Today, we are excited to announce that Microsoft has been named a leader in The Forrester Wave: Extended Detection and Response (XDR) platforms, Q2, 2024, with the highest scores in the strategy, current offering, and market presence categories. Microsoft Defender XDR was rated the highest possible in 15 out of 22 evaluation criteria, including Endpoint Native Detection, Surface Investigation, Threat Hunting, Analyst Experience, Vision, and Innovation.

Forrester states that “Microsoft is refining the most complete XDR offering in the market today,” and called out “its dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”

We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.

Microsoft Defender XDR

Elevate your security with unified visibility, investigation, and response.

Learn more

Get end-to-end protection with Microsoft’s unified security operations platform

Native breadth is critical to an industry-leading XDR solution, and with Microsoft Defender XDR coverage, organizations get free data ingestion for more workloads than any other can provide. But we understand that customers need to be able to bring together security signals from many sources. This is why we built the security operations platform—by combining the full capabilities of XDR, security information and event management (SIEM), exposure management, generative AI, and threat intelligence. Having these critical capability sets in a single place and operating across all relevant data defeats security tools silos while empowering security teams with unified, comprehensive features that apply to multiple use cases.

A unified platform. The unified security operations platform enables customers to reap the benefits of both SIEM and XDR through incident level response, flexible reporting, automated workflows, and hunting across both first- and third-party data sources. In the private preview, customers saw up to an 80% reduction in incidents, leveraging the powerful correlation across both XDR and SIEM data.² With attack disruption for SAP, the platform will automatically disable access to both the SAP and Microsoft accounts during a financial fraud attack—providing critical protection for a platform that houses extremely sensitive data.

Generative AI embedded. Microsoft Copilot for Security is an industry-first generative AI solution that enables security teams to simplify processes like incident remediation and guided response, reverse engineer malware code, and even uplevel junior analysts by generating Kusto Query Language (KQL) queries using natural language. Embedded directly into the investigation experience, Copilot for Security enables the SOC to automate repetitive tasks and facilitate more informed decision-making during complex security incidents.

Disrupts advanced attacks faster than any other platform. In a world where AI can be used for both good and evil, the importance of using it to fortify organizational defenses becomes more critical than ever. In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI.³ This is why Microsoft Security continues to invest in AI. Automatic attack disruption in Defender XDR uses the power of AI and machine learning to detect and disrupt in-progress attacks like ransomware, business email compromise, attacker in the middle, and more with high confidence to limit the impact to an organization. By correlating trillions of signals from the workloads, Defender XDR can recognize the intent of an attacker and disrupts ransomware attacks in just three minutes.⁴

With cyberattackers using AI for their own means, XDR and unified security operations platforms are becoming increasingly critical to modern cybersecurity strategies. We are excited that Forrester recognized Microsoft’s leadership in this space, and we will continue to focus on innovation and AI-capabilities to help organizations future-proof their defenses.

Learn more about Microsoft Defender XDR.

Cybersecurity and AI news

Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.

Get the latest resources

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹The Fundamentals of Cloud Security, The Hacker News. May 8, 2024.

²Microsoft internal data, May 2024.

³Study finds increase in cybersecurity attacks fueled by generative AI, Security Magazine. August 29, 2023.

⁴Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

The Forrester Wave™: Extended Detection And Response Platforms, Q2 2024, Allie Mellen, Joseph, Blankenship, Sarah Morana, and Michael Belden. June 3, 2024.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change.

The post Microsoft is named a leader in the Forrester Wave for XDR appeared first on Microsoft Security Blog.

Identity professionals have a tough job. Every day, they deal with a digital landscape that’s always changing and with attacks that are always intensifying. To protect workforce identities and devices, they must secure access to data, applications, and resources across various environments—from any location and on any network. Moreover, they’re under constant pressure to secure not only an increasingly mobile and remote workforce, but also organizational resources that are increasingly distributed across multicloud environments.

We spend a lot of time with our customers to understand and address their challenges, and we’re grateful for their partnership. Their needs inspire the features and capabilities in Microsoft Entra, and we’ll keep collaborating with them to enhance our unified platform by strengthening identity security, improving user experiences, and integrating advanced technologies such as generative AI.

Leading the way in the workforce identity

In their earlier report, The Workforce Identity Platforms Landscape, Q4 2023, Forrester defined a workforce identity platform as a security platform that unifies the governance, administration, and enforcement of identity safeguards across human (employees, contractors, partners) and machine (service accounts, devices, bots, containers) identities to protect access to corporate assets and resources such as networks, business systems, applications, and data.

In The Forrester Wave™ report, Forrester recognized Microsoft Entra for its adaptive policy engine, well-integrated identity lifecycle management, and end-to-end approach to identity threat detection. The report also stated that Microsoft Entra supports a breadth of authentication methods (including passwordless options) for accessing all your apps and resources (cloud-based, legacy, and non-Microsoft). We believe the report demonstrates the value that the Microsoft Entra product portfolio brings to our customers, which we are always striving to improve. 

Looking to the future

It’s clear that—because AI is reshaping modern threats—AI-powered defenses are crucial. An AI-powered workforce identity platform empowers security and IT professionals to collaborate more effectively, gain deeper insights into security threats, and respond faster to emerging challenges.

We were happy to see Forrester cite Microsoft’s superior workforce identity vision that is underscored by its forward-looking innovation strategy in their evaluation. Looking forward, we’ll keep integrating our industry-leading AI capabilities with Microsoft Entra to help our customers future-proof their defenses and stay resilient against evolving cyberthreats in the workforce identity space.

Microsoft Entra

Safeguard connections between people, apps, resources, and devices with multicloud identity and network access solutions.

Explore products

Learn more

To learn more about Microsoft Entra solutions, visit our website. Bookmark the Microsoft Entra blog to keep up with our expert coverage on workforce identity matters.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Forrester Wave™: Workforce Identity Platforms, Q1 2024, Geoff Cairns, Merrit Maxim, Lok Sze Sung, Pater Harrison. March 19, 2023. 

