The key to fighting ransomware at scale is Microsoft’s unwavering commitment to simplifying, automating, and augmenting security analyst workstreams to meet the demands of today’s and tomorrow’s cyberthreat environment. We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner^® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time. We believe this announcement reflects Microsoft’s continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center (SOC) teams.

Microsoft Defender for Endpoint is an endpoint security platform that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across Windows, Linux, macOS, Android, iOS, and Internet of Things (IoT) devices. It is core to Microsoft Defender XDR and built on global threat intelligence—informed by more than 78 trillion daily signals and more than 10,000 security experts—empowering security teams to fend off sophisticated threats.²

Our customers and partners have been an invaluable part of this multiyear journey, and we are grateful for both their business and their partnership. Read the complimentary report providing more details on our positioning as a Leader.

Microsoft Defender for Endpoint is built from the ground up with operational resilience in mind. It starts with our agent architecture that follows best practices for Windows by limiting its reliance on kernel mode while protecting customers in real-time. It does not load content updates from files in the kernel mode driver. As an added safeguard, we deliver updates to customers applying Microsoft’s long-established safe deployment practices (SDP) model. Customers have full control over how these updates are delivered and how controls are applied to their device estate. This model of shared control helps provide security and resiliency. 

Over the last 12 months, Microsoft has delivered significant innovations that have helped defenders gain the upper hand against cyberthreats including: improved attack disruption, Microsoft Copilot for Security, a new Linux agent, simplified settings management, the unified security operations platform and Microsoft Defender Experts for XDR.

Automatic attack disruption, unique to Microsoft, is a self-defense capability that stops in-progress cyberattacks by analyzing the attacker’s intent, identifying compromised assets, and isolating or disabling assets like users or devices at machine speed. For example, in July 2024 we discovered the CVE-2024-37085 vulnerability. Numerous ransomware operators exploited it to encrypt the entire file system and move laterally in the network. Attack disruption fends off such sophisticated ransomware attempts by blocking lateral movement and remote encryption in a decentralized way across all your device estate—in just three minutes on average.³ This is a capability that Microsoft continues to invest in to disrupt more scenarios even earlier in the cyberattack chain.  

Microsoft Copilot for Security is the industry’s first generative AI that empowers security teams to protect at the speed and scale of AI, generally available as of April 2024. Embedded within the Defender XDR experience, it assists analysts by providing enriched context for faster and smarter decisions. It accelerates investigation, containment, and remediation with prescriptive step-by-step guidance. Analysts can now easily understand attacker actions with intuitive script analysis and launch complex Kusto Query Language (KQL) queries using plain language. The results from a randomized controlled trial based on 147 security professionals showed significant efficiency gains including speed and quality improvements when using Copilot for Security. Security professionals were up to 22% faster across all tasks, and more than 93% of users wanted to use Copilot again.

A new Linux agent has been built from scratch, using eBPF sensor technology to deliver the performance and stability needed for mission-critical server workloads while providing visibility into cyberthreats. We continue prioritizing innovations across every type of endpoint from Windows, Linux, macOS, iOS, Android, and IoT to provide the holistic endpoint security that organizations need.

Simplified setup and change management help analysts configure devices correctly to minimize threat exposure. With the general availability of simplified settings management, SOC analysts can manage security policies without leaving the Defender XDR portal.

Unified security operations platform brings the foundational tools a SOC needs into a single experience, with a consistent data model, unified capabilities, and broad protection. This unification helps SOCs close critical security gaps and streamline their operations, delivering better overall protection, reducing their response time, and improving overall efficiency. Defender for Endpoint is core to this platform, which combines “the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security.” By working seamlessly across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Security, security analysts need only a single set of automation rules and playbooks. Plus, they can use plain language to execute complex tasks in an instant with Copilot for Security embedded in the platform.

Microsoft Defender Experts for XDR gives your security team coverage with around-the-clock access to Microsoft expertise. Recognizing that sophisticated cyberthreats go beyond the endpoint, Microsoft offers Microsoft Defender Experts for XDR. This managed service is available 24 hours a day, 7 days a week, helping organizations extend their SOC team to fully triage events and respond to incidents across domains.

Thank you to all our customers. You inspire us as together we work to create a safer world.

Learn more

If you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform. 

Are you a regular user of Microsoft Defender for Endpoint? Review your experience on Gartner Peer Insights™ and get a $25 gift card.    

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2024 Microsoft Digital Defense Report. Publishing October 15, 2024.

²Microsoft Digital Defense Report, Microsoft. 2023.

³Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

Are you a regular user of Microsoft Sentinel? Review your experience on Gartner Peer Insights™ and get a $25 gift card. 

Microsoft Sentinel is enriched by AI, automation, and Microsoft’s deep understanding of the threat landscape, empowering defenders to hunt and resolve critical threats at machine speed. Our comprehensive solution works seamlessly across multiple clouds, platforms, and security stacks offering many out-of-the-box connectors and customizable content to effectively protect the entire digital estate at scale. Leveraging our capabilities, customers have seen up to 234% return on investment (ROI) over a three-year period and have reduced costs as much as 44% by discontinuing legacy SIEM solutions.² 

Microsoft is on a mission to modernize security operations, enabling analysts to act swiftly and more efficiently with a robust, cost-optimized, and intuitive solution.

Microsoft Sentinel

Build next-generation security operations powered by the cloud and AI.

Try for free

Transforming Security Operations 

Tens of thousands of customers trust Microsoft Sentinel to accelerate protection of their organizations with a simplified, scalable, and comprehensive approach. Over the last year, our engineering team has been hard at work delivering new innovations in several key areas, including:    

• A comprehensive and unified security operations platform: The platform blends the best of SIEM, XDR, AI, Threat Intelligence, and extended posture management into a single experience offering end-to-end protection by consolidating various security operations tools into a single, coherent experience, powered by generative AI. In the unified security operations platform, features are unified across Microsoft Sentinel and Microsoft Defender XDR, with embedded Copilot for Security, to deliver more comprehensive protection, speeding up time to respond and reducing the workload on analysts. 

• Robust out-of-the-box content: To effectively protect all clouds and platforms, Microsoft Sentinel offers pre-built content and solution packages that can be customized enabling detection, response, and defensive capabilities in the SOC. Over the last few months, we have enhanced our multicloud data collection (AWS and GCP), updated codeless connectors, expanded data coverage to more third-party sources, and extended protection to various critical business applications (SAP, Microsoft Dynamics 365, and Power Platform) among many more innovations. 

