The Microsoft 365 Defender
suite is a recognized market leading Extended Detection and Response (XDR) solution for Microsoft 365 services that offers built-in, automated, and coordinated protection services that detect and block attacks across Microsoft 365 security products, and provide a unified portal for security operations (SOC) teams to manage, investigate, respond to, and remediate, security events and attacks in a holistic manner. The Microsoft 365 Defender product suite includes:
Microsoft 365 Defender (M365D) A coordinated, cloud-based, XDR-level detection and response platform that offers a unified security operations portal across all Microsoft 365 Defender portfolio products.
Microsoft Defender for Endpoint (MDE) A holistic, cloud-based endpoint security solution that supports all OS platforms and device form factors, offering behavior-based next generation endpoint protection, risk-based vulnerability management and assessment, security posture configuration, Endpoint Detection and Response (EDR), automatic remediation.
Microsoft Defender for Identity (MDI) A cloud-based User and Entity Behavioral Analytics (UEBA) solution across on-premises Active Directory, Azure Active Directory, and hybrid enterprises that identifies, detects, investigates and remediates advanced threats, compromised identities, and malicious insider actions.
Microsoft Defender for CloudApps (MDA) A Software as a Service (SaaS) monitoring, management, and protection solution that supports various deployment modes, including log collection, API connectors, and reverse proxy. It provides security teams with rich visibility (discovery), threat detection and control (data protection and compliance) for over 25K applications used by the enterprise users and applies sophisticated analytics to identify and combat cyberthreats across Microsoft and third-party cloud services.
Microsoft Defender Vulnerability Management (MDVM) A proactive, risk-based Vulnerability Management solution that helps you efficiently and holistically discover, assess, and remediate vulnerabilities and misconfigurations. Microsoft Defender Vulnerability Management offers continuous asset visibility, consolidated inventories, intelligent assessment tools, risk-based prioritization, and built-in remediation workflows.
Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. Microsoft Sentinel is your bird's-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames.
Microsoft Defender for IoT is a global Microsoft group delivering OT and IoT security. The group is comprised of top-notch engineers, product people, researchers and business developers. The group's solutions are deployed worldwide in every possible vertical, ranging from energy and manufacturing to smart spaces and standard enterprise environments, in which a plethora of IoT devices is used.
Microsoft Defender for Cloud (MDC) helps customers secure their public cloud workloads. It provides insights into the cloud security posture and recommendations for improving it, while also monitoring and detecting runtime security threats leveraging advanced AI and security research. Defender for Cloud protects infrastructure and application resources, wherever they are, including Azure, on-premises, and other public cloud providers such as AWS and GCP.
Enterprise Security Posture Management integrates signals from across the entire security stack, including network, endpoint, cloud, and application security, and enriches it with context to give security teams a comprehensive view of their organization's security posture. Using this platform, security teams can more effectively detect and respond to threats, identify areas of vulnerability, and implement strategies to mitigate risk caused by the increasing attack surface. By bringing together data from a wide range of sources, the platform helps security teams make informed decisions and take proactive measures to protect their organization from cyber threats.
MSTIC-IL hunts, tracks and protects against threat signals as part of MSTIC (the Microsoft Threat Intelligence Center). MSTIC-IL also builds a platform Microsoft threat analysts use to collaborate on threat hunting and customer protection.
BlueHat IL is home to the largest Infosec community in Israel. With a thriving local ecosystem that is globally renowned for its excellence, innovation and creativity, it isn’t surprising that Israeli companies have a huge impact on cybersecurity worldwide. Our community includes industry leaders, entrepreneurs, academia, government officials, independent researchers and hobbyists.
Every year, thousands of security professionals take part in our initiatives:
BlueHat Meetup - an open stage for casual gatherings and sharing knowledge.
BlueHat IL is our cyber-fantasy land, right here in Tel Aviv. We set the stage for the world’s top researchers to talk about their latest finds, and give local hackers the chance to break our challenges or build fun gadgets in our workshops. Check out the action we had last year
BlueHat Nights is a Cyber summer bash for security professionals, which features talks by notorious hackers, followed by our famous all-night party.
