CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

ENDPOINT SECURITY CYBERSECURITY OPERATIONS REMOTE WORKFORCE News, news analysis, and commentary on the latest trends in cybersecurity technology. CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry Once CrowdStrike's nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry. Jeffrey Schwartz,Contributing Writer April 3, 2026 3 Min Read SOURCE: MAURICE NORBERT VIA ALAMY STOCK PHOTO Last week, Microsoft Defender for Endpoint became the first endpoint detection and response (EDR) solution to be integrated with CrowdStrike's Falcon Next-Gen SIEM, leveraging Defender data to support third-party EDRs. This new support lets customers use Defender telemetry and controls in CrowdStrike's Next-Gen SIEM.  "We'll tap into that and provide comprehensive security in our platform, even if they're using other endpoint technology," said CrowdStrike CTO Elia Zaitsev.   The platform now ingests data directly, accelerating Falcon's threat detection and enabling smart filtering and real-time analytics, he said.  "We can perform intelligent filtering to more efficiently manage which data is being ingested into our platform," Zaitsev said. CrowdStrike also launched Falcon Onum to manage log data for its Next-Gen SIEM, letting Microsoft Defender telemetry be processed at scale. Onum is the company CrowdStrike acquired last year for its real-time pipeline technology. Related:Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense Also for the first time, CrowdStrike's offerings are now available in the Microsoft Marketplace (formerly known as the Azure Marketplace). Most large enterprise customers that sign cloud usage agreements with Microsoft through the Microsoft Azure Consumption Commitment (MACC) can use those committed funds for third-party offerings available in the marketplace. Until last month, CrowdStrike was the only major cybersecurity platform provider whose wares were not available there. CrowdStrike has been listed in the AWS Marketplace since 2017 — a partnership that brought in $1 billion in annual revenue in 2024. "It's a whole new ecosystem for us to partner with inside of the world of Azure and Microsoft," CrowdStrike chief business officer Daniel Bernard tells Dark Reading. A Vocal Critic of Microsoft It is not entirely surprising that CrowdStrike wasn't also in Microsoft's marketplace, considering co-founder and CEO George Kurtz has been a long-time vocal critic of Microsoft. Just two years ago, Kurtz was vociferously critical of Microsoft in the days and weeks after Midnight Blizzard (also known as APT29, Cozy Bear, and Dukes), a threat group affiliated with Russian intelligence services (SVR), exploited vulnerabilities in Microsoft's software. Kurtz faulted Microsoft for a variety of "systemic failures."  Midnight Blizzard struck in 2020 by injecting Sunburst backdoor malware in SolarWinds Orion. Kurtz called Microsoft's software "antiquated" in his testimony before the US Senate's Select Committee on Intelligence, the Congressional entity investigating that incident. Related:Hexnode Moves into Endpoint Security With Hexnode XDR "The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network," he said, noting the threat actors bypassed Microsoft's authentication schemes. In March 2024, he told CNBC that instead of calling it a SolarWinds incident, it "really should be called the Microsoft hack because they were a big part of that compromise in terms of having their infrastructure and credentials being compromised." Kurtz had also called out Microsoft a year earlier in the wake of an attack by a group known as Storm-0558, which exploited vulnerabilities in Microsoft Azure Active Directory (now Microsoft Entra). During that incident, hackers used stolen keys to forge authentication credentials and access the mailboxes of key government officials, including then-Secretary of Commerce Gina Raimondo. Shared Interest in Formula 1 It appears a shared interest in Formula 1 car racing between the two companies led to the ultimate détente last year. Kurtz is a board member and co-owner of the Mercedes-AMG Petronas F1 team, and when Microsoft sought sponsorship, the two companies started talking.  "In an interesting way, Formula One sort of brought us together on a more strategic level," CrowdStrike chief business officer Daniel Bernard tells Dark Reading. "The certainties in life are threefold — death, taxes, and Microsoft. So rather than fight, let's find ways that customers can use all of our products, and customers want to do that." Related:CrowdStrike to Buy SGNL to Expand Identity Security Capabilities About the Author Jeffrey Schwartz Contributing Writer Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Gartner IGA Voice of the Customer 2026 Cybersecurity Forecast 2026 The ROI of AI in Security Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like ENDPOINT SECURITY Is the Browser Becoming the New Endpoint? by Arielle Waldman SEP 09, 2025 ENDPOINT SECURITY We've All Been Wrong: Phishing Training Doesn't Work by Nate Nelson, Contributing Writer JUL 01, 2025 ENDPOINT SECURITY Attackers Lace Fake GenAI Tools With Malware by Alexander Culafi, Senior News Writer, Dark Reading MAY 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology APPLICATION SECURITY Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain APR 3, 2026 ENDPOINT SECURITY The Forgotten Endpoint: Security Risks of Dormant Devices MAR 31, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 CYBERSECURITY OPERATIONS AI-Native Security Is a Must to Counter AI-Based Attacks MAR 25, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS