Building a more secure future requires an end-to-end approach. There is no question that technology plays an essential role, but security will always be human-centered. That’s what Microsoft Secure is all about. It’s about sharing knowledge, best practices, and technology innovations that empower defenders. Register to view the highlights and on-demand sessions from Microsoft Secure.
At our inaugural Microsoft Secure event, we’re sharing our latest innovations across security, compliance, identity, management, and privacy. Continue reading this blog post for the top Microsoft Security announcements in AI, identity, and data protection, and watch Microsoft Secure today or on-demand for more information on these exciting innovations.
Today, the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against prolific, relentless, and sophisticated attackers. I am delighted to welcome you to the new era of security—shaped by the power of OpenAI’s GPT-4 generative AI—and thrilled to introduce to you Microsoft Security Copilot.
Introducing Microsoft Security Copilot—End-to-end defense at machine speed and scale
Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines OpenAI large language model with a security-specific model from Microsoft. This security-specific model in turn incorporates a growing set of security-specific skills and is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. Security Copilot also delivers an enterprise-grade security and privacy-compliant experience as it runs on Microsoft Azure’s Hyperscale infrastructure.
Transforming threat protection and cloud security
Plus, we are continuing to deliver you the latest innovations to enable you to defend your organization more effectively with extended detection and response (XDR) and threat intelligence. In August 2022, we introduced Microsoft Defender Threat Intelligence (MDTI), formerly RiskIQ, which enables 360-degree visibility into threats. Today, we are announcing the next step in helping defenders get the context they need to secure their organization faster.
Microsoft Defender Threat Intelligence is now available to licensed customers directly within Microsoft 365 Defender. It’s already integrated with Microsoft Sentinel and now has an application programming interface (API) to help enrich incidents, automate incident response, and work with a broad ecosystem of security tools. With this advancement, you get one of the world’s best threat intelligence, integrated with the tools you use every day.
We are also adding Intel Profiles, updated daily with information on threat actors and tools. Both Microsoft 365 Defender and Microsoft Sentinel customers can quickly access this information to analyze, investigate, and hunt threats.
Beyond threat intelligence, Microsoft 365 Defender delivers industry-leading XDR spanning far beyond multi-platform endpoints to include email, identities, software as a solution (SaaS) applications, and more. Today, we are extending that protection to Microsoft Teams for any customer licensed for Microsoft Defender for Office 365. Collaboration platforms, such as Teams, are vital business tools and, increasingly, a new attack vector for adversaries to phish employees.
Over time, Microsoft Defender for Office 365 will support the full lifecycle of protection for Teams from prevention and detection to investigation and hunting, response actions, and even help with raising user awareness of best practices. Today, we are extending beyond the existing safe links capability to enable users to report suspicious messages, automatically purge unsafe messages, and integrate administration experiences into the Microsoft 365 Defender. With Teams and Microsoft 365 Defender, your employees can be both productive and safe.
With accelerated cloud migration and growing cloud-native app development, it is critical for security teams to evolve from protecting infrastructure to securing the entire lifecycle of cloud applications. Moreover, as the volume of cloud data grows, it’s becoming an increasingly lucrative target for bad actors. Microsoft is leading the next chapter of multi-cloud security with new innovations in Microsoft Defender for Cloud, one of the industry’s most comprehensive cloud-native application protection platform (CNAPP).
- Defender Cloud Security Posture Management (CSPM) is now generally available to help organizations get an end-to-end view of risks and prioritize remediation across their multicloud environments with contextual cloud security. And now, new integrated data-aware security posture capabilities allow teams to automatically discover their data estate, assess threats to their most critical assets and sensitive data, and proactively prevent breaches along potential attack paths.
- Defender for Storage now offers sensitive data discovery and malware scanning to address threats to critical storage resources in the cloud. New scanning capabilities prevent infiltration attempts with near real-time detection of metamorphic and polymorphic malware across cloud data.