Each year, our BlueHat Nights follows a theme. We’ve already (literally) tapped into the IoT world and car security. Any guesses on what’ll be next?!
An ongoing, bi-monthly casual engagement, where our own Israeli researchers (both from Microsoft and external) come and talk about their research, all while holding a beer.
Have something to talk about? DM us at our meetup page!
Digital Transformation Platforms
Kusto is a big data analytics platform for interactive ad-hoc queries over petabytes of data with minimal latency. As a grassroots incubation project that started in at ILDC, Kusto took on some of the greatest challenges in computer science, including creating a new query language , efficient database storage technologies, query optimization, ecosystem development, and data science enablement. With its leading technical capabilities and customer focus, the technology the Kusto team created rapidly attracted the attention of many product groups across the company and grew exponentially in usage and volume. Today, Kusto is the de facto standard at Microsoft for big data interactive analytics. It powers a broad list of analytical solutions as a service used by Microsoft and its customers, such as Azure Monitor, Azure Cost Management , Microsoft Defender , LinkedIn , Sentinel, Teams Education, and many more. Kusto is an integral part of the Azure Data Services cloud-scale analytics portfolio, offering Azure Data Explorer as a complete cloud-native database stack. It is also available as the Data Explorer component of Azure Synapse Analytics (a comprehensive and strategic analytics offering), providing customers with insights from their log and telemetry data. Kusto Detective Agency is a fun activity you can try for free with Azure Data Explorer. Explorer endless options at the Samples Gallery.
Copilot ILDC - Customer Experience Copilot is how we integrate large language models (LLMs) into the seller, marketer and the sales/marketing organization workflows. The Copilot team in ILDC has a unique opportunity together with its sister-teams Viva Sales and D365 Sales, to leverage both CRM, Customer Insights data and Office data (emails, meetings, documents, etc.) as inputs into LLM scenarios, creating unique and differentiated outcomes not possible by competitors. These new capabilities will help sellers advance deals more quickly, improve communication with customers, and increase the volume of opportunities and accounts they can manage. We’re leveraging the team’s extensive knowledge of Dynamics 365 Sales Conversation Intelligence – which helps sales organizations stay focused on the customer journey and accumulate insights and context that often get lost in application and tool switching – and adding to it in order to enhance customer experience even further, starting with seller productivity through Viva Sales.
The ILDCPower Query Dataflows
- The ILDC Citizen Data Integration team is part of the Data Integration group in the Azure Data/Intelligence Platform organization.Our group specializes in Data movement, preparation, and process orchestration, and provides both direct-to-customer SaaS offerings and PaaS integrations within Microsoft products.Our products and integrations serve customers across a wide spectrum of expertise, from citizen personas, requiring self-service and no to low-code solutions, all the way to medium to high code scenarios for pro-developers and petabyte-scale data volumes.
Our team at ILDC oversees the development of Dataflows: A self-service, cloud-based data preparation solution leveraging Power Query, a unified Data Connectivity and Preparation experience used by millions of customers every month. With dataflows, customers can prep data from hundreds of sources, apply 300+ transformations, and load data to a myriad of products and databases, including many Microsoft products: Power BI, Power Platform, and Dynamic 365 Insight Applications. Dataflows run in the cloud, so data is always kept up to date.
Chief Product Office The Business Applications Platform(BAP) Chief Product Office leads product strategy, vision, innovation and storytelling across all Microsoft Business Applications and Platform products.The team defines product strategy, drives thought leadership, identifies critical market trends and competitive insights and delivers strategic customer envisioning and storytelling. The team delivers the BAP product narrative which enables Microsoft to attract and retain customers on their digital transformation journey, while driving potential roadmap investment opportunities across BAP.
across key industry investments, along with
Microsoft Cloud for Financial Services.
With both, we leverage the Israeli ecosystem around AI and Fintech to drive innovation and a thriving partner ecosystem for Industry Clouds.
