Microsoft Ignite 2018 kicked off on Monday, and as expected, there are plenty of new features and products. One major focus for this year is security, with three main announcements: Microsoft Threat Protection, enhancements to Secure Score, and password-less login for Azure AD.
Let’s dig into what’s new for each, shall we?
Microsoft Threat Protection
Microsoft already offered Threat Protection for Office 365, Azure, and Windows—but now all three can talk to each other and you access all from the same dashboard, for Microsoft 365 subscribers anyway.
Jack and I had the chance to meet with Rob Lefferts, corporate vice president of security, ahead of Microsoft Ignite 2018. He gave us a straightforward explanation of how Microsoft Threat Protection works: using AI and fuzzy matching algorithms, events can be correlated with their large data pool to understand and determine normal versus abnormal user behavior.
For example, someone might try to access multiple accounts, all from the same location, in alphabetical order and rapid succession, indicating an attack (most likely by a bot or script). Then an alert can be sent for admins to investigate. Or, Office 365 Threat Protection will know how Word uses memory and what a healthy email flow looks like, and Windows Threat Protection would know how an app interacts with file system APIs and how network traffic should look.
When Microsoft talks about their huge amounts of data, it can sound complicated, but really, this is becoming a common concept that we’re hearing of—it’s just that they have so many different products and features that they can apply it to.
By combining all three existing Threat Protection products under one roof, the system can correlate weaker signals that might not trigger alerts by themselves; or, surface events that would previously trigger alerts, but might not give admins much actionable information. Now, if these events have something in common, say a user or a device, they can be presented together, and admins can examine the kill chain.
Jack wrote last year about how AI and machine learning would come into our products, especially IT management and security products, and this is a prime example. Sounds cool, but really, we should focus less on the AI aspect and more on the results. This means having a system in place helping to notice small things—for example, the deleting of files on a corporate desktop, that could indicate the start of a possible ransomware attack—and allow SecOps to triage and prevent further damage.
First released for Office 365 last year, Microsoft expanded it to Microsoft Secure Score in April. At Microsoft Ignite 2018, they revealed yet another refinement to their security report card. The Secure Score now includes data from Azure Security Center and Enterprise Mobility + Security (EMS), and shows how your security stance stands against competitors, industry average, etc.
Here's an example of how it looked before today:
Overall goal is to make it easy for IT to quantify the company’s current security—Secure Score provides a numbered score, graphs, and more, highlighting various security policies that are either configured or not configured. They’re all very colorful and pretty—but Microsoft says it provides a purpose: People like having a way to quantify their progress. With this tool, you can easily show executives whether your current security efforts are up to snuff and what is still needed.
According to Microsoft’s internal metrics, organizations that follow Secure Score’s recommendations reduce their chance of a breach by 30 fold. Pretty solid improvement—if true.
Security Score goes along with part of a larger conversation we’ve been having: How do you get organizations to transition from just keeping the lights on to really getting onboard with improving security and user experience? If it helps when discussing security with the C suite and other buyers, then great! Not everyone understands security and this offers a colorful way to more easily explain your current security stance.
Microsoft is trying to get organizations to start moving away from passwords with this announcement. Corporate Azure AD accounts will now let admins default to using the Microsoft Authenticator app first, instead of asking for a password and then the Authenticator. In this scenario, Microsoft Authenticator uses an addition factor, such as a fingerprint, facial biometric, or a PIN. This announcement brings AAD in line with consumer Microsoft accounts, which can already use the authenticator app as a primary factor.
(Incidentally, we were curious about whether you could really do away with passwords completely, and Rob told us that it was indeed already possible. Certain specific Azure AD configurations can provide a password-less login experience. It sounded a little convoluted and requires Windows Hello and additional work—but it is possible!)
This is may be just one configuration change in Azure AD, but does continue the move by tech companies to start shifting away from passwords. (Another recent example I covered was Google pushing the Titan Security Key at Cloud Next 2018, to get users accustomed to stronger multi-factor authentication.
Microsoft said they feel passwords are a “short-term game” against bad actors and they want to push everyone toward an “end of an era of passwords.” We’ll see, but I like the idea of having to remember one less password and getting admins and users adjusted to the idea of accessing their accounts without a password as their first or only authentication factor.
Microsoft Ignite 2018 announcements continue the 2018 theme of maturing products
I have now been through the biggest EUC-related conferences of the year, and a recurring theme was definitely that there weren’t as many big new products (with the exception of Windows Virtual Desktop news Jack is covering today), but rather just continued improvement to existing products.
I’ve read through older BrianMadden.com coverage of Ignite and VMworld, seeing how excited Jack and Gabe were over announcements made. While there wasn’t as much giddiness here (also since we’re covering the show remotely), I see how Microsoft Ignite 2018’s security announcements could make life easier for those who already use the products, or get someone on board who may have been on the fence previously.
We have some questions about these security announcements and others, but will have to wait for Microsoft to reveal more details at Ignite.