Today marked the start of Microsoft’s Ignite conference in Orlando, and the tech giant wasted no time announcing new security, compliance, governance, management, and identity solutions across its sprawling Azure and Microsoft 365 ecosystems. Without further ado, here’s what you need to know.
Application Guard in Office 365
Starting in limited preview ahead of a rollout in 2020, Application Guard — the security tool built into Microsoft Edge — will be integrated with the ProPlus edition of Office 365. It will enable users to open, print, edit, and save untrusted Word, Excel, and PowerPoint files within a virtualized container protected with “hardware-level security” and to check documents against a cloud-hosted security service (Microsoft’s Defender Advanced Threat Protection) before migrating those files from the container. New containers are created at login, so as to provide a clean start.
Azure Sentinel, Microsoft’s cloud-based security information and event management (SIEM) service, has new built-in hunting queries for Linux and network events. Plus, users can now launch programming notebooks directly from it and tap revamped analytics and investigation tools for insights into suspicious URLs, or leverage new built-in connectors from security partners that collect endpoint, network, and identity data across different sources.
There’s also new Graph Security API integrations that sync alerts from Azure Sentinel, as well as additional third-party ticketing and security management solutions from Zscaler, Barracuda, and Citrix.
Endpoint detection and response for Mac and Safe Documents
Following a limited preview earlier this year, Microsoft Defender’s endpoint detection and response capabilities will be available for Mac users in private preview, starting this December. Microsoft says it’s planning to add support for Linux servers.
In related news, Safe Documents, which scans files for malicious attachments and links, will become generally available in Office 365 mid-December. It engages when users exit Protected View, the feature in Word, Excel, and PowerPoint that opens files in a read-only mode and disables editing functions.
Office 365 Advanced Threat Protection
Tangential to this is Automated Incident Response, which launched in general availability earlier this year. It facilitates the detection and investigation of and response to security alerts, complementing the enhanced compromise protection feature (in public preview) that uses email patterns and other activities to detect suspicious users and alert security teams. Playbooks automatically investigate the alerts, look for possible sources of compromise, assess impact, and recommend remediation actions.
Microsoft Secure Score
Microsoft Secure Score, a self-assessment tool that ingests signals across Office 365 (such as where users are defined and settings are stored) to generate a metric of preparedness for security breaches or hacks, will soon gain a “significantly” updated scoring system intended to make it easier to understand, benchmark, and track progress in improving security postures. Other updates include new planning capabilities that will let users set goals and predict score improvements, as well as a new report type for showing progress and integrations with Microsoft Teams, Microsoft Planner, ServiceNow, and Azure Security Center.
The collaboration capabilities are available now, with other features to roll out by early 2020.
Azure Security Center
Azure Security Center, which provides unified security management and threat protection across hybrid cloud environments, now supports custom security policies in preview and alert exporting to third-party tools (or Azure Data Explorer). On a related note, a Quick Fix feature that automatically fixes misconfigurations on multiple containers is now generally available.
Beginning today, Azure Security Center users can create policies with Azure Logic Apps — Microsoft’s cloud service that helps automate and orchestrate tasks and business processes — that trigger automatically based on specific findings, such as suggestions or alerts. The playbooks can be configured to perform virtually any custom action, or simply the actions defined in templates provided by Security Center.
Security improvements for SQL databases running on virtual machines are coming down the pipeline, Microsoft says, starting with vulnerability assessment. Much like Advanced Threat Protection, which detects anomalous activities indicating potentially harmful attempts to access an SQL server, the assessment discovers, tracks, and helps remediate database vulnerabilities.
On the subject of virtual machines, the standard tier of Security Center now includes a built-in vulnerability assessment for virtual machines powered by Qualys for no additional fee. It continuously scans installed apps to uncover potential exploits and flaws, which it spotlights in the Security Center portal.
With respect to the Azure Kubernetes Service, Microsoft’s managed Kubernetes offering, three new components are available in preview starting today: continuous discovery of managed AKS instances, security recommendations, and host and cluster-based threat detection. Separately, it was revealed that support for vulnerability assessment is expanding to Azure Container Registry, the product that allows users to build, store, and manage images for container deployments.
