Microsoft Ignite Cyber Security Takeaways

Microsoft’s annual flagship ‘Ignite’ conference is underway, amongst the hundreds of announcements and content covered, there are a number of interesting security-related updates and new releases by Microsoft, highlighted below.

Microsoft Defender Advanced Threat Protection (ATP)
Microsoft is extending their endpoint detection and response capability in Microsoft Defender ATP to include MacOS, now in preview. Microsoft is planning to add support for Linux servers.

Application Guard for Office
Now available in preview, Application Guard for Office provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It utilises Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Azure Security Center
Microsoft is announcing new capabilities to find misconfigurations and threats for containers and SQL in IaaS while providing rich vulnerability assessment for virtual machines. Azure Security Center also provides integration with security alerts from partners and quick fixes for fast remediation.

Azure Sentinel

Microsoft is introducing new connectors in Azure Sentinel to help security analysts collect data from a variety of sources, including Zscaler, Barracuda, and Citrix. In addition, Microsoft is releasing new hunting queries and machine learning-based detections to assist analysts in prioritising the most important events.

Insider Risk Management in Microsoft 365
Microsoft is announcing a new insider risk management solution in Microsoft 365 to help identify and remediate threats stemming from within an organisation. Now in private preview, this new solution leverages the Microsoft Graph along with third-party signals, like HR systems, to identify hidden patterns that traditional methods would likely miss.

Microsoft Authenticator
Microsoft are making Microsoft Authenticator available to customers as part of the Azure Active Directory (Azure AD) free plan. Deploying Multi-Factor Authentication (MFA) reduces the risk of phishing and other identity-based attacks by 99.9%.

New value in Azure AD
Previewing at the end of November, Azure AD Connect cloud provisioning is a new lightweight agent to move identities from disconnected Active Directory (AD) forests to the cloud. Additionally, Microsoft is announcing secure hybrid access partnerships with F5 Networks, Zscaler, Citrix, and Akamai to simplify access to legacy-auth based applications. Microsoft is introducing a re-imagined MyApps portal to help make apps more discoverable for end-users.

Microsoft Information Protection and Governance
The compliance center in Microsoft 365 now provides the ability to view data classifications categorised by sensitive information types or associated with industry regulations. Machine learning also allows you to use your existing data to train classifiers that are unique to your organisation, such as customer records, HR data, and contracts.

Microsoft Compliance Score
Now in public preview, Microsoft Compliance Score helps simplify regulatory complexity and reduce risk. It maps your Microsoft 365 configuration settings to common regulations and standards, providing continuous monitoring and recommended actions to improve your compliance posture. 

Azure Firewall Manager
Now in public preview, Microsoft customers can manage multiple firewall instances from a single pane of glass with Azure Firewall Manager. Microsoft are creating support for new firewall deployment topologies.

*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: