Microsoft Defender for Cloud, the integrated CNAPP from Microsoft, delivers comprehensive security and compliance from code to runtime, enhanced by generative AI and threat intelligence to help you secure your hybrid and multicloud environments. With Defender for Cloud, organizations can support secure development, minimize risks with contextual posture management, and protect workloads and applications from modern threats in a unified security operations (SecOps) experience.  

Defender for Cloud not only transcends traditional security silos and extends its end-to-end security across multicloud and hybrid infrastructure, it delivers advanced security posture management and threat remediation capabilities as well. In order to prove the solution’s business benefits, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. The study aims to provide business leaders and decision-makers with a solid framework with which they can evaluate the benefits and potential financial impact of Defender for Cloud on their organizations.

Through the course of the study, participating interviewees reported experiencing a wide variety of benefits related to Defender for Cloud, including reduced operational risk, a compressed, more secure development lifecycle, and reduced time to investigate and remediate threats faster.

All told, the study found that the benefits of Defender for Cloud add up to a significant net present value (NPV) of $4.25 million over three years. But that’s not the whole story. Here are some other key takeaways mentioned by Forrester’s interviewees.

1. Shorter threat investigation and remediation times

“[Defender for Cloud] just takes out the weird stuff happening on our network that ends up on the cybersecurity desk. We’ve already probably cut back about 60% of the workload, and a lot of that revolves around false positives, so I can get better data. The systems assess the data properly…I’m not even going to give it to the analyst. I’m going to auto-close.”

—Chief technology officer, Life Sciences

Defender for Cloud was found to register 50% fewer false positives than legacy security solutions. Simultaneously, the solution reduced the investigation and remediation times of legitimate threats by 30%. Due to these dramatic improvements, study participants avoided 36,000 investigation and remediation hours on average. By reallocating the corresponding $796,000 of SecOps labor to proactive threat hunting and other high-value activities, companies were able to further improve their security performance.

2. Improved security operations center (SOC) productivity

“[With Defender for Cloud], if the tools are configured properly, the [global] efficiencies in your SOC can probably be up to 30% for a fine-tuned environment.”

—Technical manager, Business-to-business Software

By broadening the number and types of workloads protected by Defender for Cloud, participating businesses saw an average 30% improvement in SecOps productivity. This boost was a combination of consolidating duplicative multicloud security policies, replacing patching processes and other similar time-consuming procedures with automation, and embracing the efficiency gains of a better-integrated Microsoft ecosystem. In financial terms, these productivity gains translate to a $5.6 million savings over three years.

3. Lower total cost of ownership

“[Without Defender for Cloud], it would be so much more complex. It would cost us double to maintain [our multicloud security stack].”

—Cyberdefense leader, Materials

Interviewees reported that Defender for Cloud reduced their licensing costs by 10% when compared to legacy security solutions. This savings is the result of eliminating the licensing and management costs associated with five legacy security solutions over three years—made possible because of the breadth of workloads protected by Defender for Cloud. Interviewees also reported 1,700-hour reduction in security stack administrative work thanks to their ability to consolidate workloads across their multicloud infrastructures. These adjustments together yielded more than $1 million in cost savings.

4. More comprehensive cyberthreat coverage and prioritization

“Microsoft is capturing 10% of real incidents [not caught by other solutions deployed], reducing our attack surface by 10%.“

—Chief information security officer (CISO), Technology

Defender for Cloud caught 10% more legitimate cyberthreats than the prior security environments study participants had been using, on average. Each of these threats required a response and would have been missed. Interviewees defined the incidents they had previously lacked the capacity to address a mix of increasingly complex and overlapping cyberthreats that included but were not limited to runtime container risk, overprovisioning container privileges, malware, phishing and social engineering efforts, and shadow IT. Not only did Defender for Cloud identify these incidents, it provided greater context surrounding them, improving threat prioritization and avoiding $292,000 in costs related to data breaches.

5. Lower compliance costs

“[Defender for Cloud] is capable of saving up to 5% of [my organization’s] engineering overhead around [audit and compliance] meetings and collaboration.”  

—CISO, Technology

With Defender for Cloud, participating organizations decreased their compliance-related costs. Auditing fees were avoided and compliance-related meeting schedules were streamlined, reducing reliance on outside auditing services. Over three years, the average savings related to these process improvements was $857,000, a 15% reduction in audit compliance overhead.

The advantages of Microsoft Defender for Cloud

Overall, the Forrester study found that Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating in the TEI study. Through representative interviews and financial analysis, Forrester determined that a composite organization experiencing the aggregate benefits of the study’s participants received $8.52 million in financial benefits over three years. In balancing these benefits against $4.27 million in costs over the same period, Forrester determined that Defender for Cloud represents a net present value (NPV) of $4.25 million.

Interviewees participating in the study went beyond the financial benefits in their praise of Defender for Cloud. After adopting the solution, participants saw reduced risk and improvements to both their security and compliance postures at scale. Even as regulatory and compliance landscapes shifted beneath their feet, these organizations were better able to use the added context of Microsoft cloud security benchmarks to stay on solid ground—remaining compliant when others might not have.

Additionally, interviewees noted that Defender for Cloud helped them more securely collaborate with their technology partners and to establish more secure, more efficient software development pipelines. These benefits, interviewees emphasized, would have further benefits down the road as well, including reduced development times, improved time-to-value, and ultimately greater potential for business growth.

Learn more

To learn more about the business value of Microsoft Defender for Cloud, explore the Total Economic Impact™ Of Microsoft Defender for Cloud study for further analysis and findings, as well as the perspectives of Defender for Cloud users interviewed in the study. Also, register for the webinar featuring Forrester on top cloud security trends, key considerations, and quantifying the business value of CNAPP.

Learn more about Microsoft Cloud Security Solutions.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.

This is why a proactive and integrated Zero Trust approach is needed more than ever. A Zero Trust approach considers all activity as suspect, and relies on three foundational principles: verify explicitly, ensure least privilege access, and assume breach. It’s especially effective when an end-to-end security approach is applied to Zero Trust, protecting identities, endpoints, apps, infrastructure, networks, and data consistently across the entire organization’s environment. To learn more about how our new capabilities in identity and network access and security operations make it easier to implement Zero Trust across your entire environment, register for “Zero Trust in the Age of AI” and bring your questions to the livestream at 10:00 AM PT on July 31, 2024.

Microsoft is committed to security above all else² and dedicated to the principles of Zero Trust. We’ll continue to innovate new capabilities for our end-to-end security that combine effectively with these solid principles. We’ll explore the value of these new capabilities at our “Zero Trust in the Age of AI” spotlight at 10:00 AM PT on July 31, 2024. Led by Corporate Vice President of Microsoft Security Vasu Jakkal, the online event will include:

• A keynote exploring why an end-to-end approach centered around a Zero Trust strategy is crucial in addressing future security challenges.
• A demo of the latest product innovations, walking you through how a strong Zero Trust strategy can thwart a breach attempt at machine speed with Microsoft’s unified security operations platform, and how the new Microsoft Entra Suite helps protect every access point to any resource, from anywhere.
• A panel discussion with Gary McLellan, Head of Engineering Frameworks and Core Mobile Apps at Virgin Money, and Carlos Rivera, Senior Analyst at Forrester, on practical ways to take your Zero Trust strategy to the next level.    

Zero Trust in the age of AI

Watch our on-demand webinar to learn how to simplify your Zero Trust strategy with the latest end-to-end security innovations.

Watch the webinar

Simplifying Zero Trust implementation

With the recent general availability of the Microsoft Entra Suite and the Microsoft unified security operations platform, Microsoft is reaffirming our commitment to Zero Trust. We believe Forrester has acknowledged this commitment by naming Microsoft as a leader in the 2023 Zero Trust Platform Providers Wave™, recognizing our advocacy of Zero Trust in our products and supporting services as well as giving us the highest scores possible in the innovation and vision criteria.

The Microsoft Entra Suite is the industry’s most comprehensive Zero Trust user access solution for the workforce while our unified security operations platform offers unified threat protection and posture management. This combination of products simplifies the implementation of Zero Trust architecture.

For a technical deep dive on the new Microsoft Entra Suite, join us on August 14, 2024, for the Microsoft Entra Suite Tech Accelerator, part of an ongoing virtual program aimed at expanding attendees’ technical knowledge of Microsoft products and connect them with industry peers.

We’re looking forward to seeing you at the “Zero Trust in the Age of AI” spotlight at 10 AM PT on July 31, 2024! Register today!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cybercrime Expected To Skyrocket in Coming Years, Statista. February 22, 2024.

²Expanding Microsoft’s Secure Future Initiative (SFI), Charlie Bell. May 3, 2024.

The post Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture appeared first on Microsoft Security Blog.

For defenders who are working hard to manage threats across multiple clouds, platforms, and devices, research and investigation is a time-consuming and difficult challenge. Thankfully, we’ve recently launched two new security solutions designed to give you a comprehensive view of the security threats to your business—and track what’s changing day-to-day.

I’m really excited about these new products and invite you to learn more about them at our next digital event—Stop Ransomware with Microsoft Security—on September 15, 2022.

See the latest threat intelligence solutions in action

We have a lot to look forward to at this event. Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity, and Privacy Business, will join other security experts to discuss how to get ahead of ransomware and proactively prepare for even the most sophisticated attacks.

But this event goes beyond strategies and thought leadership—you’ll also get an exciting, in-depth look at two innovative new security products:

• Microsoft Defender Threat Intelligence
• Microsoft Defender External Attack Surface Management

These new security solutions work together to help you understand both your adversaries and your own security environment. With more visibility into your infrastructure and better insights into breaches and potential threats, you’ll be able to prioritize the right response tactics and keep pace with an ever-changing threat environment.

Register for the Stop Ransomware with Microsoft Security digital event to learn more.

Stay ahead of adversaries

Let’s start with Microsoft Defender Threat Intelligence. This solution works by analyzing signals from across the internet, then enriching this data with powerful machine learning algorithms to extract insights relevant to your organization.

When you attend this free digital event, you’ll learn exactly how to use this new solution to dive deep into a breach and really understand the nature of the attack and the assets affected.

Elevate your security posture

While Microsoft Defender Threat Intelligence can help you understand the threat landscape, Microsoft Defender External Attack Surface Management gives you greater knowledge of your attack surface.

With the help of this tool, you can build a more complete understanding of your security posture and locate unknown, unmanaged resources that are visible from the internet—the same view an attacker has when selecting a target. 

Throughout the Stop Ransomware with Microsoft Security digital event, we’ll be demonstrating both Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management. Join us to learn how you can bolster your security strategy by integrating both products into your own security operation center—or connect with cybersecurity professionals during a live question and answer chat if you have questions.

Learn from the experts firsthand

We crafted every session in the Stop Ransomware with Microsoft Security digital event to empower you with the tools and insights you need to make the most of threat intelligence. Join your fellow cybersecurity professionals in the following sessions:

• Ransomware, threat intelligence, and the state of security: Join Vasu Jakkal and Charlie Bell as they discuss the Microsoft approach to security, including what analysts are seeing in the threat landscape and how threat intelligence can help organizations prepare for the worst.
• Unmask adversaries with Microsoft Defender Threat Intelligence: Threat intelligence is the foundation of effective cybersecurity. As threats like ransomware increase in sophistication, it becomes even more critical to understand adversaries and their infrastructure. Learn how threat intelligence can enhance incident response and give your business the insights you need to stay ahead of threats.
• Locate and secure your external attack surface: The external attack surface is constantly changing, and unknown, unsecured resources may fall outside your security coverage. Learn how to view your organization from the outside in—the same way an attacker does—and not only locate unmanaged assets but also protect them.
• Threat intelligence is the cornerstone of solid security: Explore common use cases for threat intelligence and discover real-world applications to learn how you can enhance your existing security solutions and stop ransomware in its tracks.

Don’t just react to threats. Get ahead of them.

Join the Stop Ransomware with Microsoft Security digital event to learn how to safeguard your organization from today’s attacks—and be ready for tomorrow’s.

At this digital event, you’ll:

• Hear key insights from Microsoft’s leadership, including a fireside conversation between Charlie Bell, Executive Vice President of Microsoft Security, and Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, Identity, and Privacy Business.
• Learn about two new security solutions: Microsoft Defender Threat Intelligence and Microsoft Defender External Attack Surface Management.
• See threat intelligence from Microsoft Security in action and learn how to use it to prevent and remove even the most sophisticated ransomware.
• Get your questions answered by threat protection experts during a live question and answer chat.