The post ​​Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024 appeared first on Microsoft Security Blog.

Microsoft Intune

Enhance security and IT efficiency with the Microsoft Intune Suite.

Learn more

The broad value of the Intune Suite

While the solutions of the Intune Suite launched at different points in time, three fundamental principles have been there from the beginning.

First, one place for workloads adjacent to Unified Endpoint Management. If you’re currently using a mix of third-party solutions, the integrated experience in Microsoft Intune provides security and efficiency on multiple levels. First, one unified solution means fewer integrations to manage across third parties, meaning fewer attack vectors for malicious actors. And second, on a deeper level, the broader Intune proposition (both Intune Suite and Intune) is integrated with Microsoft 365 and Microsoft Security solutions. This provides a consolidated and seamless experience for IT professionals with a single pane of glass for end-to-end endpoint management.

Second, all parts of the Intune Suite are ready to support your cloud and AI-enabled future. Intune Suite will help accelerate organizations’ digital transformation to cloud native and simplify their IT operations. Additionally, data from Intune Suite are consolidated with other Intune and security data, meaning complete visibility across the device estate, informing and improving emerging technologies like Microsoft Copilot for Security. The more interrelated data that Copilot can use, the more it can proactively advise on the next best action.

Lastly, Intune Suite is available in a single unified plan. So, rather than having separate solutions for remote assistance, privilege management, analytics, and more, these advanced solutions can all be consolidated and simplified into one. This provides value in two ways: directly, by reducing the overall licensing cost, as the cost of Intune Suite is less than purchasing separate solutions; and the economic value of the Intune Suite is also in indirect savings: no need to manage separate vendors, train IT admins on separate tools, or maintain costly on-premises public key infrastructure (PKI). The Intune Suite makes it easier for IT admins, reducing overhead costs.

“With what we get out of Intune Suite, we can eliminate other products that our customers need. It’s now a suite of many components that enable customers who want to consolidate solutions and save money.”

—Mattias Melkersen Kalvåg, Mobility and Windows Management Consultant at MINDCORE, and| Microsoft Certified Professional & MVP

From today: A comprehensive suite across applications, access needs, and support

Let’s get into specifics. For application security, Enterprise App Management helps you find, deploy, and update your enterprise apps. And Endpoint Privilege Management lets you manage elevation rules on a per-app basis so that even standard users can run approved privileged apps. Cloud PKI lets you manage certificates from the cloud in lieu of complex, on-premises PKI infrastructure. And Microsoft Tunnel for Mobile Application Management (MAM) is perfect for unenrolled, personal mobile devices, to help broker secure access to line of business apps. Advanced Analytics gives you data-rich insights across your endpoints. And Remote Help lets you view and control your PCs, Mac computers, and specialized mobile devices, right from the Intune admin center. Let us take each of those three product areas in turn.

Increase endpoint security with Enterprise App Management and Endpoint Privilege Management

Enterprise App Management gives you a new app catalog, allowing you to easily distribute managed apps, but also keep them patched and always up to date. With this initial release, you will be able to discover and deploy highly popular, pre-packaged apps, so you no longer need to scour the Internet to find their installation files, repackage, and upload them into Intune. Simply add and deploy the apps directly from their app publishers. You can also allow the apps you trust to self-update, and when a new update is available, it is just one click to update all your devices with that app installed. We will continuously expand and enrich the app catalog functionality in future releases to further advance your endpoint security posture and simplify operations. 

“I’m very excited about Enterprise App Management as it’s powered by a strong app catalog and natively integrated in Intune. This single pane of glass experience is what we’re all looking for.”

—Niklas Tinner, Microsoft MVP and Senior Endpoint Engineer at baseVISION AG

For more control over your apps, with Endpoint Privilege Management, you can scope temporary privilege elevation, based on approved apps and processes. Then, as a user in scope for this policy, you can elevate only the processes and apps that have been approved. For example, users can only run a single app for a short period of time as an administrator. Unlike other approaches that give local admin permissions or virtually unlimited scope, you can selectively allow a user to elevate in a one-off scenario by requesting Intune admin approval, without you needing to define the policy ahead of time.

“Endpoint Privilege Management offers tight integration into the operating system. And the focus that Microsoft has over only elevating specific actions and apps versus making you an admin for a period of time—this is security at its best, going for the least privileged access.”

—Michael Mardahl, Cloud Architect at Apento

Cloud PKI and Microsoft Tunnel for MAM powers secure access

With Cloud PKI, providing both root and issuing Certificate Authorities (CA) in the cloud, you can simply set up a PKI in minutes, manage the certificate lifecycle, reduce the need for extensive technical expertise and tools, and minimize the effort and cost of maintaining on-premises infrastructure. In addition, support for Bring-Your-Own CA is available, allowing you to anchor Intune’s Issuing CA to your own private CA. Certificates can be deployed automatically to Intune-managed devices for scenarios such as authentication to Wi-Fi, VPN, and more; a modern PKI management option that works well to secure access with Microsoft Entra certificate-based authentication. In the initial release, Cloud PKI will also work with your current Active Directory Certificate Services for SSL and TLS certificates, but you do not need to deploy certificate revocation lists, Intune certificate connectors, Network Device Enrollment Service (NDES) servers, or any reverse proxy infrastructure. You can issue, renew, or revoke certificates directly from the Intune admin center automatically or manually. 

Microsoft Tunnel for MAM helps secure mobile access to your private resources. Microsoft Tunnel for MAM works similarly to Microsoft Tunnel for managed devices; however, with this advanced solution, Microsoft Tunnel for MAM works with user-owned (non-enrolled) iOS and Android devices. Microsoft Tunnel for MAM provides secure VPN access at the app level, for just the apps and browser (including Microsoft Edge) your IT admin explicitly authorizes. So, for personally owned devices, the user can access approved apps, without your company’s data moving onto the user’s personal device. App protection policies protect the data within the apps, preventing unauthorized data leakage to other apps or cloud storage locations.