Azure Firewall, Microsoft’s firewall-as-a-service offering that enables customers to govern and log traffic flows, has a new capability in Azure Firewall Manager. It’s a unified dashboard from which managers can configure multiple Azure Firewall instances and automate deployment or enforce policies.
Azure Active Directory
Azure Active Directory, the enterprise identity service that provides single sign-on and multi-factor authentication, today received a fresh coat of paint. Specifically, the MyApps portal now offers a “mobile-first” launching experience (in preview) for enterprise apps and a unified app experience across the Office.com portal, Office 365 search, and Office navigation, plus workspaces for administrator-curated apps.
As of today, more customers with any Azure Active Directory plan can use the Microsoft Authenticator app to securely access their apps without a password. (Previously, only customers with a paid plan could use the app for passwordless authentication.) It’s not yet generally available — though anticipated to be in 2020 — but it has expanded from the public preview that kicked off several months ago.
New identity features in Microsoft 365 are on the way and already in private preview for some customers. One of those is SMS sign-in, which allows users to sign in with their phone number and an SMS code for authentication. On the other hand, global sign-out — which rolls out later this year for Android devices — will enable workers to sign out of all apps with a single click. Delegated user management will let admins manage users and credentials, and a new off-shift access feature in Teams will enable companies to grant app access to workers while complying with designated work hours.
In other news, Azure Active Directory Connect cloud provisioning launched in preview this morning. It’s intended to help customers consolidate on-premise Active Directory forests and multiple deployments, with a lightweight agent that moves sync and data transformation logic to the Azure cloud.
A new Microsoft service offering dubbed Insider Risk Management targets employees who violate company policies around intellectual property or breach confidentiality. Machine learning algorithms take into account variables like file activity, communications sentiment, and abnormal user behaviors to identify patterns and risks in a privacy-preserving fashion (names are anonymized). The algorithms also launch playbooks and workflows for scenarios like digital IP theft, confidentiality breaches, and potential security violations that rope in the appropriate security, HR, legal, and compliance teams to investigate and take action.
A new metric for compliance — Compliance Score — is now available in public preview for Office 365 customers. It provides a measure meant to communicate an organization’s overall compliance or noncompliance with applicable rules, laws, and regulations. Included among assessments is one for the California Consumer Privacy Act.
Also launching today is Communication Compliance, a solution that helps organizations address code-of-conduct policy violations in communications and assists those companies in meeting supervisory requirements in regulated industries. It leverages machine learning to intelligently detect violations across different communication channels, such as Microsoft Teams, Exchange Online, or Bloomberg instant messages, and it offers features like historical user context on past violations, conversation threading, and keyword highlighting that allows investigators to triage violations and take appropriate remediation actions.
Where the Regulatory Compliance dashboard is concerned — that is, the cloud-hosted dashboard that provides insights into compliance based on Security Center assessments — Microsoft says it has added additional standards, including NIST SP 800-53 R4, SWIFT CSP CSCF v2020, Canada Federal PBMM, and UK Official, together with UK NHS. Additionally, users can now select which standards to onboard and track through Azure Policy.
Azure Monitor, the Azure service that collates virtual network alerts, metrics, logs, and more in a single view, is gaining two enhancements aimed at providing greater visibility. From a console, Network Insights delivers health information and other data across cloud resources that can be quickly viewed, while Traffic Analytics — an existing solution, but one that now processes data faster than before (at 10-minute intervals) — delivers auditing support for network activity.
Azure Monitor for containers, which tracks the performance of container workloads deployed to either Azure Container instances or managed Kubernetes clusters hosted on Azure Kubernetes Service, now offers monitoring for customers who run a hybrid Kubernetes deployment with on-premises and Azure infrastructure (in preview) and metric- and log-scraping for the event-monitoring and alerting tool Prometheus (in general availability). And new no-code capabilities have made their way into Azure Monitor, including one that supports monitoring of .NET apps running on virtual machines and Application Insights, an agent that monitors IIS and .NET processes and collects telemetry for debugging.