Microsoft Purview Information Protection News and Insights | Microsoft Security Blog http://approjects.co.za/?big=en-us/security/blog/products/microsoft-purview-information-protection/ Expert coverage of cybersecurity topics Wed, 25 Sep 2024 17:12:25 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 Activate your data responsibly in the era of AI with Microsoft Purview http://approjects.co.za/?big=en-us/security/blog/2024/09/25/activate-your-data-responsibly-in-the-era-of-ai-with-microsoft-purview/ Wed, 25 Sep 2024 16:00:00 +0000 We are announcing preview for Microsoft Purview Information Protection to restrict content in Microsoft Fabric with sensitivity labels and Microsoft Purview Data Loss Prevention policies for lakehouses, and spotlighting our recent general availability of Microsoft Purview Data Governance solution.

The post Activate your data responsibly in the era of AI with Microsoft Purview appeared first on Microsoft Security Blog.

]]>
This week, teams across Microsoft Fabric and Microsoft Purview are gathered in Stockholm, Sweden, for the inaugural European Microsoft Fabric Community Conference. Attendees are in for an immersive experience with 130 sessions, 4 keynotes, 10 workshops, an expo hall, and a vibrant community lounge.

The Microsoft Purview team and I are thrilled to showcase the latest innovations in Microsoft Purview and Microsoft Fabric, designed to help customers secure, govern, and manage their complex data estates in the AI era. We’re excited to announce the preview of Microsoft Purview Information Protection, which allows for content restriction in Fabric using sensitivity labels, and Microsoft Purview Data Loss Prevention policies for lakehouses. Additionally, we’re highlighting the recent general availability of the Microsoft Purview Data Governance solution.

Customers are asking for a seamless solution that turns data security, governance, and compliance into a team sport to effectively address the converging trends across 1. scale and sophistication of data threats; 2. increasing regulations; 3. ever-expanding data estate; and 4. acceleration of AI adoption within the business.

Microsoft Purview delivers a comprehensive set of solutions that can help your organization secure, govern, and manage data for compliance and regulatory needs, wherever it lives. As we engage with customers at the Fabric Conference this week, we underscore the pivotal role of security and governance in laying the groundwork for responsible analytics. For businesses all over the world, this comprehensive approach balances the need to secure and protect data from cyberthreats with the need to activate data for business insights and AI.

Chart image with blue background including a horizontal line with an icon of a shield and checkmark in the middle.

Integrated with Microsoft Fabric

Microsoft Purview and Microsoft Fabric are committed to delivering a rich integrated experience so customers can seamlessly secure and govern their data estate efficiently to help meet regulatory, compliance, and privacy requirements while ensuring high-quality data for data activation. For Fabric customers, this means you can discover, secure, govern, and manage Fabric items from within Microsoft Purview as a single pane of glass across your heterogeneous data estate.

Microsoft Purview helps you seamlessly discover data assets in OneLake, extend the same Microsoft Purview data security sensitivity labels and policies from Microsoft 365 to Fabric items, and curate your Fabric data assets into a single enterprise data catalog along with other data sources like Azure Databricks, Snowflake, and Google Big Query. And this seamless integration doesn’t require any data movement or duplication, helping you reduce data sprawl and silos.

Seamlessly secure your data

Microsoft Purview Data Security capabilities are already loved and leveraged by customers around the world for their Microsoft 365 data, and with today’s announcements, we are extending this value further to Microsoft Fabric customers. These added investments enhance the Microsoft Purview Data Security capabilities already available for Fabric released in March.

Now in preview, Microsoft Purview Information Protection now includes the ability to restrict access to content based on sensitivity labels for Fabric data, which helps you discover, classify, and protect sensitive information, including the ability to apply sensitivity labels. By extending the sensitivity label support to Fabric data, security admins can now use sensitivity labels to manage who has access to Fabric items with certain labels. For example, a security admin could restrict access to data items with a “financial data” sensitivity label to only users in the finance department.

Image of Microsoft Purview Information Protection sensitivity label functionality, including restricting access.

We are also extending support for Microsoft Purview Data Loss Prevention (Purview DLP) policies for your Fabric items. Purview DLP helps an organization protect sensitive data and reduce the risk of data oversharing by letting organizations define and apply policies. With these new integrations, security admins can now apply Purview DLP policies to Fabric data. As an example, a policy can be set to help detect the upload of sensitive data, like social security numbers to a lakehouse in Fabric. If detected, the policy will trigger an automatic audit activity, which can alert the security admin, and can also surface a custom policy tip to data owners to take action and remedy the non-compliance with the policy.

Microsoft Purview Data Loss Prevention detecting the upload of sensitive data in Fabric.

Learn more about Microsoft Purview Data Security integrations in Fabric.

Confidently activate your data

Microsoft Purview’s new data governance experience was made generally available on September 1, 2024. This newly reimagined solution is purpose-built for federated data governance and offers a business-friendly experience, AI-powered experiences for dramatic efficiencies, and all the key ingredients you’d expect, including catalog curation, data quality management, actionable insights, rich user experiences, and integration with third-party data management solutions—helping organizations to confidently activate their data for analytics and AI.

Microsoft Fabric customers can complement the governance capabilities in Fabric for a single-pane-of-glass experience in Microsoft Purview for data catalog curation, data user access, data quality management, health controls, and actionable insights for Fabric items and for data assets across your heterogeneous data environment.

A complete solution for the modern data governance practice

Data Catalog management offers a business-friendly experience and terms, making it easy to logically build a data catalog for your unique business needs while built-in AI serves up recommendations based on your active metadata. Data owners and data stewards can easily participate across data curation and management, responsible data access, and impact analysis—easily combining data assets from the heterogenous data estate (for example: Fabric, Databricks, Snowflake, and Google). Data users can seamlessly and securely request access to data assets for use in insights, analysis, development, and AI.

The Microsoft Purview Dashboard Data Catalog dashboard view.

Data Health management offers a rich experience across data quality capabilities, actionable insights, and health reports, which help organizations to assess and action the quality of their governed data estate—making it easy and efficient to support a strong healthy data governance posture. With complete data quality capabilities, you can apply built-in rules and AI-generated rules that are applied and translate into data quality scores and actions across your data assets, data products, and governance domains, helping you to more effectively manage and improve your data governance posture. Data Health controls enable data stewards and chief data officers to assess the health of their data estate through the lens of industry-recognized standards and controls. While the control rules are established at a global level, execution is delegated to individual governance domains, allowing for the application of broad standards while meeting the specific needs of various groups within the organization.

Image of the Microsoft Purview Data Health Controls dashboard.

Purpose-built integration with industry-leading master data management and data modeling solutions extend the value of Microsoft Purview further and help customers maximize their existing data management investments.

  • CluedIn brings native master data management and Data Quality functionality to Microsoft Fabric, Microsoft Purview, and the Azure stack. Learn more about CluedIn
  • Profisee Master Data Management is a complimentary and necessary piece of your data governance strategy. Learn more about Profisee
  • Semarchy combines master data management, data intelligence, and data integration into a singular application in any environment. Learn more about Semarchy.  
  • RELTIO’s AI-powered data unification and management solutions unify data from disparate sources, delivering a single source of truth. Learn more about RELTIO.
  • ER/Studio (an Idera company) delivers advanced data modeling and metadata management to help organizations improve their data posture. Learn more about ER/Studio.

The general availability release also delivered new data governance capability not previously available during preview. Some of these new capabilities include: customers can now delete business concepts, more easily manage data access through the data catalog admin settings, view data product access request workflows, browse an enterprise glossary to better understand terms, and apply the Data Quality capabilities to Azure Synapse, Databricks Unity Catalog, Fabric Lakehouse, Google Big Query (preview), and Snowflake. Check out the complete list of new capabilities in Microsoft Purview Data Governance.

Learn more about Microsoft Purview

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Activate your data responsibly in the era of AI with Microsoft Purview appeared first on Microsoft Security Blog.

]]>
New Microsoft guidance for the DoD Zero Trust Strategy http://approjects.co.za/?big=en-us/security/blog/2024/04/16/new-microsoft-guidance-for-the-dod-zero-trust-strategy/ Tue, 16 Apr 2024 16:00:00 +0000 We are excited to announce new Zero Trust activity-level guidance for implementing the Department of Defense Zero Trust Strategy with Microsoft cloud services.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

]]>
The Department of Defense (DoD) Zero Trust Strategy1 and accompanying execution roadmap2 sets a path for achieving enterprise-wide target-level Zero Trust by 2027. The roadmap lays out vendor-agnostic Zero Trust activities that DoD Components and Defense Industrial Base (DIB) partners should complete to achieve Zero Trust capabilities and outcomes.

Microsoft commends the DoD for approaching Zero Trust as a mindset, not a capability or device that may be bought.1 Zero Trust can’t be achieved by a single technology, but through tight integration between solutions across product categories. Deciphering how security products achieve Zero Trust based on marketing materials alone is a daunting task. IT leaders need to select the right tools. Security architects need to design integrated solutions. Implementers need to deploy, configure, and integrate tools to achieve the outcomes in each Zero Trust activity.

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy. To learn more, see Configure Microsoft cloud services for the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust. We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust Strategy

The DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust. The strategy outlines strategic goals for adopting culture, defending DoD Information Systems, accelerating technology implementation, and enabling Zero Trust.

The DoD Zero Trust Strategy includes seven pillars that represent protection areas for Zero Trust:

  1. User
  2. Device
  3. Applications and workloads
  4. Data
  5. Network
  6. Automation and orchestration
  7. Visibility and analytics

In January 2023, the DoD published a capabilities-based execution roadmap for implementing Zero Trust.2 The roadmap details 45 Zero Trust capabilities spanning the seven pillars. The execution roadmap details the Zero Trust activities DoD Components should perform to achieve each Zero Trust capability. There are 152 Zero Trust activities in total, divided into Target Level Zero Trust and Advanced Level Zero Trust phases with deadlines of 2027 and 2032, respectively.

The Zero Trust activity-level guidance we’re announcing in this blog continues Microsoft’s commitment to supporting DoD’s Zero Trust strategy.3 It serves as a reference for how DoD Components should implement Zero Trust activities using Microsoft cloud services. Microsoft product teams and security architects supporting DoD worked in close partnership to provide succinct, actionable guidance side-by-side with the DoD Zero Trust activity text and organized by product with linked references.

We scoped the guidance to features available today (including public preview) for Microsoft 365 DoD and Microsoft Azure Government customers. As the security landscape changes, Microsoft will continue innovating to meet the needs of federal and DoD customers.4 We’re excited to bring entirely new Zero Trust technologies like Microsoft Copilot for Security and Security Service Edge to United States Government clouds in the future.5

Look out for announcements in the Microsoft Security Blog and check Microsoft’s DoD Zero Trust documentation to see the latest guidance.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.6 The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities that span all seven pillars of the DoD Zero Trust Strategy.

“Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual components will assist in reducing cost and risk to the government.”

 —Department of Defense Zero Trust Reference Architecture Version 2.07

Zero Trust Rapid Modernization Plan

Read more

Microsoft 365 is a comprehensive and extensible Zero Trust platform.8 It’s a hybrid cloud, multicloud, and multiplatform solution. Pre-integrated extended detection and response (XDR) services coupled with modern cloud-based device management, and a cloud-based identity and access management service, provide a direct and rapid modernization path for the DoD and DIB organizations.

Read on to learn about Microsoft cloud services that support the DoD Zero Trust Strategy.

diagram

Figure 1. Microsoft Zero Trust Architecture.

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider. Microsoft Entra ID is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control.

Microsoft Entra ID is built for cloud-scale, handling billions of authentications every day. It uses industry standard protocols and is designed for both Microsoft and non-Microsoft apps. Establishing Microsoft Entra ID as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID. It enables dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Entra ID is essential to the user pillar and has a role in all other pillars of the DoD Zero Trust Strategy.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Microsoft Intune configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced threats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Conditional Access policies requiring a compliant device help achieve comply-to-connect  outcomes in the DoD Zero Trust Strategy.

Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions.

GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview is a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensure data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Microsoft Purview features align to the data pillar activities.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and Network Security Groups, all work together to provide routing, segmentation, and visibility into your network.

Azure networking services and network segmentation architectures are essential to the network pillar.

Automate threat response with playbooks in Microsoft Sentinel

Learn more

Microsoft Defender XDR is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt attacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Defender XDR plays a key role in automation and orchestration and visibility and analytics pillars.

Microsoft Sentinel is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Microsoft Sentinel is essential to automation and orchestration and visibility and analytics pillars along with any activities requiring SIEM integration.

Real-world pilots and implementations

The DoD is embracing Zero Trust as a continuous modernization effort. Microsoft has partnered with DoD Components for several years, onboarding Microsoft 365 services, integrating apps with Microsoft Entra, migrating Azure workloads, managing devices with Microsoft Intune, and building security operations around Microsoft Defender XDR and Microsoft Sentinel.

One such example is the United States Navy’s innovative Flank Speed program. The Navy’s large-scale deployment follows Zero Trust capabilities put forth in the DoD’s strategy. These capabilities include comply-to-connect, continuous authorization, least-privilege access, and data-centric security controls.9 To date, Flank Speed has onboarded more than 560,000 users and evaluated the effectiveness of its robust cybersecurity tools through Purple Team assessments.10

Another example is Army 365, the United States Army’s Microsoft 365 environment.11 Army 365 has onboarded more than 1.4 million users and migrated petabytes of data.12 The secure collaboration environment incorporates Zero Trust principles in a secure collaboration environment with identity and device protections and includes support for bring your own device (BYOD) through Azure Virtual Desktop.13

DoD Zero Trust Strategy and Roadmap

Learn how to configure Microsoft cloud services for the DoD Zero Trust Strategy.

MSC24-China-business-Getty-1469706272-rgb

Learn more

Embrace proactive security with Zero Trust.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


1DoD Zero Trust strategy, DoD CIO Zero Trust Portfolio Management Office. October 2022.

2Zero Trust Capability Execution Roadmap, DoD CIO Zero Trust Portfolio Management Office. January 2023.

3Microsoft supports the DoD’s Zero Trust strategy, Steve Faehl. November 22, 2022.

45 ways to secure identity and access for 2024, Joy Chik. January 10, 2024.

5Microsoft Entra Expands into Security Service Edge with Two New Offerings, Sinead O’Donovan. July 11, 2023.

6Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report, Joy Chik. September 19, 2023.

7Department of Defense (DoD) Zero Trust Reference Architecture Version 2.0, Defense Information Systems Agency (DISA), National Security Agency (NSA) Zero Trust Engineering Team. July 2022.

8How Microsoft is partnering with vendors to provide Zero Trust solutions, Vasu Jakkal. October 21, 2021.

9Flank Speed Has Paved the Way for Navy to Become ‘Leaders in Zero Trust Implementation,’ Says Acting CIO Jane Rathbun, Charles Lyons-Burt, GovCon Wire. June 2023.

10Flank Speed makes significant strides in DOD Zero Trust Activity alignment, Darren Turner, PEO Digital. December 2023.

11Army launches upgraded collaboration platform; cybersecurity at the forefront, Alexandra Snyder. June 17, 2021.

12Cohesive teams drive NETCOM’s continuous improvement, Army 365 migration, Enrique Tamez Vasquez, NETCOM Public Affairs Office. March 2023.

13BYOD brings personal devices to the Army network, Army Office of the Deputy Chief of Staff, G-6. February 2024.

The post New Microsoft guidance for the DoD Zero Trust Strategy appeared first on Microsoft Security Blog.

]]>
New Microsoft Purview features use AI to help secure and govern all your data http://approjects.co.za/?big=en-us/security/blog/2023/12/07/new-microsoft-purview-features-use-ai-to-help-secure-and-govern-all-your-data/ Thu, 07 Dec 2023 17:00:00 +0000 Learn about the new Microsoft Purview features and capabilities announced at Microsoft Ignite 2023.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

]]>
In the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now stored in multiple cloud environments, devices, and on-premises solutions, and it’s accessed from multiple locations, both within and outside of corporate networks. More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1 Microsoft Purview can help you secure and govern your entire data estate in this complex and changing environment.

As many of you look to AI transformation to drive the next wave of innovation, you now also need to account for data being both consumed and created by generative AI applications. The risks that come with implementing and deploying AI are not fully known, and it is only a matter of time before you start to see broader regulatory policies on AI. According to Gartner®, by 2027 at least one global company will see its AI deployment banned by a regulator for noncompliance with data protection or AI governance legislation.2 AI will be a catalyst for regulatory changes, and having secure and compliant AI will become fundamental.

With these trends converging all at once, securing and governing all your data is a complex and multifaceted undertaking. You need to secure and govern different types of data (structured, unstructured, and data generated by AI). You need to secure and govern it in different locations across multiple clouds, and you need to account for existing and future data security, governance, and AI regulations.

Most organizations experience an average of 59 data security incidents per year and use an average of 10 solutions to secure their data estate.1 This fragmented approach requires many of you to stitch together multiple tools to address data security and governance, which can lead to higher costs and difficulty in both procurement and management. The lack of integration between the disparate tools can cause unnecessary data transfers, duplicate copies of data, redundant alerts, siloed investigations, and exposure gaps that lead to new types of data risks and ultimately worse security outcomes.

A simpler approach: Microsoft Purview

To address these challenges, you need a simplified approach to data security, governance, and compliance that covers your entire data estate. Microsoft Purview is an integrated solution that helps you understand, secure, and manage your data—and delivers one unified experience for our customers.

With Microsoft Purview, you can:

  • Gain end-to-end visibility and understanding of your entire data estate, across on-premises, multicloud, and software as a service (SaaS) environments, and for structured, unstructured, and data created by generative AI applications.
  • Apply comprehensive data protection across your data estate, using AI-powered data classification technology, data maps, extensive audit logs and signals, and management experience.
  • Improve your risk and compliance posture with tools to identify data risk and manage regulatory requirements.

Microsoft Purview

Help keep your organization’s data safe with a range of solutions for unified data security, data governance, and risk and compliance management.

Security practitioner checking security posture while working from home.

What’s new in Microsoft Purview?

In this blog post, we will outline some of the exciting new capabilities for Microsoft Purview that we announced at Microsoft Ignite 2023.

Expanding data protection across the data estate

As we unveiled earlier this year, Microsoft Purview is expanding the sphere of protection across your entire data estate, including structured and unstructured data types. We are excited to share some of the next steps in that journey by providing you with:

  • A unified platform that enables you to discover, label, and classify data across various data sources, including Microsoft Fabric, Microsoft Azure, Amazon Web Services (AWS), and other cloud environments.
  • Consistent protections across structured and unstructured data types such as Azure SQL, Azure Data Lake Storage (ADLS), and Amazon S3 buckets.  
  • Expanded risk detections enabling signals from infrastructure clouds and third-party apps such as AWS, Box, DropBox, and GitHub.

With these capabilities, you can gain visibility across your data estate, apply consistent controls, and ensure that your data is protected and compliant across a larger digital landscape. For example, you can scan and label your data in Microsoft Azure SQL, Azure Data Lake Storage, and Amazon S3 buckets, and enforce policies that restrict access to sensitive data based on data labels or user roles from one control plane—just like you do for Microsoft 365 sources. Check out this short Microsoft Mechanics video covering an end-to-end scenario. To learn more, we invite you to read the “Expanding data protection” blog.

Securing AI with Microsoft Purview

We are committed to helping you protect and govern your data, no matter where it lives or travels. Building on this vision, Microsoft Purview enables you to protect your data across all generative AI applications—Microsoft Copilots, custom AI apps built by your organization, as well as more than 100 commonly used consumer AI apps such as OpenAI’s ChatGPT, Bard, Bing Chat, and more.3 We announced a set of capabilities in Microsoft Purview to help you secure your data as you leverage generative AI. Microsoft Purview will provide you with:

  • Comprehensive visibility into the usage of generative AI apps, including sensitive data usage in AI prompts and total number of users interacting with AI. To enable customers to get these insights, we announced preview of AI hub in Microsoft Purview.
  • Extensive protection with ready-to-use and customizable policies to prevent data loss in AI prompts and protect AI responses. Customers can now get additional data security capabilities such as sensitivity label citation and inheritance when interacting with Copilot for Microsoft 365 and prevent their users from pasting sensitive information in consumer generative AI applications.
  • Compliance controls to help detect business violations and easily meet regulatory requirements with compliance management capabilities for Copilot for Microsoft 365.

Copilot for Microsoft 365 is built on our security, compliance, privacy, and responsible AI framework, so it is enterprise ready. With these Microsoft Purview capabilities, you can strengthen the data security and compliance for Copilot. The protection and compliance capabilities for Copilot are generally available, and you can start using them today. To learn more, read the Securing AI with Microsoft Purview blog.

Supercharge security and compliance effectiveness with Microsoft Security Copilot in Microsoft Purview

Microsoft Purview capabilities for Microsoft Security Copilot are now available in preview. With these capabilities you can empower your security operations center (SOC) teams, your data security teams, and your compliance teams to address some of their biggest obstacles. Your SOC teams can use the standalone Security Copilot experience to analyze signals across Microsoft Defender, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, and Microsoft Purview into a single pane of glass. Your data security and compliance teams can use the embedded experiences in Microsoft Purview for real-time analysis, summarization, and natural language search, for data security and compliance built directly into your investigation workflows.

