Tools like Microsoft Purview Compliance Manager, Microsoft Secure Score, and regulatory compliance dashboard in Microsoft Defender for Cloud are great ways for an organization to benchmark and communicate its security and compliance posture.

This blog post will offer these learnings to CISOs and IT security teams to set their relationship with the cybersecurity committee of the board up for success.

Microsoft Purview Compliance Manager

Meet multicloud compliance requirements across global, industrial, or regional regulations and standards.

Learn more

The cybersecurity committee of the board

The United States Securities and Exchange Commission (SEC) adopted rules in July 2023¹ to expand the scope of its cybersecurity reporting requirements for publicly traded companies,² making the governance of IT security by the board of directors and the cybersecurity expertise of board members reportable to the marketplace.

Corporate governance benchmarks including the Institutional Shareholder Services (ISS) ESG Governance QualityScore, widely used by analysts and for some executive compensation are including IT security measurements in their scoring.³ Cybersecurity is recognized as requiring governance from the board of directors. Boards are changing to make this possible.

The IT security function was viewed as the province of technical specialists, to be given some increased investment for a more hostile security landscape and in response to high profile security incidents. Cybersecurity was not considered a focus area of the board like finance, audit, or executive compensation. This has changed. Boards are seating directors with IT security expertise and asking for more communication from the IT security team, usually through the CISO.

Mandate of the cybersecurity committee

The mandate of the cybersecurity committee includes learning about the organization’s IT security team. To optimize the relationship, the security team needs to understand how the board and the cybersecurity committee work as well.

The cybersecurity committee will have a mandate, vetted and granted by the board members and likely the chief executive officer (CEO). This mandate will be set out in a corporate document that describes the responsibilities of the committee, the content, and frequency of their reports and the type of information they are to review. The CISO should understand the mandate and with it the scope of the committee to know how to best and most efficiently partner with them. A proactive CISO can contribute to the formulation of the mandate, avoiding conflict and inefficiency, and setting the relationship up for success.

Beyond the mandate document, the board will likely have public-facing Rules of Procedure. This document sets out the mission, duties, and operations of the board. It will likely also have a section describing the various board committees, their operations, and responsibilities.

The committee will be focused on discharging these responsibilities in an auditable way.

Time on the agenda of board meetings is at a premium. A typical two-hour meeting agenda might include:

• Approval of the last board meeting minutes.
• Review of first half results.
• Review of Environmental Social and Governance (ESG) report and ESG committee recommendations.
• Approval of board members’ expenses.
• Financial and business outlook.
• Business plan update.
• Review of next meeting dates.

Some of these are mandated by law, leaving little time for discretionary topics. There may be four or five such board meetings per year. The cybersecurity committee will have a slot on the agenda slot as will other business.

A board may receive a briefing from the CISO on current state and plan once a year. The CISO may be called on to provide ad hoc input on risks, incidents, or other emerging topics.

A cybersecurity committee is a subgroup of the board. It is led by one or two directors that have a relatively high level of cybersecurity expertise. They should:

• Understand the IT security function, policies, standards, current state, and plan.
• Offer their opinion as to how the current state and plan aligns with the company’s risk management posture and business objectives.
• Identify areas in current state and plan that need focus from the IT security function.
• Communicate blockers and advocate for the security function with the board and executives.

The committee is accountable for reporting to the board on these items.

Working with the cybersecurity committee

The board and the CISO need to align on how they will work together. They need to agree on efficient ways to get the information and context the committee needs to achieve its mandate.

This is an opportunity for the CISO to leverage their existing reporting and documents to the extent possible. A CISO who is proactive and suggests a framework will be a good partner to the committee. This will reduce the level of effort for the security team going forward.

The role of the board and the committee is to act on behalf of the shareholders to manage risk—not to manage the IT security team, the plan, or be accountable for cybersecurity. That’s the CISO’s job.

Board members often serve on multiple boards and have high profile roles in other organizations. They need information that is on target, that they can consume quickly, and report with confidence to stakeholders. Effective communication includes:

Context

What does it mean to the business?

Cybersecurity risk and planning should be communicated in similar format to the financial and business risk that the board is used to managing.

Progress to plan should be shown in context. A security roadmap for a minimum of three years should be shared with progress and changes tracked over time.

The focus should be on a holistic IT security strategy and architecture spanning infrastructure, services, internal, vendors, on-premises, cloud, and culture.

Objective data

Recommendations from the IT security team should be presented together with objective information that supports it.

Key performance indicators (KPIs) should be agreed upon and visualized over time to expose trends. The committee should see that the right things are being monitored but not expect to drill down into every KPI.

Objective outputs that can show trends and be mapped to investments in security include Secure Score in Microsoft Defender. Secure Score monitors platform as a service (PaaS) and infrastructure as a service (IaaS) cloud, hybrid, and on-premises environments in Microsoft Azure, Amazon Web Services, and Google Cloud Platform.    

Microsoft Secure Score is a similar service focused on the improvement of security posture of a company’s Microsoft 365 software as a service (SaaS), including identity, devices, and applications.

The score, which is expressed as a percentage from 0 to 100, is shown with a list of recommendations that can be undertaken to meet security controls. These security controls should be considered for the security roadmap. As the controls are implemented, the Secure Score increases.

A company should not be focused on driving Secure Score to 100 percent but rather that the recommendations are considered in light of the company’s risk appetite and security roadmap. If the score is not rising as expected then the reason should be understood.

Similarly Microsoft Purview Compliance Manager provides Compliance Score for Microsoft 365. For Azure customers, Microsoft provides the regulatory compliance dashboard in Microsoft Defender for Cloud, which also provides visibility into the compliance posture of non-Microsoft clouds. These solutions are vehicles to help customers objectively assess and communicate the company’s compliance posture with their most important regulatory standards.

The updated security roadmap, with progress indicated, should be presented to the committee, and the KPIs should broadly track with this progress, allowing an increased confidence in the organization’s security posture and trends.

Align with the mandate of the committee

Working with the cybersecurity committee and the board will involve communicating to a diverse group whose first expertise may not be information technology. We need to teach.

We also need to learn. The committee operates within its mandate. Servicing this mandate is the primary focus of the committee. It will come before other subjects we may want to discuss. Map these subjects to the committee’s mandate.

The board operates within its rules of procedure. We will be much more effective if we are familiar with these. If we map our asks and replies to the committee’s mandate, our communication will be well received and we’ll strengthen the partnership. If we understand the rules of procedure we can avoid ad hoc engagement and communicate our message effectively.

The mandate may indicate that a report from the committee is due to the board in advance of the Annual General Meeting. If we’ve agreed on the information needed to service the mandate, we can be proactive about providing this. We can anticipate questions and put challenges in context with what they mean to the business and what we’re doing to address them.

Confidentiality

Some of the materials provided to the cybersecurity committee will require confidentiality. They should be watermarked or encrypted per company policy. Board members are not employees, and they probably don’t have a company email address or access to the company network. The tools and procedures will need to take this into account.

The reporting of the cybersecurity committee to the board is also confidential. Beyond bad actors, the information may be taken out of context by analysts or those seeking to harm the company’s reputation. Security controls should be agreed with the CISO to ensure that the documents provided to and produced by the cybersecurity committee will be limited in distribution to the committee, company leadership and the office of the CISO.

Some board documents are shared with shareholders and made available to the public, such as minutes of the board meetings. Where input from the CISO or the cybersecurity committee for these documents is needed, it should be made sufficiently general so as not to expose the company to risk.

Get started with committee collaboration

The formation of a cybersecurity committee as part of a company’s board will mean more scrutiny of the IT security function. More time will be devoted to communicating and reporting.

The CISO and their team will get visibility with the board and can use this to advocate for the resources and cultural changes they need to protect the company. Productive, efficient interaction with the committee can build a partnership with the board, which protects and adds value for the company.

Learn more

Learn more about Microsoft Purview Compliance Manager.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on X at @MSFTSecurity for the latest news and updates on cybersecurity.

¹SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, SEC. July 26, 2023.

²SEC cyber risk management rule—a security and compliance opportunity, Steve Vandenberg. March 1, 2023.

³IT security: An opportunity to raise corporate governance scores, Steve Vandenberg. August 8, 2022.

The post Working with a cybersecurity committee of the board appeared first on Microsoft Security Blog.

Securing multicloud environments is a deeply nuanced task, and many organizations struggle to fully safeguard the many different ways cyberthreat actors can compromise their environment. In our latest report, “2024 State of Multicloud Security Risk,” we analyzed usage patterns across Microsoft Defender for Cloud, Microsoft Security Exposure Management, Microsoft Entra Permissions Management, and Microsoft Purview to identify the top multicloud security risks across Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and beyond. This is the first time Microsoft has released a report sharing key insights across aspects of cloud security, including identity and data. 

This multidimensional analysis is key because it provides deeper visibility into all of the angles cyberattackers can use to breach cloud environments. For example, we found that more than 50% of cloud identities had access to all permissions and resources in 2023. Can you imagine what would happen if even one of these “super identities” were compromised? Looking beyond identity and access, we also discovered significant vulnerabilities in development and runtime environments and within organizations’ data security postures. These threats and more are the driving forces behind Microsoft’s work to advance cybersecurity protections by sharing the latest security intelligence and through programs like the recently expanded Secure Future Initiative, which works to guide Microsoft advancements according to secure by design, secure by default, and secure operations principles.

Read on for our topline insights from the report.

2024 State of Multicloud Security

The new report shares trends and insights to drive an integrated multicloud security strategy.

Read the report

1. Multicloud security demands a proactive, prioritized approach  

Any practitioner who has worked in cloud security can tell you just how challenging it is to analyze, prioritize, and address the hundreds of security alerts they receive every day. Security teams are also responsible for managing all exposed assets and other potential risk vectors. The average multicloud estate has 351 exploitable attack paths that lead to high-value assets, and we discovered more than 6.3 million exposed critical assets among all organizations.  

Cloud security posture management (CSPM) is one solution, but rather than taking a siloed approach, we recommend driving deeper, more contextualized CSPM as part of a cloud-native application protection platform (CNAPP).  

CNAPPs are unified platforms that simplify securing cloud-native applications and infrastructure throughout their lifecycle. Because CNAPPs can unify CSPM with things like multipipeline DevOps security, cloud workload protections, cloud infrastructure entitlement management (CIEM), and cloud service network security (CSNS), they can correlate alerts and eliminate visibility gaps between otherwise disparate tools. This allows security teams to proactively identify, prioritize, and mitigate potential cyberattack paths before they can be exploited. 

2. CNAPP embeds secure best practices throughout the entire application lifecycle

Properly securing cloud-native applications and infrastructure from initial code development to provisioning and runtime is a significant challenge area for many organizations. We found that 65% of code repositories contained source code vulnerabilities in 2023, which remained in the code for 58 days on average. Given that one quarter of high-risk vulnerabilities are exploited within 24 hours of being published, this creates a significant window for threat actors to take advantage and compromise your environment.²

In addition to delivering proactive protection during runtime, CNAPP can act as a shared platform for security teams to work with developers to unify, strengthen, and manage multipipeline DevOps security. And because CNAPP unites multiple cloud security capabilities under a single umbrella, security teams can also enforce full-lifecycle protections from a centralized dashboard. This shifts security left and heads off development risks before they become a problem in runtime.  

