Microsoft named a Leader in the IDC MarketScape for XDR
Credit to Author: Rob Lefferts| Date: Thu, 02 Oct 2025 17:00:00 +0000
When cybersecurity stakes are high and complexity is the norm, Microsoft doesn’t just participate, it excels with Microsoft Defender XDR—built to anticipate, disrupt, and outpace modern cyberthreats. We are excited to announce that Microsoft has been named a Leader in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 Vendor Assessment (doc #US52997325, September 2025). Read the complete IDC MarketScape: Worldwide XDR Software 2025 report.
Comprehensive visibility across the enterprise
Defender XDR has the broadest signal coverage across the enterprise spanning endpoints, identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data security—which enables security leaders to consolidate visibility, automate response, and outperform siloed tools. It combines native capabilities in threat detection, prevention, and response backed by AI-powered automation, rich telemetry, and seamless security information and event management (SIEM) integration to deliver a comprehensive and proactive defense strategy for modern enterprises. But Microsoft’s advantage goes beyond coverage. As one of the Big Three public cloud providers—and the originator of widely adopted platforms like Microsoft 365 and Microsoft Entra ID—Microsoft has unparalleled insight into the very technologies it secures.
Driving AI innovation in cybersecurity
Microsoft also stands out for its use of AI in cybersecurity through Microsoft Security Copilot. First introduced in March 2023 with generative AI capabilities, these digital assistants have evolved into a suite of autonomous AI agents announced in 2025, each designed to support specific use cases such as triaging user-reported phishing emails. This agentic approach enhances operational efficiency and empowers security teams with intelligent, task-specific automation. In fact, the phishing triage agent examines thousands of alerts each day—typically within 15 minutes of detection—which saves time, accelerates threat response, and allows security operations center (SOC) teams to focus on more meaningful tasks.
Complementing this agentic approach, IDC specifically highlighted Microsoft Defender’s automatic attack disruption, an AI-powered capability that disrupts in-progress cyberattacks like ransomware by containing compromised assets to prevent lateral movement—often within an average of just three minutes. Together, these innovations show how Microsoft is redefining the modern SOC to infuse AI throughout standard SOC workflows and rapidly respond to sophisticated cyberattacks.
Microsoft provides a full life cycle offering from preemptive and prevention technologies to detection and response.
—IDC MarketScape: Worldwide XDR Software 2025 report
Preemptive posture that reduces risk
In their report, IDC shared that one key Microsoft strength lies in its ability to unify proactive defense with intelligent response. Defender XDR natively integrates exposure management, attack surface reduction, secure configuration monitoring, and data loss prevention—giving security teams the tools to identify and mitigate vulnerabilities before they’re exploited. This preemptive posture and built-in attack disruption not only reduces risk but also enhances the fidelity of alerts, enabling faster, more accurate threat detection.
Defender script analysis and threat hunting
Sophisticated cyberattacks often evade detection using cloaked scripts and PowerShell commands. Defender XDR includes built-in script analysis, allowing analysts to inspect and classify scripts without external tools—reducing complexity and accelerating response. And for deeper threat hunting, Defender XDR supports Kusto Query Language (KQL), enabling analysts to parse telemetry, discover patterns, and identify outliers. Novice users can leverage a guided user interface experience to build and customize queries with ease while building their skillset.
Seamless integration and correlation between SIEM and XDR
IDC also noted that what sets Microsoft apart is its seamless correlation between SIEM and XDR, allowing insights from threat actor behavior and anomalies to flow across platforms without requiring customers to deploy both. With all this, plus powerful visualizations, KQL-based threat hunting, and deep identity threat detection, Microsoft delivers a strongly competitive, comprehensive, and adaptive security operations experience.
Learn more
Read the complete IDC MarketScape: Worldwide Extended Detection and Response (XDR) Software 2025 report and visit the Microsoft Defender XDR webpage to learn how you can elevate your security with unified visibility, investigation, and response across the cyberattack chain with an industry-leading XDR solution.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
IDC MarketScape vendor assessment model is designed to provide an overview of the competitive fitness of technology and service suppliers in a given market. The research utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each supplier’s position within a given market. IDC MarketScape provides a clear framework in which the product and service offerings, capabilities and strategies, and current and future market success factors of technology suppliers can be meaningfully compared. The framework also provides technology buyers with a 360-degree assessment of the strengths and weaknesses of current and prospective suppliers.
The post Microsoft named a Leader in the IDC MarketScape for XDR appeared first on Microsoft Security Blog.