Microsoft has embraced Zero Trust principles, both in our security products and in the way we secure our own enterprise environment. We’ve been helping thousands of organizations worldwide transition to a Zero Trust security model, including military departments and civilian agencies. Over the past three years, we’ve listened to our US government customers, so we can build rich new security features that help them meet the requirements described in the Executive Order, and then support their deployments. These advancements include certificate-based authentication in the cloud, Conditional Access authentication strength, cross-tenant access settings, FIDO2 provisioning APIs, Azure Virtual Desktop support for passwordless authentication, and device-bound passkeys.

The illustration below depicts the Zero Trust Maturity Model Pillars adopted by the US Cybersecurity and Infrastructure Security Agency (CISA).

As the memo’s deadline approaches, we’d like to celebrate the progress our customers have made using the capabilities in Microsoft Entra ID not only to meet requirements for the Identity pillar, but also to reduce complexity and to improve the user experience for their employees and partners.

Microsoft Entra ID is helping US government customers meet the M-22-09 requirements for identity

US government agencies are adopting Microsoft Entra ID to consolidate siloed identity solutions, reduce operational complexity, and improve control and visibility across all their users, as the memo requires. With Microsoft Entra ID, agencies can enforce multifactor authentication at the application level for more granular control. They can also strengthen security by enabling phishing-resistant authentication for staff, contractors, and partners, and by evaluating device information before authorizing access to resources.

Vision:

Agency staff use enterprise-managed identities to access the applications they use in their work. Phishing-resistant multifactor authentication protects those personnel from sophisticated online attacks.

Actions:

1. Agencies must employ centralized identity management systems for agency users that can be integrated into applications and common platforms.
2. Agencies must use strong multifactor authentication throughout their enterprise.
   • Multifactor authentication must be enforced at the application layer, instead of the network layer.
   • For agency staff, contractors, and partners, phishing-resistant multifactor authentication is required.
   • For public users, phishing-resistant multifactor authentication must be an option.
   • Password policies must not require use of special characters or regular rotation.
3. When authorizing users to access resources, agencies must consider at least one device-level signal alongside identity information about the authenticated user.

Source: M-22-09: Moving the US Government Toward Zero Trust Cybersecurity Principles, issued by the US Office of Management and Budget, January 2022, page 5.

Many of our US government civilian and military customers want to use the same solutions across their different environments. Since it’s available in secret and top-secret Microsoft Azure Government clouds, agencies can standardize on Microsoft Entra ID to secure user identities, to configure granular access permissions in one place, and to provide simpler, easier, and more secure sign-in experiences to applications their employees use in their work.

Microsoft Entra ID

Establish Zero Trust access controls, prevent identity attacks, and manage access to resources.

Try for free

Using Microsoft Entra ID as a centralized identity management system

Anyone who has struggled to manage multiple identity systems understands that it’s an expensive and inefficient approach. Government customers who have adopted Microsoft Entra ID as their central agency identity provider (IdP) gained a holistic view of all users and their access permissions as required by the memo. They also gained a centralized access policy engine that combines signals from multiple sources, including identities and devices, to detect anomalous user behavior, assess risk, and make real-time access decisions that adhere to Zero Trust principles.

Moreover, Microsoft Entra ID enables single sign-on (SSO) to resources and apps, including apps from Microsoft and thousands of other vendors, whether they’re on-premises or in Microsoft commercial or government clouds. When deployed as the central agency IdP, Microsoft Entra ID also secures access to resources in clouds from Amazon, Google, and Oracle.

Many government customers are facilitating secure collaboration among different organizations by using Microsoft Entra External ID for business-to-business (B2B) collaboration to enable cross-cloud access scenarios. They don’t have to give collaboration partners separate credentials for accessing applications and documents in their environment, which reduces their cyberattack surface and spares their partner users from maintaining multiple sets of credentials for multiple identity systems.

Using Microsoft Entra ID to facilitate cross-organizational collaboration

One of our government customers, along with their partner agency, configured cross-tenant access settings to trust multifactor authentication claims from each user’s home tenant. Their partner agency can now trust and enforce strong phishing-resistant authentication for the customer’s users without forcing them to sign in multiple times to collaborate. The partner agency also explicitly enforces, through a Conditional Access authentication strength policy, that the customer’s users must sign in using a personal identity verification (PIV) card or a common access card (CAC) before gaining access.

Another government customer needed to give employees from different organizations within the same agency access to shared services applications such as human resources systems. They used Microsoft Entra External ID for B2B collaboration along with cross-cloud settings to enable seamless and secure collaboration and resource sharing for all agency employees, other government agencies (OGAs), and external partners. They used Microsoft Entra Conditional Access policy and cross-tenant access settings to require that employees sign in using phishing-resistant authentication before accessing shared resources. Trust relationships ensure that this approach works whether the home tenant of an employee is in an Azure commercial or government cloud. They also enabled collaboration with agencies that use an IdP other than Microsoft Entra ID by setting up federation through the SAML 2.0 and WS-Fed protocols.

Next step after standardizing on Microsoft Entra ID as your centralized IdP: Use Microsoft Entra ID Governance to automate lifecycle management of guest accounts in your tenant, so guest users only get access to the resources they need, for only as long as they need it. Start here: What are lifecycle workflows?

Enabling strong multifactor authentication

Standardizing on Microsoft Entra ID has made it possible for our government customers to enable phishing-resistant authentication methods. Over the past 18 months, we’ve worked with our US government customers to increase adoption of phishing-resistant multifactor authentication with Microsoft Entra by almost 2,000%.

From there, customers configure Conditional Access policies that require strong phishing-resistant authentication for accessing applications and resources, as required by the memo. Using Conditional Access authentication strength, they can even set policies to require additional, stronger authentication based on the sensitivity of the application or resource the user is trying to access, or the operation they’re trying to perform.

Microsoft Entra supports strong phishing-resistant forms of authentication:

• Certificate-based authentication (CBA) using Personal Identification Cards (PIV) or Common Access Cards (CAC)
• Device-bound passkeys
  • FIDO2 security keys
  • Passkeys in the Microsoft Authenticator app
• Windows Hello for Business
• Platform single sign-on SSO for macOS devices (in preview)

For a deep dive into phishing resistant authentication in Microsoft Entra, explore the video series Phishing-resistant authentication in Microsoft Entra ID.

While Microsoft Entra ID can prevent the use of common passwords, identify compromised passwords, and enable self-service password reset, many of our government customers prefer to require the most secure forms of authentication, such as smart cards with x.509 certificates and passkeys, which don’t involve passwords at all. This makes signing in more secure, simplifies the user experience, and reduces management complexity.

Implementing phishing-resistant multifactor authentication methods with Microsoft Entra ID

To reduce the cost and complexity of maintaining an on-premises authentication infrastructure using Active Directory Federation Services (AD FS) for employee PIV cards, one agency wanted to use certificate-based authentication (CBA) in Microsoft Entra ID. To ensure the transition went smoothly, they moved users with Staged Rollout, carefully monitoring threat activity using Microsoft Entra ID Protection dashboards and Microsoft Graph API logs exported to their security information and event management (SIEM) system. They migrated all their users to cloud-based CBA in Microsoft Entra in less than three months and after monitoring the environment for a time, confidently decommissioned their AD FS servers.

A local government department chose an opt-in approach for moving employees and vendors to phishing-resistant authentication. Every user contacting the help desk for a password reset instead received help onboarding to Windows Hello for Business. This agency also gave FIDO2 keys to all admins and set a Conditional Access authentication strength policy requiring all vendors to perform phishing-resistant authentication. Their next step will be to roll out device-bound passkeys managed in the Microsoft Authenticator app and enforce their use through Conditional Access. This will save them the expense of issuing separate physical keys and give their users the familiar experience of authenticating securely from their mobile device.

By giving users access to applications and resources through Azure Virtual Desktop, another large agency avoids the overhead of maintaining and supporting individual devices and the software running on them. They also protect their environment from potentially unhealthy, misconfigured, or stolen devices. Whether employees use devices running Windows, MacOS, iOS, or Android, they run the same Virtual Desktop image and sign in, as policy requires, using phishing-resistant, passwordless authentication.

Next step after enabling strong multifactor authentication: Configure Conditional Access authentication strength to enforce phishing-resistant authentication for accessing sensitive resources. Start here: Overview of Microsoft Entra authentication strength.

Using Conditional Access policies to authorize access to resources

Using Conditional Access, our government customers have configured fine-tuned access policies that consider contextual information about the user, their device, their location, and real-time risk levels to control which apps and resources users can access and under what conditions.

