KnowBe4 integrates with Microsoft to boost email threat defence
KnowBe4 has announced a strategic integration with Microsoft Defender for Office 365, marking the first partnership within Microsoft's new Integrated Cloud Email Security (ICES) vendor ecosystem.
This new collaboration brings KnowBe4's AI-powered threat detection and human risk management capabilities together with Microsoft's email security tools, aiming to create a more unified defence against email-based threats for organisations using Microsoft 365.
According to KnowBe4, the integration is specifically designed to complement Microsoft 365's existing security infrastructure rather than replace it. By incorporating KnowBe4 Defend's advanced inbound threat detection, organisations can retain their current Microsoft security configuration while adding another protective layer focused on specialised threat identification and response.
One of the main features of the integration is the seamless flow of KnowBe4 alerts directly into the Microsoft Defender quarantine console. This functionality enables security teams to manage threats and investigate alerts within a single interface, streamlining workflows and improving response efficiencies.
The partnership is positioned as a significant development in Microsoft's ICES ecosystem, which promotes collaborative cybersecurity between Microsoft and third-party vendors. The approach reflects a broader trend in the industry towards integrated, interoperable solutions that support a layered security model. This new collaboration is driving meaningful innovation in cybersecurity. By combining Microsoft's email and collaboration security infrastructure with KnowBe4's leadership in human risk management and robust threat detection capabilities, organisations can now capitalise on a truly integrated defence strategy that benefits from the unique strengths of both platforms. We look forward to offering this to our global customers to help them enhance their security efforts.
The integration aims to increase the probability of detecting and preventing sophisticated email threats before they can impact end users. By leveraging multiple methods of analysis and detection across both platforms, the solution offers organisations a multilayered approach to email security. Additionally, it provides security operations centres (SOC) unified tools for quick investigation, root cause analysis, and tactical response to incidents.
KnowBe4 describes its platform as an AI-driven system for human risk management, used by more than 70,000 organisations globally. The company's HRM+ platform features modules such as security awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing services, and AI defence agents. The integration with Microsoft Defender for Office 365 expands this toolkit, allowing organisations already invested in Microsoft's email security products to build upon their existing defences.
The new collaboration provides a practical example of how security vendors can cooperate to deliver enhanced protection for their shared customer base. The inclusion of KnowBe4 as the first vendor in Microsoft's ICES ecosystem is expected to encourage further partnerships and integrations, supporting an industry shift towards a more collaborative and integrated security landscape.
Follow us on:
Share on:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
Veeam named Leader in Gartner 2025 backup & data report
Veeam has been named a Leader in the 2025 Gartner Magic Quadrant for Backup & Data Protection Platforms for the ninth time in a row. Gartner has also placed Veeam in the highest position for Ability to Execute for the sixth consecutive year as outlined in the latest Magic Quadrant, a research report that assesses vendors in the backup and data protection sector. The recognition comes as Veeam has introduced a series of new capabilities, especially within the Veeam Data Cloud portfolio. These developments include expanded protection options for Microsoft SaaS environments, expanded safeguarding for both Microsoft 365 and Entra ID user identities, and new features for predictable, immutable offsite storage to help further guard against ransomware attacks. The company has also launched added support for Salesforce, widening the coverage of secure and recoverable enterprise cloud applications. Market position The Gartner Magic Quadrant is a widely referenced industry analysis which categorises technology providers into four quadrants based on their 'Ability to Execute' and 'Completeness of Vision.' Leaders occupy the highest positions across both axes, reflecting vendor capabilities and ongoing advancement in the field. Gartner analysts report that these distinctions are based on comprehensive, fact-based research and support organisations seeking to align strategic decisions about data protection with the particular needs of their business. Commenting on Veeam's continued placement, Anand Eswaran, Chief Executive Officer at Veeam, said, "Veeam's success is built on serving our customers' needs and supporting them as their technology needs evolve – from delivering the most complete end-to-end cyber resilience capabilities to giving them the freedom to choose where and how to store and use their data." "That commitment to innovation, which has been at the core of our company since its inception, continues today as the world moves to SaaS and as organisations are incorporating AI into their core business processes. Veeam is the one-stop shop for keeping critical data safe no matter what happens." Veeam presently counts over 550,000 customers globally, including nearly 72% of the Global 2000 companies, who rely on its services for data protection and recovery needs. Recent advancements The company has added protection for the identities managed through Microsoft's Entra ID as part of its Microsoft SaaS offering. This, coupled with enhancements in offsite storage, is intended to improve resilience to increasingly prevalent ransomware threats. There is also new support for Salesforce, which means a greater proportion of customer cloud applications are included within Veeam's protective umbrella, responding to increased demand for data security across diverse cloud-based platforms. Gartner Magic Quadrant background The Magic Quadrant is a recurring research tool used by organisations to assess technology vendors. According to Gartner, the reports "are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high and provider differentiation is distinct." Providers are ranked in the quadrants of Leaders, Challengers, Visionaries, and Niche Players. Gartner emphasises that the Magic Quadrant results should not be interpreted as endorsements or recommendations for a specific vendor, but instead as a resource intended to support organisations as they review the changing data protection landscape and make purchasing decisions based on their individual requirements. Industry landscape The backup and data protection sector continues to evolve alongside new security challenges, particularly the growth in cyber threats such as ransomware and demands driven by artificial intelligence and SaaS adoption. Through its document, Gartner notes that the name and scope of the Magic Quadrant report has adapted to reflect these shifting industry priorities. It highlights the importance of robust research and considered decision making for technology and security leaders seeking to effectively safeguard business operations and data assets.
