Security Execs: Microsoft’s Position As OS, Security Software Provider Looms Over MSP Landscape

‘We’re always going to sit in the middle and basically have to deal with rising alert volumes, giant telemetry repositories, faster IOCs [indicators of compromise] conversion, more containment,’ says WatchGuard Field CTO Adam Winston.

The role of software giant Microsoft as an operating system maker and a security software provider that wields enormous power looms over the MSP security landscape, said top security executives in a recent CRN Security Roundtable discussion.

Adam Winston, field CTO at SMB security stalwart WatchGuard Technologies, said that security software makers are being forced to grapple with bundled Microsoft security products—including Microsoft Defender antivirus—that open the door to significant security challenges for MSPs.

“This is where we have to step in the middle,” said Winston. “I think there are a lot of MSPs that do hitch their wagon to Microsoft and say, ‘You’re going to have it anyway, you’re in the bundle anyway.’ So now the MSP has to be the differentiator for the service.”

This is the prevalent situation even as Microsoft releases hundreds of security patches each year with 50 million lines of Windows source code that are a target for bad actors, said Winston.

“That is the weird way that this ecosystem has evolved,” said Winston. “So we’re always going to sit in the middle and basically have to deal with rising alert volumes, giant telemetry repositories, faster IOCs [indicators of compromise] conversion, more containment. And for the partners, we can’t do it unless you put us there [in the MSP security stack]. Help me help you.”

Seattle-based WatchGuard, for its part, has had to integrate with Microsoft Defender and Azure because Microsoft is so “ubiquitous,” said Winston.

Microsoft’s dominant role as an operating system maker and security software maker is simply a fact of life for security software makers, he said. “It’s kind of there in the success of their business model, and it’s also there in how we have all dual deployed this stuff,” he said. “We have kind of accepted this reality.”

Microsoft Says It Is ‘Committed To ‘Ensuring A Level Playing Field’

“As both the platform provider and a security solution developer, Microsoft is committed to ensuring a level playing field for software security providers,” said Microsoft in a written response to CRN questions after concerns were raised by security software executives in a CRN Security Roundtable session. “This is demonstrated through the Microsoft Virus Initiative (MVI) program, a program that provides third-party security vendors with Windows APIs, system capabilities, early access to platform changes, and technical documentation to ensure their applications run reliably and securely on Windows devices.”

Microsoft’s market share for Microsoft Defender for worldwide modern endpoint security surged from 25.8 percent in 2023 to 28.6 percent in 2024, followed by CrowdStrike at 16.8 percent, Broadcom at 6 percent, Trellix at 5.9 percent and Sophos at 5 percent, according to an IDC market-share report released in May.

Microsoft Defender Antivirus is included free with the Windows operating system, but Microsoft Defender for Endpoint and Microsoft Defender for Office 365 do require subscriptions.

One sign of the sometimes-contentious relationship between Microsoft and security software providers came when questions arose about third-party security software maker access to the Microsoft Windows kernel in the wake of the massive CrowdStrike-caused outage in July 2024. That incident, which was caused by a defective CrowdStrike configuration update, sent 8.5 million Windows devices into a “blue screen of death” state, leading to widespread societal disruptions.

The threat of potentially losing Windows kernel access looms over security software vendors, said Winston. “When does it become the drop-dead date for us to be able to stop an attack in memory or at the kernel level?” he asked. “That super-critical spot in the operating system that we need to be more powerful than the attacker’s exploit. If they pull us down and they get a first jump at the net in volleyball, what are we supposed to do? Just handle whatever destruction there is after the fact?”

Winston called the current security landscape a “squeeze play” of sorts for security software makers competing with Microsoft. “Even if we are better than them now with that monopoly power, they have the opportunity to make us worse just on architecture, just based on owning the operating system, just based on kicking us out of the kernel [if they decided to],” said Winston.

Microsoft: ‘Committed To The Openess Of The Windows Platform’

As to the claim that it has monopoly power in the security market due to its dual role, Microsoft wrote: “We are committed to the openness of the Windows platform and support choice for our customers in their security software decisions.”

In fact, Microsoft said that its “current policy ensures that third-party security software vendors continue to have access to the Windows kernel,” just as they have in the past.

“While we are developing new platform capabilities that allow security solutions to operate outside of kernel mode—enhancing system resiliency and reducing risk—kernel access remains available and supported for vendors who require it,” Microsoft wrote.

Winston conceded that the Microsoft security technology stack has gotten better, but there is a security configuration and software product “literacy” issue that is a challenge for MSPs. “You can’t just say, ‘Oh I’m going to take stuff in the stack, I don’t know what’s good or what’s bad,’” he said.