For Industry AI, our objective is to build on Microsoft’s AI platforms and provide partners and customers with industry-specific AI applications as part of the Microsoft Cloud for Industry.We harness platforms such as Cognitive Services for speech, and Azure ML to build industry-tailored models to responsibly address needs.
By connecting Microsoft’s differentiated technology in AI and data analytics to industry-specific business outcomes, we are able to enhance not only the horizontal AI marketing message and potential impact, but also the core messaging for our Industry Clouds as the detailed list of industry-specific AI scenarios will become a competitive differentiator.
For Microsoft Cloud for Financial Services, our objective is to bring together the power of Microsoft Cloud across Microsoft Azure, Dynamics 365, Power Platform and Microsoft 365, addressing key challenges in the financial services industry to help customers with their digital transformation.We started with a focus on Retail Banking and are now building on customer momentum to extend into additional verticals, such as insurance and capital markets, altogether delivering an architecture where our partner ecosystem can innovate atop of our first-party capabilities to offer comprehensive solutions.
Our team works closely both with other internal groups and collaborates with external partners and customers.
Health ILDC builds innovative technologies for the Health & Life Sciences industry by leveraging Artificial Intelligence, advanced technologies, research and applied data science, as well as ecosystem partnerships. We build products that allow healthcare organizations to improve their services and patient outcomes and empower patients with access to health data and knowledge. Health ILDC builds cloud services on Azure to deliver technologies involving conversational intelligence, natural language processing, machine learning, and diverse algorithmic approaches, delivering products to millions of users around the world, aiming to make a difference in people’s lives.
The Automated Driving Platform(AKA ADP) is a cloud-based data platform for the agile development of automated driving functions.Built in collaboration with CARIAD of the Volkswagen Group, it will simplify developers’ workflow, through one scalable and data-based engineering environment.Building automated driving functions requires large-scale computational capabilities and petabytes of data, representing different road and weather conditions, various obstacles and unpredictable driver behavior for training, simulation and validation.
Industry Solutions Engineering(ISE) is an engineering and data science team that works directly and collaboratively with customers looking to leverage the latest technologies to address challenges and transform their industries using cloud-based solutions.We accompany our customers and co-create innovative custom solutions for their challenges. During this process, we improve our own platforms by partnering with our internal product groups.We take pride in our contributions to open source and make our platforms easy to adopt. Our work involves developing high-impact software assets that contribute to the Microsoft platform and are broadly applicable.
Every day on the way home from work, I think about the number of wild, new things I learned.
Maya Bechler-Speicher, Software Engineer Intern
Experiences & Devices
Microsoft Search, Assistant and Intelligence Israel team is part of the international MSAI Org, which is driving Microsoft's Assistant, Search, and Intelligence for M365 users. The team is using a wide set of large AI-based solutions embedded in the Office 365 environment. Its goal is to improve efficiency, shorten processes and enable natural access to complex system.
Combining the use of AI deep-learning models and methodologies with web-scale high-capacity systems, the team impacts hundreds of millions of users in numerous organizations.
The Israel team is part of a global team that is tasked to leverage massive user-generated data-sets accessible to AI machinery in the cloud, using Microsoft Graph to build an assistance platform that brings AI to life within the core M365 productivity experiences that millions of users already engage with every day.
Excel Israel team, consisting of ~120 team members, is part of the Office organization. The team owns and drives multiple strategic investments in the Excel team. Ownership includes:
(1) Excel for the web – we are on the journey of building the leading spreadsheet cloud service in the world , serving hundreds of million users at an enormous scale for best experience in browser;
(2) Get and transform data in Excel – Data is at the center of calculation, analysis and decision making. Get Data provide the ability to connect Excel files to a large set of data sources and data services. Enabling the user to shape the data and making sure the workbook is always up to date.
(3) Enhancing Excel via AI – we are on the path to transform the way users create formulas, clean their data and validating correctness of their spreadsheets by leveraging AI technologies.
