Name: Microsoft + Sophos “Stronger Together”
Uploaded: 2026-04-15T05:45:23.039Z
Duration: 46 min 20 s
Description: Microsoft + Sophos “Stronger Together”

Transcript for "Microsoft + Sophos “Stronger Together”": Hey. Hi, everyone. Thanks for joining, and welcome to our webinar on Sophos and Microsoft stronger together. In today's session, we are going to hear from Anthony Murray, senior product marketing director, and Marina Brook, channel sales director, ANZ. They'll walk you through how to position Sophos as a cybersecurity force multiplier that helps customers unlock more value from their Microsoft investments no matter which Microsoft plan they're on and how this creates opportunities to grow your business. This session is being recorded and will be made available after the webinar. All attendees will be on mute for the duration of the session. However, please feel free to post your questions using the q and a panel on the right hand side of your screen. We'll answer them during the session and at the end as part of a live q and a if time permits. To kick things off, over to Marina. Hello, everyone, and welcome to today's session. Very excited to have you with us. Really looking forward to an informative session that you will take away, and help you grow your, business with Sophos. But look, to start off with, today's session is all about a simple but yet powerful opportunity. How to turn every Microsoft engagement into more value, more security, and more revenue. Microsoft is already at the core of almost every customer in your environment, but those environments are also among the number one target for attackers. And many partners aren't fully monetizing the security opportunity that sits within them. Sophox Sophos acts as a security force multiplier, Helping to strengthen protection, differentiate your offering, and build higher margin services on top of what you're already selling today. In this session, we'll show you exactly where those opportunities are and how to take them to market quickly. So let's get into it. At a high level, this is all about helping our partners grow their business by attaching Sophos into the Microsoft opportunities that are already in motion. Microsoft is embedded in your customer base. But in many cases, the security opportunity around those environments is still underdeveloped. That's where this play comes in. It it positions Sophos as the cybersecurity force multiplier, enhancing what Microsoft already provides and helping partners deliver a more complete and more effective security outcome. And more importantly is it isn't a single product motion. It's full portfolio play right from endpoint email through to MDR, identity, and firewall. So allowing you to land, attach, and expand across the entire environment. This helps you with increasing your deal sizes, drive higher attach rates, and build profitable recurring service revenue. So you may think, what's in it for you? There are four key ways this play drives value to our partners. The first one, it's around increasing profitability. By attaching Sophos into your existing Microsoft deals, you're not starting from scratch. Right? You're expanding deal sizes, improving margins, and most importantly, unlocking the recurring revenue streams. Second, it allows you to expand your security footprint. This approach allows you to move beyond the single solution and secure more of your customers environment. The more surface area you protect, the more embedded and valuable you become. Third, it increases business resilience. With stronger layered security in place, you're helping your customers reduce risk as well as respond faster and stay operational. That's not just good for them, it strengthens your role in protecting their business outcomes. And finally, enhance your your position as a trusted advisor. When you bring together Microsoft and Sophos into a complete security strategy, you move beyond being a reseller and become that strategic advisor your customers become reliant on. So whether you're a reseller, an MSP, or you're both, selling Sophos as the complimentary add on to Microsoft delivers tangible benefits. For many resellers that sell, that have Microsoft deals, attaching Sophos at to the opportunity helps drive larger deal sizes and higher overall contract value. You also benefit from stronger margins as we've mentioned. The Sophos solution, designed to improve your blended profitability and importantly, walk you into competitive deals with a much stronger story. Combining Sophos with Microsoft to deliver enhanced detection, expert response, and real outcomes. All of this leads to long term account growth, deeper customer relationships, more upsell opportunities, and greater stickiness. For MSPs, this is about growing recurring margin per per customer. By layering Sophos into existing Microsoft environments, you expand share of wallet, build high margin, again recurring revenue streams, at the same time delivering stronger protection, deeper visibility, faster detection, and most importantly, 24 by seven human led response. Okay. So this program will be executed in two stages. First, we'll activate the