Story image

Microsoft's new security innovations at Ignite 2019

05 Nov 2019
Twitter
Facebook

With Microsoft Ignite kicking off in Florida this week, Microsoft is wasting no time in detailing its visions for security, compliance, and identity.

Microsoft 365 and Security corporate vice president Kirk Koenigsbauer outlined 10 major security announcements across Azure, Microsoft 365, Office, and Microsoft Defender ATP. 

Microsoft Azure enhanced with a range of security and compliance services

- Azure Sentinel will now include new collectors to assist security analysts with collecting data from different sources such as Citrix, Barracuda, and Zscaler. Furthermore, Microsoft is releasing new hunting queries, as well as machine learning-based detections to help analysts prioritise security events.

- Azure AD will soon feature Azure AD Connect Cloud provisioning, which is a lightweight agent to move identities from disconnected Active Directory forests to the cloud.  Azure AD Connect cloud provisioning is previewing at the end of November, Koenigsbauer says. The company will also work with partners including Akamai, Citrix, F5 Networks and Zscaler to improve access to legacy-auth based applications.  Additionally, Azure AD’s MyApps portal has been redesigned.

- Azure Security Center now features new capabilities to identify misconfigurations and threats for containers and SQL in IaaS.  Security Center also provides vulnerability assessment for virtual machines; integration with security alerts from partners; and quick fixes for remediation.

- Microsoft Authenticator is now available in the Azure Active Directory (Azure AD) free plan. “Deploying Multi-Factor Authentication (MFA) reduces the risk of phishing and other identity-based attacks by 99.9%,” says Koenigsbauer.

- Azure Firewall Manager is now in public preview. Users are able to manage multiple firewall instances through the platform. Microsoft is currently working on creating support for new firewall deployment topologies.

Microsoft 365 and Office

- Microsoft 365 includes a new insider risk management to help security teams detect and remediate threats within an organisation. The solution is currently in public preview.

“This new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss,” says Koenigsbauger.

- Microsoft 365’s compliance center can now allow users to view data classifications as categorised by types of sensitive information or industry regulations. Users can also take advantage of machine learning and existing data to train classifiers unique to an organisation, such as customer records and HR data.

- Microsoft Compliance Score maps Microsoft 365 configuration settings to common regulations and standards, to help simplify regulatory complexity and reduce risk. It provides continuous monitoring and recommended actions.

- Application Guard for Office is now in public preview. It provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It also leverages Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Microsoft Defender ATP

- Microsoft Defender Advanced Threat Protection has been extended to introduce new capabilities, including MacOS support (now in preview). Microsoft is also working on adding support for Linux servers.