For organizations seeking to defend operational technologies (OT) at scale, Microsoft Defender for IoT now offers a fully cloud-delivered OT security solution. Customers can achieve single-pane-of-glass visibility for all OT devices, across all sites when Defender for IoT is deployed on Microsoft Azure Portal. Learn more about the new capabilities and explore cloud-delivered OT security—as well as new threat management capabilities and Microsoft Azure integrations—with a 30-day free trial of OT monitoring in the Azure portal.
Many organizations may not have the time, resources, or expertise to build an in-house incident response program. For customers that want help preparing their in-house security team or are facing an especially complex security incident, Microsoft Incident Response offers an end-to-end portfolio of proactive and reactive incident response services. Microsoft Security is expanding our incident response presence and we’re excited to announce the Microsoft Incident Response Retainer, which is now generally available to enterprise, government, education, and non-profit customers. If you’re curious about how an Incident Response Retainer can improve your security posture, explore details on our incident response-related announcements.
People rely on technology to collaborate on projects and complete tasks. And security professionals are more important than ever to keep their organizations resilient as threats evolve and attack surfaces grow. Security is a team sport that takes everyone working together. Protection takes a combined effort across teams, devices, defenders, and clouds.
Secure, connected endpoint management and identity
Another way to empower security teams is to consolidate multiple endpoint management tools in Microsoft Intune and converge workloads across IT and security operations. The Microsoft Intune Suite, launched on March 1, 2023, unifies a series of mission-critical endpoint management solutions within Intune. The features of the Microsoft Intune Suite are designed to incorporate security signals into endpoint management that fortify your cyber safety for Zero Trust, use data science and AI for proactive user experience protection, and reduce complexity and costs through automation and consolidation.
“I’m consistently impressed by the level of security that Intune provides. Now with the Microsoft Intune Suite on the horizon, I feel even more confident that my company’s data will remain highly secure, and the straightforward management and deployment of policies will make it easier to help ensure that all devices are safeguarded.”—Ibrar Mahmood, IT Cyber Security Manager, Milton Keynes University Hospital NHS Foundation Trust.
Deep integration of Microsoft Security services in the Intune Suite empowers IT and security operations to control the elevation of Windows standard users with Microsoft Intune Endpoint Privilege Management, enable trusted helpdesk to employee connections with Remote Help, secure corporate data and application access from mobile bring your own devices (BYOD) with Microsoft Tunnel for Mobile Application Management, and detect anomalies based on the severity with advanced endpoint analytics. And we’re just getting started! In the coming months, we will introduce AI-powered analytics and add more capabilities, including a Microsoft-hosted app catalog with advanced update notifications and controls.
In identity announcements, Microsoft Entra is introducing new governance controls and policy protections to help you better secure identities and the resources they access. Key among these innovations is Microsoft Entra Identity Governance and Verified ID. With this new feature, using a Verified ID during an entitlement management flow enables simplified and standardized ways to handle collecting the right information from requestors without asking them to fill out additional paperwork.
But that’s not all the product enhancements for Microsoft Entra. New features to empower security teams to better protect organizations include:
- New protections to help secure sign-ins: With conditional access authentication strengths, admins can set policy on the strength of multifactor authentication required and base that policy on the sensitivity of the apps and resources a user is trying to access. More access scenarios will also benefit from an extension of phishing-resistant multifactor authentication. These include external users and collaborators between government and commercial clouds, and Azure virtual machines to protect remote sign-ins across development, test, and production environments. Conditional access for high-risk actions also allows you to apply conditional access policies directly to sensitive actions in Microsoft Azure Active Directory with Conditional Access for high-risk actions—now in public preview.
- New countermeasures to help prevent lateral movement: Strict enforcement of location policies, now in public preview, will let resource providers use continuous access evaluation to immediately revoke tokens that violate location policies. Also, token protection ensures tokens can be used only on the device they were intended for and is in public preview for Windows sign-in sessions.
- A new dashboard to help close policy gaps: We’re also excited to introduce an overview dashboard in Conditional Access that summarizes policy posture, unprotected users and apps, provides insights and recommendations based on sign-in activity, and helps show the impact of individual policies.