“Cloud PKI within the Intune Suite allows you to go cloud native in terms of certificate deployment, which means you can provision PKIs with just a few clicks—that’s a blessing for all the IT administrators. With this built-in service, Microsoft hosts everything for you to manage certificates.”  

—Niklas Tinner

Resolve support issues quicker with Advanced Analytics and Remote Help

Advanced Analytics in Intune is a powerful set of tools for actionable reporting and AI-driven analytics. It provides deep, near real-time insights into your connected devices and managed apps that help you understand, anticipate, and proactively improve the user experience. We continue to infuse AI and machine learning into our analytics products. For example, you can get ahead of battery degradation in your device fleet through our advanced statistical analysis and use that information to prioritize hardware updates. Intune Suite now includes real-time device querying on-demand using Kusto Query Language for individual devices, useful for troubleshooting and resolving support calls quicker.

With Remote Help, you can also streamline the way you remotely view and interact with your managed devices, for both user-requested or unattended sessions. As a help desk technician, you can securely connect to both enrolled and unenrolled devices. Users also have peace of mind in being able to validate the technician’s identity, to avoid help desk spoofing attempts. Right now, Remote Help works for remote viewing and controlling in Windows PCs and Android dedicated Enterprise devices, and supports remote viewing for macOS. Especially useful for frontline workers, Remote Help for Android allows help desk administrators to configure and troubleshoot unattended devices, meaning issues can be revolved off-shift.

“Remote Help takes away the requirement and the need for third-party remote help tools. Remote Help is native, it’s interactive, and you don’t have to worry about installing anything, it’s already there. It’s part of Intune, it’s part of the build.”

—Matthew Czarnoch, Cloud and Infrastructure Operations Manager at RLS (Registration and Licensing Services)

To see many of these new capabilities in action, we invite you to watch this new Microsoft Mechanics video.

Analyst recognition for Microsoft

With the additions to the Intune Suite now available, IT can power a more secure and productive future at an important time as AI comes online. Notably, analyst recognition is validating the importance of its value. For example, Microsoft again assumes the strongest leadership position in the Omdia Universe: Digital Workspace Management and Unified Endpoint Management Platforms 2024. Omdia wrote: “Microsoft is focused on reducing management costs by utilizing the Microsoft Intune Suite and integrating different solutions with it.” They added: “The company plans to invest in Endpoint Analytics and Security Copilot to introduce data-driven management, helping IT professionals shift from reactive, repetitive tasks to strategic ones by utilizing Endpoint Analytics and automation.” Omdia’s recognition follows that from others like Forrester, who named Microsoft as a Leader in The Forrester Wave™ for Unified Endpoint Management, Q4 2023.

Get started with consolidated endpoint management solutions with the Microsoft Intune Suite

The February 2024 release of the solutions in the Intune Suite marks a key milestone, offering a consolidated, comprehensive solution set together in a cost-effective bundle (and available as individual add-on solutions) for any plan that includes Intune. And in April 2024, they will also be available to organizations and agencies of the United States government community cloud. We look forward to hearing your reactions to the new Intune Suite.

• Microsoft Intune News at Microsoft Ignite 2023.
• Learn more about Microsoft Intune.
• Omdia Universe: Digital Workspace Management/Unified Endpoint Management Platforms 2024.
• Forrester Wave™ for Unified Endpoint Management, Q4 2023. 
• Microsoft Cloud PKI blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Enterprise App Management blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Advanced Analytics blog announcement at Microsoft Ignite 2023.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Ease the burden of managing and protecting endpoints with Microsoft advanced solutions, Dilip Radhakrishnan and Gideon Bibliowicz. April 5, 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The Forrester Wave™: Unified Endpoint Management, Q4 2023, Andrew Hewitt, Glen O’Donnell, Angela Lozada, Rachel Birrell. November 19, 2023.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

In the current offering category, Microsoft achieved the highest possible scores in the threat intelligence, suite automation, endpoint, including performance impact, runtime behavior detection and response protection, network cyberthreat detection, mobile device security, behavioral analysis capabilities, and vulnerability patching remediation criteria. Forrester also noted, “Being natively integrated into Windows minimizes the agent performance overhead…the Defender agent performs well on other operating systems (OS), and the agent’s runtime behavior protection functions integrate into conditional access methods that can provide device trust.”

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

Learn more

AI and SOC efficiency: core to our vision and roadmap

As Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, states in her blog, the global shortage of skilled security professionals and the continued, unprecedented cybersecurity threats faced by organizations have been key drivers to create and integrate new technologies to help tip the scales in favor of security teams.

AI is one such technology. Bringing its breakthroughs, such as generative AI, within reach of organizations of all sizes has been core to Microsoft Defender for Endpoint’s strategy. AI goes hand-in-hand with security operations center (SOC) efficiency that spans our vision of protecting every endpoint on the planet for organizations of all sizes to our roadmap of capabilities that empower security teams to outmaneuver sophisticated adversaries. Automatic attack disruption, Microsoft Security Copilot, and native settings management are just three examples of how our vision and roadmap are already transforming the SOC in recent months.

Disrupting ransomware early in the cyberattack chain with automatic attack disruption

Figure 1. How automatic attack disruption stops a ransomware attack.

Security teams need every advantage in the fight against ransomware. Introduced in November 2022, Microsoft 365 Defender’s unique, industry-first automatic attack disruption stops the most sophisticated cyberattack campaigns—such as ransomware, business email compromise, and attacker-in-the-middle—at machine speed by leveraging multidomain signals across the extended detection and response (XDR) platform. This capability combines our industry-leading detection with AI enforcement mechanisms to block cyberthreats and limit their spread within the organization. In October 2023, we introduced the next evolution of automatic attack disruption that stops human-operated cyberattacks earlier in the cyberattack chain in a decentralized way across devices. This industry-first, Microsoft-patented capability contains compromised users across devices just by deploying Defender for Endpoint, bringing this XDR AI-powered security within reach of even more organizations.