3. Organizations need a unified security approach to secure cross-cloud workloads

Multicloud security goes deeper than attack path analysis and strong DevSecOps. Organizations also need to examine how the growing use and variety of cloud workloads impact their exposure to cyberthreats. When cloud workloads span across multiple cloud environments, that creates a more complex threat landscape with additional complexities and dependencies that require proper configuration and monitoring to secure.  

Microsoft’s CNAPP solution, Microsoft Defender for Cloud, has an extended detection and response (XDR) integration that provides richer context to investigations and allows security teams to get the complete picture of an attack across cloud-native resources, devices, and identities. Roughly 6.5% of Defender for Cloud alerts were connected to other domains—such as endpoints, identities, networks, and apps and services—indicating cyberattacks that stretched across multiple cloud products and platforms.  

Rather than using individual point solutions to manage cross-cloud workload threats, organizations need an easy way to centralize and contextualize findings across their various security approaches. A CNAPP delivers that unified visibility. 

4. Securing growing workload identities requires a more nuanced approach

Also central to multicloud security is the idea of identity and access management. In the cloud, security teams must monitor and secure workload identities in addition to user identities. These workload identities are assigned to software workloads, such as apps, microservices, and containers. The growing usage of workload identities creates several challenges. 

For starters, workload identities make up 83% of all cloud identities within Microsoft Entra Permissions Management. When examining the data, we found that 40% of these workload identities are inactive—meaning they have not logged in or used any permissions in at least 90 days. These inactive identities are not monitored the same way as active identities, making them an attractive target for cyberattackers to compromise and use to move laterally. Workload identities can also be manually embedded in code, making it harder to clean them without triggering unintended consequences.  

What’s concerning, though, is the fact that the average organization has three human super identities for every seven workload super identities. These workload super identities have access to all permissions and resources within the multicloud environment, making them an enormous risk vector that must be addressed. And because workload identities are growing significantly faster than human identities, we expect the gap between human and workload super identities to widen rapidly.  

Security teams can address this risk by establishing visibility into all existing super identities and enforcing least privilege access principles over any unused or unnecessary permissions—regardless of the cloud they access. 

5. CIEM drives visibility and control over unused permissions

Speaking of permissions, our report found that more than 51,000 permissions were granted to users and workloads (up from 40,000 in 2022). With more permissions come more access points for cyberattackers.  

A CIEM can be used to drive visibility across the multicloud estate, eliminating the need for standing access for super identities, inactive identities, and unused permissions. Just 2% of human and workload identity permissions were used in 2023, meaning the remaining 98% of unused permissions open organizations up to unnecessary risk.  

By using a CIEM to identify entitlements, organizations can revoke unnecessary permissions and only allow just-enough permissions, just in time. This approach will significantly mitigate potential risks and enhance the overall security posture.  

6. A multilayered data security approach eliminates complexity and limits blind spots

Finally, organizations need a comprehensive data security approach that can help them uncover risks to sensitive data and understand how their users interact with data. It’s also important to protect and prevent unauthorized data use throughout the lifecycle using protection controls like encryption and authentication. 

A siloed solution won’t work, as organizations with 16 or more point solutions experience 2.8 times as many data security incidents as those with fewer tools. Instead, organizations should deploy integrated solutions through a multilayered approach that allows them to combine user and data insights to drive more proactive data security. At Microsoft, we accomplish this through Microsoft Purview—a comprehensive data security, compliance, and governance solution that discovers hidden risks to data wherever it lives or travels, protects and prevents data loss, and investigates and responds to data security incidents. It can also be used to help improve risk and compliance postures and meet regulatory requirements. 

Uncover strategies for mitigating your biggest multicloud risks 

Ultimately, multicloud security has multiple considerations that security teams must account for. It is not a check-the-box endeavor. Rather, security teams must continuously enforce best practices from the earliest stages of development to runtime, identity and access management, and data security. Not only must these best practices be enforced throughout the full cloud lifecycle, but they must also be standardized across all cloud platforms.

In a recent episode of our podcast, Uncovering Hidden Risks, we sat down with Christian Koberg-Pineda, a Principal Security DevOps Engineer at S.A.C.I. Falabella, to dive into his journey toward uncovering the challenges and strategies for safeguarding cloud-native applications across various cloud platforms. In it, he talks about the complexity of securing multiple clouds, including navigating differing configurations, technical implementations, and identity federation.

“One of the most relevant characteristics of cloud computing is that you can scale things on demand. As cloud security expert, you must think in scale too. You need to implement a security tool that is also capable of scaling together with your infrastructure or your services.”

– Christian Koberg-Pineda, Principal Security DevOps Engineer at S.A.C.I. Falabella

For more information on creating a secure multicloud environment, download the full “2024 State of Multicloud Security Risk” report and check out the below resources.  

• Uncovering Hidden Risks Podcast Episode 18: Navigating Multicloud Security Risks, A Customer Story.
• 2024 State of Multicloud Security Risk Report Infographic.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹SANS 2023 Multicloud Survey: Navigating the Complexities of Multiple Cloud,  SANS Institute. 

²1 in 4 high-risk CVEs are exploited within 24 hours of going public, SC Media.

The post 6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy appeared first on Microsoft Security Blog.

Security is our top priority at Microsoft—above all else—and our expanded Secure Future Initiative underscores our company-wide commitment to making the world a safer place for everyone. I am proud that Microsoft is prioritizing security in the age of AI as we continue to innovate with a security-first mindset. 

Today, new capabilities are now available in Microsoft Defender and Microsoft Purview to help organizations secure and govern generative AI applications at work. These releases deliver purpose-built policy tools and better visibility to help you secure and govern generative AI apps and their data. We are also delivering a new unified experience for the security analyst and integrating Microsoft Copilot for Security across our security product portfolio.  

You’ll be able to see firsthand these innovations and more across the Microsoft Security portfolio at RSA Conference (RSAC). I also hope you will also join me on Tuesday, May 7, 2024, for “Securing AI: What We’ve Learned and What Comes Next,” to explore the strategies that every organization can implement to securely design, deploy, and govern AI.

Secure your AI transformation with Microsoft Security

Wherever your organization is in your AI transformation, you will need comprehensive security controls to secure govern your AI applications and data throughout their lifecycle—development, deployment, and runtime.  

With the new capabilities announced today, Microsoft becomes the first security provider to deliver end-to-end AI security posture management, threat protection, data security, and governance for AI.

Discover new AI attack surfaces, strengthen your AI security posture, and protect AI apps against threats with Microsoft Defender for Cloud. Now security teams can identify their entire AI infrastructure—such as plugins, SDKs, and other AI technologies—with AI security posture management capabilities across platforms like Microsoft Azure OpenAI Service, Azure Machine Learning, and Amazon Bedrock. You can continuously identify risks, map attack paths, and use built-in security best practices to prevent direct and indirect attacks on AI applications, from development to runtime.

Integrated with Microsoft Azure AI services, including Microsoft Azure AI Content Safety and Azure OpenAI, Defender for Cloud will continuously monitor AI applications for anomalous activity, correlate findings, and enrich security alerts with supporting evidence. Defender for Cloud is the first cloud-native application protection platform (CNAPP) to deliver threat protection for AI workloads at runtime, providing security operations center (SOC) analysts with new detections that alert to malicious activity and active threats, such as jailbreak attacks, credential theft, and sensitive data leakage. Additionally, SOC analysts will be able facilitate incident response with native integration of these signals into Microsoft Defender XDR.

Identify and mitigate data security and data compliance risks with Microsoft Purview. Give your security teams greater visibility into and understanding of which AI applications are being used and how to help you safeguard your data effectively in the age of AI. The Microsoft Purview AI Hub, now in preview, delivers insights such as sensitive data shared with AI applications, total number of users interacting with AI apps and their associated risk level, and more. To prevent potential oversharing of sensitive data, new insights help organizations identify unlabeled files that Copilot references and prioritize mitigation of oversharing risks. Additionally, we are excited to announce the preview of non-compliant usage insights in the AI Hub to help customers discover potential AI interactions that violate enterprise and regulatory policies in areas like hate and discrimination, corporate sabotage, money laundering, and more.

Govern AI usage to comply with regulatory policies with new AI compliance assessments in Microsoft Purview. We understand how important it is to comply with regulations, and how complicated it can be when deploying new technology. Four new Compliance Manager assessment templates, now in preview, are available to help you assess, implement, and strengthen compliance with AI regulations and standards, including EU AI Act, NIST AI RMF, ISO/IEC 23894:2023, and ISO/IEC 42001. The new assessment insights will also be surfaced within the Purview AI Hub, providing recommended actions to support compliance as you onboard and deploy AI solutions.

Together we can help everyone pursue the benefits of AI, by thoughtfully addressing the new risks. The new capabilities in Microsoft Defender for Cloud and Microsoft Purview, which build on top of the innovations we shared at Microsoft Ignite 2023 and Microsoft Secure 2024, are important advancements in empowering security teams to discover, protect, and govern AI—whether you’re adopting software as a service (SaaS) AI solutions or building your own.

Read more about all of the new capabilities and features that help you secure and govern AI.

Strengthening end-to-end security with a unified security operations platform

We continue investing in our long-standing commitment to providing you with the most complete end-to-end protection for your entire digital estate. There is an immediate need for tool consolidation and AI to gain the speed and scale required to defend against these new digital threats. Microsoft integrates all of the foundational SOC tools—cloud-native security information and event management (SIEM), comprehensive native extended detection and response (XDR), unified security posture management, and generative AI—to deliver true end-to-end threat protection in a single platform, with a common data model, and a unified analyst experience.  

The new unified security operations platform experience, in preview, transforms the real-world analyst experience with a simple, approachable user experience that brings together all the security signals and threat intelligence currently stuck in other tools. Analysts will have more context at every stage, with helpful recommendations and suggestions for automation that make investigation and response easier than ever before. We are also introducing new features across Microsoft Sentinel and Defender XDR, including global search, custom detections, and automation rules.

We are also pleased to announce a number of additional new features and capabilities that will empower your security operations center (SOC) to work across Microsoft security products for stronger end-to-end security.

• Microsoft Security Exposure Management initiatives help your security team identify risky exposures and instances of insufficient implementation of essential security controls, to find opportunities for improvement.
• SOC analysts can now use insider risk information as part of their investigation in Microsoft Defender XDR.
• Microsoft Defender XDR expands to include native operational technology (OT) protection, enabling automatic correlation of OT threat signal into cross-workload incidents and the ability to manage OT and industrial control system vulnerabilities directly within Defender XDR.
• Expanded attack disruption in Microsoft Defender XDR, powered by AI, machine learning, and threat intelligence, will cover new attack scenarios like disabling malicious OAuth apps and will significantly broaden compromised user disruption, such as leaked credentials, stuffing, and guessing.
• Microsoft Sentinel launches SOC Optimizations to provide tailored guidance to help manage costs, increase the value of data ingested, and improve coverage against common attack techniques.

Expanded Microsoft Copilot for Security integrations

When it comes to supporting security teams and relieving complexity, Microsoft Copilot for Security offers a great advantage. Greater integration of Copilot across the Microsoft security portfolio and beyond provides richer embedded experiences and Copilot capabilities from familiar and trusted products. We are proud to announce new Microsoft Copilot for Security integrations, including Purview, new partner plugins, Azure Firewall, and Azure Web Application Firewall. These integrations provide your security teams with real-time guidance, deeper investigative insights, and expanded access to data from across your environment.  

