The reason is structural: today’s identity systems were designed to verify credentials, sessions, and devices. Not the humans behind them.

For identity and security professionals, the challenge is closing the gap between “verified credential” and “verified human.” The answer lies in human identity assurance.

The flaw Zero Trust left unaddressed

Zero Trust modernised how organisations verify users outside of the company perimeter. But it inherited its own assumption: if the credential is valid, the human is valid. The validity of a token or password says nothing about whether the human presenting it today is the same human who originally established it.

That gap has always been exploitable, but AI has industrialised it – enabling attackers to build convincing phishing campaigns, clone voices, and deploy deepfake video at a quality and scale not previously possible.

The consequences are well documented. Operatives from OFAC-sanctioned nations infiltrated over 300 companies using deepfake filters to pass remote video interviews. Scattered Spider used help desk social engineering to cause significant disruption across multiple major enterprises, linked to over 120 intrusions and $115 million in ransoms. A single deepfake video call cost Arup $25 million in fraudulent transfers. In each case, the identity controls performed as designed, but failed to verify the human.

Introducing human identity assurance

Closing the gap between “verified credential” and “verified human” requires a different kind of assurance: one that confirms a real person is genuinely present.

iProov adds this capability to the existing identity stack through advanced biometrics. The high-assurance biometric technology confirms genuine human presence in real time. Powered by award-winning liveness detection and patented Flashmark® technology, it delivers unmatched protection against deepfakes, injection attacks, and presentation attacks.

Unlike knowledge or possession factors, the biometric inherence factor cannot be lost, stolen, or shared. This provides a definitive defence against phishing while remaining entirely device-independent – ensuring full lifecycle coverage where device-bound controls typically break down. By anchoring identity to a high-assurance inherence factor, organizations effectively mitigate third-party credential compromise and secure the supply chain – a vast, high-risk attack surface where visibility and control have traditionally been the most difficult to maintain.

Closing workforce identity lifecycle gaps

This capability applies across the critical moments in the workforce identity lifecycle where credential-based controls are most exposed.

• Remote hiring and onboarding: Confirm the person on screen is genuine before credentials are issued, stopping deepfake candidates and synthetic identities before day one.
• Daily access and shared devices: Deliver seamless, accountable access across devices and accounts without passwords, tokens, or companion apps.
• Step-up and privileged actions: Confirm genuine human presence before high-risk actions and sensitive approvals.
• Account recovery: Re-anchor identity to a verified human from any device without the help desk.

This works in conjunction with existing IAM, IGA, and PAM platforms – strengthening assurance where credential-based controls alone are not enough.

iProov partners with Microsoft to deliver secure identity verification

Combining iProov with Microsoft enhances digital identity solutions with cutting-edge biometric authentication. By integrating iProov’s patented facial verification technology into Microsoft’s solution and ecosystem, organizations can offer seamless, secure user experiences while combating identity fraud. This empowers businesses and governments to protect sensitive data and ensure trust in critical digital interactions. Together, iProov and Microsoft are setting new standards for security and convenience in the digital age.

Ready to see how this fits your environment? Explore iProov for Microsoft customers.

The post Beyond credentials. Verifying the human. appeared first on Microsoft Industry Blogs - United Kingdom.

People say that the last part in a trilogy is the perfect way to close out a movie series. But what happens when the last movie was actually the prequel?

Microsoft has remastered existing guidance in “Entra ID vision” as a series of documents under the banner “Microsoft 365 guidance for UK Government”.  Following the release of the Information Protection guidance and the update to External Collaboration guidance, we have also remastered the one that kicked it off: Secure Configuration Blueprint.

Microsoft 365 Guidance for UK Government

The three-piece collection provides a common baseline which UK Government departments, and their partners, can use to enable secure use of Microsoft 365.

The goal of the Secure Configuration Blueprint is to create a secure foundation for a Microsoft 365 tenancy. It provides guidance using the “Good, Better, Best” approach targeted on feature availability by licence, offering policies and settings that protect your Microsoft 365 tenancy from the most common attacks.  It includes:

• Securing identities that access services, including privileged users.
• Protecting devices that your users use to access services.
• Configuration of services to require use of the above when accessing data.

The updated Secure Configuration Blueprint guidance is the base upon which the other pieces of guidance are built. But how have we got to where we are today?

Securing user devices

It all started as a result of understanding that device trust was key to protecting the data stored locally and in datacentres.

In 2004, on the back of some high-profile worm viruses, SQL Slammer (January 2003) and Blaster (August 2003), Microsoft worked closely with Communications-Electronics Security Group (CESG), now a part of the NCSC. This joint effort developed a set of security controls to take advantage of the security improvements in SP2 for Windows XP, including Windows Firewall on by default, Software Restriction Policies, and Automatic Updates enabled by default.

The outcome of this work was known as the “Government Assurance Pack” or GAP for short. GAP was revised and updated for Vista and Windows 7 and added BitLocker device encryption and AppLocker when those features were released.

Moving forward to 2014, and CESG moved to a model that evaluated all end-user devices, PC and mobile, against a common set of principles, the End User Device Security Principles. Windows 8 (8.1), Windows 10 and Windows 11 have all had End User Device (EUD) security guidance developed with CESG initially and then the NCSC when that was formed in October 2016.

