At RSAC 2026, the cybersecurity giant announced support for Microsoft Defender for Endpoint in its Falcon next-generation SIEM platform, along with new capabilities for AI detection and response.
CrowdStrike is doubling support for Microsoft security tools and launching new and enhanced AI security features in a major update to its Falcon next-generation SIEM platform, the cybersecurity giant announced Monday.
Regarding Microsoft support, CrowdStrike announced support for Microsoft Defender for Endpoint within Falcon next-generation SIEM, significantly expanding the market for the SIEM (security information and event management) platform.
[Related: CrowdStrike CEO George Kurtz: 2026 Is ‘Breakout Year’ For Agentic SOC]
CrowdStrike also announced Monday that it is expanding its Falcon AI Detection and Response (AIDR) service to further cover the AI application ecosystem, and the vendor also launched expanded “shadow AI” detection.
According to CrowdStrike Chief Business Officer Daniel Barnard, this announcement is made in conjunction with the launch of RSAC 2026 in San Francisco and will provide significant new opportunities for solution and service provider partners.
Below are details about CrowdStrike’s massive launch into next-generation SIEM and AI security.
Next-gen SIEM adds Microsoft Defender support
CrowdStrike is becoming increasingly disruptive in the security operations market with its fast-growing Falcon next-generation SIEM product, executives said. According to the company, key benefits include improving security outcomes by delivering a modern approach that takes full advantage of AI and cloud-native technologies.
With the addition of support for Microsoft’s widely used Defender security platform, CrowdStrike significantly “expands the addressable market” for Falcon next-generation SIEM, Barnard said in a media briefing. Falcon Next-Gen SIEM can now ingest and correlate telemetry data from Microsoft Defender for Endpoint as part of expanded support, CrowdStrike has revealed.
The announcement is also the latest collaboration between the two companies, marking a further departure from years of bitter rivalry.
“This is a new juncture for CrowdStrike in the work we’re doing with Microsoft and the work Microsoft is doing with us,” Barnard said.
Other recent developments include the February announcement that CrowdStrike’s Falcon platform will be available on Microsoft Marketplace.
Expanding opportunities for next-generation SIEM partners
Bernard said the newly announced support for Microsoft Defender for Endpoint creates significant new opportunities for partners to work with Falcon next-generation SIEM.
As a result of the move, “we now have a whole new set of partners who will be working on our platform, on our platform, and through our platform,” he said.
Ultimately, Falcon Next Generation SIEM for Defender “takes us into much more environments than we currently have, and I think that’s a positive for our channel partners,” he said.
In fact, executives say many organizations are running multiple endpoint security tools in their environments, in some cases using both CrowdStrike’s Falcon platform and Microsoft Defender.
“We want to be able to deliver the best SIEM product possible, regardless of what the endpoints are running,” CrowdStrike CTO Elia Zaitsev said in a media briefing.
More Next-Gen SIEM Upgrades
CrowdStrike has debuted additional new features for its next-generation SIEM, including capabilities integrated through its acquisition of data pipeline management startup Onum in August 2025.
These new features include intelligent filtering, which allows security teams to “efficiently control what data is brought into our platform and what data is filtered out completely or sent elsewhere,” Zaitsev said.
Other new features include detection and enhancements for real-time analytics delivered directly within the pipeline itself, which “significantly improves our ability to detect and respond to threats,” he said.
Meanwhile, CrowdStrike says federated search is now available across distributed data systems, enabling quick and flexible access to external data sources such as ExtraHop.
Expansion of AIDR
In December, CrowdStrike announced the general availability of its Falcon AI Detection and Response (AIDR) product. This significantly strengthens the security around AI prompts and agent interactions, said CrowdStrike President Mike Sentenas. CRN at that time.
At RSAC 2026, CrowdStrike announced the next major update to AIDR, extending the tool’s capabilities beyond browser-based AI applications to now support desktop applications.
This means Falcon AIDR can help protect desktop versions of applications such as OpenAI’s ChatGPT, Anthropic’s Claude, and the Microsoft 365 Copilot integration into the Microsoft 365 suite, Zaitsev said. He said the tool can also protect various agent applications that connect directly to IDEs (integrated development environments) and environments such as Microsoft’s Visual Studio Code.
Falcon AIDR can provide rapid security such as prompt injection attack detection, as well as protection against data leaks and real-time policy enforcement for desktop AI applications, Zaitsev said.
Discovery of Shadow AI
CrowdStrike on Monday announced several updates that will enable expanded detection of unauthorized “shadow AI” use.
These new features include Shadow AI Discovery for endpoints. It provides automatic discovery of AI systems such as apps and agents, LLM runtimes, MCP servers, and developer tools running on endpoints.
CrowdStrike also debuted detection capabilities for shadow AI agents and shadow SaaS applications across a number of top platforms, including Microsoft Power Platform, Salesforce Agentforce, and ChatGPT Enterprise.
Additionally, the vendor debuted Shadow AI Discovery for the cloud, unifying visibility across both cloud infrastructure and application layers.