core play, equipping you to grow your business by selling Sofa Solutions to complement Microsoft investments. The goal here is to drive a Sophos plus Microsoft mindset to make Sophos the long term go to solution alongside Microsoft solutions. Next, we'll help partners accelerate sales with a through partner campaign focused on Sophos MDR. So let's now walk through the value proposition to how we deliver audits so you can understand the story. Okay, so this is where Anthony pops in. I'm gonna hand it over to Anthony who will take you through the ways in which we can secure Microsoft environments. Over to you, Anthony. Thanks, Marina, and good morning, good afternoon to everyone, wherever you happen to be in the APJ region. Thank you for your time today and turning up to this webinar. So we are talking about how we complement Microsoft environments here, how Sophos and Microsoft work better together. Now for those of you who have seen any of the Sophos presentations that myself or others have presented, you will have likely seen this slide before. This shows the Sophos Central platform and the various products and services that we provide at Sophos. Now what you see there in green is where you can provide value to Microsoft customers and the Sophos solutions that help you do that. Now as a product guy, I like this slide because it's a slide I can spend a lot of time on and speak to customers to say, well, okay, during discovery, what are your needs, what are your requirements? And then I can point them in the right direction and then dive deeper as necessary. But if you have a look at the slides in green, this is where we see the biggest opportunities and customer needs and environment fit. So just quickly, Sophos NDR, penetration testing, security assessments, endpoint, firewall, identity, email, ITDR, and EDR. So the important thing and the other reason I like showing this slide is because it's all about being from one central platform, so far central. It's a unified security stack, it's for your customers, it's all centrally managed, it works together, it improves outcomes, it reduces overheads, and if you're a long term Sophos customer, this is a message that you know and you understand. But the important point, especially if you're talking to a customer who has Microsoft and Sophos or Moby, they just have Microsoft and they're exploring what their options are, it is not a point solution story. It's a strategic alignment between two leading players and those players being Sophos and Microsoft. And if you're if you're looking or speaking to enterprise organizations and those those organizations are looking for SIEM capabilities, well, obviously, you've got Tejas XDR and MDR. They're tremendous options. And these are capabilities that are coming into the Sophos central environment this year. You'll see that roughly in the middle of the year. So within a few months, you can provide next generation SIM capabilities managed through the Sophos Central platform to to your Sophos customers. Now let's get into some of the details. There are primarily two ways that you can approach a customer when it comes to having these discussions. The first one is about aligning to the plan or the Microsoft plan that the customer has purchased, and we've got options that go from business basics all the way through to e five or the new e seven license. So that's the first one. And the second way of approaching this, and again, it depends on your style and the communications with the customer, is you align to the security challenge. So you position and sell a combination of Sophos and Microsoft solutions and potentially your own services as well to enable customers to address their top security issues. Let's look at this in a bit more detail. Now what you see at the top is a very simplified view of Microsoft licenses, and this is a a one slide overview, so it is a simplification. And it's about selling Sophos solutions to complement Microsoft's plan. I see a message that says, I'm on mute. Can everyone hear me? Okay, I'm seeing some nods from the people who are on the Sofar side with me to say that they can hear me. Okay, good, thank you very much, everyone. Right. So where was I? So at the top, you see a simplification of the Microsoft's licensing options. And while Microsoft offers a wide range of plans, they can essentially be consolidated into three very high level groups. The first one is productivity plans. Now that can be anything from Microsoft three sixty five business basic, business standard, all the way through to E1 and E5. And yes, anyone who has a PhD in Microsoft licensing will know that there are more options, but we're just trying to simplify here and group them together. So the the best go to Sophos solutions to complement those are Sophos endpoint because it provides essential defense from Microsoft environments, including stopping remote ransomware, providing legacy Microsoft platform support. And for smaller businesses, you always have the option to use the Sophos one Sophos endpoint 100 SKU as well. So there's also Sophos MDR, which uses Microsoft telemetry to detect and stop advanced threats that