Top Announcements in Microsoft Security
Microsoft Ignite is a showcase of the best of what’s next for Microsoft and its partners. At this year’s annual conference, Microsoft welcomed more than 200,000 people. Gaining world-class training skills, attendees were introduced to the latest products, and services designed to help customers, partners and developers get the full value of Microsoft’s technologies. These are the developments we think you will find the most useful.
Microsoft Defender for Cloud adds new protections for comprehensive Security
New capabilities for Microsoft Defender for Cloud will help organisations strengthen their cloud security posture, extend threat protection across workloads, and integrate DevOps security across hybrid and multi-cloud environments. These updates are Microsoft’s latest steps to make Defender for Cloud a comprehensive cloud-native app protection platform.
New capabilities in Defender for Cloud include:
- Microsoft Defender for DevOps: A new solution that will provide visibility across multiple DevOps environments to centrally manage DevOps security, strengthen cloud resource configurations in code and help prioritise remediation of critical issues in code across multi-pipeline and multi-cloud environments. With this preview, leading platforms like GitHub and Azure DevOps are supported and other major DevOps platforms will be supported shortly.
- Microsoft Defender Cloud Security Posture Management (CSPM): This solution, available in preview, will build on existing capabilities to deliver integrated insights across cloud resources, including DevOps, runtime infrastructure and external attack surfaces, and will provide contextual risk-based information to security teams. Defender CSPM provides proactive attack path analysis, built on the new cloud security graph, to help identify the most exploitable resources across connected workloads to help reduce recommendation noise by 99%.
- Microsoft cloud security benchmark: A comprehensive multi-cloud security framework is now generally available with Microsoft Defender for Cloud as part of the free Cloud Security Posture Management experience. This built-in benchmark maps best practices across clouds and industry frameworks, enabling security teams to drive multi-cloud security compliance.
Expanded workload protection capabilities: Microsoft Defender for Servers will support agentless scanning, in addition to an agent-based approach to virtual machines (VMs) in Azure and AWS. Defender for Servers P2 will provide Microsoft Defender Vulnerability Management premium capabilities. Microsoft Defender for Containers will expand multi-cloud threat protection with agentless scanning in AWS Elastic Container Registry. These updates are in preview.
Why it matters: Organisations need a comprehensive approach toward cloud security and a centralised, integrated solution to mitigate risk from code to cloud to counter these threats. New innovations in Microsoft Defender for Cloud are the solution; helping to protect multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime.
Microsoft 365 Defender now disrupts Ransomware at Machine Speed
Microsoft 365 Defender now automatically disrupts ransomware attacks. This is possible because Microsoft 365 Defender collects and correlates signals across endpoints, identities, emails, documents, and cloud apps into unified incidents and uses the breadth of signal to identify attacks early with a high level of confidence.
Why it matters: Time is critical in ransomware attacks, and now Microsoft 365 Defender can automatically contain affected assets, such as endpoints or user identities. This helps stop ransomware from spreading laterally, which can substantially reduce the overall cost of an attack while improving a company’s resiliency to recover. The security operations team stays in full control of investigating, remediating, and bringing assets back online once they are returned to a healthy state.
Microsoft Entra Identity Governance (in Preview)
Microsoft Entra Identity Governance, now in preview, will help organisations ensure that the right people have the right access to the right resources at the right time. This release will deliver a comprehensive identity governance product for both on-premises and cloud-based user directories.
The newly released capabilities include life cycle workflows to automate repetitive tasks, connection to on-premises to enable consistent policies for all users and separation of duties in entitlements management to help safeguard against compliance issues. These complement existing Microsoft Entra Identity Governance features, including access reviews, access certification, entitlements management and privileged identity management.
Why it matters: Microsoft Entra Identity Governance will help organisations simplify operations, support regulatory compliance, and consolidate multiple identity point solutions.
Advanced Management Suite
The new, cost-effective premium endpoint management plan will launch in March 2023, with the aim to build new premium capabilities in the cloud. The ever-expanding family of endpoint management products will be known as Microsoft Intune. Microsoft Configuration Manager will remain a part of that product family.
Why it matters: Microsoft Advanced Management Suite will help organisations to build their ability to monitor endpoints as well as build on your cloud capabilities.
Microsoft also announced some new benefits to their Microsoft Sentinel is the ability to search across vast amounts of security data quickly and easily stop breaches in a fast, cost-effective manner. With new low-cost options for ingesting and archiving data, now generally available, customers can collect and search across all data in Microsoft Sentinel.
Basic Logs is designed to ingest high-volume data from sources to correlate and investigate an incident. Archived logs offer low-cost, long-term storage that is searchable for up to seven years. Log restore enables restoration of logs for high performance, interactive investigation queries as needed.
If you have any questions around the utilisation of your Microsoft Sentinel environment, we offer a Microsoft Acceleration Programme to help you make the most out of your environment, if you would like to hear more about how this programme can help you or any of the developments that could help your business, please get in touch.
As always, the annual Microsoft Ignite conference has unveiled some exciting new developments that will better help Microsoft users to achieve their strategic goals. In today’s uncertain economic times, organisations are looking to change the way they work to get better results and maximise their existing IT investments.
You can find more information on all of Microsoft’s announcements including the ones in our article, in The Microsoft Ignite Book of News.
Whether you would like to discuss ransomware or are looking to utilise your Microsoft Sentinel environment, our qualified team will draw from expertise and in-depth knowledge of Microsoft technologies to provide advice scaled to your specific requirements.