• Splunk SIEM migration tool: We announced the general availability of the new SIEM Migration tool to simplify and accelerate SIEM migrations to Microsoft with automated assistance. Today, the experience supports conversion of Splunk detections to Microsoft Sentinel analytics rules with more capabilities coming in the months ahead. 

• SOC efficiency: SOC optimization capability enables security teams to customize and manage their SIEM more efficiently for specific business and security requirements. With dynamic, research backed recommendations to optimize data usage, costs, and coverage against relevant threats, analysts can confidently identify opportunities to reduce costs, improve security posture, and see value more quickly. 

• Copilot for Security: Copilot empowers security teams to make informed decisions in the SOC to protect at the speed and scale of AI. It offers skills to translate natural language to Kusto Query Language (KQL), accelerate incident investigation and response by automating manual tasks with customizable promptbooks, summarizes incidents with full context, helps prevent breaches with dynamic insights from Microsoft Threat Intelligence, and more. 

• Enhanced incident experience: The new incidents page experience provides more context for SOC analysts to efficiently triage, investigate, and respond quickly to incidents. Many new investigation, response, and incident management features offer the analysts the information and tools necessary to understand the incident and full scope of the breach while making navigation easy and context switching less frequent. New features include top insights, a new activity log for incident audits, a Log Analytics query window to investigate logs and more. 

Download the complimentary report to get more details on our positioning as a Leader. Our customers and partners have been an invaluable part of this multiyear journey. We owe our immense gratitude to you. 

Microsoft is here to help customers who may be re-evaluating their SIEM due to vendor acquisition and are looking to move to a market leader with an ongoing commitment to innovation.

Looking forward 

In 2024 we’ll continue to listen to customer needs and further enhance Microsoft Sentinel’s advanced threat-protection capabilities to empower defenders and drive efficiencies for SOC teams.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity

¹Gartner® Magic Quadrant™ for Security Information and Event Management, Andrew Davies, Mitchell Schneider, Rustam Malik, Eric Ahlm, May 8 2024.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. 

²The Total Economic Impact™ of Microsoft Sentinel, a commissioned study conducted by Forrester Consulting on behalf of Microsoft. Results are for a composite organization based on interviewed customers. 

The post Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​ appeared first on Microsoft Security Blog.

Microsoft Entra is a unified identity and network access solution that protects any identity and secures access to any application or resource, in any cloud or on-premises. We’re grateful to all of you—our customers and partners, for your generous feedback that guides our product vision, roadmap, and innovation, and for the collaborative engineering approach that has enabled us to co-create modern identity and access solutions.  

Today, we are honored to announce that for the seventh year in a row, Microsoft has been named a Leader in the 2023 Gartner® Magic Quadrant ^TM for Access Management. We believe Microsoft’s placement in the Leaders quadrant validates our commitment to empowering our customers with a comprehensive solution powered by AI and automation.

Making it easier to secure access

Microsoft Entra’s mission is to help you stay ahead of the evolving digital threat landscape by making it easier to secure access to everything, for everyone, from anywhere. This year, we released several key innovations in pursuit of this goal. Here are a few recent highlights: 

First, we introduced Microsoft Entra ID Governance, our complete identity governance solution that helps ensure the right people have the right access to the right resources at the right time. This cloud-delivered product includes capabilities that were already available in Microsoft Entra ID, plus more advanced tools that automate identity and access lifecycle management, and simplify access governance for on-premises, software as a service, and cloud apps and resources.

Second, we made significant progress towards offering additional phishing-resistant authentication methods in alignment with Executive Order 14028: Users will be able to sign in using passkeys managed from the Microsoft Authenticator app, which is also Federal Information Processing Standards (FIPS) 140-compliant for both iOS and Android. We have also added more customization for our cloud-based certificate-based authentication (CBA) solution. 

Third, Microsoft Entra ID introduced a series of marquee features, including Microsoft Entra ID Protection that help you proactively block identity takeover in real-time. These innovations include a brand-new dashboard with improved security posture insights and recommendations, new risk detections that can prevent attacks in their early phases, and an integration with Microsoft Defender XDR to correlate incidents. Strict location enforcement capabilities have also been added to continuous access evaluation (CAE), which enables Microsoft Entra ID to use those signals to revoke access and remediate potential compromise if a change in location was detected in in near real-time. As part of an ongoing commitment to token protection, Microsoft Entra ID also released sign-in session token protection to help defend against token theft attacks. 

Fourth, we released the preview of new, unified capabilities in Microsoft Entra External ID, our next-generation customer identity and access management platform that unifies secure and engaging experiences for all external identities, including customers, partners, citizens, and others within a single integrated platform. These new capabilities deliver a more developer-centric platform with the latest security and governance capabilities of Microsoft Entra ID and deep integrations across Microsoft Security. 

Fifth, we launched our new identity-centric Security Service Edge solution with the release of two products, Microsoft Entra Internet Access and Microsoft Entra Private Access. This solution unifies identity and network access controls under a single policy engine, extending universal Conditional Access controls to any user and any resource across identity, endpoint and network. By bringing these two solutions into the Microsoft Entra portfolio, we’re expanding our reach beyond identity and access management to a comprehensive solution that can help secure access holistically.

We can’t wait to bring more innovations to the Microsoft Entra portfolio in this new year and continue making progress against our goal to simplify securing access to everything, for everyone.

Discover the Microsoft Entra product family

The Microsoft Entra product family includes:

• Microsoft Entra ID, part of Microsoft Entra, our flagship cloud identity product.
• Microsoft Entra Permissions Management, our cloud infrastructure entitlement management product.
• Microsoft Entra External ID, our customer identity and access management product.
• Microsoft Entra Verified ID, our decentralized identity product.
• Microsoft Entra Identity Governance, our complete identity governance product.
• Microsoft Entra Workload ID, our product that brings advanced security and governance to non-human identities.
• Microsoft Entra Internet Access, our identity-centric secure web gateway (SWG) product.
• Microsoft Entra Private Access, our identity-centric Zero Trust Network Access (ZTNA) product.

Are you a regular user of Microsoft Entra? Review your experience on Gartner Peer Insights™ and get a $25 gift card.

Microsoft Entra

Unified multicloud identity and network access help you protect and verify identities, manage permissions, and enforce intelligent access policies, all in one place.

Try for free

Learn more

You can learn more by reading the full 2023 Gartner^® Magic Quadrant^TM for Access Management report. To learn more about the Microsoft Entra portfolio and its products, visit our website.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2023.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner, Magic Quadrant for Access Management, by Henrique Teixeira, Abhyuday Data, Nathan Harris, Robertson Pimentel. 16 November 2023.

