Microsoft Defender email security benchmarking: Key insights from one year of data

Staff Editor 2026-06-15
Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft Defender email security benchmarking: Key insights from one year of data

https://www.microsoft.com/en-us/security/blog/2026/06/15/microsoft-defender-email-security-benchmarking-key-insights-from-one-year-of-data/

Publish Date: 2026-06-15 12:00:00

Source Domain: www.microsoft.com

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway (SEG) and integrated cloud email security (ICES) vendors using real-world threat telemetry.

A year ago, we set out to change how email security effectiveness is measured. With our first benchmarking report in July 2025, we committed to publishing real-world performance data, not synthetic tests, so security teams could make decisions grounded in evidence. With each quarterly update, we refined our methodology, expanded our analysis, and listened to customer and partner feedback.

Alongside it, we established the Microsoft Defender ICES vendor ecosystem, designed to enable seamless integration with trusted third-party vendors and streamline security operations center (SOC) workflows for organizations who have chosen a multi-vendor email security strategy.

Key insights from a year of email benchmarking

With four consecutive quarters, several findings have proven to be durable insights, highlighting the sustained realities of how layered email security performs in production:

1. Defender consistently leads in pre-delivery detection. Across every benchmarking period since July 2025, Defender has missed fewer high-severity cyberthreats than every SEG vendor evaluated, while the next closest SEG vendor had 2.5 times more misses.

2. ICES vendors add the most value in promotional and bulk email filtering. Promotional filtering uplift has been the clearest area of ICES value with an average uplift of 15% over the four quarters of evaluation. Meanwhile ICES vendor uplift for malicious catch and spam has consistently remained relatively nominal, averaging at 0.29% and 0.68%, respectively. In addition, over the last three quarters we’ve seen a consistent downward trend in these numbers, as we have continued to drive innovation in post-delivery mail detection.

3. Defender’s share of post-delivery remediation has grown…

Source

More Stories

Cybersecurity Experts Ask Feds to Lift Restrictions on Mythos

Cybersecurity Experts Ask Feds to Lift Restrictions on Mythos

Staff Editor 2026-06-15
Cyber Attack on Oracle Exposes Data of Higher-Ed Clients

Cyber Attack on Oracle Exposes Data of Higher-Ed Clients

Staff Editor 2026-06-15
CrowdStrike is up 80% since April. Terranova says it’s still a buy.

CrowdStrike is up 80% since April. Terranova says it’s still a buy.

Staff Editor 2026-06-15

Terms and Conditions - Privacy Policy