Security for the era of AI

An end-to-end security platform will be a determining factor in every organization’s transformation and will play a critical role in the durability of AI-powered innovation. Organizations that focus on securing AI and invest in using AI to strengthen security will be the lasting leaders in their industries and markets. Microsoft is committed to empowering these industry and market leaders with security solutions that can help them achieve more. We bring together four critical advantages: large-scale data and threat intelligence; the most complete end-to-end platform; industry leading, responsible AI; and tools to help you secure and govern AI.

With the general availability of Copilot for Security, Microsoft has delivered on our promise to put industry-leading generative AI into the hands of IT and security professionals of all levels of experience. Now, with today’s release of new capabilities in Defender for Cloud and Microsoft Purview, we are also delivering on our commitment to empower IT and security teams with the tools they need to take advantage of AI safely, responsibly, and securely.

Lastly and importantly, security is a team sport. We look forward to working together with the industry and our partners on advancing cyber security for all. 

I do hope you’ll connect with us at RSAC this week, where we will be demonstrating our comprehensive security portfolio and how it helps you protect your environment from every angle to prepare for and confidently adopt and deploy AI. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post New capabilities to help you secure your AI transformation appeared first on Microsoft Security Blog.

Microsoft commends the DoD for approaching Zero Trust as a mindset, not a capability or device that may be bought.¹ Zero Trust can’t be achieved by a single technology, but through tight integration between solutions across product categories. Deciphering how security products achieve Zero Trust based on marketing materials alone is a daunting task. IT leaders need to select the right tools. Security architects need to design integrated solutions. Implementers need to deploy, configure, and integrate tools to achieve the outcomes in each Zero Trust activity.

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy. To learn more, see Configure Microsoft cloud services for the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust. We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust Strategy

The DoD released its formal Zero Trust Strategy in October 2022.¹ The strategy is a security framework and mindset that set a path for achieving Zero Trust. The strategy outlines strategic goals for adopting culture, defending DoD Information Systems, accelerating technology implementation, and enabling Zero Trust.

The DoD Zero Trust Strategy includes seven pillars that represent protection areas for Zero Trust:

1. User
2. Device
3. Applications and workloads
4. Data
5. Network
6. Automation and orchestration
7. Visibility and analytics

In January 2023, the DoD published a capabilities-based execution roadmap for implementing Zero Trust.² The roadmap details 45 Zero Trust capabilities spanning the seven pillars. The execution roadmap details the Zero Trust activities DoD Components should perform to achieve each Zero Trust capability. There are 152 Zero Trust activities in total, divided into Target Level Zero Trust and Advanced Level Zero Trust phases with deadlines of 2027 and 2032, respectively.

The Zero Trust activity-level guidance we’re announcing in this blog continues Microsoft’s commitment to supporting DoD’s Zero Trust strategy.³ It serves as a reference for how DoD Components should implement Zero Trust activities using Microsoft cloud services. Microsoft product teams and security architects supporting DoD worked in close partnership to provide succinct, actionable guidance side-by-side with the DoD Zero Trust activity text and organized by product with linked references.

We scoped the guidance to features available today (including public preview) for Microsoft 365 DoD and Microsoft Azure Government customers. As the security landscape changes, Microsoft will continue innovating to meet the needs of federal and DoD customers.⁴ We’re excited to bring entirely new Zero Trust technologies like Microsoft Copilot for Security and Security Service Edge to United States Government clouds in the future.⁵

Look out for announcements in the Microsoft Security Blog and check Microsoft’s DoD Zero Trust documentation to see the latest guidance.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.⁶ The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities that span all seven pillars of the DoD Zero Trust Strategy.

“Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual components will assist in reducing cost and risk to the government.”

 —Department of Defense Zero Trust Reference Architecture Version 2.0⁷

Microsoft 365 is a comprehensive and extensible Zero Trust platform.⁸ It’s a hybrid cloud, multicloud, and multiplatform solution. Pre-integrated extended detection and response (XDR) services coupled with modern cloud-based device management, and a cloud-based identity and access management service, provide a direct and rapid modernization path for the DoD and DIB organizations.

Read on to learn about Microsoft cloud services that support the DoD Zero Trust Strategy.

Figure 1. Microsoft Zero Trust Architecture.

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider. Microsoft Entra ID is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control.

Microsoft Entra ID is built for cloud-scale, handling billions of authentications every day. It uses industry standard protocols and is designed for both Microsoft and non-Microsoft apps. Establishing Microsoft Entra ID as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID. It enables dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Entra ID is essential to the user pillar and has a role in all other pillars of the DoD Zero Trust Strategy.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Microsoft Intune configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced threats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Conditional Access policies requiring a compliant device help achieve comply-to-connect  outcomes in the DoD Zero Trust Strategy.

Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions.

GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview is a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensure data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Microsoft Purview features align to the data pillar activities.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and Network Security Groups, all work together to provide routing, segmentation, and visibility into your network.

Azure networking services and network segmentation architectures are essential to the network pillar.

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt attacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Defender XDR plays a key role in automation and orchestration and visibility and analytics pillars.

Microsoft Sentinel is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Microsoft Sentinel is essential to automation and orchestration and visibility and analytics pillars along with any activities requiring SIEM integration.

Real-world pilots and implementations

The DoD is embracing Zero Trust as a continuous modernization effort. Microsoft has partnered with DoD Components for several years, onboarding Microsoft 365 services, integrating apps with Microsoft Entra, migrating Azure workloads, managing devices with Microsoft Intune, and building security operations around Microsoft Defender XDR and Microsoft Sentinel.

One such example is the United States Navy’s innovative Flank Speed program. The Navy’s large-scale deployment follows Zero Trust capabilities put forth in the DoD’s strategy. These capabilities include comply-to-connect, continuous authorization, least-privilege access, and data-centric security controls.⁹ To date, Flank Speed has onboarded more than 560,000 users and evaluated the effectiveness of its robust cybersecurity tools through Purple Team assessments.¹⁰

Another example is Army 365, the United States Army’s Microsoft 365 environment.¹¹ Army 365 has onboarded more than 1.4 million users and migrated petabytes of data.¹² The secure collaboration environment incorporates Zero Trust principles in a secure collaboration environment with identity and device protections and includes support for bring your own device (BYOD) through Azure Virtual Desktop.¹³

DoD Zero Trust Strategy and Roadmap

Learn how to configure Microsoft cloud services for the DoD Zero Trust Strategy.

Learn more

Learn more

Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DoD Zero Trust strategy, DoD CIO Zero Trust Portfolio Management Office. October 2022.

²Zero Trust Capability Execution Roadmap, DoD CIO Zero Trust Portfolio Management Office. January 2023.

³Microsoft supports the DoD’s Zero Trust strategy, Steve Faehl. November 22, 2022.

⁴5 ways to secure identity and access for 2024, Joy Chik. January 10, 2024.

⁵Microsoft Entra Expands into Security Service Edge with Two New Offerings, Sinead O’Donovan. July 11, 2023.

⁶Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report, Joy Chik. September 19, 2023.

⁷Department of Defense (DoD) Zero Trust Reference Architecture Version 2.0, Defense Information Systems Agency (DISA), National Security Agency (NSA) Zero Trust Engineering Team. July 2022.

⁸How Microsoft is partnering with vendors to provide Zero Trust solutions, Vasu Jakkal. October 21, 2021.

⁹Flank Speed Has Paved the Way for Navy to Become ‘Leaders in Zero Trust Implementation,’ Says Acting CIO Jane Rathbun, Charles Lyons-Burt, GovCon Wire. June 2023.

¹⁰Flank Speed makes significant strides in DOD Zero Trust Activity alignment, Darren Turner, PEO Digital. December 2023.

¹¹Army launches upgraded collaboration platform; cybersecurity at the forefront, Alexandra Snyder. June 17, 2021.

¹²Cohesive teams drive NETCOM’s continuous improvement, Army 365 migration, Enrique Tamez Vasquez, NETCOM Public Affairs Office. March 2023.

¹³BYOD brings personal devices to the Army network, Army Office of the Deputy Chief of Staff, G-6. February 2024.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

Fragmentation is in the way

The market has responded with dozens of products that address this challenge locally. Security and governance teams often bolt on security controls to protect individual data stores, having to stitch together a patchwork of solutions. This approach not only strains resources but is also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.

In Microsoft’s most recent Data Security Index report, we found that 74% of organizations experienced some sensitive data exposure in the past year. Similarly, 68% of companies reported not being able to gather the right data insights, leading to poor data quality.² And even though organizations are quickly adopting generative AI, less than half of business leaders are confident in their organization’s ability to mitigate AI risks and adhere to its upcoming regulations.³ In the era of AI, before unlocking the power of data, organizations are looking for integrated security and governance solutions to help them confidently activate their data estate.

“In the age of data-driven decision making, organizations must recognize that governance practices are prerequisites for extracting trusted and responsible insights from their data. Without proper security and governance, analytics initiatives are at risk of producing unreliable or compromised results, which in turn negatively impacts business outcomes.”

—Chandana Gopal, Research Director, Enterprise Intelligence, IDC

Microsoft Purview—Seamlessly securing and confidently activating your data estate

The rise of generative AI and data democratization in the form of new analytics tools has made organizations look inward to adopt responsible analytics practices. At Microsoft, we believe that the key to responsible analytics is in adopting integrated solutions to secure your data, so you can confidently activate it. Security and governance are no longer an aftermath to data deployments, they are table stakes.

In 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate. Since then, the teams have worked tirelessly to bring this vision to life. With a unified approach, Microsoft Purview combines a variety of capabilities to allow customers to seamlessly secure, and confidently activate data, while adhering to regulatory requirements in one single solution built on a shared set of AI-powered data governance, classification, and audit logging, all under a unified management experience.

Seamlessly secure your data with built-in controls

With the rapid adoption of platforms such as Microsoft Fabric, we are excited to announce new innovations—all in preview—to help organizations adopt built-in data security across their most utilized systems. Starting today, we are enabling the following experiences:

• Built-in protections: Business users can now apply label-based protections—a familiar concept to the millions of users who employ Microsoft 365 labels and data loss prevention (DLP) policies, into Microsoft Fabric workloads. 
• Consistent enforcements: Admins can now extend their label-based protections across structured and unstructured data stores, including Microsoft Azure SQL, Microsoft Azure Data Lake Storage, and Amazon S3 buckets.
• Data risk detections: Data doesn’t move itself. People move data. Security teams can now ingest signals coming from Microsoft Fabric into the millions of signals across Microsoft Purview Insider Risk Management.

Click here to watch the Microsoft Mechanics video to see this scenario in action!

These capabilities enable a confident approach to data democratization as organizations work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to seamlessly secure your data estate with our new capabilities.

Confidently activate your data with modern data governance

We are thrilled to introduce the new Microsoft Purview Data Governance experience. This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate. The new experience is:

• Business-friendly, federated, multicloud: Purpose-built for federated governance with efficient data office management and oversight that offers customizable business terms, roles, and policies for your multisource, multicloud data estate.
• Designed for business efficiency: Scan and search data assets and accelerate your practice with built-in templates, terms, and policy recommendations served up based on your metadata. Define data quality policies that follow the data through your governance practice.
• Actionable and informative: Aggregated actions and health insights help you put the practice in data governance by showcasing the overall health of your governed estate through built-in reports while interactive summarized actions help you improve the overall posture of your data governance practice.

Click here to learn more about our new modern Data Governance experience.