To satisfy the memo’s third identity requirement, these customers include device-based signals in policies that make authorization decisions. For example, Microsoft Entra ID Protection can detect whether a device’s originating network is safe or unsafe based on its geographic location, IP address range, or whether it’s coming from an anonymous IP address (for example, TOR). Conditional Access can evaluate signals from Microsoft Intune or other mobile device management systems to determine whether a device is properly managed and compliant before granting access. It can also consider device threat signals from Microsoft Defender for Endpoint.

Enabling Microsoft Entra Conditional Access risk-based policies

One government department enabled risk-based Conditional Access policies across their applications, requiring more stringent sign-in methods depending on levels of user and sign-in risk. For example, a user evaluated as ‘no-risk’ must always perform multifactor authentication, a user evaluated as ‘low-medium risk’ must sign in using phishing-resistant multifactor authentication, and a user deemed ‘high-risk’ must sign in using a specific certificate issued to them by the department. The customer has also configured policy to require compliant devices, enable token protection, and define sign-in frequency. To facilitate threat hunting and automatic mitigation, they send their sign-in and other Microsoft Entra logs to Microsoft Sentinel.

Next step after configuring basic Conditional Access policies: Configure risk-based Conditional Access policies using Microsoft Intune. Start here: Configure and enable risk policies.

Next steps

On July 10, 2024, the White House issued Memorandum M-21-14, “Administration Cybersecurity Priorities for the FY 2026 Budget.” One budget priority calls on agencies to transition toward fully mature Zero Trust architectures by September 30, 2026. Agencies need to submit an updated implementation plan to the Office of Management and Budget within 120 days of the memo’s release.

Microsoft is here to help you rearchitect your environment and implement your Zero Trust strategy, so you can comply with every milestone of the Executive Order. We’ve published technical guidance and detailed documentation to help federal agencies use Microsoft Entra ID to meet identity requirements. We’ve also published detailed guidance on meeting the Department of Defense Zero Trust requirements with Microsoft Entra ID.

In the coming weeks and months, you’ll see announcements about additional steps we’re taking to simplify your Zero Trust implementation, such as the general availability of support for device-bound passkeys in Microsoft Authenticator and Microsoft-managed Conditional Access policies that enable multifactor authentication by default for US government customers.

We look forward to supporting you through the next phases of your Zero Trust journey.

1. Standardize on Microsoft Entra ID as your centralized identity provider to secure every identity and to secure access to your apps and resources. Start here: What is Microsoft Entra ID?
2. To facilitate secure cross-organization collaboration, configure cross-tenant access settings and Conditional Access policies to require that partners accessing your resources sign in using phishing-resistant authentication. Start here: Microsoft Entra B2B in government and national clouds.
3. If you’re using CBA on AD FS, migrate to cloud-based CBA using Staged Rollout and retire your on-premises federation servers. Start here: Migrate from AD FS Certificate-based Authentication (CBA) to Microsoft Entra ID CBA.
4. Eliminate passwords altogether by enabling passwordless phishing-resistant authentication using CBA, Windows Hello for Business, device-bound passkeys (FIDO2 security keys or passkeys managed in the Microsoft Authenticator app), or Platform SSO for MacOS. Start here: Plan a passwordless authentication deployment in Microsoft Entra ID.
5. Implement risk-based Conditional Access policies to adjust access requirements dynamically. Start here: DoD Zero Trust Strategy for the user pillar.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Microsoft Entra ID supports US government agencies in meeting identity security requirements appeared first on Microsoft Security Blog.

As part of any robust incident response plan, organizations often work through potential security weaknesses by responding to hypothetical cyberthreats. In this blog post, we’ll imagine a scenario in which a threat actor uses malware to infect the network, moving laterally throughout the environment and attempting to escalate their admin rights along the way. In this hypothetical scenario, we’ll assume containment of the incident requires a mass password reset.

Despite technological advances, many organizations still depend heavily on passwords, making them vulnerable to cyberthreats. During a ransomware attack, the need for mass password resets becomes urgent. Unfortunately, admins can quickly become overwhelmed, burdened with the daunting task of resetting passwords for countless users across multiple connected devices. The surge in help desk calls and service tickets as users face authentication issues on multiple fronts can significantly disrupt business operations. But it’s imperative to secure all digital access points to swiftly mitigate risks and restore system integrity. So how do we manage a mass password reset while minimizing disruption to users and the business?

This blog post delves into the processes and technologies involved in managing a mass password reset, in alignment with expert advice from Microsoft Incident Response. We’ll explore the necessity of mass password resets and the specific methods and security measures that Microsoft recommends to effectively safeguard identities. For a more technical explanation, read our Tech Community post.

Surge in password-based cyberattacks

According to the most recent Microsoft Digital Defense Report, password-based attacks in 2023 increased tenfold over the previous year, with Microsoft blocking about 4,000 attacks per second through Microsoft Entra.¹ This alarming rise underscores the vulnerability of password-dependent security systems. Despite this, too many companies haven’t adopted multifactor authentication, leaving them vulnerable to a variety of cyberattacks, such as phishing, credential stuffing, and brute force attacks. This makes a mass password reset not just a precaution, but a necessity in certain situations.

Deciding on a mass password reset

When the Microsoft Incident Response team determines a threat actor has had extensive access to a customer’s identity plane, a mass password reset may be the best option to restore environment security and prevent unauthorized access. Here are a few of the first questions we ask:

• When should you perform a mass password reset?
• What challenges might you face during the process?
• How should you prepare for it?

Microsoft Incident Response

Dedicated experts work with you before, during, and after a cybersecurity incident.

Explore services

How to manage a mass password reset effectively

In today’s world, many of us are working from anywhere, blending home and office environments. This diversity makes executing a mass password reset particularly challenging, and the decision isn’t always clear. Organizations need to weigh the risk to the business from ransomware and down time against the disruption to users and the often overwhelming strain on IT staff. Here are the two main drivers of mass password resets, as well as advanced security measures a cybersecurity team can apply.

User-driven resets

In environments where identities sync through Microsoft Entra, there’s no need for a direct office connection to reset passwords. Using Microsoft Entra ID capabilities allows users to change their credentials at their next login. Opting for Microsoft Entra ID can also add layers of security through features like Conditional Access, making the reset process both secure and user-friendly. Conditional Access policies work by evaluating the context of each sign-in attempt and allowing you to configure requirements based on that context—like requiring users to complete multifactor authentication challenges if they’re accessing files from outside the corporate network, for example. Conditional Access policies can significantly enhance security by preventing unauthorized access during the reset process.

Administrator-driven resets

This method is crucial when immediate action is needed. Resetting all credentials quickly might disrupt user access, but it’s sometimes necessary to secure the system. Providing options like self-service password reset (SSPR) can help users regain access without delay. SSPR allows users to authenticate using alternative methods such as personal email addresses, phone numbers, or security questions—options available when they have been previously configured. This method not only restores access quickly but also reduces the load on help desk and support hotline departments during critical recovery phases.

Advanced security measures: Beyond basic resets

In addition to the primary reset methods, advanced security measures should be considered to enhance the security posture further. For highly privileged accounts, using privileged identity management (PIM) can manage just-in-time access, reducing the risk of exposure. PIM enables granular control over privileged accounts, allowing administrators to activate them only when necessary, which minimizes the opportunity for attackers to exploit these high-level credentials. To explore more scenarios where mass password reset might be the best option, read through our technical post.

Securing emergency access: Don’t forget to monitor

For critical accounts, manually resetting credentials ensures tighter security. It’s essential to equip emergency access accounts with phishing-resistant authentication, such as FIDO2 security keys and support from the Microsoft Authenticator app. Monitoring the activities from these accounts is crucial to ensure they are used correctly and only in emergencies. IT admins can leverage Microsoft Entra ID logs to keep a close watch on login patterns and activities, viewing real-time alerts and ensuring quick response to any suspicious actions.

Passwordless authentication and enhancing incident response

As cybersecurity evolves, the move toward passwordless authentication is becoming integral to enhancing incident response strategies. Traditional passwords—often vulnerable to breaches—are giving way to more secure methods like Windows Hello for Business, Microsoft Authenticator, and FIDO2 security keys. These technologies leverage biometrics and secure tokens, reducing common attack vectors such as password theft and phishing, and thereby streamlining the incident response process. Policies like a Temporary Access Pass can be configured to empower a move towards passwordless authentication, making it easier for users to register new strong authentication methods.