Microsoft Purview capabilities in Security Copilot

To help your SOC team gain comprehensive insights across your security data, Microsoft Purview capabilities in Security Copilot will provide your team with data and user risk insights, identifying specific data assets that were targeted in an incident and users involved to understand an incident end to end. For example, in the case of a ransomware attack, you can leverage user risk insights to identify the source of the attack, such as a user visiting a website known to host malware, and then leverage data risk insights to understand which sensitive files that user has access to that may be held for ransom.

Security Copilot embedded in Microsoft Purview

We’ve also embedded Security Copilot into Microsoft Purview solutions to help with your data security and compliance scenarios. You can now leverage real-time guidance, summarization capabilities, and natural language support to catch what others miss, accelerate investigation, and strengthen your team’s expertise. Here’s where these capabilities will light up:

  • Summarize alerts in Microsoft Purview Data Loss Prevention: Investigations can be overwhelming for data security admins due to the large number of sources to analyze and varying policy rules. To help alleviate these challenges, Security Copilot is now natively embedded in Data Loss Prevention to provide a quick summary of alerts, including the source, attributed policy rules, and user risk insights from Microsoft Purview Insider Risk Management. This summary helps admins understand what sensitive data was leaked and associated user risk, providing a better starting point for further investigation. Learn more in our Microsoft Purview Data Loss Prevention announcement.
  • Summarize alerts in Microsoft Purview Insider Risk Management: Insider Risk Management provides comprehensive insights into risky user activities that may lead to potential data security incidents. To accelerate investigations, Security Copilot in Insider Risk Management summarizes alerts to provide context into user intent and timing of risky activities. These summaries enable admins to tailor investigations with specific dates in mind and quickly pinpoint sensitive files at risk. Learn more in our Microsoft Purview Insider Risk Management announcement.
  • Contextual summary of communications in Microsoft Purview Communication Compliance: Organizations are subject to regulatory obligations related to business communications, requiring compliance investigators to review lengthy communication violations. Security Copilot in Communication Compliance helps summarize alerts and highlights high-risk communications that may lead to a data security incident or business conduct violation. Contextual summaries help you evaluate the content against regulations or corporate policies, such as gifts and entertainment and stock manipulation violations. Learn more in our Microsoft Purview Communication Compliance announcement.
  • Contextual summary of documents in review sets in Microsoft Purview eDiscovery: Legal investigations can take hours, days, even weeks to sift through the list of evidence collected in review sets. This often requires costly resources like outside council to manually go through each document to determine the relevancy to the case. To help customers address this challenge, we are excited to introduce Security Copilot in eDiscovery. This powerful tool generates quick summaries of documents in a review set, helping you save time and conduct investigations more efficiently. Learn more in our Microsoft Purview eDiscovery announcement.
  • Natural language to keyword query language in eDiscovery: Search is a difficult and time-intensive workflow in eDiscovery investigations, traditionally requiring input of a query in keyword query language. Security Copilot in eDiscovery now offers natural language to keyword query language capabilities, allowing users to provide a search prompt in natural language to expedite the start of the search. This empowers analysts at all levels to conduct advanced investigations that would otherwise require keyword query language expertise. Learn more in our Microsoft Purview eDiscovery blog.

To learn more about Security Copilot and Microsoft Purview, read our Microsoft Security Copilot in Microsoft Purview blog.

Additional product updates

New Microsoft Purview Communications Compliance capabilities

Copilot for Microsoft 365 support introduces an advanced level of detection within Communication Compliance, allowing organizations to identify and flag risky communication, regardless of source. Investigative scenarios across various Microsoft applications, including Outlook, Microsoft Teams, and more, showcase the precision of this feature, identifying patterns, keywords, and sensitive information types. With additional features for policy creation and user privacy protection, administrators can also fine-tune their management strategy, ensuring secure, compliant, and respectful communications. Integration with Security Copilot further enhances data security and regulatory adherence, providing concise contextual summaries for swift investigation and remediation. Leveraging AI technology, Communication Compliance detects and categorizes content, prioritizing content that requires immediate attention. Reporting inappropriate content within Microsoft Viva Engage and ensuring compliance in Microsoft Teams meetings further strengthens the multilayered compliance defense. Stay ahead of compliance challenges and embrace these innovative features to secure, comply, and thrive in the digital age.

Learn more in our Microsoft Purview Communication Compliance announcement.

New to Information Protection in Microsoft Purview

As organizations prepare to use generative AI tools such as Copilot for Microsoft 365, leveraging Microsoft Purview Information Protection, discovery and labeling of sensitive data across the digital estate is now even more important than ever. New releases to Microsoft Purview Information Protection include intelligent advanced classification and labeling capabilities at an enterprise scale, contextual support for trainable classifiers that improve visibility into effectiveness and discoverability, better protection for important PDF files, secure collaboration on labeled and encrypted documents with user-defined permissions, as well support for Microsoft Fabric, Azure, and third-party clouds.

You can learn more about the new Information Protection capabilities in the Information Protection announcement.

New Microsoft Purview Data Loss Prevention capabilities

We are excited to announce a set of new capabilities in Microsoft Purview Data Loss Prevention (Purview DLP) that can help comprehensively protect your data and efficiently investigate DLP incidents. Our announcements can be grouped into three categories:

  • Efficient investigation: Capabilities that empower admins by making their everyday tasks easier, including enriching DLP alerts with user activity insights from Insider Risk Management, DLP analytics to help find the biggest risk and recommendations to finetune DLP policies, and more.
  • Strengthening protection: Capabilities that help protect numerous types of data and provide granular policy controls, including predicate consistency across workloads, enhancements to just-in-time protection for endpoints, support for optical character recognition (OCR), and performance improvements for DLP policy enforcements.
  • Expanding protection: Capabilities that extend your protection sphere to cover your diverse digital estate, including support for Windows on ARM and several enhancements to macOS endpoints.

Purview DLP is easy to turn on; protection is built into Microsoft 365 apps and services as well as endpoint devices running on Windows 10 and 11, eliminating the need to set up agents on endpoint devices. 

Learn more in our Microsoft Purview DLP blog.

New Microsoft Purview Insider Risk Management and Adaptive Protection capabilities

To secure data in diverse digital landscapes, including cloud environments and AI tools, detecting and mitigating data security risks arising from insiders is a pivotal responsibility. At Microsoft Ignite, we made a few exciting announcements for Insider Risk Management and Adaptive Protection: 

  • Intelligent detection across diverse digital estate: Insider Risk Management will now detect critical data security risks generated by insiders in AWS, Azure, and SaaS applications, including Box, Dropbox, Google Drive, and GitHub. Additionally, security teams can also gain visibility into AI usage with our new browsing to generative AI sites indicator.  
  • Adaptive data security from risk detection to response: User context can help security teams make better data security decisions. Security teams can now gain user activity summary when a potential DLP incident is detected in Microsoft Purview DLP and Microsoft Defender portal. With this update and Adaptive Protection, user risk context is available from DLP incident detection to response, making data security more effective. In addition, security teams can now leverage human resources resignation date to define risk levels for Adaptive Protection, addressing common incidents, such as potential data theft from departing employees.  
  • Streamlined admin experience for effective policies: To enable better policies management experience, Insider Risk Management will support admin units and provide recommended actions to fine tune policies and receive more high-fidelity alerts. 

Learn more details about all these announcements in our Microsoft Purview Insider Risk Management blog.  

Get started today

These latest announcements have been exciting additions to help you secure and govern your data, across your entire data estate in the era of AI. We invite you to learn more about Microsoft Purview and how it can empower you to protect and govern your data. Here are some resources to help you get started:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Data Security Index: Trends, insights, and strategies to secure data, October 2023.

2Gartner, Security Leader’s Guide to Data Security, Andrew Bales. September 7, 2023.

3Microsoft sets new benchmark in AI data security with Purview upgrades, VentureBeat. November 13, 2023.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post New Microsoft Purview features use AI to help secure and govern all your data appeared first on Microsoft Security Blog.

]]>
Digital security sessions at Microsoft Ignite to prepare you for the era of AI http://approjects.co.za/?big=en-us/security/blog/2023/11/07/digital-security-sessions-at-microsoft-ignite-to-prepare-you-for-the-era-of-ai/ Tue, 07 Nov 2023 17:00:00 +0000 Join us for Microsoft Ignite for insights on how to embrace the era of AI confidently with protection for people, data, devices, and apps that extends across clouds and platforms. Register for the virtual event, taking place from November 15 to 16, 2023.

The post Digital security sessions at Microsoft Ignite to prepare you for the era of AI appeared first on Microsoft Security Blog.

]]>
Thousands of security professionals will join us for Microsoft Ignite 2023 from November 14 to 17, 2023, where we will share how to embrace the AI era confidently, with protection for people, data, devices, and apps that extends across clouds and platforms. With more than 45 security sessions, there are many exciting keynotes, breakouts, and demonstrations to fill your time. To help you navigate the Microsoft Security experience at Microsoft Ignite, we’ve put together a guide of featured sessions for security professionals of all levels, whether you’re attending in person or online.  

While our in-person tickets have sold out, registration for the virtual event is still available to participate in the Microsoft Security experience at Microsoft Ignite, which includes sessions on security strategies and practical applications. In both tracks,​ you’ll learn about the latest innovations and implementation strategies from Microsoft Security across comprehensive security, unified visibility, and Microsoft Security Copilot. Keep reading this blog post for ideas on keynotes, breakout sessions, and discussions to check out. Register to browse our session catalog and bookmark sessions you’d like to attend.

Catch the news highlights during our keynote

Our announcement-packed keynote from Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, will be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them during their keynote, “The Future of Security with AI.” They will share how Microsoft is delivering AI for security with Microsoft Security Copilot, and how we enable organizations to secure and govern AI with new capabilities. This new era of AI offers unprecedented opportunities to elevate human potential but also challenges organizations with unknowns and risks.

Learn security strategies for today’s and tomorrow’s challenges 

Our cybersecurity strategy sessions are focused on equipping you to leverage AI and Microsoft Security solutions to strengthen your threat defense strategy. Join these sessions to take your strategies to the next level across identity protection, code-to-cloud approaches, industry best practices for AI, and the latest learnings in threat intelligence.   