The goal of our updates in Microsoft Intune and Microsoft Entra is to enable smarter, real-time access decisions for all identities and cloud-managed endpoints. We do that through our solutions, but also through research. Find the latest multicloud permissions risks insights in the 2023 State of Cloud Permissions Risks Report, compiled from more than 500 risk assessments completed in Microsoft Entra Permissions Management, our cloud infrastructure entitlement management (CIEM) solution. Learn about the projected Total Economic Impact™ of the Microsoft Intune Suite in a new technology study conducted by Forrester Consulting commissioned by Microsoft.
Data security for today’s world
A strategy of being human-first in security wouldn’t be complete without data security. After all, data offers immense value to your organization and inspires an equally powerful need to protect it. Safeguard sensitive information across platforms, apps, and clouds and minimize insider risk using the latest capabilities of Microsoft Purview, our set of data protection, governance, and compliance solutions. All these capabilities are available immediately to E5 customers, while organizations without E5 can start a trial.
In February 2023, we introduced Adaptive Protection in Microsoft Purview to power data security with people-centric intelligence. Available for public preview, this capability leverages the built-in and ready-to-use machine learning models in Microsoft Purview Insider Risk Management to understand how users are interacting with data and respond by:
- Identifying high-risk users who may take risky actions that could lead to data security incidents.
- Dynamically tailoring data loss prevention (DLP) controls based on the level of risk detected.
- Automatically applying the most effective DLP policies, such as blocking data-sharing, only to high-risk users, so the productivity of low-risk users isn’t impacted.
Among other advantages, Adaptive Protection reduces the alert overload that strains IT resources by letting organizations prioritize their limited resources and address the highest risks.
To bolster your protection further with Microsoft Purview DLP, we are bringing proactive protection to your Windows endpoint devices, where every document—whether or not it contains sensitive information and when it was created or modified—is analyzed to determine its sensitivity based on what the DLP policies are configured to look for. If the file that contains sensitive content violates any DLP policy rules, the appropriate restrictions as defined in the policy are applied, so that you can better protect files.
To support our customers’ diverse digital estates, we are excited to extend DLP controls to protect files with sensitive information in multiple places. Organizations can now extend existing protection for sensitive files on endpoint devices against actions such as print, copy to USB, upload to the cloud, copy to clipboard, and more to virtualized environments, including Windows Virtual Desktop, Citrix, Amazon Web Services (AWS) workspace, and Hyper-V platforms. We are also extending DLP controls to support files on network shares. And finally, we are adding capabilities on macOS devices, such as protection of sensitive file exfiltration through Bluetooth, the ability to define groups of apps and apply different restrictions to each group, and the ability to customize notifications and use advanced classifiers.
To empower administrators to identify, debug, and remediate device misconfigurations, we are providing details about device health as well as the configuration status of all onboarded endpoint devices in the Device Onboarding tab in the Microsoft Purview compliance portal.
We are constantly adding support for classification types, and we are introducing the following types in public preview:
- Context-based classification with default site labels that allows an admin to choose specific SharePoint and OneDrive locations that are sensitive and ensure that any content moved or egressed from that location is automatically labeled based on the default label.
- Optical character recognition (OCR) for text extraction of images that are sent over emails, stored on SharePoint and OneDrive, shared across Teams, as well as egressed across endpoint devices.
Lastly, to help security teams create and finetune Insider Risk Management policies more easily, the real-time policy-tuning analysis, now in public preview, provides admins with a prediction of the number of users in a tenant that could potentially match a given set of policy conditions.
Register for Microsoft Secure today!
We covered many announcements in this blog about technology, but I always return to the people who use it. Our innovations are designed to equip defenders with the best possible tools and information to develop a security solution that’s comprehensive and fitting for their organizations.
Comprehensive security not only means solutions that address a wide variety of threats and vulnerabilities but also how they work together to provide the best security outcomes. Learn more about how your organization can eliminate security gaps and cut costs with simplified, comprehensive protection from the Microsoft Secure event—all sessions are available on-demand.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.