Accelerating investigation and response with Security Copilot

Figure 2. Microsoft 365 Defender portal showing Security Copilot within advanced hunting editor.

Security professionals are scarce, and we must empower them to disrupt cyberattackers’ traditional advantages. With this challenge in mind, we introduced Microsoft Security Copilot in March 2023. It is the industry’s first generative AI security product that allows security teams to move at machine speed. It combines OpenAI’s GPT-4 generative AI model with Microsoft’s security-specific model informed by our unique global threat intelligence and more than 65 trillion daily signals.¹ This month, organizations started gaining access to Security Copilot. Embedded within Microsoft 365 Defender’s existing analyst workflows, Security Copilot simplifies complex tasks with capabilities like guided response actions, and provides intuitive, actionable insight across the cyberthreat landscape such as summarized incidents in natural language.

Fast-tracking setup with simplified settings management

Figure 3. Security policy interface in the Microsoft 365 Defender portal.

Helping security teams move with speed and agility doesn’t always require AI. Security teams can now set up and configure Defender for Endpoint so much faster with simplified security settings management, announced in July 2023. The new streamlined approach is all contained within the unified Microsoft 365 Defender portal experience, supported across the multiplatform workloads of Windows, MacOS, and Linux. While the Microsoft Intune portal is no longer required as part of the setup experience, Microsoft Defender for Endpoint continues to work great with Intune, sharing a single consistent source of truth for endpoint security settings.  

In the coming months we look forward to introducing more AI-powered and efficiency-focused capabilities across all platforms.

Industry-leading endpoint security

Microsoft Defender for Endpoint is core to Microsoft 365 Defender, our XDR solution that spans identities, endpoints, cloud apps, email, and documents. Microsoft 365 Defender delivers intelligent, automated, and integrated security in a unified security operations experience, with detailed cyberthreat analytics and insights, unified threat hunting, and rapid detection and automation across domains—detecting and stopping cyberattacks anywhere in the cyberattack chain and eliminating persistent cyberthreats.

Our continued leadership in security is due in part to the close partnership we have with customers who give us continuous feedback in the product development process. We are grateful for their continued trust in us and are committed to delivering innovative security capabilities that help them secure their organizations.

Our mission is to empower security teams with the best security capabilities in the industry so that you can focus on what’s important: preventing and remediating cyberthreats.

You can download the report to get more details about our position as a Leader. We thank our customers and partners for being on this journey with us.

Recognition across the industry

Defender for Endpoint has consistently been recognized as delivering as an industry leader across analyst and customer evaluations:

• Gartner named Microsoft a Leader in the 2022 Gartner®Magic Quadrant™ for Endpoint Protection Platforms.
• IDC ranked Defender for Endpoint number one in marketshare in the IDC Worldwide Corporate Endpoint Security Market Shares report, 2022.
• Customers ranked Defender for Endpoint Tech Leader number one in Endpoint Detection and Response, Endpoint Protection Platforms, and Anti-Malware on PeerSpot.
• Customers ranked Defender for Endpoint number one for Endpoint Detection and Response Software, #1 for Endpoint Protection Platforms, on G2.

Learn more

Microsoft Defender for Endpoint is a comprehensive, AI-powered endpoint security across platforms, devices, and IoT. With our solution, organizations can automatically disrupt ransomware on any platform. If you are not yet taking advantage of Microsoft’s unrivaled cyberthreat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023, Microsoft. 2023.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Forrester Wave™: Endpoint Security, Q4 2023, Paddy Harrington, Merritt Maxim, Angela Lozada, Christine Turley. October 18, 2023.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022. Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report appeared first on Microsoft Security Blog.

Microsoft’s leadership

Zero Trust has become the industry standard for securing complex, highly distributed digital estates. And Microsoft is in a unique position to help customers with their security needs, as Microsoft delivers end-to-end cross-cloud, cross-platform security solutions, which integrate more than 50 different categories across security, compliance, identity, device management, and privacy, informed by more than 65 trillion threat signals we see each day. Microsoft is actively engaged with the National Institute of Standards and Technology (NIST), most recently providing public commentary for the NIST National Cybersecurity Center of Excellence (NCCoE) and participating in The Open Group where we co-chaired the Zero Trust Architecture (ZTE) forum. As we look to the future, Microsoft recognizes that customers are entering the era of AI. And by combining the principles of Zero Trust with the capabilities of AI, organizations will have the potential to create a formidable defense against modern cyberthreats. In this blog, we will explore Forrester’s latest evaluation of the Microsoft end-to-end Zero Trust architecture and what the future will hold by leveraging the power of AI.

Forrester Wave™: Zero Trust Platforms report

See why Forrester recognizes Microsoft as a Leader in Zero Trust.

Read the report

Comprehensive end-to-end protection

Its Copilot theme carries over to a notable vision to provide end-to-end, step-by-step guidance for implementing ZT while leveraging AI. This means customer can take their ZT journey with Microsoft in lockstep.

Forrester Wave™: Zero Trust Platforms, Q3 2023 report

We are proud that the Microsoft Zero Trust platform has been recognized as a Leader in the Forrester Wave™: Zero Trust Platforms, Q3 2023 report, which we believe demonstrates Microsoft’s strong track record for being a comprehensive end-to-end platform.

The Forrester Wave™ report evaluates Zero Trust platforms based on criteria that include network security, centralized management and usability, data security, device security, automation, orchestration, people, and identity security—along with both on-premises and cloud deployments. In the latest evaluation for Q3 2023, the Microsoft end-to-end Zero Trust architecture has demonstrated its excellence in these areas by being named a Leader in this inaugural Forrester Wave™ report evaluating Zero Trust Platform Providers. The Microsoft end-to-end Zero Trust model received the highest possible score in the following categories based on the Forrester analyst criteria: people and identity security, device security, enabling and protecting the hybrid workforce, data security, automation and orchestration, visibility, and analytics.