tools alone cannot prevent, and it does this 24 by seven. And then Sophos Email, it's great value email security for Office three sixty five. For those of you who've been around for a while, I've been at Sophos for twelve years. If you haven't had a look at Sophos email recently, it's worth another look. Now, moving on to the center column that's more about identity solutions. Now, this is essentially Microsoft enter ID, either purchased as part of a wider plan or as a standalone enter ID p one or p two license. Now for those customers, your go to Sophos solutions are things like Sophos MDR, which stops identity based attacks faster, Sophos ITDR, which is an add on to Sophos MDR and Sophos XDR that leverages all the telemetry from Enter ID to further reduce the identity risk, and Sophos Firewall, which includes Enter ID integration that simplifies all the day to day management. And then, you have the column on the right, which is the security plans. So, this is where a customer using Microsoft Defender solutions, for example, endpoint, cloud apps, identity, and these are available with the Microsoft three sixty five Business Premium, e three, e five licenses, etcetera. And they're also available via Defender for endpoint p one or p two that's available in many licenses, but we're keeping this simple for the moment. And for those customers, we recommend you lead with Sophos MDR, the world's most trusted MDR service that stops advanced threats, Sophos advisory services, which is a range of penetration testing and assessment services that proactively identify weak spots in organization security postures, and the Sophos email monitoring service as an additional layer of email security that detects threats that other email solutions may have missed. And we've got detailed resources and enablement that go into all of these solutions in a lot more detail. Now if we have a look at this slide, it's another one slide overview specifically of option two that I talked about before, which was aligning to the security challenges from two slides ago if, people don't remember. And it's selling a combined set of Sophos and Microsoft solutions to address top security concerns, so deals that you can double your revenue from the Microsoft products and the Sophos ones. And these are four great places to start, but they are by no means a limit. And so they are so we'll start with the top, identity threats. So why do customers need identity threats? Well, if any of you have read any of the IT news recently, identity based threats are increasing. It's where adversaries impersonate legitimate users to compromise an organization. They somehow acquire their credentials, whether it's from phishing, the easy attacks, or whatever. And if you look at some of the stats, 79% of data breaches are identity related. So some of the recommended solutions are Microsoft Enter ID and Sophos MDR, all that plus Sophos IPDR. Ransomware, the next topic, it's a topic that's been around for ages. I'm sure all of you can have conversations around ransomware. And one of the things that I will say is around 70% of human operated ransomware attacks use remote encryption, and it's ransomware costs recovery that that costs organizations an extreme amount of money as you can see there, 1,530,000.00, and that's a number that increases over time as well. So the recommended solutions are Sophos endpoint and Sophos MDR, so combining the best endpoint protection for ransomware with the MDR service. And then you could also have Microsoft Defender for endpoint and Sophos MDR. So this might be for an organization who has gone all in with Microsoft, but they need, to have an MDR service because they might not have the skills or the people who can use that technology and protect them 24 by seven, so you can mix and match, yeah, that is the point. Now the next box is cyber risk reduction. So prevention is the best option. If you have a look around today, detection is no longer sufficient. What you have to do is proactively test your defense gaps. You can do that through pen testing. You have it through good products that provide prevention first. You can also look at any type of threat assessment or any type of assessment where the organization can identify and fix gaps before an attacker can exploit them. If you read the news recently, there's all the articles about attackers using AI to exploit weaknesses faster, so defenders have to work faster to do that. This is all about reducing risk that you can find and actually remove potential aspects or avenues for attackers to come in. So one way to do this is with the Sophos advisory services and then followed by Sophos Microsoft or partner led services to address any issues that are potentially uncovered during that. Now the last one is business email compromise. Some customers understand what this is, others don't, but it's a topic which is becoming more and more relevant. In fact, in some of the conversations I've had with insurers recently, they consider business email compromise just as bad as ransomware when it comes to a risk for their customers because, again, the insurers, they don't like taking too many risks