Strategy sessions to consider joining include:

  • How we secure the Microsoft estate (BRK291H: in-person and online): Join a fireside chat with Bret Arsenault, Corporate Vice President and Chief Information Security Officer, on Microsoft’s approach to security and how Microsoft plans to adapt as the industry continues to embrace the new era of AI.
  • Boosting ID Protection Amid Sophisticated Attacks (BRK294H: in-person and online): Alex Weinert, Vice President, Identity Security, and Mia Reyes, Director, Foundational Security—Cybersecurity, will offer a deep dive into the escalating landscape of cyberthreats targeting digital identities amid the evolving tech realms of the Internet of Things, operational technology, and hybrid workspaces. Learn about innovation in automated key management and Hardware Security Modules for fortified key storage, crucial in mitigating human errors and bolstering defenses against sophisticated aggressors.
  • This Year In Threats: Tales From Microsoft’s Global Fight Against APTs(BRK299: in-person only): Sherrod DeGrippo, Director of Threat Intelligence, and John Lambert, Corporate Vice President, Distinguished Engineer, Microsoft Security Research, will discuss how Microsoft defends customers at the nexus of the cyber and physical worlds and how they can join our global alliance to help give bad actors nowhere to hide. This year, Microsoft Threat Intelligence stood with its partners on the leading edge of the global response to the most impactful threats and incidents. In this session, look back at the threat actors and campaigns that defined 2023 and hear our experts tell their favorite stories from the front line.
  • Secure access in the AI era: What’s new in Microsoft Entra (BRK297H: in-person and online): Jade D’Souza, Product Manager; John Savill, Cloud Solution Architect; and Joy Chik, President, Identity and Network Access, will offer details on innovations for Microsoft Entra ID (formerly Azure Active Directory) that can help you automatically prevent identity compromise, enforce granular access policies, govern permissions, and leverage AI to secure access for anyone to anything from anywhere. This demo-centric session will follow an employee as they onboard, access resources, and collaborate.
  • Unifying XDR + SIEM: A new era in SecOps(BRK293H: in-person and online): Preeti Krishna, Principal Product Manager, and Rob Lefferts, Corporate Vice President, Microsoft Threat Protection, will offer insights on how the latest innovations in generative AI, automatic attack disruption, embedded threat intelligence, decoy assets, a reimagined user interface, and cloud posture management capabilities will supercharge your threat detection, response, and defense.
  • Secure and govern your data in the era of AI(BRK296H: in-person and online): Erin Miyake, Principal Product Manager; Herain Oberoi, Marketing Leader; Tina Ying, Senior Product Marketing Manager, Insider Risk Management; and Rudra Mitra, Corporate Vice President, Microsoft Data Security and Compliance, will demonstrate how Microsoft Purview’s comprehensive approach to data security, compliance, and privacy helps empower organizations to protect and govern their data.
  • Security for AI: Prepare, protect, and defend in the AI era(BRK298H: in-person and online): Douglas Santos, Senior Product Manager; Maithili Dandige, Partner Group Program Manager, Microsoft 365 Security and Compliance; and Shilpa Bothra, Senior Product Marketing Manager, will discuss the importance of preventing sensitive data leaks in AI as third-party AI apps grow exponentially and hackers continue to launch adversarial attacks using generative AI. Leave this session with a solid defense and ways to secure data as you interact with AI using Microsoft’s comprehensive security suite.

Gain practical applications with in-depth product views

When strategizing a security approach, technology solutions play a critical role. To help you become an expert on security solutions and implement new features within your organization, Microsoft Ignite will include sessions exploring the use cases of Microsoft solutions, including Security Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Practical application sessions to consider joining include:

  • Boost multicloud security with a comprehensive code to cloud strategy(BRK261H: in-person and online): Safeena Begum, Principal Product Manager, and Yuri Diogenes, Principal Product Manager, will talk about how Microsoft Defender for Cloud can help you fortify your defenses and enhance your incident response strategy with cloud security graphic insights and tailored analytics from Defender for Cloud workload protection plans.
  • Fortified security and simplicity come together with Microsoft Intune(BRK263H: in-person and online): Archana Devi Sunder Rajan, Partner Group Product Manager, Microsoft Intune; Dilip Radhakrishnan, Partner Group Product Manager, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Partner Director of Engineering, will discuss how the next generation of endpoint management and security capabilities from Microsoft Intune help transform security and IT operations. Learn how to simplify app updates, cut the cost of public key infrastructure lifecycle management, mitigate risks with AI-derived insights, and free up resources by automating IT workflows.
  • Modern management innovation shaping endpoint security (BRK295H: in-person and online): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Corporate Vice President, Intune Engineering; and Steve Dispensa, Corporate Vice President, will explore how to defend against the evolving sophistication of cyberthreats while ensuring a productive workforce. The newest wave of Microsoft Intune innovation can shape your defense-in-depth strategy for a secure and productive end user computing estate.
  • Beyond traditional DLP: Comprehensive and AI-powered data security(BRK262H: in-person and online): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Manager, will share how AI-powered Microsoft Purview Information Protection and Microsoft Purview Insider Risk Management can transform your data loss prevention (DLP) program, enabling Adaptive Protection and fortifying your data security posture. You will also hear about new features that enhance incident response and expand endpoint coverage and gain insights on how to enhance their data security strategies.
  • How Microsoft Purview helps you protect your data(OD07: online only): Anna Chiang, Senior Product Marketing Manager, and Tony Themelis, Principal Product Manager, will explore organizational paradoxes and how Microsoft Purview can help strengthen your data security posture. They will also demonstrate how our latest AI-powered and contextual classifiers can identify sensitive trade secrets, personally identifiable information, and more in seconds across your digital estate.
  • Effortless application migration using Microsoft Entra ID(OD03: online only): David Gregory, Director of Product Marketing, Identity Compete, will share how our newly proposed tool supplies a one-click configuration to integrate applications into Microsoft Entra ID. During this on-demand session, we will provide an overview of how our tool offers a guided experience to seamlessly facilitate the migration of your applications from Active Directory Federation Services to Microsoft Entra ID.
  • Bringing Passkey into your Passwordless journey(OD02: online only): Calvin Lui, Product Manager; Erik Dauner, Senior Program Manager; and Mayur Santani, Product Manager, walk you through the background of where passkeys came from, their impact on the passwordless ecosystem, and the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant strategy.
  • The power of Microsoft’s XDR: they attempted, we disrupted(BRK265H: in-person and online): Dustin Duran, Director of Security Research, and Kim Kischel, Director of Product Marketing—XDR, will discuss Microsoft 365 Defender’s automatic attack disruption technology and give you a clear understanding of attack disruption and how it’s providing immediate value to customers in the real world today.
  • Making end-to-end security real (BRK267H: in-person and online): Mark Simos, Lead Cybersecurity Architect, and Sarah Young, Senior Cloud Security Advocate, will share quick wins that solve real-world problems using Microsoft’s integrated security products. This session will show you how to make progress on end-to-end security across identity, security operations, and more.

Interact with the experts

Microsoft Security Team experts participating at Microsoft Ignite 2023.

Bring your questions about Microsoft solutions. Our experts have answers. Connect with them during live discussions to learn more.

Opportunities to interact with the experts include:

  • Windows 11, Windows 365, & Microsoft Intune Q&A(DIS657H: in-person and online): Gabe Frost, Group Product Manager; Harjit Dhaliwal, Senior Product Marketing Manager; Jason Githens, Principal Group Product Manager; and Joe Lurie, Senior Product Manager, will participate in a collaborative question and answer session about where we are today with Windows 11 and device management—and what you need to propel your organization and IT strategies. We’ll quickly outline a few of the latest commercial enhancements, but the focus here is on your thoughts and questions.
  • Preventing loss of sensitive data: Microsoft Purview DLP Q&A(DIS666H: in-person and online): Shekhar Palta, Principal Product Marketing Manager, and Shilpa Bothra will discuss Microsoft Purview DLP and the way it can prevent accidental or intentional loss of sensitive data across apps and devices. Join us to discuss how you can modernize your DLP and get started quickly, and learn how DLP works with Microsoft Defender products.
  • Panel discussion: Resilient. Compliant. Secure by default(DISFP375: online only): Joye Purser, Global Lead, Field Cybersecurity, Veritas Technologies; Saurabh Sensharma, Principal Product Manager, Microsoft; Simon Jelley, General Manager for SaaS Protection, Endpoint and Backup Executive, Veritas Technologies; and Tim Burlowski, Senior Director of Product Management, Veritas Technologies, will discuss security strategies. Join Veritas experts for an interactive question and answer on ensuring your cloud applications are resilient and your data is protected, compliant, and recoverable when it matters most.

Socialize with us and your peers

As you’ve probably experienced yourself at previous conferences and business networking events, some of the best ideas are sparked during conversations with other security professionals. Get social and join us and your cybersecurity peers at two incredible networking events.

  • The Lounge at Microsoft Ignite: Located in the Hub on Level 5 (Summit Convention Center), the Lounge is the main gathering area for community. The Lounge will be staffed by Microsoft full time employees and attending Most Valuable Professionals (MVPs) to provide continuous question and answer opportunities.
  • Microsoft Ignite Security After Party: Network and connect over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Partners, customers, Microsoft MVPs, and Microsoft subject-matter experts will mix and mingle. Register to reserve your spot.

Register today for Microsoft Ignite

Join us online from anywhere from November 15 to 16, 2023, to hear major product announcements, inspiring messages, and expert insights on the future of cybersecurity and Microsoft solutions. And if you’re not able to participate at all this year, you can still check out plenty of session content, product announcements, and keynotes after Microsoft Ignite wraps up. It will be available on demand after the event. Reserve your spot today. Hope you can join us!

Join the Security Tech Accelerator

We’re also having a Tech Accelerator event on Wednesday, December 6, 2023. Ask questions about the latest product announcements from Ignite and connect with your security peers at this virtual skilling event hosted on the Security Tech Community—register today.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as Twitter) (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Digital security sessions at Microsoft Ignite to prepare you for the era of AI appeared first on Microsoft Security Blog.

]]>
Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks http://approjects.co.za/?big=en-us/security/blog/2023/08/08/microsoft-purview-data-security-mitigations-for-bazacall-and-other-human-operated-data-exfiltration-attacks/ Tue, 08 Aug 2023 17:00:00 +0000 Microsoft Defender is our toolset for prevention and mitigation of data exfiltration and ransomware attacks. Microsoft Purview data security offers important mitigations as well and should be used as part of a defense-in-depth strategy.

The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog.

]]>
I recently worked with an enterprise customer who experienced a data exfiltration attack using the characteristics of the BazaCall campaign. BazaCall can be both a ransomware and data exfiltration attack that are used together to increase pressure on and damage to the victim. Microsoft Purview has data security capabilities that form part of a holistic mitigation strategy.

Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). They’ve also shared how to use Microsoft 365 Defender to locate exploitation activity.

I wanted to take another perspective with this post and share the role that Microsoft Purview data security solutions play, together with Microsoft 365 Defender and Microsoft Sentinel, to provide defense-in-depth mitigation. With defense-in-depth, we create barriers to the bad actor, increasing their resources required and uncertainty, interfering with their business case.

Microsoft Purview provides important value with unified data governance and compliance solutions but it’s Microsoft Purview’s data security capabilities within Microsoft 365 we’ll be discussing in this blog.

What makes BazaCall different from most phishing attacks is using a malicious email to have the victim initiate a call to a phony call center run by the bad actor that then coaches the victim to install malware. Replacing malicious links and attachments in email with a phone number to the call center is used to evade email protection.

An overview of the BazaCall attack flow is provided at the end of this post.

The mitigations suggested here will be of value for attacks where the bad actor has control of a Microsoft 365 account and is attempting to exfiltrate sensitive data.