Zero Trust in the age of AI

In an era where AI is rapidly transforming how we work, its convergence with cybersecurity brings both immense opportunities and new challenges. Here’s why Zero Trust becomes even more crucial:

1. Sophistication of threats: As cyberattacks have become more sophisticated and capable of evading traditional security measures, Zero Trust, with its emphasis on continuous verification, explicit verification, and least privileged access, offers a more effective defense against these advanced threats with or without AI capabilities.
2. Data protection and privacy: AI relies on vast amounts of customers’ data to help the user be more productive, and safeguarding this data is paramount. Zero Trust’s data-centric approach ensures that access to sensitive data is highly controlled, mitigating the risk of unauthorized AI-driven breaches.
3. Automated responses: AI-enabled security can provide rapid automated responses to threats. When integrated with Zero Trust, AI-driven responses become even more effective by improving alert fatigue, adapting access controls in real-time, minimizing damage, and containing potential breaches.

Looking to the future

Microsoft’s leadership in Zero Trust, as shown by the latest Forrester Wave™, highlights our commitment to continuously evolving cybersecurity to meet the security demands of the digital age. With AI becoming a cornerstone of modern threats and defenses, the Zero Trust principles of assume breach, least privileged access, and continual explicit verification are more crucial than ever. As organizations navigate the evolving landscape of cyberthreats, the synergy between Microsoft’s end-to-end Zero Trust strategy and the capability of AI provides a formidable defense mechanism that is both forward-looking and resilient.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2023 report. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Forrester Wave™: Zero Trust Platform Providers, Q3 2023, Carlos Rivera and Heath Mullins, September 19^th, 2023

The post Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report appeared first on Microsoft Security Blog.

We are proud to announce that Microsoft Defender for Office 365 has been recognized as a leader in The Forrester Wave ™: Enterprise Email Security, Q2 2023 report, which we believe demonstrates its strong track record for being a comprehensive and robust email and collaboration security solution.¹ Forrester noted that “Microsoft’s continued investment in security is paying off as it protects end users from attacks that target communication and collaboration environments in addition to email,” and that “email and collaboration security are key elements of Microsoft’s extended detection and response (XDR) strategy, adding prevention capabilities to its unified approach to detection, investigation, response, and remediation.”

The Forrester Wave report evaluates email security solutions based on criteria that include email filtering capabilities, threat intelligence, data leak prevention control enforcement, endpoint detection and response (EDR) and XDR integrations, performance, and product strategy. In the latest evaluation for Q2 2023, Defender for Office 365 has demonstrated its excellence in these areas, offering a range of industry-leading capabilities that set it apart from its competitors. Defender for Office 365 received the highest possible score in the incident response, threat intelligence, EDR and XDR solutions integration criteria, as well as in the product vision and roadmap.

Microsoft capabilities

With our unparalleled database of 65 trillion security signals gathered across Microsoft Security products (including Microsoft Defender for Endpoint, Microsoft Defender for Cloud Apps, Microsoft Sentinel, and Microsoft Azure Active Directory), combined with state-of-the-art AI and machine learning research, Defender for Office 365 is capable of detecting and mitigating advanced threats from phishing, malware, and zero-day exploits with an industry-leading level of accuracy. This real-time threat intelligence and proactive monitoring enable organizations to stay at the forefront of rapidly changing threats.

Defender for Office 365 empowers security operations (SecOps) teams to investigate and remediate incidents swiftly. With automated and manual incident response capabilities, SecOps teams can respond to email attacks and risks across all email channels. Whether it’s investigating potentially malicious clicks, suspected user compromise, or suspicious messages, Defender for Office 365 provides tools and processes to identify, analyze, and respond to incidents efficiently. Automated investigation and remediation features expedite the analysis and response for events like this, enabling SecOps teams to take swift action and minimize the impact of attacks. 

Defender for Office 365 seamlessly integrates with other Microsoft products and security solutions, minimizing machine resource overhead cost, while maximizing the comprehensiveness of protection coverage. This integration also enables a centralized single point for management, providing unparalleled visibility, streamlining security operations, and enhancing overall threat response capabilities. With this holistic approach, organizations benefit from reduced complexity without sacrificing security performance.

Forrester Wave Enterprise Email Security report

See why Forrester recognizes Microsoft Defender for Office 365 for its email security capabilities.

Read the report

Users form an important proactive defensive layer within any organization, especially against phishing-based attacks. Based on this understanding, Defender for Office 365 emphasizes the significance of user readiness. With tools that provide relevant training and customized simulations based on the unique situation of each organization, users can be equipped with the knowledge and skills to spot threats effectively. Defender for Office 365 enables employees to play an active role in keeping their organizations secure. This approach to user readiness adds a layer of defense against email-based threats. 

As cyberthreats continue to evolve, Defender for Office 365 remains committed to staying one step ahead. We are proud of the strides we’ve made in the enterprise and email security space, and even more grateful to see our efforts recognized by an institution like Forrester. However, we can’t rest on our laurels, and maintaining this leadership means remaining dynamic, adaptable, and focused on innovation. Our team continues to focus on research and development to understand emerging threats and develop cutting-edge defenses against them.

Furthermore, customer feedback has been and will continue to be an instrumental part of determining our product direction and development. Keeping our customers satisfied, feeling valued, heard, and confident about their security will always be our highest priority.

For more information on this recognition, check out the full Forrester Wave: Enterprise Email Security, Q2 2023 Report.

Learn more

Learn more about Microsoft Defender for Office 365.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹The Forrester Wave™: Enterprise Email Security, Q2 2023, Jess Burn. June 12, 2023.

The post Forrester names Microsoft a Leader in the 2023 Enterprise Email Security Wave appeared first on Microsoft Security Blog.

To help our customers navigate this complex data landscape, we are focused on delivering secure, intelligent, and user-centric solutions that provide visibility, reduce complexity, and mitigate risk. Over the past few years, we significantly increased our investment in building our Microsoft Purview data security capabilities across our information protection, data loss prevention (DLP), and insider risk management solutions, as well as our privacy solution: Microsoft Priva. A few recent capabilities are advanced ready-to-use machine learning-enabled classifiers, Adaptive Protection, a DLP migration assistant tool (on-premises DLP to cloud-native DLP), and right to be forgotten for Microsoft Priva Subject Rights Requests.