Microsoft eCDN is a new group that was formed after the acquisition of the Israeli startup Peer5. The group's core product is an enterprise Content Delivery Network based on P2P mesh networks that alleviates network congestions and ensures high-quality live streaming. In the past few years, internal corporate video streaming has become critical to the world’s largest organizations. As companies invest heavily in event production, having the best possible video quality is paramount. This means no glitches, no buffering, and HD/4K when possible. However, corporate networks and gateways are not designed to sustain the massive peak-demand bandwidth that occurs during virtual events where many employees attend simultaneously. With Microsoft eCDN, the traffic is optimized, and only a fraction of the bandwidth is needed, enabling our customers to deliver bigger, high-quality events that reach all employees reliably.
Education Analytics team makes use of educational data from first- and third-party sources to build insights which help teachers better understand their students' needs, help students develop 21st century skills and help education systems ensure that all students are engaged in their studies. In its work, the team uses data science and machine learning to provide education insights that helps learners thrive. To do so, it partners with school districts around the world.
Surface Israel team is a multidisciplinary team that creates the Human Computer Interaction of today and tomorrow’s personal computing. The team uses the cutting edge technologies for making the interaction between a human being and computer simple and (almost) magical.
By using AI and ML algorithms which are built into efficient custom silicon pieces and embedded SW, the Surface computer is able to “understand” the person. The Surface cutting edge technology which brings the best of Microsoft to the user, improves the way ideas are moving and evolving whether it is in class room or in creator studio or in a meeting room.
Advanced Technology Labs is part of the Teams Calling, Meeting, and Devices group. Its mission is to bring AI capabilities to help design the future of meetings and modernize how people interact with each other in various hybrid workspaces to achieve more.Advanced Technology Labs is part of the Teams Calling, Meeting, and Devices group. Its mission is to bring AI capabilities to help design the future of meetings and modernize how people interact with each other in various hybrid workspaces to achieve more.
It’s pretty amazing that at the Microsoft Israel R&D Center we write a few lines of code and within a matter of weeks, it’s deployed to millions of users.
Sruly Taber, Senior Program Manager
[We like to keep our fans in suspense]
Cloud & AI Platform
Microsoft’s Commercial Marketplace Experiences (CMX) revolutionize the way businesses are buying commercial software by replacing the traditional sales motion with a personalized marketplace experience that drives repeated usage for customers, superior demand and revenue for partners, and creates network effects that result in long-term sustainable growth for Microsoft.
Azure Video Indexer is Microsoft’s Applied AI service for media AI. The service enables users to unlock insights from their videos using artificial intelligence technologies. These unlocked insights can be used to make video libraries more searchable, improve consumer engagement, increase the monetizable value of videos, and make video and audio content more accessible. The service provides APIs, portal experience , and widgets that can seamlessly integrate with existing video infrastructure.
Our Enterprise & Security team builds the Core OS’s cryptography infrastructures. Among them low - level cryptographic operations(BCrypt), key storage operations(NCrypt), static data protection(DPAPI), and securely secrets sharing(DPAPI-NG) using modern algorithms while innovating by using next-gen ciphers such as Post Quantum Cryptography(PQC) ciphers.The team also builds the Windows Security core features such as Microsoft Defender Application Guard and MDM. Our code powers the Azure cloud from chip to container on both Windows and Linux, and monitors and protects keys while performing billions of TLS connections daily.Our Windows feature runs on billions of devices, for example, PCs, tablets, and Xbox.Therefore, the utmost reliability, efficiency, and security of code are all mandate in this team.The team combines world -class experts in Operating Systems, Cryptography, and Protocols which solve some of the most complicated and delicate security problems facing operating systems.
Microsoft Security Fundamentals (EPSF) organization employs security experts from multiple disciplines and applies advanced security research techniques to find vulnerabilities, develop new mitigation techniques, and secure Microsoft products. The organization contains Microsoft Offensive Research & Security Engineering (MORSE) , focusing on Operating System security – whether Linux, Windows, or embedded, running in the cloud as well as in edge devices and appliances. The second team is EDGS – Enterprise, Devices, and Gaming Security which focuses on Azure Cloud Services, as well as finding security issues in multitenancy scenarios and on security telemetry.
