Behind the Build is an ongoing series spotlighting standout Microsoft partner collaborations. Each edition dives into the technical and strategic decisions that shape real-world integrations—highlighting engineering excellence, innovation, and the shared customer value created through partnership.
When Netskope was announced as Microsoft Security’s 2025 ISV Partner of the Year at RSAC, it marked the result of years of steady investment, mutual trust, and deep technical collaboration. To reflect on that journey and where it is headed, I sat down with David Willis, VP of Technology Alliances at Netskope, to discuss how Netskope builds for scale, integration, and long-term value, as well as the shared vision driving security innovations across both companies for the benefit of our mutual customers.
A Partnership Built on Vision and Trust
We began with David’s professional journey and what drives his success. His progression through the networking and security stack starting with physical infrastructure at AT&T to app performance at Riverbed, L7 security at Palo Alto Networks, and deep inspection at Netskope, gives him a rare, end-to-end view of how modern systems interact. Just as critical is his ability to apply that knowledge through a business lens. “I’ve always believed that technology alone isn’t enough. You have to understand the customer’s strategic needs too,” David shared.
Engineering for Scale and Seamless Integration
That dual perspective shapes how Netskope builds. Every project is designed for 100x scale, with functional testing as a baseline. 'We never ship based on internal QA alone,' David said. 'Customers don’t always know what they need until they see what you’ve built.' Live validation and rapid iteration are core to their process.
Netskope’s clarity around customer value is also reflected in how they approach product overlap with Microsoft. Where others might hesitate in the face of competing features, Netskope leans in, focusing on where joint solutions can go further. “There’s always going to be some overlap,” David said. “But customers don’t want to choose. They want their tools to work together.” That mindset has led to joint integration across Microsoft Defender, Microsoft Sentinel, Entra, and Purview, often yielding more value together than either could alone.
Joint Innovation Across Microsoft Security: Sentinel
A standout example is our collaboration in Microsoft Sentinel, using the Codeless Connector Framework (CCF) to build a Netskope integration. Netskope’s telemetry is rich in application context and behavioral data. It generates terabytes of logs per day, demanding ingestion at true enterprise scale.
The Netskope One platform streams Web Transaction logs directly from the customer’s tenant to a managed storage account in Azure Blob. The CCF connector retrieves, decompresses, and transforms the data for ingestion into Microsoft Sentinel, where it powers Analytic Rules, Security Copilot queries, and SOC dashboards. Together, we built performant pipelines that preserve fidelity, enabling downstream value through second-order insights.
Joint Innovation Across Microsoft Security: Purview
Initially, Netskope used its own classification engine to apply policies to sensitive data. Today, unstructured traffic is instead routed to Microsoft Purview for classification and policy checks, centralizing data loss prevention (DLP) policy logic across environments. This integration enables Netskope to function as an inline enforcement engine, positioning Purview as the central hub for Data Protection policies across all users and applications. This joint effort positions Netskope as a pioneer in integrating SASE enforcement with Microsoft Purview’s data protection capabilities, delivering unified visibility and control for customers. “Now Purview has this holistic view of all of the data that’s moving around,” said David.” That leads to event correlation, risk analysis, regulatory compliance. It’s exciting.”
AI and What it Means for Customers
No conversation about the security space would be complete without touching on the growing impact of AI, so I asked David about Netskope’s approach. 'We’ve always used AI tools or ML models to analyze data... now we want customers to safely use them too,' David explained. Netskope is operationalizing AI through Microsoft’s Agentic AI framework and Security Copilot, building context-aware integrations that unify signals across threat protection, DLP, and access control.
Key use cases include DLP incident management and correlating logs between Entra and Netskope, enabled by the Netskope API Platform and surfaced through Security Agents. These integrations help customers act faster and with greater precision, bringing richer context to frontline decisions.
The Road Ahead
As successful as our collaboration has already been, Microsoft and Netskope are accelerating efforts to create even more value. We are focused on delivering practical outcomes that simplify operations and drive real-world impact, helping customers strengthen their security across the board.
“What sets this collaboration apart,” David concluded, “is how deeply we integrate both our products and our priorities to deliver meaningful outcomes for our customers. I think customers in a year are going to be really happy with the joint Microsoft-Netskope story.”
For software companies exploring integration with Microsoft Sentinel CCF, the Netskope story highlights what’s possible through App Assure, a no-cost program that provides hands-on technical guidance, compatibility support, and a dedicated App Assure Manager to help you build secure, high-performance integrations with Microsoft platforms like Microsoft Sentinel. From development to deployment, App Assure ensures your solution meets Microsoft’s standards while accelerating time to market. Ready to get started building a Sentinel solution? Submit a request to App Assure.
Microsoft