As businesses shift to running more applications in the cloud, the end-to-end control points that customers once owned have disappeared, making it challenging to securely deliver exceptional application user experiences.

To address this challenge, Cisco and Microsoft are combining joint engineering activities with our complementary product sets to provide our customers with a Secure Access Service Edge (SASE) cloud-based architecture. This architecture converges network and security services into a cloud-delivered services model adhering to Zero Trust principles with a flexible architecture that allows customers to choose the Cisco or Microsoft products that best meet their needs when capabilities overlap.

For instance, I’m especially excited about the recent announcement of our joint solution to rapidly detect advanced cyber threats and automate response: Cisco Extended Detection and Response (XDR) delivered with planned out-of-the-box integrations with Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Sentinel.

In this blog, I highlight four additional areas of collaboration to deliver SASE to our customers, leveraging innovation from both Cisco and Microsoft.

Delivering optimized network performance

“Slow is the new broken” when it comes to delivering exceptional user experiences. Help desk calls light up when applications stop responding quickly. As the software-defined wide area network (SD-WAN) has become the de facto standard for communicating over the Internet–including connecting remote workers and communicating with cloud-based applications–the need for SD-WAN optimization takes center stage in any company’s SASE strategy.

To this end, Cisco SD-WAN Cloud OnRamp is an industry market leader, enabling customers to optimize application connectivity for Software as a Service (SaaS) applications. With joint Cisco and Microsoft engineering, Cisco SD-WAN also provides optimal network performance for Microsoft applications, including Microsoft 365, Teams, SharePoint, and OneDrive.

To help facilitate this capability, Microsoft provides an Application Programming Interface (API) to its Office 365 IP Address and URL web service, which enables customers to distinguish Microsoft from non-Microsoft traffic. In addition, Microsoft provides a level of granularity that categorizes the type of traffic. This categorization, for instance, enables customers to avoid having a large OneDrive file upload negatively impact collaboration Teams video calls. Cisco SD-WAN takes advantage of this information to optimize Microsoft application traffic.

In addition, automatic best path selection is further enhanced by the combination of Cisco WAN link telemetry data, which has information at the network level, and Microsoft 365 app telemetry data, which has information at the application level. This combination provides cradle-to-grave and end-to-end per site, per link, and per branch visibility of application performance.

Enhancing security

Microsoft Sentinel is Microsoft’s scalable, cloud-native solution that provides both Security information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR). Microsoft Sentinel can ingest data from a variety of data sources, including Azure Active Directory (AD) and Microsoft 365.

Through additional joint engineering activities, connectors have also been built for several Cisco security products such as Duo, Umbrella, and Identity Services Engine (ISE). These connectors help to bring Cisco security product data into the Microsoft framework for security, providing customers with increased visibility into their entire data estate from one location for enhanced attack detection, threat visibility, proactive hunting, and threat response.

As an example use case, Zero Trust guidelines recommend having a secondary means for authentication sourced from a second vendor. For Microsoft AD customers, Cisco Duo can provide this secondary mechanism. Microsoft 365 users are the number one users of Duo.

Threat intelligence provides another example use case. All Cisco security products use the Cisco Talos Intelligence Group. Given that 80 percent of the world’s Internet traffic flows through Cisco networking, Talos provides a unique, strategic advantage in having access to this data: the ability to identify security threats more quickly and accurately. This enhanced threat intelligence flows through the Cisco security products to provide further protection for Microsoft Sentinel customers.

Cisco Extended Detection and Response (XDR) with Microsoft Defender and Sentinel

Cisco helps organizations better protect the integrity of their entire IT ecosystem, providing extended detection and response to find and remediate threats faster. Cisco XDR provides security operations teams with increased visibility and actionable insights to automate threat response across networks, cloud, endpoints, email, and applications.

As a testament to the strong collaboration between Cisco and Microsoft, the initial set of out-of-the-box integrations that include Microsoft at general availability include:

  • Endpoint Detection and Response (EDR): Microsoft Defender for Endpoint
  • Email Threat Defense: Microsoft Defender for Office 365
  • SIEM: Microsoft Sentinel

Learn more about Cisco XDR and when to expect general availability.

Leveraging the best from both technology leaders

The reality is that neither Cisco nor Microsoft alone provide all the networking and security technologies needed, for instance, to securely deliver optimal user experiences for Microsoft applications. In addition, different companies likely have varying mixes of Cisco and Microsoft products deployed. Therefore, Cisco and Microsoft are working together to help our customers maintain their existing Cisco and Microsoft technology landscapes, and to also provide them with additional SASE capabilities where needed.

Curious to learn more?


Visit Microsoft and Cisco Solutions to learn more!


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!

Cisco Partners Facebook  |  @CiscoPartners Twitter  |  Cisco Partners LinkedIn


Amy Bahlo

Global Partner Executive for Microsoft

Global & Strategic Partner Organization