Across many sessions and demos, we’ll address the top security pain points related to AI and empower you with practical, actionable strategies. Keep reading this blog for a guide of highlighted sessions for security professionals of all levels, whether you’re attending in-person or online.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

Be among the first to hear top news

Microsoft is bringing together every part of the company in a collective mission to advance cybersecurity protection to help our customers and the security community. We have four powerful advantages to drive security innovation: large-scale data and threat intelligence; end-to-end protection; responsible AI; and tools to secure and govern the use of AI.

Microsoft Chairman and Chief Executive Officer Satya Nadella said in May 2024 that security is the top priority for our company. At the Microsoft Ignite opening keynote on Tuesday, November 19, 2024, Microsoft Security Executive Vice President Charlie Bell and Corporate Vice President (CVP), Microsoft Security Business Vasu Jakkal will join Nadella to discuss Microsoft’s vision for the future of security. Other well-known cybersecurity speakers at Microsoft Ignite include Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO); Joy Chik, President, Identity, and Network Access; Mark Russinovich, Chief Technology Officer and Deputy CISO; and Sherrod DeGrippo, Director of Threat Intelligence Strategy.

For a deeper dive into security product news and demos, join the security general session on Wednesday, November 20, 2024, at 11:00 AM CT. Hear from Vasu Jakkal; Joy Chik; Rob Lefferts, CVP, Microsoft Threat Protection; Herain Oberoi, General Manager, Microsoft Data Security, Privacy, and Compliance; and Michael Wallent, CVP; who will share exciting security innovations to empower you with AI tools designed to help you get ahead of attackers.

These news-breaking sessions are just the start of the value you can gain from attending online.

Benefit from insights designed for your role

While cybersecurity is a shared concern of security professionals, we realize the specific concerns are unique to role. Recognizing this, we developed sessions tailored to what matters most to you.

• CISOs and senior security leaders: If you’ll be with us in Chicago, kick off the conference with the Microsoft Ignite Security Forum on November 18, 2024 from 1 PM CT to 5 PM CT. Join this exclusive pre-day event to hear from Microsoft security experts on threat intelligence insights, our Secure Future Initiative (SFI), and trends in security. Go back to your registration to add this experience on. Also for those in Chicago, be sure to join the Security Leaders Dinner, where you can engage with your peers and provide insights on your greatest challenges and successes. If you’re joining online, gain firsthand access to the latest Microsoft Security announcements. Whether you’re in person or online, don’t miss “Proactive security with continuous exposure management” (BRK324), which will explore how Microsoft Security Exposure Management unifies disparate data silos for visibility of end-to-end attack surface, and “Secure and govern data in Microsoft 365 Copilot and beyond” (BRK321), which will discuss the top concerns of security leaders when it comes to AI and how you can gain the confidence and tools to adopt AI. Plus, learn how to make your organization as diverse as the threats you are defending in “The Power of Diversity: Building a stronger workforce in the era of AI” (BRK330).
• Security analysts and engineers: Join actionable sessions for information you can use immediately. Sessions designed for the security operations center (SOC) include “Microsoft cybersecurity architect lab—Infrastructure security” (LAB454), which will showcase how to best use the Microsoft Secure Score to improve your security posture, and “Simplify your SOC with the unified security operations platform” (BRK310), which will feature a fireside chat with security experts to discuss common security challenges and topics. Plus, learn to be a champion of safe AI adoption in “Scott and Mark learn responsible AI” (BRK329), which will explore the three top risks in large language models and the origins and potential impacts of each of these.
• Developers and IT professionals: We get it—security isn’t your main focus, but it’s increasingly becoming part of your scope. Get answers to your most pressing questions at Microsoft Ignite. Sessions that may interest you include “Secure and govern custom AI built on Azure AI and Copilot Studio” (BRK322), which will dive into how Microsoft can enable data security and compliance controls for custom apps, detect and respond to AI threats, and managed your AI stack vulnerabilities, and “Making Zero Trust real: Top 10 security controls you can implement now” (BRK328), which offers technical guidance to make Zero Trust actionable with 10 top controls to help improve your organization’s security posture. Plus, join “Supercharge endpoint management with Microsoft Copilot in Intune” (THR656) for guidance on unlocking Microsoft Intune’s potential to streamline endpoint management.
• Microsoft partners: We appreciate our partners and have developed sessions aimed at supporting you. These include “Security partner growth: The power of identity with Entra Suite” (BRK332) and “Security partner growth: Help customers modernize security operations” (BRK336).

Attend sessions tailored to addressing your top challenge

When exploring effective cybersecurity strategies, you likely have specific challenges that are motivating your actions, regardless of your role within your organization. We respect that our attendees want a Microsoft Ignite experience tailored to their specific objectives. We’re committed to maximizing your value from attending the event, with Microsoft Security sessions that address the most common cybersecurity challenges.

• Managing complexity: Discover ways to simplify your infrastructure in sessions like “Simpler, smarter, and more secure endpoint management with Intune” (BRK319), which will explore new ways to strengthen your security with Microsoft Intune and AI, and “Break down risk silos and build up code-to-code security posture” (BRK312), which will focus on how defenders can overcome the expansive alphabet soup of security posture tools and gain a unified cloud security posture with Microsoft Defender for Cloud.   
• Increasing efficiency:: Learn how AI can help you overcome talent shortage challenges in sessions like “Secure data across its lifecycle in the era of AI” (BRK318), which will explore Microsoft Purview leveraging Microsoft Security Copilot can help you detect hidden risks, mitigate them, and protect and prevent data loss, and “One goal, many roles: Microsoft Security Copilot: Real-world insights and expert advice” (BRK316), which will share best practices and insider tricks to maximize Copilot’s benefits so you can realize quick value and enhance your security and IT operations.  
• Threat landscape: Navigate effectively through the modern cyberthreat landscape, guided by the insights shared in sessions like “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will share a secret in Microsoft Defender for Endpoint success and how it uses machine learning and threat intelligence, and the theater session “Threat intelligence at machine speed with Microsoft Security Copilot” (THR555), which will showcase how Copilot can be used as a research assistant, analyst, and responder to simplify threat management.
• Regulatory compliance: Increase your confidence in meeting regulatory requirements by attending sessions like “Secure and govern your data estate with Microsoft Purview” (BRK317), which will explore how to secure and govern your data with Microsoft Purview, and “Secure and govern your data with Microsoft Fabric and Purview” (BRK327), which will dive into how Microsoft Purview works together with Microsoft Fabric for a comprehensive approach to secure and govern data.
• Maximizing value: Discover how to maximize the value of your cybersecurity investments during sessions like “Transform your security with GenAI innovations in Security Copilot” (BRK307), which will showcase how Microsoft Security Copilot’s automation capabilities and use cases can elevate your security organization-wide, and “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will dive into the key secret to the success of Defender for Endpoint customers in reducing the risk of ransomware attacks as well maximizing the value of the product’s new features and user interfaces.

Explore cybersecurity tools with product showcases and hands-on training

Learning about Microsoft security capabilities is useful, but there’s nothing like trying out the solutions for yourself. Our in-depth showcases and hands-on trainings give you the chance to explore these capabilities for yourself. Bring a notepad and your laptop and let’s put these tools to work.

• “Secure access at the speed of AI with Copilot in Microsoft Entra” (THR556): Learn how AI with Security Copilot and Microsoft Entra can help you accelerate tasks like troubleshooting, automate cybersecurity insights, and strengthen Zero Trust.  
• “Mastering custom plugins in Microsoft Security Copliot” (THR653): Gain practical knowledge of using Security Copilot’s capabilities during a hands-on session aimed at security and IT professionals ready for advanced customization and integration with existing security tools. 
• “Getting started with Microsoft Sentinel” (LAB452): Get hands-on experience on building detections and queries, configuring your Microsoft Sentinel environment, and performing investigations. 
• “Secure Azure services and workloads with Microsoft Defender for Cloud” (LAB457): Explore how to mitigate security risks with endpoint security, network security, data protection, and posture and vulnerability management. 
• “Evolving from DLP to data security with Microsoft Preview” (THR658): See for yourself how Microsoft Purview Data Loss Prevention (DLP) integrates with insider risk management and information protection to optimize your end-to-end DLP program. 

Network with Microsoft and other industry professionals

While you’ll gain a wealth of insights and learn about our latest product innovations in sessions, our ancillary events offer opportunities to connect and socialize with Microsoft and other security professionals as committed to you to strengthening the industry’s defenses against cyberthreats. That’s worth celebrating!