Secure everything. Limit nothing. Be fearless.

Register now.

Stop Ransomware with Microsoft Security
September 15, 2022
9:00 AM-10:30 AM PT

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Stop Ransomware with Microsoft Security digital event presents threat intelligence in action appeared first on Microsoft Security Blog.

RaaS is often an arrangement between an operator, who develops and maintains the malware and attack infrastructure necessary to power extortion operations, and “affiliates” who sign on to deploy the ransomware payload against targets. Affiliates purchase initial access from brokers or hit lists of vulnerable organizations, such as those with exposed credentials or already having malware footholds on their networks. Cybercriminals then use these footholds as a launchpad to deploy a ransomware payload against targets.

The impact of RaaS dramatically lowers the barrier to entry for attackers, obfuscating those behind initial access brokering, infrastructure, and ransoming. Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks.

The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage. Once it’s widely known among cybercriminals that access to your network is for sale, RaaS threat actors can create a commoditized attack chain, allowing themselves and others to profit from your vulnerabilities.

While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.

Businesses are experiencing an increase in both the volume and sophistication of cyberattacks. The Federal Bureau of Investigation’s 2021 Internet Crime Report found that the cost of cybercrime in the United States totaled more than USD6.9 billion.¹ The European Union Agency for Cybersecurity (ENISA) reports that between May 2021 and June 2022, about 10 terabytes of data were stolen each month by ransomware threat actors, with 58.2 percent of stolen files including employees’ personal data.²

It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport. You can explore the latest cybersecurity insights and updates at our threat intelligence hub Security Insider. 

With a broad view of the threat landscape—informed by 43 trillion threat signals analyzed daily, combined with the human intelligence of our more than 8,500 experts—threat hunters, forensics investigators, malware engineers, and researchers, we see first-hand what organizations are facing and we’re committed to helping you put that information into action to pre-empt and disrupt extortion threats.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Internet Crime Report, Federal Bureau of Investigation. 2021.

²Ransomware: Publicly Reported Incidents are only the tip of the iceberg, European Union Agency for Cybersecurity. July 29, 2022.

The post Cyber Signals: Defend against the new ransomware landscape appeared first on Microsoft Security Blog.

In Q1 2022, Microsoft participated in an evaluation of email security solutions, carried out by SE labs—a testing lab focused on assessing the efficacy of security solutions. In their latest Enterprise Email Security Services test, they evaluated email security vendors against a range of real-world email attack scenarios.

Today we are excited to share that Microsoft received an AAA Protection Award for Microsoft Defender for Office 365, the highest possible award that vendors can achieve in this test.

Microsoft Defender for Office 365 helps organizations protect against advanced threats including phishing and business email compromise. It provides a wide range of email protection capabilities including protection from impersonation, spoofing, as well as holistic attack campaign views, using machine learning and other heuristics to identify phishing attacks across the entire organization.

Another core component of Microsoft Defender for Office 365 is user training. Even at Microsoft, we continuously run exercises to educate our employees and senior leaders to raise their awareness to real-life phishing attacks, using the attack simulation training capabilities in Microsoft Defender for Office 365.

In the SE labs report, Microsoft received a total score of 89 percent based on the evaluation of two key criteria:

• 97 percent of emails that contained threats were blocked
• 73 percent of legitimate email was correctly identified

The near-perfect score on containing threats demonstrates the industry-leading email security protection we provide and the effectiveness by which Microsoft Defender for Office 365 can protect customers from business email compromise. At the same time, the slightly lower score around legitimate email is due to the strong focus on executive accounts in the test, for which Microsoft configured an enhanced level of protection based on insights and best practices for how organizations actually use the service. This resulted in more blocked mail, but that we believe is appropriately cautious.

The Microsoft Defender for Office 365 engine is always learning from email traffic in the environment and adjusting as a result, but the highly configurable nature of Exchange Online also allows customers to tailor their experience. While in this test, we tailored the controls to the highest level of available protections, admins have a wide range of options to customize the delivery sensitivity and their preferred level of tolerance for potentially unwanted email.

The SE labs report validates that Microsoft Defender for Office 365, part of Microsoft Defender 365, is a leading choice for email protection, used by corporations worldwide. To learn more about how some customers are using Microsoft Defender for Office 365 today, read this customer story from St. Luke’s.

Microsoft continues to invest heavily to protect organizations from phishing and business email compromise with the backing of hundreds of researchers, engineers, and threat intelligence insights from billions of pieces of mail that Microsoft processes every single day and directly inform our machine learning engines.

Trust Microsoft’s XDR solution for protection against threats across Office 365 and more 

Microsoft Defender for Office 365 provides comprehensive coverage, both through the lifecycle of an attack and across email and collaboration tools like email, SharePoint, OneDrive, and Microsoft Teams.

These capabilities are part of Microsoft’s extended detection and response (XDR) solution Microsoft 365 Defender, which helps organizations secure their users with integrated threat protection, detection, and response across endpoints, email, identities, applications, and data.

To take advantage of our industry-leading protection in your environment, get started today!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Internet Crime Report 2020, Federal Bureau of Investigation. 2020.

The post Microsoft Defender for Office 365 receives highest award in SE Labs Enterprise Email Security Services test appeared first on Microsoft Security Blog.

The acceleration of cloud journeys fueled by the pandemic and ever-increasing concerns about data security and information privacy have made access management one of the hottest topics in application security and Zero Trust architecture discussions. Over the last several years, the industry has made tremendous progress on identity and access management, and Microsoft Azure Active Directory (Azure AD), with its focus on Zero Trust comprehensive cloud-based identity services, is a perfect example of this.

Achieving a secure environment is top of mind for both public and private sector organizations, with research firm markets anticipating the global Zero Trust security market will grow from USD19.6 billion in 2020 to USD51.6 billion by 2026. The United States government has mandated a federal Zero Trust architecture strategy, while businesses of every size are working to implement modern identity and access management solutions that support single sign-on (SSO), multifactor authentication, and many other key features, including adaptive and context-aware policies, governance intelligence, and automation.¹

To achieve Zero Trust for applications and services, we must ensure people are who they say they are and that only the right people have access to sensitive information. This is the only way to comply with evolving data privacy regulations such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Consequently, companies must create a comprehensive, manageable way to authenticate and authorize every attempt to access data—based on a least-privileged access principle—while still providing users with the secure self-service access they need.