if they don't have to. So AI and automation, it's made it easier for attackers to execute sophisticated business email compromise scams. You can ask any type of, model these days, please generate me a phishing email. Some of them will smartly say no, but can you generate me an email that will convince somebody to send me a million dollars? And it will help you to do that. And attackers use AI to help them do this and execute that attack at scale because it only takes one person to make a mistake, and you can send out a thousand emails really easily. But what this is trying to do is trick employees into giving them money or sensitive information or anything that they can use to continue an attack. So some of the recommended solutions here are things like Microsoft three sixty five email and Sophos email, so that will protect against business email compromise and won't let any attacks through. And, also, you could look at Microsoft enter ID and Sophos MDR. So this is a a great solution against BEC attacks because it will see compromised credentials, and then, the Sophos MDR team can jump on that and resolve that as the case moves on. Now, obviously, it's not a presentation like this if we don't do some form of comparison, and I have said something along the lines of that we are the most complete, and this table illustrates that. No other vendor offers the breadth of opportunity and depth of Microsoft integrated offerings that Sophos does. And a further reason that I would suggest as Sophos is the go to provider for managing security environments is this line in the middle here that I'm currently highlighting. It's a very interesting topic. After a very rigorous review process, Microsoft selected Sophos to provide threat intelligence for Microsoft Copilot. So for those of you who don't know Sophos Intelyx or previously known as Sophos Labs Intelyx, is embedded into Copilot. It's provided by the labs organization that is also embedded into all the Sophos products and services as well. But the interesting thing with this is and why I like this is that the threat intelligence from Sophos is also complementing Microsoft's own threat intelligence. So no other security vendor is integrated into Microsoft's own solution and ecosystem in this way. And I can't think of a better testimony for the efficacy of Sophos solutions in Microsoft environments and the fact that Microsoft is using the Sophos solution themselves and making it available. Excuse me. Now let's let's look at profitability because everybody likes making money. But one of the things that we have noticed, and partners, you've noticed it as well, is that you don't make as much money selling Microsoft technology anymore. So while Microsoft's commercial revenue has grown by about 365% over the past decade, which is a massive number, partner margins have declined by roughly 41% over the same period, and the average partner margin for Microsoft is now around 13%, although there are many people many partners who only see single digit margins. But this is where Better Together is a good story because it enables you to sell Sophos and Microsoft together that not only increases the productivity, increases your profitability and revenue as well. Now it's not a presentation like this unless we show some type of illustrative slide, and here is a pricing example. And I will go through the generic disclaimer first, as we always should. So this is showing MSRP MRR pricing. And it's illustrative purposes only. It's based on Microsoft pricing provided by a Sophos distributor and a Sophos MSP based on the 100 to 499 user band in The US. So these prices are in US Dollars as of January 2026. So your actual Sophos and Microsoft pricing, might be slightly different, needs to be sourced from the distributor, and will vary by region and consumption. And similarly, for term based licenses, aligned to your business, we speak with the Sophos and Microsoft distributor. Now with that disclaimer out of the way, what that shows you is or what you see here in the three columns are two different example Microsoft and Sophos packaging options for addressing three common customer needs, which is stopping identity threats, ransomware, and BEC attacks. And as you can see, depending on which solutions you bring together, you can vary your buy price considerably, enabling you to both increase your profit margin and also lower the customer's price. Now, this is really interesting. Now, obviously, there are more options than this, but this is just a good illustrative answer just to see what is possible and why Better Together can bring you more profitability and protect the customers, which is a very important point as well. And, of course, here is another example. It starts with a company and, let's just say, didn't make a great hiring choice, and we'll leave it at that. Essentially, they hired a security person, they were overwhelmed by essentially, the management work that they needed to do, managing different security solutions, and then they also had to set up and manage their Microsoft e five and security services environment. No small task, as I'm sure many of you are aware. Short