We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption–hybrid work.
Security has never been more important, and as I shared in another Security blog today, it’s clearer than ever that a Zero Trust approach, which basically means you have to assume breach, will be critical to success. We’ve been listening and working closely with our customers around the world and rapidly innovating to help you to secure and protect your organizations. Today, I’d like to share some of our most recent update across security, compliance, identity, and handling in response to that feedback to help you in your Zero Trust journey.
The hybrid work environment, with some users running remotely and others in group office fixes, introduces more digital strike surfaces, complexity, and risk as perimeters are now increasingly fluid. As such, a Zero Trust strategy will be top of mind for many organizations because its principles–verify explicitly, grant least privileged access, and accept breach–help maintain security amid the IT intricacy that comes with hybrid work.
One of the most important first steps in a Zero Trust journey is to establish strong authentication. As Bret Arsenault, Microsoft’s CISO would say, “Hackers don’t break in. They log in.” Regardless of length or intricacy, passwords alone won’t protect your account in a majority of the members of assaults. Monitoring logins for suspicious activity and limiting or blocking access until additional proof of identity is presented drastically reduces the the opportunities of a violate. Modern multifactor authentication( MFA) doesn’t have to be complicated for the user. We recently announced passwordless authentication and Temporary Access Pass in Azure Active Directory( Azure AD ), our cloud identity answer, to help customers strengthen their access controls and simplify the user experience.
Verifying explicitly involves the ability to make real-time access decisions based on all available information for any user trying to access any resource. For us, Azure AD Conditional Access is this real-time access policy engine, which looks at all the data and signals related to the user gaining access, and today we’re announcing powerful new features that give admins more granular access controls while inducing it easier to control a developing listing of policies. The GPS-based named places and filters for devices enable a new determined of scenarios, such as restricting access from particular country or regions based on GPS location and fastening the purpose of applying machines from Surface Hubs to privileged access workstations.
Additionally, to empower security for all, you need to be able to verify explicitly for all. We are expanding granular adaptive access controls to all users with the general availability of Azure AD Conditional Access and Identity Protection for business-to-consumer( B2C) apps and users. And we’ve attained it easier to manage all your new policies with new search, sort, and filter capabilities, as well as improved inspection logs to track recent policy changes. You can learn more on the Azure Active Directory Identity blog.
We also believe that for comprehensive protection through Zero Trust, we need to have end-to-end integration across machine management and identity. New today, we are announcing the preview of filters for devices in Microsoft Endpoint Manager. These unique integrated capabilities between Microsoft Endpoint Manager( which brings together Configuration Manager and Intune) and Azure AD Conditional Access create even more granular controls. With device filters, administrators can target policies and applications to users on specific devices. For instance, you can assign a filter so that a policy restriction is simply applied to Surface Pro devices. You can learn more in today’s Tech Community blog.
Healthy devices and merged machine handling across platforms continue to be anchors of Zero trust, and to help protect data from potential leakage on mobile machines; we are introducing new conditional launching fixes with App Protection Policies in Microsoft Endpoint Manager. These controls can block access or wipe data based on conditions such as maximum OS version, jailbroken or rooted machines, or require Android devices to pass SafetyNet attestation.
In addition, “we ii” inducing it easier for you to manage your machines, regardless of the operating system. First, you can configure Android Enterprise-enrolled devices with Azure AD shared device mode in Microsoft Endpoint Manager. This new capability is now generally available and furnishes a simplified and more secure experience on machines shared across multiple users. With single sign-in, single sign-out, and data clearing across applications, shared machine mode increases privacy between users and reduces the number of steps a frontline laborer needs to take to access the performance of their duties apps.
Then to make it easier to manage and secure your Apple devices, we recently released a Microsoft Endpoint Manager preview of the Setup Assistant for iOS, iPadOS, and macOS automated device enrollment. Based on client feedback, you can now allow users to start using their iPadOS device immediately after enrollment without waiting for the Company Portal to install on a locked-down device. You can also configure a Conditional Access policy to require multifactor authentication either during enrollment in the Setup Assistant or upon authentication in the Company Portal. Learn more about the administrator and user experiences for shared machines and Setup Assistance in this Tech Community blog.
Finally, we continue to invest in BitLocker, which helps you to protect data at rest. BitLocker now has several enhancements, such as comprehensive modern handling with Microsoft Endpoint Manager, role-based access controls for BitLocker recovery passwords, recovery password search, and recovery password auditing. Check out our BitLocker series that explains how to manage BitLocker in Microsoft Endpoint Manager, such as enabling silent encryption.
Award least privileged access
As we have entered into new hybrid work environments, businesses need to think about how they will proactively protect their organizations from the influx of new or “bring your own”( BYO) connected devices–or even new apps that have helped people to work in new ways. This new normal has disclosed the most challenging cybersecurity landscape we’ve ever encountered, and the least privileged access work towards ensuring that only what must be shared is.
