BACKGROUND IMAGE: stock.adobe.com
We already covered all the biggest announcements (and there was a lot), so check out our super-sized Monday post for all the major Microsoft Ignite news. For this article, I wanted to take a deeper look at what I took away from Microsoft’s security keynote “Microsoft’s roadmap for security, compliance, and identity” and sessions through the first two days, such as “Modern management: how/why you do it now” and “Microsoft Threat Protection with security CVP Rob Lefferts.”
Microsoft wants to protect you everywhere
Microsoft wants to be your provider for everything security-related in the enterprise, even if that requires working with other vendors to round out their coverage.
They spoke about Azure Active Directory being your one identity provider—you need no other product. This seems more possible as Microsoft announced multiple partnerships with Citrix, Akamai, and Zscaler to make it easier for AAD to manage on-prem applications.
From there, Microsoft announced or updated several security products that organizations can use to complete their security deployment. Organizations could purchase secured-core PCs designed to make their desktop more secure at an OS level with a hardware root of trust and hardened against firmware-level attacks. From there you have Application Guard for Office to protect at the application level, and then there’s additional security tools like Microsoft Threat Protection (which they position as a suite of tools and not just a feature in multiple products). For mobile devices in BYOD deployments, organizations that use Intune (excuse me, Microsoft Endpoint Manager) can try Conditional Launch, which protects company data on MAM-only deployments, based on signals from mobile threat defense products.
The session presented by Rob dug into the different products that Microsoft now offers, trying to convince attendees that they should consider them as the security vendor organizations need in this day and age. I remain unsold but do see the appeal for companies—you would only have a single security vendor, instead of working with several to provide complete coverage. (And, yes, Microsoft championed zero trust, but that’s old hat by now.)
The security keynote from Monday covered a lot, but is worth checking out just to get an idea about the direction Microsoft plans to head security-wise over the next 12 to 18 months.
For this, they focus less on concrete products and more about how Microsoft will follow four core principles: integrating security and compliance directly into products; using AI, machine learning, and automation where possible; integrating Microsoft security products with third-party solutions; and considering data privacy.
Microsoft is working to add features such as threat and phishing protection, endpoint detection and response, data loss prevention, and cloud-native SIEM into their products. This will be represented across multi-platforms and multi-cloud.
With AI, ML, and automation tools, Microsoft aims to make your security team’s job easier to handle incoming threats, recovering from recent attacks, and figuring out the holes in your security. In addition to AI and such, organizations will be backed up by Microsoft’s security experts (I guess AI can’t solve everything…).
For the third principle, Microsoft wants to have their products integrate and interoperate with third-party security features, including identity and access management, threat protection, cloud security, and information protection.
Lastly, Microsoft wants to provide organizations with control around how their data is used. This involves being open with how data is collected and used and “empowering” customers (it’s not clear how the last one works just yet—it is a roadmap after all).
Microsoft Secure Score
Since Secure Score debuted in Office 365 in 2017, Microsoft has dutifully updated and expanded it every year. Last year, it became a standalone offering and includes data from EMS and Azure Security. This year, Microsoft made the score easier to understand, while also allowing users to see how they score; previously, only admins had access.
I’ve been a fan of Secure Score since first learning about it. Explaining your security stance to everyone in the organization can be difficult, which is where this scoring mechanism comes it. From one dashboard, anyone can see how secure they and their company are. We’re all used to seeing scores and easily understanding them, so why not another one?
Secure Score also provides users and admins with recommendations around improving your score (which also shows how you compare against other companies worldwide). Rather than focusing on what hackers went after in their last attack, use the recommendations to figure out where your security falls short.
Turn on multi-factor authentication, already
Not revelatory or anything, but during what feels like every security session and keynote, Microsoft plugged turning multi-factor authentication on. With Microsoft Authenticator now available free of charge, it’s a lot easier to implement MFA. They stayed away from suggesting using any one specific factor—even SMS, through all its weaknesses, offers infinitely more protection than just a password.
Perhaps it’s no surprise they didn’t call out any one factor as better than any other. After all, they just announced an SMS-based authentication feature in Microsoft 365 for firstline workers, which provides some in your organization a step toward becoming passwordless.
If SMS is something you’d prefer to not use in your organization, Microsoft has other MFA options available, using features like Windows Hello or the newly announced YubiKey Bio for passwordless sign in or MFA for Azure Active Directory.
So much news from Ignite!
There are more security sessions that I want to check out, but have to wait until they’re available to watch (or they fix their video player, in the case of a few sessions). The keynote is the one to really check out if you want to get an idea of all the different features that they’ve announced at Microsoft Ignite 2019.
Microsoft announced a lot from a security standpoint, but nothing seems revolutionary—so I’m curious what others thought, did anything they announced potentially fix some issue that plagues your IT team or organization as a whole?