Datawiza, a cloud-delivered, no-code platform for easily implementing both authentication and authorization for all types of applications and APIs, works with Azure AD to help IT accelerate this key area of the journey to Zero Trust and get the most value from their hybrid multicloud environments.

As an access management as a service (AMaaS) platform, Datawiza dramatically reduces the time and engineering costs required to integrate applications with Azure AD, eliminating months of development effort thanks to its no-code approach. Developers don’t have to learn complex modern SSO protocols like OpenID Connect (OIDC), OAuth, and Security Assertions Markup Language (SAML), or use different software development kits (such as .NET, Java, and PHP) to write integration code for each application.

Leveraging Datawiza with Azure AD supports comprehensive SSO and multifactor authentication across applications, with fine-grained access controls. The application types can include:

• Homegrown applications that are written in different programming languages such as Java, PHP, and Python. These applications can reside in multicloud environments or on-premises.
• Legacy applications, such as those from Oracle, that were never designed for the cloud and may still rely on a legacy identity solution, such as Symantec SiteMinder, on-premises Lightweight Directory Access Protocol (LDAP), or custom-built basic authentication. In fact, Datawiza can empower companies to retire their legacy identity solutions.
• Business-to-business (B2B) multi-tenant applications available to customers using Azure AD, as well as other identity platforms.
• Open-source tools that would otherwise require expensive enterprise license fees from the vendor to use the SSO feature to connect with Azure AD.

Options for integrating homegrown and legacy applications with Azure AD

Integrating homegrown or legacy applications with Azure AD is imperative. Not doing so leads to critical security gaps. It also causes frustration for users who need to sign into multiple applications, as well as administrators who must constantly update user profiles in multiple locations.

Integrating these applications with Azure AD requires coding and security expertise. And whether you use your developer resources or legacy on-premises gateways, as we hear from our customers, it usually takes more time and resources than anticipated—distracting development and DevOps teams from their strategic tasks. If your organization relies on a hybrid multicloud environment, the challenges are even greater. You may also consider using a free open-source software proxy, such as OAuth2-proxy, but this is still time-consuming, providing little benefit compared to the do-it-yourself approach. Further, with each of these approaches, all the effort that goes into integrating a single application must be repeated for each additional application.

How the Datawiza No-Code platform works

The Datawiza No-Code platform offers a new approach, providing authentication and authorization as a service, so it can be implemented quickly, without the need to deploy any hardware or heavyweight enterprise software, or having to rewrite applications or write new code. Datawiza uses a lightweight, cloud-delivered proxy for connecting any application and service to Azure AD, and it can also integrate across other public and private clouds.

Integrating each application takes only minutes, so the more applications you need to integrate, the more time you save—all with a single Datawiza license. And with security expertise built-in, the Datawiza AMaaS platform eliminates the need to hire an expensive new resource or consultant, while also facilitating improved governance by providing policy-defined, URL-level access controls based on detailed user and device attributes, such as group, role, IP, or browser.

How Datawiza and Azure AD work together

1. When a user attempts to log into any application, Datawiza intercepts the access request and authenticates it using a built-in connection to Azure AD through OIDC or SAML protocols. 
2. The user signs in through the Azure AD login page, and the OIDC or SAML message exchanges with Azure AD and Datawiza are automatically completed on behalf of the application. 
3. Datawiza authorizes the request based on the fine-grained access policies configured in the management console and user attributes from Azure AD. 
4. Datawiza then sends the correct credentials to the application, which uses the fine-grained access policies configured in the management console to display only the appropriate information.
5. An IT administrator configures the platform, applications, and access policies using the Datawiza management console, instead of having to deal with the configuration files scattered in hybrid multicloud environments. 

Datawiza, the no-code path to Zero Trust access management

The Datawiza No-Code platform can accelerate your Azure AD journey to Zero Trust for your applications and APIs by eliminating the need for developers to extend controls to support Zero Trust requirements such as SSO and multifactor authentication. Datawiza authenticates and authorizes every employee, customer, contractor, or partner each time they access an application or API—with fine-grained access controls—and supports every type of application in hybrid multicloud environments. With Datawiza, policy administrators can leverage “change once, propagate everywhere” to keep policies, roles, and permissions updated and synced across hundreds or thousands of datasets. And Datawiza maintains the relationships between applications and Azure AD as the applications are updated, future-proofing your environment.

Learn more

Learn more about Microsoft identity and access management.

The Datawiza Platform is available in the Microsoft Azure Marketplace. More information and a free trial are also available on the Datawiza website.

To learn more about MISA, visit our MISA website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹ Why companies are moving to a ‘zero trust’ model of cyber security, Bob Violino. March 3, 2022.

The post Easy authentication and authorization in Azure Active Directory with No-Code Datawiza appeared first on Microsoft Security Blog.

To better understand the challenges customers are facing, Microsoft partnered with the Ponemon Institute to produce empirical data to help us better understand the state of IoT and OT security from a customer’s perspective. With this data, we hope to better target our cybersecurity investments and to improve the efficacy within Microsoft Defender for IoT, and our other IoT-related products. Ponemon conducted the research by surveying 615 IT, IT security, and OT security practitioners across the United States.

To get an overview of the key findings from the 2021 The State of IoT and OT Cybersecurity in the Enterprise, download the full report.

IoT adoption is critical despite significant security challenges

The research showed that a large majority of respondents believe that IoT and OT adoption is critical to future business success. As a result, they are advancing IoT and OT projects as a key priority.

• 68 percent of respondents say senior management believes IoT and OT are critical to supporting business innovation and other strategic goals.
• 65 percent of respondents say senior management has made it a priority for IT and OT security practitioners to plan, develop, or deploy IoT and OT projects to advance business interests.

Within this group, only a small minority of organizations slowed, limited, or stopped IoT and OT projects even though a majority believe that generally these types of devices are not built with security in mind and that they represent one of the least secured aspects of their IT and OT infrastructure.