• Pre-day Forum: All Chicago Microsoft Ignite attendees are welcome to add on to the event with our pre-day sessions on November 18, 2024, from 1 PM CT to 5 PM CT. Topics covered will include threat intelligence, Microsoft’s Secure Future Initiative, AI innovation, and AI security research, and the event will feature a fireside chat with Microsoft partners and customers. The pre-day event is designed for decision-makers from businesses of all sizes to advance your security strategy. If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.
• Security Leaders Dinner: We’re hosting an exclusive dinner with leaders of security teams, where you can engage with your peers and provide insights on your greatest challenges and successes. This intimate gathering is designed specifically for CISOs and other senior security leaders to network, share learnings, and discuss what’s happening in cybersecurity.   
• Secure the Night Party: All security professionals are encouraged to celebrate the cybersecurity community with Microsoft from 6 PM CT to 10 PM CT on Wednesday, November 20, 2024. Don’t miss this opportunity to connect with Microsoft Security subject matter experts and peers at our “Secure the Night” party during Microsoft Ignite in Chicago. Enjoy an engaging evening of conversations and experiences while sipping tasty drinks and noshing on heavy appetizers provided by Microsoft. We look forward to welcoming you. Reserve your spot today! 

Something that excites us the most about Microsoft Ignite is the opportunity to meet with cybersecurity professionals dedicated to modern defense. Stop by the Microsoft Security Expert Meetup space to say hello, learn more about capabilities you’ve been curious about, or ask questions about Microsoft’s cybersecurity efforts. 

Hear from our Microsoft Intelligent Security Association partners at Microsoft Ignite

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security technology, will be back at Microsoft Ignite 2024.

We kick things off by celebrating our Security Partner of the Year award winners BlueVoyant (Security), Cyclotron (Compliance), and Inspark (Identity) who will join Vasu Jakkal for a fireside chat on “How security strategy is adapting for AI,” during the Microsoft Ignite Security Pre-day Forum. This panel discussion includes insights into trends partners are seeing with customers relating to AI, a view on practical challenges, and scenarios that companies encounter when deploying AI, as well as the expert guidance and best practices that security partners can offer to ensure successful AI integration in security strategies.

MISA is thrilled to welcome small and medium business (SMB) verified solution status to its portfolio. This solution verification highlights technology solutions that are purpose built to meet the needs of small and medium businesses, and the MSSPs who often manage IT and security on behalf of SMBs. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with Blackpoint Cyber and Huntress.

Join MISA members including Blackpoint Cyber and Huntress at the Microsoft Expert Meetup Security area where 14 members will showcase their solutions and Microsoft Security Technology. Review the full schedule below.

We are looking forward to connecting with our customers and partners at the Microsoft Secure the Night Party on Wednesday, November 20, from 6 to 10 PM CT.  This evening event offers a chance to connect with Microsoft Security subject matter experts and MISA partners while enjoying cocktails, great food, and entertainment. A special thank you to our MISA sponsors: Armor, Cayosoft, ContraForce, HID, Lighthouse, Ontinue, and Quorum Cyber.

Register today to attend Microsoft Ignite online

There’s still time to register to participate in Microsoft Ignite online from November 19 to 22, 2024, to catch security-focused breakout sessions, product demos, and participate in interactive Q&A sessions with our experts. No matter how you participate in Microsoft Ignite, you’ll gain insights on how to secure your future with an AI-first, end-to-end cybersecurity approach to keep your organizations safer.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite. Microsoft Experts will be hosting live Ask Microsoft Anything sessions on topics from Security for AI to Copilot for Security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

The Microsoft Purview team and I are thrilled to showcase the latest innovations in Microsoft Purview and Microsoft Fabric, designed to help customers secure, govern, and manage their complex data estates in the AI era. We’re excited to announce the preview of Microsoft Purview Information Protection, which allows for content restriction in Fabric using sensitivity labels, and Microsoft Purview Data Loss Prevention policies for lakehouses. Additionally, we’re highlighting the recent general availability of the Microsoft Purview Data Governance solution.

Customers are asking for a seamless solution that turns data security, governance, and compliance into a team sport to effectively address the converging trends across 1. scale and sophistication of data threats; 2. increasing regulations; 3. ever-expanding data estate; and 4. acceleration of AI adoption within the business.

Microsoft Purview delivers a comprehensive set of solutions that can help your organization secure, govern, and manage data for compliance and regulatory needs, wherever it lives. As we engage with customers at the Fabric Conference this week, we underscore the pivotal role of security and governance in laying the groundwork for responsible analytics. For businesses all over the world, this comprehensive approach balances the need to secure and protect data from cyberthreats with the need to activate data for business insights and AI.

Integrated with Microsoft Fabric

Microsoft Purview and Microsoft Fabric are committed to delivering a rich integrated experience so customers can seamlessly secure and govern their data estate efficiently to help meet regulatory, compliance, and privacy requirements while ensuring high-quality data for data activation. For Fabric customers, this means you can discover, secure, govern, and manage Fabric items from within Microsoft Purview as a single pane of glass across your heterogeneous data estate.

Microsoft Purview helps you seamlessly discover data assets in OneLake, extend the same Microsoft Purview data security sensitivity labels and policies from Microsoft 365 to Fabric items, and curate your Fabric data assets into a single enterprise data catalog along with other data sources like Azure Databricks, Snowflake, and Google Big Query. And this seamless integration doesn’t require any data movement or duplication, helping you reduce data sprawl and silos.

Seamlessly secure your data

Microsoft Purview Data Security capabilities are already loved and leveraged by customers around the world for their Microsoft 365 data, and with today’s announcements, we are extending this value further to Microsoft Fabric customers. These added investments enhance the Microsoft Purview Data Security capabilities already available for Fabric released in March.

Now in preview, Microsoft Purview Information Protection now includes the ability to restrict access to content based on sensitivity labels for Fabric data, which helps you discover, classify, and protect sensitive information, including the ability to apply sensitivity labels. By extending the sensitivity label support to Fabric data, security admins can now use sensitivity labels to manage who has access to Fabric items with certain labels. For example, a security admin could restrict access to data items with a “financial data” sensitivity label to only users in the finance department.

We are also extending support for Microsoft Purview Data Loss Prevention (Purview DLP) policies for your Fabric items. Purview DLP helps an organization protect sensitive data and reduce the risk of data oversharing by letting organizations define and apply policies. With these new integrations, security admins can now apply Purview DLP policies to Fabric data. As an example, a policy can be set to help detect the upload of sensitive data, like social security numbers to a lakehouse in Fabric. If detected, the policy will trigger an automatic audit activity, which can alert the security admin, and can also surface a custom policy tip to data owners to take action and remedy the non-compliance with the policy.

Learn more about Microsoft Purview Data Security integrations in Fabric.

Confidently activate your data

Microsoft Purview’s new data governance experience was made generally available on September 1, 2024. This newly reimagined solution is purpose-built for federated data governance and offers a business-friendly experience, AI-powered experiences for dramatic efficiencies, and all the key ingredients you’d expect, including catalog curation, data quality management, actionable insights, rich user experiences, and integration with third-party data management solutions—helping organizations to confidently activate their data for analytics and AI.

Microsoft Fabric customers can complement the governance capabilities in Fabric for a single-pane-of-glass experience in Microsoft Purview for data catalog curation, data user access, data quality management, health controls, and actionable insights for Fabric items and for data assets across your heterogeneous data environment.

A complete solution for the modern data governance practice

Data Catalog management offers a business-friendly experience and terms, making it easy to logically build a data catalog for your unique business needs while built-in AI serves up recommendations based on your active metadata. Data owners and data stewards can easily participate across data curation and management, responsible data access, and impact analysis—easily combining data assets from the heterogenous data estate (for example: Fabric, Databricks, Snowflake, and Google). Data users can seamlessly and securely request access to data assets for use in insights, analysis, development, and AI.

Data Health management offers a rich experience across data quality capabilities, actionable insights, and health reports, which help organizations to assess and action the quality of their governed data estate—making it easy and efficient to support a strong healthy data governance posture. With complete data quality capabilities, you can apply built-in rules and AI-generated rules that are applied and translate into data quality scores and actions across your data assets, data products, and governance domains, helping you to more effectively manage and improve your data governance posture. Data Health controls enable data stewards and chief data officers to assess the health of their data estate through the lens of industry-recognized standards and controls. While the control rules are established at a global level, execution is delegated to individual governance domains, allowing for the application of broad standards while meeting the specific needs of various groups within the organization.

Purpose-built integration with industry-leading master data management and data modeling solutions extend the value of Microsoft Purview further and help customers maximize their existing data management investments.

• CluedIn brings native master data management and Data Quality functionality to Microsoft Fabric, Microsoft Purview, and the Azure stack. Learn more about CluedIn. 
• Profisee Master Data Management is a complimentary and necessary piece of your data governance strategy. Learn more about Profisee. 
• Semarchy combines master data management, data intelligence, and data integration into a singular application in any environment. Learn more about Semarchy.  
• RELTIO’s AI-powered data unification and management solutions unify data from disparate sources, delivering a single source of truth. Learn more about RELTIO.
• ER/Studio (an Idera company) delivers advanced data modeling and metadata management to help organizations improve their data posture. Learn more about ER/Studio.