By following the latest guidance provided by NCSC, organisations (including Government departments) can be confident that the devices used by their users to access and handle data are secure against common attacks.

Figure 1. Timeline leading to the updated Secure Configuration Blueprint guidance.

Securing cloud services

The UK Government introduced a “Cloud First” policy in 2013 for all technology decisions with the NCSC, publishing 14 Cloud Security Principles (originally in December 2013) to support Government as it started to adopt cloud services.

Historically, the focus of the guidance was on securing devices but, with the UK Government adopting a Cloud First policy, data was no longer being stored in on-premises datacentres and networks. Instead, it would increasingly be stored in Public Cloud services like Microsoft 365.

To address this, Microsoft worked with the NCSC to produce guidance for Microsoft Azure in October 2017, and in July 2019 we released the initial version of Office 365 Blueprint and a supporting document detailing how Office 365 met the NCSC 14 Cloud Security Principles.

As a result, in parallel to releasing Office 365 guidance, we also worked with NCSC to produce the first MDM (Mobile Device Management) End User Device (EUD) guidance for cloud-managed Windows 10 EUDs using Microsoft Intune. This guidance formed the base for Microsoft’s first cloud-based Privileged Access Workstation (PAW), allowing organisations to manage their risk in Microsoft 365 management. Microsoft recommends using a PAW for administrative access and managed EUDs for standard user access, both using Entra ID to secure access to cloud services – please refer to Protect Microsoft 365 and Securing Privileged Access.

Once the foundational guidance was released, and on the back of the challenges that the COVID-19 pandemic brought to UK Government departments, we worked with NCSC and Government Security Group and released the first iteration of our BYOD guidance in June 2020.

The rest is history, as they say. Working with Central Digital & Data Office (CDDO) and NCSC, the Cross-Government Collaboration guidance was released in 2021 and updated in 2023, along with the release of the Purview Information Protection guidance.

With that, UK Government departments have at their disposal guidance for how to securely configure their Entra ID and Microsoft 365 tenant, classify and protect their data, and use it to securely collaborate with not only other government departments but also industry partners.

But remember, if you don’t pay attention to the film, the sequels might be confusing. So, ensure that you implement the guidance in the Secure Configuration Blueprint before looking to adopt the External Collaboration or External Collaboration guidance.

Find out more

Read the Secure Configuration Blueprint

Guidance on protecting government data using Microsoft Purview

About the author

James has spent his entire IT career of 27 years specialising in the security arena, the last 22 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Security Technical Specialist. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Microsoft 365, External Collaboration, Information Protection, and BYOD guidance produced for Cabinet Office and NCSC.

The post Updated Microsoft 365 security and compliance guidance for the UK public sector appeared first on Microsoft Industry Blogs - United Kingdom.

In this second of our four-blog series, we’ll see how prevention is truly the best defence. And as organisations continue to transition to the cloud, independent software vendors have been instrumental in building innovative cyber security solutions that appeal to customers in the fast-paced world of digital transformation.  

Darktrace, one of TIME magazine’s “Most Influential Companies” in 2021, is one such vendor. Currently protecting nearly 8,900 organisations around the world, including Royal Caribbean, City of Las Vegas, and McLaren, Darktrace works with companies of all sizes and in all verticals – from enterprises to governments, or small and medium businesses.  

Darktrace AI is designed to work with your security team across the entire attack lifecycle, providing clear analysis and context in ordinary language to drive understanding and efficiency. The solution integrates seamlessly with Microsoft Azure Sentinel and hosts its email service on Azure. Read on to discover how Darktrace’s AI-powered security products, available on the Microsoft marketplace, can help protect your organisation, building even greater confidence that your business, data and staff are safe.

On a mission to mitigate cyber-disruption  

As a global leader in cyber security AI, Darktrace is on a mission to tackle and minimise cyber-disruption. Breakthrough innovations in their Cambridge-based Cyber AI Research Centre have resulted in over 160 patents filed and research published to contribute to the cybersecurity community. That’s great news for stretched security teams, who are struggling with increasingly complex digital systems and an escalating threat landscape – from fending off ransomware attacks and data leaks, through to phishing and supply chain attacks.  

In fact, Darktrace research found that traditional email security tools, which rely on knowledge of past threats, take an average of 13 days from the launch of an attack to detection of it. (Source: Major Upgrade to Darktrace/Email™ Product Defends Organizations Against Evolving Cyber Threat Landscape.)

Darktrace has tackled the challenges of traditional cyber security efforts by turning the entire approach on its head. 

Responding to threats by knowing you

Rather than study attacks, Darktrace’s technology continuously learns and updates its knowledge of your business. Its distinction lies in the algorithms and data it uses, and how the two interact. Instead of training an AI on historical attacks – an approach that requires constant updating and maintenance – Darktrace takes their “Self-Learning AI” to your data. It’s plugged into your enterprise and learns in real time from everything that happens in your digital world – including email, cloud environments, manufacturing and operational systems, and physical locations.  

From this, the AI builds up a sense of “normal” for your organisation. This allows it to identify unusual patterns that indicate a cyber-threat – and then take targeted action to contain emerging attacks.  It then applies that understanding to optimise your unique state of cybersecurity.  