Implementing multifactor authentication also further strengthens security frameworks. Multifactor authentication is an essential component of basic security hygiene that can prevent 99% of account compromise attacks.¹ When integrated with phishing-resistant authentication methods, together they form a formidable barrier against unauthorized access. This dual approach not only speeds up the response during security incidents but also reduces potential entry points for attackers. This transformative phase in cybersecurity shifts focus on reactive to proactive security measures, promising a future where digital safety is inherent and user interactions are inherently secure. An option to enable phish-resistant authentication is the newly released ability to use passkeys with the Microsoft Authenticator.

A mass password reset is just one of the many tools organizations need to understand and consider as part of their robust incident response plan. For a more in-depth look at scenarios that may require mass password reset, read our technical post.

Learn more

Learn more about Microsoft Incident Response and Microsoft Entra.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

The post Microsoft Incident Response tips for managing a mass password reset appeared first on Microsoft Security Blog.

At the same time, the number and complexity of cyberthreats continues to grow. This makes the challenge of securing human and non-human identities urgent and critical. Phishing, ransomware, and both internal and external threats have increased significantly. And threat actors are quickly exploiting newer technologies like generative AI to create and scale their attacks.

In the face of these challenges and the acceleration of AI opportunities and risks, what we think of as traditional identity and access management is no longer enough. We need to ensure the right people, machines, and software components get access to the right resources at the right time, while keeping out any bad actors or cyberthreats. We need to be able to secure access for any trustworthy identity, anywhere, to any app, resource, or AI tool at any time.

We take these challenges very seriously. Our teams have been hard at work, listening to customers and analyzing data—and utilizing the modern technologies enabled by AI—to stay ahead of threats and step up our defenses. This new era demands a comprehensive, adaptive, real-time approach to securing access.

At Microsoft, we call this approach the trust fabric.  

Think global, act local

In years past, the firewall was the clear perimeter of network protection for customers. Then the buzz was “identity is the new perimeter” as people began to work from home and do their work on personal devices. And recently, the term “identity fabric,” coined by industry analysts in 2023, has been used by many to describe identity and access management (IAM) concepts and capabilities. But the move from a network control plane to an identity-centric control plane is just the beginning. Flexible work models, cloud apps and services, digitized business processes, AI, and more can no longer be managed by a single identity control plane. It would slow down the speed of business and become a choke point.

Instead, to meet the needs of our ever-expanding digital estate, we need a “think global, act local” approach. A combination of centralized decisions and policies would determine what is allowed to happen at the edges—the points of interaction—with multiple, distributed control planes at both the identity and network levels. In addition to identity, the network and endpoints are equally critical signals. The controls and policies should be unified with identity to reduce complexity and gaps. This is the distinction between identity fabric and the next step: trust fabric. In this era of ubiquitous, decentralized computing, data centers can serve as the intelligent cloud, facilitating interaction with smart devices and services on the intelligent edge. This decentralized identity model can also help achieve the speed required to authorize so many devices and services at scale. The vision for how to conceptually architect and move forward with this comprehensive defense-in-depth cybersecurity strategy is the same as a trust fabric. As such, Microsoft’s trust fabric concept expands beyond traditional IAM to weave together comprehensive, unified identity, network access, and endpoint controls.

Figure 1. Identity security has evolved from directory services and firewalls to cloud-centered identity services to today’s decentralized trust fabric approach. 

Zero Trust and a trust fabric

Zero Trust is the term for an evolving set of cybersecurity paradigms that move cybersecurity defenses from static, network-based perimeters to focus on users, assets, and resources. The concept of Zero Trust has been around in cybersecurity for some time and is increasingly important as enterprise infrastructure continues to become decentralized and increases in complexity. In 2020, the National Institute of Standards and Technology (NIST) released a security-wide framework or model of Zero Trust based on three core principles: Verify explicitly, ensure least-privileged access, and assume breach. The Zero Trust principles are foundational to how organizations should architect a trust fabric, and instructional for how to build technology to bring the trust fabric to life.

A Zero Trust strategy is a proactive, integrated approach to security across all layers of the digital estate. A modern comprehensive implementation of Zero Trust protects assets wherever they are. It includes solutions for securing access, securing your data, securing all your clouds, defending against threats, and managing risk and privacy. Zero Trust benefits from AI-enabled solutions and provides the agile security required to protect the use of AI technologies. Developing and managing a trust fabric for your organization addresses the need for secure access. It can integrate with and inform each solution in your framework as needed for end-to-end visibility, defense, and optimization.     

The core threads of a trust fabric

The first key word is trust. Trustworthiness of human and non-human identities will be determined by real-time evaluation and verification of valid decentralized identity credentials. It isn’t an idea of “trust but verify.” It’s “actively verify, then trust.” And the second key word is fabric. According to Gartner^®, “Cybersecurity mesh, or cybersecurity mesh architecture (CSMA), is a collaborative ecosystem of tools and controls to secure a modern, distributed enterprise. It builds on a strategy of integrating composable, distributed security tools by centralizing the data and control plane to achieve more effective collaboration between tools. Outcomes include enhanced capabilities for detection, more efficient responses, consistent policy, posture and playbook management, and more adaptive and granular access control—all of which lead to better security”.¹ With a trust fabric, organizations first evaluate the risk level of any identity or action. Then, they apply a universal Conditional Access engine. It meters secure access with smart policies and decisions informed by governance, compliance, and current global cyberthreats. And it takes into account any important factors or anomalies relevant to the situation at any given moment.  

Figure 2. A trust fabric verifies identities, validates access conditions, checks permissions, encrypts the connection channel, and monitors for compromise.

For a trust fabric, the following capabilities and conditions must be continuously evaluated in real-time:   

• Verify the initiating identity is trustworthy, secure, and verified, as well as the resource, person, or AI they’re connecting with.    
• Protect the communication channel that transports data. 
• Ensure access extends no further than needed. 
• Sever the connection the moment fraud or risk is detected. 

The Microsoft trust fabric

At Microsoft, we continue to design and innovate our identity, endpoint, and network access portfolio to make the trust fabric a reality for our customers, today and tomorrow. Microsoft Entra helps our customers create their trust fabric for the era of AI that securely connects any trustworthy identity with anything, anywhere. 

Figure 3. Microsoft Entra is a comprehensive identity and network access solution for securing access for any trustworthy identity to any resource from anywhere.

It’s likely that your organization is already on the journey to create your own trust fabric. To be sure you’ve got the basics covered, we’ve documented the top “quick security wins” in our Microsoft Entra Fundamentals documentation on Microsoft Learn: 

• Enable multifactor authentication.
• Identity secure score.
• Improve your security posture.
• Integrating all your apps with Microsoft Entra ID.
• Security defaults.
• Block less secure authentications.

As organizations learn more about trust fabric and continue to apply Zero Trust principles, we’ll be sharing more of our perspective. To learn more about the four stages of trust fabric maturity and how to assess and plan for each stage, read our follow up blog, focusing on the four stages of trust fabric maturity and how to assess and plan for each stage.

Microsoft Entra

Protect any identity and secure access to any resource with a family of multicloud identity and network access solutions.

Explore products

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cybersecurity Mesh, Gartner.

The post How implementing a trust fabric strengthens identity and network appeared first on Microsoft Security Blog.

Alongside applauding our partners’ achievements, we highlighted the transformative impact of AI in security. AI is the defining technology of our time, revolutionizing how we anticipate, prevent, and respond to threats. MISA—a coalition of Microsoft leaders and subject matter experts, independent software vendors (ISVs), and managed security service providers (MSSPs)—and its members play a pivotal role in driving this evolution, ensuring a safer digital future for everyone.

Together, we work to defend organizations around the world from increasing cyberthreats. In San Francisco, California, on May 6, 2024, the first day of RSA Conference 2024 (RSAC), we were honored to bring together MISA members and Microsoft Security leadership to honor the top finalists and announce award winners.

“I’m so pleased to congratulate this year’s Microsoft Security Excellence awards recipients and to acknowledge all those who were nominated,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business. “Our partner community plays such an important role in helping our customers navigate a rapidly evolving cybersecurity landscape. Each of this year’s recipients demonstrates true innovation and an inspiring dedication to the mission of security. We are so proud to work alongside them in a shared commitment to building a safer world for everyone.”

Celebrating innovation and impact

This year we streamlined the award categories to spotlight the achievements that not only redefine our industry but also significantly advance our collective mission towards a more secure and efficient digital future.