I am delighted to announce that Forrester listed Microsoft as a Leader in its  2023 Wave™ for Data Security Platforms. The Forrester Wave™ report evaluates the data security platform market and provides a detailed overview of the current offering, strategy, and market presence of these vendors. Microsoft received the highest possible score in the current offering category for data classification, data threat and risk visibility, data masking or redaction, encryption, rights management, privacy use cases, and integrations for Zero Trust criteria; and in the strategy category for the product vision, execution roadmap, and community engagement criteria.  

We believe our investments in advanced classification technology, data threats and risk visibility, rights management, and privacy resulted in this recognition.

The Forrester report also acknowledges: “Microsoft shines with its ecosystem approach—if you go all in,” wrote Heidi Shey, Forrester Principal Analyst, in the report. “Microsoft Purview brings together capabilities to 1. understand and govern data; 2. safeguard data; and 3. improve risk and compliance posture. But Microsoft’s security capabilities go beyond Microsoft Purview. By design, the entire Microsoft ecosystem working together multiplies its value via telemetry from across the environment.” She added, “The power of Microsoft’s telemetry is evident in its capabilities for identifying data threats and risk visibility. These offer strong controls for data masking, encryption, and rights management.”

Our work isn’t stopping there, however. We continue to work closely with our customers to gather feedback to help us build better products. Your input provides critical insights as we strive to create solutions to help you on your data security journey.

Learn more

Read this complimentary copy of The Forrester Wave™: Data Security Platforms, Q1 2023 for the analysis behind Microsoft’s position as a Leader.

Read more about Microsoft’s recognition as a leader in cloud security, email security, security analytics, and more:

• Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report.
• Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report
• Microsoft achieves a Leader placement in Forrester Wave for XDR, Q4 2021.
• Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021.
• Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave.
• Microsoft is a Leader in the 2021 Forrester Endpoint Security Software as a Service Wave.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Cost of a Data Breach Report 2022, IBM. 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The post Microsoft recognized as a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023 appeared first on Microsoft Security Blog.

With threats like ransomware increasing in volume and complexity, it’s never been more important for chief information security officers (CISOs) to invest in solutions that will keep their companies safe and running. As the threat landscape continues to proliferate, cloud-native security information and event management (SIEM) solutions like Microsoft Sentinel have become a central part of a SecOps solution and have evolved to meet the new needs of customers to move faster.

We believe this placement validates our continued investment in Microsoft Sentinel, security research, and threat intelligence. We take it as a vote of confidence in our ability to keep our customers safe and working fearlessly. Microsoft Security is named a leader on seven different Forrester Wave™ reports and continues to invest in innovative solutions that work together to keep our customers’ businesses safer.

Microsoft was evaluated on several capabilities that empower customers to move faster to identify, investigate, and remediate threats. Some particularly important features include:

• Providing flexibility to customers to create their own rules using Kusto Query Language (KQL) or by bringing their own machine learning. This allows security operations center (SOC) teams to build automations that work for their organization and reduces the amount of time spent on repetitive tasks.
• Comprehensive threat intelligence that empowers customers to keep up with the evolving threat landscape.
• Scaled search and storage of large volumes of data allow customers to protect their digital ecosystems at scale and monitor all their clouds, platforms, and endpoints in one place.  

The Microsoft Sentinel strategy

Microsoft Sentinel is a next-generation SIEM solution that collects security data across multicloud, multi-platform data sources. The comprehensive SOC platform provides user entity and behavior analytics (UEBA), threat intelligence, and security orchestration, automation, and response (SOAR) capabilities, along with deep integrations into Microsoft Defender threat protection products’ comprehensive coverage across SIEM and extended detection and response (XDR). Sentinel empowers companies to leverage cloud-scale, innovative AI and automation to move at machine speed and stay ahead of evolving threats.  

What makes the Microsoft suite of security solutions unique is the native integrations of SIEM with XDR to provide quick setup, more comprehensive coverage and context, and faster response time. Customers who leverage Microsoft Defender XDR products may be eligible for discounts on Microsoft Sentinel data ingestion.  

Over the past year, Microsoft has invested in many new capabilities, including content for Internet of Things (IoT) devices, business application coverage including SAP, enhanced SOAR capabilities, and improved workflow management. These capabilities help our customers to protect more of their digital ecosystem, automate responses to more types of threats, and build an efficient and collaborative SOC.

What’s next in Microsoft Security

Microsoft is dedicated to continued leadership in security. Continued investments will provide customers with the intelligence, automation, and scalability they need to protect their businesses and work efficiently. Upcoming enhancements include the integration of more threat intelligence, new ways to hunt across large sets of data, and more context and prioritization guidance in alerts. New AI solutions will allow SecOps teams to more easily identify the most urgent issues and give guidance on how similar customers have reacted to similar incidents. The Microsoft vision is to provide a central platform for SOCs to understand the health of their entire business and quickly act on issues.

Learn more

Read the The Forrester Wave™: Security Analytics Platforms, Q4 2022 report.

Microsoft Security is committed to empowering SecOps teams with security tools and platforms that enable the critical protection your users rely on. To experience Microsoft Sentinel at your organization, get started with a free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Forrester names Microsoft a Leader in Q4 2022 Security Analytics Platforms Wave report appeared first on Microsoft Security Blog.

“Microsoft has made itself a powerhouse in security innovation and EDR… Microsoft has a vision to protect all endpoints through a combination of prevention, detection, and auto-remediation,” writes analyst Allie Mellen in the report. “Its roadmap includes continued progress on Linux and Mac feature capabilities, IT and security collaboration, and XDR capabilities.”