The general availability release also delivered new data governance capability not previously available during preview. Some of these new capabilities include: customers can now delete business concepts, more easily manage data access through the data catalog admin settings, view data product access request workflows, browse an enterprise glossary to better understand terms, and apply the Data Quality capabilities to Azure Synapse, Databricks Unity Catalog, Fabric Lakehouse, Google Big Query (preview), and Snowflake. Check out the complete list of new capabilities in Microsoft Purview Data Governance.

Learn more about Microsoft Purview

• Try Microsoft Purview today.
• Watch the webinar The CDO Dilemma.
• Visit the Microsoft Purview website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Activate your data responsibly in the era of AI with Microsoft Purview appeared first on Microsoft Security Blog.

Microsoft commends the DoD for approaching Zero Trust as a mindset, not a capability or device that may be bought.¹ Zero Trust can’t be achieved by a single technology, but through tight integration between solutions across product categories. Deciphering how security products achieve Zero Trust based on marketing materials alone is a daunting task. IT leaders need to select the right tools. Security architects need to design integrated solutions. Implementers need to deploy, configure, and integrate tools to achieve the outcomes in each Zero Trust activity.

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy. To learn more, see Configure Microsoft cloud services for the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust. We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust Strategy

The DoD released its formal Zero Trust Strategy in October 2022.¹ The strategy is a security framework and mindset that set a path for achieving Zero Trust. The strategy outlines strategic goals for adopting culture, defending DoD Information Systems, accelerating technology implementation, and enabling Zero Trust.

The DoD Zero Trust Strategy includes seven pillars that represent protection areas for Zero Trust:

1. User
2. Device
3. Applications and workloads
4. Data
5. Network
6. Automation and orchestration
7. Visibility and analytics

In January 2023, the DoD published a capabilities-based execution roadmap for implementing Zero Trust.² The roadmap details 45 Zero Trust capabilities spanning the seven pillars. The execution roadmap details the Zero Trust activities DoD Components should perform to achieve each Zero Trust capability. There are 152 Zero Trust activities in total, divided into Target Level Zero Trust and Advanced Level Zero Trust phases with deadlines of 2027 and 2032, respectively.

The Zero Trust activity-level guidance we’re announcing in this blog continues Microsoft’s commitment to supporting DoD’s Zero Trust strategy.³ It serves as a reference for how DoD Components should implement Zero Trust activities using Microsoft cloud services. Microsoft product teams and security architects supporting DoD worked in close partnership to provide succinct, actionable guidance side-by-side with the DoD Zero Trust activity text and organized by product with linked references.

We scoped the guidance to features available today (including public preview) for Microsoft 365 DoD and Microsoft Azure Government customers. As the security landscape changes, Microsoft will continue innovating to meet the needs of federal and DoD customers.⁴ We’re excited to bring entirely new Zero Trust technologies like Microsoft Copilot for Security and Security Service Edge to United States Government clouds in the future.⁵

Look out for announcements in the Microsoft Security Blog and check Microsoft’s DoD Zero Trust documentation to see the latest guidance.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.⁶ The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities that span all seven pillars of the DoD Zero Trust Strategy.

“Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual components will assist in reducing cost and risk to the government.”

 —Department of Defense Zero Trust Reference Architecture Version 2.0⁷

Microsoft 365 is a comprehensive and extensible Zero Trust platform.⁸ It’s a hybrid cloud, multicloud, and multiplatform solution. Pre-integrated extended detection and response (XDR) services coupled with modern cloud-based device management, and a cloud-based identity and access management service, provide a direct and rapid modernization path for the DoD and DIB organizations.

Read on to learn about Microsoft cloud services that support the DoD Zero Trust Strategy.

Figure 1. Microsoft Zero Trust Architecture.

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider. Microsoft Entra ID is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control.

Microsoft Entra ID is built for cloud-scale, handling billions of authentications every day. It uses industry standard protocols and is designed for both Microsoft and non-Microsoft apps. Establishing Microsoft Entra ID as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID. It enables dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Entra ID is essential to the user pillar and has a role in all other pillars of the DoD Zero Trust Strategy.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Microsoft Intune configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced threats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Conditional Access policies requiring a compliant device help achieve comply-to-connect  outcomes in the DoD Zero Trust Strategy.

Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions.

GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview is a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensure data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Microsoft Purview features align to the data pillar activities.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and Network Security Groups, all work together to provide routing, segmentation, and visibility into your network.

Azure networking services and network segmentation architectures are essential to the network pillar.

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt attacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Defender XDR plays a key role in automation and orchestration and visibility and analytics pillars.

Microsoft Sentinel is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Microsoft Sentinel is essential to automation and orchestration and visibility and analytics pillars along with any activities requiring SIEM integration.

Real-world pilots and implementations

The DoD is embracing Zero Trust as a continuous modernization effort. Microsoft has partnered with DoD Components for several years, onboarding Microsoft 365 services, integrating apps with Microsoft Entra, migrating Azure workloads, managing devices with Microsoft Intune, and building security operations around Microsoft Defender XDR and Microsoft Sentinel.

One such example is the United States Navy’s innovative Flank Speed program. The Navy’s large-scale deployment follows Zero Trust capabilities put forth in the DoD’s strategy. These capabilities include comply-to-connect, continuous authorization, least-privilege access, and data-centric security controls.⁹ To date, Flank Speed has onboarded more than 560,000 users and evaluated the effectiveness of its robust cybersecurity tools through Purple Team assessments.¹⁰

Another example is Army 365, the United States Army’s Microsoft 365 environment.¹¹ Army 365 has onboarded more than 1.4 million users and migrated petabytes of data.¹² The secure collaboration environment incorporates Zero Trust principles in a secure collaboration environment with identity and device protections and includes support for bring your own device (BYOD) through Azure Virtual Desktop.¹³

DoD Zero Trust Strategy and Roadmap

Learn how to configure Microsoft cloud services for the DoD Zero Trust Strategy.

Learn more

Learn more

Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DoD Zero Trust strategy, DoD CIO Zero Trust Portfolio Management Office. October 2022.

²Zero Trust Capability Execution Roadmap, DoD CIO Zero Trust Portfolio Management Office. January 2023.

³Microsoft supports the DoD’s Zero Trust strategy, Steve Faehl. November 22, 2022.

⁴5 ways to secure identity and access for 2024, Joy Chik. January 10, 2024.

⁵Microsoft Entra Expands into Security Service Edge with Two New Offerings, Sinead O’Donovan. July 11, 2023.

⁶Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report, Joy Chik. September 19, 2023.

⁷Department of Defense (DoD) Zero Trust Reference Architecture Version 2.0, Defense Information Systems Agency (DISA), National Security Agency (NSA) Zero Trust Engineering Team. July 2022.

⁸How Microsoft is partnering with vendors to provide Zero Trust solutions, Vasu Jakkal. October 21, 2021.

⁹Flank Speed Has Paved the Way for Navy to Become ‘Leaders in Zero Trust Implementation,’ Says Acting CIO Jane Rathbun, Charles Lyons-Burt, GovCon Wire. June 2023.

¹⁰Flank Speed makes significant strides in DOD Zero Trust Activity alignment, Darren Turner, PEO Digital. December 2023.

¹¹Army launches upgraded collaboration platform; cybersecurity at the forefront, Alexandra Snyder. June 17, 2021.

¹²Cohesive teams drive NETCOM’s continuous improvement, Army 365 migration, Enrique Tamez Vasquez, NETCOM Public Affairs Office. March 2023.

¹³BYOD brings personal devices to the Army network, Army Office of the Deputy Chief of Staff, G-6. February 2024.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

As many of you look to AI transformation to drive the next wave of innovation, you now also need to account for data being both consumed and created by generative AI applications. The risks that come with implementing and deploying AI are not fully known, and it is only a matter of time before you start to see broader regulatory policies on AI. According to Gartner®, by 2027 at least one global company will see its AI deployment banned by a regulator for noncompliance with data protection or AI governance legislation.² AI will be a catalyst for regulatory changes, and having secure and compliant AI will become fundamental.

With these trends converging all at once, securing and governing all your data is a complex and multifaceted undertaking. You need to secure and govern different types of data (structured, unstructured, and data generated by AI). You need to secure and govern it in different locations across multiple clouds, and you need to account for existing and future data security, governance, and AI regulations.

Most organizations experience an average of 59 data security incidents per year and use an average of 10 solutions to secure their data estate.¹ This fragmented approach requires many of you to stitch together multiple tools to address data security and governance, which can lead to higher costs and difficulty in both procurement and management. The lack of integration between the disparate tools can cause unnecessary data transfers, duplicate copies of data, redundant alerts, siloed investigations, and exposure gaps that lead to new types of data risks and ultimately worse security outcomes.

A simpler approach: Microsoft Purview

To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.