We also introduced a new award category: the Endpoint Management Trailblazer, which celebrates partners’ contributions to modernizing endpoint and device management. As the landscape of cyberthreats continues to evolve, the security perimeter of organizations extends beyond traditional boundaries, making endpoint management more critical than ever.

Effective endpoint and device management ensures that every device connected to an organization’s network is continuously monitored and secured, reducing the risk of breaches. This not only includes safeguarding the devices themselves but also involves managing access to networks and data in a way that keeps up with the dynamic nature of cyberthreats.

By spotlighting our partners who excel in this area, we aim to underscore the importance of adopting forward-thinking security measures that align with the modern workplace’s needs, ultimately fostering a safer and more resilient digital environment for businesses and their stakeholders.

Meet the leaders behind this year’s awards

Executives from across Microsoft came together to recognize and celebrate all the award winner finalists and winners, including:

Security Trailblazer: Alym Rayani, Vice President Security GTM.

Compliance and Privacy Trailblazer: Herain Oberoi, General Manager, Data Security, Governance, Compliance, and Privacy.

Identity Trailblazer: Irina Nechaeva, General Manager, Identity and Network Access; and Morgan Webb, Principle Group Manager, Security Customer Experience Engineering.

Endpoint Management Trailblazer: Dilip Radhakrishnan, General Manager, Microsoft Intune.

Security Customer Champion: Jeffrey York, Vice President, Security Partner Investments and Incentives.

Security Changemaker: Ann Choi, General Manager, Commercial Cloud Partner Strategy.

Diversity in Security: Tara Knapp, Director, Security Business Development; and Tara Ragan, Channel Strategy and Operations Manager, Lighthouse.

Security MSSP of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Security ISV of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

2024 Security Excellence Award winners

In line with this year’s theme focused on the evolution of cybersecurity, we’re proud to spotlight the key role of innovative technology and dedicated individuals in shaping a more secure future. After receiving many impressive award nominations, our review panel shortlisted five nominees for each category, with winners determined by votes from Microsoft and MISA members. The finalists and winners in each category are:

Security Trailblazer 

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Bulletproof—Winner
• Atech Cloud
• BlueVoyant
• Kovrr
• Performanta

Compliance and Privacy Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in driving holistic or end-to-end Microsoft compliance or privacy strategy with customers.

• Lighthouse—Winner
• archTIS
• Infotechtion
• PwC
• Secude

Identity Trailblazer

Partners that are leaders in the identity space, have driven identity-related initiatives, and delivered innovative solutions or services with Microsoft Entra ID.

• Thales—Winner
• InSpark
• Oxford Computer Group
• Valence Security
• Wipro

Endpoint Management Trailblazer

Partners that have proven expertise in helping customers modernize their endpoint and device management posture while enabling organizations to reduce costs.

• water IT Security—Winner
• CGI
• Insight
• Senserva
• Synergy Advisors

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• Ascent Solutions—Winner
• Protiviti
• PwC
• Quorum Cyber
• Tanium

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Anna Webb, Kocho—Winner
• Adrianna Chen, D3 Security
• Ricardo Nicolini, Bulletproof
• Scott Edwards, Summit 7
• Tom Boltman, Kovrr

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• Avanade—Winner
• Check Point
• CyberProof a UST Company
• Entrust
• Eviden

Security MSSP of the Year  

MSSPs that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services that drive the end-to-end Microsoft Security stack to our mutual customers.       

• Wortell—Winner
• Difenda
• glueckkanja AG
• Quorum Cyber
• Transparity

Security ISV of the Year

ISVs that are all-around powerhouses, show growth potential, and have innovative security solutions that integrate with a MISA-qualifying security product.

• ContraForce—Winner
• Kovrr
• Netskope
• Senserva
• Silverfort

We’re ready for what’s next 

This was an amazing evening, bringing together MISA members, Microsoft executives, and future security experts. Many thanks to all who came, and congratulations again to all our finalists and winners. One constant within the ever-changing world of cybersecurity is the way our community comes together to protect and empower customers. We look forward to seeing everything you accomplish in the upcoming year. 

If you’re at RSA Conference May 6-9, 2024, come and visit us at the Microsoft Booth 6044 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. We’d love to see you at the following Theater sessions: 

• ContraForce and Bulletproof—Hyperautomation for SecOps Service Management. Tuesday, May 7, 2024, 5:00 PM PT to 5:20 PM PT.
• glueckkanja AG—Use Microsoft Copilot for Security to bring context to your incidents. Tuesday, May 7, 2024, 5:30 PM PT to 5:50 PM PT.  
• Kovrr—The need for Shift Up Strategy: Financially Quantifying C-Suite Cyber Risk Management Decisions. Wednesday, May 8, 2024, 5:00 PM PT to 5:20 PM PT. 
• Darktrace—Combining the power of Darktrace & Microsoft Copilot for Security to Empower the Modern SOC. Wednesday, May 8, 2024, 5:30 PM PT to 5:50 PM PT.
• Avanade—Real world stories of using Microsoft Purview Data Protection to enable responsible adoption of Copilot for Microsoft 365. ​Thursday May 9, 2024, 10:30 AM PT to 10:50 AM PT. 

Learn more

Learn more about the Microsoft Intelligent Security Association.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2024 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.

In 2015, when we introduced Windows Hello and Windows Hello for Business as secure ways to access Windows 10 without entering a password, our identity systems were detecting around 115 password attacks per second.¹ Less than a decade later, that number has surged 3,378% to more than 4,000 password attacks per second.² Password attacks are so popular because they still get results. It’s painfully clear that passwords are not sufficient for protecting our lives online. No matter how long and complicated you make your password, or how often you change it, it still presents a risk.

The good news is that we’ve made a lot of progress toward making passwords a relic of the past. For a while, you’ve been able to sign in to apps and websites using FIDO security keys, Windows Hello, or the Microsoft Authenticator app instead of a password. Since September 2021, you’ve not only been able to sign in to your Microsoft account without a password, but you’ve also been able to delete your password altogether.³ We’re almost there.

And now there’s an even better way to sign in to more places without passwords: passkeys.

The future of signing in

If you’re like many people, you probably still use passwords to sign in to most of your websites and apps, most likely from multiple devices. This can translate into hundreds of passwords to remember, unless you use a password manager. With passkeys, instead of creating, managing, remembering, and entering passwords, you access your digital accounts the same way you unlock your device—usually with your face, fingerprint, or device PIN. More and more apps and services are adding support for passkeys; you can already use them to sign in to the most popular ones. Passkeys are so much easier and more secure than passwords that we predict passkeys will replace passwords almost entirely (and we hope this happens soon).

Starting today, you can use a passkey to access your Microsoft account using your face, fingerprint, or device PIN on Windows, Google, and Apple platforms. Your passkey gives you quick and easy access to the Microsoft services you use every day, and it will do a much better job than your password of protecting your account from malicious attacks.

Easier and more secure than passwords

Think of how many times and places you sign in with a password every single day. Is it 10? 50? Not only is this a frustrating experience, it’s also an unreliable way to protect a digital account. Here’s why: When you enter a password to sign in to an account, you’re essentially sharing a secret with the website or app to prove that you should have access to the account. The problem is that anyone who gets a hold of this secret can gain access to your account, and if your password gets compromised and appears on the dark web, the repercussions can be serious.

To make your credentials stronger, an app or website might require you to make your password longer or more complex. But even if you follow all the best practices for creating “strong” passwords, it’s still a trivial exercise for hackers to guess, steal, or trick you into revealing them.

You may have experienced an attack yourself—you click on a link in an email that seems legitimate, which leads to a website that looks just like the one you’re used to, asking you to enter your credentials. But when you do, nothing happens, or you get an error message. By the time you notice that the URL in your browser address bar is different from the usual one, it’s too late. You’ve just been phished by a malicious website.

Many app and website providers understand that even complicated passwords aren’t good enough to protect your account, so they give you the choice to use two-step or multifactor authentication with approvals and codes sent to your phone, email, or an app. While traditional multifactor authentication can help protect your account, it’s not attacker-proof, and it creates another frustrating barrier between you and your content: all these access attempts, passwords, and codes on all your devices can really add up.

This is why we’re so enthusiastic about passkeys.

How passkeys work

Passkeys work differently than passwords. Instead of a single, vulnerable secret, passkey access uses two unique keys, known as a cryptographic key pair. One key is stored safely on your device, guarded by your biometrics or PIN. The other key stays with the app or website for which you create the passkey. You need both parts of the key pair to sign in, just as you need both your key and the bank’s key to get into your safety deposit box.