story is the person was overwhelmed. They weren't doing a very good job at it, so this particular customer started looking at other options that were available. Now what we did in this particular instance is we consolidated the they had Meraki and a Veeam tech stack in there as well, and we consolidated in that into a single solution. So Sophos can ingest all of that telemetry from Meraki, Veeam, and also the Microsoft environment and ingest that into Sophos Central, into the Sophos data lake, and then provide managed detection response services on top of that. Now in addition to that, it was attractively priced, especially when you compare that to what they were having to pay for a fully loaded salary for an admin person, so it reduced their overall operating expenses, and they actually ended up in a better security state because now they had 24 by seven protection with the MDR team. Now, as always, mileage will vary, and then you can have a wonderful solution like this as well. Now, finally, if you make a security investment, you obviously want it to work, and at Sophos we offer some of the most effective solutions on the market and we stand behind that because I can tell you we use our products every day and, in fact, they protect my family as well because God knows my parents are the best example of what not to do when it comes to security, and as their IT admin, it saves me a lot of time. Now if we look specifically at Microsoft environment, here are some stats that you can see on the screen and some proof points. So we secure more than 600,000 Microsoft environments globally, so that gives us unmatched insight into attacks and Microsoft environments. So we take learnings from that and just learnings from defending one Microsoft customer against an attack can automatically be applied to all Sophos customers. So that creates unrivaled immunity for Sophos and Microsoft customers together. We also have extensive API integrations that harness telemetry and threat data from a wide range of Microsoft solutions, including Microsoft three sixty five, the Graph Security API, Enter ID, and more and more. It's an ever increasing list. And that accelerates detection response because we get that information directly from the Microsoft environment in a very fast manner. And in 2025, so stats from last year, our Sophos NVR team leveraged Microsoft telemetry from Microsoft tools and environments to detect 23,000 advanced attacks in Microsoft environments and executed 4,800 automated response actions to neutralize them. This is, of course, alongside tens of thousands of human led response actions. And testament to our effective use of AI, automation, and deep human expertise, in the 2025, social security, our average stroke response time in a Microsoft environment was just twelve minutes, and, of course, we are looking to drop that figure all the time and do things faster and faster. But not only that, we've been recognized by Microsoft themselves for our security defenses. Sophos MDR has achieved a Microsoft verified solution status through the Microsoft Intelligence Security Association or MISA, as some of you may know, and that gives you and your customers confidence in the caliber and effectiveness of our defenses in Microsoft environments. And additionally, as I mentioned before, we are the only cybersecurity vendor with Adjantic integration into Microsoft Copilot. Essentially, they've got so much confidence in our defenses and our threat intelligence that they're also using it in their own products. And then, of course, inside the MDR team, we've got dozens of Microsoft certified security operations analysts. They specialize in detecting and responding to advanced cyberattacks using custom Microsoft response playbooks, and that gives us faster threats neutralization. So, as you can see, Sophos has a proven track history of detecting and neutralising threats in customer environments with speed and precision at scale. So customers can sell so you can sell customers Sophos solutions with confidence and customers can be sure of superior outcomes. And coming up to one of my final slides before I hand back to Marina, and let's look at how this translates to a value proposition for end users. Please excuse me for one second. What this is is a security force multiplier for Microsoft environments. It reduces cyber risk, it accelerates response, and it enables customers to capture the full value of their Microsoft investment, which is also important. They're not replacing their Microsoft investment, you are enhancing it so that they get more value out of it, it becomes more valuable to them. So the first one is reducing cyber risk. So Sophos' full portfolio of security solutions complements the Microsoft technology to stop threats at every point and at every Microsoft licensing plan, from business basic all the way to E5. So that also means from organizations of all sizes. Now if you look at the next one, accelerating threat response, we take response actions directly within a Microsoft tenant, of course, if we have been authorized to. And Sophos accelerates remediation and reduces burdens on the in house teams