With Microsoft Purview, you can:

• Gain end-to-end visibility and understanding of your entire data estate, across on-premises, multicloud, and software as a service (SaaS) environments, and for structured, unstructured, and data created by generative AI applications.
• Apply comprehensive data protection across your data estate, using AI-powered data classification technology, data maps, extensive audit logs and signals, and management experience.
• Improve your risk and compliance posture with tools to identify data risk and manage regulatory requirements.

Microsoft Purview

Help keep your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.

What’s new in Microsoft Purview?

In this blog post, we will outline some of the exciting new capabilities for Microsoft Purview that we announced at Microsoft Ignite 2023.

Expanding data protection across the data estate

As we unveiled earlier this year, Microsoft Purview is expanding the sphere of protection across your entire data estate, including structured and unstructured data types. We are excited to share some of the next steps in that journey by providing you with:

• A unified platform that enables you to discover, label, and classify data across various data sources, including Microsoft Fabric, Microsoft Azure, Amazon Web Services (AWS), and other cloud environments.
• Consistent protections across structured and unstructured data types such as Azure SQL, Azure Data Lake Storage (ADLS), and Amazon S3 buckets.  
• Expanded risk detections enabling signals from infrastructure clouds and third-party apps such as AWS, Box, DropBox, and GitHub.

With these capabilities, you can gain visibility across your data estate, apply consistent controls, and ensure that your data is protected and compliant across a larger digital landscape. For example, you can scan and label your data in Microsoft Azure SQL, Azure Data Lake Storage, and Amazon S3 buckets, and enforce policies that restrict access to sensitive data based on data labels or user roles from one control plane—just like you do for Microsoft 365 sources. Check out this short Microsoft Mechanics video covering an end-to-end scenario. To learn more, we invite you to read the “Expanding data protection” blog.

Securing AI with Microsoft Purview

We are committed to helping you protect and govern your data, no matter where it lives or travels. Building on this vision, Microsoft Purview enables you to protect your data across all generative AI applications—Microsoft Copilots, custom AI apps built by your organization, as well as more than 100 commonly used consumer AI apps such as OpenAI’s ChatGPT, Bard, Bing Chat, and more.³ We announced a set of capabilities in Microsoft Purview to help you secure your data as you leverage generative AI. Microsoft Purview will provide you with:

• Comprehensive visibility into the usage of generative AI apps, including sensitive data usage in AI prompts and total number of users interacting with AI. To enable customers to get these insights, we announced preview of AI hub in Microsoft Purview.
• Extensive protection with ready-to-use and customizable policies to prevent data loss in AI prompts and protect AI responses. Customers can now get additional data security capabilities such as sensitivity label citation and inheritance when interacting with Copilot for Microsoft 365 and prevent their users from pasting sensitive information in consumer generative AI applications.
• Compliance controls to help detect business violations and easily meet regulatory requirements with compliance management capabilities for Copilot for Microsoft 365.

Copilot for Microsoft 365 is built on our security, compliance, privacy, and responsible AI framework, so it is enterprise ready. With these Microsoft Purview capabilities, you can strengthen the data security and compliance for Copilot. The protection and compliance capabilities for Copilot are generally available, and you can start using them today. To learn more, read the Securing AI with Microsoft Purview blog.

Supercharge security and compliance effectiveness with Microsoft Security Copilot in Microsoft Purview

Microsoft Purview capabilities for Microsoft Security Copilot are now available in preview. With these capabilities you can empower your security operations center (SOC) teams, your data security teams, and your compliance teams to address some of their biggest obstacles. Your SOC teams can use the standalone Security Copilot experience to analyze signals across Microsoft Defender, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass. Your data security and compliance teams can use the embedded experiences in Microsoft Purview for real-time analysis, summarization, and natural language search, for data security and compliance built directly into your investigation workflows.

Microsoft Purview capabilities in Security Copilot

To help your SOC team gain comprehensive insights across your security data, Microsoft Purview capabilities in Security Copilot will provide your team with data and user risk insights, identifying specific data assets that were targeted in an incident and users involved to understand an incident end to end. For example, in the case of a ransomware attack, you can leverage user risk insights to identify the source of the attack, such as a user visiting a website known to host malware, and then leverage data risk insights to understand which sensitive files that user has access to that may be held for ransom.

Security Copilot embedded in Microsoft Purview

We’ve also embedded Security Copilot into Microsoft Purview solutions to help with your data security and compliance scenarios. You can now leverage real-time guidance, summarization capabilities, and natural language support to catch what others miss, accelerate investigation, and strengthen your team’s expertise. Here’s where these capabilities will light up:

• Summarize alerts in Microsoft Purview Data Loss Prevention: Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Security Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.
• Summarize alerts in Microsoft Purview Insider Risk Management: Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Security Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement.
• Contextual summary of communications in Microsoft Purview Communication Compliance: Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Security Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement.
• Contextual summary of documents in review sets in Microsoft Purview eDiscovery: Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Security Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.
• Natural language to keyword query language in eDiscovery: Search is a difficult and time-intensive workflow in eDiscovery investigations, traditionally requiring input of a query in keyword query language. Security Copilot in eDiscovery now offers natural language to keyword query language capabilities, allowing users to provide a search prompt in natural language to expedite the start of the search. This empowers analysts at all levels to conduct advanced investigations that would otherwise require keyword query language expertise. Learn more in our Microsoft Purview eDiscovery blog.

To learn more about Security Copilot and Microsoft Purview, read our Microsoft Security Copilot in Microsoft Purview blog.

Additional product updates

New Microsoft Purview Communications Compliance capabilities

Copilot for Microsoft 365 support introduces an advanced level of detection within Communication Compliance, allowing organizations to identify and flag risky communication, regardless of source. Investigative scenarios across various Microsoft applications, including Outlook, Microsoft Teams, and more, showcase the precision of this feature, identifying patterns, keywords, and sensitive information types. With additional features for policy creation and user privacy protection, administrators can also fine-tune their management strategy, ensuring secure, compliant, and respectful communications. Integration with Security Copilot further enhances data security and regulatory adherence, providing concise contextual summaries for swift investigation and remediation. Leveraging AI technology, Communication Compliance detects and categorizes content, prioritizing content that requires immediate attention. Reporting inappropriate content within Microsoft Viva Engage and ensuring compliance in Microsoft Teams meetings further strengthens the multilayered compliance defense. Stay ahead of compliance challenges and embrace these innovative features to secure, comply, and thrive in the digital age.

Learn more in our Microsoft Purview Communication Compliance announcement.

New to Information Protection in Microsoft Purview

As organizations prepare to use generative AI tools such as Copilot for Microsoft 365, leveraging Microsoft Purview Information Protection, discovery and labeling of sensitive data across the digital estate is now even more important than ever. New releases to Microsoft Purview Information Protection include intelligent advanced classification and labeling capabilities at an enterprise scale, contextual support for trainable classifiers that improve visibility into effectiveness and discoverability, better protection for important PDF files, secure collaboration on labeled and encrypted documents with user-defined permissions, as well support for Microsoft Fabric, Azure, and third-party clouds.

You can learn more about the new Information Protection capabilities in the Information Protection announcement.

New Microsoft Purview Data Loss Prevention capabilities

We are excited to announce a set of new capabilities in Microsoft Purview Data Loss Prevention (Purview DLP) that can help comprehensively protect your data and efficiently investigate DLP incidents. Our announcements can be grouped into three categories:

• Efficient investigation: Capabilities that empower admins by making their everyday tasks easier, including enriching DLP alerts with user activity insights from Insider Risk Management, DLP analytics to help find the biggest risk and recommendations to finetune DLP policies, and more.
• Strengthening protection: Capabilities that help protect numerous types of data and provide granular policy controls, including predicate consistency across workloads, enhancements to just-in-time protection for endpoints, support for optical character recognition (OCR), and performance improvements for DLP policy enforcements.
• Expanding protection: Capabilities that extend your protection sphere to cover your diverse digital estate, including support for Windows on ARM and several enhancements to macOS endpoints.

Purview DLP is easy to turn on; protection is built into Microsoft 365 apps and services as well as endpoint devices running on Windows 10 and 11, eliminating the need to set up agents on endpoint devices. 

Learn more in our Microsoft Purview DLP blog.

New Microsoft Purview Insider Risk Management and Adaptive Protection capabilities

To secure data in diverse digital landscapes, including cloud environments and AI tools, detecting and mitigating data security risks arising from insiders is a pivotal responsibility. At Microsoft Ignite, we made a few exciting announcements for Insider Risk Management and Adaptive Protection: 

• Intelligent detection across diverse digital estate: Insider Risk Management will now detect critical data security risks generated by insiders in AWS, Azure, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Additionally, security teams can also gain visibility into AI usage with our new browsing to generative AI sites indicator.  
• Adaptive data security from risk detection to response: User context can help security teams make better data security decisions. Security teams can now gain user activity summary when a potential DLP incident is detected in Microsoft Purview DLP and Microsoft Defender portal. With this update and Adaptive Protection, user risk context is available from DLP incident detection to response, making data security more effective. In addition, security teams can now leverage human resources resignation date to define risk levels for Adaptive Protection, addressing common incidents, such as potential data theft from departing employees.  
• Streamlined admin experience for effective policies: To enable better policies management experience, Insider Risk Management will support admin units and provide recommended actions to fine tune policies and receive more high-fidelity alerts. 

