Skip to main content
Microsoft Security

Tapping the intelligent cloud to make security better and easier

There has been a distinct shift in my conversations with customers over the last year. Most have gone from asking ‘can we still keep our assets secure as we adopt cloud services?,’ to declaring, ‘we are adopting cloud services in order to improve our security posture.’ The driving factor is generally a realization that a cloud services provider can invest more in security, do the job better, and just make life simpler for overburdened enterprise IT and SecOps teams. This idea of making sound security practices easier to implement is a big part of our strategy. Today we’re announcing several new technologies and programs that build on our unique cloud and intelligence capabilities to make it easier for enterprises to secure their assets from the cloud to the edge.

The first step in protecting people and data from today’s dynamic threat landscape is accepting reality. It’s time for us as an industry to recognize that the cloud holds so much promise for helping us solve security problems that we should consider the use of cloud-based intelligence a security imperative—not just for workloads deployed in the cloud, but also for improving security of endpoints.

We recently released the 23rd edition of our Security Intelligence Report. The trends it uncovers helps us see why the cloud is becoming a security imperative. Threats are increasingly automated and destructive. No one organization can amass the resources and intelligence to defend against these fast-moving threats. We have to tap into the power of the cloud, and of artificial intelligence, in order to muster the defenses required.

One of the most powerful examples of cloud-based artificial intelligence accelerating Microsoft’s own security innovation is the Microsoft Intelligent Security Graph. Our Intelligent Security Graph uses advanced analytics to link threat intelligence and security signals from Microsoft and partners and continues to increase in variety and volume of signal. For example, we see the threat landscape through the lens of the 18 billion web pages that Bing scans, the 400 billion emails that are analyzed for spam and malware, and the 5 billion distinct malicious threats that Windows Defender ATP protects our customers against each month.

Artificial intelligence gets better as it is trained with more signal from more diverse sources. Today, we are announcing the preview of a new unified security API in the Microsoft Graph, which allows our technology partners to easily integrate with Microsoft solutions and tap into the power of the Intelligent Security Graph.

The Intelligent Security Graph comes to life through our platform investments, where it connects our security solutions to improve protection, detection, and response. Microsoft invests more than $1 billion in cybersecurity R&D annually, to build new security innovations into Windows, Azure, and Microsoft 365. Today we are announcing new capabilities to help our customers improve their protection against threats and, when attacked, detect and respond more quickly. We are working with partners across the industry to better integrate solutions for our customers.

Improving protection

A fundamental concern for many IT teams is the struggle to know the true security posture of the organization: are all the necessary controls in place? Have all updates been applied? Is everything configured correctly? More importantly, it’s hard to know what the next steps should be to improve security. Today we are announcing the availability of Microsoft Secure Score, which gives the IT administrator a combined view of security readiness across a broad swath of the digital estate—from Office 365 services to endpoint devices.

To get around properly configured protection, attackers often focus on deceiving end users with phishing and social engineering techniques. We have made a number of advances in our Office 365 ATP anti-phishing protection recently, and now we are adding Attack Simulator for Office 365 Threat Intelligence in Microsoft 365, so IT teams can train users to guard against phishing.

Information is the beating heart of any company, and the target of most attacks. It’s also a regulatory focus, especially with the new EU GDPR enforcement date rapidly approaching. In February, we announced a set of Microsoft 365 updates to help our customers manage compliance and protect information. As we near the GDPR enforcement date, today we are announcing several new tools and capabilities that help you respond to GDPR obligations with the Microsoft Cloud. Read more about them later today on the Office 365 blog.

Speeding up detection and response

Of course, no protection strategy can be 100% effective. Savvy customers are improving their detection and response capabilities to prepare for the inevitable breach. The Conditional Access capability built into Microsoft 365 has helped many of our customers dramatically improve their protection for tens of millions of employees, by assessing the risk of each request for access to a system, an application, or data, in real time. That risk level informs how much access is granted, according to policy set by IT.

We are extending Conditional Access to factor in post-breach response. New conditions based on continual assessment of endpoint health—not just a one-time check of configuration—enable our customers to restrict or deny access to resources if the device from which the request originates has been compromised by an attack. This new capability is in preview and will be generally available in the next Windows 10 update. Rapid detection and recovery remain out of reach for many of our customers because the specialized skills required to hunt down and eliminate adversaries are in high demand but short supply. To help IT focus its strained resources on the most important issues, we are announcing the general availability of automated remediation as part of Windows Defender ATP in the next Windows 10 update. With this new capability, Windows Defender ATP can automatically apply common remediations, freeing up the experts to work on more difficult recovery tasks.

Our work on detection and response extends to Microsoft Azure as well. As our customers embrace the cloud, Azure Security Center is a key tool that helps them simplify hybrid cloud security and keep pace with ever-evolving threats. Several new capabilities will be available with Security Center this week that help to identify and mitigate vulnerabilities proactively and detect new threats quickly. With the integration of Windows Defender ATP in preview, customers can get all the benefits of advanced threat protection for Windows servers in Azure Security Center.

Working across the industry

Customers who use Microsoft 365 have been taking advantage of increasingly robust tools to protect Office documents and e-mails wherever they go – inside and outside the organization. Today we are extending these capabilities to our technology partners with the release of the Azure Information Protection SDK.

The benefits we can all gain from applying cloud intelligence to security problems are tremendous, but can only be fully realized if we work together across the industry. Nearly every customer I speak to has a dozen or more different security solutions in place. Each of those solutions plays a critical role in protecting the organization—and each has valuable contextual information that would help make the others more effective at protecting customers. Today we are announcing the Microsoft Intelligent Security Association, a group of technology providers who have integrated their solutions with Microsoft products to provide customers better protection, detection, and response. Anomali, Check Point, Forcepoint, Palo Alto Networks, and Ziften are among the solution providers working with us. Together, we can bring more signals from more sources to bear—which helps our customers detect and respond to threats faster.

We also continue to work with a broad coalition of technology partners in the FIDO Alliance to address one of the most fundamental issues in security today: Identity and access management. Our analysis indicates that cloud-based user account attacks are up more than 300% over the past year. Passwords are the weakest link, and they are a source of frustration for users. Today we are announcing an important step in our work to lead the industry toward a future without passwords: support for the FIDO 2.0 standard in the next Windows 10 update. Millions of Windows 10 users already have the ability to sign in to Windows without a password using Windows Hello – making authentication stronger and easier. With FIDO 2.0 support, users can take that same password-free authentication experience to any Windows 10 device managed by their organization.

The evolution of the intelligent edge

At Microsoft, we believe the intelligent cloud and intelligent edge will shape the next phase of innovation. The rise of Internet of Things deployments amplifies security challenges, because many devices lack the tools to manage updates or detect and respond to attacks. Building on research done by Microsoft AI and Research, and on decades of Microsoft experience and expertise in silicon, software, and cloud security, today we are announcing the preview of Azure Sphere. Azure Sphere extends our reach to the outer regions of the intelligent edge, enabling us to serve and secure an entirely new category of devices — the billions of MCU powered devices that are built and deployed each year.

It’s an exciting time to be working in security. We are joining forces with other security solution providers and using the cloud to our customers’ advantage. Together, we can turn the tide against attackers. We are at the RSA Conference this week, and looking forward to discussing these new capabilities with you. Visit to learn where you can find us.