The data security benefits of Microsoft Purview for attack mitigation are sometimes overlooked. These solutions may be managed by other groups in the organization, such as the compliance team rather than the security team, and so may not be the go-to tools in the toolbox when preparing for or responding to an attack. These solutions should be part of a defense-in-depth strategy and Zero Trust architecture.

Microsoft Purview Mitigations

Microsoft Purview Information Protection sensitivity labels can be applied to protect sensitive files from unauthorized access. These sensitivity labels can have scoped encryption, among other protections, which travels with the file inside and outside of the organization’s environment. This would make the file unreadable except by the party for which the encryption is scoped—for example, only employees, a partner, or a customer organization—or it can be defined by the user to be consumable only by specific individuals.

Screenshot of Sensitivity Label with scoped encryption  accessible only to employees

Figure 1. Sensitivity Label with scoped encryption—accessible only to employees.

Automation, configured by the administrators, can be used to support the user in applying these labels including making the application of a label mandatory if the file contains sensitive information.

Microsoft Purview Data Loss Prevention (Purview DLP) can be used to prevent the sensitive information from being exfiltrated through several egress channels, including user’s endpoint devices, Microsoft cloud services such as SharePoint Online, OneDrive for Business, Exchange Online, Teams, and Microsoft PowerBI, browsers such as Microsoft Edge, Chrome, and Firefox, as well as non-Microsoft applications such as Salesforce, Dropbox, Box, and more, including the free file-sharing services used as part of the BazaCall TTPs.

Customers can create policies that block and do not allow override for their top priority sensitive information such that even if the bad actor manages to get access to the user’s account, they are blocked from exfiltrating any sensitive content. Purview DLP policies can be configured leveraging a variety of out-of-the-box or custom criteria including machine learning-based trainable classifiers as well as the sensitivity labels created in Information Protection.

Screenshot of Microsoft Purview Data Loss Prevention blocking the upload of a sensitive file into Dropbox.

Figure 2. Purview DLP preventing the upload of sensitive files into Dropbox.

Microsoft Purview Insider Risk Management can alert the security team to the bad actor’s activities, including the exfiltration of sensitive information to the file-sharing service. Insider Risk Management can reason over and parse through user activity signals, by leveraging more than 100 ready-to-use indicators and machine learning models, including sequence detection and cumulative exfiltration detection. With Adaptive Protection powered by Insider Risk Management, the security team can detect high-risk actors, such as a bad actor-controlled account, and automatically enforce the strictest DLP policy to prevent them from exfiltrating data.  

Screenshot of Microsoft Purview Insider Risk Management user activity screen of an insider risk case.  It shows the user activity and related risk over time together with relevant information for the investigator such as resignation date and employment end date.

Figure 3. Insider Risk Management uses specialized algorithms and machine learning to identify data exfiltration and other risks.

Microsoft Defender for Cloud Apps can make a file-sharing site used for sensitive file exfiltration unreachable from the user’s browser or it can prevent sensitive files from being moved to the site. Alternatively, the policy can be configured to only allow files to be moved to the file-sharing site if they have a sensitivity label applied that contains scoped encryption. If this protected file is exfiltrated it would not be readable by the bad actor.

Screenshot of Microsoft Defender for Cloud Apps blocking user access to powerfolder.com file sharing and backup site.

Figure 4. Microsoft Defender for Cloud Apps blocking access to file sharing and backup site.

Microsoft Purview Audit provides forensic information to scope a possible breach. This is especially valuable when bad actors are “living off the land.” Among the audit items made available are the terms that a user searched in email and SharePoint. If the bad actor was searching for sensitive information to exfiltrate, this item will assist the investigation.

Purview Audit, recently expanded for accessibility and flexibility, will also provide insight to mail items accessed and mail sent, which would be impactful when investigating scope and possible exfiltration channels. Although a bad actor’s known TTPs may not include these channels, we need a fulsome investigation. Their TTPs are likely not static.

Purview Audit Premium provides more logging event retention capabilities, with one-year retention (up from 180 days with Standard) and an option to increase retention to 10 years among other upgraded features.

Screenshot of Microsoft Purview Premium Audit solution showing ability to investigate email and SharePoint searches.

Figure 5. Premium Audit solution searching forensic events.

Microsoft Purview Data Lifecycle Management policies and labeling could be used to purge unneeded information from the organization’s environment. An auditable review can be required prior to deletion or deletion can be automated without user or administrator action.

If information is not in the environment, it cannot be exfiltrated by the bad actor or put the organization at risk.

Figure 6. Disposal of unneeded documents reduces exfiltration risk to the organization.

About BazaCall

BazaCall uses a phishing campaign that tricks unsuspecting users into phoning the attacker, who coaches them into downloading BazaLoader malware, which retrieves and installs a remote monitoring and management (RMM) tool onto the user’s device. The email typically claims that the user has reached the end of a free trial of some type, that billing will begin shortly and provides an option to cancel by phoning a call center. The threat of unjustified billing is the lever that the attacker uses to get the victim to comply.

Typically, the file download has been a malicious Excel document that purports to be a “cancellation form” for the unwanted service and charges referred to in the phishing campaign. The bad actor coaches the victim into accepting macros and disabling security solutions to complete the phony “cancellation.”

RMM software provides multiple useful purposes for attackers: The software allows an attacker to maintain persistence and deploy malicious tools within a compromised network. It can also be used for an interactive command-and-control system. With command and control established, the bad actor organization can spread laterally through the environment to steal sensitive data and deploy ransomware. Once command and control of the user’s machine is established, bad actor hands-on keyboard is used to exfiltrate data including through free cloud-based file-sharing sites. TTPs have evolved in the last two years, including the use of file-sharing sites for exfiltration in addition to open-source tools like RClone.

The user is also subject to human-operated ransomware.

The mitigations discussed in this post are focused on the data exfiltration aspects in the “hands-on-keyboard” phase of the attack.

Diagram showing the attack flow of a BazaCall, phony call center enabled style attack. The focus of Microsoft Purview mitigations on the right-most “Hands on keyboard: stage of the attack" is highlighted with an arrow.

Figure 7. BazaCall attack flow.

Microsoft Purview can help protect from BazaCall attacks

Microsoft Purview data security for Microsoft 365 is not a cure-all for phishing attacks. It is part of a defense-in-depth strategy that includes user training, antimalware, vulnerability management, email security, access control, monitoring, and response. The data security solutions within Microsoft Purview should be considered based on risk-based criteria for inclusion in the strategy.

These tools may be managed by different teams in the organization. Collaboration among these teams is critical for coordinated defense and incident response. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog.

]]>
Microsoft Inspire: Partner resources to prepare for the future of security with AI http://approjects.co.za/?big=en-us/security/blog/2023/07/18/microsoft-inspire-partner-resources-to-prepare-for-the-future-of-security-with-ai/ Tue, 18 Jul 2023 15:30:00 +0000 Microsoft Inspire is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. Register to hear strategies to prepare your organization for AI with comprehensive security and security posture.

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

]]>
Cybersecurity is one of the most pressing challenges of our time. With an ever-changing threat landscape and siloed data across multiple security point solutions, defenders have limited visibility. It’s difficult to stay current and find cybersecurity professionals amid the global talent shortage.

Attacks are quickly becoming more automated through AI-assisted tools. They are also increasing exponentially—the number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second.1 Plus, the annual cost of cyberattacks continues to grow. According to the FBI Internet Crime Complaint Center’s (IC3) latest research, reported total losses grew from USD6.9 billion in 2021 to more than USD10.2 billion in 2022.2 Such losses are even greater on a global scale. If organizations continue to operate within a fractured security state and only utilize what’s worked in the past, they will leave gaps in their security posture.

Now there is a unique opportunity to harness the power of AI in combination with an end-to-end security solution to build a resilient security posture with defenses that rapidly adapt. There has never been a more important time for specialized cybersecurity expertise, and our partners are critical to preparing customers for the era of AI. According to a Forrester Total Economic Impact study, Microsoft Security partners are realizing a significant increase in their business with more than 14 percent year-over-year growth.3 In small and medium businesses (SMBs), partners are seeing even more dramatic demand with more than 37 percent market expansion just this last year.

Today at Microsoft Inspire 2023, we will discuss AI-powered security during the “Springboard customers into the era of AI with end-to-end security” session. Also, you’ll have an opportunity to ask your most pressing questions at the expert Q&A.

Register for Microsoft Inspire to hear more details on our latest exciting announcements listed in this blog.

Microsoft Inspire 2023

Elevate your business by joining us for Microsoft Inspire, July 18 and 19, 2023, and learn how to accelerate AI transformation in your security practice.

Coming soon: Microsoft Security Copilot Early Access Program

We are extremely encouraged by the excitement and positive feedback we have received from customers and partners since we announced Microsoft Security Copilot—one of the first generative AI products in the security industry—in March 2023. This fall, we will open our Early Access Program and invite more customers and partners to experience Security Copilot. To help us focus our learning, customers who use Microsoft Defender for Endpoint will be prioritized for early access. Those who also use Microsoft Sentinel will get even more benefit from the program. Security Copilot is designed to work with a broad range of Microsoft and third-party tools, and we will expand the program as we learn.

Our preview is well underway, and the feedback from our preview customers shows that there’s every reason to be excited about the massive potential of this technology to help protect at machine speed and scale:

“Microsoft is spearheading a transformative shift in security operations center (SOC) processes and operations at a truly remarkable speed. By fully integrating these cutting-edge AI technologies, they are pioneering a leap so momentous that by December 2024, SOC operations from 2021 may seem prehistoric in comparison. The surge in productivity could be unparalleled. At Bridgewater, we are thrilled to be helping Microsoft on this voyage, collaboratively propelling Security Copilot’s full potential to the forefront of the industry.”

—Igor Tsyganskiy, President, Bridgewater

New: Security Copilot design advisory council

Today, we are officially kicking off our partner engagement to help you build your own solutions and services powered by Security Copilot. If you are a Microsoft partner, you can start today by helping customers deploy Microsoft Defender for Endpoint and Microsoft Sentinel so that they are prepared to adopt Microsoft Security Copilot. We are excited to join forces with our partners, including members of the Microsoft Intelligent Security Association. Here’s what a couple of our partners have shared already:

“When it comes to cybersecurity, threat actors are increasingly using AI to carry out sophisticated attacks, so why aren’t defenders? We are operating in an era where fighting AI with AI is non-negotiable. By partnering with Microsoft Security Copilot, we can help level the playing field for defenders together. Much of the AI universe sits behind Cloudflare, and acting as the intermediary to allow businesses to harness the power of this technology in a safe way is critical.”

—Matthew Prince, Chief Executive Officer, Cloudflare

“We believe that generative AI will be truly revolutionary and will allow us to become more effective and efficient, by orders of magnitude, in protecting our customers. We expect to see productivity increases from our SOC analysts using Security Copilot when dealing with scenarios like incident response and threat hunting and believe there is potential for upskilling effects, allowing any analyst to complete more advanced tasks quicker than ever before. We are proud to be on this journey with Microsoft and remain excited as they continue to add more compelling capabilities to Security Copilot.”

