Driving Trust Through Certification: New TAC Feature Updates for IT Admins
Managing app security and compliance in Microsoft Teams just got easier! With recent updates in Teams Admin Center (TAC), IT admins can now quickly identify trusted apps and enforce organizational standards with confidence. These enhancements not only simplify governance but also underscore the value of Microsoft 365 Certification as a key trust driver. What Existed in TAC? Before the recent trust‑based enhancements, Teams Admin Center already provided foundational visibility into app trust through the Security & compliance tab in the app details experience. This surfaced key signals such as publisher information, permission scopes, data access, and links to security and compliance documentation, helping admins perform due diligence during app reviews. While these signals required manual review and cross‑checking, they established an important baseline for evaluating risk and compliance, reinforcing the role of TAC as the central place for governing apps in Microsoft Teams. What’s New in TAC? Trust Visibility Enhancements The new “Apps to Consider Allowing” tile highlights certified apps, publisher-attested apps, and those providing compliance evidence. This feature enables IT admins to quickly filter and identify apps that meet organizational standards. Security & Compliance Column and filters Amins can now view compliance attributes—such as SOC 2, FedRAMP, and penetration testing—directly in TAC. This helps admins speed up app reviews with trust-based filters and make informed choices without leaving the dashboard. Trust-based filters enable IT Administrators using Teams admin center to view and easily filter apps and agents by specific industry standards, certifications and compliance attributes such as SOC 2, ISO 27001, HIPAA, GDPR, and more. This will help to streamline app evaluation workflows, enabling broader access to trusted apps across the organization. Dedicated Collections Curated lists of certified apps and agents for easier discovery. Saves time by grouping trusted solutions in one place. Why It Matters For IT Admins: Streamlined governance, reduced risk, and faster compliance checks. For ISVs: Certification boosts visibility and credibility, helping apps stand out in a competitive marketplace. Call to Action Get certified to boost visibility and trust. Learn more about Microsoft 365 Certification →Consolidate & Conquer: Driving Business Transformation with Integrated Security (Part 1 of 2)
In the evolving cybersecurity landscape, the choice between a unified security platform and a point solution is a strategic one with far-reaching implications. This two-part blog series examines the strategic decision organizations face between adopting a unified security platform and relying on multiple point solutions in cybersecurity. This part highlights the growing complexity of cyber threats and IT environments, emphasizing how a platform-centric approach can deliver significant business value. It explores the operational, financial, and risk-reduction benefits of integrated platforms, including cost savings, improved incident response, and enhanced resilience. Part 2 delves deeper into how unified security platforms drive operational efficiency and workforce productivity, ultimately aligning cybersecurity investments with broader business objectives. Platform Approach vs. Point Solutions As cyberthreats multiply and budgets tighten, the age-old IT question resurfaces: pick the very best point products for every domain or on a single vendor suite? Let us agree that the old saying “Best of breed” is not applicable for point solutions anymore. This post peels back the marketing hype and lays out the hard numbers from Forrester’s TEI report and dozens of customer stories: dramatic cost savings, 80% faster response times, 75% fewer costly breaches, and measurable bumps to your margin, EPS and ROE. We define what a security platform really means in the Microsoft ecosystem compare it side-by-side with the traditional best-of-breed patchwork, and give you the references, visuals and practical advice to make the strategic choice for your business and your people. In an era of escalating cyber threats and IT complexity, security strategy has become a board-level concern. Several forces frame the platform vs. point solution decision: Rising Threats & Complex Environments: Cyberattacks are growing in speed and sophistication, while the IT environment has expanded to hybrid cloud and remote work. Siloed security tools, often legacy, struggle to provide unified visibility across on-prem, cloud, and endpoints, resulting in poor visibility and inefficient threat detection. Organizations report “proliferation of security tools” driving excess cost, complexity, and risk in their cyber defenses. Tool Sprawl and Alert Fatigue: Many firms have accumulated dozens of disparate security products (network firewalls, endpoint agents, IAM systems, SIEM, etc.). This patchwork can overwhelm security teams with redundant alerts and manual correlation work. Alert fatigue and disconnected point solutions lead to slower incident response and higher breach likelihood. In