Expanding across your data estate

These innovations, all in public preview, are just the beginning of our journey to provide you with an integrated solution to secure and govern your data estate. We invite you to try them out and share your feedback with us. These capabilities will come in a new pay-as-you-go consumptive model, available at no additional cost during preview in the near term, with pricing details to follow in the future.

Join us at the Fabric Community Conference

Please join us at the first ever Microsoft Fabric Community Conference in Las Vegas. If you’re attending, don’t miss the “Microsoft Purview for the Age of AI” keynote and our sessions on Microsoft Purview. Explore more details on how Microsoft Purview can help you and read our e-book “Crash Course in Microsoft Purview: A guide to securing and managing your data estate.”

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on X at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Worldwide Global DataSphere and Global StorageSphere Structured and Unstructured, DOC #US50397723, Data Forecast, 2023–2027 Market Forecast. June 13, 2023.

²2022 Chief Data Officer survey, Deloitte. September 2022.

³ISMG First Annual Generative AI Study: Business rewards vs. Security Risks. January 31, 2024.

The post The foundation for responsible analytics with Microsoft Purview appeared first on Microsoft Security Blog.

Microsoft Copilot for Security

Powerful new capabilities, new integrations, and industry-leading generative AI—generally available on April 1, 2024.

Learn more

We are inspired by the results of our second Copilot for Security economic study, which shows that experienced security professionals are faster and more accurate when using Copilot, and they overwhelmingly want to continue using Copilot. The gains are truly amazing:

• Experienced security analysts were 22% faster with Copilot.
• They were 7% more accurate across all tasks when using Copilot.
• And, most notably, 97% said they want to use Copilot the next time they do the same task.

This new study focuses on experienced security professionals and expands the randomized controlled trial we published last November, which focused on new-in-career security professionals. Both studies measured the effects on productivity when analysts performed security tasks using Copilot for Security compared to a control group that did not. The combined results of both studies demonstrate that everyone—across all levels of experience and types of expertise—can make gains in security with Copilot. When we put Copilot in the hands of security teams, we can break down barriers to entry and advancement, and improve the work experience for everyone. Copilot enables security for all.

Copilot for Security is now pay-as-you-go

Toward our goal of enabling security for all, Microsoft is also introducing a provisioned pay-as-you-go licensing model that makes Copilot for Security accessible to a wider range of organizations than any other solution on the market. With this flexible, consumption-based pricing model, you can get started quickly, then scale your usage and costs according to your needs and budget. Microsoft Copilot for Security will be available for purchase starting April 1, 2024. Connect with your account representative now so your organization can be among the first to enjoy the incredible gains from Copilot for Security.

Global availability and broad ecosystem

General availability means Copilot for Security will be available worldwide on April 1, 2024. Copilot is multilingual and can process prompts and respond in eight languages with a multilingual interface for 25 different languages, making it ready for all major geographies across North and South America, Europe, and Asia.

Copilot has grown a broad, global ecosystem of more than 100 partners consisting of managed security service providers and independent software vendors. We are so grateful to the partners who continue to play a vital role in empowering everyone to confidently adopt safe and responsible AI.

Partners can learn more about integrating with Copilot.

New Copilot for Security product innovations

Microsoft Copilot for Security helps security and IT professionals amplify their skillsets, collaborate more effectively, see more, and respond faster.

As part of general availability, Copilot for Security includes the following new capabilities:

• Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams and tasks.
• Knowledge base integrations, in preview, empowers you to integrate Copilot for Security with your business context, so you can search and query over your proprietary content.
• Multi-language support now allows Copilot to process prompts and respond in eight different languages with 25 languages supported in the interface.  
• Third-party integrations from global partners who are actively developing integrations and services.
• Connect to your curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyze the most up-to-date information on your organization’s external attack surface risks.
• Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue analysis of audit logs related to a specific user or event, summarized in natural language.
• Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimization.

To dive deeper into the above announcement and learn about pricing, read the blog on Tech Community. Read the full report to dig into the complete results of our research study or view the infographic. To learn more about Microsoft Copilot for Security, visit our product page or check out our solutions that include Copilot. If you’re interested in a demo or are ready to purchase, please contact your sales representative.

“Threat actors are getting more sophisticated. Things happen fast, so we need to be able to respond fast. With the help of Copilot for Security, we can start focusing on automated responses instead of manual responses. It’s a huge gamechanger for us.” 

—Mario Ferket, Chief Information Security Officer, Dow 

AI-powered security for all

With general availability, Copilot for Security will be available as two rich user experiences: in an immersive standalone portal or embedded into existing security products.

Integration of Copilot with Microsoft Security products will make it even easier for your IT and security professionals to take advantage of speed and accuracy gains demonstrated in our study. Enjoy the product portals you know and love, now enhanced with Copilot capabilities and skills specific to use cases for each product.

The unified security operations platform, coming soon, delivers an embedded Copilot experience within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR) that will prompt users as they investigate and respond to threats. Copilot automatically surfaces relevant details for summaries, drives efficiency with guided response, empowers analysts at all levels with natural language to Kusto Query Language (KQL) and script and file analysis, and now includes the ability to assess risks with the latest Microsoft threat intelligence.

Copilot in Microsoft Entra user risk investigation, now in preview, helps you prevent identity compromise and respond to threats quickly. This embedded experience in Microsoft Entra provides a summary in natural language of the user risk indicators and tailored guidance for resolving the risk. Copilot also recommends ways to automate prevention and resolution for future identity attacks, such as with a recommended Microsoft Entra Conditional Access policy, to increase your security posture and keep help desk calls to a minimum.

To help data security and compliance administrators prioritize and address critical alerts more easily, Copilot in Microsoft Purview now provides concise alert summaries, integrated insights, and natural language support within their trusted investigation workflows with the click of a button.

Copilot in Microsoft Intune, now in preview, will help IT professionals and security analysts make better-informed decisions for endpoint management. Copilot in Intune can simplify root cause determination with complete device context, error code analysis, and device configuration comparisons. This makes it possible to detect and remediate issues before they become problems.

Discover, protect, and govern AI usage

As more generative AI services are introduced in the market for all business functions, it is crucial to recognize that as this technology brings new opportunities, it also introduces new challenges and risks. With this in mind, Microsoft is providing customers with greater visibility, protection, and governance over their AI applications, whether they are using Microsoft Copilot or third-party generative AI apps. We want to make it easier for everyone to confidently and securely adopt AI.

To help organizations protect and govern the use of AI, we are enabling the following experiences within our portfolio of products:

• Discover AI risks: Security teams can discover potential risks associated with AI usage, such as sensitive data leaks and users accessing high-risk applications.
• Protect AI apps and data: Security and IT teams can protect the AI applications in use and the sensitive data being reasoned over or generated by them, including the prompts and responses.
• Govern usage: Security teams can govern the use of AI applications by retaining and logging interactions with AI apps, detecting any regulatory or organizational policy violations when using those apps, and investigating any new incidents.

At Microsoft Ignite in November 2023, we introduced the first wave of capabilities to help secure and govern AI usage. Today, we are excited to announce the new out-of-the-box threat detections for Copilot for Microsoft 365 in Defender for Cloud Apps. This capability, along with the data security and compliance controls in Microsoft Purview, strengthens the security of Copilot so organizations can work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to secure and govern AI.

Expanded end-to-end protection to help you secure everything

Microsoft continues to expand on our long-standing commitment to providing customers with the most complete end-to-end protection for your entire digital estate. With the full Microsoft Security portfolio, you can gain even greater visibility, control, and governance—especially as you embrace generative AI—with solutions and pricing that fit your organization. New or recent product features include:

Microsoft Security Exposure Management is a new unified posture and attack surface management solution within the unified security operations platform that gives you insights into your overall assets and recommends priority security initiatives for continuous improvement. You’ll have a comprehensive view of your organization’s exposure to threats and automatic discovery of critical assets to help you proactively improve your security posture and lower the risk of exposure of business-critical assets and sensitive data. Visualization tools give you an attacker’s-eye view to help you investigate exposure attempts and uncover potential attack paths to critical assets through threat modeling and proactive risk exploration. It’s now easier than ever to identify exposure gaps and take action to minimize risk and business disruption.

Adaptive Protection, a feature of Microsoft Purview, is now integrated with Microsoft Entra Conditional Access. This integration allows you to better safeguard your organization from insider risks such as data leakage, intellectual property theft, and confidentiality violations. With this integration, you can create Conditional Access policies to automatically respond to insider risks and block user access to applications to secure your data.

Microsoft Communication Compliance now provides both sentiment indicators and insights to enrich Microsoft Purview Insider Risk Management policies and to identify communication risks across Microsoft Teams, Exchange, Microsoft Viva Exchange, Copilot, and third-party channels. 

Microsoft Intune launched three new solutions in February as part of the Microsoft Intune Suite: Intune Enterprise Application Management, Microsoft Cloud PKI, and Intune Advanced Analytics. Intune Endpoint Privilege Management is also rolling out the option to enable support approved elevations.

Security for all in the age of AI

Microsoft Copilot for Security is a force multiplier for the entire Microsoft Security portfolio, which integrates more than 50 categories within six product families to form one end-to-end Microsoft Security solution. By implementing Copilot for Security, you can protect your environment from every angle, across security, compliance, identity, device management, and privacy. In the age of AI, it’s more important than ever to have a unified solution that eliminates the gaps in protection that are created by siloed tools.

The coming general availability of Copilot on April 1, 2024, is truly a milestone moment. With Copilot, you and your security team can confidently lead your organization into the age of AI. We will continue to deliver on Microsoft’s vision for security: to empower defenders with the advantage of industry-leading generative AI and to provide the tools to safely, responsibly, and securely deploy, use, and govern AI. We are so proud to work together with you to drive this AI transformation and enable security for all.

Join us April 3, 2024, at the Microsoft Secure Tech Accelerator for a deep dive into technical information that will help you and your team implement Copilot. Learn how to secure your AI, see demonstrations, and ask our product team questions. RSVP now.

Microsoft Secure

Watch the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization.

Watch now

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities appeared first on Microsoft Security Blog.

With the growing use of AI in litigation and number of data storage locations, the process of ediscovery gets increasingly more complex and must be more agile, comprehensive, and integrated. The tools legal professionals need in today’s digital environment necessitate using advanced tools such as AI to locate the relevant data quickly and securing data in a way that complies with myriad regulations and major challenges.

To help you secure data and address your needs efficiently in the age of AI, we’re making it easier to safeguard and manage compliance of data using generative AI tools. Recent advanced capabilities of Microsoft Purview eDiscovery are aimed at giving you the advantage. If you’re attending the Legalweek conference in New York City from January 29 to February 1, 2024, we’d love to connect. Read on for an overview of what you can expect our experts to discuss, and keep scrolling for sessions and other ways to connect with us at Legalweek.

Microsoft at Legalweek: How generative AI helps address eDiscovery challenges

Microsoft is continuously innovating to ensure our solutions help organizations achieve their objectives, and Microsoft Purview is no exception. We are committed to enhancing Microsoft Purview for an improved overall user experience. Offering the advantages of AI is a further step toward this commitment. In November 2023, we announced new features and capabilities of Microsoft Purview eDiscovery harnessing Microsoft Security Copilot.

The latest release of eDiscovery enables the search, discovery, preservation, review, and export of Copilot interactions in Microsoft 365 across Word, Excel, PowerPoint, Microsoft Teams, and other applications. This boosts the efficiency of eDiscovery—an essential tool that allows you to search for evidence and gain an understanding of what occurred for informed decision-making.