by doing this, making the response faster and the organization safer. Now I've mentioned it a few times, increasing the returns on Microsoft investment. This is not about replacing Microsoft technology. It is about augmenting it and reinforcing it to make it stronger. And the threat telemetry from Microsoft solutions is used to see and stop threats faster, and all of that gets ingested into the Sophos products, into the Sophos data lake, and it goes from there. And, of course, I did mention community immunity, so that real time insights from protecting 600,000 plus Microsoft environments keeps customers ahead of emerging attacker techniques and targeting all Microsoft environments and plans. So whether you have a customer who's the very smallest to the very largest, we can absolutely help them out, and you can augment it, make more money, be more profitable, and, most importantly, protect their environment. Marina, over to you while I take a break and a drink of water. Thank you, Anthony. And that was very detailed, and I'm sure all the partners on this session will agree it's definitely a, you know, sizable opportunity. And just to reinforce, it's complementary add on. We're working alongside and with customers' Microsoft investments, and I think that's a real key differentiator differentiator for us. Now when we, look at this sales play, there are a number of, program resources that are available to our partners. We've created several different elements, to help you with the knowledge and resources that you can use to drive demand with your customers. So I'm just gonna take you through some of those. Okay? So to get familiar with the sales play, you you know, you can simply log on to the partner portal. If you don't have, access or you're a new partner, or you're adding someone, please reach out to us. We can help you, facilitate that. But the yeah. So you log in to the partner portal. There is an embedded playbook available there that gives you step by step, process into taking your customers right from the first touch, all the way through to closing the deal, from initial outreach to qualification and then advancing the opportunity. So this will help fast track and improve your deal closure speed and rate. The next, we also have, the playbook itself. And we would like to encourage all interested partners to complete, the Sophos Partner Academy module. So that's we've got the playbook, so the content as well and the assets, and then we've got a, educational piece, in the academy. So please complete that. Go in, get more information, feel more comfortable, with the positioning and the talk tracks. And here are a number of different marketing assets for you to leverage. You've we've got thirty second videos, PowerPoints, that you can use to, you know, co brand, present that to your prospective customers. We have a number of digital assets all, created to help you position and also to drive awareness with your customers. And, of course, we have our own co branding service. So if you'd like any of these assets with your logo and contact information, please let us know, and we'll put you in contact with that, with that internal service that we offer. And for our MSP partners, we have created MSP specific content, built to drive our adoption. So we know that MSPs already live in that Microsoft environment, but Microsoft doesn't create necessarily the right margin. So we've got content that helps you position, you know, adding Sophos, making, you know, taking your business to the next level, being more profitable and easier to run. So these assets, you know, speaking directly to the MSP community, we also have another number of dedicated web pages and videos, that helps with the, you know, the positioning and also with the developing that business for you. In the center, you can see that we provided, questions MSPs might want to know. You know, how how do I make margin? Well, how do I reduce my overhead? How do I scale? Some of those things that, a lot of our partners are thinking about. And on the right, there's a solution brief that brings it all together with the actual bundle examples, pricing calculation, and some, real, scenario examples. So together, all of these assets make, the you know, helps with the business case, and gives the MSP the tools needed to confidently go out there and and sell Microsoft and Sophos to create a better, richer experience and security outcome with customers. Okay. And so now we've got an interesting slide. We've, attended recently, be part of the Microsoft Ignite roadshow. I'm sure most of you guys know about that. So, Anthony, why is this important to us? Hello? Can you hear me, Marie? Yes. Yes. You're there. Yep. Yeah. Sorry. I I went quiet for a second. Well, I mean, Microsoft Ignite last year was really interesting, and for those of you who haven't been, Ignite is one of the most influential Microsoft events globally. It sets the directions for partners and customers around the Microsoft ecosystem. So what you can see on this image here, which was actually taken at Ignite during the keynote last year, even though it's hard to see and very small, if you have a