Microsoft's Dominance in the Security Industry

•

It's absurd: Microsoft dominates the security industry. Everyone knows Microsoft Security generates $20B as the largest tech company offering security services. However, few know about the pieces that make up the business. After some digging, I was surprised with my findings:

The security biz is broken down into the following six areas: 1. MSFT Defender 2. MSFT Sentinel 3. MSFT Entra 4. MSFT Intune 5. MSFT Priva 6. MSFT Purview Latest [Microsoft Security CoPilot] I'll go over each, key metrics and reasons for success: Image h/t: @pgosavi7056

1) Microsoft Defender (Est $3.1B Rev): Broken into 2 areas: I) Defender 365 for endpoints + XDR II) Defender for Cloud Security #I is their endpoint, XDR platform and email security. This competes against $CRWD, $S, etc. This is the most *popular* biz, but not the biggest...

#II is their Microsoft Defender for Cloud that provides security for cloud workloads, DevOps, and applications (integrates with GitHub) across hybrid and multi-cloud. This business area competes against cloud security like Wiz, Snyk, and Datadog. An excerpt from Q1 2023.

2) Microsoft Entra (Azure Active Directory (AAD)) (Est 4.3B Rev) This is the Identity security biz that competes against $OKTA. On last week's earnings, they said >720K customers use Entra out of 860K total customers! I have many things to say, but see my detailed notes below:

3) Microsoft Sentinel: (Est 700M Rev) This is the SIEM platform that collects and aggregates security data & logs across an org's entire network from #1 + #2 discussed above into a central pool. It allows for security analytics etc. Sentinel competes against $SPLK or $ESTC.

4) Microsoft Purview (Est. 800M Rev) This is the data security arm that allows companies to govern and manage data assets on cloud and on-prem - enabling data compliance, discovery, cataloging, data lineages against data loss. This biz competes cos with private cos like Rubrik.

5) Microsoft Intune: This is a unified endpoint security arm specifically for hardware security. U-Endpoint management allows companies to centrally manage company devices, like computers, mobile etc through a single console. This competes against private names like Tanium.

6) Microsoft Priva: This is the Privacy, Risk & Mgmt business. This specifically helps companies comply with personal use cases and data privacy regulations such as GDPR and CCPA. This biz competes e.g. Vanta, Drata, OneTrust etc.

NEW: $MSFT Security CoPilot integrates w. OpenAI for security. CoPilot allows security teams to respond to incidents rapidly and curate playbooks for automated responses. This translates into better quality of detection and speed. This has legs to grow! Chart h/t @pgosavi7056

There are other security business areas that are big that I haven't discussed, including: a) IoT & OT Security: This is security for IoT devices and industrial ops tools b) Microsoft Security Experts: This is the Managed services and Managed Detection & Response (MDR) service.

Key metrics: Revenue breakdown (courtesy of Citi/cc: @simpleinvest01) - Total customers: >860,000 includes E5/E3 users - Last Q1 2023: Customers using 4+ products or more are 600K / growing 35% YoY - It decelerated from the last Q4 2022 at 40% YoY and Q3 50% YoY. Still solid.

In a recent interview w/ $MSFT Executives, it was mentioned they have 8% market share across the security ecosystem. [See this interview: youtube.com/watch?v=AK_sVf9Ny-U&t=635s&ab_channel=NightDragon] An 8% market share is fair compared to $PANW's 3.5% when you compare $20B to $6B TTM Revs. twitter.com/InvestiAnalyst/status/1626629764537540608?s=20

I'd like to propose a couple of hypotheses behind why they have been so successful in their security business: 1/ Acquisitions & key hire 2/ Outspending competitors in R&D 3/ Bunding & pricing strategy during a slowdown 4/ Platform approach and vendor consolidator strategy.

1/Successful Acquisitions / Hiring: From the time, Satya was announced in 2014. He recognized security as a driver. Most of their security acquisitions began in 2014, and they've been tucked in well. Satya appointed Charlie Bell's (MSFT security EVP), who built AWS for 23-yrs!

2/ The R&D Investment from 2021 to 2026: Their CVP confirmed this last week at RSA on Bloomberg! They are aggressively investing around $4B across the six categories of security. This likely explains why they can offer many of their products at no cost.. rcpmag.com/articles/2021/08/26/microsoft-20-billion-for-cybersecurity.aspx?oly_enc_id=7843D6863712H0L

3/ Bundling sales strategy. $MSFT's popular premium E5 and mid-tier E3 software package include cybersecurity, especially for identity and endpoint security features. The difference btw the two is that E5 includes additional advanced security features and E3 is much more basic.

Pricing during a downturn You'll likely have seen this page promoted on their site A sales AE friend told me that MSFT specifically sells these services at a loss during downturns to attract lots of freemium users / consolidate and drive prices up as the economy gets better.

The crazy part is that $MFST is nw recognized as a Gartner and forester in about 4/6 categories discussed above. Companies and CISOs are fine leveraging MSFT over many of the next-gen security players. I illustrated one example with $CRWD in this thread twitter.com/InvestiAnalyst/status/1649175630704185345?s=20

4/ Platform approach and vendor consolidation beneficiary. MSFT now provides security across 80% of the entire security ecosystem, from identity and endpoint to data. Importantly ACROSS CLOUDS & MULTI-platform, this makes MSFT a huge threat to incumbents and emerging startups.

At 8% market share growing >30% CAGR, $MSFT continues to be a force to monitor for security investors and operators, especially coming out of this SaaS recession. Also, hope they disclose more information overtime. Thanks for reading! If this was helpful, feel free to share!