—Brian Beyer, Chief Executive Officer, Red Canary

“Building on our recent investment to expand and scale our AI offerings, we’re excited to team with Microsoft on bringing Security Copilot to our joint customers, augmenting their ability to predict—prevent—and rapidly respond to security threats. This will help empower all of our customers and provide new opportunities leveraging the responsible use of generative AI.”

—Sean Joyce, Global Cybersecurity and Privacy Leader, PwC

If you are interested in learning how to engage with your customers now to take full advantage of these new AI technologies, we invite you to sign up to receive communications and to be considered for our new Security Copilot design advisory council.

Investments in the managed security service provider community

According to Gartner®, “by 2025, 60 percent of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30 percent today.”4 

To help meet the anticipated demand for these services, we are actively working to recruit more Managed Extended Detection and Response (MXDR) partners alongside our first-party offering. Microsoft is deeply committed to our partner community, and partners will always be the primary path for customers to get the services they need. We are increasing our overall investments for security partners by nearly 50 percent this coming year. A great example of this continued investment is the Microsoft engineering verified MXDR solution status that we launched for partners last year.

Making it easier to better protect small and medium businesses

Small and medium businesses are seeing more cyberattacks, with 82 percent of ransomware attacks targeting small businesses.5 Due to a lack of internal security specialists, these businesses often look to IT partners to help secure their IT environments.

We are making it easier for partners to deliver security services to their customers:

  • For partners who want to build their own SOC or managed detection and response (MDR) service, we are pleased to announce streaming APIs from Microsoft Defender for Business to enable advanced hunting and attack detection. Available in preview in Defender for Business standalone and as part of Microsoft 365 Business Premium.
  • With a 3.4 million-person global shortage in the cyber workforce, partners face staffing challenges as much as their customers do.6 For those partners who want to resell security services but do not have the resources to invest in an in-house SOC, we are pleased to announce integrations with leading MDR providers. For example, Blackpoint Cyber now offers both a round-the-clock cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium, and a managed endpoint detection and response (EDR) service for Defender for Business customers. 
  • We’re extending mobile protection to SMB customers who may not have a mobile device management solution with Mobile threat defense for standalone Defender for Business customers—now generally available. The new Defender for Business monthly summary report will show threats prevented, current status from Microsoft Secure Score and recommendations, and will help partners to show value to customers.

For details on our SMB-focused announcements, read our Tech Community blog post.

Expanding comprehensive security with product innovations

We continue to offer one of the most comprehensive security solutions in the market and power it with world-class global threat intelligence. Today we announced the following innovations:

  • Microsoft Sentinel: To simplify budgeting, billing, and cost management, the Microsoft Sentinel price now includes the Azure Monitor Log Analytics price. To learn more, read the announcement blog.
  • Microsoft Defender Experts for XDR: A new managed service gives customers step-by-step guidance to respond to incidents, receive expertise when they need it, and stay ahead of emerging threats.
  • Microsoft Purview Insider Risk Management: With the new bring-your-own-detections capabilities, partners can help their customers create custom indicators by bringing in detections from non-Microsoft sources, such as a customer relationship management system like Salesforce or a developer tool like GitHub.
  • Microsoft Defender for Cloud Apps: The new open app connector platform makes it easier for partners to plug their solutions into our platform. New API connectors include the preview of Asana and Miro as well as the general availability of software as a service security posture management capabilities for DocuSign, Citrix, Okta and GitHub.
  • Microsoft Defender for Endpoint: The settings management experience is now natively embedded into Microsoft Defender for Endpoint for Windows, Linux, and macOS, removing dependencies on Microsoft Intune and the need to switch between portals.
  • Microsoft Defender Threat Intelligence: Graph APIs now enable simple exporting and ingestion of data to Microsoft Defender, Microsoft Sentinel, and third-party applications.
  • Microsoft Purview eDiscovery: Now generally available, the Microsoft Graph eDiscovery Export API will enable external applications and partners to integrate the eDiscovery export function through scripting.
  • Microsoft Purview Information Protection: With this update, confidential and highly sensitive Excel files that are labeled and protected by Microsoft Purview Information Protection can continue to be protected when imported into Microsoft Power BI datasets and reports throughout their lifecycle. Additionally, documents in SharePoint and OneDrive now support labeled and encrypted documents with user-defined permissions. Co-authoring for Word, Excel, and PowerPoint apps now enables document owners to define permissions for people who can have access to shared sensitive documents that are encrypted.
  • Microsoft Purview Data Loss Prevention: Microsoft Purview Data Loss Prevention introduces a new capability to allow security teams to create policies that prevent their users from pasting sensitive data to specific websites or web applications.
  • Microsoft Defender for External Attack Surface Management: With External Attack Surface Management, you can leverage new data connections to seamlessly integrate your attack surface data into other Microsoft solutions, including Azure Data Explorer and Log Analytics. These data connections will help you supplement workflows with new insights, which will enable you make informed security decisions based on more comprehensive information.

We have been innovating rapidly across the entire Microsoft Security portfolio. In case you missed them, here are a few of our most recent announcements.

  • Two new Security Service Edge solutions: Microsoft Entra Internet Access helps protect access against malicious traffic and threats from the open internet. Microsoft Entra Private Access helps secure access to private apps and resources from any device and network.
  • Microsoft Azure Active Directory is now Microsoft Entra ID: To unify our product family, we changed the name of Microsoft Azure Active Directory to Microsoft Entra ID.
  • Microsoft Intune Suite: In March 2023, we launched the Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The suite’s AI-powered automation empowers IT and security teams to move simply and quickly from reactive to proactive in addressing security challenges.
  • Adaptive Protection in Microsoft Purview: In early 2023, we launched Adaptive Protection in Microsoft Purview. This new capability dynamically updates data loss prevention controls and policies, turning them to individual users and helping customers identify and mitigate the most critical risks. This saves security teams valuable time while ensuring better data security. Learn more about the features and benefits of Adaptive Protection.
  • Microsoft Sentinel reduces investigation time by 88 percent: This year, we unveiled a new context-focused incident investigation experience for Microsoft Sentinel that enables security analysts to reduce their investigation time by up to 88 percent.7 We also delivered the ability to automatically disrupt in-progress attacks in Microsoft 365 Defender to help customers prevent devasting breaches. 

2023 Security Partner of the Year Awards

We are excited to announce our 2023 Security Partner of the Year Award winners.

Security Partner of the Year: BDO Digital

BDO Digital is a global company that offers detection, automation, and reduction of overall cybersecurity risks. Many of BDO’s clients’ legacy tools were not equipped to deal with modern infrastructure, and internal security teams did not have the bandwidth to monitor and triage security events. BDO helped improve its clients’ cybersecurity posture by reducing actionable alerts by over 50 percent.

Compliance Partner of the Year: Epiq

Epiq offers advanced data security technology solutions, such as a unique Chat Connector for Microsoft Teams that allows legal teams to effectively assess data for relevant and privileged content. 

Building securely together

As we all consider what we can accomplish with AI now and in the future, I cannot overstate the importance of end-to-end security. This is exactly where we recommend you start with your customers. Help them strengthen their security posture now so that when they deploy AI, they are not vulnerable to attacks. AI solutions will only ever be as strong as their underlying security.

As with any product design, we hold ourselves to high security standards when building, developing, and deploying AI-powered solutions from platforms to applications to processes. We maintain rigorous responsible AI practices, aimed at understanding and mitigating harms, measuring the quality of responses, and fostering a continuous learning environment from customer feedback. A cornerstone of these standards is our commitment to developing solutions that are “secure by design and secure by default.” However, it is important to note that the robustness of security is significantly enhanced when users actively manage and maintain it. Our focus extends to ensuring robust control over data, meaning it won’t be used to train AI models without explicit permission. We advocate for our partners to adhere to these benchmarks while crafting and implementing AI-based offerings for customers—whether the aim is to enhance productivity, automate a business process, or safeguard against threats.

Connect with us at Microsoft Inspire 2023

Microsoft Inspire 2023 is an incredible opportunity to share all the ways AI can support security efforts with our partner ecosystem. If you haven’t registered, there’s still time to reserve your complimentary spot. There, you’ll hear strategies to prepare your organization for AI with comprehensive security and security posture. Hope to see you in these sessions!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft internal data.

2Internet Crime Report, Federal Bureau of Investigation. 2022.

3The Partner Opportunity For Microsoft Security, Forrester. July 2023.

4Gartner® Market Guide for Managed Detection and Response Services, Pete Shoard, Al Price, Mitchell Schneider, Craig Lawson, Andrew Davies. February 14, 2023. 

5The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.

62022 Cybersecurity Workforce Study, (ISC)². 2022.

7The Total Economic Impact™ Of Microsoft SIEM And XDR, Forrester. August 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Microsoft Inspire: Partner resources to prepare for the future of security with AI appeared first on Microsoft Security Blog.

]]>
11 best practices for securing data in cloud services http://approjects.co.za/?big=en-us/security/blog/2023/07/05/11-best-practices-for-securing-data-in-cloud-services/ Wed, 05 Jul 2023 16:00:00 +0000 This blog explores the importance and best practices for securing data in the cloud. It discusses concepts such as authentication, zero trust, and encryption, among others.

The post 11 best practices for securing data in cloud services appeared first on Microsoft Security Blog.

]]>
In today’s digital age, cloud computing has become an essential part of businesses, enabling them to store and access their data from anywhere. However, with convenience comes the risk of data breaches and cyberattacks. Therefore, it is crucial to implement best practices to secure data in cloud services.

1. Choose a reliable cloud service provider

Choosing a reputable cloud service provider is the first step toward securing data. The provider should offer secure data storage, encryption, and access controls. Look for providers that are compliant with relevant security standards and regulations, such as ISO 27001, HIPAA, and PCI DSS. Microsoft Cloud has several certifications making it a trusted choice for customers. For an exhaustive list of the compliance offerings, refer to compliance offerings for Microsoft 365, Azure, and other Microsoft services.

2. Understand your security responsibilities

When you move your data to cloud services, it’s important to understand who is responsible for securing it. In most cases, the cloud provider is responsible for securing the infrastructure, while the customer is responsible for securing the data stored on that infrastructure. Make sure you know your responsibilities and take the necessary steps to secure your data. The below picture shows how the responsibility shifts from the customer to the cloud provider as the customers move their applications to cloud services. While customers maintain end-to-end responsibility of maintaining the environment on-premises, as they move to cloud services, more and more responsibilities are taken over by the cloud provider. However, maintaining and securing data, devices, and identities is always the customer’s responsibility.

Image showing shared responsibility model in the cloud.

Figure 1. Shared responsibility model in the cloud.

