Microsoft Stock: Microsoft’s Massive Cybersecurity Business: A Detailed Dive

Microsoft Stock

Microsoft Stock (NASDAQ:MSFT)

Microsoft (NASDAQ:MSFT) has a massive cybersecurity industry, which I believe many investors are unaware of. This article will examine Microsoft’s cybersecurity business and assess whether there are any concerns for current cybersecurity pure-play firms such as Palo Alto Networks (NASDAQ:PANW) and CrowdStrike (NASDAQ:CRWD).

Microsoft’s Cybersecurity Business Size

During the fiscal year 2022, Microsoft’s cybersecurity unit topped $20 billion in sales.

This is how Microsoft CEO Satya Nadella sees their own cybersecurity business:

“We are the only firm that provides complete end-to-end technologies for identification, security, compliance, device management, and privacy that are informed and trained on over 65 trillion signals every day. We are increasing our market share in all of the major categories that we serve. Clients are leveraging our security stack to decrease risk, complexity, and expense.”

Microsoft’s cybersecurity division alone rose 33% in 2022, with a massive run rate of $15 billion.

What is the relationship between this $20 billion in cybersecurity revenue and the revenues seen from pure-play cybersecurity players?

Many investors will be startled to learn that Microsoft’s cybersecurity revenue alone exceeds the combined sales of the top five pure-play cybersecurity firms.

I believe that Microsoft’s capacity to grow at a 33% annual rate at a billion-dollar run rate is quite outstanding and illustrates the benefits of the Microsoft brand’s great industry recognition, as well as its strong distribution and bundling capabilities.

You couldn’t be more wrong if you thought Microsoft was sitting on its credentials and not investing in its cybersecurity business. In 2022, Microsoft spent $4 billion on research and development for its cybersecurity division, considerably outperforming any other pure-play cybersecurity company. Microsoft will commit to spending $4 billion on cybersecurity over the next five years, until 2026, for a total commitment of $20 billion by 2026.

Although Microsoft invests $4 billion each year in cybersecurity, this money is split across several sectors. Pure-play cybersecurity players, on the other hand, can invest in their own concentrated business in a more targeted manner. For example, CrowdStrike’s (CROWD) concentration on endpoints and Okta’s (NASDAQ:OKTA) focus on identity assessment management means that their R&D budget is likely to be focused on these areas. As a result, when I add up all of the research and development spending of all pure-play cybersecurity companies, it comes to roughly $5 billion, which is in line with Microsoft’s own R&D budget of $4 billion every year.

Positions of Leadership in Cybersecurity Categories

Needless to say, with this much investment in its cybersecurity business, Microsoft has taken the lead in the majority of cybersecurity categories.

Microsoft, for example, is a Gartner leader in endpoint security systems, access control, enterprise information archiving, and unified endpoint management solutions.

Forrester also acknowledged Microsoft’s leadership in nine categories. Cloud security gateways, endpoint security software, identity as a service, security analytics platforms, and enhanced detection and response are among the nine categories.

Finally, Microsoft was named a leader in unified endpoint management software in IDC’s Vendor Assessment MarketScape assessment for 2022.

With leadership positions in various cybersecurity categories, I believe Microsoft is prepared to continue to be one of the firms that can successfully increase market share across these categories, as it delivers a wide range of top cybersecurity products.

Bundling via Office 365 E3 or E5 allocation accounts for the majority of Microsoft’s cybersecurity revenue, accounting for 30% of total revenue. This indicates Microsoft’s significant competitive advantage in distribution capabilities as a result of its strong brand name and bundling.

Other Systems Infra is a catch-all category that comprises enterprises such as network security, patch, and endpoint management, and email security, among others.

Aside from these two sectors, Microsoft’s Identity and Access Management business is the company’s largest identifiable cybersecurity business outside of the bundles and other segments. This is due to the legacy of Microsoft’s Active Directory. The endpoint security segment is the second largest, with around $3.1 billion in revenue, compared to CrowdStrike’s $2.2 billion.

Business of Identity and Access Management

By 2026, the Identity and Access Management market is predicted to develop at a 14% CAGR and be worth almost $26 billion. Microsoft increased its market share by 9% between 2019 and 2021, whereas Okta increased its market share by 3%. Because Microsoft and Okta’s current market share is just approximately 33%, there are still significant legacy vendor market share prospects available for the two players as the market remains fragmented.

I believe there is room for both Microsoft and Okta to capitalize on infrastructure modernization trends, with Microsoft emerging as the primary wallet share and consolidation winner.

Although Microsoft is less complex than Okta in general, Microsoft has a promising roadmap and its conditional access features are being advertised as Okta-killers.