fact, organizations lacking integrated response tools suffer nearly one additional breach per year and $204k higher cost per incident on average – a direct impact on operations and financials. Skills Shortage & Operational Strain: The cybersecurity talent gap means lean SecOps teams must “do more with less.” Best-of-breed stacks exacerbate this by requiring expertise in multiple complex tools. Security engineers often need advanced scripting or coding skills to integrate and manage point solutions. Strategic Mandates: Organizations are under pressure to improve resilience and efficiency simultaneously. Executive leadership and boards set clear priorities to reduce costs and avoid damaging breaches. They seek solutions that “scale securely without adding complexity” and integrate with existing enterprise systems. Importantly, investments in cybersecurity are expected to support broader financial goals – protecting revenue, safeguarding profit margins, and ensuring business continuity. A security strategy misstep (e.g. a major breach or runaway costs) can derail earnings and erode stakeholder trust. In this context, the appeal of a consolidated security platform has grown. By design, an integrated platform promises to simplify the security architecture (one cohesive ecosystem) and leverage automation/AI to address the talent and threat challenges. Conversely, a point solution philosophy offers flexibility and depth – pick a different solution for each security domain – but may compound the very issues (complexity, cost, silos) that organizations are trying to solve. So point solutions can never be best of breed. Because they are not and because they drive complexity, they drive costs, they are actually slowing down the speed that security teams need to have today. The next sections examine these two approaches and their implications in detail. What is a Security Platform Strategy? It means standardizing on a unified suite of security tools from a single vendor (or a tightly integrated set of vendors) to cover multiple needs – e.g. threat protection, identity & access management, data protection, cloud security, compliance – under one umbrella. For example, Microsoft’s end-to-end security platform spans multi-cloud security across Azure, AWS and Google Cloud, Defender XDR (extended detection & response), Sentinel SIEM, identity (Entra), and compliance solutions, all designed to interoperate. The platform approach is akin to “a ready-made suit” where everything fits together by design. Key characteristics: one contract, one support model, unified dashboards, common data lake/analytics, and consistent user interface across the security portfolio, Defender XDR info, Sentinel info, Entra info, XDR info. What is a Point Solution Approach? In contrast, a point solution approach involves selecting different products in each security category, often resulting in a mix of vendors – e.g. one vendor for endpoint, others for identity, cloud CASB, SIEM, etc. This is like a “custom-tailored suit” where each piece is chosen for a specific area. The organization assembles these point solutions into its security architecture, integrating them as needed. This approach prioritizes specialized capabilities and flexibility to swap components out as new innovations emerge. Now – when each individual product evolves and changes there is a risk that the changes creates wholes and overlaps in the architecture. This is difficult to manage and identify. In summary, a platform approach offers simplicity, unified efficacy, and lower total effort, aligning well for organizations that value streamlined operations and broad protection. A point solution approach offers customized excellence and gives you a sense of flexibility, which can be vital in specialized scenarios or when an organization has the resources to integrate and manage it properly. The choice depends on strategic priorities: If minimizing complexity and boosting efficiency is paramount, an integrated platform is compelling. If unique requirements demand the absolute best solution in each category (and the organization can handle the complexity), a point solution mix might feel like the right approach. However, it’s increasingly common to pursue a “hybrid” strategy: use a platform for core needs and augment with a few specialist tools where needed. For instance, a company might standardize Microsoft’s suite for 80% of security functions but add a niche fraud detection tool or an industry-specific encryption module. This can deliver the most benefits of consolidation while addressing any critical gaps. Autonomous malware and AI-powered agents are now capable of adapting their tactics on the fly, challenging defenders to move beyond static detection and embrace behavior-based, anticipatory defense. At the same time, AI systems themselves have become high-value targets, with adversaries amping up use of methods like prompt injection and data poisoning to attack both models and systems, which could lead to unauthorized actions, data leaks, theft, or reputational damage So - on top of the traditional threat vectors, like endpoints, cloud, networks, and identities, we now must defend new elements introduced with