Because this key pair combination is unique, your passkey will only work on the website or app you created it for, so you can’t be tricked into signing in to a malicious look-alike website. This is why we say that passkeys are “phishing-resistant.”

Even better, all the goodness and strength of cryptographic authentication stays behind the scenes. All you have to do to sign in is use your device unlock gesture: look into your device camera, press your finger on a fingerprint reader, or enter your PIN. Neither your biometric information nor your PIN ever leaves your device and they never get shared with the site or service you’re signing in to. Passkeys can also sync between your devices, so if you lose or upgrade your device, your passkeys will be ready and waiting for you when you set up your new one.

The best part about passkeys is that you’ll never need to worry about creating, forgetting, or resetting passwords ever again.

Creating a passkey for your Microsoft account

Creating a passkey for your Microsoft account is easy. On the device where you want to create the passkey, follow this link, and choose the face, fingerprint, PIN, or security key option. Then follow the instructions on your device.

To learn more about creating passkeys for your Microsoft account, visit this guide.

Signing into your Microsoft account using a passkey

When you sign in to your Microsoft account, you can use your passkey by choosing Sign-in options and then selecting face, fingerprint, PIN, or security key. Your device will open a security window, and then you can use your passkey to sign in.

Figure 1. Signing in to your Microsoft account on mobile devices.

Today, you can use a passkey to sign in to Microsoft apps and websites, including Microsoft 365 and Copilot on desktop and mobile browsers. Support for signing into mobile versions of Microsoft applications using your passkey will follow in the coming weeks.

If you want to use passkeys to sign in to work-related apps and services, your admin can configure Microsoft Entra ID to accept passkeys hosted on a hardware security key or in the Microsoft Authenticator app installed on your mobile device.

In this era of AI, there’s unprecedented opportunity for creativity and productivity that empowers every person on the planet—including billions of Microsoft users who access services for work and life every day—to achieve more. Protecting and accessing your digital life doesn’t need to be a hassle, and you shouldn’t have to choose between simple access and safe access. Accessing your Microsoft account with a passkey lets you put the frustration of passwords and codes behind you, so you can focus on being creative and getting things done.

Happy World Password(less) Day!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Password Guidance, Microsoft Identity Protection Team.

²Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID, Joy Chik. July 11, 2023.

³The passwordless future is here for your Microsoft account, Vasu Jakkal. September 15, 2021.

The post Microsoft introduces passkeys for consumer accounts appeared first on Microsoft Security Blog.

Microsoft commends the DoD for approaching Zero Trust as a mindset, not a capability or device that may be bought.¹ Zero Trust can’t be achieved by a single technology, but through tight integration between solutions across product categories. Deciphering how security products achieve Zero Trust based on marketing materials alone is a daunting task. IT leaders need to select the right tools. Security architects need to design integrated solutions. Implementers need to deploy, configure, and integrate tools to achieve the outcomes in each Zero Trust activity.

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy. To learn more, see Configure Microsoft cloud services for the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust. We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust Strategy

The DoD released its formal Zero Trust Strategy in October 2022.¹ The strategy is a security framework and mindset that set a path for achieving Zero Trust. The strategy outlines strategic goals for adopting culture, defending DoD Information Systems, accelerating technology implementation, and enabling Zero Trust.

The DoD Zero Trust Strategy includes seven pillars that represent protection areas for Zero Trust:

1. User
2. Device
3. Applications and workloads
4. Data
5. Network
6. Automation and orchestration
7. Visibility and analytics

In January 2023, the DoD published a capabilities-based execution roadmap for implementing Zero Trust.² The roadmap details 45 Zero Trust capabilities spanning the seven pillars. The execution roadmap details the Zero Trust activities DoD Components should perform to achieve each Zero Trust capability. There are 152 Zero Trust activities in total, divided into Target Level Zero Trust and Advanced Level Zero Trust phases with deadlines of 2027 and 2032, respectively.

The Zero Trust activity-level guidance we’re announcing in this blog continues Microsoft’s commitment to supporting DoD’s Zero Trust strategy.³ It serves as a reference for how DoD Components should implement Zero Trust activities using Microsoft cloud services. Microsoft product teams and security architects supporting DoD worked in close partnership to provide succinct, actionable guidance side-by-side with the DoD Zero Trust activity text and organized by product with linked references.

We scoped the guidance to features available today (including public preview) for Microsoft 365 DoD and Microsoft Azure Government customers. As the security landscape changes, Microsoft will continue innovating to meet the needs of federal and DoD customers.⁴ We’re excited to bring entirely new Zero Trust technologies like Microsoft Copilot for Security and Security Service Edge to United States Government clouds in the future.⁵

Look out for announcements in the Microsoft Security Blog and check Microsoft’s DoD Zero Trust documentation to see the latest guidance.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.⁶ The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities that span all seven pillars of the DoD Zero Trust Strategy.

“Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual components will assist in reducing cost and risk to the government.”

 —Department of Defense Zero Trust Reference Architecture Version 2.0⁷

Microsoft 365 is a comprehensive and extensible Zero Trust platform.⁸ It’s a hybrid cloud, multicloud, and multiplatform solution. Pre-integrated extended detection and response (XDR) services coupled with modern cloud-based device management, and a cloud-based identity and access management service, provide a direct and rapid modernization path for the DoD and DIB organizations.

Read on to learn about Microsoft cloud services that support the DoD Zero Trust Strategy.

Figure 1. Microsoft Zero Trust Architecture.

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider. Microsoft Entra ID is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control.

Microsoft Entra ID is built for cloud-scale, handling billions of authentications every day. It uses industry standard protocols and is designed for both Microsoft and non-Microsoft apps. Establishing Microsoft Entra ID as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID. It enables dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Entra ID is essential to the user pillar and has a role in all other pillars of the DoD Zero Trust Strategy.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Microsoft Intune configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced threats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Conditional Access policies requiring a compliant device help achieve comply-to-connect  outcomes in the DoD Zero Trust Strategy.

Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions.

GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview is a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensure data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Microsoft Purview features align to the data pillar activities.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and Network Security Groups, all work together to provide routing, segmentation, and visibility into your network.

Azure networking services and network segmentation architectures are essential to the network pillar.

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt attacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Defender XDR plays a key role in automation and orchestration and visibility and analytics pillars.

Microsoft Sentinel is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Microsoft Sentinel is essential to automation and orchestration and visibility and analytics pillars along with any activities requiring SIEM integration.

Real-world pilots and implementations

The DoD is embracing Zero Trust as a continuous modernization effort. Microsoft has partnered with DoD Components for several years, onboarding Microsoft 365 services, integrating apps with Microsoft Entra, migrating Azure workloads, managing devices with Microsoft Intune, and building security operations around Microsoft Defender XDR and Microsoft Sentinel.

One such example is the United States Navy’s innovative Flank Speed program. The Navy’s large-scale deployment follows Zero Trust capabilities put forth in the DoD’s strategy. These capabilities include comply-to-connect, continuous authorization, least-privilege access, and data-centric security controls.⁹ To date, Flank Speed has onboarded more than 560,000 users and evaluated the effectiveness of its robust cybersecurity tools through Purple Team assessments.¹⁰

Another example is Army 365, the United States Army’s Microsoft 365 environment.¹¹ Army 365 has onboarded more than 1.4 million users and migrated petabytes of data.¹² The secure collaboration environment incorporates Zero Trust principles in a secure collaboration environment with identity and device protections and includes support for bring your own device (BYOD) through Azure Virtual Desktop.¹³

DoD Zero Trust Strategy and Roadmap

Learn how to configure Microsoft cloud services for the DoD Zero Trust Strategy.

Learn more

Learn more

Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DoD Zero Trust strategy, DoD CIO Zero Trust Portfolio Management Office. October 2022.

²Zero Trust Capability Execution Roadmap, DoD CIO Zero Trust Portfolio Management Office. January 2023.

³Microsoft supports the DoD’s Zero Trust strategy, Steve Faehl. November 22, 2022.

⁴5 ways to secure identity and access for 2024, Joy Chik. January 10, 2024.

⁵Microsoft Entra Expands into Security Service Edge with Two New Offerings, Sinead O’Donovan. July 11, 2023.

⁶Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report, Joy Chik. September 19, 2023.

⁷Department of Defense (DoD) Zero Trust Reference Architecture Version 2.0, Defense Information Systems Agency (DISA), National Security Agency (NSA) Zero Trust Engineering Team. July 2022.

