TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources ENDPOINT SECURITY CYBERSECURITY OPERATIONS REMOTE WORKFORCE News, news analysis, and commentary on the latest trends in cybersecurity technology. CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry Once CrowdStrike’s nemesis, Microsoft is now a collaborator. A shared interest in Formula 1 helped thaw the years-long fierce rivalry. Jeffrey Schwartz,Contributing Writer April 3, 2026 3 Min Read SOURCE: MAURICE NORBERT VIA ALAMY STOCK PHOTO Last week, Microsoft Defender for Endpoint became the first EDR to be integrated with CrowdStrike's Falcon Next-Gen SIEM, leveraging Defender data to support third-party EDRs. This new support lets customers use Defender telemetry and controls in CrowdStrike's Next-Gen SIEM. "We'll tap into that and provide comprehensive security in our platform, even if they're using other endpoint technology," said CrowdStrike CTO Elia Zaitev. Zaitev said the platform now ingests data directly, accelerating Falcon's threat detection and enabling smart filtering and real-time analytics. "We can perform intelligent filtering to more efficiently manage which data is being ingested into our platform," Zaitex said. CrowdStrike also launched Falcon Onum to manage log data for the Next-Gen SIEM, letting Microsoft Defender telemetry be processed at scale. Onum is a company CrowdStrike acquired last year for its real-time pipeline technology. Related:Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense Also, for the first time, CrowdStrike's offerings are now available in the Microsoft Marketplace (formerly known as the Azure Marketplace). Most large enterprise customers who sign cloud usage agreements with Microsoft through the Microsoft Azure Consumption Commitment (MACC) can use those committed funds for third-party offerings available in the marketplace. Until last month, CrowdStrike was the only major cybersecurity platform provider whose wares were not available in the Microsoft Marketplace. CrowdStrike has been listed in the AWS Marketplace since 2017 — a partnership that brought in $1 billion in annual revenue in 2024. "It's a whole new ecosystem for us to partner with inside of the world of Azure and Microsoft," CrowdStrike chief business officer Daniel Bernard tells Dark Reading. A Vocal Critic of Microsoft It is not entirely surprising that CrowdStrike wasn’t also in Microsoft’s marketplace, considering co-founder and CEO George Kurtz has been a vocal critic of Microsoft for years. Just two years ago, Kurtz was vociferously critical of Microsoft in the days and weeks after Midnight Blizzard (also known as APT29, Cozy Bear, and Dukes), a threat group affiliated with Russian intelligence services (SVR), exploited vulnerabilities in Microsoft's software. Kurtz faulted Microsoft for a variety of "systemic failures." Midnight Blizzard struck in 2020 by injecting backdoor malware called Sunburst in SolarWinds Orion. In his testimony before the U.S. Senate's Select Committee on Intelligence, the Congressional entity investigating that incident, Kurtz called Microsoft's software "antiquated." Related:Hexnode Moves into Endpoint Security With Hexnode XDR "The threat actor took advantage of systemic weaknesses in the Windows authentication architecture, allowing it to move laterally within the network," he said in his testimony, noting the threat actors bypassed Microsoft's authentication schemes. In March 2024, he told CNBC that instead of calling it a SolarWinds incident, it "really should be called the Microsoft hack, because they were a big part of that compromise in terms of having their infrastructure and credentials being compromised." Kurtz had also called out Microsoft a year earlier in the wake of an attack by a group known as Storm-0558, which exploited vulnerabilities in Microsoft Azure Active Directory (now Microsoft Entra). During that incident, hackers used stolen keys to forge authentication credentials and access the mailboxes of key government officials, including then-Secretary of Commerce Gina Raimondo. Shared Interest in Formula 1 It appears a shared interest in Formula 1 car racing between the two companies led to the ultimate détente last year. Kurtz is a board member and co-owner of the Mercedes-AMG Petronas F1 team, and when Microsoft sought sponsorship, the two companies started talking. "In an interesting way, Formula One sort of brought us together on a more strategic level," CrowdStrike chief business officer Daniel Bernard tells Dark Reading. "The certainties in life are threefold — death, taxes and Microsoft. So rather than fight, let's find ways that customers can use all of our products, and customers want to do that.” Related:CrowdStrike to Buy SGNL to Expand Identity Security Capabilities About the Author Jeffrey Schwartz Contributing Writer Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like ENDPOINT SECURITY Is the Browser Becoming the New Endpoint? by Arielle Waldman SEP 09, 2025 ENDPOINT SECURITY We've All Been Wrong: Phishing Training Doesn't Work by Nate Nelson, Contributing Writer JUL 01, 2025 ENDPOINT SECURITY Attackers Lace Fake GenAI Tools With Malware by Alexander Culafi, Senior News Writer, Dark Reading MAY 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Latest Articles in DR Technology ENDPOINT SECURITY The Forgotten Endpoint: Security Risks of Dormant Devices MAR 31, 2026 CYBERSECURITY OPERATIONS AI Dominates RSAC Innovation Sandbox MAR 25, 2026 CYBERSECURITY OPERATIONS AI-Native Security Is a Must to Counter AI-Based Attacks MAR 25, 2026 THREAT INTELLIGENCE How a Large Bank Uses AI Digital Twins for Threat Hunting MAR 24, 2026 Read More DR Technology Want more Dark Reading stories in your Google search results? BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home| Cookie Policy| Privacy| Terms of Use Your Privacy Choices