John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
If you’d told me two years ago that CrowdStrike and Microsoft would announce a data-sharing partnership at RSA, I’d have assumed you were hallucinating. And yet here we are.
At RSA 2026, CrowdStrike announced that Falcon Next-Gen SIEM now ingests telemetry from Microsoft Defender for Endpoint natively. No extra sensor needed. For the massive number of enterprises running both products (which is most of them), this kills a data silo that’s been driving SOC teams crazy for years.
The backstory is wild. In July 2024, a botched CrowdStrike update bricked 8.5 million Windows machines. George Kurtz sat before the Senate and called Microsoft’s software “antiquated.” Microsoft had its own problems with the Storm-0558 incident. These two companies were not exactly friendly.
So how’d they end up here? Formula 1. Seriously. Kurtz co-owns the Mercedes-AMG Petronas F1 team, Microsoft came looking for sponsorship opportunities, and somehow that opened a door. CBO Daniel Bernard put it this way: “In an interesting way, Formula One sort of brought us together on a more strategic level.”
I love this industry.
CrowdStrike is also now in the Azure Marketplace for the first time, which means enterprises with Azure Consumption Commitment agreements can buy CrowdStrike with existing Azure spend. For procurement teams, that’s huge. It turns a new vendor purchase into a line item on an existing contract.
Bernard’s best quote: “The certainties in life are threefold: death, taxes, and Microsoft. So rather than fight, let’s find ways that customers can use all of our products.” Most honest thing said at a security conference in years.
If you’re running both products, this could genuinely simplify your SOC workflow. Pricing hasn’t been disclosed, so don’t assume it’s free. But it’s worth a conversation with your reps.