• 31 percent of IT security practitioners have slowed, limited, or stopped the adoption of IoT and OT projects due to security concerns.
• 55 percent of respondents do not believe IoT and OT devices have been designed with security in mind.
• 60 percent of respondents say IoT and OT security is one of the least secured aspects of their IT and OT infrastructure.

Based on the data, it appears that business interests are currently taking priority over the increased security risks that organizations assume, as they advance their IoT and OT projects. This puts security and risk leaders in a difficult place and explains why IoT and cyber-physical systems security has become their top concern for the next three to five years.⁵

“We believe this unique research highlights the obstacles organizations face as they use IoT and OT to drive business innovation with technologies that are more easily compromised than traditional endpoints,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “On a positive note, a vast majority of security and risk leaders recognize the threat and have made shoring up their IoT and OT defenses a top priority for the next 12 to 24 months.”

Outdated IoT and OT assumptions are putting organizations at risk

In the past, there was a common assumption about IoT and OT devices that is no longer true. It was assumed that IoT and OT devices were typically segmented from traditional endpoints (workstations, servers, and mobile) or that they were deployed within separate air-gapped networks. The research confirmed that devices on IT and OT networks are frequently connected directly or indirectly to the internet, making them targets that can be breached from outside of the organization. The latest evolution to the Mozi attack¹ is a great example of how a business network can be breached through network gear running on the edge of business networks.

• 51 percent of OT networks are connected to corporate IT (business) networks, like SAP and remote access.
• 88 percent of respondents say their enterprise IoT devices are connected to the internet—for instance, for cloud printing services.
• 56 percent of respondents say devices on their OT network are connected to the internet for scenarios like remote access.

It’s critical that these dated assumptions are removed from organizational thinking so that proper mitigations can be put in place.

Key security challenges for IoT and OT devices

When it comes to securing IoT and OT devices, the top challenge is related to visibility. Per the research, only a small subset of respondents shared that they had a complete view of all their IoT and OT asset inventory.

• 29 percent of respondents mentioned that their organizations have a complete inventory of IoT and OT devices. Among them, they have an average of 9,685 devices.

But visibility isn’t just about building a complete asset inventory. It’s also about gaining visibility into the security posture of each IoT and OT device. Questions like “Is the device optimally configured for security,” “Are there any known vulnerabilities in the device’s firmware,” “Is the device communicating or connected directly to the internet,” and “Is the device patched with the latest firmware build?” are some of the questions that organizations need answers to but struggle with for their IoT and OT devices.

• 42 percent of respondents claimed they lack the ability to detect vulnerabilities on IoT and OT devices.
• 64 percent of respondents have low or average confidence that IoT devices are patched and up to date.

Another dimension of visibility that customers are seeking solutions for is related to the ability for organizations to become aware of IoT and OT devices that are involved in attacks. Most of the survey respondents have low to average confidence that the tools they have deployed will be successful in detecting compromised devices.

• 61 percent have low or average confidence in the ability to identify whether IoT devices are compromised.

Another important aspect of visibility worth mentioning is that customers struggle with the ability to efficiently determine how compromised IoT and OT devices are part of broader end-to-end incidents. To resolve attacks completely and decisively, organizations frequently use manual investigation processes to correlate and make sense of the end-to-end attack. Meanwhile, attackers use this time to broaden the attack and get closer to the end goal.

• 47 percent of respondents say their organizations are primarily using manual processes to identify and correlate impacted IoT and OT devices.

IoT and OT attacks are not hypothetical

The Ponemon research shows us that a good percentage of the surveyed respondents are encountering IoT and OT attacks. Nearly 40 percent of respondents told us that they’ve experienced attacks where the IoT and OT devices were either the actual target of the attack (for example, to halt production using human-operated ransomware) or were used to conduct broader attacks (such as lateral movement, evade detection, and persist). Most respondents felt these types of attacks will increase in the years to come.

• 39 percent of respondents experienced a cyber incident in the past two years where an IoT or OT device was the target of the attack.
• 35 percent of respondents say in the past two years their organizations experienced a cyber incident where an IoT device was used by an attacker to conduct a broader attack.
• 63 percent of respondents say the volume of attacks will significantly increase.

One thing to keep in mind with these last three statistics is that the study also showed that customers have low to average confidence in their ability to detect when IoT and OT devices have been compromised. Based on this, it’s likely that the real numbers are higher.

The new Microsoft Defender for IoT is available now for your feedback

Last month at Ignite, we announced that Microsoft Defender for IoT, formerly Azure Defender for IoT, is adding agentless monitoring capabilities to help secure enterprise IoT devices connected to IT networks such as Voice over Internet Protocol (VoIP), printers, and smart TVs. This complements the product’s existing support for industrial systems and critical infrastructure like ICS/SCADA. Additionally, we announced that Defender for IoT is part of the Microsoft SIEM and XDR offering bringing its AI, automation, and expertise to complex multistage attacks that involve IoT and OT devices.

Figure 1. Deep contextual telemetry (like asset and connection details) combined with threat intelligence (like analytics rules, SOAR playbooks, and dashboards) from Section 52 helps analysts perform high-efficiency incident responses.

Microsoft Security would now like to invite you to try out the new public preview of the integrated solution that addresses the challenges surfaced in the Ponemon research, such as complete asset inventory, vulnerability management, threat detection, and correlation. Try the public preview functionality within the Microsoft 365 Defender console or within the Microsoft Defender for IoT experiences. We look forward to hearing and integrating your feedback for the new Microsoft Defender for IoT.

More details on the public preview and roadmap can be viewed in our Ignite session.

Figure 2. Nir Krumer, Principal Program Manager, and Chris Hallum, Senior Product Marketing Manager, discuss securing your Enterprise IoT devices with Microsoft Defender for IoT.

Learn more

More information on the current release of Microsoft Defender for IoT, which offers OT security, can be found in the following resources:

• Enabling IoT/OT Threat Monitoring in Your SOC with Microsoft Sentinel.
• Go inside the new Microsoft Defender for IoT including CyberX.
• Microsoft scores highest in threat visibility coverage for MITRE ATT&CK for ICS.
• Microsoft Defender for IoT demonstration video.
• Microsoft Defender for IoT Training.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹This is why the Mozi botnet will linger on, Charlie Osborne, ZDNet. 1 September 2021.