The post Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​ appeared first on Microsoft Security Blog.

1.  Strong cloud adoption rates will continue

Macroeconomists may be pessimistic about gross domestic product growth in Europe and the United States in 2023, but even in weak macroeconomic scenarios, cloud growth rates remain stellar.¹ Gartner® predicts almost 30 percent growth for infrastructure as a service and almost 25 percent growth for platform as a service in 2023, as compared to 2022 in the worldwide public cloud user spending category. A September 2022 survey of chief technology officers (CTOs) by Evercore-ISI asked the top things they would do in response to reduced budgets or inflationary pressure.² The top answer (from 44 percent of CTOs): increase their use of the cloud. Gartner® predicts that by 2025 more than 90 percent of clients will use cloud-based unified endpoint management (UEM) tools, up from 50 percent in 2022. So, if you have not migrated your UEM to the cloud yet, 2023 is the year to start.

2. Security will remain the top issue for CTOs into 2023

When asked in September about their highest priority project (in terms of incremental spending), 42 percent of CTOs said cloud security. Network security was the second most common response, with analytics third.² Credit Suisse recently polled CTOs on how different categories in their IT budget would grow.³ In 2021 and 2022, security was ranked top, with an 11 percent increase. Asked to predict the growth in security spending in 2026, security again ranked highest, but the expected increase was even more: 14 percent. Underlying factors provide color to the raw growth numbers. The geopolitical storm continues, and new avenues continue to emerge for hackers. I expect to hear even more about deepfake videos and ransomware as a service in 2023. So, how do chief information security officers (CISOs) strengthen their organization’s defenses in 2023? We would propose two initiatives: first, ensure security software is suitably integrated with a unified console to enable fewer points of vulnerability and more automation. By extension, this might mean consolidating vendors. Second, tackle the human aspect: invest in upskilling staff on how best to be aware of potential attacks.⁴

3. Worker mobility will increase further

The past few years have changed the model for knowledge workers. 2023 will see several shifts that will add to the hybrid work from anywhere (and hence, protect everywhere) trend. Next year will see mass adoption of 5G capable devices: Juniper Research estimates that there will be 600 million more 5G connections added in 2023 alone.⁵ Technological trends will be compounded by demographic trends, such as “productivity paranoia,” where workers want to show they are being productive, no matter where they are. What does this mean for CISOs? New working styles, new networks, and new devices mean new attack vectors. In 2023, be ready to protect your workers who are working from anywhere, not just from home.

4. CTOs will need to pay more attention to local factors

There is always a balance between global and local initiatives, but in 2023, we expect that it will be increasingly difficult to just adopt a one-size-fits-all global shortcut. We are seeing an increasing number of national regulations related to data sovereignty, with implications for where that data is stored and secured.⁶ 2023 will see further digital transformation of public sector agencies. These agencies often have more country-specific security or compliance rules compared to their private sector counterparts. As such, CISOs need to ensure their endpoint management solutions (and, indeed, their entire technology architecture) can adapt to handle extra local requirements.

5. Truly transformative technology will rise to the top

My final prediction is that 2023 will see further clarity on the difference between genuinely transformative technology and tech that has been overhyped. One technology that I expect to compare favorably for enterprises in 2023 will be more advanced forms of automation, such as AI. AI start-ups have seen more than USD100 billion in venture capital investment since 2020, in everything from the development of new drugs to new ways to create art and writing (and, perhaps, eventually, transform how blogs are created!).⁷ Security represents a great opportunity for advanced automation and AI, given the nature of the ongoing problems CISOs must grapple with. As such, while new AI-generated images may garner the headlines, away from the limelight we expect many other enterprise software solutions to benefit from both sophisticated AI and simply greater automation.⁸ For example, in endpoint management, Gartner® sees that by 2027, UEM and digital employee experience tools will converge—to drive autonomous endpoint management, reducing human effort by at least 40 percent. The more that security tasks are automated, the more time is freed up for more strategic work by your key staff.

Learn more

I hope you found these 2023 trends thought-provoking. I would encourage you to continue to think about what the macro situation might mean specifically for your organization and translate that into an action plan for your Microsoft Intune assets in 2023. In the meantime, I wish you all a safe and thoughtful holiday season and wish you continued success in the new year.  

Learn more about how Microsoft Intune can simplify your endpoint management:

• Reduce your overall total cost of ownership with a new Microsoft Intune plan.
• Microsoft publishes new report on holistic insider risk management.
• Microsoft Intune blog.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹World Economic Outlook, October 2022: Countering the Cost-of-Living Crisis, IMF. October 15, 2022.

²Evercore-ISI Quarterly Enterprise Technology Spending Survey, September 15, 2022.

³Credit Suisse CIO Survey, Credit Suisse. October 6, 2022.

⁴What cybersecurity trends are expected in 2023? Muhammad Zulhusni, November 29, 2022.

⁵5G Service Revenue to Reach $315 Billion Globally in 2023, Juniper Research. October 23, 2022.

⁶Microsoft launches its Cloud for Sovereignty, Frederic Lardinois. July 19, 2022.

⁷State of AI Q2’22 Report, CB Insights. August 10, 2022.

⁸How a computer designed this week’s cover, The Economist. June 11, 2022.

The post Microsoft Intune: 5 endpoint management predictions for 2023 appeared first on Microsoft Security Blog.

When organizations respond to subject rights requests, they are both meeting their regulatory requirements and providing people with control over their personal data. Although responding to requests can be quite complex, Microsoft Priva Subject Rights Requests can help ease the process—and with the preview arrival of Right to be Forgotten, Priva Subject Rights Requests can further support how organizations respect the privacy of their customers and employees.

Understanding how people think about privacy

As many businesses around the world adapt their privacy practices, having both the tools that help address privacy requirements and a good understanding of how consumers perceive and feel about privacy are key to enabling trust with customers. Microsoft Priva, the brand category for Microsoft Security, was announced at Microsoft Ignite in 2021 by Vasu Jakkal, Corporate Vice President of Microsoft Security, Compliance, and Identity.² Priva solidified our commitment to supporting organizations in their privacy journey with products that help safeguard personal data and manage subject rights requests at scale. For organizations, having processes that help manage their privacy is critical, but it is also valuable to have a deep understanding of how people really think about privacy to guide their practices. We recently commissioned privacy research that explores the emotional textures of privacy and what triggers privacy vulnerability. We learned that when businesses empathize with the privacy concerns people have and transparently address them, they foster trust and differentiate themselves from competitors.