Learn more details about all these announcements in our Microsoft Purview Insider Risk Management blog.  

Get started today

These latest announcements have been exciting additions to help you secure and govern your data, across your entire data estate in the era of AI. We invite you to learn more about Microsoft Purview and how it can empower you to protect and govern your data. Here are some resources to help you get started:

• Watch the Microsoft Purview on-demand sessions from Microsoft Ignite, outlined in this guide.
• Try Microsoft Purview for free.
• Read the Data Security Index report.
• Visit the Microsoft Purview website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Data Security Index: Trends, insights, and strategies to secure data, October 2023.

²Gartner, Security Leader’s Guide to Data Security, Andrew Bales. September 7, 2023.

³Microsoft sets new benchmark in AI data security with Purview upgrades, VentureBeat. November 13, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

While our in-person tickets have sold out, registration for the virtual event is still available to participate in the Microsoft Security experience at Microsoft Ignite, which includes sessions on security strategies and practical applications. In both tracks,​ you’ll learn about the latest innovations and implementation strategies from Microsoft Security across comprehensive security, unified visibility, and Microsoft Security Copilot. Keep reading this blog post for ideas on keynotes, breakout sessions, and discussions to check out. Register to browse our session catalog and bookmark sessions you’d like to attend.

Catch the news highlights during our keynote

Our announcement-packed keynote from Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, will be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them during their keynote, “The Future of Security with AI.” They will share how Microsoft is delivering AI for security with Microsoft Security Copilot, and how we enable organizations to secure and govern AI with new capabilities. This new era of AI offers unprecedented opportunities to elevate human potential but also challenges organizations with unknowns and risks.

Learn security strategies for today’s and tomorrow’s challenges 

Our cybersecurity strategy sessions are focused on equipping you to leverage AI and Microsoft Security solutions to strengthen your threat defense strategy. Join these sessions to take your strategies to the next level across identity protection, code-to-cloud approaches, industry best practices for AI, and the latest learnings in threat intelligence.   

Strategy sessions to consider joining include:

• “How we secure the Microsoft estate” (BRK291H: in-person and online): Join a fireside chat with Bret Arsenault, Corporate Vice President and Chief Information Security Officer, on Microsoft’s approach to security and how Microsoft plans to adapt as the industry continues to embrace the new era of AI.
• “Boosting ID Protection Amid Sophisticated Attacks” (BRK294H: in-person and online): Alex Weinert, Vice President, Identity Security, and Mia Reyes, Director, Foundational Security—Cybersecurity, will offer a deep dive into the escalating landscape of cyberthreats targeting digital identities amid the evolving tech realms of the Internet of Things, operational technology, and hybrid workspaces. Learn about innovation in automated key management and Hardware Security Modules for fortified key storage, crucial in mitigating human errors and bolstering defenses against sophisticated aggressors.
• “This Year In Threats: Tales From Microsoft’s Global Fight Against APTs” (BRK299: in-person only): Sherrod DeGrippo, Director of Threat Intelligence, and John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research, will discuss how Microsoft defends customers at the nexus of the cyber and physical worlds and how they can join our global alliance to help give bad actors nowhere to hide. This year, Microsoft Threat Intelligence stood with its partners on the leading edge of the global response to the most impactful threats and incidents. In this session, look back at the threat actors and campaigns that defined 2023 and hear our experts tell their favorite stories from the front line.
• “Secure access in the AI era: What’s new in Microsoft Entra” (BRK297H: in-person and online): Jade D’Souza, Product Manager; John Savill, Cloud Solution Architect; and Joy Chik, President, Identity and Network Access, will offer details on innovations for Microsoft Entra ID (formerly Azure Active Directory) that can help you automatically prevent identity compromise, enforce granular access policies, govern permissions, and leverage AI to secure access for anyone to anything from anywhere. This demo-centric session will follow an employee as they onboard, access resources, and collaborate.
• “Unifying XDR + SIEM: A new era in SecOps” (BRK293H: in-person and online): Preeti Krishna, Principal Product Manager, and Rob Lefferts, Corporate Vice President, Microsoft Threat Protection, will offer insights on how the latest innovations in generative AI, automatic attack disruption, embedded threat intelligence, decoy assets, a reimagined user interface, and cloud posture management capabilities will supercharge your threat detection, response, and defense.
• “Secure and govern your data in the era of AI” (BRK296H: in-person and online): Erin Miyake, Principal Product Manager; Herain Oberoi, Marketing Leader; Tina Ying, Senior Product Marketing Manager, Insider Risk Management; and Rudra Mitra, Corporate Vice President, Microsoft Data Security and Compliance, will demonstrate how Microsoft Purview’s comprehensive approach to data security, compliance, and privacy helps empower organizations to protect and govern their data.
• “Security for AI: Prepare, protect, and defend in the AI era” (BRK298H: in-person and online): Douglas Santos, Senior Product Manager; Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security and Compliance; and Shilpa Bothra, Senior Product Marketing Manager, will discuss the importance of preventing sensitive data leaks in AI as third-party AI apps grow exponentially and hackers continue to launch adversarial attacks using generative AI. Leave this session with a solid defense and ways to secure data as you interact with AI using Microsoft’s comprehensive security suite.

Gain practical applications with in-depth product views

When strategizing a security approach, technology solutions play a critical role. To help you become an expert on security solutions and implement new features within your organization, Microsoft Ignite will include sessions exploring the use cases of Microsoft solutions, including Security Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Practical application sessions to consider joining include:

• “Boost multicloud security with a comprehensive code to cloud strategy” (BRK261H: in-person and online): Safeena Begum, Principal Product Manager, and Yuri Diogenes, Principal Product Manager, will talk about how Microsoft Defender for Cloud can help you fortify your defenses and enhance your incident response strategy with cloud security graphic insights and tailored analytics from Defender for Cloud workload protection plans.
• “Fortified security and simplicity come together with Microsoft Intune” (BRK263H: in-person and online): Archana Devi Sunder Rajan, Partner Group Product Manager, Microsoft Intune; Dilip Radhakrishnan, Partner Group Product Manager, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Partner Director of Engineering, will discuss how the next generation of endpoint management and security capabilities from Microsoft Intune help transform security and IT operations. Learn how to simplify app updates, cut the cost of public key infrastructure lifecycle management, mitigate risks with AI-derived insights, and free up resources by automating IT workflows.
• “Modern management innovation shaping endpoint security” (BRK295H: in-person and online): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Corporate Vice President, Intune Engineering; and Steve Dispensa, Corporate Vice President, will explore how to defend against the evolving sophistication of cyberthreats while ensuring a productive workforce. The newest wave of Microsoft Intune innovation can shape your defense-in-depth strategy for a secure and productive end user computing estate.
• “Beyond traditional DLP: Comprehensive and AI-powered data security” (BRK262H: in-person and online): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Manager, will share how AI-powered Microsoft Purview Information Protection and Microsoft Purview Insider Risk Management can transform your data loss prevention (DLP) program, enabling Adaptive Protection and fortifying your data security posture. You will also hear about new features that enhance incident response and expand endpoint coverage and gain insights on how to enhance their data security strategies.
• “How Microsoft Purview helps you protect your data” (OD07: online only): Anna Chiang, Senior Product Marketing Manager, and Tony Themelis, Principal Product Manager, will explore organizational paradoxes and how Microsoft Purview can help strengthen your data security posture. They will also demonstrate how our latest AI-powered and contextual classifiers can identify sensitive trade secrets, personally identifiable information, and more in seconds across your digital estate.
• “Effortless application migration using Microsoft Entra ID” (OD03: online only): David Gregory, Director of Product Marketing, Identity Compete, will share how our newly proposed tool supplies a one-click configuration to integrate applications into Microsoft Entra ID. During this on-demand session, we will provide an overview of how our tool offers a guided experience to seamlessly facilitate the migration of your applications from Active Directory Federation Services to Microsoft Entra ID.
• “Bringing Passkey into your Passwordless journey” (OD02: online only): Calvin Lui, Product Manager; Erik Dauner, Senior Program Manager; and Mayur Santani, Product Manager, walk you through the background of where passkeys came from, their impact on the passwordless ecosystem, and the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant strategy.
• “The power of Microsoft’s XDR: they attempted, we disrupted” (BRK265H: in-person and online): Dustin Duran, Director of Security Research, and Kim Kischel, Director of Product Marketing—XDR, will discuss Microsoft 365 Defender’s automatic attack disruption technology and give you a clear understanding of attack disruption and how it’s providing immediate value to customers in the real world today.
• “Making end-to-end security real” (BRK267H: in-person and online): Mark Simos, Lead Cybersecurity Architect, and Sarah Young, Senior Cloud Security Advocate, will share quick wins that solve real-world problems using Microsoft’s integrated security products. This session will show you how to make progress on end-to-end security across identity, security operations, and more.