Here are two advantages of the combination of eDiscovery and generative AI for legal professionals:

Efficient handling of massive datasets

The volume of data produced in litigation necessitates a solution that can keep up. Microsoft Purview eDiscovery features intelligent, machine learning capabilities to make it easier to locate the most relevant items for review, and help you get started quickly.

Two new Copilot capabilities in Microsoft Purview help you better manage huge datasets by helping you to:

• Accelerate and refine your search: A successful investigation relies on an accurate search but query-building can be challenging. Creating a query in Keyword Query Language (KQL) can be time-consuming. Soon available in preview, a new capability lets you provide a prompt in natural language and Copilot will translate the query into KQL.
• Accelerate and navigate your investigation: Based on conversations with our customers, eDiscovery admins and managers spent 60% of their time reviewing evidence collected in review sets. Soon in preview, a new capability lets you generate document summaries and walks you through your investigation with guided prompts.   

Compliance with constantly changing regulations

Integrating AI technology like Microsoft Security Copilot into your existing eDiscovery workflows gives you more careful accounting of your sensitive or confidential information or evidence of intellectual property. This makes it much easier to satisfy the numerous regulations that dictate how data can be collected, stored, used, and managed.

Microsoft Purview makes it easy to comply by providing tools for data risk identification and regulatory requirement management. In addition, this solution features expanded risk detections gathering signals from infrastructure clouds and third-party apps, including Amazon Web Services (AWS), Box, Dropbox, and GitHub.

Compliance is also easier because the solution allows you to:

• Ensure more consistent protections regardless of data type.
• Discover, label, and classify data across sources, including Microsoft Fabric, Microsoft Azure, and AWS.
• Restrict access to sensitive data (determined by labels or roles).
• Detect business violations.
• Gain visibility into generative AI app usage.

Mark your calendar for these Legalweek sessions

There’s more we’ll cover at Legalweek 2024. During three sessions, Microsoft experts and legal experts will provide a glimpse at the current cybersecurity challenges in the legal sector as well as share strategies to tackle these challenges with modern cybersecurity and technology solutions.

The Microsoft sessions at Legalweek are:

Connect with Microsoft at Legalweek

If you seek strategies for safeguarding and managing the compliance of your data, check out one or more of our sessions at Legalweek. Throughout the conference, you can also interact with our Microsoft experts directly in a few ways:

• Stop by Booth #3105 in Americas Hall 2 to learn how Microsoft solutions can address your challenges.
• Request to attend the Executive Breakfast on Tuesday, January 30, 2024.
• Request dedicated time with our eDiscovery experts, who will be available between 9:00 AM ET and 5:00 PM ET, Monday, January 29, 2024, through Thursday, February 1, 2024. We’d love to connect. Hope to see you there!

Learn more

Learn more about Microsoft Purview eDiscovery.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹New report on ChatGPT & generative AI in law firms shows opportunities abound, even as concerns persist, Thomson Reuters. April 17, 2023.

The post Microsoft at Legalweek: Secure data and gain efficiencies with Microsoft Purview eDiscovery enhanced by generative AI appeared first on Microsoft Security Blog.

As many of you look to AI transformation to drive the next wave of innovation, you now also need to account for data being both consumed and created by generative AI applications. The risks that come with implementing and deploying AI are not fully known, and it is only a matter of time before you start to see broader regulatory policies on AI. According to Gartner®, by 2027 at least one global company will see its AI deployment banned by a regulator for noncompliance with data protection or AI governance legislation.² AI will be a catalyst for regulatory changes, and having secure and compliant AI will become fundamental.

With these trends converging all at once, securing and governing all your data is a complex and multifaceted undertaking. You need to secure and govern different types of data (structured, unstructured, and data generated by AI). You need to secure and govern it in different locations across multiple clouds, and you need to account for existing and future data security, governance, and AI regulations.

Most organizations experience an average of 59 data security incidents per year and use an average of 10 solutions to secure their data estate.¹ This fragmented approach requires many of you to stitch together multiple tools to address data security and governance, which can lead to higher costs and difficulty in both procurement and management. The lack of integration between the disparate tools can cause unnecessary data transfers, duplicate copies of data, redundant alerts, siloed investigations, and exposure gaps that lead to new types of data risks and ultimately worse security outcomes.

A simpler approach: Microsoft Purview

To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.

With Microsoft Purview, you can:

• Gain end-to-end visibility and understanding of your entire data estate, across on-premises, multicloud, and software as a service (SaaS) environments, and for structured, unstructured, and data created by generative AI applications.
• Apply comprehensive data protection across your data estate, using AI-powered data classification technology, data maps, extensive audit logs and signals, and management experience.
• Improve your risk and compliance posture with tools to identify data risk and manage regulatory requirements.

Microsoft Purview

Help keep your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.

What’s new in Microsoft Purview?

In this blog post, we will outline some of the exciting new capabilities for Microsoft Purview that we announced at Microsoft Ignite 2023.

Expanding data protection across the data estate

As we unveiled earlier this year, Microsoft Purview is expanding the sphere of protection across your entire data estate, including structured and unstructured data types. We are excited to share some of the next steps in that journey by providing you with:

• A unified platform that enables you to discover, label, and classify data across various data sources, including Microsoft Fabric, Microsoft Azure, Amazon Web Services (AWS), and other cloud environments.
• Consistent protections across structured and unstructured data types such as Azure SQL, Azure Data Lake Storage (ADLS), and Amazon S3 buckets.  
• Expanded risk detections enabling signals from infrastructure clouds and third-party apps such as AWS, Box, DropBox, and GitHub.

With these capabilities, you can gain visibility across your data estate, apply consistent controls, and ensure that your data is protected and compliant across a larger digital landscape. For example, you can scan and label your data in Microsoft Azure SQL, Azure Data Lake Storage, and Amazon S3 buckets, and enforce policies that restrict access to sensitive data based on data labels or user roles from one control plane—just like you do for Microsoft 365 sources. Check out this short Microsoft Mechanics video covering an end-to-end scenario. To learn more, we invite you to read the “Expanding data protection” blog.

Securing AI with Microsoft Purview

We are committed to helping you protect and govern your data, no matter where it lives or travels. Building on this vision, Microsoft Purview enables you to protect your data across all generative AI applications—Microsoft Copilots, custom AI apps built by your organization, as well as more than 100 commonly used consumer AI apps such as OpenAI’s ChatGPT, Bard, Bing Chat, and more.³ We announced a set of capabilities in Microsoft Purview to help you secure your data as you leverage generative AI. Microsoft Purview will provide you with:

• Comprehensive visibility into the usage of generative AI apps, including sensitive data usage in AI prompts and total number of users interacting with AI. To enable customers to get these insights, we announced preview of AI hub in Microsoft Purview.
• Extensive protection with ready-to-use and customizable policies to prevent data loss in AI prompts and protect AI responses. Customers can now get additional data security capabilities such as sensitivity label citation and inheritance when interacting with Copilot for Microsoft 365 and prevent their users from pasting sensitive information in consumer generative AI applications.
• Compliance controls to help detect business violations and easily meet regulatory requirements with compliance management capabilities for Copilot for Microsoft 365.

Copilot for Microsoft 365 is built on our security, compliance, privacy, and responsible AI framework, so it is enterprise ready. With these Microsoft Purview capabilities, you can strengthen the data security and compliance for Copilot. The protection and compliance capabilities for Copilot are generally available, and you can start using them today. To learn more, read the Securing AI with Microsoft Purview blog.

Supercharge security and compliance effectiveness with Microsoft Security Copilot in Microsoft Purview

Microsoft Purview capabilities for Microsoft Security Copilot are now available in preview. With these capabilities you can empower your security operations center (SOC) teams, your data security teams, and your compliance teams to address some of their biggest obstacles. Your SOC teams can use the standalone Security Copilot experience to analyze signals across Microsoft Defender, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass. Your data security and compliance teams can use the embedded experiences in Microsoft Purview for real-time analysis, summarization, and natural language search, for data security and compliance built directly into your investigation workflows.

Microsoft Purview capabilities in Security Copilot

To help your SOC team gain comprehensive insights across your security data, Microsoft Purview capabilities in Security Copilot will provide your team with data and user risk insights, identifying specific data assets that were targeted in an incident and users involved to understand an incident end to end. For example, in the case of a ransomware attack, you can leverage user risk insights to identify the source of the attack, such as a user visiting a website known to host malware, and then leverage data risk insights to understand which sensitive files that user has access to that may be held for ransom.

Security Copilot embedded in Microsoft Purview

We’ve also embedded Security Copilot into Microsoft Purview solutions to help with your data security and compliance scenarios. You can now leverage real-time guidance, summarization capabilities, and natural language support to catch what others miss, accelerate investigation, and strengthen your team’s expertise. Here’s where these capabilities will light up:

• Summarize alerts in Microsoft Purview Data Loss Prevention: Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Security Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.
• Summarize alerts in Microsoft Purview Insider Risk Management: Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Security Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement.
• Contextual summary of communications in Microsoft Purview Communication Compliance: Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Security Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement.
• Contextual summary of documents in review sets in Microsoft Purview eDiscovery: Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Security Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.
• Natural language to keyword query language in eDiscovery: Search is a difficult and time-intensive workflow in eDiscovery investigations, traditionally requiring input of a query in keyword query language. Security Copilot in eDiscovery now offers natural language to keyword query language capabilities, allowing users to provide a search prompt in natural language to expedite the start of the search. This empowers analysts at all levels to conduct advanced investigations that would otherwise require keyword query language expertise. Learn more in our Microsoft Purview eDiscovery blog.

To learn more about Security Copilot and Microsoft Purview, read our Microsoft Security Copilot in Microsoft Purview blog.

Additional product updates

New Microsoft Purview Communications Compliance capabilities

Copilot for Microsoft 365 support introduces an advanced level of detection within Communication Compliance, allowing organizations to identify and flag risky communication, regardless of source. Investigative scenarios across various Microsoft applications, including Outlook, Microsoft Teams, and more, showcase the precision of this feature, identifying patterns, keywords, and sensitive information types. With additional features for policy creation and user privacy protection, administrators can also fine-tune their management strategy, ensuring secure, compliant, and respectful communications. Integration with Security Copilot further enhances data security and regulatory adherence, providing concise contextual summaries for swift investigation and remediation. Leveraging AI technology, Communication Compliance detects and categorizes content, prioritizing content that requires immediate attention. Reporting inappropriate content within Microsoft Viva Engage and ensuring compliance in Microsoft Teams meetings further strengthens the multilayered compliance defense. Stay ahead of compliance challenges and embrace these innovative features to secure, comply, and thrive in the digital age.

Learn more in our Microsoft Purview Communication Compliance announcement.

New to Information Protection in Microsoft Purview

As organizations prepare to use generative AI tools such as Copilot for Microsoft 365, leveraging Microsoft Purview Information Protection, discovery and labeling of sensitive data across the digital estate is now even more important than ever. New releases to Microsoft Purview Information Protection include intelligent advanced classification and labeling capabilities at an enterprise scale, contextual support for trainable classifiers that improve visibility into effectiveness and discoverability, better protection for important PDF files, secure collaboration on labeled and encrypted documents with user-defined permissions, as well support for Microsoft Fabric, Azure, and third-party clouds.

You can learn more about the new Information Protection capabilities in the Information Protection announcement.