⁸How Microsoft is partnering with vendors to provide Zero Trust solutions, Vasu Jakkal. October 21, 2021.

⁹Flank Speed Has Paved the Way for Navy to Become ‘Leaders in Zero Trust Implementation,’ Says Acting CIO Jane Rathbun, Charles Lyons-Burt, GovCon Wire. June 2023.

¹⁰Flank Speed makes significant strides in DOD Zero Trust Activity alignment, Darren Turner, PEO Digital. December 2023.

¹¹Army launches upgraded collaboration platform; cybersecurity at the forefront, Alexandra Snyder. June 17, 2021.

¹²Cohesive teams drive NETCOM’s continuous improvement, Army 365 migration, Enrique Tamez Vasquez, NETCOM Public Affairs Office. March 2023.

¹³BYOD brings personal devices to the Army network, Army Office of the Deputy Chief of Staff, G-6. February 2024.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

Software as a service (SaaS) adoption has accelerated at a lightning speed, enabling collaboration, automation, and innovation for businesses large and small across every industry vertical—from government, education, financial service to tech companies. Every SaaS application is now expanding its offering to allow better integration with the enterprise ecosystem and advanced collaboration features, becoming more of a “platform” than an “application.” To further complicate the security landscape, business users are managing these SaaS applications with little to no security oversight, creating a decentralized administration model. All this is leading to a growing risk surface with complex misconfigurations that can expose organization’s identities, sensitive data, and business processes to malicious actors. 

To combat this challenge, Valence and Microsoft Security work together to ensure that SaaS applications are configured according to the best security practices and improve the security posture of identities configured in each individual SaaS application. Together, Valence and Microsoft:  

• Centrally manage SaaS identities permissions and access.
• Enforce strong authentication by ensuring proper MFA (multi-factor authentication) and SSO (single sign-on) enrollment and managing local SaaS users.
• Detect and revoke unauthorized non-human SaaS identities such as APIs, service accounts, and tokens.
• Incorporate SaaS threat detection capabilities to improve SaaS incident response.

As most of the sensitive corporate data shifted from on-prem devices to the cloud, security teams need to ensure they manage the risks of how this data is being accessed and managed. Integrating Valence’s SaaS Security with the Microsoft Security ecosystem now provides a winning solution. 

SaaS applications are prime targets  

Recent high profile breaches have shown that attackers are targeting SaaS applications and are leveraging misconfigurations and human errors to gain high privilege access to sensitive applications and data. While many organizations have implemented SSO and MFA as their main line of defense when it comes to SaaS, recent major breaches have proven otherwise. Attackers have identified that MFA fatigue, social engineering and targeting the SaaS providers themselves can bypass many of the existing mechanisms that security teams have put in place. These add to high-profile breaches where attackers leveraged legitimate third-party open authorization (OAuth) tokens to gain unauthorized access to SaaS applications, and many more attack examples. 

State of SaaS security risks 

According to our 2023 SaaS Security Report which analyzed real SaaS environments to measure their security posture before they implemented an effective SaaS security program. The results showed that every organization didn’t enforce MFA on 100% of their identities—there are some exceptions, such as service accounts, contractors, and shared accounts, or simply lack of effective monitoring of drift. In addition, one out of eight SaaS accounts are dormant and not actively used. Offboarding users is not only important to save costs, but attackers also like to target these accounts for account takeover attacks since they are typically less monitored. Other key stats were that 90% of externally shared files haven’t been used by external collaborators for at least 90 days and that every organization has granted multiple third-party vendors organization-wide access to their emails, files, and calendars. 

Figure 1. Top SaaS Security gaps identified in the 2023 State of SaaS Security Report.

Holistic SaaS security strategy 

Establishing a holistic SaaS security strategy requires to bring together many elements—from shadow SaaS discovery, through strong authentication, identity management of both humans and non-humans, managing and remediating SaaS misconfigurations, enforcing data leakage prevention policies, and finally, establishing scalable incident response. Valence and Microsoft take security teams one step further toward a more holistic approach. 

Valence joined the Microsoft Intelligence Security Association (MISA) and integrated with Microsoft security products—Microsoft Entra ID and ​​​​Microsoft Sentinel—to enhance customers’ capabilities to manage their SaaS risks, effectively remediate them, and respond to SaaS breaches. The Valence SaaS Security Platform provides insight and context on SaaS risks such as misconfigurations, identities, data shares, and SaaS-to-SaaS integrations. Extending existing controls with SaaS Security Posture Management (SSPM) capabilities and SaaS risk remediation capabilities. Valence is also a proud participant of the Partner Private Preview of Microsoft Copilot for Security. This involves working with Microsoft product teams to help shape Copilot for Security product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Copilot for Security’s extensibility. 

Figure 2. Illustrative data: The Valence Platform provides a single pane of glass to find and fix SaaS risk across four core use cases: data protection, SaaS to SaaS governance, identity security, and configuration management. 

Secure SaaS human and non-human identities

In the modern identity-first environment, most attackers focus on targeting high privilege users, dormant accounts, and other risks. Enforcing zero trust access has become a core strategy for many security teams. Security teams need to identify all the identities they need to secure. Microsoft Entra SSO management combined with Valence’s SaaS application monitoring—to detect accounts created—provides a holistic view into human identities and non-human (Enterprise Applications, service accounts, APIs, OAuth and 3rd party apps).  

Microsoft Entra ID centrally enforces strong authentication such as MFA and Valence discovers enforcement gaps or users that are not managed by the central SSO. Valence also monitors the SaaS applications themselves to discover the privileges granted to each identity and provides recommendations on how to enforce least privilege with minimal administrative access. To continuously validate verification based on risks, the final piece of zero trust strategy, Valence leverages the risky users and service principals signals from Microsoft Entra ID and combines them with signals from other SaaS applications for a holistic view into identity risks. 

Protect SaaS applications 

Microsoft has a wide SaaS offering that is fueling enterprise innovation. These services are central to core business functions and employee collaboration, cover many use cases, and are spread across multiple business units, but are tied together in many cases such as identity and access management, and therefore their security posture is often related as well. Managing the security posture of SaaS services can be complex because of the multiple configurations and the potential cross service effects that require security teams to build their expertise across a wide range of SaaS.  

Many security teams view SaaS apps as part of their more holistic view into SaaS security posture management and would like to create cross-SaaS security policies and enforce them. Valence’s platform integrates with Microsoft Entra ID and other SaaS services using Microsoft via Microsoft Graph to normalize the complex data sets and enable security teams to closely monitor the security posture of their SaaS applications in Microsoft alongside the rest of their SaaS environment. 

Enhance SaaS threat detection and incident response 

Improving SaaS security posture proactively reduces the chances of a breach, but unfortunately SaaS breaches can still occur, and organizations need to prepare their threat detection coverage and incident response plans. The built in human and non-human identity threat detection capabilities of Microsoft Entra ID, combined with Microsoft Sentinel log correlation and security automation, and Microsoft Copilot for Security’s advanced AI capabilities, create a powerful combination to detect and respond to threats. Valence expands existing detections from compromised endpoint and identity with important SaaS context—for example, did the compromise device belong to a SaaS admin user? Did the compromised identity perform suspicious activities in other SaaS applications? The expanded detections provide critical insights to prioritize and assess the blast radius of breaches. Additionally, Valence’s SaaS threat detection can trigger threat detection workflows in Microsoft products based on its unique indicator of compromise monitoring. 

Together, Valence and Microsoft combine the best of all worlds when it comes to SaaS security. From SaaS discovery, through SaaS security posture management, remediating risks, and detecting threats—Valence and Microsoft enable secure adoption of SaaS applications. Modern SaaS risks and security challenges require a holistic view into SaaS risk management and remediation. Get started today. 

About Valence Security 

Valence is a leading SaaS security company that combines SSPM and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications. With Valence, security teams can empower their business to securely adopt SaaS. Valence is backed by leading cybersecurity investors like Microsoft’s M12 and YL Ventures, and is trusted by leading organizations. Valence is available for purchase through Azure Marketplace. For more information, visit their website. 

Be among the first to hear about new products, capabilities, and offerings at Microsoft Secure digital event on March 13, 2024.​ Learn from industry luminaries and influencers. Register today.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Secure SaaS applications with Valence Security and Microsoft Security​​ appeared first on Microsoft Security Blog.