In effect, Darktrace is fuelling a continuous end-to-end security capability that can spot and respond to novel in-progress threats within seconds.  

In reality, that translates to increased threat detection accuracy and time savings – freeing you up to focus on what matters most: running your business. 

Bespoke solutions that build confidence 

According to Dan Fein, Director of Product at Darktrace, “Cyber-criminals will do whatever it takes. Daily, we see attackers impersonate CEOs or compromise vendors’ accounts to send out targeted, topical emails that look legitimate. Our security products align perfectly with Microsoft’s, allowing us to build even greater confidence among our mutual customers that their business, data and staff are protected.” 

What could that mean for your business? With Darktrace, you’ll be equipped to:  

• Detect and respond to cyber-attacks, including unknown and highly targeted attacks that evade traditional tools trained on historical attack data.   
• Stop phishing attacks with increasing accuracy, based on an understanding of “normal” user behaviour and communications.   
• Defend against threats across the entire digital enterprise – from cloud and email systems to networks, endpoints, and Operational Technology – with the same underlying AI technology.  
• Reduce triage and investigation time by automating tedious, repetitive tasks.   

Businesses are already seeing the benefits, with Darktrace customers reporting significant improvements in threat detection accuracy and time savings. One real estate enterprise reported a 95.83% reduction in time to identify potential threats. Another healthcare organisation reported a 90% reduction in triage time.  

Driving cognitive AI with Microsoft Security Copilot 

Helping to take cutting-edge cybersecurity to new levels, Darktrace is taking part in Microsoft’s Security Copilot Partner Private Preview.  

Security Copilot is Microsoft’s next-generation AI-powered security product that enables security professionals to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes. It combines an advanced large language model (LLM) with a security-specific model that’s informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals. 

Selected for their proven experience with Microsoft security technologies and their close relationship with Microsoft, Darktrace will give feedback on Security Copilot product development, helping to refine new scenarios and drive future product releases. 

Get added benefits of buying through the marketplace 

Trust, simplicity and efficiency all count for a lot. Buying from the Microsoft marketplace means all solutions are certified and optimised to run on Azure. You’re able to use private offers to get exactly what you need, including customised terms and conditions, negotiated pricing, prototypes for proof of concept, and tailor-made solutions. 

Better still, transact in a single, accessible place, reducing procurement complexity, saving time and simplifying billing. Apply eligible purchases to your organisation’s Azure cloud commitment by contributing 100% of the purchase off your Azure Marketplace invoice.  

All while enjoying the peace of mind that comes from buying and running solutions on a trusted cloud with industry-leading security.  

Start protecting the Darktrace way today  

See what Darktrace discovers in your environment. Visit the Microsoft marketplace to buy Darktrace/Email or DarktraceDetect now, or contact our team at ISVUK@Microsoft.com.  

Other blogs in this series

Blog 1: Driving your AI transformation with the Microsoft marketplace 

Blog 3: Optimising business operations through AI-powered solutions 

Blog 4: Deliver transformational employee experiences through AI-empowering solutions

About the author

James joined Microsoft 15 years ago and has held leadership positions across the Consumer, Enterprise, and the Partner teams at Microsoft. James is currently the ISV Ecosystem Lead and has a passion for people and technology coming together to drive customer success. James has been at the forefront of Cloud & Digital transformation for the last 10 years launching new business models and driving transformation through the Microsoft Partner ecosystem resulting in and contributing to exciting new revenue streams and significantly accelerated growth for Microsoft and Partners.

The post Safeguarding your business with AI-powered security solutions  appeared first on Microsoft Industry Blogs - United Kingdom.

The use of automated detection and response systems can help tip the scale in favour of defenders by using risk-based algorithms and anomalous activity detection to flag events that require human expertise to investigate further. This helps security analysts detect patterns and behaviours that are not obvious to the human eye, with more precision and speed than human defenders alone.

The background to “cognitive cyber”

As advances in dynamic and adaptive cyber defence systems become reality, what do organisations need to do to become ready for cognitive cyber, and what exactly is it?

Cognition refers to the mental processes involved in gaining knowledge and comprehension. Cognitive cyber attempts to simulate that process with the application of self-learning algorithms, natural language processing, and big-data mining techniques as applied to the cybersecurity domain. It uses cognitive system overlays to traditional artificial intelligence (AI)/machine learning (ML) models to achieve something greater than the sum of the parts. 

To recap:

• Classic/traditional AI and ML​ detects and classifies, and can work on vast amounts of data for use in real-time applications and automation of capabilities. ​Traditional AI is strong when it comes to looking at a large field of data and finding patterns or continuations (like making recommendations).
• Generative AI (GAI), often powered by generative pre-trained transformers (GPT), effectively understands and creates content. It works on relatively small chunks of data – text, images, sounds, videos. Large language models (LLMs) are a kind of GAI that work on text.​ LLMs are good at understanding language, summarising, and translating concepts, for example from language to code or vice-versa. ​

Clearly, linking these models makes for a much more powerful narrative. And, by using the compute power, scalability, and richness of the cloud, we can build entire systems of intelligence that can reason over vast amounts of information – structured and unstructured.​

Our name for this intelligence-based cognitive capability? Microsoft Copilots. These are experiences that use generative AI to help humans with complex cognitive tasks.