This is the ninth Forrester™ Wave report that Microsoft Security is a Leader. Microsoft is also recognized as a Leader in the Forrester New Wave™: for Extended Detection and Response, Q4 2021 and the Forrester Wave™: Security Analytics Platform Providers, Q4 2020. Microsoft attributes this success to our focus on empowering defenders through world-class threat intelligence and best-of-breed capabilities that break down boundaries between previously disparate security tools to deliver integrated security information and event management (SIEM) and extended detection and response (XDR).

Endpoints are frequent targets of new, sophisticated malware and ransomware attacks. Today’s organizations need a new approach for prevention and protection and Microsoft gives security operations teams full visibility of not just endpoint information but also signals from identity, cloud applications, and email in Microsoft Defender 365 to help security teams more rapidly detect and evict threats.

Microsoft has been investing heavily in multi-platform support for Microsoft Defender for Endpoint over the past three years and now offers comprehensive protection for the platforms you need including macOS, Linux, Android, and iOS while continuing to deliver differentiated protection for Windows.

The Forrester Wave™ report mentions several features of the Microsoft EDR offering in its report profile:

• Auto-generated, human-readable detection names and a replay of the attack story to assist with the investigation, helping companies see exactly what happened in an attack and in what order.
• Telemetry aligned to MITRE ATT&CK, with a native sandbox feature, response recommendations, remote shell capabilities, and custom scripting.
• Ability to search telemetry by type or search raw telemetry for 30 days by default, as well as schedule queries.

Microsoft is dedicated to protecting companies from real cyberattacks and has committed USD20 billion over the next five years to deliver more advanced security tools, according to the Forrester report. That’s an increase from the USD1 billion per year spent on cybersecurity since 2015. Microsoft’s endpoint security vision includes an end-to-end endpoint protection suite, reduced response time, coverage for all platforms, and a single, integrated solution across all assets. Reference customers interviewed by Forrester said Microsoft’s USD20 billion investment was a key reason why they chose to work with Microsoft.

Microsoft recognized as a Leader in XDR in Q4 2021

Microsoft’s strategy for XDR is to create the most comprehensive solution—collecting signals from multi-platform sources, including Windows, Linux, iOS, Android, and macOS, and multicloud deployments like Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) coupled with built-in AI, automation, and prevention capabilities.

In Q4 of 2021, Microsoft was named a Leader in the Forrester New Wave™: for Extended Detection and Response (XDR) Providers, Q4 2021.

“Customer references cite the united technology stack as Microsoft’s biggest strength,” writes Forrester in the Q4 report. “They especially highlight Microsoft’s detection engineering quality as adding consistent, cutting-edge value.”

The report cited Microsoft for:

• Offering robust, native endpoint, identity, cloud, and Office 365 correlation with singular and cross-telemetry detection, investigation, and response for its native offerings in one platform.
• Providing the best fit for companies moving to or already on an E5 license, stating “Clients get the most value by adopting the entire suite.”

Try Microsoft Defender for Endpoint

The success of customers is our highest priority, which is why we put such a strong emphasis on product excellence with our collaboration with more than 100 Microsoft Intelligent Security Association (MISA) partners and more than 8,500 security professionals that helps lead to real, cloud-delivered protection for our customers.

We’re honored by this latest Forrester recognition and believe it’s a testament to our research and product teams’ ongoing commitment to providing our customers with an effective and comprehensive security solution. It’s a proud milestone in our endpoint security journey with Microsoft Defender for Endpoint to build an industry-leading endpoint and XDR solution that customers love, and it demonstrates Microsoft’s commitment to delivering best-of-breed, multi-platform, and multicloud security for organizations across the globe.

Download the full report and read the analysis behind Microsoft’s positioning as a Leader.

Learn more information on our endpoint security platform, Microsoft Defender for Endpoint, and sign up to try it out for yourself.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Forrester names Microsoft a Leader in 2022 Enterprise Detection and Response Wave™ report appeared first on Microsoft Security Blog.

Because an effective Zero Trust approach needs to operate holistically across your complex digital estate, Microsoft Security solutions function as a unified whole to protect your people, data, and business. We’re uniquely positioned to simplify and strengthen security across your entire enterprise—even integrating easily with your existing third-party products. In this blog, we’ll look at four guidelines for implementing a comprehensive Zero Trust strategy that can help your organization continue to move forward confidently in these uncertain times.

Figure 1. Microsoft Zero Trust architecture.

1. Build Zero Trust with comprehensive coverage

Despite what the name implies, a Zero Trust approach empowers organizations to grant employees greater freedom across all data, apps, and infrastructure. In a recent Microsoft-commissioned study conducted by Forrester Consulting, The Total Economic Impact™ (TEI) of Zero Trust Solutions From Microsoft, the principal architect at a logistics firm described how Microsoft’s comprehensive Zero Trust implementation allowed them to create a bring your own device (BYOD) program for the company’s seasonal frontline workers, leading to efficiency gains. “Before, our seasonal workers would have to be paired with our full-time employees when [performing field visits]. But now, they can go out on their own.”

The interviewees said that “by implementing Zero Trust architecture, their organizations improved employee experience (EX) and increased productivity.” They also noted, “increased device performance and stability by managing all of their endpoints with Microsoft Endpoint Manager.” This had a bonus effect of reducing the number of agents installed on a user’s device, thereby increasing device stability and performance. “For some organizations, this can reduce boot times from 30 minutes to less than a minute,” the study states. Moreover, shifting to Zero Trust moved the burden of security away from users. Implementing single sign-on (SSO), multifactor authentication (MFA), leveraging passwordless authentication, and eliminating VPN clients all further reduced friction and improved user productivity.

Figure 2. Microsoft Zero Trust solutions and capabilities.

2. Strengthen Zero Trust with AI and integration

The Forrester study also found that “existing solutions failed to provide the high-fidelity signals, comprehensive visibility, and end-to-end self-healing capabilities needed to defend against today’s sophisticated attackers and volume of cyberthreats.” For the interviewed organizations, “prior solutions could not provide telemetry of a threat’s effect on data, a user’s exact activity on the network, or a timeline for effective remediation.” And because the organizations relied on security solutions from multiple vendors, “consolidating telemetry information for triage and analytical work was difficult and time-consuming.”