Interact with the experts

Bring your questions about Microsoft solutions. Our experts have answers. Connect with them during live discussions to learn more.

Opportunities to interact with the experts include:

• “Windows 11, Windows 365, & Microsoft Intune Q&A” (DIS657H: in-person and online): Gabe Frost, Group Product Manager; Harjit Dhaliwal, Senior Product Marketing Manager; Jason Githens, Principal Group Product Manager; and Joe Lurie, Senior Product Manager, will participate in a collaborative question and answer session about where we are today with Windows 11 and device management—and what you need to propel your organization and IT strategies. We’ll quickly outline a few of the latest commercial enhancements, but the focus here is on your thoughts and questions.
• “Preventing loss of sensitive data: Microsoft Purview DLP Q&A” (DIS666H: in-person and online): Shekhar Palta, Principal Product Marketing Manager, and Shilpa Bothra will discuss Microsoft Purview DLP and the way it can prevent accidental or intentional loss of sensitive data across apps and devices. Join us to discuss how you can modernize your DLP and get started quickly, and learn how DLP works with Microsoft Defender products.
• “Panel discussion: Resilient. Compliant. Secure by default” (DISFP375: online only): Joye Purser, Global Lead, Field Cybersecurity, Veritas Technologies; Saurabh Sensharma, Principal Product Manager, Microsoft; Simon Jelley, General Manager for SaaS Protection, Endpoint and Backup Executive, Veritas Technologies; and Tim Burlowski, Senior Director of Product Management, Veritas Technologies, will discuss security strategies. Join Veritas experts for an interactive question and answer on ensuring your cloud applications are resilient and your data is protected, compliant, and recoverable when it matters most.

Socialize with us and your peers

As you’ve probably experienced yourself at previous conferences and business networking events, some of the best ideas are sparked during conversations with other security professionals. Get social and join us and your cybersecurity peers at two incredible networking events.

• The Lounge at Microsoft Ignite: Located in the Hub on Level 5 (Summit Convention Center), the Lounge is the main gathering area for community. The Lounge will be staffed by Microsoft full time employees and attending Most Valuable Professionals (MVPs) to provide continuous question and answer opportunities.
• Microsoft Ignite Security After Party: Network and connect over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Partners, customers, Microsoft MVPs, and Microsoft subject-matter experts will mix and mingle. Register to reserve your spot.

Register today for Microsoft Ignite

Join us online from anywhere from November 15 to 16, 2023, to hear major product announcements, inspiring messages, and expert insights on the future of cybersecurity and Microsoft solutions. And if you’re not able to participate at all this year, you can still check out plenty of session content, product announcements, and keynotes after Microsoft Ignite wraps up. It will be available on demand after the event. Reserve your spot today. Hope you can join us!

Join the Security Tech Accelerator

We’re also having a Tech Accelerator event on Wednesday, December 6, 2023. Ask questions about the latest product announcements from Ignite and connect with your security peers at this virtual skilling event hosted on the Security Tech Community—register today.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Digital security sessions at Microsoft Ignite to prepare you for the era of AI appeared first on Microsoft Security Blog.

Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). They’ve also shared how to use Microsoft 365 Defender to locate exploitation activity.

I wanted to take another perspective with this post and share the role that Microsoft Purview data security solutions play, together with Microsoft 365 Defender and Microsoft Sentinel, to provide defense-in-depth mitigation. With defense-in-depth, we create barriers to the bad actor, increasing their resources required and uncertainty, interfering with their business case.

Microsoft Purview provides important value with unified data governance and compliance solutions but it’s Microsoft Purview’s data security capabilities within Microsoft 365 we’ll be discussing in this blog.

What makes BazaCall different from most phishing attacks is using a malicious email to have the victim initiate a call to a phony call center run by the bad actor that then coaches the victim to install malware. Replacing malicious links and attachments in email with a phone number to the call center is used to evade email protection.

An overview of the BazaCall attack flow is provided at the end of this post.

The mitigations suggested here will be of value for attacks where the bad actor has control of a Microsoft 365 account and is attempting to exfiltrate sensitive data.

The data security benefits of Microsoft Purview for attack mitigation are sometimes overlooked. These solutions may be managed by other groups in the organization, such as the compliance team rather than the security team, and so may not be the go-to tools in the toolbox when preparing for or responding to an attack. These solutions should be part of a defense-in-depth strategy and Zero Trust architecture.

Microsoft Purview Mitigations

Microsoft Purview Information Protection sensitivity labels can be applied to protect sensitive files from unauthorized access. These sensitivity labels can have scoped encryption, among other protections, which travels with the file inside and outside of the organization’s environment. This would make the file unreadable except by the party for which the encryption is scoped—for example, only employees, a partner, or a customer organization—or it can be defined by the user to be consumable only by specific individuals.

Figure 1. Sensitivity Label with scoped encryption—accessible only to employees.

Automation, configured by the administrators, can be used to support the user in applying these labels including making the application of a label mandatory if the file contains sensitive information.

Microsoft Purview Data Loss Prevention (Purview DLP) can be used to prevent the sensitive information from being exfiltrated through several egress channels, including user’s endpoint devices, Microsoft cloud services such as SharePoint Online, OneDrive for Business, Exchange Online, Teams, and Microsoft PowerBI, browsers such as Microsoft Edge, Chrome, and Firefox, as well as non-Microsoft applications such as Salesforce, Dropbox, Box, and more, including the free file-sharing services used as part of the BazaCall TTPs.

Customers can create policies that block and do not allow override for their top priority sensitive information such that even if the bad actor manages to get access to the user’s account, they are blocked from exfiltrating any sensitive content. Purview DLP policies can be configured leveraging a variety of out-of-the-box or custom criteria including machine learning-based trainable classifiers as well as the sensitivity labels created in Information Protection.

Figure 2. Purview DLP preventing the upload of sensitive files into Dropbox.

Microsoft Purview Insider Risk Management can alert the security team to the bad actor’s activities, including the exfiltration of sensitive information to the file-sharing service. Insider Risk Management can reason over and parse through user activity signals, by leveraging more than 100 ready-to-use indicators and machine learning models, including sequence detection and cumulative exfiltration detection. With Adaptive Protection powered by Insider Risk Management, the security team can detect high-risk actors, such as a bad actor-controlled account, and automatically enforce the strictest DLP policy to prevent them from exfiltrating data.  

Figure 3. Insider Risk Management uses specialized algorithms and machine learning to identify data exfiltration and other risks.

Microsoft Defender for Cloud Apps can make a file-sharing site used for sensitive file exfiltration unreachable from the user’s browser or it can prevent sensitive files from being moved to the site. Alternatively, the policy can be configured to only allow files to be moved to the file-sharing site if they have a sensitivity label applied that contains scoped encryption. If this protected file is exfiltrated it would not be readable by the bad actor.

Figure 4. Microsoft Defender for Cloud Apps blocking access to file sharing and backup site.

Microsoft Purview Audit provides forensic information to scope a possible breach. This is especially valuable when bad actors are “living off the land.” Among the audit items made available are the terms that a user searched in email and SharePoint. If the bad actor was searching for sensitive information to exfiltrate, this item will assist the investigation.

Purview Audit, recently expanded for accessibility and flexibility, will also provide insight to mail items accessed and mail sent, which would be impactful when investigating scope and possible exfiltration channels. Although a bad actor’s known TTPs may not include these channels, we need a fulsome investigation. Their TTPs are likely not static.

Purview Audit Premium provides more logging event retention capabilities, with one-year retention (up from 180 days with Standard) and an option to increase retention to 10 years among other upgraded features.

Figure 5. Premium Audit solution searching forensic events.

Microsoft Purview Data Lifecycle Management policies and labeling could be used to purge unneeded information from the organization’s environment. An auditable review can be required prior to deletion or deletion can be automated without user or administrator action.

If information is not in the environment, it cannot be exfiltrated by the bad actor or put the organization at risk.

Figure 6. Disposal of unneeded documents reduces exfiltration risk to the organization.

About BazaCall

BazaCall uses a phishing campaign that tricks unsuspecting users into phoning the attacker, who coaches them into downloading BazaLoader malware, which retrieves and installs a remote monitoring and management (RMM) tool onto the user’s device. The email typically claims that the user has reached the end of a free trial of some type, that billing will begin shortly and provides an option to cancel by phoning a call center. The threat of unjustified billing is the lever that the attacker uses to get the victim to comply.

Typically, the file download has been a malicious Excel document that purports to be a “cancellation form” for the unwanted service and charges referred to in the phishing campaign. The bad actor coaches the victim into accepting macros and disabling security solutions to complete the phony “cancellation.”