Techday NZ
a day ago
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Techday NZ
2 days ago
- Techday NZ
KnowBe4, Microsoft partner to enhance email security with AI
KnowBe4 has announced a strategic integration with Microsoft, aimed at improving email security for organisations using Microsoft 365. The announcement details that KnowBe4 Defend will work alongside Microsoft Defender for Office 365, specifically integrating with its quarantine functionality. This collaboration is part of Microsoft's Integrated Cloud Email Security (ICES) initiative, and it marks the first such partnership in the programme, establishing a new approach for security vendors to work together. Integrated strategy According to KnowBe4, the Defend platform is designed to complement Microsoft 365's existing protections by introducing agentic AI methods for advanced inbound threat detection. The integration is intended to allow organisations to retain their investment in Microsoft's security tools while benefiting from an additional, purpose-built layer of threat identification and response. "This new collaboration is driving meaningful innovation in cybersecurity. By combining Microsoft's email and collaboration security infrastructure with KnowBe4's leadership in human risk management and robust threat detection capabilities, organizations can now capitalize on a truly integrated defense strategy that benefits from the unique strengths of both platforms. We look forward to offering this to our global customers to help them enhance their security efforts," said Stuart Clark, VP of Product Strategy, KnowBe4. Detection and response The integration creates multiple concurrent layers of analysis, which KnowBe4 states will increase the likelihood of detecting and preventing threats from reaching end users. The combined capability draws on Microsoft Defender for Office 365's quarantine processes and KnowBe4 Defend's AI-based detection mechanisms. The set-up is intended to support existing investments in Microsoft security while enhancing the breadth and depth of threat analysis. Beyond improving threat identification at the point of entry, the combined platforms provide unified Security Operations Centre (SOC) tools. These are designed to speed up incident investigation, support root cause analysis and enable tactical responses, ultimately offering organisations greater visibility and control over email threats targeting their workforce. Focus on human risk management KnowBe4 positions itself as focused on human risk management in the cybersecurity sector. The company states it supports organisations in strengthening their security cultures and managing risks associated with human behaviour. Its AI-driven Human Risk Management platform includes modules for training, compliance, real-time coaching, crowdsourced anti-phishing, and AI-based defence agents, all aimed at empowering employees to make better security decisions. The company claims to be working with over 70,000 organisations globally, delivering a suite of security tools designed to adapt and respond to evolving cybersecurity threats. The HRM+ platform aims to transform end users into effective components of an organisation's overall security posture through education and active participation in identifying threats. The ICES ecosystem The strategic partnership with Microsoft places KnowBe4 as the first vendor to join Microsoft's ICES vendor ecosystem, which seeks to foster collaborations with select security firms. The ICES programme is intended to offer Microsoft 365 customers a broader set of defence capabilities by encouraging interoperability between Microsoft's platforms and specialist security vendors. With this integration, customers can continue to use Microsoft 365 and Defender for Office 365 services, while having the option to add an extra layer of AI-powered detection and response without duplicating existing resources or disrupting their operational processes. The collaboration is expected to provide a model for future integration between Microsoft and other security companies within the ICES framework. Both companies have emphasised that the approach is focused on building collective defences to mitigate the risks posed by sophisticated email-based threats. Follow us on: Share on:
