At Ignite, Microsoft’s enterprise technology conference happening this week in Orlando, Florida, the company had a slew of security announcements, including a declaration that it’s best positioned to help enterprises get rid of passwords. Microsoft unveiled new support for passwordless logins via the Microsoft Authenticator app, updated Microsoft Secure Score, and announced Microsoft Threat Protection.
“In this era of the intelligent cloud and intelligent edge, businesses in every industry are looking for a trusted partner to help them transform,” Microsoft CEO Satya Nadella said in a statement. “We are pushing the bounds in AI, edge computing, and IoT while providing end-to-end security to empower every organization to build its own digital capability and thrive in this new era.”
The much more interesting statements came later: “Today, Microsoft declared an end to the era of passwords” and “No company lets enterprises eliminate more passwords than Microsoft.”
Microsoft is backing these bold claims via a new offering. Businesses can now use passwordless logins via the Microsoft Authenticator app for hundreds of thousands of Azure AD connected apps. Instead of passwords, employees are asked to use their phone and fingerprint, face, or PIN for a multi-factor sign-in.
Nearly all data loss starts with compromised passwords, Microsoft points out, and since Microsoft Authenticator eliminates the need for passwords, it is effectively addressing the number one security liability for enterprises. This is just a start, of course — Passwords aren’t going to disappear overnight.
Microsoft Secure Score
Next up is an update to Microsoft Secure Score, a dynamic report card that assesses Microsoft 365 customer environments. It then offers enterprises recommendations “that typically reduce their chance of a breach by 30-fold,” the company claims.
Secure Score achieves this by helping organizations enforce multi-factor authentication for both administrators and end users, ensuring trusted access to the right applications and turning off client-side email forwarding rules. It also now gives IT administrators access to a broader set of controls from Microsoft Cloud App Security, Azure Active Directory, and Azure Security Center to further harden defenses.
Microsoft Threat Protection
While Microsoft Authenticator and Microsoft Secure Score existed before, the company did announce a new service today: Microsoft Threat Protection. This one is designed to help protect, detect, and remediate cyberthreats across email, PCs, identities, and infrastructure.
Microsoft Threat Protection uses AI and human research to speed up investigations to eliminate threats faster. The company hopes what it considers to be its most comprehensive security solution to date will save “thousands of hours for over-stretched security teams” and protect customers “from the evolving nature of attackers from organized crime to nation-states.”
Also at Ignite, Microsoft announced new enhancements in Microsoft 365 compliance solutions and that its public preview of Azure confidential computing is coming in early October and the Cybersecurity Tech Accord has nearly doubled in size. Security may not be sexy, but Microsoft takes it seriously.