Microsoft is now a serious security vendor. The center piece of their investment in intelligence is the Microsoft Intelligent Security Graph. This is how they describe the way that Microsoft synthesize a vast amount of data from a huge variety of sources: 400 billion emails get analyzed by Outlook.com and Office 365 email services every month.
1.2 billion devices are updated monthly. The 1.2B includes ~750M Windows 10 monthly active devices which they receive telemetry, the balance is Win8/7/Vista/XP which communicate with Windows Update on a monthly basis. 400 Billion emails analyzed monthly.
Microsoft operates 200-plus global cloud, consumer, and commercial services. Everything from outlook.com to Xbox Live to Office 365 to Azure, and so on. And with all of those services, they have a tremendous amount of surface area that they defend.
And so, Microsoft sees more attacks than most other companies on any given day. They get a lot of information from defending against those attacks.
1 Billion plus Azure user accounts give them tremendous insight into how people authenticate to Azure. And that, combined with the 450 billion monthly authentications that they do with Azure Active Directory and Microsoft Account, really give them some tremendous insight into what is normal behavior when it comes to sign-ins and authentications, and what is abnormal behavior, and how often is it that someone has the right password, but they’re not the person they say they are.
Bing scans about 18 billion web pages every month, giving them really great insight into what people are doing with web scripting technologies when it comes to attacks and phishing campaigns. And they have a great way to look at that and understand how they should help customers defend based on that information.
On top of all of that Microsoft layer shared threat data that they get from their partners, from the researchers at Microsoft who are part of their 3,500-plus people that are full time on security, and law enforcement agencies that they partner with worldwide through their digital crimes unit, as well as botnet data that they collect through the digital crimes unit. All of that intelligence makes up the Intelligent Security Graph.