RMM software provides multiple useful purposes for attackers: The software allows an attacker to maintain persistence and deploy malicious tools within a compromised network. It can also be used for an interactive command-and-control system. With command and control established, the bad actor organization can spread laterally through the environment to steal sensitive data and deploy ransomware. Once command and control of the user’s machine is established, bad actor hands-on keyboard is used to exfiltrate data including through free cloud-based file-sharing sites. TTPs have evolved in the last two years, including the use of file-sharing sites for exfiltration in addition to open-source tools like RClone.

The user is also subject to human-operated ransomware.

The mitigations discussed in this post are focused on the data exfiltration aspects in the “hands-on-keyboard” phase of the attack.

Figure 7. BazaCall attack flow.

Microsoft Purview can help protect from BazaCall attacks

Microsoft Purview data security for Microsoft 365 is not a cure-all for phishing attacks. It is part of a defense-in-depth strategy that includes user training, antimalware, vulnerability management, email security, access control, monitoring, and response. The data security solutions within Microsoft Purview should be considered based on risk-based criteria for inclusion in the strategy.

These tools may be managed by different teams in the organization. Collaboration among these teams is critical for coordinated defense and incident response. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog.

Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.¹ Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.² Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.³ In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Register now

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”⁴ 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.⁵ Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

• For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
• With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.⁶ For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
• We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

• Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
• Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
• Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
• Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
• Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
• Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
• Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
• Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
• Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
• Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

• Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
• Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
• Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
• Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
• Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.⁷ We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

• “Springboard customers into the era of AI with end-to-end security” (FS106): This session will spotlight how AI will transform technology for our customers and their security practices. You can also join a live Q&A with the experts.
• “Investments Microsoft is making to accelerate your security business” (ODBRK117): Learn the latest opportunities to expand the offerings of existing customers over the next 12 months with Microsoft Security.
• “Take advantage of the expanding opportunity with end-to-end security” (OD130): Explore how Microsoft Security’s end-to-end solution helps you get ready and get your customers to fully leverage the massive opportunity in the security market.  
• “Securing the channel: protecting customers’ digital transformation” (OD131): Find out more about Microsoft’s vital role in addressing increasing cyberattacks in hybrid and remote work environments, while also hearing of the role of partners in proactively securing customers’ digital transformation.
• “Bridging the cybersecurity gap: security training for partners” (OD132): In this Level 400 session, you’ll experience a new gamified learning simulation that makes Microsoft Security solutions real for you and your teams through interactive scenarios. 
• “Build Your Security Practice” (OD142): Explore how partners can grow revenue and profitability with managed security services with Microsoft 365 Business Premium and Microsoft Defender for Business. We will discuss key SMB trends, new product innovations, and resources to help partners develop successful security service offerings.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft internal data.

²Internet Crime Report, Federal Bureau of Investigation. 2022.

³The Partner Opportunity For Microsoft Security, Forrester. July 2023.

⁴Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

⁵The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

⁶2022 Cybersecurity Workforce Study, (ISC)². 2022.

⁷The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

1. Choose a reliable cloud service provider

Choosing a reputable cloud service provider is the first step toward securing data. The provider should offer secure data storage, encryption, and access controls. Look for providers that are compliant with relevant security standards and regulations, such as ISO 27001, HIPAA, and PCI DSS. Microsoft Cloud has several certifications making it a trusted choice for customers. For an exhaustive list of the compliance offerings, refer to compliance offerings for Microsoft 365, Azure, and other Microsoft services.

2. Understand your security responsibilities

When you move your data to cloud services, it’s important to understand who is responsible for securing it. In most cases, the cloud provider is responsible for securing the infrastructure, while the customer is responsible for securing the data stored on that infrastructure. Make sure you know your responsibilities and take the necessary steps to secure your data. The below picture shows how the responsibility shifts from the customer to the cloud provider as the customers move their applications to cloud services. While customers maintain end-to-end responsibility of maintaining the environment on-premises, as they move to cloud services, more and more responsibilities are taken over by the cloud provider. However, maintaining and securing data, devices, and identities is always the customer’s responsibility.

Figure 1. Shared responsibility model in the cloud.

3. Use strong authentication

While passwords are the first line of defense against unauthorized access, we are aware that passwords can be stolen, leaked, or compromised. Using strong authentication methods, such as multifactor authentication, can significantly reduce the risk of unauthorized access to data. Multifactor authentication requires users to provide multiple forms of authentication, such as a password and a code sent to a mobile app, before gaining access to the cloud environment. However, the best defense is provided by passwordless technologies like facial recognition, fingerprints, or mobile apps. Microsoft provides a host of such technologies like Windows Hello, Microsoft Authenticator, or FIDO2 Security keys. Using these methods, you can mitigate the risk of password theft.

Figure 2. Authentication methods.

4. Implement encryption

Encryption is a critical component of cloud security. It involves encoding data in such a way that only authorized users can access it. Implementing encryption for data in transit and data at rest can help protect sensitive data from unauthorized access and data breaches. In the Microsoft Cloud, data is always encrypted at rest, in transit, and in use. Microsoft Azure Storage Service Encryption provides encryption for data at rest with 256-bit AES using Microsoft Manage Keys. It encrypts data in Azure Managed Disks, blob storage, Azure files, Azure queues and table storage. Azure Disk Encryption provides encryption for data at rest in Windows and Linux VMs using 256-AES encryption. Transparent Data Encryption provides encryption for Microsoft Azure SQL Database and Azure Data Warehouse.

5. Protect data wherever it lives or travels

The biggest problem faced by businesses today is discovering where their sensitive data is. With more than 80 percent of corporate data “dark”, organizations need tools to help them discover this data. Microsoft Purview Information Protection helps you scan data at rest across Microsoft 365 applications, SharePoint Online, Exchange Online, Teams, non-Microsoft Cloud apps, and on-premises file shares and SharePoint servers using the Microsoft Purview Information Protection scanner tool, to discover sensitive data. Identifying the data is not enough. Organizations need to be aware of the risk associated with this data and protect the data by applying things such as encryption, access restrictions, and visual markings. With Microsoft Purview Information Protection you can automatically apply sensitivity labels to identify the data as highly confidential, confidential, or general, depending on your label schema by using more than 300 Sensitive Information Types and Trainable Classifiers.

Organizations also suffer from inadvertent or malicious data loss. They need to have controls in place to prevent sensitive data from being accessed by unauthorized individuals. Microsoft Purview Data Loss Prevention helps prevent data loss by identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive information across cloud, apps, and on endpoint devices. It is a cloud-native solution with built-in protection so that you no longer need to deploy and maintain costly on-premises infrastructure or agents.

Data doesn’t move itself; people move data. That is why understanding the user context and intent behind data movement is key to preventing data loss. Microsoft Purview Insider Risk Management offers built-in, ready-to-use machine learning models to detect and mitigate the most critical data security risks around your data. And by using Adaptive Protection, organizations can automatically tailor the appropriate data loss prevention controls based on a user’s risk level, ensuring that the most effective policy—such as blocking data sharing—is applied only to high-risk users, while low-risk users can maintain their productivity. The result: your security operations team is now more efficient and empowered to do more with less.

Learn more about data protection for businesses.

Figure 3. Microsoft’s approach to data security.

6. Implement access control

Implementing access controls can help limit access to sensitive data in cloud services. Access controls should be based on the principle of least privilege, where users are granted the minimum access required to perform their tasks. Role-based access control can be used to assign roles and permissions to users based on their job responsibilities. Microsoft Entra encompasses all such Identity and Access capabilities from Microsoft.

7. Monitor cloud activity and know your security posture

Monitoring cloud activity can help detect and prevent unauthorized access to data. Cloud service providers offer monitoring services that can alert administrators when suspicious activity is detected. Regularly reviewing cloud logs and audit trails can help identify potential security threats. Microsoft Defender for Cloud is a cloud-native application protection platform that combines the capabilities of Cloud Security Posture Management with integrated data-aware security posture and Cloud Workload Protection Platform to help prevent, detect, and respond to threats with increased visibility into and control over the security of multicloud and on-premises resources such as Azure Storage, Azure SQL, and open-source databases.

Figure 4. Microsoft Defender for Cloud.

In addition, Microsoft Sentinel, Microsoft’s AI-enriched, cloud-native security information and event management, can uncover sophisticated threats and automate response. It acts as a centralized hub across multicloud environments to monitor attackers as they move across vectors.

Figure 5. Microsoft Sentinel.

8. Use secure APIs

APIs are used to access cloud services, and they can be vulnerable to attacks if not secured properly. Secure APIs should be implemented with strong authentication and encryption to prevent unauthorized access to cloud services.

9. Conduct regular security assessments

Conducting regular security assessments can help identify security vulnerabilities and assess the effectiveness of security measures. Regular security assessments can be conducted internally or by third-party security experts.

