Microsoft has worked closely with customers to support the transitions required for the move to remote work throughout the pandemic. They have been listening carefully to concerns around security that this shift in working practices has brought to all organisations, as well as carefully watching the threat landscape across customers infrastructure and services.
Across Ignite, there have been some awesome updates to the Microsoft 365 platform. The level of integration of non-Microsoft ecosystems has been increased and the platform continuously moves forwards in its pursuit of providing a single pain of glass for all your organisation’s services. The below are just some of the highlights.
Naming conventions
Naming conventions across the Microsoft 365 platform don’t really fall under a new service or feature but we feel are important for you to know about. There has, as always, been some renaming of services by across the Security services.
Old | New |
Azure Sentinel | Microsoft Sentinel |
formerly Microsoft Cloud App Security | Microsoft Defender for Cloud Apps |
Azure Defender for IoT | Microsoft Defender for IoT |
Azure Security Centre and Azure Defender | Microsoft Defender for Cloud |
Identity
Resilient Identity Service
Aswell as the more noticeable features that Microsoft have released across Ignite, they also made public the work they have been doing to create a more resilient Identity service in Azure AD.
They have been working on the investing into the 8 core principles of service reliability.
Microsoft have now implemented a cell-based architecture for the entire Azure AD service. This means that Azure AD is split across 107 separate cells. If there is an issue in one area of the system, Microsoft can contain it and the largest section of users that could be affected is 1.7% at any time
Azure AD Backup Authentication
They have also built a backup authentication service, which is a secondary system that will maintain sessions should the primary authentication system go down. This system is separate from Azure AD but still runs within the Microsoft Cloud. As well as allowing users to maintain access to services, it also ensures that organisation security settings and access conditions continue to be met. With this service in place, Azure can withstand an outage for 3 days.
Conditional Access for applications and Device Filters
Although this has now been around for a little while, it has now become generally available. This functionality allows you to apply Conditional Access policies to specific devices or exclude specific devices. Filters for applications allows Conditional Access policies to be applied dynamically to new apps without Admins needing to update specific applications, unlike the device filters, this feature will become available in Public Preview by the end of the year (2021).
Insider Risk Management
Microsoft have introduced a new onboarding solution to Insider Risk Management that guides organisations through the recommended steps to onboard their tenant to the security solution.
The recommendations guide you through the critical things needed to start protecting your organisation like creating Insider Risk policies to capture the behaviour and events that could be malicious or be a risk to the organisation to ensure that it is audited.
Microsoft have also added a healthcare playbook which contains prebuilt indicators and a customisable machine learning template that has now been placed into Public Preview. This healthcare specific playbook connects into Epic and to other digital medical records solutions.
Devices
Defender for IoT / OT
IoT devices are now being attacked and used to compromise networks as they are usually unmonitored and unsecured. Introducing Microsoft Defender for IoT/OT devices will integrate the detection and response for these devices into the wider SIEM and XDR solutions (Microsoft Sentinel, Microsoft 365 Defender, and Microsoft Defender for Cloud) within Microsoft 365 and provide the same level of support as other devices.
This service is completely agentless. This will be achieved by using all other Microsoft Defender for Endpoint enabled devices across the network to discover and monitor IoT devices.
We will explore this announcement in further in a full blog post on this subject soon.
New operating system support
One of the biggest announcements relating to Microsoft Endpoint Manager coming from Ignite this year is the addition of Linux management and compliance policies, which will be released in early 2022. This not only ensures that Linux devices are secured and meet company compliance policies, but it will also provide the capability to extend Conditional Access policies to Linux systems and provide a more in depth Zero Trust approach.
Deploy DMG applications to managed MACs
Up until now PKG files were the only line of business applications we only macOS applications that could be deployed through Intune. This would cause issue where applications were only supplied in DMG format and would need to be converted.
This update will save time and improves the compatibility of macOS applications.
Securing collaboration
Communication compliance
Chat and IM has been around for a long time within organisations and have turned to Microsoft Teams to support them through the pandemic and provide colleagues with the ability to communicate easily whilst working remotely.
Although delivered with the best intentions for their colleagues, at the same time Microsoft Teams poses a risk. Instant Messaging can be abused, by inappropriate content could be shared or a colleague could find themselves at the end of threatening language, through intent or misunderstanding.
Up until now, this form of communication has remained invisible to compliance teams. Communication Compliance throws a light into this area and with the Day Zero Insights being made available this month will help organisations aware of behaviour they were not previously able to see. For Example, harassment, threats, and sharing of sensitive information.
Data
Privacy management
Unstructured data is becoming more of a trend across all organisations and coupled with evolving regulatory requirements it has become increasing difficult for organisations to know what personal data they have and where and how it is impacted by regulations like how the data is stored or shared.
Just before Ignite Microsoft announced Privacy Management. Privacy Management has been introduced to give organisations the tools to address personal data they have and where it is being stored and how it is being used.
Privacy Management will allow the organisation to identify critical privacy risks and conflicts, bring automation to privacy operations and responses to Subject right requests and empower colleagues to make smart data handling decisions.
Azure Information Protection
AIP has received some updates and Microsoft are introducing 9 new trainable classifiers to cover finance, IT, Tax and Healthcare. They are also introducing 52 new sensitive information types covering named entities across the globe. Microsoft will also be introducing 10 enhanced unified classification policy templates.
Microsoft Endpoint Data Loss Prevention
Microsoft announced at that they have added support for macOS devices to the Microsoft Endpoint DLP service. This will support the detection of exfiltration of Office, PDF, and CSV files from macOS endpoints and expand the scope of insider risk detections across organisations.
Begin your journey
Ignite 2021 has been jam-packed with information this year and the plethora of new features on offer here have the possibility to transform the way we work. If you're interested to know how your organisation can benefit, get in touch with us to discuss more!