James Parsons

James Parsons

Head of Modern Security

Microsoft has worked closely with customers to support the transitions required for the move to remote work throughout the pandemic. They have been listening carefully to concerns around security that this shift in working practices has brought to all organisations, as well as carefully watching the threat landscape across customers infrastructure and services.

Across Ignite, there have been some awesome updates to the Microsoft 365 platform. The level of integration of non-Microsoft ecosystems has been increased and the platform continuously moves forwards in its pursuit of providing a single pain of glass for all your organisation’s services. The below are just some of the highlights.

Naming conventions

Naming conventions across the Microsoft 365 platform don’t really fall under a new service or feature but we feel are important for you to know about. There has, as always, been some renaming of services by across the Security services.

Old New
Azure Sentinel Microsoft Sentinel
formerly Microsoft Cloud App Security Microsoft Defender for Cloud Apps
Azure Defender for IoT Microsoft Defender for IoT
Azure Security Centre and Azure Defender Microsoft Defender for Cloud

 

Identity

Resilient Identity Service

Aswell as the more noticeable features that Microsoft have released across Ignite, they also made public the work they have been doing to create a more resilient Identity service in Azure AD.
They have been working on the investing into the 8 core principles of service reliability.

Picture1-1Microsoft have now implemented a cell-based architecture for the entire Azure AD service. This means that Azure AD is split across 107 separate cells. If there is an issue in one area of the system, Microsoft can contain it and the largest section of users that could be affected is 1.7% at any time

Azure AD Backup Authentication

They have also built a backup authentication service, which is a secondary system that will maintain sessions should the primary authentication system go down. This system is separate from Azure AD but still runs within the Microsoft Cloud. As well as allowing users to maintain access to services, it also ensures that organisation security settings and access conditions continue to be met. With this service in place, Azure can withstand an outage for 3 days.

Conditional Access for applications and Device Filters

Although this has now been around for a little while, it has now become generally available. This functionality allows you to apply Conditional Access policies to specific devices or exclude specific devices. Filters for applications allows Conditional Access policies to be applied dynamically to new apps without Admins needing to update specific applications, unlike the device filters, this feature will become available in Public Preview by the end of the year (2021).

Insider Risk Management

Microsoft have introduced a new onboarding solution to Insider Risk Management that guides organisations through the recommended steps to onboard their tenant to the security solution.

The recommendations guide you through the critical things needed to start protecting your organisation like creating Insider Risk policies to capture the behaviour and events that could be malicious or be a risk to the organisation to ensure that it is audited.

Microsoft have also added a healthcare playbook which contains prebuilt indicators and a customisable machine learning template that has now been placed into Public Preview. This healthcare specific playbook connects into Epic and to other digital medical records solutions.

Picture2-1

Devices

Defender for IoT / OT

IoT devices are now being attacked and used to compromise networks as they are usually unmonitored and unsecured. Introducing Microsoft Defender for IoT/OT devices will integrate the detection and response for these devices into the wider SIEM and XDR solutions (Microsoft Sentinel, Microsoft 365 Defender, and Microsoft Defender for Cloud) within Microsoft 365 and provide the same level of support as other devices.

This service is completely agentless. This will be achieved by using all other Microsoft Defender for Endpoint enabled devices across the network to discover and monitor IoT devices.

Picture3

We will explore this announcement in further in a full blog post on this subject soon.

New operating system support

One of the biggest announcements relating to Microsoft Endpoint Manager coming from Ignite this year is the addition of Linux management and compliance policies, which will be released in early 2022. This not only ensures that Linux devices are secured and meet company compliance policies, but it will also provide the capability to extend Conditional Access policies to Linux systems and provide a more in depth Zero Trust approach.

Deploy DMG applications to managed MACs

Up until now PKG files were the only line of business applications we only macOS applications that could be deployed through Intune. This would cause issue where applications were only supplied in DMG format and would need to be converted.

This update will save time and improves the compatibility of macOS applications.

Securing collaboration

Communication compliance

Chat and IM has been around for a long time within organisations and have turned to Microsoft Teams to support them through the pandemic and provide colleagues with the ability to communicate easily whilst working remotely.

Although delivered with the best intentions for their colleagues, at the same time Microsoft Teams poses a risk. Instant Messaging can be abused, by inappropriate content could be shared or a colleague could find themselves at the end of threatening language, through intent or misunderstanding.

Up until now, this form of communication has remained invisible to compliance teams. Communication Compliance throws a light into this area and with the Day Zero Insights being made available this month will help organisations aware of behaviour they were not previously able to see. For Example, harassment, threats, and sharing of sensitive information.

Picture4

Data

Privacy management

Unstructured data is becoming more of a trend across all organisations and coupled with evolving regulatory requirements it has become increasing difficult for organisations to know what personal data they have and where and how it is impacted by regulations like how the data is stored or shared.

Just before Ignite Microsoft announced Privacy Management. Privacy Management has been introduced to give organisations the tools to address personal data they have and where it is being stored and how it is being used.

Privacy Management will allow the organisation to identify critical privacy risks and conflicts, bring automation to privacy operations and responses to Subject right requests and empower colleagues to make smart data handling decisions.

Picture5

 

 

 

 

 

Azure Information Protection

AIP has received some updates and Microsoft are introducing 9 new trainable classifiers to cover finance, IT, Tax and Healthcare. They are also introducing 52 new sensitive information types covering named entities across the globe. Microsoft will also be introducing 10 enhanced unified classification policy templates.

Microsoft Endpoint Data Loss Prevention

Microsoft announced at that they have added support for macOS devices to the Microsoft Endpoint DLP service. This will support the detection of exfiltration of Office, PDF, and CSV files from macOS endpoints and expand the scope of insider risk detections across organisations.

Picture6

Begin your journey

Ignite 2021 has been jam-packed with information this year and the plethora of new features on offer here have the possibility to transform the way we work. If you're interested to know how your organisation can benefit, get in touch with us to discuss more!

Originally published November 19 2021, Updated November 19, 2021

Microsoft 365 Licensing - Demystified

Download our free factsheet to understand the difference between Microsoft 365 and Office 365, and the services you receive with the F1, E1, E3, E5 suites respectively.”
Download our Factsheet

Make work better for your organisation!

Book in a discover session with us and we'll take you through the latest developments from Microsoft and how they can fit within your organisation!

Book in a session