More than ever, Microsoft seems to be positioning itself as a security company. Last week's Ignite conference brought dozens of Microsoft security-related announcements ranging from compliance to endpoint protection.
On the risk management front, Microsoft announced a new insider risk management solution for Microsoft 365. The solution is intended to help identify and remediate threats that come from inside an organization, according to the company. It uses several Microsoft services to pick up real-time signals across Office, Windows and Azure, including abnormal user behavior and file activity. It can also pick up signals from a company's other systems, such as SAP, via connectors. Plus, it includes a set of playbooks that use machine learning to identify hidden patterns and risks that might otherwise be missed.
Compliance was another big area of focus at Ignite. Two of the most significant compliance-related announcements revolved around Microsoft 365. The company announced that Microsoft 365's Compliance Center now can view data classifications categorized by sensitive information types or associated with industry regulations. In addition, it has incorporated machine learning with what the company calls "trainable classifiers." They allow IT professionals to train the classification engine to classify data sets that are unique to the organization, such as customer records, HR data and contracts.
The second compliance-related announcement was the new Microsoft Compliance Score, which maps Microsoft 365 configuration settings to common regulations and standards. The result is a score that helps organizations assess how effectively their compliance measures are addressing their risks and requirements.
Another set of announcements centered around endpoint protection. Microsoft is extending its endpoint detection and response capability in Microsoft Defender ATP to include MacOS and plans to add support for Linux server. It also announced that it has combined ConfigMgr and Intune services that allow enterprises to manage employee devices.
These announcements have already spurred other vendors to take action. Blue Cedar, a mobile app security integration platform, for example, has already partnered with Microsoft to develop the Blue Cedar Accelerator for Microsoft. The solution is designed to ease integration of Intune App Protection Policy security controls, now part of Microsoft's Endpoint Manager Solution, into enterprise-authored and other corporate mobile apps.
Other Microsoft security-related announcements include:
- New connectors for Azure Sentinel to more comprehensively collect data from multiple sources including Barracuda, Citrix and Zscaler. Microsoft also announced new hunting queries and machine learning-based detections to help analysts prioritize security events.
- Azure AD (Active Directory) Connect cloud provisioning, which allows IT professionals to move identities from disconnected Active Directory forests to the cloud. Other Azure AD-related announcements included a series of secure hybrid access partnerships and a reworked MyApps portal to make apps more discoverable for end users.
- New capabilities in Azure Security Center focused around the ability to find misconfigurations and threats for containers and SQL in IaaS.
- Application Guard for Office, designed to reduce macro viruses. The solution protects against potentially malicious Word, Excel and PowerPoint files with the help of Microsoft Defender ATP. It does this by executing scripts in virtual sandboxes, which protects them from the host.
- Azure Firewall Manager enables users to manage security policy configuration and logging across multiple firewall instances, automate firewall deployment and centralize route management to multiple secured virtual hubs, and simplify central configuration and rules management for multiple firewall instances.
Taken together, these announcements seem to indicate that Microsoft is finally working to productize security in a serious way, said Alla Valente, an analyst at Forrester Research.
"They are now creating actual solutions that address on all aspects of security — privacy, compliance, risk management," she said. "It's not about protecting devices exclusively or protecting applications exclusively or protecting data centers exclusively anymore. It's about how companies are going to protect their brand."