Microsoft will begin offering its first hosted security service under the Forefront brand on Thursday, dubbed Forefront Online Security for Exchange and designed to help keep malware and spam out of e-mail in-boxes.

The hosted service, which will cost $20 per user per year or less based on volume licensing, targets enterprise Exchange customers and includes a Web-based console for setting up policies for virus and spam protection, said Doug Leland, general manager of Microsoft's Identity and Security Business Group.

The releases will follow the timeline of Exchange 2010, which entered public beta this week. More hosted security services will be coming but Leland declined to elaborate.

Microsoft also will finally release on Thursday a new, public beta version of its Stirling security suite, which is the next generation of the Forefront software.

The initial beta version of Stirling was released a year ago and was supposed to be refreshed by the end of 2008. It will include client, server, and application security technology and offer a single management console.

Stirling components will come in staggered releases starting later this year with Forefront Security for Exchange and Threat Management and continuing through the first half of 2010, Leland said.

The company also is changing the name of its Identity Lifecycle Manager product to Forefront Identity Manager and plans to offer a new set of technologies, code-named Geneva, for helping corporations improve the security of software and services, Microsoft said.

In addition, Microsoft said it is investing $75 million in a partner ecosystem, including making a strategic partnership with RSA. Other companies integrating with Stirling include Kaspersky, Brocade, Juniper Networks, Guardium, Imperva, Sourcefire, StillSecure, Q1 Labs, and Tipping Point.

The moves are part of the company's strategy to provide "Business Ready Security."

The moves are part of Microsoft's effort to broaden the scope of its security offerings to incorporate data protection, access and management, all built around the concept of identity, Leland said.

Microsoft wants to offer the ability for corporations to set "fine-grained security policies and have a deeper understanding about who in the organization is trying to access data and what they are trying to do with it," he said.