Introducing Microsoft Security Copilot

Built specifically to augment human security expertise, Microsoft Security Copilot is a combination of the most advanced GPT4 model from OpenAI, with a Microsoft expert-driven, security-specific LLM model.

Most LLMs are trained on corpuses of written human language. Security Copilot is trained on security logs, attack telemetry and threat intelligence, the outcome of which is the first AI/ML model trained specifically for security.

But the capability is much more than just the large language model. Built into the product are specific cyber skills and promptbooks informed by our global threat intelligence, which runs on Azure’s hyperscale infrastructure. This means that the models inherit Microsoft’s comprehensive approach to security, compliance, and privacy. When it comes to the data Copilot is reasoning across, your data remains your data.

Security Copilot democratises defender skills by allowing natural language for querying rather than having to learn complex querying languages like Kusto Query Language (KQL). This lowers the barrier to entry for new analysts, which helps address the cybersecurity skills shortage. We’ve launched an Early Access program for qualified candidates to explore the capabilities of Security Copilot. Reach out to your sales representative to get more details.

Use cases for Microsoft Security Copilot

Human ingenuity and expertise will always be an irreplaceable component of defence, so we need technology that can augment these unique capabilities to improve the analyst experience all-up. For this reason, initially we are focusing on security operations centre (SOC) use cases.

The three primary use cases are security posture management, incident response, and security reporting.​

• Security posture management: Security Copilot delivers information on anything that might expose an organisation to a known threat. It then gives prescriptive guidance on how to protect against those potential vulnerabilities.​ A query such as: ‘How can I improve my security posture?’ will return evidence-based recommendations.

• Incident response: Security Copilot can quickly surface an incident, enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Again, it will support the analyst through the response and remediation steps with guided recommendations.

• Security reporting: Security Copilot can deliver customisable reports that are ready to share and easy to consume to keep managers and other stakeholders in the loop. What this means tactically is you can ask Security Copilot in natural language: ‘Summarise this incident in a single PowerPoint slide’, and it will do just that.

Preparing for cognitive cyber defence: 3 steps

In the future, our vision with Security Copilot is to support use cases across security, identity, management, compliance and more, leveraging skillsets across Microsoft and third-party products. In the meantime, and whilst Security Copilot is not yet publicly available, there are things organisations can do to prepare for these cognitive cyber defence capabilities:

Step 1: Secure your identities, especially privileged identities, and SOC members. Attackers will frequently target these individuals to gain access to critical information and systems to elevate the impact of a successful compromise.

Step 2: The age of AI is also referred to as the age of platforms. Integrating your security signals into an observability platform brings huge security gains in terms of visibility and automation. 

Step 3: Initially, Security Copilot is integrated with Microsoft Defender for Endpoint, and for an even better experience, deploy Microsoft Sentinel and Intune. Going forward, Security Copilot will integrate with third-party products.  

Finally, prepare for the risks. As with any new technology, there are both risks and rewards. To help organisations navigate the risk/reward balance, we’ve released guidance, frameworks, and tooling. 

More information, including links to the risk assessment framework, the Counterfit tool and the Adversarial Threat Matrix (MITRE ATLAS) can be found in our Security blog post Best practices for AI security risk management. 

For information on our commitment to build trustworthy and responsible AI, please read Responsible and trusted AI and Building AI responsibly from research to practice.

Cognitive and AIML technologies are here to stay. While they have the power to bring immense potential for improving our defenders’ experience, securing our organisations, and protecting society, we must also be mindful of potential vulnerabilities on an equally large scale and defend against that risk.

Find out more

Introducing Microsoft Security Copilot

Microsoft Security Copilot Early Access Program

News Center: Microsoft brings the power of AI to cyberdefense

Microsoft Security Copilot: Empowering defenders at the speed of AI

About the author

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

The post Cyber defence in the age of AI appeared first on Microsoft Industry Blogs - United Kingdom.

For those looking for the full history behind the first release, please see the Cross Government Collaboration Blueprint – History Refresher content at bottom of this blog.

The story so far…

In June 2021, we partnered with the Central Digital and Data Office and the National Cyber Security Centre (NCSC) and set out to improve the collaboration experience for UK government organisations by creating a Cross-Government Collaboration Blueprint. The blueprint was created by focussing on key scenarios developed in consultation with several government organisations. It is designed to be used in conjunction with the other guidance we have published, which focuses on Secure Configuration, BYOD, and Information Protection (more on that later). Please be sure to check out those too, so you have the full ‘box set’.

Fast forward to today, we’ve given that ‘box set’ a new name that makes it clear how the guidance fits together, seen in this illustration:

We also updated the guidance based on real-world feedback and product evolution to include the following:

• Addition of Shared Channels guidance
• Updates that clarify Calendar Availability guidance
• Azure AD B2B updates
• Brand and naming updates to align with changes to Microsoft technology
• Teams 2.0 Release
• A statement in the Strategy regarding Google Federation

A notable recent development is the update to the Government Security Classification Policy (GSCP). Microsoft has partnered with Government Security Group, the Central Digital and Data Office and the National Cyber Security Centre (NCSC) to provide configuration guidance for those wishing to implement the OFFICIAL tier of the GSCP using Microsoft Purview Information Protection (MPIP), available as part of Microsoft 365. The guidance assists those wishing to classify and protect files, control who can access them, and allow greater control when sharing information between departments, partner organisations, and customers. You can read about the Microsoft 365 Guidance for UK Government: Information Protection in another blog post.