It’s important for organizations to assess the varying causes that spark privacy vulnerability for both their consumers and their business. For example, a consumer may feel anxious or helpless because they don’t know how their personal data is being used. However, if they are provided with transparency of how their data is being used and given clear options that enable the control of their data, their insecurities could be eased and trust in the process earned. For a business, privacy vulnerability could present itself through limited transparency or basic compliance—leaving room for privacy risk to potentially unfold. For instance, a business that might fulfill a data subject request unconvincingly, or with basic effort, could be managing its privacy at a vulnerable level. If that business were to practice a “beyond-compliance,” human-centered privacy approach, they could yield practices that help them build privacy resilience—helping them stand apart from their competitors while they earn trust from their customers.

Figure 1. The differing perspectives of consumers and businesses regarding privacy vulnerability versus privacy resilience.

The above figure demonstrates a privacy scale ranging from vulnerable to resilient and includes both consumer and business perspectives. On the consumer side, it ranges from feeling anxious, helpless, and lacking knowledge or motivation in protective coverage to secure, being in control, trusting the process, and being skilled in protective coverage. On the business side, it ranges from basic compliance, limited transparency, minimal control, and reactive approaches to beyond compliance, authentic privacy care, reciprocating data for value, and a proactive approach to consumer protection.

Microsoft Priva Subject Rights Requests can help

Many times, even though an organization may be focused on a proactive privacy approach, managing and responding to subject rights requests can be a tedious and cumbersome process. It can be extremely time-consuming and taxing as they are also time-bound, bringing extra complexity to the organization. Responding to these requests often requires a tremendous amount of collaboration and manual review, and producing just a single request can be quite expensive. Nonetheless, completing these requests is not just an obligatory requirement, but also a tangible way that expresses respect for customer and employee privacy.

Priva helps organizations more efficiently manage requests at scale—Priva Subject Rights Requests automates the search and collection of content relevant to the data subject and facilitates tasks such as in-line review, redaction, and collaboration, all from an easy-to-use dashboard. Admins can easily get started by leveraging request templates that help them create requests with recommended default configurations and use Microsoft Power Automate integration, as well as API support to better fit into their existing processes.

Figure 2. Priva Subject Rights Requests overview dashboard showing insights.

Priva Subject Rights Requests help admins meet the strict deadlines associated with regulations like GDPR and ease the administrative burden of tedious tasks related to collection, review, and redaction. Completing a request also often requires teamwork from various departments within the organization. Priva provides secure collaboration through Microsoft Teams and keeps a history tab, highlighting actions taken from all collaborators for easy auditing—streamlining the complexity of requests from beginning to post-completion.

Microsoft Priva Subject Rights Requests highlights:

• Automates discovery: Gathers the requestor’s personal information and detects data conflicts such as sensitive information or data pertaining to other users.
• In-place review and secure collaboration: Review files in place in their native views, perform redactions in-line with built-in tools, and consolidate collaboration within a protected platform.
• Ecosystem integration: Plugs into an organization’s existing process to manage requests in a unified way across the digital estate. Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

The newest Priva Subject Rights Requests update, Right to be Forgotten, is here

Video 1. Microsoft Priva Subject Rights Requests (SRRs) new feature Right to be Forgotten is now in preview. See how we demonstrate going through a delete request using Microsoft Priva.

Both GDPR and CCPA include the Right to be Forgotten, giving people the ability to request the deletion of all the information an organization has collected about them, with a few outlined exceptions that allow data retention. For example, a former employee in an EU-based company believes she left documents containing her personal data in SharePoint. The employee can exercise her right to her personal data and make a subject rights request for deletion with that organization. As Priva Subject Rights Requests continues to evolve, we are excited to share the preview release of Right to be Forgotten, helping organizations meet requests such as the employee’s request for deletion.

This marks a significant update for Priva Subject Rights Requests as with this new feature, admins can now select delete as a request type, or get started with the delete template and get purpose-built flows that help surface conflicts and streamline deletion—leveraging the Microsoft retention and deletion platform and working better together with teams already using data lifecycle management and records management. This feature will also enable admins to have the flexibility to select different approvers for any given request and, once the workflow is complete, access to the reports tab where they can view their summary report and review results.

Figure 4. Delete request in the approval stage, showcasing approver details and the complete approval button.

Learn more

Although completing subject rights requests can be complex, Microsoft Priva Subject Rights Requests can help ease the process. As organizations continue to adapt to the privacy changes that impact their customers and their business, we are reminded that although changes to the privacy landscape are inevitable, there are resources to support these shifts. We invite you to learn more about Priva Subject Rights Requests by downloading our free eBook and encourage you to try Microsoft Priva Subject Rights Requests free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹State of Privacy: The Privacy Tech Driving a New Age of Data Wealth, Gartner®. August 2022.

²Protect your business with Microsoft Security’s comprehensive protection, Vasu Jakkal, Microsoft Security. November 2, 2021.

The post Simplify privacy protection with Microsoft Priva Subject Rights Requests appeared first on Microsoft Security Blog.

We thank our customers who guide our strategy and product innovation, engage with us deeply in co-creating modern and secure identity solutions, and provide invaluable feedback that helps us continually raise the bar. We believe this incredible partnership has propelled us to be recognized as a Leader for the 6th year in a row and inspires us to grow our product portfolio, introducing innovative solutions so that our customers can do more with less.

Secure access for a connected world

As organizations have adopted new technologies to expand their digital environments, managing identities and access has become much more complex and time-consuming. To innovate without fear, organizations must ensure that they effectively protect their expanding digital estate as every new service immediately becomes a new attack surface. That’s why we’re building our identity solution as a pervasive trust fabric that can secure access to everything for everyone, whether that be within on-premises, Azure, Amazon Web Services, Google Cloud Platform, apps, websites, devices, or wherever organizations expand next.

To pave the way for the next generation of identity solutions, earlier this year as we announced Microsoft Entra, our new identity and access product family that can help any organization:

• Protect access to every app and every resource for every user.
• Effectively secure every identity including employees, customers, partners, apps, devices, and workloads across every environment.
• Discover and right-size permissions, manage access lifecycles, and ensure least privilege access for any identity.
• Keep users productive with simple sign-in experiences, intelligent security, and unified administration.

Discover the Microsoft Entra product family

Following our identity innovations announced at Microsoft Ignite 2022, the Microsoft Entra product family includes:

• Microsoft Azure Active Directory, part of Microsoft Entra, our flagship cloud identity product.
• Microsoft Entra Permissions Management, our cloud infrastructure entitlement management product.
• Microsoft Entra Verified ID, our decentralized Identity product.
• Microsoft Entra Identity Governance, our complete identity governance product.
• Microsoft Entra Workload Identities, our product that brings advanced security and governance to non-human identities.