AI: prompts and responses, AI data and orchestration, the models themselves and more. The future threat environment is poised to become more adaptive, covert, and focused on using humans to achieve initial access. This shift will challenge existing security paradigms and demand more anticipatory, behavior-based defense models across the public and private sectors. Cyber defense must evolve from reactive protection to proactive resilience—driven by disruption, deterrence, and cross-sector collaboration. This urges a shift from reactive defense to proactive, tools must be integrated at all times, and automation is a must – human interaction is not enough for creating the right security posture. Next, we evaluate the business value proposition – how these approaches impact the bottom line and key performance metrics. Business Value Proposition A security strategy must ultimately deliver business value: reducing costs and risks, enabling operational excellence, and supporting financial performance. This section presents a data-driven evaluation of how a platform-based versus a point solution approach translates into tangible benefits. We focus on operational improvements tied to real customer challenges and connect them to financial outcomes such as earnings and margins. Cost Efficiency and Tool Consolidation Challenge: Enterprises often find that a sprawl of security tools leads to redundant spending – overlapping licenses, infrastructure for multiple systems, and fees for integration efforts. Each point solution carries its own cost structure, and managing many contracts can inflate the total cost of ownership. For example, a large organization might be paying for separate endpoint protection, email security, cloud CASB, DLP, SIEM, etc., each with substantial licensing fees. Platform Value: A unified platform can consolidate these costs significantly. By replacing dozens of point products with a suite, organizations eliminate duplicate functionalities and achieve economies of scale on licensing. In one analysis, a company was able to replace over 30 third-party security tools by moving to Microsoft 365 E5, yielding about a 10% reduction in total security TCO along with 40% lower IT administrative overhead. These savings come from reduced vendor contracts, simplified infrastructure (less on-prem hardware to support old siloed tools), and lower management effort, Microsoft 365 E5 info. According to a Forrester Total Economic Impact (TEI) study of Microsoft Defender, the composite organization saved $12.0 million over 3 years through multi-cloud vendor consolidation, a 60% reduction in security tool costs. This was achieved by decommissioning legacy appliances and software, cutting data ingestion fees from multiple SIEMs, and reducing internal/external labor spent on maintaining disparate systems, TEI info. Beyond license costs, tool consolidation reduces reliance on expensive external integrations or managed service providers. The TEI study noted that Microsoft Defender’s unified approach cut the need for certain external security monitoring services, contributing to the overall $17.8 million in quantified benefits. One security leader in the study remarked that the consolidation freed up budget that could be redirected to innovation or hiring more analysts, a strategic reallocation of funds, TEI info. In contrast, a point solution strategy often has diminishing returns on value due to cost. While each tool may be excellent, the aggregate cost of many premium solutions can be high. Moreover, integration projects between tools can run over budget. If an organization spends extra millions on integration middleware or custom development to make tools talk to each other, those costs eat into any incremental security benefit the best-of-breed approach provided. In short, the platform approach tends to yield a lower cost structure and higher ROI, as confirmed by the TEI finding of 242% ROI for the platform case. A fragmented approach typically would show a smaller ROI once all overheads are accounted for (and such an ROI is harder to quantify due to diffuse benefits and costs), TEI info. Conclusion In summary, adopting a platform-based approach to security tool consolidation brings organizations substantial cost savings, streamlines operations, and yields measurable improvements in business value. By eliminating redundant tools and simplifying management, companies not only reduce their total cost of ownership but also unlock resources that can be invested in innovation and talent. This strategic transition lays a solid foundation for continuous improvement and greater resilience in the face of evolving threats. Continue with Part 2 of our blog series, where we’ll take this analysis further by exploring additional pillars of the business value framework, including “Operational Efficiency and Workforce Productivity” as well as “Risk Reduction and Reliability.” These areas will reveal even more ways a unified security strategy can empower your organization for future success.Introducing new security and compliance add-ons for Microsoft 365 Business Premium