3. Use strong authentication

While passwords are the first line of defense against unauthorized access, we are aware that passwords can be stolen, leaked, or compromised. Using strong authentication methods, such as multifactor authentication, can significantly reduce the risk of unauthorized access to data. Multifactor authentication requires users to provide multiple forms of authentication, such as a password and a code sent to a mobile app, before gaining access to the cloud environment. However, the best defense is provided by passwordless technologies like facial recognition, fingerprints, or mobile apps. Microsoft provides a host of such technologies like Windows Hello, Microsoft Authenticator, or FIDO2 Security keys. Using these methods, you can mitigate the risk of password theft.

Image showing various authentication options from passwords to multifactor authentication to passwordless.

Figure 2. Authentication methods.

4. Implement encryption

Encryption is a critical component of cloud security. It involves encoding data in such a way that only authorized users can access it. Implementing encryption for data in transit and data at rest can help protect sensitive data from unauthorized access and data breaches. In the Microsoft Cloud, data is always encrypted at rest, in transit, and in use. Microsoft Azure Storage Service Encryption provides encryption for data at rest with 256-bit AES using Microsoft Manage Keys. It encrypts data in Azure Managed Disks, blob storage, Azure files, Azure queues and table storage. Azure Disk Encryption provides encryption for data at rest in Windows and Linux VMs using 256-AES encryption. Transparent Data Encryption provides encryption for Microsoft Azure SQL Database and Azure Data Warehouse.

5. Protect data wherever it lives or travels

The biggest problem faced by businesses today is discovering where their sensitive data is. With more than 80 percent of corporate data “dark”, organizations need tools to help them discover this data. Microsoft Purview Information Protection helps you scan data at rest across Microsoft 365 applications, SharePoint Online, Exchange Online, Teams, non-Microsoft Cloud apps, and on-premises file shares and SharePoint servers using the Microsoft Purview Information Protection scanner tool, to discover sensitive data. Identifying the data is not enough. Organizations need to be aware of the risk associated with this data and protect the data by applying things such as encryption, access restrictions, and visual markings. With Microsoft Purview Information Protection you can automatically apply sensitivity labels to identify the data as highly confidential, confidential, or general, depending on your label schema by using more than 300 Sensitive Information Types and Trainable Classifiers.

Organizations also suffer from inadvertent or malicious data loss. They need to have controls in place to prevent sensitive data from being accessed by unauthorized individuals. Microsoft Purview Data Loss Prevention helps prevent data loss by identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive information across cloud, apps, and on endpoint devices. It is a cloud-native solution with built-in protection so that you no longer need to deploy and maintain costly on-premises infrastructure or agents.

Data doesn’t move itself; people move data. That is why understanding the user context and intent behind data movement is key to preventing data loss. Microsoft Purview Insider Risk Management offers built-in, ready-to-use machine learning models to detect and mitigate the most critical data security risks around your data. And by using Adaptive Protection, organizations can automatically tailor the appropriate data loss prevention controls based on a user’s risk level, ensuring that the most effective policy—such as blocking data sharing—is applied only to high-risk users, while low-risk users can maintain their productivity. The result: your security operations team is now more efficient and empowered to do more with less.

Learn more about data protection for businesses.

Microsoft's approach to data security showing the triangle with Protect sensitive data, Prevent data loss and Manage Insider Risk.

Figure 3. Microsoft’s approach to data security.

6. Implement access control

Implementing access controls can help limit access to sensitive data in cloud services. Access controls should be based on the principle of least privilege, where users are granted the minimum access required to perform their tasks. Role-based access control can be used to assign roles and permissions to users based on their job responsibilities. Microsoft Entra encompasses all such Identity and Access capabilities from Microsoft.

7. Monitor cloud activity and know your security posture

Monitoring cloud activity can help detect and prevent unauthorized access to data. Cloud service providers offer monitoring services that can alert administrators when suspicious activity is detected. Regularly reviewing cloud logs and audit trails can help identify potential security threats. Microsoft Defender for Cloud is a cloud-native application protection platform that combines the capabilities of Cloud Security Posture Management with integrated data-aware security posture and Cloud Workload Protection Platform to help prevent, detect, and respond to threats with increased visibility into and control over the security of multicloud and on-premises resources such as Azure Storage, Azure SQL, and open-source databases.

Graphic showing the capabilities of Microsoft Defender for Cloud, including unifying security management, strengthening and managing cloud security posture, and protecting your cloud workloads.

Figure 4. Microsoft Defender for Cloud.

In addition, Microsoft Sentinel, Microsoft’s AI-enriched, cloud-native security information and event management, can uncover sophisticated threats and automate response. It acts as a centralized hub across multicloud environments to monitor attackers as they move across vectors.

Image displaying the key features of Microsoft Sentinel.

Figure 5. Microsoft Sentinel.

8. Use secure APIs

APIs are used to access cloud services, and they can be vulnerable to attacks if not secured properly. Secure APIs should be implemented with strong authentication and encryption to prevent unauthorized access to cloud services.

9. Conduct regular security assessments

Conducting regular security assessments can help identify security vulnerabilities and assess the effectiveness of security measures. Regular security assessments can be conducted internally or by third-party security experts.

10. Train your employees

Ensure that your employees are aware of the security risks associated with storing data in cloud services and are trained on best practices for securing data. This includes regular security awareness training and policies for reporting suspicious activity.

11. Implement principles of Zero Trust

Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing the following set of security principles:

  • Verify explicitly – Always authenticate and authorize based on all available data points.
  • Use least privilege access – Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
  • Assume breach – Minimize blast radius and segment access.

A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy. This is done by implementing Zero Trust controls and technologies across six foundational elements of identity, endpoints, data, apps, infrastructure, and network.

Graph showing Zero Trust across the vectors.

Figure 6. Zero Trust across the vectors.

Each of these is a source of signal, a control plane for enforcement, and a critical resource to be defended. Here is Microsoft’s guide to securing data with Zero Trust.

What’s next

In conclusion, securing data in cloud services is essential for businesses to protect their sensitive information from unauthorized access and data breaches. End-to-end security design and implementation is the foundation of securing data in cloud services. Microsoft recommends a defense in depth approach implementing the principles of Zero Trust across identity, endpoints, data, apps, infrastructure, and network.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post 11 best practices for securing data in cloud services appeared first on Microsoft Security Blog.

]]>
Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security http://approjects.co.za/?big=en-us/security/blog/2023/05/23/microsoft-build-2023-announcing-new-identity-compliance-and-security-features-from-microsoft-security/ Tue, 23 May 2023 15:00:00 +0000 Microsoft Build 2023 is the place to discover new features and technologies, share ideas, and boost your skills. Learn about the new identity and compliance features we're announcing.

The post Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security appeared first on Microsoft Security Blog.

]]>
At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and in-person, to suit every attendee, whether you’re a professional developer, data pro, or a brand-new coder. Not only is Microsoft Build a great opportunity to gain new knowledge and skills, but it’s also the place to meet and learn from other developers. If you haven’t registered yet, I invite you to visit the Microsoft Build event page.

Microsoft Build 2023

Browse virtual and in-person security sessions at Microsoft Build.

logo

Below is a quick tour of a few security-related sessions and the new features and technologies they highlight.

New identity and access features in Microsoft Entra

Graphic showing how Microsoft Entra External ID helps personalize and secure access to any application for customers and partners with a complete customer identity and access management solution.

Welcome to modern identity and access management with Microsoft Entra

Developers are in the business of building app features and capabilities. Most developers are not—and don’t want to be—identity security experts.

At Microsoft Build, we’re announcing the next generation customer identity access management platform: Microsoft Entra External ID, now in preview. Microsoft Entra External ID was purpose-built to personalize and secure access to applications while protecting any external identity and effectively controlling which resources they can access. It delivers a flexible, unified identity platform, personalized customer experiences, adaptive access policies, and built-in identity governance. In the session “Explore CIAM capabilities with External Identities in Microsoft Entra,” Yoel Horvitz, Senior Program Manager, Microsoft Azure Active Directory (Azure AD), and Namita Singh, Senior Software Engineer at Cloud Data Center Cybersecurity, Microsoft, will explore how easily you can create branded sign-up and sign-in app experiences. No more trade-offs between great security and great customer experiences. You’ll see how quickly you can add a strong sign-up or sign-in experience plus comprehensive onboarding flows that capture and validate customer information.

Partner identity scenarios (B2B Collaboration) remain in the same location on the Microsoft Entra admin portal within the Workforce tenant. Please note that there is no action for our current Azure AD business-to-consumer (B2C) customers required at this time as the next generation platform is currently in early preview only. We remain fully committed to support the current Azure AD B2C solution, and there are no requirements for B2C customers to migrate at this time and no plans to discontinue the current B2C service.

This next-generation expanded solution for customer and partner identities marks the next chapter in our customer identity solution, addressing critical customer feedback and building on top of our existing capabilities.

External ID now combines familiar B2B collaboration functionality in Microsoft Entra (generally available) with evolved and unified customer identity (CIAM) capabilities, targeting customer-facing applications, now in preview. Help us shape the future of this new platform with your participation in our preview.

Microsoft Entra Verified ID digital wallet SDK

Microsoft Entra Verified ID is an open standards-based verifiable credentials service that customers can use to automate the identity validation process while enabling privacy-protected interactions between organizations and users. You can integrate the upcoming release of the Verified ID Wallet Library into your mobile apps to store and share digital Verified ID cards. This allows you to issue verifiable credentials for dozens of use cases, such as reducing the risk for fraud and account takeovers, streamlining app sign-ins, creating self-service account recovery and helpdesk flows, and enabling rich partner rewards ecosystems. Be sure to check out the “Reduce fraud and improve engagement using Digital Wallets” session by Christer Ljung, Principal Program Manager, Microsoft, and Sydney Morton, Software Engineer, Microsoft, to learn more about Verified ID’s open source digital wallet SDK.

New capabilities for compliance and data automation in Microsoft Purview

General availability of machine learning-enabled source code classifier

Microsoft Purview Information Protection helps organizations automate data classification, labeling, and protection across multiple platforms. More than 35 pre-trained classifiers help quickly identify and protect some of the most sensitive data, such as intellectual property and trade secrets, material non-public information, sensitive health and medical files, business sensitive financial information, and personally identifiable information for General Data Protection Regulation (GDPR) compliance. Plus, an improved ready-to-use source code classifier that supports more than 70 file extensions and 23 programming languages can detect embedded and partial source code.  

New APIs available to help automate compliance workflows

You can take advantage of new Microsoft Graph APIs built specifically for Microsoft Purview eDiscovery and compliance scenarios to help organizations automate their litigation and investigation workflows. Join us for “Streamline eDiscovery with new innovations, including Microsoft Graph APIs,” a sequel to Microsoft Senior Product Marketing Manager Caitlin Fitzgerald’s Microsoft Build 2022 session, which will share recent examples of using APIs to ensure repeatable and predictable management of time-sensitive compliance processes.