In a scenario familiar to many universities worldwide, Claremont Graduate University (CGU), a renowned research university located in Southern California, was struggling with how to bring Oracle PeopleSoft Campus Solutions into its Microsoft 365 and Microsoft Entra ID (formerly Azure Active Directory) environment and enable multifactor authentication and single sign-on (SSO) for students and staff who access Oracle PeopleSoft on a daily basis. The only option for the resource-strapped IT department seemed to be an expensive development effort until the university discovered Datawiza and accomplished its goal in just a few weeks.

CGU lacked security expertise and SDK programming experience to connect PeopleSoft to Microsoft Entra ID themselves. The IT team also lacked the resources to consult with PeopleSoft, Microsoft, and outside security resources, or had to hire a third party to do the project. The combination of Datawiza and Microsoft enabled CGU to quickly and easily connect PeopleSoft to Microsoft Entra ID and enable multifactor authentication and SSO. Datawiza swiftly crafted a proof of concept that CGU then thoroughly tested. Once approved, Datawiza promptly configured the solution to precisely suit the university’s needs, subsequently transitioning it to production.

Universities like CGU rely on PeopleSoft, one of the first client-server solutions introduced in the 1990s to store student records, which typically includes personally identifiable information (PII), such as social security numbers, credit card numbers, transcripts, schedules, financial aid history, and more. Though it remains a powerful and functional solution, PeopleSoft has no built-in support for modern security standards such as multifactor authentication or SSO, nor does it easily connect to Microsoft Entra ID to bridge the gap.

As a result, CGU students and staff needed to log into an application outside of their secure Microsoft account to access and update information in PeopleSoft. This led to confusion and frustration for them and significant ongoing support issues and trouble tickets related to password management. It also increased security risks as users who must remember multiple passwords are more likely to write them down and leave them where others can access them.

“With Datawiza, CGU was able to rapidly enhance security and improve the user experience for Oracle PeopleSoft through [multifactor authentication] and SSO without having to go through the time and expense of coding their own connector,” said Manoj Chitre, Associate Vice President and Chief Information Officer, Technology Services and Information Systems at Claremont Graduate University. “The response from students and staff has been tremendous. Users no longer need to maintain and remember a separate PeopleSoft password, and the number of trouble tickets related to PeopleSoft login issues has plummeted.”

Today, nearly 2,000 GCU students and staff access PeopleSoft through multifactor authentication and their single SSO password, completely eliminating the unnecessary security risk, as well as all the time and resource-consuming effort associated with IT having to maintain a separate password environment for PeopleSoft.

“Microsoft Entra ID is the flagship of our identity and access solutions which help organizations secure access to everything in a hybrid, multicloud world. We are pleased to see companies like Datawiza support this mission through the Microsoft Intelligent Security Association.” 

– Irina Nechaeva, General Manager, Identity, Microsoft

Datawiza, the Zero Trust Access Management Platform

Datawiza provides Microsoft Entra ID-based SSO and multifactor authentication integration with PeopleSoft using Security Assertion Markup Language (SAML) or OpenID Connect. The cloud-native, no-code or low-code Datawiza platform can be deployed in minutes and connected to PeopleSoft—and other legacy or on-premises applications—without the need for Oracle Access Manager or Oracle Identity Cloud Service and without any application patches or additional installations for the existing PeopleSoft deployment.

Once PeopleSoft is connected to Microsoft Entra ID, IT administrators can also easily apply existing Microsoft Entra Conditional Access policies to PeopleSoft.

Datawiza is a simple, highly secure platform consisting of two major components. The Datawiza Access Proxy (DAP) is a lightweight container-based proxy. DAP integrates with identity providers to enable SSO, multifactor authentication, and granular authorization. DAP can be deployed in a customer’s environment or hosted by the Datawiza Cloud. The Datawiza Cloud Management Console (DCMC) is a centralized console for configuring access policies. DCMC aggregates logs and provides visibility. Once the solution is set up and configured by Datawiza, IT administrators will only need to manage user access through the DCMC.

Datawiza: A trusted solution

Datawiza joined the Microsoft Intelligent Security Association Program (MISA) in February 2021, and the solution has previously been described in detail in a MISA blog post. Datawiza is also a fully managed service built by security experts, eliminating the need for a university’s IT team to deploy and manage a new solution or hire or contract with additional security expertise. This makes the combination of Datawiza and Microsoft the easiest and most powerful way to rapidly improve security and user access for the valuable data stored in PeopleSoft.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Learn more

The Datawiza Platform is available in the Microsoft commercial marketplace. More information and a free trial are also available on the Datawiza website.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.    

Learn more about Microsoft Entra ID.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post How Datawiza uses Microsoft Entra ID to help universities simplify access appeared first on Microsoft Security Blog.

With more than 3,000 different activities (also known as operations) logged into the Microsoft 365 suite, knowing which are useful for your investigation can be daunting. With these guides, our goal is to make triaging and analyzing data in Microsoft 365 simpler. Many of these operations are data-based storytelling vehicles, helping Microsoft Incident Response to piece together an attack chain from beginning to end. We have worked on hundreds of cloud-centric cases with our customers, and while tactics, techniques, and procedures (TTPs) change with the times, analysis methodology and data triage techniques remain consistently successful. To enable Microsoft Incident Response to find ground truth quickly and effectively in an investigation, data mining based on known factors is essential. The known factors could be investigation specific, such as an IP address, known compromised username, or suspicious user agent string. It is also just as important to filter based on how actors move through a cloud environment and gather data. This is where these guides come into their own, and our hope is that sharing these guides can help you in the same way they help us every day.

Microsoft Incident Response guides

These new one-page guides from Microsoft Incident Response helps security teams analyze cyberthreat data in Microsoft 365 and Microsoft Entra.

Download the guides

Analyze the Unified Audit Log in Microsoft 365

First up is our general Microsoft 365 guide, centered around key activities in Exchange Online and SharePoint—Microsoft 365 products commonly targeted in cybersecurity attacks. Keep in mind that the motives of a Threat Actor, the tools available to them, and the level of access they have achieved will determine the actions they take. No two incidents are ever the same.

Actions carried out in a tenant are recorded in the Unified Audit Log, which can be accessed from the Security Portal or through PowerShell. You can filter the audit log by date, user, activity, IP address, or file name. You can also export the audit log to a CSV file for further analysis.

Most of the operations in these sheets are self-explanatory in nature, but a few deserve further context:

SearchQueryPerformed—A user or an administrator has performed a search query in SharePoint Online or OneDrive for Business. This operation returns information about a search query performed in SharePoint Online, including the query text used. Keep in mind that interacting with certain components of SharePoint will trigger background ‘searches.’

SearchQueryInitiatedSharePoint and SearchQueryInitiatedExchange—These operations are only logged if you have enabled them using the Set-Mailbox PowerShell cmdlet. This operation is much like SearchQueryPerformed, but applies to mailbox-level searches.

SearchExportDownloaded—A report was downloaded of the results from a content search in Microsoft 365. This operation returns information about the content search, such as the name, status, start time, and end time.

Update—A message item was updated, including metadata. One example of this is when an email attachment is opened, which updates the metadata of the message item and generates this event. An update operation is not always indicative of an email message being purposefully modified by a Threat Actor.

FileSyncDownloadedFull—User establishes a sync relationship and successfully downloads files for the first time to their computer from a SharePoint or OneDrive for Business document library.

Detailed identity and access data with Microsoft Entra

Our Microsoft Entra guide covers actions which allow organizations to manage and protect their identities, data, and devices in the cloud. As an industry-leading identity platform, Microsoft Entra ID offers advanced security features, such as multifactor authentication, Conditional Access policies, identity protection, privileged access management, and identity governance.

To view the activities performed by users and administrators in Microsoft Entra ID, you can use the Microsoft Entra ID audit log, which stores events related to role management, device registration, and directory synchronization to name a few. To view detailed sign-in information, you can use the Sign-In Logs. The events located in these two data sources can help you detect and investigate security incidents, such as unauthorized access or configuration changes to the identity plane.

You can use the following methods to access Microsoft Entra ID audit log data:

Microsoft Entra Admin Portal—Go to the portal and sign in as an administrator. Navigate to Audit and/or Sign-ins under Monitoring. Filter, sort, and export the data as needed.

Graph PowerShell—Install the Graph PowerShell module and connect to Microsoft Entra ID. Use Get-MgAuditLogDirectoryAudit and/or Get-MgAuditLogSignIn to get the data you need.

Microsoft Graph API—Register an application in Microsoft Entra ID and give it the permissions to read audit log data (AuditLog.Read.All and Directory.Read.All). Use /auditLogs/directoryAudits and /auditLogs/signIns API endpoints to query the data, along with query parameters such as $filter to refine the results.