Larger enterprises, on the other hand, are wary of having too much concentration risk in Microsoft because it may result in a single point of failure, which plays into Okta’s hands. Additionally, Okta is regarded as having the most basic and elegant platform and product design on the market, as well as being easy to adopt and grow. Furthermore, a stronger alliance between Okta and Amazon might most effectively compete with Microsoft in this space.

Based on Gartner reviews, we can see that while Okta has significantly more reviews than Microsoft thus far, its overall rating and willingness to recommend scores are comparable to Microsoft, highlighting my point that both Microsoft and Okta could be the two players to consolidate the market going forward.

Business of Endpoint Security

Endpoint security is predicted to increase at a 16% CAGR and reach almost $22 billion by 2026. From 2019 to 2021, the two highest share gainers are undoubtedly Microsoft and CrowdStrike, which increased their share by 10% and 5%, respectively.

Legacy competitors in the endpoint security industry remain uncompetitive with CrowdStrike and Microsoft products due to poor sales execution, old technology, and other factors.

Newer firms like CrowdStrike and SentinelOne (S) have been rapidly expanding in the market to capitalize on market dislocation as a result of their innovative technology and offerings.

Microsoft has recently chosen a price promotion approach, offering a 50% discount on Defender for Endpoint until June 2023. This is a relatively new region for new players such as CrowdStrike and SentinelOne, as it has shifted the competitive scene to one that may be more price driven. It remains to be seen whether Microsoft’s aggressive price promotions would result in Microsoft gaining market share at the expense of these other companies.

That said, I believe that the next generation of newer companies may have a competitive advantage because they are laser-focused on a certain segment within the cybersecurity space. As a result, Microsoft is finding it challenging to achieve technical parity with these next-generation manufacturers. Furthermore, the robustness of managed products and total cost of ownership varied across the different companies, which could result in each company having a distinct value proposition in the endpoint security industry.

Nevertheless, there is still market share from traditional providers that these players can capture in the long run. SentinelOne may be more vulnerable to Microsoft’s threat than CrowdStrike because of its smaller product portfolio, lower scale, and less enterprise-focused installed base.

CrowdStrike vs. Microsoft

At the end of the day, I’m curious to see how CrowdStrike and Microsoft stack up against one another.

CrowdStrike does a good job of comparing its own endpoint product to all other endpoint security companies, including Microsoft Defender. As shown below, CrowdStrike sees its benefits over Microsoft Defender as signatureless protection, frictionless upgrades, consistent cross-platform support, 24/7 expert hunting, and best-in-class integrated intel.

Microsoft vs. CrowdStrike

Of course, relying solely on CrowdStrike’s advantages over Microsoft Defender is counterproductive. After conducting an extensive investigation, I discovered that CrowdStrike and Microsoft Defender are both rather comprehensive in terms of endpoint security capabilities.

Finally, I believe that clients prefer Microsoft Defender if they are already primarily using a Microsoft-centered environment and do not require additional functionality.

Customers, on the other hand, pick CrowdStrike because of their endpoint solutions, which provide more advanced functionality while remaining simple to use and deploy. Customers who do not have a Microsoft-heavy technological stack are also likely to choose CrowdStrike.

As I looked at the reviews for Microsoft and CrowdStrike, I noticed that a bigger proportion of CrowdStrike’s customers gave it five stars and were more ready to promote the CrowdStrike service.


With the increasing relevance and rising total addressable market in the category, I believe Microsoft will and has been progressively leaning toward its cybersecurity business as a new growth engine.

As a result of its strong brand recognition, distribution, and adequate cybersecurity offerings, Microsoft already has the largest cybersecurity business in the market today. Finally, it gives a more comprehensive solution for consumers and makes it easier to bundle for those who already have a Microsoft-heavy technology stack.

That said, I believe there will be others in the business that are specialists in what they do, and these players can continue to be market leaders alongside Microsoft, as the examples of Okta and CrowdStrike shown before.

This is due to their significant focus on the identity and access management and endpoint security markets, which results in more advanced services, improved technology, and innovation in the category. But, Microsoft’s ability to bundle is a significant competitive advantage that will continue to benefit the company. It doesn’t actually require the most advanced features to maintain market dominance as long as it offers a comprehensive cybersecurity offering. Microsoft stock has gained more than 13% year-to-date.

Featured Image: Pixabay @ efes

Please See Disclaimer

About the author: Stephanie Bedard-Chateauneuf has over four years of experience writing financial content for various websites. Over the years, Stephanie has covered various industries, with a primary focus on consumer stocks, cannabis stocks, tech stocks, and personal finance. This stock lover likes to invest for the long-term. Stephanie has an MBA in finance.