Notifications
Clear all
Topic starter
27/06/2026 1:21 pm
TL;DR: Microsoft and secure email gateways overlap on redundant features, creating avoidable cost and operational drag for teams that need to save money and time, according to Abnormal AI. The real decision is not whether to add more controls, but which duplicated email-security functions can be consolidated without widening the attack surface.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should teams decide which email security controls to keep when Microsoft and an SEG overlap?
A: Teams should keep the control that provides measurable coverage for the threats they actually face and remove duplicated enforcement where two tools do the same job.
Q: Why does redundant email security create more than just licensing waste?
A: Because duplicate controls create duplicate work.
Practitioner guidance
- Inventory overlapping email controls List the Microsoft and SEG features that perform the same filtering, quarantine, impersonation detection, and policy enforcement functions, then assign a single system of record for each control area.
- Measure analyst time spent on duplicated workflows Track how much time your team spends tuning duplicate rules, reconciling alerts, and resolving conflicting outcomes across platforms before deciding what to keep.
- Test retained coverage against advanced threats Validate the remaining stack against impersonation, payload delivery, and credential theft scenarios so consolidation does not remove the protections that actually reduce risk.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Which Microsoft and SEG capabilities are redundant in day-to-day operations
- How the proposed stack change affects email threat detection and workflow efficiency
- What the presenters say about saving time and money through consolidation
- Why the discussion matters for teams under budget pressure
👉 Watch Abnormal AI's webinar on refreshing email security stacks →
Microsoft and SEG overlap in email security: what teams should cut?
Explore further
27/06/2026 2:41 pm
Email security sprawl is now a governance problem, not just a tooling problem. When Microsoft and a secure email gateway cover the same features, the organisation is paying for overlapping enforcement, overlapping tuning, and overlapping accountability. That duplication weakens clarity about which control is authoritative when incidents occur. Practitioners should treat stack rationalisation as part of control governance, not as a procurement cleanup exercise.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging at 37% and over-privileged accounts at 37%, according to the same report.
A question worth separating out:
Q: What is the identity risk of treating email security as a separate problem from IAM?
A: Email is often the first path into identity compromise, so a weak mail stack can become a weak IAM outcome. Attackers use email to harvest passwords, steal sessions, or trigger malicious actions in linked workflows. Teams should therefore evaluate email controls as part of the broader identity protection model, not as an isolated channel.
👉 Read our full editorial: Refreshing email security stacks: where Microsoft and SEGs overlap