²‘Thousands’ of Verkada Cameras Affected by Hacking Breach, IFSEC Global Staff, Dark Reading. 10 March 2021.

³Hackers Breached Colonial Pipeline Using Compromised Password, William Turton, Kartikay Mehrotra, Bloomberg. 4 June 2021.

⁴‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town, Frances Robles, Nicole Perlroth, New York Times. 8 February 2021.

⁵Develop a Security Strategy for Cyber-Physical Systems, Susan Moore, Gartner. 13 April 2021.

The post New research shows IoT and OT innovation is critical to business but comes with significant risks appeared first on Microsoft Security Blog.

Comprehensive security

Vasu Jakkal, Corporate Vice President (CVP) of Microsoft Security, Compliance, and Identity, sat down with Phil Montgomery, General Manager for Security Product Marketing GTM, at the 2021 Gartner Security and Risk Summit for a wide-ranging fireside chat on the evolving state of cybersecurity. Phil started by addressing the elephant in the room—how the past 18 months have altered the security landscape in ways we’re still trying to understand.

“When the pandemic started, businesses had to become digital overnight,” Vasu points out. “With employees turning to personal devices to get the job done, that meant we had an exponential increase in the amount of digital attack surfaces. We saw an incredible increase in the sophistication and frequency of cyberattacks.” Vasu cites the attack on Colonial Pipeline as an example of how attacks have become more sophisticated and relentless in 2021. She also cites the phenomenon of cybercriminals expanding their operations by offering ransomware as a service. “Organizations are facing new economic challenges along with those brought by hybrid environments—multi-cloud and multi-platform,” she reiterates. “All these factors have come together to increase the complexity we face in cybersecurity.”

“You can’t secure a door and leave a window open. You have to think about your security posture as an interdependent whole—both external and internal threats.”—Vasu Jakkal, CVP of Microsoft Security, Compliance, and Identity

Eliminating complexity is one reason why Microsoft chose to integrate Microsoft Sentinel, our cloud-native SIEM + SOAR solution, and Microsoft Defender, our extended detection and response (XDR) tool. Integrating the two solutions simplifies detection and response by providing a bird’s-eye view of your digital estate, as well as enabling your security operations center (SOC) to investigate and resolve incidents at a granular level. “That kind of visibility and rapid response can really make a difference in the early stages of a ransomware attack,” Vasu stresses. “The reality today is if you’re connected; you’re vulnerable. The only way to protect a remote workforce is to have left-to-right and top-to-bottom security. That means security, compliance, identity, device management, and privacy are all interdependent.”

Beyond the technology, Vasu also points out: “The number one thing every security leader should be doing right now is building and practicing a plan with all essential members of your team. Do you have a great communications plan? Do you have a great response plan?” She also stressed the importance of training and empowering employees at every level of the organization to identify suspicious activity and escalate it.

Zero Trust comes of age in 2021

Earlier this month at the 2021 Forrester Security and Risk Forum, Microsoft CVP of Program Management Alex Simons also sat down for another fireside chat with Nupur Goyal, Microsoft Group Product Marketing Manager for Identity Security and Zero Trust. Alex also was struck by the rapid changes in enterprise security over the past 18 months. “If you think about the world we were in before [the pandemic],” he explains, “you were mostly protecting desktop PCs and laptops; most of your apps were on-premise. You didn’t have to worry about nation-state attackers. That’s why it’s important for enterprises to move away from the old perimeter-based security model to a Zero Trust approach.”

“The thing to remember about a Zero Trust approach, as the saying goes: you don’t have to eat the whole elephant at once. Just gradually expand multifactor authentication across your employees, beginning with those that have the access to the most important applications.”—Alex Simons, Microsoft CVP of Program Management

For some organizations, Zero Trust requires a big shift in thinking. It’s a mindset that assumes all activity, even by known users, could be an attempt to breach your systems. Alex cites attackers who are now targeting identities—both through users and the software itself—as a new threat to consider. “You really need a system that can look at what your users and their devices are doing,” he explains. “That includes all the software services that can access your resources. It really has to be a comprehensive approach. The workload identities, the ones that are your software, that’s a new thing. And you want to make sure you have a good plan in place for that.”

Alex recommends organizations begin by applying multifactor authentication to all privileged admin accounts. He also pointed out the importance of making sure that every device accessing your resources is well-managed. “Microsoft Endpoint Manager and Microsoft Defender for Endpoint help achieve that. You want to be sure every device is encrypted and protected with a PIN, but also you want each to be in a clean state from an antivirus standpoint.”

Roughly 76 percent of Microsoft customers have already begun Zero Trust implementation. Because we’re now in a boundary-less world of hybrid work, Zero Trust is exactly the security approach that’s needed. The foundation of Zero Trust is based on the three guiding principles: verify explicitly, use least-privilege access, and assume breach. Microsoft is building an identity platform to simplify and secure all relationships among employees, partners, customers, workloads, and smart devices—whether you’re a developer, an IT administrator, or a user. “There are 579 attacks happening every second,” Vasu adds. “So, effective security has to start with a strong identity foundation. We see identity as the ‘trust fabric’ of this new boundaryless collaboration.”

Managing compliance, risk, and privacy

For organizations across every sector, a tremendous amount of data is accessed, processed, and stored every day. This, along with an ever-growing universe of data regulations, is creating complexity and compliance risk. “We have personal data, which is in movement and in flux all the time,” Vasu explains. “The lines between work and home networks are all blurring. So that creates a lot of pressure about how to protect data, and how to ensure that all regulations are being followed.”

Many organizations use manual processes to discover how much personal data they have stored. There’s often a lack of actionable insights to help mitigate security and privacy risks. That’s why Microsoft recently announced privacy management for Microsoft 365. This new solution helps organizations identify critical privacy risks, automate privacy operations, and empower employees to be smart when they’re handling sensitive data.

