By Lynn Greiner and Azure Sentinel News
Although the flagship launch at Microsoft Ignite, which wound up on Wednesday, was the flashy Microsoft Mesh, there were many security-focused product and feature announcements that should bring a smile to admins’ faces. Here’s a look at some of what’s here now and what’s coming.
Passwordless authentication for cloud and hybrid environments. Azure AD lets users sign in with biometrics or a tap using Windows Hello for Business, the Microsoft Authenticator app, or a compatible FIDO2 security key from Microsoft Intelligent Security Association partners such as Yubico, Feitian, and AuthenTrend. With Temporary Access Pass, now in preview, you can generate a time-limited code to set up or recover a passwordless credential.
More than 30 new connectors for Azure Sentinel make it easier to collect data across all cloud environments, including Salesforce Service Cloud, VMware, and Cisco Umbrella. It also has new security orchestration response (SOAR) playbooks to create automation rules, block suspicious IP addresses in Azure Firewall, isolate endpoint devices with Microsoft Intune and update a user’s risk state with Azure Active Directory Identity Protection. There are also improvements in data ingestion and enhanced analytics.
Now in preview
Windows Server 2022, to be available this calendar year, will allow customers to run applications on Azure, on-premises, or at the edge. Along with its increased functionality, it will boast a couple of appealing security features. The key one is the Secured-core server, which uses hardware, firmware, and operating system capabilities. It includes Trusted Platform Module 2.0 (TPM 2.0) to provide hardware root-of-trust, firmware protection, and virtualization-based security. The Windows Admin Center security tool (also in preview) will report on the Secured-core features and enable them where applicable.
More Ignite coverage:
Edge Secured-core will apply Secured-core security to IoT devices.
A unified mobile security app for iOS and Android will combine Microsoft Defender for Endpoint and Microsoft Tunnel (VPN) to simplify the end-user experience and increase customer security. It will be known as Microsoft Defender for Endpoint and will be in preview this month.
Azure Key Vault Managed HSM is a fully-managed single-tenant key management service with FIPS 140-2 Level 3 validated hardware security modules.
Always Encrypted with secure enclaves (protected regions of memory enabling confidential queries) is available for preview in SQL Server 2019 and Azure SQL Database.
Trusted Launch, which protects boot kits, rootkits and kernel-level malware, is now available for confidential and non-confidential virtual machines (VMs).
Azure Security Center gets new reporting capabilities to create quick reports, either with out-of-the-box reports or by writing their own in Azure Workbooks.
Azure Sentinel will share incident views, schema, and integrated user experiences with Microsoft 365 Defender. It will also offer connectors to Azure Storage, Azure SQL, Azure Kubernetes Service and Azure Key Vault.
Microsoft 365 Defender enhancements will let customers investigate and remediate issues on endpoints and in Office 365 through a single integrated Defender 365 portal. It will include unified alerts, user and investigation pages that allow automated analysis, extended email alerts, and a learning hub.
Threat Analytics, previously available for Defender for Endpoint, is coming for Microsoft 365 Defender.
Microsoft 365 Insider Risk Management Analytics, which can identify potential insider risk activity within an organization and help inform policy configurations, enters public preview later this month.
Microsoft 365 is offering data loss prevention (DLP) for Chrome browsers and on-premises server-based environments such as file shares and SharePoint Server 2010/2013/2016).
Tackling the security skills gap
Microsoft has added four new certifications in the security realm to address the skills gap:
- The Microsoft Certified: Security, Compliance, and Identity Fundamentals certification will help individuals get familiar with the fundamentals of security, compliance and identity across cloud-based and related Microsoft services.
- The Microsoft Certified: Information Protection Administrator Associate certification focuses on planning and implementing controls that meet organizational compliance needs.
- The Microsoft Certified: Security Operations Analyst Associate certification helps security operational professionals design threat protection and response systems.
- The Microsoft Certified: Identity and Access Administrator Associate certification helps individuals design, implement and operate an organization’s identity and access management systems by using Azure Active Directory (Azure AD).