Skip to main content
Skip to main content
Microsoft Security

Helping security professionals do more, better

  • Rob Lefferts Corporate Vice President, Microsoft 365 Security

I’m on my way to the RSA Conference in San Francisco, California, and am looking forward to connecting with our customers and partners there. We have a lot to talk about. Last week, Ann Johnson announced two new services that we now offer to help empower our customers as they deal with the industry-wide cybersecurity talent crunch: Microsoft Azure Sentinel and Microsoft Threat Experts. Today, I’m excited to share more news about our work in security.

Leading integration across the industry

In the face of the cybersecurity talent shortage, our customers are increasingly reliant on their tools working together. We are part of a broad, heterogeneous ecosystem of technology providers, and we take seriously our responsibility to lead integration across them.

We’ve made progress to report on three fronts:

  • There are now 50 partners participating in the Microsoft Intelligent Security Association, a group of technology providers who have integrated their solutions with Microsoft products to provide customers better protection, detection, and response. New members include: Sophos, Citrix, Adobe, and Symantec.
  • The Microsoft Graph Security API now has new capabilities that allow you to share threat indicators to extend detection, easily invoke powerful investigation and remediation activities, and build better connected security apps and workflows without the need to code.
  • Azure Active Directory (Azure AD), which already provides authentication for more than 810,000 applications for our enterprise customers, now integrates with several Zscaler applications. With both Azure AD and Zscaler supporting the SCIM 2.0 standard, our joint customers can now use the Azure AD provisioning service to automate the lifecycle of user and group accounts, giving you a more secure and scalable way to allow user access to Zscaler applications.

Added security controls for Azure and Microsoft 365

In our own security products, we continue to invest heavily in capabilities that take advantage of the cloud and artificial intelligence (AI) to empower your team and let them focus on the most important tasks to protect against threats and keep information secure. We made several key strides in security to strengthen protection for our customers:

  • Threat intelligence-based filtering is now available for Azure Firewall. This addition enables customers to alert or deny traffic from/to malicious IP addresses and domains based on the near real-time data feed powered by the Microsoft Intelligent Security Graph.
  • Azure Security Center now leverages machine learning to reduce the attack surface of internet-facing virtual machines, and its application controls have been extended to Linux and on-premises servers. The network map in Azure Security Center extends support for Virtual Network peering, a commonly used networking configuration in which traffic flows between Azure Virtual Networks through the Microsoft backbone.
  • Microsoft Threat Protection now provides automated investigation and remediation in the Microsoft Security Center, a unified console that helps SecOps teams spend their limited time on the most high-value tasks, like proactive hunting and strategic improvements.
  • We are extending our unique, native integration between Microsoft Cloud App Security and Azure AD conditional access. Out-of-the box templates now enable organizations to configure some of our most popular policies, such as blocking the download of sensitive content in real-time, within seconds.
  • New native capabilities in the Microsoft Office 365 version of Office client applications help document and email authors apply the right classification and sensitivity labels, helping you ensure information is protected in accordance with your organization’s policies.

Securing the Internet of Things (IoT)

IoT deployments can help organizations cut costs with predictive maintenance or to create new revenue streams from connected products. Unfortunately, the security pro talent shortage makes it difficult to successfully plan the IoT security controls necessary. We worked with the Industrial Internet Consortium to produce a new IoT Security Maturity Model that provides clear industry best practices for evaluating your IoT risk profile and planning the remediation you need. We’ve also added a new deployment method to Azure Sphere to help you reduce risk across your entire fleet of IoT devices. The new guardian modules built on Azure Sphere bring the security of Azure Sphere to brownfield IoT devices, allowing your business groups to complete IoT deployments without increasing risk for your organization.

Connect with us at RSA

I’m proud to be part of the team driving all this innovation, but technology is not a silver bullet. Its role is simply to empower you—the defenders. On Wednesday, March 6, at 10:30 AM PST, Ann Johnson will speak in her keynote about other ways we, as an industry, can empower people. I encourage you to attend, if you’re at the conference. You can learn more about Microsoft security at booth 6059. We’d love to connect with you there, or in one of the sessions we’ll be leading—find out more about our activities at