will invite partners to collaborate across three key areas: pre-delivery filtering, real-time scanning of links and attachments and post-delivery investigation and cleanup. The new model will enable these services to act directly within Defender via Microsoft Graph API and Security Copilot integrations.
"This partner ecosystem is about creating a cohesive defense fabric that enhances SOC efficiency with Microsoft Defender for Office 365 as the foundation," said Microsoft in the announcement blog. "The ecosystem also provides flexibility, scalability and preparedness for the complexities of contemporary enterprise security."
For customers, ICES provides several tangible benefits:
- Reduced tool overlap. Enterprises can deprecate overlapping SEG controls by embedding partner detections within Defender.
- Improved incident response. Partner alerts and forensics now feed into Microsoft 365 Defender's native workflows, improving SOC efficiency.
- Faster remediation. API-driven post-delivery actions (quarantine, bannering, etc.) supplement Microsoft's ZAP and Campaign Views tools.
- Flexible adoption. Organizations can onboard ICES partners gradually, matching their risk posture and security maturity.
The ICES ecosystem is currently available to select partners, with broader vendor participation expected later this year. It represents a continuation of Microsoft's security unification strategy, which aims to consolidate identity, device, email and cloud protection under the Defender brand, the company said.
Microsoft has already announced the first firms to join its new ICES framework:
With this in mind, we are pleased to announce that our trusted ICES security vendors, Darktrace and KnowBe4, have become the first launch partners within our ecosystem. They offer customers a seamless and collaborative defense framework where each solution enhances the strengths of the others. We welcome additional partners soon as we continue to expand this integrated ecosystem.