Azure Monitor Log Analytics is a widely used observability solution that lets customers all over the world make sure that their digital assets are working correctly, secure and performant. Organizations of all types depend on Azure Monitor Log Analytics, from small shops to Fortune 500 and government organizations. This hyper-scale multi-tenant SaaS service, processing Petabytes of data daily, enables customers to efficiently collect, aggregate, and store petabytes of log data while providing powerful insights through strong query language. Azure Monitor Log Analytics is also used as a foundation for other Microsoft offerings, such as Microsoft Sentinel, Azure Application Insights, and more.
Azure Monitor Alerts offers observability into applications and infrastructure running on Azure or outside of it, with a portfolio of massive-scale platforms and solutions to monitor the health and performance of systems and applications across the stack. The Alerting team is responsible for all the alerting scenarios in Azure Monitor. The team also drives AIOps into all layers of the portfolio by harnessing data science, ML paradigms, and statistical inference deep into the technology and customer-facing experiences.
Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best-of-breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability, providing both east-west and north-south traffic inspection.
The Azure Application Security team is building the next-gen application security offering for Azure networking customers; a new huge-scale product offering L3-L7 protection for all deployments of applications hosted on Azure, including data-driven advanced detections and mitigations embedded into the datapath.
Azure Networking Security Research(ANSR) is facing and proactively looking for 1st party security issues, with the mission statement of making Azure the most secure cloud platform in the world. The group is focusing on researching internal Azure services and platforms, collaborating with engineering and security teams across Azure.
Azure Core Compute & Host ILDC develops and productizes cutting-edge acceleration hardware & software for offloading networking and storage processing from the host. Our acceleration products, that impact every service running on Azure, combine highly efficient hardware and software elements running on Azure’s millions of servers. These products enable super-efficient deployment of virtual servers, networks, and storage, all running on physical servers. These accelerators use virtualization technologies to offload workloads from the host CPU resulting in improved throughput, latency, storage IOPS as well as reduced CPU utilization.The acceleration products also enable Microsoft to quickly and efficiently develop and deploy proprietary capabilities and offer unique features to its customers.
The Azure CXP
vision is to “transform Microsoft cloud customers into fans”, by leading world-class customer reliability engagements, engineering modern customer-first experiences for scale, and driving deep customer insights and empathy into engineering.
The team in Israel is a virtual extension of Azure CXP, with PMs from across several Azure CXP organizations, including:
•FastTrack, a team of PMs and engineers who work directly with customers and partners to help them build Azure solutions quickly and confidently, enabling the successful deployment of Azure services
•Growth and Innovation, leading deployment solutions for ISVs and startups
•The PRIMO PM team that builds and operates critical systems required to manage and operate the Microsoft Cloud
GitHub – Developer experiences group is part of the Development Experience department at GitHub. Its mission is to accelerate the delivery at GitHub by offering delightful, fast, compliant and secure solutions for developing, building, testing and deploying code. The team is responsible for building and maintaining GitHub's runtime platform. This platform enables developers to easily build, deploy and manage the hundreds of applications that make up the world's largest code hosting platform.
The ILDC Content Development team
creates customer-facing documentation and training content for the Microsoft products developed at the ILDC, and more. We create and maintain the customer documentation and training content published on Learn.Microsoft.com.
Our focus is spans Security, Identity, Azure Monitor, Azure Data Explorer, and PowerBI.
Our team partners with the product, customer experience, support, and design teams to create world-class product documentation and training.
I get up every morning and catch a ride on the shuttle to Microsoft with Dia. It's fun to meet my friends and spend time with the most amazing people in the world.
Max (Dia’s Weimaraner)
[We like to keep our fans in suspense]
I love that I don’t just implement solutions - I have to find them.
Yoni Chechik, Researcher