Learn more

You can learn more by reading the full 2022 Gartner^® Magic Quadrant^TM for Access Management report. To learn more about the Microsoft Entra portfolio and its products, visit our website and check out our Ignite session covering our recent Microsoft Entra innovations.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner, Magic Quadrant for Access Management, By Henrique Teixeira, Abhyuday Data, Michael Kelley, James Hoover, Brian Guthrie. 2 November 2022.

The post Microsoft named a Leader in 2022 Gartner® Magic Quadrant™ for Access Management for the 6th year appeared first on Microsoft Security Blog.

As you see in the Magic Quadrant™ in Figure 1, Microsoft is positioned as a Leader in the 2022 Magic Quadrant™ for Unified Endpoint Management Tools. You will also see that Microsoft is highest on the “Ability to Execute” axis. Microsoft was also recognized as a Leader in the 2021 Magic Quadrant™ for Unified Endpoint Management Tools.

Figure 1. Magic Quadrant™ for Unified Endpoint Management Tools.

Why customers choose Microsoft for UEM

Let me summarize three reasons we hear from customers as to why they see Microsoft as a dependable and cost-effective solution for UEM.

1. Microsoft Endpoint Manager is the native Microsoft solution, providing deep integration with Microsoft 365 and Microsoft Azure to improve employee security and the IT administrator experience. Seamlessly integrating management, identity, and security with your employees’ digital experience has two advantages. It improves employee satisfaction as their workplace tools don’t need them to juggle multiple security add-ons. Further, it reduces the amount of platform integration your IT team needs to do, allowing IT to focus on higher-order priorities and save money. Microsoft 365 integration is an ongoing project for us: our advanced endpoint management strategy means we are bringing more solutions into the Microsoft 365 platform, driving down the number of add-ons you need to integrate.
2. Customers like being in control of when they migrate to the cloud. The improvements we have made in tenant attach and hybrid Microsoft Azure Active Directory (Azure AD) mean that customers can have many choices in how to co-manage their devices. This puts the customer firmly in control. The accelerated shift to hybrid work in the past two years has taught us that there is no “one size fits all” for digital transformation. Some organizations are now fully remote and in the cloud; others have leaders that are very keen on a full return to the office. Many are in between. Microsoft Endpoint Manager capabilities accommodate all scenarios, leaving customers in control.
3. Customers are reassured by Microsoft’s ongoing investments in Endpoint Manager. We continue to improve the IT administrator experience and the experience for frontline workers, as well as integrate with Azure Virtual Desktop, Windows 365, and Microsoft Defender for Endpoint. Other recent innovations include new support for managing Linux desktops (currently in preview), macOS enhancements such as support for DMG and other apps, remote help, and Endpoint analytics such as work-from-home readiness and other reports to power a hybrid workforce. We look forward to sharing further advances soon.

Continued momentum for Microsoft Endpoint Manager

Strong rationale from analysts and customers is backed up by metrics. As our Chief Executive Officer (CEO) Satya Nadella revealed on our Q3 2022 earnings call, “the number of Windows, Android, and iOS devices protected by [Microsoft] Intune grew over 60 percent year over year.” More broadly, “the number of customers who trust our security solutions grew nearly 50 percent year over year to 785,000.” We work with our industry-leading more than 15,000 partners to analyze 24 trillion threat signals a day to keep customers like Domino’s Pizza, Fujitsu, Heineken, and Petronas safe.

So, I would encourage you to read the Gartner® report and explore what actions you should take. Specifically, customers looking for a dependable, cost-effective solution in three specific situations may find it particularly relevant:

• If you are spending too much time managing third-party security plug-ins. Simplifying your endpoint management vendors could free up your time for other priorities.
• If your security, identity, or management software vendors are influencing the timing of your migration to the cloud. The ability to migrate at your own pace remains critical.
• If you selected your UEM vendor prior to the shift to hybrid work. The pandemic changed requirements for many customers and initiated deep investments to meet those new needs.

Learn more

You are invited to read the full 2022 Magic Quadrant™ for Unified Endpoint Management Tools report.

We believe any recognition from independent external analysts is an important milestone in building the best product we can; we thank our customers and partners for being on this journey with us.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Gartner, Magic Quadrant for Unified Endpoint Management Tools, Tom Cipolla, Dan Wilson, Chris Silva, Craig Fisler. August 1, 2022.

Gartner and Magic Quadrant are registered trademarks and service marks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Microsoft recognized as a Leader in the 2022 Gartner® Magic Quadrant™ for Unified Endpoint Management Tools appeared first on Microsoft Security Blog.

In that spirit of discovery, we’re looking forward to joining the IAM community at the Gartner Identity & Access Management Summit, August 22 to 24, 2022, in Las Vegas, Nevada. We’ll be sharing some of Microsoft’s recent insights about strengthening lifecycle and permissions management, stopping attacks on identity infrastructure, and moving to a cloud-based identity platform. With the recently announced Microsoft Entra, identity threat detection and response (ITDR), and our security information and event management (SIEM) and extended detection and response (XDR) solutions, we’re committed to providing end-to-end protection for your organization. Be sure to visit Microsoft Booth #304 and connect with our frontline defenders.

Gartner IAM Summit—Microsoft sessions

We’re excited to meet with our customers, colleagues, and peers at the 2022 Gartner Identity & Access Management Summit. Microsoft will present three research-backed sessions led by senior product managers, including a special look at ITDR led by Alex Weinert, Director of Identity Security at Microsoft.

Title: Manage, Secure, and Govern Identities Across Multicloud Infrastructures
Speaker: Balaji Parimi, Partner General Manager
Date/Time: Monday, August 22, 2022 | 11:45 AM to 12:15 PM PT
Synopsis: Going multicloud makes you more agile and resilient. But it also creates more complexity and blind spots for your security and identity teams. It’s time to reimagine how we manage, secure, and govern identities, and enforce least-privileged access consistently across cloud platforms. In this session, we’ll explore how cloud infrastructure entitlement management (CIEM) can strengthen your Zero Trust security in a multicloud world.

Title: Beyond the Firewall: Upgrading from On-Premises to the Microsoft Cloud Identity
Speaker: Brjann Brekkan, Group Program Manager, Identity and Network Access
Date/Time: Monday, August 22, 2022 | 1:15 PM to 1:35 PM PT
Synopsis: Today’s new normal of “work from anywhere” and “on any device” has exposed the challenges of using on-premises authentication technologies and platforms as the control plane for enterprise applications and collaboration. You’re invited to join the Microsoft Identity product group for this interactive session. We’ll discuss the latest trends and platform capabilities to accelerate and simplify the journey of adopting a modern cloud-based identity platform.