Small and medium businesses (SMBs) are under pressure like never before. Cyber threats are evolving rapidly, and regulatory requirements are becoming increasingly complex. Microsoft 365 Business Premium is our productivity and security solution designed for SMBs (1–300 users). It includes Office apps, Teams, advanced security such as Microsoft Defender for Business, and device management — all in one cost-effective package. Today, we’re taking that a step further. We’re excited to announce three new Microsoft 365 Business Premium add-ons designed to supercharge security and compliance. Tailored for medium-sized organizations, these add-ons bring enterprise-grade security, compliance, and identity protection to the Business Premium experience without the enterprise price tag. Microsoft Defender Suite for Business Premium: $10/user/month Cyberattacks are becoming more complex. Attackers are getting smarter. Microsoft Defender Suite provides end-to-end security to safeguard your businesses from identity attacks, device threats, email phishing, and risky cloud apps. It enables SMBs to reduce risks, respond faster, and maintain a strong security posture without adding complexity. It includes: Protect your business from identity threats: Microsoft Entra ID P2 offers advanced security and governance features including Microsoft Entra ID Protection and Microsoft Entra ID Governance. Microsoft Entra ID protection offers risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. It also enables SMBs to detect, investigate, and remediate potential identity-based risks using sophisticated machine learning and anomaly detection capabilities. With detailed reports and alerts, your business is notified of suspicious user activities and sign-in attempts, including scenarios like a password-spray where attackers try to gain unauthorized access to company employee accounts by trying a small number of commonly used passwords across many different accounts. ID Governance capabilities are also included to help automate workflows and processes that give users access to resources. For example, IT admins historically manage the onboarding process manually and generate repetitive user access requests for Managers to review which is time consuming and inefficient. With ID Governance capabilities, pre-configured workflows facilitate the automation of employee onboarding, user access, and lifecycle management throughout their employment, streamlining the process and reducing onboarding time. Microsoft Defender for Identity includes dedicated sensors and connectors for common identity elements that offer visibility into your unique identity landscape and provide detailed posture recommendations, robust detections and response actions. These powerful detections are then automatically enriched and correlated with data from other domains across Defender XDR for true incident-level visibility. Keep your devices safe: Microsoft Defender for Endpoint Plan 2 offers industry-leading antimalware, cyberattack surface reduction, device-based conditional access, comprehensive endpoint detection and response (EDR), advanced hunting with support for custom detections, and attack surface reduction capabilities powered by Secure Score. Secure email and collaboration: With Microsoft Defender for Office 365 P2, you gain access to cyber-attack simulation training, which provides SMBs with a safe and controlled environment to simulate real-world cyber-attacks, helping to train employees in recognizing phishing attempts. Additionally automated response capabilities and post-breach investigations help reduce the time and resources required to identify and remediate potential security breaches. Detailed reports are also available that capture information on employees’ URL clicks, internal and external email distribution, and more. Protect your cloud apps: Microsoft Defender for Cloud Apps is a comprehensive, AI-powered software-as-a-service (SaaS) security solution that enables IT teams to identify and manage shadow IT and ensure that only approved applications are used. It protects against sophisticated SaaS-based attacks, OAuth attacks, and risky interactions with generative AI apps by combining SaaS app discovery, security posture management, app-to-app protection, and integrated threat protection. IT teams can gain full visibility into their SaaS app landscape, understand the risks and set up controls to manage the apps. SaaS security posture management quickly identifies app misconfigurations and provides remediation actions to reduce the attack surface. Microsoft Purview Suite for Business Premium: $10/user/month Protect against insider threats Microsoft Purview Insider Risk Management uses behavioral analytics to detect risky activities, like an employee downloading large volumes of files before leaving the company. Privacy is built in, so you can act early without breaking employee trust. Protect sensitive data wherever it goes Microsoft Purview Information Protection classifies and labels sensitive data, so the right protections follow the data wherever it goes. Think of it as a ‘security tag’ that stays attached to a document whether it’s stored in OneDrive, shared in Teams, or emailed outside the company. Policies can be set based on the ‘tag’ to prevent