New Microsoft Purview Data Loss Prevention capabilities

We are excited to announce a set of new capabilities in Microsoft Purview Data Loss Prevention (Purview DLP) that can help comprehensively protect your data and efficiently investigate DLP incidents. Our announcements can be grouped into three categories:

• Efficient investigation: Capabilities that empower admins by making their everyday tasks easier, including enriching DLP alerts with user activity insights from Insider Risk Management, DLP analytics to help find the biggest risk and recommendations to finetune DLP policies, and more.
• Strengthening protection: Capabilities that help protect numerous types of data and provide granular policy controls, including predicate consistency across workloads, enhancements to just-in-time protection for endpoints, support for optical character recognition (OCR), and performance improvements for DLP policy enforcements.
• Expanding protection: Capabilities that extend your protection sphere to cover your diverse digital estate, including support for Windows on ARM and several enhancements to macOS endpoints.

Purview DLP is easy to turn on; protection is built into Microsoft 365 apps and services as well as endpoint devices running on Windows 10 and 11, eliminating the need to set up agents on endpoint devices. 

Learn more in our Microsoft Purview DLP blog.

New Microsoft Purview Insider Risk Management and Adaptive Protection capabilities

To secure data in diverse digital landscapes, including cloud environments and AI tools, detecting and mitigating data security risks arising from insiders is a pivotal responsibility. At Microsoft Ignite, we made a few exciting announcements for Insider Risk Management and Adaptive Protection: 

• Intelligent detection across diverse digital estate: Insider Risk Management will now detect critical data security risks generated by insiders in AWS, Azure, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Additionally, security teams can also gain visibility into AI usage with our new browsing to generative AI sites indicator.  
• Adaptive data security from risk detection to response: User context can help security teams make better data security decisions. Security teams can now gain user activity summary when a potential DLP incident is detected in Microsoft Purview DLP and Microsoft Defender portal. With this update and Adaptive Protection, user risk context is available from DLP incident detection to response, making data security more effective. In addition, security teams can now leverage human resources resignation date to define risk levels for Adaptive Protection, addressing common incidents, such as potential data theft from departing employees.  
• Streamlined admin experience for effective policies: To enable better policies management experience, Insider Risk Management will support admin units and provide recommended actions to fine tune policies and receive more high-fidelity alerts. 

Learn more details about all these announcements in our Microsoft Purview Insider Risk Management blog.  

Get started today

These latest announcements have been exciting additions to help you secure and govern your data, across your entire data estate in the era of AI. We invite you to learn more about Microsoft Purview and how it can empower you to protect and govern your data. Here are some resources to help you get started:

• Watch the Microsoft Purview on-demand sessions from Microsoft Ignite, outlined in this guide.
• Try Microsoft Purview for free.
• Read the Data Security Index report.
• Visit the Microsoft Purview website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Data Security Index: Trends, insights, and strategies to secure data, October 2023.

²Gartner, Security Leader’s Guide to Data Security, Andrew Bales. September 7, 2023.

³Microsoft sets new benchmark in AI data security with Purview upgrades, VentureBeat. November 13, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

The increasing speed, scale, and sophistication of recent cyberattacks demand a new approach to security. Traditional tools are no longer enough to keep pace with the threats posed by cybercriminals. In just two years, the number of password attacks detected by Microsoft has risen from 579 per second to more than 4,000 per second.¹ According to Cybersecurity Ventures, the global cost of cybercrime is expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.² On average, organizations use 80 security tools to manage their environment, resulting in security teams facing data deluge, alert fatigue, and limited visibility across security solutions. Security teams face an asymmetric challenge: they must protect everything, while cyberattackers only need to find one weak point. And security teams must do this while facing regulatory complexity, a global talent shortage, and rampant fragmentation.

One of the advantages for security teams is their view of the data field—they know how the infrastructure, user posture, and applications, are set up before a cyberattack begins. To further tip the scale in favor of cyberdefenders, Microsoft Security offers a very large-scale data advantage—65 trillion daily signals, expertise of global threat intelligence, monitoring more than 300 cyberthreat groups, and insights on cyberattacker behaviors from more than 1 million customers and more than 15,000 partners.¹

Our new generative AI solution—Microsoft Security Copilot—combined with our massive data advantage and end-to-end security, all built on the principles of Zero Trust, creates a flywheel of protection to change the asymmetry of the digital threat landscape and favor security teams in this new era of security.

To learn more about Microsoft Security’s vision for the future and the latest generative AI announcements and demos, watch the Microsoft Ignite keynote “The Future of Security with AI” presented by Charlie Bell, Executive Vice President, Microsoft Security, and I on Thursday, November 16, 2023, at 10:15 AM PT.  

Changing the paradigm with Microsoft Security Copilot

One of the biggest challenges in security is the lack of cybersecurity professionals. This is an urgent need given the three million unfilled positions in the field, with cyberthreats increasing in frequency and severity.³ 

In a recent study to measure the productivity impact for “new in career” analysts, participants using Security Copilot demonstrated 44 percent more accurate responses and were 26 percent faster across all tasks.⁴ 

According to the same study:

• 86 percent reported that Security Copilot helped them improve the quality of their work. 
• 83 percent stated that Security Copilot reduced the effort needed to complete the task. 
• 86 percent said that Security Copilot made them more productive. 
• 90 percent expressed their desire to use Security Copilot next time they do the same task. 

Check out the Security Copilot Early Access Program—with Microsoft Defender Threat Intelligence included at no additional charge—that adds speed and scale for scenarios like security posture management, incident investigation and response, security reporting, and more—now available to interested and qualified customers. For example, one early adopter from Willis Towers Watson (WTW) said “I envision Microsoft Security Copilot as a change accelerator. The ability to do threat hunting at pace will mean that I’m able to reduce my mean time to investigate, and the faster I can do that, the better my security posture will become.”  Keep reading for a full list of capabilities.

Introducing the industry’s first generative AI-powered unified security operations platform with built-in Copilot

Security operations teams struggle to manage disparate security toolsets from siloed technologies and apps. This challenge is only exacerbated given the scarcity of skilled security talent. And while organizations have been investing in traditional AI and machine learning to improve threat intelligence, deploying AI and machine learning comes with its unique challenges and its own shortage of data science talent. It’s time for a step-change in our industry, and thanks to generative AI, we can now close the talent gap for both security and data professionals. Securing an organization today requires an innovative approach that prevents, detects, and disrupts cyberattacks at machine speed, while delivering simplicity and and approachable, conversational experiences to help security operations center (SOC) teams move faster, and bringing together all the security signals and threat intelligence currently stuck in disconnected tools. Today, we are thrilled to announce the next major step in this industry-defining vision: combining the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security into the first unified security operations platform.

By bringing together Microsoft Sentinel, Microsoft Defender XDR (previously Microsoft 365 Defender), and Microsoft Security Copilot, security analysts now have a unified incident experience that streamlines triage and provides a complete, end-to-end view of threats across the digital estate. With a single set of automation rules and playbooks enriched with generative AI, coordinating response is now easier and quicker for analysts of every level. In addition, unified hunting now gives analysts the ability to query all SIEM and XDR data in one place to uncover cyberthreats and take appropriate remediation action. Customers interested in joining the preview of the unified security operations platform should contact their account team.

Further, Microsoft Security Copilot is natively embedded into the analyst experience supporting both SIEM and XDR and equipping analysts with step-by-step guidance and automation for investigating and resolving incidents, without the reliance of data analysts. Complex tasks, such as analyzing malicious scripts or crafting Kusto Query Language (KQL) queries to hunt across data in Microsoft Sentinel and Defender XDR, can be accomplished simply by asking a question in natural language or accepting a suggestion from Security Copilot. If you need to update your chief information security officer (CISO) on an incident, you can now instantly generate a polished report that summarizes the investigation and the remediation actions that were taken to resolve it.

To keep up with the speed of cyberattackers, the unified security operations platform catches cyberthreats at machine speed and protects your organization by automatically disrupting advanced attacks. We are extending this capability to act on third-party signals, for example with SAP signals and alerts. For SIEM customers who have SAP connected, attack disruption will automatically detect financial fraud techniques and disable the native SAP and connected Microsoft Entra account to prevent the cyberattacker from transferring any funds—with no SOC intervention. The attack disruption capabilities will be further strengthened by new deception capabilities in Microsoft Defender for Endpoint—which can now automatically generate authentic-looking decoys and lures, so you can entice cyberattackers with fake, valuable assets that will deliver high-confidence, early stage signal to the SOC and trigger automatic attack disruption even faster.

Lastly, we are building on the native XDR experience by including cloud workload signals and alerts from Microsoft Defender for Cloud—a leading cloud-native application protection platform (CNAPP)—so analysts can conduct investigations that span across their multicloud infrastructure (Microsoft Azure, Amazon Web Services, and Google Cloud Platform environments) and identities, email and collaboration tools, software as a service (SaaS) apps, and multiplatform endpoints—making Microsoft Defender XDR one of the most comprehensive native XDR platforms in the industry.

Customers who operate both SIEM and XDR can add Microsoft Sentinel into their Microsoft Defender portal experience easily, with no migration required. Existing Microsoft Sentinel customers can continue using the Azure portal. The unified security operations platform is now available in private preview and will move to public preview in 2024.

Expanding Copilot for data security, identity, device management, and more 

Security is a shared responsibility across teams, yet many don’t share the same tools or data—and they often don’t collaborate with one another. We are adding new capabilities and embedded experiences of Security Copilot across the Microsoft Security portfolio as part of the Early Access Program to empower all security and IT roles to detect and address cyberthreats at machine speed. And to enable all roles to protect against top security risks and drive operational efficiency, Microsoft Security Copilot now brings together signals across Microsoft Defender, Microsoft Defender for Cloud, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass.

New capabilities in Security Copilot creating a force multiplier for security and IT teams

Microsoft Purview: Data security and compliance teams review a multitude of complex and diverse alerts spread across multiple security tools, each alert containing a wealth of rich insights. To make data protection faster, more effective, and easier, Security Copilot is now embedded in Microsoft Purview, offering summarization capabilities directly within Microsoft Purview Data Loss Prevention, Microsoft Purview Insider Risk Management, Microsoft Purview eDiscovery, and Microsoft Purview Communication Compliance workflows, making sense of profuse and diverse data, accelerating investigation and response times, and enabling analysts at all levels to complete complex tasks with AI-powered intelligence at their fingertips. Additionally, with AI translator capabilities in eDiscovery, you can use natural language to define search queries, resulting in faster and more accurate search iterations and eliminating the need to use keyword query language. These new data security capabilities are also available now in the Microsoft Security Copilot standalone experience.

Microsoft Entra: Password-based attacks have increased dramatically in the last year, and new attack techniques are now trying to circumvent multifactor authentication. To strengthen your defenses against identity compromise, Security Copilot embedded in Microsoft Entra can assist in investigating identity risks and help with troubleshooting daily identity tasks, such as why a sign-in required multifactor authentication or why a user’s risk level increased. IT administrators can instantly get a risk summary, steps to remediate, and recommended guidance for each identity at risk, in natural language. Quickly get to the root of an issue for a sign-in with a summarized report of the most relevant information and context. Additionally, in Microsoft Entra ID Governance, admins can use Security Copilot to guide in the creation of a lifecycle workflow to streamline the process of creating and issuing user credentials and access rights. These new capabilities to summarize users and groups, sign-in logs, and high-risk users are also available now in the Microsoft Security Copilot standalone experience.