For chief information security officers (CISOs) and risk officers, Vasu proposes a four-fold solution for balancing compliance and privacy: First, know your data. “Who’s accessing your data?” she asks. “How is your data moving? Do you have the right label? Do you have the right sensitivities? How are you protecting against insider risk? Do you have the right permissions level?” Second, establish a baseline of activity and measure anomalies to that baseline. You can’t just look at the world through the auditors’ eyes—pass or fail. You need to help your team see how they’re making progress. Third, partner with providers who can help you stay on top of changes in laws and regulations in all markets where you operate. Fourth, establish a collaborative process internally to address the risks when they arise. “It’s not just a security problem; it’s an organizational problem,” she stresses. That means ensuring that HR, legal, compliance, and risk teams are all working with your security operations center.

Zero Trust is not just about outside-in protection; it’s also inside-out. Organizations need to build compliance protections into processes to defend against insider threats. “You can’t secure a door and leave a window open,” is how Vasu sums it up. “You have to think about your security posture as an interdependent whole—both external and internal threats.” Organizations can take an easy first step just by implementing passwordless technologies like Windows Hello for desktops or the Microsoft Authenticator app for mobile devices.

Building tomorrow’s talent

For almost every two cybersecurity jobs in the United States today, a third job is sitting empty because of a shortage of skilled people. That’s why Microsoft is launching a national campaign with United States community colleges to help skill and recruit 250,000 people into the cybersecurity workforce by 2025:

• Community colleges are everywhere. There are 1,044 community colleges located in every state and territory, and in every setting: urban, suburban, rural, and tribal.
• Community colleges are more affordable. Tuition averages just $3,770 annually (versus $10,560 for four-year public colleges). Moreover, 59 percent of community college students can access financial aid.
• Community colleges are diverse. Students at community colleges are 40 percent Black or African American or Hispanic. In addition, 29 percent are among their family’s first generation to attend college, while 20 percent are students with disabilities, and 5 percent are veterans. And 57 percent of students at community colleges are women.

“In March of this year, we announced Microsoft’s Career Connector,” Vasu explains, “a service that will help place 50,000 job seekers skilled by Microsoft’s nonprofit and learning partners in the Microsoft ecosystem over the next three years.” Career Connector has a specific focus on women and underrepresented minorities in technology. “I’m proud to report that our global skills initiative has reached more than 30 million people in 249 countries,” she adds. Microsoft is also extending through the end of 2021 all the free courses and low-cost certifications offered in our global skilling initiative through Microsoft Learn. To help fill talent gaps in compliance, Microsoft also offers certification courses for security, compliance, and identity. “No matter who you are, you can be a defender.”

The attackers in today’s asymmetric cyberwar come from all backgrounds, ethnicities, and regions. For that reason, we as defenders need to be just as diverse. “Along with diversity, inclusion goes hand in hand,” Vasu explains. “It’s important that we commit to hiring from places we may have not thought about before, to build a place where everyone feels like they belong.” She sees solving the talent shortage as a three-step process: get more people aware of cybersecurity; help them build the skills they need; and create spaces where everyone feels they can do their best work. As Vasu sees it: “Ultimately, security is all about humans. Whether you’ve been in the workforce for 30 years and want a change, or you’re just starting your career; either way, there’s a place for you here.”

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft unpacks comprehensive security at Gartner and Forrester virtual events appeared first on Microsoft Security Blog.

archTIS’ NC Protect has integrated with Microsoft Information Protection (MIP) to empower IT and business owners to easily create secure teams and channels and enable guest access, enforcing Zero Trust policies at the file, chat, and message level to prevent accidental sharing, misuse, and data loss.

Human error is a vulnerability to your security

Many organizations struggle to keep track of data and ensure their information security, sharing, and usage policies are being followed. This can pose a serious risk when you consider 63 percent of insider-related incidents are the result of negligence and simple human error, with another 23 percent related to criminal insiders.²

From sharing confidential files or sensitive information with the wrong recipient to including regulated or confidential data in a chat, these costly mistakes are hard to avoid if you rely upon user behavior and training to protect your data. Worse, some organizations try to solve the problem by turning off information sharing and guest access in Teams altogether.

Better together: NC Protect and Microsoft Information Protection

NC Protect leverages Microsoft security investments to further prevent data loss and insider threats with data-centric information security that applies Zero Trust principles to dynamically adjust access and information protection in Microsoft Teams.

By combining MIP sensitivity labels and Microsoft Azure Active Directory (Azure AD) attributes with NC Protect’s dynamic user- and attribute-based policies to control access, usage, and sharing, customers benefit from expanded protection and control over Teams collaboration to:

• Leverage MIP sensitivity labels in combination with other file and user attributes from Azure AD and Active Directory to dynamically adjust access to and control of what users can see, how they can use and share information, and with whom at the file and chat level.
• Empower team owners to set team and channel security using custom default rulesets from within the Teams app with just a few clicks, without any IT knowledge or skills to ensure internal and external users can collaborate securely.
• Gain additional information protection capabilities for Teams including secure personalized watermarks, read-only access through a zero-footprint file viewer, flexible information barriers, and IT-friendly private channels.
• Extend adaptive access, usage, and sharing policies across other Microsoft 365 apps for granular, dynamic information protection and next-generation data loss prevention (DLP).

Combining the power of MIP with NC Protect ensures granular policy-based control to secure collaboration and allows customers to realize the full value of their existing Microsoft investments.

How it works

NC Protect dynamically adjusts file security based on real-time comparison of user and file attributes to make sure that users view, use, and share files according to an organization’s regulations and policies. NC Protect leverages a file’s MIP sensitivity label as one of the attributes used to determine access and the level of protection needed based on the conditions at the time of access. With NC Protect, dynamically restrict access, usage, and sharing rights based on the file’s classification and the user’s current location, device, and security clearance.

Learn more

Learn more about the NC Protect integration with MIP and Teams and other Microsoft 365 apps, including demonstrations of how NC Protect’s dynamic attribute-based access control better protects against insider threats:

• Watch NC Protect for Microsoft Teams.
• Watch Simplified Access and Security Provisioning for Microsoft Teams.
• Watch NC Protect with Azure Information Protection.
• Find NC Protect for Teams, SharePoint, and O365 Apps in Microsoft Azure Marketplace.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

About archTIS

archTIS Limited (ASX:AR9) is a global provider of innovative software solutions for the secure collaboration of sensitive information. The company’s award-winning data-centric information security solutions protect the world’s most sensitive content in government, defense, supply chain, enterprises, and regulated industries through attribute-based access and control (ABAC) policies. archTIS products include Kojensi, a multi-government certified platform for the secure access, sharing, and collaboration of sensitive and classified information; and NC Protect for enhanced information protection for file access and sharing, messaging, and emailing of sensitive and classified content across Microsoft 365 apps, Dropbox, Nutanix Files, and Windows file shares. For more information visit the archTIS website or follow archTIS on Twitter.