data oversharing, ensuring sensitive files are only accessible to the right people. Microsoft Purview Data Loss Prevention (DLP) works in the background to stop sensitive information, like credit card numbers or health data, from being accidentally shared with unauthorized people Microsoft Purview Message Encryption adds another layer by making sure email content stays private, even when sent outside the organization. Microsoft Purview Customer Key gives organizations control of their own encryption keys, helping meet strict regulatory requirements. Ensure data privacy and compliant communications Microsoft Purview Communication Compliance monitors and flags inappropriate or risky communications to protect against policy and compliance violations. Protect AI interactions Microsoft Purview Data Security Posture Management (DSPM) for AI provides visibility into how AI interacts with sensitive data, helping detect oversharing, risky prompts, and unethical behavior. Monitors Copilot and third-party AI usage with real-time alerts, policy enforcement, and risk scoring. Manage information through its lifecycle Microsoft Purview Records and Data Lifecycle Management helps businesses meet compliance obligations by applying policies that enable automatic retention or deletion of data. Stay investigation-ready Microsoft Purview eDiscovery (Premium) makes it easier to respond to internal investigations, legal holds, or compliance reviews. Instead of juggling multiple systems, you can search, place holds, and export information in one place — ensuring legal and compliance teams work efficiently. Microsoft Purview Audit (Premium) provides deeper audit logs and analytics to trace activity like file access, email reads, or user actions. This level of detail is critical for incident response and forensic investigations, helping SMBs maintain regulatory readiness and customer trust. Simplify Compliance Management Microsoft Purview Compliance Manager helps track regulatory requirements, assess risk, and manage improvement actions, all in one dashboard tailored for SMBs. Together, these capabilities help SMBs operate with the same level of compliance and data protection as large enterprises but simplified for smaller teams and tighter budgets. Microsoft Defender and Purview Suites for Business Premium: $15/user/month The new Microsoft Defender and Purview Suites unite the full capabilities of Microsoft Defender and Purview into a single, cost-effective package. This all-in-one solution delivers comprehensive security, compliance, and data protection, while helping SMB customers unlock up to 68% savings compared to buying the products separately, making it easier than ever to safeguard your organization without compromising on features or budget. FAQ Q: When will these new add-ons be available for purchase? A: They will be available for purchase as add-ons to Business Premium in September 2025. Q: How can I purchase? A: You can purchase these as add-ons to your Business Premium subscription through Microsoft Security for SMBs website or through your Partner. Q: Are there any seat limits for the add-on offers? A: Yes. Customers can purchase a mix of add-on offers, but the total number of seats across all add-ons is limited to 300 per customer. Q: Does Microsoft 365 Business Premium plus Microsoft Defender Suite allow mixed licensing for endpoint security solutions? A: Microsoft Defender for Business does not support mixed licensing so a tenant with Defender for Business (included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (included in Microsoft 365 Security) will default to Defender for Business. For example, if you have 80 users licensed for Microsoft 365 Business Premium and you’ve added Microsoft Defender Suite for 30 of those users, the experience for all users will default to Defender for Business. If you would like to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through standalone or Microsoft Defender Suite) and then contact Microsoft Support to request the switch for your tenant. You can learn more here. Q: Can customers who purchased the E5 Security Suite as an add-on to Microsoft 365 Business Premium transition to the new Defender Suite starting from the October billing cycle? A: Yes. Customers currently using the Microsoft 365 E5 Security add-on with Microsoft 365 Business Premium are eligible to transition to the new Defender Suite beginning with the October billing cycle. For detailed guidance, please refer to the guidelines here. Q: As a Partner, how do I build Managed Detection and Response (MDR) services with MDB? A: For partners or customers looking to build their own security operations center (SOC) with MDR, Defender for Business supports the streaming of device events (device file, registry, network, logon events and more) to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. If you are using the streaming API for the first time, you can find step-by-step instructions in the Microsoft 365 Streaming API Guide on configuring the Microsoft 365 Streaming API to stream events to your Azure Event Hubs or to your Azure Storage Account. To learn more about Microsoft Security solutions for SMBs you can visit our website.