close look, you'll see Sophos is the only security vendor on the integration partner wall during that Ignite keynote. So for Sophos to be featured there sends a very strong signal. We're recognized as a key security partner within the Microsoft ecosystem, and that's not just a marketing moment. I'm also a marketing guy, so I'll say, yes, please. But it's more importantly, it's validation. It's validation. Microsoft would not put us there if they didn't believe in our technologies and our capabilities. Excellent. Thank you. Okay. So what do we do from here? So this is the next steps for our partner community. It's really important that, you know, we go away from this session and and learn in more detail about the story. Have a look at the training course, check out the resources, and just get comfortable with the pitch and kind of putting this into practice and building building into your service practice. After learning activation, right, that's that's the next step. Really important piece of the overall strategy is what do I do now that I have this information, what do I do with it? What how do I take the next steps to, start to have those conversations, identify those customers, and and get things into motion? And then start practicing. Right? Start to deliver that stronger together story, identify specific opportunities, and then, of course, where needed, leverage Sophos. Reach out to us, contact us. We're here to help, in in in the opportunities that you have, so feel free to engage as much as you like. So that brings us to the end, of this session. Really appreciate the time that everyone's taken to be here with us. And now is a good opportunity to pop in any questions that you might have about the content that Anthony and I delivered. So feel free. It's okay if there isn't any or you'd like to ask us afterwards, please feel free to reach out to us as well. There are a few questions there. Marina, I've been responding to some of them in the background. Okay. I I will like my first full favorite at the moment. Are you saying that Sophos endpoint is better than Microsoft Defender? And I went, of course, but I'm biased. And then I answered their questions. So I'm I'm sure people can see that. There's another one here about, have there been any comparisons made, such as opposite Huntress also. If you go to sophos.com/compare, you will find a comparison of Sophos technology versus various vendors. I can tell you the one on Huntress is there, so you can have a look there. Excellent. There was a question. When will ITDR, which we talked about briefly, be available in the Australian data center? Midyear is your answer, Ricky. I have a music type of sound in the background. Okay. That's nice. Please enjoy. We also the, difference? sorry, do we have a technical session in near future explaining each of, I guess, the Sophos, products? And, absolutely, we can we can definitely organize a technical enablement session. Feel free to reach out to us after the call, and, we can work out the region and and where you see it and who can be who can assist there. Another question, Anthony, is how well does Sophos integrate with ESET? Well, it's an interesting question. I'm assuming that that would be, say, for example, in the MDR scenario. One of the nice things about our managed detection response solution or service is that it is open. There is a very similar questions here about Defender, so I'll blend the two together in the answer, Marina. And the person who asked about Defender, is there any information on configuring it and onboarding it? Yes. It's in the documentation, especially on the integrations. But the way it will set up is that it can run-in a couple of ways, with ESET or a separate third party, endpoint protection product. If a customer wants to use that, like, for example, with Microsoft Defender or ESET or whoever else, that's perfectly fine. They can do that with the service. SophosMDR can ingest third party telemetry from third party endpoint protection products. And especially on the Microsoft side, that ingestion is very good because we bring that directly in from Microsoft. Now there are multiple ways of doing that. If we don't have a particular integration for an endpoint, a third party endpoint protection solution, you can run what we call the XDR sensor, and essentially, it's just collecting telemetry. If you know how CrowdStrike works, it's exactly the same thing. It collects telemetry. It sends it off to the cloud, and that's how the XDR and MDR solutions can integrate with that. With Microsoft Defender, it's a bit more integrated because we have that direct integration with the Microsoft environment, so there's no need to install anything else. We just extract all the telemetry directly from Microsoft. So if, say, for example, Defender finds something on an endpoint, that alert and that telemetry will flow directly into Sophos XDR and MDR. It's a long way of answering that question, but I think I've managed to answer both here. No problem. And, there's another question. Do we need to have standalone Sophos agent installed on the devices? Is there any more information that comes with that