Microsoft Intune: The evolving device landscape is driving IT complexity and risk of endpoint vulnerabilities—and IT administrators play a critical security role in managing these devices and protecting organizational data. We are introducing Security Copilot embedded in Microsoft Intune in the coming weeks for select customers of the Early Access Program, marking a meaningful advancement in endpoint management and security. This experience offers unprecedented visibility across security data with full device context, provides real-time guidance when creating policies, and empowers security and IT teams to discover and remediate the root cause of device issues faster and easier. Now IT administrators and security analysts are empowered to drive better and informed outcomes with pre-deployment, AI-based guard rails to help them understand the impact of policy changes in their environment before applying them. With Copilot, they can save time and reduce complexity of gathering near real-time device, user, and app data and receive AI-driven recommendations to respond to threats, incidents, and vulnerabilities, fortifying endpoint security. 

Microsoft Defender for Cloud: Maintaining a strong cloud security posture is a challenge for cybersecurity teams, as they face siloed visibility into risks and vulnerabilities across the application lifecycle, due to the rise of cloud-native development and multicloud environments. With Security Copilot now embedded in Microsoft Defender for Cloud, security admins are empowered to identify critical concerns to resources faster with guided risk exploration that summarizes risks, enriched with contextual insights such as critical vulnerabilities, sensitive data, and lateral movement. To address the uncovered critical risks more efficiently, admins can use Security Copilot in Microsoft Defender for Cloud to guide remediation efforts and streamline the implementation of recommendations by generating recommendation summaries, step-by-step remediation actions, and scripts in a preferred language, and directly delegate remediation actions to key resource users. These new cloud security capabilities are also available now in the Microsoft Security Copilot standalone experience. 

Microsoft Defender for External Attack Surface Management (EASM): Keeping up with tracking assets and their vulnerabilities can be overwhelming for security teams, as it requires time, coordination, and research to understand which assets pose a risk to the organization. New Defender for EASM capabilities are available in the Security Copilot standalone experience and enable security teams to quickly gain insights into their external attack surface, regardless of where the assets are hosted, and feel confident in the outcomes. These capabilities provide security operations teams with a snapshot view of their external attack surface, help vulnerability managers understand if their external attack surface is impacted by a particular common vulnerability and exposure (CVE), and provide visibility into vulnerable critical and high priority CVEs to help teams know how pervasive they are to their assets, so they can prioritize remediation efforts.

Custom plugins to trusted third-party tools: Security Copilot provides more robust, enriched insight and guidance when it is integrated with a broader set of security and IT teams’ tools. To do so, Security Copilot must embrace a vast ecosystem of security partners. As part of this effort, we are excited to announce the latest integration now available to Security Copilot customers with ServiceNow. For customers who want to bring onboard their trusted security tools and integrate their own organizational data and applications, we’re also introducing a new set of custom plugins that will enable them to expand the reach of Security Copilot to new data and new capabilities.

Securing the use of generative AI for safeguarding your organization

As organizations quickly adopt generative AI, it is vital to have robust security measures in place to ensure safe and responsible use. This involves understanding how generative AI is being used, protecting the data that is being used or created by generative AI, and governing the use of AI. As generative AI apps become more popular, security teams need tools that secure both the AI applications and the data they interact with. In fact, 43 percent of organizations said lack of controls to detect and mitigate risk in AI is a top concern.⁵ Different AI applications pose various levels of risk, and organizations need the ability to monitor and control these generative AI apps with varying levels of protection.

Microsoft Defender: Microsoft Defender for Cloud Apps is expanding its discovery capabilities to help organizations gain visibility into the generative AI apps in use, provide extensive protection and control to block risky generative AI apps, and apply ready-to-use customizable policies to prevent data loss in AI prompts and AI responses. This new feature supports more than 400 generative AI apps, and offers an easy way to sift through low- versus high-risk apps. 

Microsoft Purview: New capabilities in Microsoft Purview help comprehensively secure and govern data in AI, including Microsoft Copilot and non-Microsoft generative AI applications. Customers can gain visibility into AI activity, including sensitive data usage in AI prompts, comprehensive protection with ready-to-use policies to protect data in AI prompts and responses, and compliance controls to help easily meet business and regulatory requirements. Microsoft Purview capabilities are integrated with Microsoft Copilot, starting with Copilot for Microsoft 365, strengthening the data security and compliance for Copilot for Microsoft 365.

Further, to enable customers to gain a better understanding of which AI applications are being used and how, we are announcing the preview of AI hub in Microsoft Purview. Microsoft Purview can provide organizations with an aggregated view of total prompts being sent to Copilot and the sensitive information included in those prompts. Organizations can also see an aggregated view of the number of users interacting with Copilot. And we are extending these capabilities to provide insights for more than 100 of the most commonly used consumer generative AI applications, such as ChatGPT, Bard, DALL-E, and more.

Expanding end-to-end security for comprehensive protection everywhere

Keeping up with daily protection requirements is a security challenge that can’t be ignored—and the struggle to stay ahead of cyberattackers and safeguard your organization’s data is why we’ve designed our security features to evolve with the digital threat landscape and provide comprehensive protection against cyberthreats.

Strengthen your code-to-cloud defenses with Microsoft Defender for Cloud. To cope with the complexity of multicloud environments and cloud-native applications, security teams need a comprehensive strategy that enables code-to-cloud defenses on all cloud deployments. For posture management, the preview of Defender for Cloud’s integration with Microsoft Entra Permissions Management helps you apply the least privilege principle for cloud resources and shows the link between access permissions and potential vulnerabilities across Azure, AWS, and Google Cloud. Defender for Cloud also has an improved attack path analysis experience, which helps you predict and prevent complex cloud attacks—and provides more insights into your Kubernetes deployments across Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE) clusters and APIs insights to prioritize cloud risk remediation.

To strengthen security throughout the application lifecycle, preview of the GitLab Ultimate integration gives you a clear view of your application security posture and simplifies code-to-cloud remediation workflows across all major developer platforms—GitHub, Azure DevOps, and GitLab within Defender for Cloud. Additionally, general availability of Defender for APIs, which offers machine learning-driven protection against API threats and agentless vulnerability assessments for container images in Microsoft Azure Container Registries. Defender for Cloud now offers a unified vulnerability assessment engine spanning all cloud workloads, powered by the strong capabilities of Microsoft Defender Vulnerability Management.

Leverage Microsoft Defender Threat Intelligence for elevating your threat intelligence. Available in Microsoft Defender XDR, Microsoft Defender Threat Intelligence offers valuable open-source intelligence and internet data sets found nowhere else. These capabilities now enhance Microsoft Defender products with crucial context around threat actors, tooling, and infrastructure at no additional cost to customers. Available in the Threat Intelligence blade of Defender XDR, Detonation Intelligence enables users to search, look up, and contextualize cyberthreats as well as detonate URLs and view results to quickly understand a malicious file or URL. Defender XDR customers can quickly submit an indicator of compromise (IoC) to immediately view the results. Vulnerability Profiles put intelligence collected from the Microsoft Threat Intelligence team about vulnerabilities all in one place. Profiles are updated when new information is discovered and contains a description, Common Vulnerability Scoring System scores (CVSS), a priority score, exploits, and deep and dark web chatter observations.

Use Microsoft Purview to extend data protection capabilities across structured and unstructured data types. In the past, securing and governing sensitive data across these diverse elements of your digital estate would have required multiple providers, adding a heavy integration tax. But today, with Microsoft Purview, you can gain visibility across your entire data estate, secure your structured and unstructured data, and detect risks across clouds. Microsoft Purview’s labeling and classification capabilities are expanding beyond Microsoft 365, offering access controls for both structured and unstructured data types. Users will have the ability to discover, classify, and safeguard sensitive information hosted in structured databases such as Microsoft Azure SQL and Azure Data Lake Storage (ADLS)—also extending these capabilities into Amazon Simple Storage Service (S3) buckets.

Detect insider risk with Microsoft Purview Insider Risk Management, which offers ready-to-use risk indicators to detect critical insider risks in Azure, AWS, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Admins with appropriate permissions will no longer need to manually cross-reference signals in these environments. They can now utilize the curated and preprocessed indicators to obtain a more holistic view of a potential insider incident.

Simplify access security with Microsoft Entra. Securing access points is critical and can be complex when using multiple providers for identity management, network security, and cloud security. With Microsoft Entra, you can centralize all your access controls together to more fully secure and protect your environment. Microsoft’s Security Service Edge solution is expanding with several new features.

• By the end of 2023, Microsoft Entra Internet Access preview will include context-aware secure web gateway (SWG) capabilities for all internet apps and resources with web content filtering, Conditional Access controls, compliant network check, and source IP restoration.
• Microsoft Entra Private Access for private apps and resources has extended protocol support so you can seamlessly transition from your traditional VPN to a modern Zero Trust Network Access (ZTNA) solution, and the ability to add multifactor authentication to all private apps for remote and on-premises users.
• Now with auto-enrollment into Microsoft Entra Conditional Access policies you can enhance security posture and reduce complexity for securing access. Easily create and manage a passkey, a free phishing-resistant credential based on open standards, in the Microsoft Authenticator app for signing into Microsoft Entra ID-managed apps.
• Promote enforcement of least-privilege access for cloud resources with new integrations for Microsoft Entra Permissions Management. Permissions Management has a new integration with ServiceNow that enables organizations to incorporate time-bound access permission requests to existing approval workflows in ServiceNow.

Unify, simplify, and delight users by the Microsoft Intune Suite. We’re adding three new solutions to the Intune Suite, available in February 2024. These solutions further unify critical endpoint management workloads in Intune to fortify device security posture, power better experiences, and simplify IT and security operations end-to-end. We will also be able to offer these solutions coupled with the existing Intune Suite capabilities to agencies and organizations of the Government Community Cloud (GCC) in March 2024.

• Microsoft Cloud PKI offers a comprehensive, cloud-based public key infrastructure and certificate management solution to simply create, deploy, and manage certificates for authentication, Wi-Fi, and VPN endpoint scenarios.
• Microsoft Intune Enterprise Application Management streamlines third-party app discovery, packaging, deployment, and updates via a secure enterprise catalog to help all workers stay current.
• Microsoft Intune Advanced Analytics extends the Intune Suite anomaly detection capabilities and provides deep device data insights as well as battery health scoring for administrators to proactively power better, more secure user experiences and productivity improvements.

Partner opportunities and news

There are several partners participating in our engineer-led Security Copilot Partner Private Preview to validate usage scenarios and provide feedback on functionality, operations, and APIs to assist with extensibility. If you are joining us in person at Microsoft Ignite, watch the demos at the Customer Meet-up Hub, presented by Microsoft Intelligent Security Association (MISA) members sponsoring at Microsoft Ignite. And if you’re a partner interested in staying current, join the Security Copilot Partner Interest Community.

Join us in creating a more secure future

Embracing innovation has never been more important for an organization, not only with respect to today’s cyberthreats but also in anticipation of those to come. Recently, to create a more secure future, we launched the Secure Future Initiative—a new initiative to pursue our next generation of cybersecurity protection.

Microsoft Ignite 2023

Join Vasu Jakkal and Charlie Bell at Microsoft Ignite to watch "the Future of Security and AI" on November 16, 2023, at 10:15 AM PT.

Watch the keynote

AI is changing our world forever. It is empowering us to achieve the impossible and it will usher in a new era of security that favors security teams. Microsoft is privileged to be a leader in this effort and committed to a vision of security for all.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

²Cybercrime To Cost The World $10.5 Trillion Annually By 2025, Cybercrime Magazine. November 13, 2020.