Most of the operations in these sheets are self-explanatory in nature, but as with our Microsoft 365 operations, a few deserve further context:

Suspicious activity reported—This log event indicates that a user or an administrator has reported a sign-in attempt as suspicious. The log event contains information about the reported sign-in—such as the user, the IP address, the device, the browser, the location, and the risk level. It also shows the status of the report—whether it was confirmed, dismissed, or ignored by the user or the administrator. This log event can help identify potential security incidents, including phishing, credential compromise, or malicious insiders.

Update application: Certificates and secrets management—This log event indicates that an administrator has updated the certificates or secrets associated with an application registered in Microsoft Entra ID—such as creation, deletion, expiration, or renewal. Applications are frequently misused by Threat Actors to gain access to data, making this a critical administrative event if found during an investigation.

Any operation ending in ‘(bulk)’—These are interesting as they demonstrate a bulk activity being performed—such as ‘Download users’ or ‘Delete users.’ Keep in mind, however, that these are only logged if the bulk activity is performed using the graphical user interface. If PowerShell is used, you will not see these entries in your log.

Elevate Access—Assigns the currently logged-in identity the User Access Administrator role in Azure Role-Based Access Control at root scope (/). This grants permissions to assign roles in all Azure subscriptions and management groups associated with the Microsoft Entra directory. This toggle is only available to users who are assigned the Global Administrator role in Microsoft Entra ID. It can be used by Threat Actors to gain complete control of Azure resources, often for the purposes of crypto mining or lateral movement from cloud to on-premises.

Improve security analysis with the Microsoft Incident Response guides

We hope that these one-page guides will be a valuable resource for you when you need to quickly identify and analyze suspicious or malicious activity in Microsoft 365 and Microsoft Entra ID. Print them out, save them as your desktop background, or put them on a mouse pad. Whatever you do, let us know what you find useful and remember that the audit logs in Microsoft 365 and Microsoft Entra ID are not the only source of evidence in a cloud-based case, and you should always correlate and validate your findings with other data sources where possible.

To access further information on what data lies in these logs and how you can access them, reference the following blog posts from the Microsoft Incident Response team:

• Forensic artifacts in Office 365 and where to find them—Microsoft Community Hub.
• Good UAL Hunting—Microsoft Community Hub.

Learn more

Learn more about Microsoft Incident Response.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post New Microsoft Incident Response guides help security teams analyze suspicious activity appeared first on Microsoft Security Blog.

Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impact on the identity and access management (IAM) postures of both companies. With a newly combined workforce, where does all the user information live? Where are the authentications going to be handled? What changes are going to be made for authorization to applications; will users have access to the apps of the other organization? All these problems must be solved quickly in order to provide continuous day-to-day operations in a secure way.

While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and time-consuming process. The untangling (and re-entangling) of dozens or hundreds of enterprise applications and their identity stacks takes time and deliberation. Meanwhile, there may be immense pressure from users and app owners for secure access to the appropriate apps, along with pressure from regulators and investors to unlock and demonstrate value from the combined organization. Not to mention the pressure from investors and the board to deliver immediate value after the transaction’s close.

As one of the most comprehensive and advanced IAM platforms available today, Microsoft Entra ID is often the choice to be the dominant set of identity services in the combined architecture. Microsoft strives to make the merger and acquisition process as easy as possible and works with Strata Identity for a seamless integration. Strata’s Maverics Identity Orchestration platform does this by acting as abstraction layer to accelerate and simplify the path to consolidation.

The identity challenges with mergers and acquisitions

Addressing IAM issues is one of the most pressing issues in a merger and acquisition scenario. Typically, other operational issues such as application workloads can continue to operate in their status quo indefinitely until such time as it makes sense to address them. The cybersecurity implications of user access, however, are immediate and need to be addressed quickly, whether this be through some sort of identity consolidation, or through a higher-level abstraction encompassing the existing systems.

One factor that makes a migration complex is the tendency for applications to be tightly coupled with their current identity provider (IdP). When creating an application, developers and app owners may end up writing code that is very specific to their current IdP. Switching that IdP is seldom trivial, especially for long-lived applications that may have been written against a now-legacy protocol, or may have “rolled their own” authentication and authorization. Very often this calls for a complete rewrite of the application; an onerous task that is particularly daunting years or decades after its inception, when the original app team may be long gone.

This makes the common natural approach of wholesale migration somewhat untenable, especially with the time constraints imposed by governance and regulation. Even disregarding those factors, the sheer expense of refactoring and rewriting a sizable portion of your application library—anything older than about five years is probably using an outdated security profile—is prohibitively expensive.

The end goal in a merger and acquisition scenario is to quickly (and cost effectively) transition to a unified and tractable IAM posture, despite having a mix of user pools, protocols, and applications tightly coupled. Such transitions often need to happen in weeks or months, whereas a wholesale rewrite-and-migration might take years.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Addressing your merger and acquisition challenges with Microsoft Entra ID and Strata Identity

Strata Identity takes a different approach to the challenges of managing disparate identity systems during a merger or acquisition. Instead of focusing on a migration of identities, Strata’s Maverics Identity Orchestration Platform provides an abstraction layer on top of your apps, IdPs, and services to enable you to create your own identity fabric.

The Maverics Platform is composed of individual Orchestrators distributed throughout the target environment. These lightweight Orchestrators can live anywhere within the infrastructure on any operating system within Kubernetes clusters or just on standalone virtual machines. They act as a distributed mesh of control, able to pull identity information from any system—whether that be through directing for authentication or just pulling additional user information for an existing session—and convert identity information into the formats needed and expected by applications.

Importantly, this approach means that existing applications do not need to be refactored or rewritten as part of the identity consolidation process. Any application that cannot be trivially swapped over to a new source of identity information—and, importantly, that isn’t up-to-date on the very latest security practices—is simply harnessed by Maverics. It continues to consume identity information in the way that it has always known and Maverics handles the rest. Sessions that are allowed to flow through to the application have had the Microsoft Entra identity controls applied for both authentication and authorization before the traffic is permitted to reach the application in the first place. Even app owners have their burdens reduced significantly, being needed only for some basic smoke testing during a changeover.

This also allows for a deliberate and calculated roll out of changes to your infrastructure. No more stressful projects with hard cutover dates, with those long all-or-nothing weekend cutovers and the associated frantic testing of every application to make sure everything transitioned smoothly. Using the Maverics platform from Strata allows for measured incremental changes. Cutover a single application, at a time—or even a subset of an application’s users—and test with leisure.

Better yet, if any issues are found the rollback is trivial. Since Maverics is acting as an abstraction layer over the identity process, the swapping between user stores or IdPs is handled in one simple interface. The user is unlikely to notice any impact at all as changes are made—either to migrate to the new identity source or to roll back to the old configuration.

Another benefit of this approach is that user impacting changes can be rolled out with deliberation, giving users a chance to acclimate to any new process. Let’s say, for instance, that as part of your migration you need to add multifactor authentication to a body of users that didn’t use it previously. The identity abstraction layer allows you to notify your users of impending changes, and can even assist in the enrollment of the new security factors.

This abstraction layer lets Maverics serve as the single pane of glass through which you can view the combined identity systems, securely controlling all access while, at the same time, making the incremental updates and changes to move the locus of control from these disparate systems into Microsoft Entra ID.

Strata Identity: The last mile in mergers and acquisitions with Microsoft Entra ID

With Strata’s Maverics Orchestration Platform, mergers and acquisitions don’t have to be a long, risky, and labor-intensive effort. By adding an abstraction layer over the existing identity stacks, Strata makes shifting control of authentication and authorization over to Microsoft Entra ID seamless and simple, regardless of how complex and disjointed the previous implementation might have been. Strata also prevents the nightmare of having to rewrite all your apps, using its ability to harness legacy apps with modern identity protocols to save your team immense time and effort.

About Strata Identity

Strata Identity is a pioneer in Identity Orchestration for multicloud and hybrid cloud. The orchestration recipe-powered Maverics platform enables organizations to integrate and control incompatible identity systems with an identity fabric that does not change the user experience or require rewriting apps. By decoupling applications from identity, Maverics makes it possible to implement modern authentication, like passwordless, and enforce consistent access policies without refactoring apps.

The Maverics platform is available on the Azure Marketplace and is an IP co-sell Benefits Eligible solution.

Learn more

Learn more about Microsoft Entra ID.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions appeared first on Microsoft Security Blog.