question? It depends. Oh, hang on. Yes. I just is. There is. Sorry. I didn't. I didn't expand the question. On the devices to be at all, hang on. We need to have a stand alone Sophos agent installed on the device to be all happening as well when connected identity or defender with Sophos. Does Sophos action any incident, if any, raised on Microsoft Defender end? Okay. So I will take this and change it slightly to be a rather generic what happens if Sophos has any type of protection on Microsoft telemetry. Now, that could be regardless of whichever license you have and whichever product has thrown up that particular detection. So we have a whole host of custom detections from Microsoft environments. So we will ingest all the Microsoft telemetry, and then we run our custom detections over it. It's a bit like how our own XER product works. We'll look at all the telemetry. We'll consider what's important. We'll piece things together, and if we go, that's something that we need to pay attention to to create a case for, Yes. It will create a case, and then the MDR team can go and investigate that. So that will happen on the Microsoft side. There's also because we do a lot of this work with Microsoft, there's also a lot of automated reactions that can then happen off that, and it will also go to a human analyst to be verified as well. So, yes, we have our own custom detections on Microsoft technology, not just Defender or, intra ID or anything like that. It's across the entire stack. We take whatever we consider important, whatever we think is that's interesting, that's interesting, that's interesting, look at it all together. Oh, we really need to look at that. That becomes a case and it gets investigated. K. I saw there was another one here. It's a rather open question. What is the breadth of the signal ingest? Well, basically, we will ingest as much as your Microsoft license allows us to ingest. As you can imagine, across the various different Microsoft licensing types, they provide you with different products and different levels of telemetry. So, we will ingest it all. And then from there, we will take the necessary actions. If you want to get into the details, it's the Microsoft Graph API, the Management API, and all of that is in the SOPHOS documentation on how we ingest that. There's just one here. It says, hi. We're a Microsoft partner. So is the licensing for Microsoft environments managed by Sophos, or can we handle it ourselves? And, yes, you would handle that yourself through the normal no normal means that you would otherwise be, you know, purchasing a Microsoft licenses for your customers. Correct. That's why, if. you remember to one of the slides that I showed, the one with all the figures where I read out that huge disclaimer about this is American pricing, it shows you that you'll manage the licenses. There are multiple ways that you can configure it based on the customer needs, the outcome that you're trying to achieve, and you can go from there. But, yes, as Marina said, you will absolutely look after the licensing yourself. So look, we've got, one minute left. Any any particular question that stands out here for you, Anthony? There's quite a lot, so appreciate we can't get to all of them, but we will endeavor to respond to, all questions post webinar. There's a couple here on promotions that I see. Marina, Yes. Yes. did you wanna can first? yeah. So look. We we do have a number of promotions currently in market. Again, I'm not sure which region you're located, so a little bit hard to, give more information about that. But, we can definitely reach out to you post the the session and, and then if, you know, get in contact with you to inform me what's what's available in your region. If any other one quickly I did see is what is the difference between ITDR and Entra p two, I think it was. Yeah. What is the difference between ITDR and Entra p two Microsoft? Okay. Well, ITDR is, identity threat detection and response. Entropy two is a Microsoft licence, and I will admit I am not a Microsoft licence aficionado. I don't know exactly what is in P2, so it makes it a bit hard for me to compare. But I can tell you ITDR is all about detecting identity based threats and being able to respond to them. So, there are multiple and very different identity threats that you can come into, and some of them are, you know, I've been in the industry a while, like the Impossible Travel one. Anthony logs in at Brisbane at 2PM and at 02:05 I log in at Hong Kong, obviously that's impossible travel. And yes, without knowing everything in P2, which I will admit I don't know off the top of my head, it's a bit hard to make that comparison. Okay. Fair enough. Look, thank you everyone. We have gone over time, and it is now time to say goodbye. And, as I mentioned, we will do our best to get in contact with you post the event, and really appreciate your time and energy with your questions. So thank you. And, see you next time. Thank you, Anthony, and. Marie. Thank you. For any other questions, please email us at apjmsp@sophos.com. Hope this session was very informative and of value. We'll see you next time. Thank you all.