¹Watch out Zoom: Microsoft Teams now has more than 115 million daily users, Owen Hughes, TechRepublic. 28 October 2020.

²The Cost of Insider Threats, IBM Security. 2020.

The post archTIS and Microsoft: Zero Trust information security for Microsoft Teams appeared first on Microsoft Security Blog.

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA.

Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for years, but their breadth and sophistication today pose a formidable threat. According to the FBI, fraudulent emails sent under the guise of their own domains cost companies over $13 billion between 2016 and 2020.¹

Microsoft has industry-leading solutions for protecting customers from such attacks. Recently, Microsoft was named a leader in the 2021 Enterprise Email Security Wave², with Microsoft Defender for Office 365 receiving the highest possible scores in categories like incident response, threat intelligence, endpoint detection and response (EDR) integration, product strategy, and customer success. This acknowledgment is the latest testament to Microsoft’s continued innovation as a best-of-breed solution for email and collaboration security.

Valimail joined the Microsoft Intelligence Security Association³ (MISA) to transform Domain-based Message Authentication, Reporting, and Conformance (DMARC), one of the most reliable—yet often incredibly complex—ways to successfully strengthen email security.

Valimail Enforce, the first true DMARC-as-a-service offering, gives Microsoft Office 365 users visibility into every service sending emails under their domains, plus additional tools to achieve DMARC enforcement faster than with any other solution.

Instead of struggling to set up DMARC or hiring expensive consultants to reach enforcement, Microsoft customers can use Valimail Enforce to automate the process of DMARC enforcement using simple, guided workflows.

The combined power and deep integration of these two technologies is in the results: Microsoft users, such as the MLB, Uber, Citgo, Nestle, and the Department of Transportation currently reduce email fraud, increase deliverability across every domain, and protect their brands’ reputations.

Automated DMARC

For those who have only heard of DMARC in passing or not at all, it might sound like just another enterprise email acronym. However, DMARC enforcement has already proven to be a valuable protector of enterprise email. According to Gartner®, DMARC is one of the top 1o security projects⁴, based on Gartner forecasts and adjusted for the impact of COVID-19. The problem with most approaches to DMARC, however, has been in the tenuous implementation.

Here is some quick context on what DMARC is, and how many cycles IT has had to spend working with it in the past. At its most simple definition, DMARC is a way to tell other email servers that messages coming from your domains are legitimate. Typically, IT would insert a line of code in a text record under DNS settings for each domain, which triggers recipient servers to send a report of every IP address claiming to be valid senders from your organization.

v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email

Someone would then need to read through sender lists in XML, confirm that each IP address is connected to an approved service, set up DomainKeys Identified Mail (DKIM) and Send Policy Framework (SPF) individually for each, and check back regularly to see if new suspicious senders have appeared.

This process can be tedious. That’s why many companies are genuinely concerned about email fraud and deliverability never finish the DMARC projects they start. Last year alone 53,000 companies added a DMARC record, with only 10 percent successfully getting themselves to enforcement. Valimail Authenticate removes the significant manual upkeep from email security workflows, making the whole process seamless for Microsoft Office 365 users. Microsoft Office 365 users can get comprehensive visibility into their email environment and turn on Valimail Enforce.

How Microsoft Office 365 and Valimail work together

Microsoft launched Office 365 to drive an industry-wide shift toward cloud-based services and API-driven integrations. As cloud became the norm for even the most security-conscious enterprises, companies authorized more and more vendors to send an email on their behalf—such as Salesforce, Marketo, Splunk, Workday, DocuSign, Twilio SendGrid, and more.

Valimail built Enforce to address this new, cloud-connected landscape. By automating the identification of email senders and the subsequent policy-setting needed to keep domains protected, Valimail Enforce offers users a modern, efficient path to DMARC enforcement. Native integration to Microsoft Office 365 ensures Microsoft customers don’t have to worry about configurations, manually identifying senders, or pulling in extra resources to get DMARC done right.

Here’s how Microsoft Office 365 customers can get started with Authenticate and reach DMARC enforcement in just a few minutes:

Figure 1. Microsoft users can get started with one click. Enforce configures DNS settings for DKIM and SPF automatically behind the scenes.

Valimail Enforce goes above and beyond to provide businesses with complete and transparent visibility. Its key feature, Precision Sender Intelligence, takes the guesswork out of the task of identifying services.

Figure 2. Get free visibility into the services sending email under your domain.

For unrecognizable or possibly fraudulent services, quickly mark them to be blocked or quarantined. You’ll be notified if any new ones are found later, so you’ll never wonder if you’ve caught everything.

Enforce will ensure your SPF and DKIM records stay up to date. If you ever need to check the logs or do a technical deep-dive, you can access detailed information on your DMARC settings whenever you wish.

Figure 3. Enforce shows you what’s happening for every domain and service at every stage of the process.

Together, Microsoft’s unparalleled protection through Microsoft 365, coupled with Valimail Enforce, makes protecting your domain globally as easy as 1, 2, 3. It starts with Microsoft 365 users getting free visibility into DMARC enforcement. Get started today.

About Valimail

Valimail is the global leader in Zero Trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world’s largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the US Federal Aviation Administration. Valimail is the fastest-growing DMARC solution with the largest global market share and is the premier DMARC partner for Microsoft 365 environments. For more information visit their website.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Internet Crime Report, Internet Crime Complaint Center (IC3), Federal Bureau of Investigation, 2020.

²Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave, Rob Lefferts, Microsoft 365 Security, 6 May 2021.

³Valimail Joins Microsoft Intelligent Security Association, Cision, PR Newswire, 25 September 2018.

⁴Smarter with Gartner, Gartner Top 10 Security Projects for 2020-2021, Kasey Panetta, September 15, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365 appeared first on Microsoft Security Blog.