Explore built-in security features in these Microsoft Build sessions

Unlocking the Power of Azure Security: Conversations with Experts, Q&A

In this Q&A session, Richard Diver, Technical Story Design Lead, Microsoft, will moderate a panel of experts who help secure the software supply chain within Microsoft Azure and other platforms. The session is based on a four-part blog series that includes Microsoft Azure’s defense-in-depth approach to cloud vulnerabilities and Cloud Variant Hunting. The panel will share Microsoft security best practices and how we’re enhancing our response process, extending our internal security research, and continually improving how we secure multitenant services.

Next-Level DevSecOps: Secure Supply Chain Consumption Framework, Q&A

The Secure Software Supply Chain Framework (S2C2F) is designed from the ground up to protect developers from accidentally consuming malicious and compromised packages. In this Q&A session, Mia Reyes, Director, Foundational Security—Cybersecurity, Microsoft, will moderate a panel of leads from our Secure Software Supply Chain team, including Adrian Diglio, Principal Product Marketing Manager, Microsoft, and Jasmine Wang, Product Manager, Microsoft, as they share the Secure Supply Chain Consumption Framework S2C2F. Learn how to patch your vulnerable components faster to prevent consumption of malicious or compromised packages. Download the Secure Supply Chain Consumption Framework Simplified Requirements guide to learn how you can improve your open source software (OSS) consumption practices.

According to Sonatype’s 2022 State of the Software Supply Chain report, supply chain attacks targeting OSS have increased by an average of 742 percent each year for the past three years.1

Microsoft Build 2023

Join us in Seattle for Microsoft Build from May 23 to 25, 2023. We’ll stream online sessions May 23 and 24, 2023 during Pacific Time hours. Register now to reserve your spot and visit the Microsoft Build 2023 website to explore the session catalog and plan your experience. We look forward to connecting with you!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.


18th Annual State of the Software Supply Chain Report, Sonatype.

The post Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security appeared first on Microsoft Security Blog.

]]>
Protect intellectual property with Govern 365 and Microsoft Purview http://approjects.co.za/?big=en-us/security/blog/2023/04/17/protect-intellectual-property-with-govern-365-and-microsoft-purview/ Mon, 17 Apr 2023 17:00:00 +0000 Learn how to secure sensitive information within your global supply chain with Netwoven Govern 365 and Microsoft Purview Information Protection.

The post Protect intellectual property with Govern 365 and Microsoft Purview appeared first on Microsoft Security Blog.

]]>
This blog post is part of the Microsoft Intelligent Security Association guest blog seriesLearn more about MISA. 

Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function effectively, but it creates significant risks simultaneously with a potential loss of intellectual property (IP). Security is only as strong as the weakest link in the supply chain. Data compromised in the supply chain can be as damaging as that from within the organization. Digital rights management (DRM) is used by many industries, such as the music industry, to protect intellectual property. Organizations are beginning to look at this technology to protect their corporate IP. Netwoven Govern 365 and Microsoft Purview Information Protection provide a robust solution for managing your IP. 

Nine must-haves to implement a resilient supply chain information protection framework 

The following items are essential for a robust supply chain framework: 

  1. Keep an updated database of leading suppliers and their sub-tiers. This hierarchy can be very fluid, so it must be maintained and used carefully.  
  2. Deploy Microsoft Purview Information Protection to automatically discover, classify, label, and protect sensitive data found in files and documents within your organization.  
  3. Ensure all IP-related files emanating from applications such as computer-aided design software, productivity software, and other types of software are protected using the labels for the appropriate suppliers.  
  4. Ensure that all information is protected appropriately based on the current hierarchy of leading suppliers and their sub-tiers.  
  5. Establish that all data egress points from the company where sharing of files can occur with suppliers are protected. 
  6. Put in place all appropriate legal contracts with the leading suppliers. 
  7. Confirm that external users are registered appropriately in your identity management system to have access to the files.  
  8. Limit trade restricted individuals from accessing critical information as a violation could lead to fines by the government. 
  9. Create a solution that is easy to use by all users for adoption. 

Using Govern 365 for managing your supply chain 

Govern 365 with Microsoft Purview Information Protection provides an automated and frictionless solution to protect your company’s sensitive information and limit litigation and compliance exposure, without burdening productivity. 

The key features of Govern 365 that help improve supply chain protection are:

  • Supply chain hierarchy management.
  • Content Protection across the supply chain hierarchy.
  • Easy to use self-service provisioning with Microsoft Teams.
  • Ability to add and remove users easily using the workspace manager.
  • Ability to restrict restricted individuals from accessing the workspace.
  • Visibility and auditing capabilities for tracking usage.
  • Dynamic Watermarking capabilities for additional protection.

Govern 365 provides these features by leveraging your investments in Microsoft Purview. Microsoft Purview comes with information protection and data loss prevention capabilities leveraged by Govern 365. 

A particular use case of Intellectual Property Management is a Virtual Data Room (VDR). Historically, VDR platforms were primarily used in specific industries that required enhanced protection of sensitive information. Consequently, the emphasis of these solutions has always been on the secure sharing of said information rather than secure collaboration during its ideation and creation.  

Govern 365 provides the ability to create VDRs. Here are some of the key features of Govern 365 VDR that organizations can use for supply chain IP protection. 

Unified Dashboard 

The Unified Dashboard is a simple interface available in Microsoft Teams and the web that provides access to your existing VDRs and creates new ones easily. 

Screenshot of the Netwoven Govern 365 virtual data room dashboard.

Figure 1. Govern 365 Unified Dashboard.

The icons in the dashboard cards provide easy-to-navigate features for the user. 

Self-Service Workspace Provisioning 

The provisioning wizard provides a self-service mechanism to create VDR workspaces easily. The choices below are examples that can be configured differently for your organization at the time of deployment. 

Screenshot of the new Netwoven Govern 365 virtual data room workspace.

Figure 2. Govern 365 New Workspace Request.

User Permissions Management 

Using Govern 365 Access Manager, the workspace owner can easily add or remove users from the workspace or manage permissions at the workspace level. This automatically adjusts the permissions of the content in the workspace for the users.  

Screenshot of the Netwoven Govern 365 virtual data room workspace manager.

Figure 3. Govern 365 Workspace Manager.

The workspace manager allows for access management at the workspace level. 

Use of Corporate Sensitivity Labels 

Govern 365 leverages your corporate sensitivity labels to protect content in VDRs for internal and external use. It allows for encryption and content marking including dynamic watermarking. 

Analytics 

The solution should automatically collect the necessary information about the user’s actions within a given workspace in the form of an audit log that you can extract as a CSV file format at any time, better monitoring your security. 

The workspace analytics integrates with Microsoft Power BI to offer an exhaustive content inventory report of the workspace utilization. 

Doing more with less 

Choosing a VDR provider for your organization takes work. Govern 365’s VDRs are built to work with Microsoft Teams and SharePoint to protect your sensitive information while ensuring data sovereignty. Built on Information Protection, external and internal recipients can safely and securely take advantage of secure collaboration while having data stored in their repository, having an intuitive user experience that allows you to customize the product to suit your organizational needs. All in all, Govern 365 enables you to do more with less by utilizing your existing Microsoft 365 estate to its fullest, keeping your return on investment calculator ticking. 

About Netwoven

Netwoven is a Microsoft Solutions Partner focused on unraveling complex business problems leveraging Microsoft technologies. They work with their clients to create and execute digital transformation strategies around secure collaboration, modern software applications, more profound insights from data, advanced infrastructure, and security. Explore Govern 365 and visit the Microsoft Azure Marketplace for a free trial. 

Learn more

Learn more about Microsoft Purview Information Protection

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Protect intellectual property with Govern 365 and Microsoft Purview appeared first on Microsoft Security Blog.

]]>
Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 http://approjects.co.za/?big=en-us/security/blog/2023/03/22/microsoft-recognized-as-a-leader-in-the-forrester-wave-data-security-platforms-q1-2023/ Wed, 22 Mar 2023 16:00:00 +0000 Microsoft is named as a Leader in Forrester’s 2023 Wave for Data Security Platforms for Microsoft Purview Information Protection, data loss prevention, insider risk management, and Microsoft Priva.

The post Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 appeared first on Microsoft Security Blog.

]]>
Organizations need to protect their sensitive data including intellectual property, trade secrets, customer data, and personally identifiable information from both insiders and external cyber attackers. In fact, 80 percent of organizations experience more than one data breach in their lifetime.1 With global, industry, and national-level regulations, the need to protect sensitive data and prevent data exfiltration has never been more urgent than it is now.

To help our customers navigate this complex data landscape, we are focused on delivering secure, intelligent, and user-centric solutions that provide visibility, reduce complexity, and mitigate risk. Over the past few years, we significantly increased our investment in building our Microsoft Purview data security capabilities across our information protection, data loss prevention (DLP), and insider risk management solutions, as well as our privacy solution: Microsoft Priva. A few recent capabilities are advanced ready-to-use machine learning-enabled classifiers, Adaptive Protection, a DLP migration assistant tool (on-premises DLP to cloud-native DLP), and right to be forgotten for Microsoft Priva Subject Rights Requests.

I am delighted to announce that Forrester listed Microsoft as a Leader in its  2023 Wave™ for Data Security Platforms. The Forrester Wave™ report evaluates the data security platform market and provides a detailed overview of the current offering, strategy, and market presence of these vendors. Microsoft received the highest possible score in the current offering category for data classification, data threat and risk visibility, data masking or redaction, encryption, rights management, privacy use cases, and integrations for Zero Trust criteria; and in the strategy category for the product vision, execution roadmap, and community engagement criteria.  

We believe our investments in advanced classification technology, data threats and risk visibility, rights management, and privacy resulted in this recognition.

Forrester Wave Data Security Platforms Q1 2023 graphic.

The Forrester report also acknowledges: “Microsoft shines with its ecosystem approach—if you go all in,” wrote Heidi Shey, Forrester Principal Analyst, in the report. “Microsoft Purview brings together capabilities to 1. understand and govern data; 2. safeguard data; and 3. improve risk and compliance posture. But Microsoft’s security capabilities go beyond Microsoft Purview. By design, the entire Microsoft ecosystem working together multiplies its value via telemetry from across the environment.” She added, “The power of Microsoft’s telemetry is evident in its capabilities for identifying data threats and risk visibility. These offer strong controls for data masking, encryption, and rights management.”

Our work isn’t stopping there, however. We continue to work closely with our customers to gather feedback to help us build better products. Your input provides critical insights as we strive to create solutions to help you on your data security journey.

Learn more

Read this complimentary copy of The Forrester Wave™: Data Security Platforms, Q1 2023 for the analysis behind Microsoft’s position as a Leader.

Read more about Microsoft’s recognition as a leader in cloud security, email security, security analytics, and more:

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Cost of a Data Breach Report 2022, IBM. 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The post Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 appeared first on Microsoft Security Blog.

]]>