Microsoft Defender email security benchmarking: One year of production telemetry
Microsoft publishes quarterly email security benchmarking data comparing Defender against SEG and ICES vendors using real-world threat telemetry across four consecutive quarters.
Attack Brief
TargetEmail security (Microsoft Defender for Office 365, secure email gateway vendors, integrated cloud email security vendors)VectorEmail-borne threats: high-severity cyberthreats, malicious messages, spam, promotional/bulk email
Technical Details
AffectedMicrosoft Defender for Office 365; third-party ICES vendors integrated with Defender; SEG vendors evaluated in benchmarking (July 2025–April 2026)
Impact
Confirmed DamageDefender missed 59% fewer high-severity email threats than next-closest SEG vendor; post-delivery malicious catch by Defender increased from 45% to 96% average across evaluation periods
Mitigation
DetectionPost-delivery malicious catch and remediation via Microsoft Defender; native Promotions folder filtering in Outlook to reduce inbox clutter; layered email security strategy combining Defender with third-party ICES vendors
Context
Similar AttacksBenchmarking methodology compares pre-delivery detection (SEG vendors) and post-delivery remediation (ICES vendors) against Defender baseline; ICES vendors show 15% average uplift in promotional/bulk email filtering but only 0.13–0.28% uplift in malicious and spam catch