Title: Identity Threat Prevention, Detection, and Response—Essential Defenses for a New Generation of Attacks
Speaker: Alex Weinert, Director of Identity Security
Date/Time: Tuesday, August 23, 2022 | 11:15 AM to 11:45 AM PT
Synopsis: Attacks against identity infrastructure are accelerating. Instead of trying to compromise individual accounts, today’s attackers seek to gain unrestricted access to multicloud environments and workloads wherever they’re deployed. For that reason, protecting accounts is not enough—organizations need robust protections for the identity infrastructure itself. In this session, we’ll share how Microsoft envisions the future of ITDR, including what an effective identity and security collaboration should look like to help your organization grow fearlessly.

Bridging the IAM and SOC divide

Even as we approach another IAM summit, many organizations are still shocked to learn the reality of how most identity breaches occur. According to the 2022 Verizon Data Breach Investigations Report, 65 percent of breaches are caused by credential misuse, while only 4 percent caused are by system vulnerabilities.¹ A full 82 percent of breaches involve the human element, including social engineering attacks, user errors, and data misuse.

As I will discuss in my Tuesday session, ITDR offers a way of reimagining the scope and collaboration between the SOC and identity admins that can help stop more of these credential-based attacks. IAM requires a lot of the same telemetry and inventory that SOC teams have, but the two groups rarely share tools. That’s because each team buys tools for different reasons. Operations and identity admins want stable, predictable operations and high uptime. Security analysts aren’t concerned with uptime; they care about identifying threats. In other words, IAM is mostly focused on letting only the good guys in, but it also needs an equal capability for keeping the bad guys out.

So, how do we reduce that staggering 65 percent of breaches that result from account-takeover attacks? And how do we know if and when the architecture itself is faulty? The solution lies in unifying more signals and more controls into a holistic solution. Microsoft is positioned to bridge the chasm between SOC and IAM because Microsoft Azure Active Directory (Azure AD) is already the foundation identity that so many organizations rely on. In addition, Microsoft Sentinel provides a cloud-native SIEM and SOAR solution with built-in user entity and behavior analytics (UEBA), while Microsoft Defender provides XDR capabilities for user environments, and Microsoft Defender for Cloud provides XDR for infrastructure and multicloud platforms.

Microsoft Entra: The way in is the way forward

Along with bridging the SOC and IAM relationship, Microsoft Entra is a vital component of Microsoft’s approach to ITDR. The products in the Entra family help provide secure access by providing IAM, CIEM, and identity verification in one solution.

Entra encompasses all of Microsoft’s existing IAM capabilities and integrates two new product categories: Microsoft Entra Permissions Management is a CIEM solution that empowers customers to discover, remediate, and monitor permission risks across all major public cloud platforms (such as Amazon Web Services, Azure, and Google Cloud Platform) from a unified interface. Microsoft Entra Verified ID provides a decentralized identity service based on open standards, safeguarding your organization by allowing admins to seamlessly customize and issue verifiable credentials in all your apps and services. 

Microsoft is working with our customers to reimagine IAM for our new decentralized workplace, and we’re committed to providing end-to-end protection for your organization with Microsoft Entra and SIEM and XDR. We look forward to meeting with you at Gartner Identity & Access Management Summit, August 22 to 24, 2022, in Las Vegas, Nevada. Be sure to stop and chat with us at Microsoft Booth #304.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹2022 Data Breach Investigations Report, Verizon. 2022.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. 

The post Connect with Microsoft Security experts at the 2022 Gartner Identity & Access Management Summit appeared first on Microsoft Security Blog.

There’s a reason Microsoft Security generated more than USD15 billion in revenue during 2021 with 45 percent growth.² We’re a Leader in four Gartner® Magic Quadrant™ reports,³  eight Forrester Wave™ reports,⁴ and six IDC MarketScape reports.⁵ As we head into another year marked by rapid change, Microsoft Security continues to deliver industry-leading protection across Zero Trust pillars, including identity, endpoints, applications, infrastructure, and data. Read on to see how we can help you move forward fearlessly with Cloud Security Services.

Strengthen identity verification

Zero Trust security starts with strong identity verification. That means determining that only those people, devices, and processes you’ve authorized can access resources on your systems. As the cornerstone of Microsoft’s identity solutions, Microsoft Azure Active Directory (Azure AD) provides a single identity control plane with common authentication and authorization for all your apps and services, even many non-Microsoft apps. Built-in conditional access in Azure AD lets you set policies to assess the risk levels for a user, device, sign-in location, or app. Admins can also make point-of-logon decisions and enforce access policies in real-time—blocking access, requiring a password reset, or granting access with an additional authentication factor.

Gartner recognized Microsoft as a 2021 Leader in Gartner Magic Quadrant for Access Management.⁶ Microsoft was also named as a Leader in the IDC MarketScape: Worldwide Advanced Authentication for Identity Security 2021 Vendor Assessment. From the IDC MarketScape report: “As telemetry is the rocket fuel for AI- and machine learning-infused endpoint security solutions, Microsoft’s breadth and volume are unequaled geographically and across customer segments. With the support of macOS, iOS, and Android, Microsoft’s telemetry pool is expanding and diversifying.”

“The difference we’ve experienced in visibility and threat detection since deploying Microsoft Security solutions is like night and day.”—Raoul Van Der Voort, Global Service Owner, Rabobank.

Comprehensive endpoint management

Microsoft Endpoint Manager combines both Microsoft Intune and Microsoft Configuration Manager to enable all user devices and their installed apps (corporate and personal) to meet your security and compliance policies—whether connecting from inside the network perimeter, over a VPN, or from the public internet. We believe this comprehensive coverage led to Microsoft being named a Leader in the 2021 Gartner Magic Quadrant for Unified Endpoint Management Tools,⁷ including Microsoft 365 Defender with extended detection and response (XDR) capabilities and its easy integration with Microsoft 365 apps.

Endpoint Manager also ranked as a Leader in the 2021 Forrester Wave™: Unified Endpoint Management Q4 2021. As the Forrester report states: “Endpoint Manager excels at helping customers migrate to modern endpoint management, with differentiating features, such as policy analysis, to determine readiness for cloud management, templated group policy migration, and pre-canned reports for co-management eligibility.” In the 2021 IDC MarketScape Vendor Assessments, Microsoft was again named as a Leader in five categories, including Worldwide Modern Endpoint Security for Enterprises⁸ and Small and Midsize Businesses,⁹ as well as Worldwide Unified Endpoint Management Software,¹⁰ Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment,¹¹ and Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses.¹²

“Our team are the enablers for Zero Trust prinicpals at Heineken, so by using the latest security technologies to provide a safe way for our business to innovate—like technology that helps reduce our carbon footprint and save water—we really can brew a better world.”—Marina Marceta, Security Incident Manager, Heineken.

