For organizations that are using Microsoft products, whether on-premises or in the cloud, they threat intelligence as part of the product itself. That's because nowadays many Microsoft products and services take advantage of shared threat intelligence, and with this, they can offer context, relevance, and priority management to help people take action. Microsoft consumes threat intelligence through different channels, such as:

• The Microsoft Threat Intelligence Center, which aggregates data from:
  • Honeypots, malicious IP addresses, botnets, and malware detonation feeds
  • Third-party sources (threat intelligence feeds)
  • Human-based observation and intelligence collection
• Intelligence coming from consumption of their service
• Intelligence feeds generated by Microsoft and third parties

Microsoft integrates the result of this threat intelligence into its products, such as Windows Defender Advanced Threat Protection, Azure Security Center, Office 365 Threat Intelligence, Cloud App Security, and others.