Microsoft Sentinel solves the problem of vulnerable security silos by providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. As a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution, Microsoft Sentinel uses AI to eliminate security infrastructure setup and maintenance by automatically scaling to meet user needs. Because Microsoft Sentinel is available out of the box with service-to-service connectors, it’s easy to gain real-time integration with Microsoft 365 Defender, Microsoft Azure Active Directory (Azure AD), Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps.

Any truly comprehensive Zero Trust implementation requires functionality across multiple platforms. Microsoft Sentinel also contains 30 new out-of-the-box data connectors for Cisco, Salesforce Service Cloud, Google Workspace, VMware ESXi, Thycotic, and many more. These data connectors include a parser that transforms the ingested data into Microsoft Sentinel normalized format, enabling better correlation for end-to-end outcomes across security monitoring, hunting, incident investigation, and response scenarios. Microsoft Sentinel automates routine tasks—with a 90 percent reduction in alert fatigue—so, your security team can focus on the most critical threats.

For example, by adhering to the values of Zero Trust, the Microsoft security operations center (SOC) assumes that any device or user can be breached. That means we end up scrutinizing roughly 600 billion security events each month. But because we utilize Microsoft Sentinel and our other security tools that leverage machine learning, threat intelligence, and data science, we’re able to filter 600 billion monthly events down to around 10,000 alerts. We also use Microsoft Defender for Endpoint Automated Investigation and Response (AIR) capabilities to find and fix low-level malware instances and other nuisance alerts. Microsoft Defender for Endpoint AIR capabilities can also clean up a device, delete the service, erase the file, and tell us when the problem has been remediated. This reduces noise for our SOC and helps shrink those 10,000 monthly alerts down to a manageable 3,500 cases for investigation. Whittling those numbers down is what helps us—and you—zero in on real threats.

3. Simplify for easier compliance and identity and access management (IAM)

The five organizations in the Forrester study struggled to comply with regulatory requirements because “the complexity of their IT environments made it difficult to audit their environments or effectively implement governance policies.” Sound familiar? Fortunately, Zero Trust requirements can sometimes exceed some compliance requirements; meaning, organizations sometimes find that they’re better off than they had been previously.

As a feature in the Microsoft 365 compliance center, Microsoft Compliance Manager solves this common problem with intuitive management and continuous assessments—from taking inventory of data risks to implementing controls, staying current with regulations and certifications, and reporting to auditors. Compliance Manager’s machine learning and analytics even help sort through relevant data to respond to your legal, regulatory, and internal obligations based on requirements from the International Organization of Standardization (ISO), National Institute of Standards and Technology NIST), Cybersecurity and Infrastructure Security Agency (CISA), and General Data Protection Regulation (GDPR). It automatically measures your progress toward completing necessary actions—providing a compliance score around data protection and regulatory standards—along with workflow capabilities and built-in control mapping to help carry out improvements.

To make compliance even easier, the new Microsoft Sentinel: Zero Trust (TIC 3.0) Workbook features a redesigned user interface, new control card layouts, dozens of new visualizations, and better-together integrations with Microsoft Defender for Cloud to monitor compliance posture deviations across each TIC 3.0 control family. The new workbook also provides a mechanism for viewing log queries, Azure Resource Graph, metrics, and policies aligned to TIC 3.0 controls—enabling governance and compliance teams to design, build, monitor, and respond to Zero Trust requirements across 25 plus Microsoft products.

Microsoft also offers more than 300 pre-built risk assessment templates to help you comply with evolving regulations, as well as integrated workflows to help ensure the right people across security, HR, legal, and compliance can investigate as soon as a risk is identified. The director at a manufacturing firm explained that “Microsoft Secure Score reduced the time it took us to be compliant with the California Consumer Privacy Act (CCPA) and GDPR. And Azure AD and Microsoft 365 E5 really enhance our security capabilities.” Secure Score simplifies your security posture by providing centralized visibility across all your Microsoft 365 workloads. This helps identify potential improvements, as well as benchmark your organization’s status over time. Embedded guidance enables you to evaluate each recommendation and determine which vectors of attack are a priority, and how they can be mitigated.

Organizations in the Forrester study also stated that “Legacy infrastructures made it difficult for IAM teams to meet organizational security requirements and the needs of their users.” Azure Active Directory integration enabled these businesses to streamline sign-in and easily deploy applications companywide, as well as enable SSO and automate user provisioning. These efficiency gains allowed their IAM teams to focus on improving security by implementing additional Zero Trust policies. By adopting Azure AD, the IAM teams also reduced time spent managing IAM infrastructure, provisioning and de-provisioning users, managing vendors, and dealing with application downtime and remediation.

4. Look for best-in-breed protection 

When looking for a Zero Trust solution you can rely on, there’s a confidence that comes from knowing your security provider has seen more than 40 percent year-over-year growth and more than USD10 billion in revenue. As Thomas Mueller-Lynch, Service Owner Lead for Digital Identity at Siemens put it, “There aren’t too many vendors on the planet that can create a solution capable of providing consolidated insights into large, complex environments like ours. That’s why we chose Microsoft.”

Microsoft Security is a leader in five Gartner Magic Quadrants and eight Forrester Wave™ categories and ranked the highest in the MITRE Engenuity® ATT&CK Evaluation. Microsoft was also named a Leader in IDC MarketScape for Modern Endpoint Security. By unifying security, compliance, and identity, we can help you improve productivity and protect your entire environment—from Windows and macOS to Linux, iOS, Android, and Amazon Web Services (AWS). For built-in intelligence, easy integration, and simplified management that addresses all three Zero Trust pillars, Microsoft Security provides the comprehensive solution you need to move forward—fearless. 

Learn more

• Be fearless—evaluate your security posture today.
• Explore our Zero Trust approach to comprehensive security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post 4 best practices to implement a comprehensive Zero Trust security approach appeared first on Microsoft Security Blog.