Endpoint security and protection

Microsoft Defender for Endpoint was named Leader in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms,¹³ as well as being recognized as a Leader in The Forrester Wave™: Endpoint Security Software as a Service, Q2 2021. In the Forrester report, Defender for Endpoint received the highest possible scores in the criteria of control, data security, and mobile security, as well as in the criteria for Zero Trust framework alignment. As Forrester reported: “Third-party labs and customer reference scores both point to continued improvement over antimalware and anti-exploit efficacy where Microsoft frequently outperforms third-party competitors.”

Microsoft 365 Defender again made the top ranks later in the same year, placing as a Leader in The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021. “[Microsoft 365 Defender] offers robust, native endpoint, identity, cloud, and O365 [Microsoft Office 365] correlation… singular and cross-telemetry detection, investigation, and response for Microsoft’s native offerings in one platform.”

Application usage and management

Knowing which apps are being accessed by the people in your organization is critical to mitigating threats. This is especially true for apps that might be acquired independently for use by individuals or teams, also known as shadow IT. Microsoft Defender for Office 365 was named a Leader in The Forrester Wave™: Enterprise Email Security, Q2 2021, and received the highest possible score in the incident response, threat intelligence, and endpoint detection and response (EDR) solutions integration criteria. Defender for Office 365 also received the highest possible scores in the product strategy, support and customer success, and performance and operations criteria.

Microsoft 365 Defender was again recognized by Forrester as a Leader in The Forrester New Wave™: Extended Detection and Response (XDR), Q4 2021. Forrester found that Defender “offers robust, native endpoint, identity, cloud, and Office 365 correlation… [and] provides singular and cross-telemetry detection, investigation, and response for Microsoft’s native offerings in one platform.” Forrester also stated that Microsoft Defender for Endpoint’s “rich native telemetry yields tailored detection, investigation, response, and mitigation capabilities.”

Microsoft is committed to helping you gain visibility of your cloud apps and protect sensitive information anywhere in the cloud, as well as assess compliance and discover shadow IT. We’re proud to report that Microsoft Defender for Cloud Apps ranked as a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021, receiving the highest score in the strategy category.

Secure your network

Today’s modern architectures span on-premises systems, multiple cloud and hybrid services, VPNs, and more. Microsoft provides the scalable solutions needed to help secure any size network, including our cloud-native Microsoft Azure Firewall and Microsoft Azure DDoS Protection. Our XDR, security information and event management (SIEM), and security orchestration, automation, and response (SOAR) solutions—Microsoft 365 Defender and Microsoft Sentinel—empower your security operations centers (SOCs) to hunt for threats and easily coordinate your response from a single dashboard. 

“The reason Microsoft provides such a powerful security solution is that it seeks to meet your needs holistically. Each security layer talks to everything else, including those data sources you might be using that are external to Microsoft.”—Martin Sloan, Security Director, Drax Group.

On-premises and cloud infrastructure

Accurate infrastructure monitoring is critical for detecting vulnerabilities, attacks, or any anomaly that could leave your organization vulnerable. Staying on top of configuration management and software updates is especially important to meet your security and policy requirements.

Because today’s SOC is tasked with protecting a decentralized digital estate, Microsoft Sentinel was created as a cloud-native SIEM and SOAR solution, designed to protect both on-premises and cloud infrastructure. Only a year after its introduction, Microsoft was named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2020. By using graph-based machine learning and a probabilistic kill chain to produce high-fidelity alerts, Microsoft Sentinel reduces alert fatigue by 90 percent. Forrester reported that customers “note the ease of integration across other Microsoft products like Azure, Microsoft 365, and Defender for Endpoint as a big benefit… [and] call out automation as another strength.”

Limit access to your data

Limiting access to your data means upholding the three pillars of Zero Trust security—verify explicitly, apply least privileged access, and assume breach—across all files, wherever they reside. With Microsoft Information Protection, built-in labeling helps you maintain accurate classification, and machine learning-based trainable classifiers help deliver an exact data match. Microsoft Information Governance provides capabilities to govern your data for compliance or regulatory requirements, and Microsoft Data Loss Prevention empowers you to apply a consistent set of policies across the cloud, on-premises environments, and endpoints to monitor, prevent, and remediate risky activity.

In the field of data protection, Microsoft was named a Leader in the 2022 Gartner Magic Quadrant for Information Archiving,¹⁴ as well as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021. Forrester gave Microsoft the highest score in the strategy category, as well as the highest score possible in APIs and integrations, data security execution roadmap, performance, planned enhancements, Zero Trust enabling partner ecosystem, and eight other criteria.

The comprehensive coverage you need with Microsoft Security

Competing in today’s business environment means being able to move forward without constantly looking over your shoulder for the latest cyber threat. An effective Zero Trust architecture helps make that possible through a combination of comprehensive coverage, easy integration, built-in intelligence, and simplified management. Microsoft Security does all four—integrating more than 40 disparate products for security, compliance, identity, and management across clouds, platforms, endpoints, and devices—so you can move forward—fearless.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Why Security Can’t Live In A Silo, Douglas Albert, Forbes Technology Council, Forbes. October 5, 2020.

²Microsoft beats on earnings and revenue, delivers upbeat forecast for fiscal third quarter, Jordan Novet, CNBC. January 25, 2022.

³Microsoft Security is a Leader in four Gartner® Magic Quadrant™ reports, Microsoft Security.

⁴Microsoft Security is a Leader in eight Forrester Wave™ categories, Microsoft Security.

⁵IDC MarketScape: Worldwide Advanced Authentication for Identity Security 2021 Vendor Assessment, Doc # US46178720. July 2021

IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Doc # US48306021. November 2021

IDC MarketScape: Worldwide Modern Endpoint Security for Small and Midsize Businesses 2021 Vendor Assessment, Doc #48304721. November 2021.

IDC MarketScape: Worldwide Unified Endpoint Management Software 2021 Vendor Assessment, Doc # US46957820. January 2021.

IDC MarketScape: Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses 2021 Vendor Assessment, Doc # US46965720. January 2021

IDC MarketScape: Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment 2021 Vendor Assessment, Doc # US46957920. January 2021

⁶Gartner, Magic Quadrant for Access Management, Henrique Teixeira, Abhyuday Data, Michael Kelley, 1 November 2021.