Download the documents

About the authors

James has spent his entire IT career of 25 years specialising in the security arena, the last 20 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Cyber Cloud Solutions Architect. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Office 365 and BYOD guidance produced for Cabinet Office and NCSC.

Steve is an experienced IT Professional with over 20 years’ experience, working with clients across the world in multiple industries to help them achieve their goals in digital transformation. Recently Steve has been aligned to public sector clients, leading them to get the most out of their investment in the Microsoft cloud.

Cross Government Collaboration Blueprint – history refresher

We started this work in 2021 by consulting a broad group of end users from across government, and we found that there was an inconsistent user experience when working with colleagues from other organisations due to differences in configuration. The guidance helps to address this, and it is important to keep up with the recent developments of Microsoft 365, which is why we have updated the guidance.

We determined that a baseline configuration for government organisations would enable a more consistent and secure approach to collaboration. The recommended configuration we’ve produced focuses on these key areas:

• Keeping control of documents and allowing real-time co-authoring by sharing links rather than sending documents as email attachments.
• Making it easier to arrange meetings by allowing people to share their calendar availability across government.
• Allowing people to work more effectively as a team by enabling instant messaging and other features of Microsoft Teams.

Crucially, we’ve recommended an open approach to collaboration by default, giving users the freedom to choose who they collaborate with. This is a move away from a more restrictive ‘allow list’ approach which can create barriers to collaboration.

Does this approach make it less secure? No. Here’s what the NCSC have said:

“By following the Secure Configuration Alignment and applying the cross-government collaboration guidance on top, it is the NCSC’s view that Microsoft 365 can be appropriately configured to protect an organisation’s data against the threat profile for the OFFICIAL classification when collaborating and sharing information between government departments. The NCSC expects that guidance related to collaboration and security is implemented in its entirety to avoid gaps and weaknesses leading to increased risk of a data breach.

“The NCSC believes that modern cross-organisation collaboration services that share access to information via its originating system will be more secure than traditional methods such as sending copies as email attachments to external organisations. By using modern collaboration practices, such as those described in this guidance, organisations have greater auditing and visibility of how their data is being handled and more options for owning who and where their information is handled.”

National Cyber Security Centre

The Blueprint is intended to be a baseline upon which individual organisations can build. For example, if an organisation identifies specific needs that aren’t met by the Blueprint, there is flexibility for them to go further and implement even tighter controls, while being mindful that this could impact on people’s collaboration experience.

Find out more

Visit the Microsoft for Government website

Guidance on protecting government data using Microsoft Purview

Explore Microsoft UK Industry blogs: Government

The post Microsoft 365 Guidance for UK Government: External Collaboration appeared first on Microsoft Industry Blogs - United Kingdom.

The guidance assists those wishing to classify and protect files, control who can access them, and allow greater control when sharing information between departments, partner organisations, and customers.

A spokesman from the Government Security Group said: ”The Government Security Classifications policy (GSCP) sets out the administrative system used by HM Government (HMG) and our partners to appropriately protect information and data assets against prevalent threat actors. The GSCP was updated in 2023.

“This gave us a significant opportunity in UK government to modernise and standardise how organisations apply technical controls in line with security classifications. Microsoft 365 is widely used across UK government, so we partnered directly with Microsoft to define a standard approach to applying sensitivity labels and data loss prevention features of Microsoft 365 in line with the GSCP.

“The resulting technical guidance provides a baseline from which organisations can select the most relevant elements and tailor them for their specific use cases. Our objective is that this will be an enabler for the GSCP and that it will also create a better user experience for civil servants and our partners.”

Building on the Government’s Secure Configuration Blueprint

This guidance builds upon the Microsoft 365 Guidance for UK Government: Secure Configuration Blueprint for the UK Public Sector, which outlines how to configure a Microsoft 365 tenant for use at OFFICIAL (which includes OFFICIAL-SENSITIVE), and sits alongside the Cross Government Collaboration guidance and the Bring Your Own Device guidance.

Figure 1. Relationship with other NCSC and Microsoft guidance.

The guidance draws on experience gained working right across UK government and the public sector industry and incorporates existing best practice that has previously been published by Microsoft.

We determined that a baseline configuration for government organisations would enable a more consistent and secure approach to configuring classification and protection policies by providing a starting point for technology and compliance professionals alike. The recommended configuration we’ve produced focuses on these key areas:

• Increasing visibility of where data is located to data governance teams.
• Providing protection that follows documents as they are accessed internally or when shared externally by assigning the relevant GSCP label.
• Providing visual labels that indicate how a document should be handled.
• Providing visual labels for Microsoft Teams and SharePoint to control whether external users are allowed access to content stored within them.
• Complementing the Cross Government Collaboration Blueprint to mark and protect documents as they are shared and co-authored between Government departments and partners.

