This article is a summary and discussion of the Microsoft Ignite 2019 session on Microsoft’s roadmap for security, compliance, and identity. The screenshots are from the full session which you can watch here.
The importance of security, compliance and identity
Digital transformation is bringing real challenges around security and compliance, due to the complexity, scale and sophistication of these technological developments.
The following statistics highlight why managing security and compliance is becomingly increasingly difficult and crucial:
- There will be over 75 billion devices in existence next year
- More data is going to be created this year alone, than the past 10 years combined
- Four billion records have already been exposed due to data breaches this year
- 53% of organisations have experienced insider attacks in the last year
In a cloud-first hyperconnected world, the old perimeter-based model of cybersecurity (think castle and moat) no longer works and we are seeing a major shift to Zero Trust. You can find out more abut Zero Trust in our article ‘The new cyber security model’ here.
Zero trust and Microsoft’s roadmap
Everything Microsoft do is built around Zero Trust — and that is the approach we also adopt at Chorus for us internally and our clients.
Microsoft have built their zero-trust model around 3 pillars:
- Explicitly verify every request e.g. question device health, whether the user is patched, anomalous behaviors and location.
- Provide least privileged access i.e. only grant a user access for the time they need, for the task they need and make sure you’ve got audit rights to track what has been happening.
- Expect breaches to happen and minimise the impact when those breaches do happen — using techniques such as network partitioning, encryption, telemetry and analytics etc.
Microsoft’s roadmap for the next 18 months is focused on:
- Building security and compliance directly into M365, Azure and Dynamics
- Implementing the deep use of AI, machine learning (ML) and automation – as humans can’t analyse the 8 trillion daily signals across Microsoft services
- Ensuring solutions work together and have deep integration and interoperability with other solutions too – including third party products
Security and resilience
Microsoft’s ethos is that People, Process and Technology = Resilience.
Attacks on enterprises are typically still password-based such as brute force, spray and phishing attacks. MFA is critical in combatting this as it stops 99.9% of attacks immediately.
Microsoft have found that companies still aren’t equipped for breaches. Some quick and very powerful wins include:
- Turn on MFA — for 100% of your employees. Using FIDO 2 standards, Microsoft have made it as easy as possible for employees to use MFA and have a great user experience
- Stay current – Update and patch your IT. There’s no excuse for procrastinating and leaving vulnerabilities in your security
- Use Secure Score – If you have Microsoft Secure Score, you have prescriptive guidance of exactly what you need to do. Use it regularly and seek help from your Microsoft partner where necessary
Just getting started with these simple first steps will make your organisation significantly more resilient.
Azure Sentinel and Microsoft Threat Protection
Microsoft recently released Azure Sentinel — Microsoft’s new cloud-native SIEM.
Sentinel and Microsoft Threat Protection tap into AI, ML and automation to provide tightly integrated security for your organisation. Sentinel connects and groups related detections, highlighting the key events and alerts from the millions identified. This would take a human days or weeks to perform and Sentinel does it in moments.
Microsoft Threat Protection allows you to further investigate Sentinel’s security incidents. For example, you can drill down and discover more details about the devices, users and mailboxes impacted by the attack. Automation using playbooks launched from Azure Sentinel allow you to benefit from automated response to incidents.
Data connectors allow you to connect Sentinel to other public cloud environments such as AWS or Google Cloud and services such as Zscaler, Citrix etc. You can now connect all your enterprise data without having to scale your infrastructure.
Azure Active Directory (AD) and Microsoft Cloud App Security
Microsoft have made it easy to extend the power of Azure AD’s single sign on (SSO) capability across your third-party apps — thanks to its integration with Microsoft’s Cloud App Security Broker. You can select a third-party app e.g. DocuSign from a gallery of apps and set up SSO in minutes.
The service will take you directly into the relevant section of the app and allow you to pre-populate all of the information required for SSO implementation. Following this, users can use the app without having to authenticate again.
For each of your apps, you can also determine how ‘risky’ a sign in can be to access each of your apps — thanks to Conditional Access (CA) which is part of Azure AD.
Microsoft Cloud App Security (MCAS)
You can also set policies that determine what a user can do when using one of your cloud apps, including third-party apps. Azure AD provides the authentication, before routing you to MCAS for real-time control.
For example, if a user was using a third-party app like Workplace by Facebook, you have the control to block certain types of information from being shared with certain audiences or publicly – thanks to MCAS.
For example, you can set specific rules such as blocking any post with the mention of a given keyword or sharing files externally.
In an instance where an employee attempts to publish information which is blocked, you can set MCAS to deliver a customised ‘blocked’ message and / or an email to the user explaining why it was blocked.
Microsoft highly recommends that you connect all your apps to Azure AD and Cloud App Security.
Compliance score is now in preview. It helps you assess and monitor the status of your data protection and how it complies with regulatory standards such as the California Consumer Privacy Act or GDPR.
It’s available now with access through M365 Compliance Centre. The dashboard breaks down your compliance score and provides improvement actions.
Microsoft Information Protection
Managing data and compliance can be difficult with multiple regulatory pressures — especially as 80% of data is typically hidden with no knowledge in the organisation of who can access it or how it should be handled relative to sensitivity.
When attaching a file to an email, you can mark the sensitivity e.g. ‘highly confidential’ etc. This is available in Outlook mobile today.
New capabilities rolling out at the end of the year will also allow you to list keywords that are associated with sensitive topics. For example, if an Office document contains these keywords, it can trigger a yellow banner to appear at the top of the screen suggesting you apply a sensitivity label to the document.
Soon, you will also be able to display the sensitivity of documents in your SharePoint libraries with a separate column for sensitivity.
Insider Risk Management in Microsoft 365
Microsoft have also announced a new Insider Risk Management solution in Microsoft 365.
While classifying your data is a good first start, many companies will also need to consider risks from within the organisation. Over 90% of organisations report feeling vulnerable to insider threats and nearly half of these are malicious.
You can now identify and act on risks from inside the company. This solution leverages the Microsoft graph and signals across endpoint, identity, email and many more to identify insider risk and connects 3rd party apps.
The Insider Risk Management dashboard shows you quick overview policy violations, insider risk alerts and any active cases you’re working on. Privacy is a key enterprise consideration that’s built in — no usernames are visible in the solution until you dig deeper into a potential risk.
An example of its use is an IP Theft scenario. In Insider Risk Management, you would see a chart showing all the data that suggests potential IP Theft. You can drill down into this alert and it might show that a HR policy was violated. For example, you might find that someone downloaded a high volume of files from SharePoint onto a USB drive. If that user has also handed in their resignation and you know their resignation date, you can start to understand what’s going on.
Insider Risk Management allows you to escalate the case to a coworker for follow up, and this solution is available in private preview now.
This summary has only scratched the surface of the solutions and their capabilities. If you want to learn more about Microsoft 365’s features, benefits and licensing, download our detailed and informative free Microsoft 365 Enterprise guide now.