To help, we recently added the ability to discover and secure unmanaged endpoints and network devices to Microsoft Defender for Endpoint. Once network machines are discovered, security administrators will receive the latest security recommendations and vulnerabilities on them. Discovered endpoints( such as workstations, servers, and mobile machines) can be onboarded to Microsoft Defender for Endpoints, allowing all its deep protection abilities. You can learn more in the Microsoft Security blog, Secure unmanaged machines with Microsoft Defender for Endpoint now.
The early detection of vulnerabilities and misconfiguration is critical to an organization’s overall security posture, and to prevent those weakness from being exploited. With our commitment to support multi-platform, security threats and vulnerability handling abilities in Microsoft Defender for Endpoint now also support Linux OS, making organisations the ability to view detected vulnerabilities, assess the latest security recommendations, and issue remediation tasks for Linux devices. With the addition of Linux, menace and vulnerability handling now encompasses all major platforms, including Windows and macOS.
Comprehensive security that is multi-platform and multi-cloud with simplification front and centre is going to be important for the “assume breach” approach. With that in brain, today we are announcing the general availability of the converged portal for Microsoft 365 Defender, which federates and simplifies XDR abilities for endpoints, email, and collaboration. For Azure Sentinel, we are announcing answers, which is a simplified means to deploy connectors, detections, playbooks, and workloads for both first and third-party consolidations, all together as one package. To simplify squad contacts in the Security Running Center, we are currently have built-in integration of Microsoft Teams into Azure Sentinel, so now you can create a Teams call directly from an incident.
With menaces continuing to get more sophisticated, it is important to have the latest AI and machine learning capabilities at hand to separate important incidents from interference. Patrons use Azure Sentinel consistently tell us how useful it is when incidents we create are closed directly in the product. This quarter, more than 92 percent of incidents produced by Azure Sentinel’s AI were reported as useful by security professionals, which is dramatically higher than industry standards and enables you to focus on what’s important. Today we are adding new anomaly detections, including User and Entity Behavioral Analytics( UEBA) to Azure Sentinel that are powered by configurable machine learning. These anomalies can be used to provide additional context while hunting or fused with incidents. What’s powerful is that you can configure the variables for the machine learning driven anomalies with merely a few clicks to customize for your specific environment.
Today’s hybrid work environment spans multiple platforms, multiple clouds, and on-premises. We recently extended the multi-cloud support in Azure Defender to include not just servers and SQL but also Kubernetes, all applying Azure Arc. Azure Security Center remains the only security portal from a cloud dealer with multi-cloud support, including Azure, Amazon Web Service, and Google Cloud Platform. Today we are announcing that we are extending protection to the application level with the preview of the SAP threat monitoring solution for Azure Sentinel. This supports SAP running in any cloud or on-premises and includes continuous monitoring of SAP with built-in detectings and can be customized to your specific SAP environment. You can learn more about this and the rest of Azure Sentinel’s proclamations in the Tech Community blog post.
Enabling a secure lane to access cloud apps while protecting your resources in this hybrid work environment is critical. New enhancements to Microsoft Cloud App Security will help protect against recent cloud-based attack types by seeing suspicious app activity and data exfiltration attempts from cloud services. Over the next few weeks, the general availability of integrating between Microsoft Information Protection and Cloud App Security will also can be obtained. This integrated information protection policy management from the Cloud App Security portal enables greater visibility, control, and protection for your sensitive data in the cloud.
With over 90 percentage of threats surfacing through email, it’s critical that organizations can configure security tools in a way that works for their environment. Over time, decideds can age, new assault scenarios develop, and new security controls are available, necessitating regular evaluation, upkeep, adjustments, and even removal of old configurations. We’ve been on a pilgrimage to make it easier for customers to understand configuration gaps in their environment with recently launched features like preset security policies, Configuration Analyzer, and overrule alertings in Microsoft Defender for Office 365. Essentially, when Microsoft is confident that an email contains malicious content, we will not deliver the message to users, regardless of tenant configuration. We also recently announced our Secure by Default capabilities that eliminate the health risks posed by legacy configurations. You can learn more in today’s Tech Community blog post.
But” presuming violate” isn’t just about external threats–you likewise have to be thoughtful about protecting your organization from the inside out. We released new capabilities today in our Insider Risk Management solution to help you to address insider hazard in a holistic, collaborative way. Today’s Tech Community blog has more details.
For investigations, eDiscovery is critical. Today we’re announcing that eDiscovery support for Microsoft Graph connectors will be available in Summer 2021 as a developer preview. With Microsoft Graph connectors, investigators can query across more than 130 systems–directly from Microsoft 365 and our partners. Use the same eDiscovery tools in Microsoft 365 to search for content in third-party systems connected to Microsoft Search as used to search for content in Microsoft 365 apps and services. You can learn more in today’s Tech Community blog post.
In a risk landscape as complex as today’s, your adoption of a Zero Trust approach won’t happen overnight. It’s important to value progress over perfection and to recruit assist when you need it. Microsoft and its partners are committed to helping you on this excursion. To chart out your route, or assess your progress, enable a remote workforce by encompas Zero Trust security.
Thank you for being part of our community and doing your part to build a safer world.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
The post How to secure your hybrid project world with a Zero Trust approach showed first on Microsoft Security .
Read more: microsoft.com