Important note about this guidance

This guidance has been written as a starting point and organisations should consider how they may wish to supplement it with additional controls, as appropriate for the environment and risk appetite.

The blueprint guidance has been structured to follow a Microsoft-recommended three-phase approach for implementation: ‘Crawl, Walk, and Run’.

Figure 2. Microsoft’s recommended three-phase approach to implementation.

With the ‘Crawl, Walk, Run’ approach, changes can be introduced in phases across your organisation, focusing on small sets of users first and then expanding to broader audiences. This will allow you to deploy quickly whilst minimising disruption and help you establish a baseline of user behaviour before introducing tighter restrictions. It will also help you identify early potential conflicts or compatibility issues between different tools, so you can address them before they have further impact.

Using the visual indication provided with sensitivity labels is a small, but important benefit of the capability that sensitivity labels can provide. The guidance is based on an outcomes-based approach which aims to reduce the likelihood of accidental data loss or oversharing.

The guidance looks to provide ‘outcomes-based’ controls that use the features available in Microsoft Purview Information Protection to restrict access to content based on the label selected.  The sensitivity labels are broken down into two distinct areas: content labels and container labels.

Content labels

Content labelling applies the label directly to documents and emails. This stamps the data with label metadata, which is maintained wherever the data resides.

Figure 3. How content labelling relates to data, controls and policy.

Content labels are used to provide visual indicators for the scope where the document or email should be accessed.

Figure 4. Access areas that may be denoted by content labels.

Container labels

Container labels apply to a workload (e.g. SharePoint, Teams or M365 group) where content is stored.  The labels are used to define whether External Guest users are allowed to access the container and collaborate with internal member users.

Figure 5. Container labels define access permissions for External Guest users.

Container labelling applies the sensitivity label at the container. Container labels are named differently from the data labels as they serve a different function – namely to control access to the containers. These labels provide a visual representation of the Privacy level, Public or Private, and whether external guest users are allowed to be members of the Team or SharePoint site, Internal or External.

Find out more

Microsoft for critical infrastructure

Microsoft 365 Guidance for UK Government: External Collaboration

UK OFFICIAL and UK NHS Regulatory Compliance built-in initiative

About the author

James has spent his entire IT career of 27 years specialising in the security arena, the last 22 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Security Technical Specialist. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Microsoft 365, Cross Government Collaboration and BYOD guidance produced for Cabinet Office and NCSC.

The post Guidance on protecting government data using Microsoft Purview appeared first on Microsoft Industry Blogs - United Kingdom.

Hi everyone!

As I write this piece, I’m on a plane to Singapore. I’m super excited to have been selected to speak at Black Hat Asia, which – if you’re not familiar with it – is one of the biggest and well-known security conferences globally. I attend conferences and speak all the time, but if I’m honest, I’m a little bit nervous about this one!

We’ve had a couple of security events in quick succession in the past few months: Microsoft Secure and then RSA, so there have been plenty of exciting announcements to talk about in the security space. I’m not going to talk to you about Microsoft Security Copilot: not because I don’t think it’s an exciting product, but because it’s been hogging the limelight a bit (however, if you do want to find out more about it, watch our announcement here).

Have you heard about the product formerly known as Azure Security Center? It’s now called Defender for Cloud – the name changed about a year ago – and they have recently released their Defender for Cloud CSPM (Cloud Security Posture Management) module. In my humble opinion, CSPM capabilities are very underrated and everyone needs to be looking at getting this kind of capability into their environment.

Essentially, CSPM tools will automatically assess your environment and will tell you where you can better your security hygiene across your IaaS and PaaS services (e.g. turn on MFA, apply patches, close ports, etc.) and – if you want them to – remediate it automatically. Research shows that around 95% of security breaches would have been mitigated by good security hygiene practices, but as any IT Pro/sysadmin knows, it’s hard to do in real life. CSPM tools really help with this ongoing challenge of keeping on top of security hygiene.

Defender CSPM GA’d some new features that you may not have looked at before, such as a graph-based attack path which allows you to run queries to explore risk and surfaces contextual threat data to help prioritise remediation and uncover risk of sensitive data exposure and potential data breaches. We’ve expanded the posture management capabilities to be data-aware, to help prevent sensitive data exposure and to fix issues both in code and runtime.

In even better news, the Defender CSPM module free trial has been extended until August, so you have no excuse to not go and try it out! And before you ask: no, it’s not just for Azure environments. Defender CSPM can provide posture monitoring across Azure, AWS, GCP and on-premises environments so you can assess your whole environment. You can read more about Defender CSPM here.

I think I got too much into the CSPM capabilities this time, but security hygiene is so, so important and these tools make it much easier to implement and manage so I want to spread the good word of CSPM.

I wish you a fantastic May; don’t forget that security is everybody’s responsibility!

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• The Importance of Defender for Cloud
• We ALL need more security professionals

The post Improve your Security Hygiene with Cloud Security Posture Management (CSPM) appeared first on Microsoft Industry Blogs - United Kingdom.

The migration of on-premises workloads to the cloud has become an increasingly important aspect of digital transformation for organisations of all sizes. As businesses transition to cloud, they must ensure that their sensitive data and applications remain secure and protected from potential cyber threats. One of the key solutions that can help organisations achieve this is Microsoft Defender for Cloud.