10. Train your employees

Ensure that your employees are aware of the security risks associated with storing data in cloud services and are trained on best practices for securing data. This includes regular security awareness training and policies for reporting suspicious activity.

11. Implement principles of Zero Trust

Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing the following set of security principles:

• Verify explicitly – Always authenticate and authorize based on all available data points.
• Use least privilege access – Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
• Assume breach – Minimize blast radius and segment access.

A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy. This is done by implementing Zero Trust controls and technologies across six foundational elements of identity, endpoints, data, apps, infrastructure, and network.

Figure 6. Zero Trust across the vectors.

Each of these is a source of signal, a control plane for enforcement, and a critical resource to be defended. Here is Microsoft’s guide to securing data with Zero Trust.

What’s next

In conclusion, securing data in cloud services is essential for businesses to protect their sensitive information from unauthorized access and data breaches. End-to-end security design and implementation is the foundation of securing data in cloud services. Microsoft recommends a defense in depth approach implementing the principles of Zero Trust across identity, endpoints, data, apps, infrastructure, and network.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post 11 best practices for securing data in cloud services appeared first on Microsoft Security Blog.

Figure 1. This graphic shows how software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) work together in a comprehensive security strategy.

Microsoft Security—extending our multicloud reach

At Microsoft, we have long embraced our commitment to protecting our customers’ multicloud environments. The journey began in July 2021, when we acquired CloudKnox Security to help customers manage permissions across clouds and strengthen their Zero Trust strategy.² That cloud infrastructure entitlement management (CIEM) solution has evolved to become Microsoft Entra Permissions Management, and is part of our comprehensive identity product family: Microsoft Entra. In February 2022, Microsoft Defender for Cloud expanded to include GCP and AWS, becoming the first cloud provider to offer integrated cloud-native application protection (CNAPP) for the three main public clouds—from development to runtime.³ This past March, we introduced Microsoft Defender Cloud Security Posture Management for multicloud environments, including new data-aware security posture management capabilities to help customers identify risks across their data estate, and an improved multicloud security benchmark to better unify security and compliance across services. And finally, earlier this year we announced enhancements to Microsoft Purview to continue building on the promise of securing both structured and unstructured data wherever it lives.

Figure 2. Timeline of Microsoft Security’s journey to multicloud, starting in 2021 with the acquisition of CloudKnox Security, to the launch of Microsoft Entra and the extension of Microsoft Defender for Cloud to GCP and AWS in 2022, continuing with enhancements to Microsoft Purview in 2023, with more capabilities to come.

Securing your data wherever it travels

The amount of data being created and transferred is growing exponentially. This is taking place at a time when employees don’t just gather around the water cooler; they’re communicating across digital channels on personal and corporate devices. Modern workforces are distributed, and the digital fabric of any given organization is made up of multiple threads, adding layers of complexity. Additionally, the shift to multicloud makes the surface area of your data even larger. Without unified visibility across your multicloud data security posture, the shift adds to the complexity of identifying risks such as misconfigured object storage and databases.⁴ You can hear more about this in the most recent Uncovering Hidden Risks podcast, which discusses the risks of running a multicloud strategy as customers accelerate their digital transformation. Organizations looking to proactively protect and manage multicloud environments often face challenges around data risk, data protection, and data compliance.

Data Risk—Data doesn’t move itself; people move and interact with data, and that’s where the majority of data security risks stem from. In fact, data security incidents are commonly caused by insider actions, accounting for nearly 35 percent of all unauthorized incidents.⁴ Even the strongest cybersecurity programs can be undermined by insiders who either intentionally or unintentionally compromise an enterprise. To assist you in identifying data risks across various environments, we are pleased to share that you can now bring your own risk detections into Microsoft Purview Insider Risk Management. For example, you can import events from customer relationship management (CRM) systems, such as Salesforce, or developer tools like GitHub. These user activities can then be used as custom indicators in insider risk policies, combined with other built-in indicators, offering organizations a comprehensive view and understanding of potential data security risks posed by an insider. You can learn more about it from our blog “Manage insider risks in multicloud environments.”

Data Protection—The loss of sensitive data remains the top security concern for IT and security professionals. This often leads to the deployment of multiple solutions to manage data loss across different environments, which could lead to both blind spots and data leakage. It is crucial to have integrated solutions that can protect sensitive data across your digital landscape. In addition to supporting Microsoft 365 apps, services, Microsoft Edge, and Windows endpoints, Microsoft Purview Data Loss Prevention (Purview DLP) supports macOS endpoints, as well as virtualized environments such as Citrix, Windows Virtual Desktop, Amazon Workspaces, and Hyper-V platforms, as well as Google Chrome and Firefox browsers. We are continuing to expand our capabilities to allow you to cover all egress risks. Today we are excited to announce that organizations can now leverage Purview DLP to prevent their users from pasting sensitive content in websites on supported browsers. For example, let’s say a user copies customer information from an internal CRM system or SQL database, and pastes it into personal email, social media sites, or generative AI prompts on a supported browser like Microsoft Edge, Google Chrome, or Firefox. Based on the pre-set policy, Purview DLP will audit, warn, or block the action to prevent leaking sensitive information. Learn more in our blog here.

Data Compliance—The compounding impact of a complex regulatory environment and the growing adoption of cloud services makes it increasingly difficult for organizations to identify compliance risks. We are excited to share that you can now run multicloud assessments in Microsoft Purview Compliance Manager. This feature lets you assess your compliance posture across your organization’s multicloud estate, including Azure, AWS, GCP, and services like Zoom and Salesforce. For example, for a regulation such as Payment Card Industry Data Security Standard, you can aggregate and automate your compliance posture across all in-scope services. You can learn more about it in our latest blog.

Be sure to explore our videos on Multicloud Assessments from Microsoft Mechanics, and delve into the latest overview of Microsoft Defender for Cloud by Microsoft Solution Architect, John Savill. This is the first of a series of exciting multicloud innovations, with more in store over the next few months. Stay tuned!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2023 State of the Cloud Report, Flexera. 2023.

²Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management, Microsoft Security Team. July 21, 2021.

³Microsoft Announces new Security Capabilities for the Multicloud World, Microsoft Stories Asia. February 24, 2022.

⁴Insider threat peaks to highest level in Q3 2022, Maria Henriquez. November 10, 2022.

The post Expanding horizons—Microsoft Security’s continued commitment to multicloud appeared first on Microsoft Security Blog.

To help our customers navigate this complex data landscape, we are focused on delivering secure, intelligent, and user-centric solutions that provide visibility, reduce complexity, and mitigate risk. Over the past few years, we significantly increased our investment in building our Microsoft Purview data security capabilities across our information protection, data loss prevention (DLP), and insider risk management solutions, as well as our privacy solution: Microsoft Priva. A few recent capabilities are advanced ready-to-use machine learning-enabled classifiers, Adaptive Protection, a DLP migration assistant tool (on-premises DLP to cloud-native DLP), and right to be forgotten for Microsoft Priva Subject Rights Requests.

I am delighted to announce that Forrester listed Microsoft as a Leader in its  2023 Wave™ for Data Security Platforms. The Forrester Wave™ report evaluates the data security platform market and provides a detailed overview of the current offering, strategy, and market presence of these vendors. Microsoft received the highest possible score in the current offering category for data classification, data threat and risk visibility, data masking or redaction, encryption, rights management, privacy use cases, and integrations for Zero Trust criteria; and in the strategy category for the product vision, execution roadmap, and community engagement criteria.  

We believe our investments in advanced classification technology, data threats and risk visibility, rights management, and privacy resulted in this recognition.

The Forrester report also acknowledges: “Microsoft shines with its ecosystem approach—if you go all in,” wrote Heidi Shey, Forrester Principal Analyst, in the report. “Microsoft Purview brings together capabilities to 1. understand and govern data; 2. safeguard data; and 3. improve risk and compliance posture. But Microsoft’s security capabilities go beyond Microsoft Purview. By design, the entire Microsoft ecosystem working together multiplies its value via telemetry from across the environment.” She added, “The power of Microsoft’s telemetry is evident in its capabilities for identifying data threats and risk visibility. These offer strong controls for data masking, encryption, and rights management.”

Our work isn’t stopping there, however. We continue to work closely with our customers to gather feedback to help us build better products. Your input provides critical insights as we strive to create solutions to help you on your data security journey.

Learn more

Read this complimentary copy of The Forrester Wave™: Data Security Platforms, Q1 2023 for the analysis behind Microsoft’s position as a Leader.

Read more about Microsoft’s recognition as a leader in cloud security, email security, security analytics, and more:

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report.
• Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
• Microsoft achieves a Leader placement in Forrester Wave for XDR, Q4 2021.
• Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021.
• Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave.
• Microsoft is a Leader in the 2021 Forrester Endpoint Security Software as a Service Wave.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cost of a Data Breach Report 2022, IBM. 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The post Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 appeared first on Microsoft Security Blog.