Patch me if you can: Cyberattack Series
The Microsoft Incident Response team takes swift action to help contain a ransomware attack and regain positive administrative control of the customer environment.
Among the most common and powerful attack vectors we have seen are those that exploit the daily tradeoff users make between security and productivity. Often, this can be as simple as a document hiding an exploit or a malicious link.
As an industry, we’re used to thinking of security and productivity in tension with each other. Security teams focus on blocking capabilities and reducing access to limit risk; users create workarounds or ignore policies to get their jobs done. Organizations may respond to increasing security threats by layering multiple security point solutions on top of each other, often increasing the complexity security teams manage while encouraging users to look for even more workarounds.
We don’t think this has to be the case.
Today, we‘re announcing two new Microsoft 365 capabilities that will help organizations stay both secure and productive at the same time. The power of these capabilities comes from the seamless integration between Windows 10, Office 365 ProPlus, and Microsoft Defender Advanced Threat Protection (ATP). We previously gave a “sneak peak” at Ignite and are excited to share publicly now.
Safe Documents is now available in public preview, rolling out over the next few days
With Safe Documents, we’re bringing the power of the Intelligent Security Graph down to the desktop to verify that documents are safe at the endpoint itself.
Although Protected View helps secure documents originating outside the organization, too often users would exit this sandbox without great consideration and leave their networks vulnerable. Bringing a minimal trust approach to the Office 365 ProPlus clients, Safe Documents automatically checks the document against known risks and threat profiles before allowing to open. Users are not asked to decide on their own whether a document can be trusted; they can simply focus on the work to be done. This seamless connection between the desktop and the cloud both simplifies the user workflow and helps to keep the network more secure.
Application Guard integration with Office 365 ProPlus is significantly expanding its private preview
With Application Guard, we created a micro-VM based on the same technology that powers the Azure cloud and brought it down to the desktop. We first introduced Application Guard in Edge, bringing hardware-level containerization to the browser.
Now integrated with Office 365 ProPlus, Application Guard provides an upgrade to Protected View that helps desktop users to stay safer and more productive with container-based isolation for Office applications. Application Guard’s enforcement—with a new instance of Windows 10 and separate copy of the kernel—completely blocks access to memory, local storage, installed applications, corporate network endpoints, or any other resources of interest to the attacker.
That means Office users will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. Users can stay productive—make edits, print, and save changes—all while protected with hardware-level security. If the untrusted file is malicious, the attack is contained while user data and identity remains untouched. When a user wants to trust a document to save on the network or start collaborating in real-time, Safe Documents will first check to help ensure the document is safe.
Moreover, both Safe Documents and Application Guard connect to the Microsoft Security Center, providing admins with advanced visibility and response capabilities including alerts, logs, confirmation the attack was contained, and the ability to see and act on similar threats across the enterprise.
With these new capabilities, we brought together some of the best of Windows 10, Office 365 ProPlus, and Microsoft Defender ATP to help organizations stay both secure and productive. This integration also means that organizations can deploy these features with the change of a setting and manage with existing tools. And with every malicious attack contained, the entire Intelligent Security Graph becomes stronger, benefiting everyone.
Both Safe Documents and Application Guard will be available to customers with Microsoft 365 E5 and E5 Security. We encourage customers to start testing Safe Documents in their environment as it comes available (initially available for tenants in the U.S., U.K., and European Union), and to learn more about Safe Documents and Application Guard.