Defender for Cloud is a comprehensive security management and threat protection service that helps organisations secure their on-premises workloads as they move to the cloud. Defender for Cloud is a crucial first step in securing on-premises workload migration to the cloud and it’s recommended that it be enabled on any workload that is migrated or created in Azure.

It also helps organisations maintain a strong security posture throughout the transition process, as the recommendations that Defender for Cloud provide ensures that deployments are made safely the first time. For those that are new to the cloud, Defender for Cloud over time can also be used as an education tool to bring organisations into the understanding of modern security practices, methods, and approaches.

The Role of Defender for Cloud in Securing On-Premises Workload Migration

Defender for Cloud provides a range of features and capabilities designed to help secure workloads as they’re migrated to the cloud. Some of the key functions of Defender for Cloud include:

Security Recommendations and Best Practices: Defender for Cloud helps identify and resolve potential security vulnerabilities in workloads by providing actionable security recommendations and best practices. This ensures that workloads are secure and compliant with industry standards before they are migrated to the cloud.

Continuous Security Monitoring: Defender for Cloud continuously monitors an organisation’s cloud and on-premises workloads, providing real-time visibility into their security posture. This allows for detecting and responding to potential threats quickly and effectively, minimising the risk of data breaches and other cyber-attacks.

Advanced Threat Protection: Defender for Cloud leverages advanced analytics and machine learning algorithms to identify and respond to sophisticated cyber threats. This helps detect and mitigate potential threats before they can cause significant damage to their cloud and on-premises workloads.

Secure DevOps Integration: Defender for Cloud integrates with popular DevOps tools, enabling organisations to incorporate security best practices into their development and deployment processes. This ensures that workloads are secure from the start and that security vulnerabilities are addressed throughout the migration process.

Benefits of Using Defender for Cloud in On-Premises Workload Migration

Utilising Defender for Cloud in the migration of on-premises workloads to the cloud offers several benefits, including:

Improved Security Posture: Defender for Cloud provides the necessary tools and insights needed to maintain a strong security posture throughout the migration process. By identifying and addressing potential vulnerabilities and threats, organisations can ensure that their workloads remain secure as they transition to the cloud.

Simplified Compliance: Defender for Cloud helps organisations meet regulatory compliance requirements by providing comprehensive reporting capabilities and enforcing security policies across cloud and on-premises workloads. This simplifies the process of demonstrating compliance and reduces the risk of non-compliance penalties.

Cost Savings: By leveraging Defender for Cloud’s advanced threat protection capabilities, risk of costly data breaches and cyber-attacks can be minimised. In addition, the integration of security best practices into DevOps processes can help save time and resources, ultimately reducing the overall cost of migration.

Greater Visibility and Control: Defender for Cloud offers greater visibility on cloud and on-premises workloads, providing necessary insights to make informed decisions about security. This enables organisations to maintain control over their workloads and ensure that they are protected from potential threats.

Defender for Cloud plays an essential role in securing on-premises workload migration to the cloud by providing the necessary tools and insights to maintain a strong security posture throughout the transition process. By leveraging Defender for Cloud, organisations can improve their security posture, simplify compliance, save costs, and maintain greater visibility and control over their workloads as they move to the cloud.

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Getting started with Azure Kubernetes Service
• Azure Orbital, and why you should skill up for the future

The post The Importance of Defender for Cloud appeared first on Microsoft Industry Blogs - United Kingdom.

Sophisticated cyberattacks are on the rise

According to the Microsoft Digital Defense Report 2022, over 100 million attacks against remote management devices were observed in May 2022, up 500 percent on the past year. Human-operated ransomware remains the most prevalent cybercrime, however. One-third of targets are successfully compromised by criminals using these attacks, and 5 percent of them are ransomed.

Old perimeter-guarding strategies are no match for these increasingly sophisticated threats. An organisation needs to embrace a modern, data-driven and people-centred approach to managing security risk. This can help to identify and tackle existing threats more effectively while learning to anticipate new ones.

What is a security culture?

An organisation’s security culture is built on shared values, attitudes and ways of acting. It’s therefore hard to change, and it takes time. Creating a culture of security needs colleagues to understand the potential costs of a security lapse. They must also understand how bad actors tend to operate, and why existing security strategies are no longer adequate.

In the current climate, digital communications and cloud data management provide multiple ways to access organisations that previously didn’t exist. Once inside your network, cybercriminals can move laterally, seeking out value.

Zero Trust relies on strong identity verification

Adopting strong identity verification is key to Microsoft’s Zero Trust approach. Real-time data provides information on the user, the device, and the location – which is crucial in a hybrid world of work. Connecting both cloud and legacy systems to a single identity solution provides end-to-end visibility of an organisation’s digital presence. This helps to protect against internal threats that old-fashioned firewalls would miss. Where there is doubt, a Zero Trust approach applies conditional access. Where there is risk, it is assumed a breach.

A security strategy that enhances overall performance

Adopting a Zero Trust approach brings immediate improvements to an existing security posture, and builds a path that continuously improves risk management. It simplifies security processes to enhance customer experience, and potentially lowers costs by eliminating the need for external security providers.

