Skip to main content


Microsoft Interflow


What is Interflow?

Interflow is Microsoft’s big data solution to threat intelligence. It is intended to be a one-stop-shop for threat intelligence data, delivered in a lightweight, normalized format. Today it lives internally at Microsoft, and is selectively shared through our MAPP and GSP programs, allowing our products to protect our customers more effectively.

Interflow is first and foremost a distribution pipeline for threat intelligence data to defender teams at Microsoft. It leverages the benefits of an Azure-based platform for the exchange of security and threat information between trusted parties. In use, it is an API enabled, machine-to-machine exchange using widely accepted formats and data structure specifications.

Interflow as a Sharing Platform

As we continue to evolve Interflow, you may notice that it has an expanded but complimentary scope and architecture. We are making these changes to further emphasize customer value and to provide a reliable, scalable, high-performance data sharing platform for ingesting, normalizing, distributing, and tracking TI data.

In constantly striving for improvements and value, we have shifted the goals of Interflow away from its previous vision of a standalone product or service. Instead, it is a common threat intelligence platform that can greatly increase the speed and effectiveness at which services share and implement threat intelligence.

Augmenting Microsoft’s Security

Interflow is just one of the capabilities that adds to the richness of the intelligence integrated into Microsoft security products and services. This helps our customers detect and respond to threats more quickly. To learn more about Microsoft’s security intelligence, visit

Stay tuned for future updates as we continue to tailor and expand Interflow.


Related Content