At RSAC 2026, the cybersecurity giant unveiled support for Microsoft Defender for Endpoint in its Falcon Next-Gen SIEM platform along with new capabilities for AI detection and response.
CrowdStrike is doubling down on support for Microsoft security tools with a major update to its Falcon Next-Gen SIEM platform, along with launching enhanced new AI security capabilities, the cybersecurity giant announced Monday.
In terms of Microsoft support, CrowdStrike disclosed that it will now support Microsoft Defender for Endpoint within Falcon Next-Gen SIEM, providing a significant market expansion for the SIEM (security information and event management) platform.
[Related: CrowdStrike CEO George Kurtz: 2026 Is ‘Breakout Year’ For Agentic SOC]
CrowdStrike also announced Monday it has extended its Falcon AI Detection and Response (AIDR) offering to cover more of the AI application ecosystem, while the vendor has also launched expanded “shadow AI” discovery.
The announcements were made in connection with the start of RSAC 2026 in San Francisco, and will provide substantial new opportunities for solution and service provider partners, according to CrowdStrike Chief Business Officer Daniel Bernard.
What follows are the details on CrowdStrike’s big launches for Next-Gen SIEM and AI security.
Next-Gen SIEM Adds Microsoft Defender Support
CrowdStrike has increasingly become a disrupter in the security operations market with its fast-growing Falcon Next-Gen SIEM offering, executives said. Key advantages include improved security outcomes through providing a modernized approach that makes full use of AI and cloud-native technologies, according to the company.
With the addition of support for Microsoft’s widely used Defender security platform, CrowdStrike is “broadening our addressable market” in a major way for Falcon Next-Gen SIEM, Bernard said during a media briefing. Falcon Next-Gen SIEM can now ingest and correlate telemetry data from Microsoft Defender for Endpoint as part of the expanded support, CrowdStrike disclosed.
The announcement is also the latest collaborative move between the two companies, marking a further departure from their highly charged rivalry in years’ past.
“It’s another watershed moment for CrowdStrike in the work we’re doing with Microsoft, and in the work Microsoft is doing with us,” Bernard said.
Other recent moves included the February announcement that CrowdStrike’s Falcon platform would be available on the Microsoft Marketplace.
Expanded Next-Gen SIEM Partner Opportunities
The newly announced support for Microsoft Defender for Endpoint creates a huge new opportunity for partners to work with Falcon Next-Gen SIEM, Bernard said.
As a result of the move, “there’s a whole new set of partners that get to work on our platform, with our platform and through our platform,” he said.
Ultimately, Falcon Next-Gen SIEM for Defender “takes us into way more environments than we’re in today. And I think that’s positive for channel partners,” he said.
The reality is that many organizations will have multiple endpoint security tools running in their environments, which in some cases will mean having both CrowdStrike’s Falcon platform and Microsoft Defender, executives said.
“We want to be able to provide the best possible SIEM product, regardless of what those endpoints are running,” CrowdStrike CTO Elia Zaitsev said during the media briefing.
More Next-Gen SIEM Upgrades
CrowdStrike debuted additional new capabilities for Next-Gen SIEM including functionality integrated from the acquisition of data pipeline management startup Onum in August 2025.
Those new capabilities include intelligent filtering, allowing security teams to “efficiently manage which data is being ingested into our platform—and which may be filtered out completely or sent to other locations,” Zaitsev said.
Other new functionality includes real-time analytics detection and enrichment offered directly within the pipeline itself, which “dramatically accelerates our ability to detect and respond to threats,” he said.
Meanwhile, federated search is now available across distributed data systems, enabling rapid and flexible access to external sources of data such as ExtraHop, according to CrowdStrike.
AIDR Expansion
In December, CrowdStrike announced general availability for its Falcon AI Detection and Response (AIDR) offering, which delivers a massive boost to security around AI prompts and agent interactions, CrowdStrike President Mike Sentonas told CRN at the time.
At RSAC 2026, CrowdStrike is debuting the next major update to AIDR with the expansion of the tool’s functionality beyond browser-based AI applications, to now also serve desktop applications.
This means that Falcon AIDR can now help to protect desktop versions of applications such as OpenAI’s ChatGPT, Anthropic’s Claude and Microsoft 365 Copilot integrations into the Microsoft 365 suite, according to Zaitsev. The tool can also secure a variety of agentic applications that connect directly to an IDE (integrated development environment) or environments such as Microsoft’s Visual Studio Code, he said.
Falcon AIDR can provide prompt security, such as detection of prompt injection attacks, as well as protection against data leaks and real-time policy enforcement for desktop AI applications, Zaitsev said.
Shadow AI Discovery
CrowdStrike announced several updates Monday enabling expanded discovery for unsanctioned “shadow AI” usage.
Those new capabilities include Shadow AI discovery for endpoint, which provides automatic discovery of AI systems-inclding apps and agents, LLM runtimes, MCP servers and developer tools—that are running on endpoints.
CrowdStrike also debuted discovery capabilities for shadow AI agents as well as shadow SaaS applications across a number of top platforms including Microsoft Power Platform, Salesforce Agentforce and ChatGPT Enterprise.
Additionally, the vendor debuted shadow AI discovery for cloud, bringing together visibility across both cloud infrastructure and application layers.