³Cybersecurity Workforce Study, ISC². 2022.

⁴Microsoft Security Copilot randomized controlled trial conducted by Microsoft Office of the Chief Economist, November 2023.

⁵Data Security Index: Trends, insights, and strategies to secure data, Microsoft.

The post Microsoft unveils expansion of AI for security and security for AI at Microsoft Ignite appeared first on Microsoft Security Blog.

While our in-person tickets have sold out, registration for the virtual event is still available to participate in the Microsoft Security experience at Microsoft Ignite, which includes sessions on security strategies and practical applications. In both tracks,​ you’ll learn about the latest innovations and implementation strategies from Microsoft Security across comprehensive security, unified visibility, and Microsoft Security Copilot. Keep reading this blog post for ideas on keynotes, breakout sessions, and discussions to check out. Register to browse our session catalog and bookmark sessions you’d like to attend.

Catch the news highlights during our keynote

Our announcement-packed keynote from Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, will be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them during their keynote, “The Future of Security with AI.” They will share how Microsoft is delivering AI for security with Microsoft Security Copilot, and how we enable organizations to secure and govern AI with new capabilities. This new era of AI offers unprecedented opportunities to elevate human potential but also challenges organizations with unknowns and risks.

Learn security strategies for today’s and tomorrow’s challenges 

Our cybersecurity strategy sessions are focused on equipping you to leverage AI and Microsoft Security solutions to strengthen your threat defense strategy. Join these sessions to take your strategies to the next level across identity protection, code-to-cloud approaches, industry best practices for AI, and the latest learnings in threat intelligence.   

Strategy sessions to consider joining include:

• “How we secure the Microsoft estate” (BRK291H: in-person and online): Join a fireside chat with Bret Arsenault, Corporate Vice President and Chief Information Security Officer, on Microsoft’s approach to security and how Microsoft plans to adapt as the industry continues to embrace the new era of AI.
• “Boosting ID Protection Amid Sophisticated Attacks” (BRK294H: in-person and online): Alex Weinert, Vice President, Identity Security, and Mia Reyes, Director, Foundational Security—Cybersecurity, will offer a deep dive into the escalating landscape of cyberthreats targeting digital identities amid the evolving tech realms of the Internet of Things, operational technology, and hybrid workspaces. Learn about innovation in automated key management and Hardware Security Modules for fortified key storage, crucial in mitigating human errors and bolstering defenses against sophisticated aggressors.
• “This Year In Threats: Tales From Microsoft’s Global Fight Against APTs” (BRK299: in-person only): Sherrod DeGrippo, Director of Threat Intelligence, and John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research, will discuss how Microsoft defends customers at the nexus of the cyber and physical worlds and how they can join our global alliance to help give bad actors nowhere to hide. This year, Microsoft Threat Intelligence stood with its partners on the leading edge of the global response to the most impactful threats and incidents. In this session, look back at the threat actors and campaigns that defined 2023 and hear our experts tell their favorite stories from the front line.
• “Secure access in the AI era: What’s new in Microsoft Entra” (BRK297H: in-person and online): Jade D’Souza, Product Manager; John Savill, Cloud Solution Architect; and Joy Chik, President, Identity and Network Access, will offer details on innovations for Microsoft Entra ID (formerly Azure Active Directory) that can help you automatically prevent identity compromise, enforce granular access policies, govern permissions, and leverage AI to secure access for anyone to anything from anywhere. This demo-centric session will follow an employee as they onboard, access resources, and collaborate.
• “Unifying XDR + SIEM: A new era in SecOps” (BRK293H: in-person and online): Preeti Krishna, Principal Product Manager, and Rob Lefferts, Corporate Vice President, Microsoft Threat Protection, will offer insights on how the latest innovations in generative AI, automatic attack disruption, embedded threat intelligence, decoy assets, a reimagined user interface, and cloud posture management capabilities will supercharge your threat detection, response, and defense.
• “Secure and govern your data in the era of AI” (BRK296H: in-person and online): Erin Miyake, Principal Product Manager; Herain Oberoi, Marketing Leader; Tina Ying, Senior Product Marketing Manager, Insider Risk Management; and Rudra Mitra, Corporate Vice President, Microsoft Data Security and Compliance, will demonstrate how Microsoft Purview’s comprehensive approach to data security, compliance, and privacy helps empower organizations to protect and govern their data.
• “Security for AI: Prepare, protect, and defend in the AI era” (BRK298H: in-person and online): Douglas Santos, Senior Product Manager; Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security and Compliance; and Shilpa Bothra, Senior Product Marketing Manager, will discuss the importance of preventing sensitive data leaks in AI as third-party AI apps grow exponentially and hackers continue to launch adversarial attacks using generative AI. Leave this session with a solid defense and ways to secure data as you interact with AI using Microsoft’s comprehensive security suite.

Gain practical applications with in-depth product views

When strategizing a security approach, technology solutions play a critical role. To help you become an expert on security solutions and implement new features within your organization, Microsoft Ignite will include sessions exploring the use cases of Microsoft solutions, including Security Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Practical application sessions to consider joining include:

• “Boost multicloud security with a comprehensive code to cloud strategy” (BRK261H: in-person and online): Safeena Begum, Principal Product Manager, and Yuri Diogenes, Principal Product Manager, will talk about how Microsoft Defender for Cloud can help you fortify your defenses and enhance your incident response strategy with cloud security graphic insights and tailored analytics from Defender for Cloud workload protection plans.
• “Fortified security and simplicity come together with Microsoft Intune” (BRK263H: in-person and online): Archana Devi Sunder Rajan, Partner Group Product Manager, Microsoft Intune; Dilip Radhakrishnan, Partner Group Product Manager, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Partner Director of Engineering, will discuss how the next generation of endpoint management and security capabilities from Microsoft Intune help transform security and IT operations. Learn how to simplify app updates, cut the cost of public key infrastructure lifecycle management, mitigate risks with AI-derived insights, and free up resources by automating IT workflows.
• “Modern management innovation shaping endpoint security” (BRK295H: in-person and online): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Corporate Vice President, Intune Engineering; and Steve Dispensa, Corporate Vice President, will explore how to defend against the evolving sophistication of cyberthreats while ensuring a productive workforce. The newest wave of Microsoft Intune innovation can shape your defense-in-depth strategy for a secure and productive end user computing estate.
• “Beyond traditional DLP: Comprehensive and AI-powered data security” (BRK262H: in-person and online): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Manager, will share how AI-powered Microsoft Purview Information Protection and Microsoft Purview Insider Risk Management can transform your data loss prevention (DLP) program, enabling Adaptive Protection and fortifying your data security posture. You will also hear about new features that enhance incident response and expand endpoint coverage and gain insights on how to enhance their data security strategies.
• “How Microsoft Purview helps you protect your data” (OD07: online only): Anna Chiang, Senior Product Marketing Manager, and Tony Themelis, Principal Product Manager, will explore organizational paradoxes and how Microsoft Purview can help strengthen your data security posture. They will also demonstrate how our latest AI-powered and contextual classifiers can identify sensitive trade secrets, personally identifiable information, and more in seconds across your digital estate.
• “Effortless application migration using Microsoft Entra ID” (OD03: online only): David Gregory, Director of Product Marketing, Identity Compete, will share how our newly proposed tool supplies a one-click configuration to integrate applications into Microsoft Entra ID. During this on-demand session, we will provide an overview of how our tool offers a guided experience to seamlessly facilitate the migration of your applications from Active Directory Federation Services to Microsoft Entra ID.
• “Bringing Passkey into your Passwordless journey” (OD02: online only): Calvin Lui, Product Manager; Erik Dauner, Senior Program Manager; and Mayur Santani, Product Manager, walk you through the background of where passkeys came from, their impact on the passwordless ecosystem, and the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant strategy.
• “The power of Microsoft’s XDR: they attempted, we disrupted” (BRK265H: in-person and online): Dustin Duran, Director of Security Research, and Kim Kischel, Director of Product Marketing—XDR, will discuss Microsoft 365 Defender’s automatic attack disruption technology and give you a clear understanding of attack disruption and how it’s providing immediate value to customers in the real world today.
• “Making end-to-end security real” (BRK267H: in-person and online): Mark Simos, Lead Cybersecurity Architect, and Sarah Young, Senior Cloud Security Advocate, will share quick wins that solve real-world problems using Microsoft’s integrated security products. This session will show you how to make progress on end-to-end security across identity, security operations, and more.

Interact with the experts

Bring your questions about Microsoft solutions. Our experts have answers. Connect with them during live discussions to learn more.

Opportunities to interact with the experts include:

• “Windows 11, Windows 365, & Microsoft Intune Q&A” (DIS657H: in-person and online): Gabe Frost, Group Product Manager; Harjit Dhaliwal, Senior Product Marketing Manager; Jason Githens, Principal Group Product Manager; and Joe Lurie, Senior Product Manager, will participate in a collaborative question and answer session about where we are today with Windows 11 and device management—and what you need to propel your organization and IT strategies. We’ll quickly outline a few of the latest commercial enhancements, but the focus here is on your thoughts and questions.
• “Preventing loss of sensitive data: Microsoft Purview DLP Q&A” (DIS666H: in-person and online): Shekhar Palta, Principal Product Marketing Manager, and Shilpa Bothra will discuss Microsoft Purview DLP and the way it can prevent accidental or intentional loss of sensitive data across apps and devices. Join us to discuss how you can modernize your DLP and get started quickly, and learn how DLP works with Microsoft Defender products.
• “Panel discussion: Resilient. Compliant. Secure by default” (DISFP375: online only): Joye Purser, Global Lead, Field Cybersecurity, Veritas Technologies; Saurabh Sensharma, Principal Product Manager, Microsoft; Simon Jelley, General Manager for SaaS Protection, Endpoint and Backup Executive, Veritas Technologies; and Tim Burlowski, Senior Director of Product Management, Veritas Technologies, will discuss security strategies. Join Veritas experts for an interactive question and answer on ensuring your cloud applications are resilient and your data is protected, compliant, and recoverable when it matters most.

Socialize with us and your peers

As you’ve probably experienced yourself at previous conferences and business networking events, some of the best ideas are sparked during conversations with other security professionals. Get social and join us and your cybersecurity peers at two incredible networking events.

• The Lounge at Microsoft Ignite: Located in the Hub on Level 5 (Summit Convention Center), the Lounge is the main gathering area for community. The Lounge will be staffed by Microsoft full time employees and attending Most Valuable Professionals (MVPs) to provide continuous question and answer opportunities.
• Microsoft Ignite Security After Party: Network and connect over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Partners, customers, Microsoft MVPs, and Microsoft subject-matter experts will mix and mingle. Register to reserve your spot.

Register today for Microsoft Ignite

Join us online from anywhere from November 15 to 16, 2023, to hear major product announcements, inspiring messages, and expert insights on the future of cybersecurity and Microsoft solutions. And if you’re not able to participate at all this year, you can still check out plenty of session content, product announcements, and keynotes after Microsoft Ignite wraps up. It will be available on demand after the event. Reserve your spot today. Hope you can join us!

Join the Security Tech Accelerator

We’re also having a Tech Accelerator event on Wednesday, December 6, 2023. Ask questions about the latest product announcements from Ignite and connect with your security peers at this virtual skilling event hosted on the Security Tech Community—register today.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Digital security sessions at Microsoft Ignite to prepare you for the era of AI appeared first on Microsoft Security Blog.