Adopting a best-in-class security strategy can also make an organisation more forward-focused and risk-responsive in general. Nurturing a security culture brings long term benefits to a company as a brand and to its overall effectiveness in the marketplace. Security is not just a cost; it drives trust and therefore adds value.

Security culture starts small and collaboratively

When implementing a new security protocol, take a step-by-step approach beginning with a small, controlled group and a security risk that qualifies as low-hanging fruit. Once new protocols have been validated, and teams have given feedback, it can be expanded to another part of the business, such as identities, infrastructure, devices, data, networks or apps.

As for implementing organisation-wide security culture change, this will benefit from full and visible support from your senior leadership team. Aim to implement your new strategy collaboratively, and through a phased programme of activities. Taking a creative approach to security skilling and education helps stimulate staff engagement. Microsoft for example produces a successful video series that follows the security-themed adventures of its protagonist, Nelson, which gets promoted internally.

Understand and work with colleagues who may express resistance to change. While moving to new day-to-day practices – for example, new ways of working with different classes of data – openness and empathy will be crucial in empowering all teams to own, understand and learn from their inevitable mistakes.

Data-driven monitoring spots emerging risks

In time, your security strategy can become more sophisticated. AI can be deployed to detect abnormal behaviour and protect your organisation’s most sensitive information from accidental exfiltration as well as bad actors. Microsoft Azure, Azure Sentinel and Microsoft 365 apps can document your compliance with regulations, monitor access, and apply data analytics to predict where the next security risk might emerge.  Data metrics can guide security strategy on the principle of maximising costs to the attacker and prioritising your most valuable data. Many of Microsoft’s UK customers and partners have benefited from this security-first approach.

LGL money managers find security on the cloud

LGL Group are a financial services company who were frustrated by the cost and complexity of enterprise-grade cybersecurity. Microsoft worked collaboratively with LGL to design a roadmap that modernised their security controls, enhanced their security posture and reduced their reliance on third-party application subscriptions, driving down costs. By migrating to the latest Microsoft 365 and Azure security stack, LGL also benefited from a more streamlined and simplified hybrid security system.

Meanwhile Microsoft continues to work with schools and colleges to close the cybersecurity skills gap, with targeted investments here in the UK. Salford City Council leveraged the skills and resources of the Microsoft Enterprise Skills Initiative to develop a cyber strategy and a security operations centre using Microsoft Sentinel. It now aims to share its best-in-class skills with other public sector organisations to proactively monitor, detect and respond across Greater Manchester.

Zero Trust is a journey

Zero Trust is a journey, not a destination. Visit the security hub at Microsoft Business Security Solutions and discover how Microsoft can help you implement an identity environment with cloud identity federation, strong authentication and conditional access at its core.

Find out more

Microsoft security blogs

Strong identity management provides Zero Trust security

Microsoft Sentinel strengthens Salford Council’s cybersecurity

The post What is a ‘security culture’? Best practices for implementing your security strategy appeared first on Microsoft Industry Blogs - United Kingdom.

Security is critical to a company’s operations, as it protects its assets and data from cyber threats. However, the security labour shortage is a growing concern, as there needs to be more qualified professionals to fill the increasing demand for security roles.

Like many other companies, Microsoft faces challenges in finding and retaining qualified security professionals. The company has implemented various initiatives to address this issue, such as offering training and certification programs and partnering with educational institutions to develop a pipeline of qualified security professionals.

One of the key initiatives that Microsoft has implemented is the Microsoft Security Operations Analyst (SC-200) certification program. This program provides individuals with the skills and knowledge to become a security operations analyst and helps them to understand the various security tools and technologies used by Microsoft.

• Exam SC-200: Microsoft Security Operations Analyst
• SC-200: Mitigate threats using Microsoft 365 Defender
• SC-200: Mitigate threats using Microsoft Defender for Endpoint
• SC-200: Mitigate threats using Microsoft Defender for Cloud
• SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
• SC-200: Configure your Microsoft Sentinel environment

Another key initiative is the Microsoft Security Operations Center (SOC) Academy, which offers training and certification programs for security professionals. The SOC Academy provides a range of courses, from entry-level to advanced, to help security professionals develop the skills and knowledge they need to succeed in the industry.

In addition to offering training and certification programs, Microsoft has partnered with educational institutions to develop a pipeline of qualified security professionals. For example, the company has partnered with the National Cyber Security Alliance (NCSA) to create a cybersecurity curriculum for high schools and colleges. This partnership aims to educate students about the importance of cybersecurity and provide them with the skills and knowledge to pursue a career in the field.

Microsoft has also implemented several technologies and solutions to help address the security labour shortage. For example, the company has developed Microsoft Sentinel, a cloud-native security information and event management (SIEM) solution that provides real-time visibility into security threats and enables security professionals to respond quickly and effectively to incidents.

In conclusion, the security labour shortage is a growing concern for all of us. We implemented various initiatives to address this issue, such as offering training and certification programs, partnering with educational institutions, and implementing retention strategies. YOU are the solution. Get trained and get certified – the industry needs you.

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Career Pivot: Endpoint Management to Security
• New Azure features and functionality for January​ 2023

The post We ALL need more security professionals appeared first on Microsoft Industry Blogs - United Kingdom.