The complexity of configuring the Microsoft software and the different versions in an IT environment is a big issue for MSPs, said Winston. That leaves MSPs dealing with a security “delta” with a good product that is poorly configured or even a good product that is not the proper version or simply the lack of knowledge of the “gaps” that come into play with a Microsoft stack.

“Microsoft can be horrible because of how difficult it is probably to use and because most people don’t understand most of the modules and how it works,” said Winston.

As for Microsoft Defender, which has steadily gained share, Winston conceded it has gotten “much, much better” over the last several years.

“Is it anywhere near the dedicated [security software] guys?” asked Winston rhetorically. “No. We can crush it in our sleep every night: detection, response, automation, anything, the network side, it is not there. The licensing, all the ways that you would make a purchase decision about an endpoint, you’re still always better in third-party hands.”

Inky Not able To Play In Consumer Email Security Market

Dave Baggett, founder and CEO of email security vendor Inky, said it is not possible for the College Park, Md.-based company to play in the consumer email security segment of the market in the Microsoft-dominated technology landscape.

“Everyone tells me, ‘My parents are constantly getting phished — can they hook Inky up to their Outlook.com account?’” he said. “The answer is ‘no’ because there is no way to get into that mail flow. They don’t want us there. That is true for the ISVs too. That future is already completely real for me. I can’t have a consumer- facing product even if I wanted to.”

Xan Stevenson, head of partner sales and distribution for breakout Network-as-a-Service provider Meter, said the company’s multiyear partnership with Microsoft to advance networking is benefiting partners.

“The compelling event for partners that I have seen is they want to bring the whole network as a consumption model rather than bring your own license via the [Microsoft Azure marketplace],” he said. “So I think they are trying to change the conversation in terms of how Cloud Service Providers and others are basically going to market and incubate the Meter story there.”

San Francisco-based Meter, in fact, is leveraging the Microsoft Azure marketplace to promote, sell and distribute the Meter Network-as-a-Service offering to customers globally. “We just wouldn’t get to the table otherwise,” Stevenson said.

An MSP’s View On Microsoft’s Massive Security Investment

David Stinner, founder and president of MSSP US itek, Buffalo, N.Y., said no independent security vendor can match the breadth and depth of the massive resources and investments Microsoft makes to keep MSPs and their customer secure.

“No one in the world spends more on security than Microsoft,” said Stinner. “They spend billions of dollars a year and have the equivalent of 34,000 full-time engineers working on security. WatchGuard and others just cannot match the investment and personnel Microsoft is making to keep MSPs secure. There is something to be said about having a different OS and security vendor, but the sheer volume of the Microsoft security effort overcomes that fear. The Microsoft security stack is deep and it’s getting deeper.”

Microsoft recently unveiled two new add-on SKUs for small- business-focused MSPs that provide enterprise-level security for $10 per month, per user that was previously only available under the higher-tier 365 E3 and E5 licensing models, said Stinner.

The new Microsoft Defender Suite for Business Premium includes advanced threat protection, identity protection behavioral analytics and automated response.

The Microsoft Purview Suite for Business Premium includes insider risk management, information protection, life-cycle management and investigation readiness.

“Microsoft is increasingly encroaching on the terrain of established security vendors like WatchGuard, Sophos and others,” said Stinner. “But wouldn’t you rather use a security company with 34,000 head count in cybersecurity than a company with a couple of thousand employees?

Stinner conceded that you have to be a “mature” MSP to understand the complexities of the Microsoft security stack, but he stressed that in this “fast-changing world of AI” Microsoft is providing critical software and tools that allow MSPs and their customers to be successful in areas like data governance and data loss prevention.

One critical feature that Microsoft is providing in terms of data governance is to limit who has access to a document, restricting the ability to access the file even if it has been the subject of a breach or been accidentally released to someone outside the organization, said Stinner. “If you are taking customers into the AI world, you need the kind of security tools Microsoft is providing to MSPs,” he said.

Stinner said he believes Microsoft does not get enough credit for the big gains it has made in keeping MSPs and their customers secure in the midst of a massive increase in security threats. “A lot of people are still drinking the Kool-Aid that you need a different security vendor separate from Microsoft as an operating system provider,” he said. “I think you still need defense in-depth with security offerings from different vendors, but I believe you can trust Microsoft products because of the gigantic investment they have made in the Microsoft Defender stack of security tools and the operating system.”

Stinner said he sees a renaissance of sorts with Microsoft playing a bigger role in the MSP community. “Microsoft is finally paying more attention to MSPs with a lot of their multitenant interfaces,” he said. “Microsoft previously lacked multitenant interfaces but now with Microsoft 365 Lighthouse you can manage the entire Microsoft Azure, 365 and the entire security stack in one easy-to- use multitenant interface.”