⁷Gartner, Magic Quadrant for Unified Endpoint Management Tools, Dan Wilson, Chris Silva, Tom Cipolla, 16 August 2021.

⁸IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2021 Vendor Assessment, Michael Suby, IDC. November 2021.

⁹Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses, Rob Lefferts, Microsoft Security Blog, Microsoft. November 18, 2021.

¹⁰IDC MarketScape: Worldwide Unified Endpoint Management Software 2021 Vendor Assessment, Phil Hochmuth, IDC. January 2021.

¹¹IDC MarketScape: Worldwide Unified Endpoint Management Software for Ruggedized/Internet of Things Deployment 2021 Vendor Assessment, Phil Hochmuth. January 2021.

¹²IDC MarketScape: Worldwide Unified Endpoint Management Software for Small and Medium-Sized Businesses 2021 Vendor Assessment, Phil Hochmuth. January 2021.

¹³Gartner, Magic Quadrant for Endpoint Protection Platforms, Paul Webber, Peter Firstbrook, Rob Smith, Mark Harris, Prateek Bhajanka, Updated 5 January 2022, Published 5 May 2021.

¹⁴Gartner, Magic Quadrant for Enterprise Information Archiving, Michael Hoeck, Jeff Vogel, Chandra Mukhyala, 24 January 2022.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post A Leader in multiple Zero Trust security categories: Industry analysts weigh in appeared first on Microsoft Security Blog.

These workplace shifts test and break an organization’s compliance postures as executive, IT, and risk professionals take stock of resulting gaps and blind spots. Research from Carnegie Mellon University’s CyLab, with support from Microsoft, found that a majority of surveyed organizations had experienced over five malicious insider threat incidents in the last year (69 percent of respondents), and over 10 inadvertent or data misuse incidents (58 percent of respondents).¹

Underscoring the stakes of the moment is the business sector’s high-profile challenge: the Great Reshuffle of employee roles and talent. Microsoft’s 2021 Work Trend Index found that 41 percent of the global workforce was considering leaving their employer due to burnout and a lack of workplace flexibility.² The cyber risk ramifications of reshuffles like this are clear when you consider the data exposure that can occur with a mix of departing employees and new staff unfamiliar with the organization’s security and compliance policies.

The best course of action for navigating the changing data landscape isn’t overly restricting employee access or aggressively punishing small errors. Organizations need a solution that lends employees the access they need while providing IT teams tools to quickly identify risky insider activity. This balance of trust is critical when implementing an insider risk program and can create a culture of empathy that empowers employees to work safely and independently.

We’re excited to announce a few new features that can help organizations better manage their insider risks, while also facilitating a corporate culture of safety and respect.

Improving insider risk management visibility, context, and integrations

Identifying and managing security and data risks inside your organization can be challenging. Insider risk management in Microsoft 365 helps minimize internal risks by empowering security teams to detect and act on malicious and inadvertent activities in your organization. Where traditional tools and strategies may focus on preventing sensitive data from leaving your organization, insider risk management leverages machine learning to correlate signals around risky user behavior and identify which activities may result in data theft or data leakage. These insights help security teams to identify potential concerns and can help accelerate time to action.

Communication compliance in Microsoft 365 helps organizations foster safe and compliant communications across corporate communications. In the world of hybrid work, organizations seek out communication and collaboration tools to empower employees to do their best work. At the same time, they need to manage risk in communications to protect company assets, fulfill regulatory compliance obligations, and detect code of conduct violations, like harassing or threatening language, sharing of adult content, and inappropriate sharing of sensitive information. We are honored that  Gartner® has listed Microsoft as a Leader in its 2022 Magic Quadrant™ for Enterprise Information Archiving, a market “designed for archiving data sources to a centralized platform to satisfy information governance requirements.”³

Built with privacy by design, the solutions ensure that user names are pseudonymized by default, role-based access controls are built-in, and investigators must be explicitly added by an administrator.

Today, Microsoft is excited to announce new functionalities in insider risk management and communication compliance for Microsoft 365:

• Enhancements to sequence detections.
• Enhancements and additions to insider risk investigation capabilities.
• Enhanced cumulative exfiltration anomaly detection capabilities.
• Enhanced audit trail of investigator and analyst activity.
• New classifier to detect customer complaints made about your organization’s products or services in communication compliance.

Microsoft 365 E3 customers are welcome to sign up for an Insider Risk Management Trial or the Microsoft E5 Compliance Trial through the Microsoft compliance center.

Enhancements to sequence detections

To help security and risk management teams accelerate time to action when it comes to insider risk management, it’s important to provide a rich context of risky user activity that goes beyond a transactional view.

In 2021, we introduced sequence detection to help analysts and investigators identify a series of connected activities and get a better understanding of intent. Today, we’re excited to announce enhancements to our sequence detections, including the ability to identify changes in document sensitivities, such as a document label being downgraded from Confidential to Public in an effort to evade detections. Insider risk can also detect sequences that may start on an endpoint device, providing greater visibility into the risky activity that may start on a workstation or device. We’ve also included additional exfiltration signals to broaden the coverage of sequences, including visibility for when a user uploads data to a cloud as a potential exfiltration step.

Enhancement and additions to insider risk investigation capabilities

With insider risk management, your security, data protection, or investigative teams have new tools and capabilities to better understand and investigate the risky activities happening in your environment.

This update includes an improved user experience for drilling down into sequences within the activity explorer. With these latest updates, security teams can get better insights into user activity types, including the ability to filter by activity category in the user activity view.

The improved alert triage experience in insider risk management includes a new summary user alert history timeline to provide better context, as well as an enhanced alert overview page.

Furthermore, insider risk management administrators can now set up email notifications for high severity alerts or for policy health recommendations.

Enhanced cumulative exfiltration anomaly detection capabilities

With cumulative exfiltration anomaly detection (CEAD) in insider risk management, organizations can leverage machine learning models to detect when a user’s exfiltration activities exceed the organizational averages. This can help to detect exfiltration activities that security teams might traditionally miss through data loss prevention (DLP) or structured policies alone. Learn more about CEAD.

With these latest updates, there are new visuals to represent potentially risky activity, making it easier for investigative or analyst teams to review and triage user activity against the organizational normal. CEAD will also prioritize cumulative exfiltration of sensitive documents based on prioritized SharePoint sites and built-in sensitive information types, as well as Microsoft Information Protection (MIP) label prioritization.  

Enhanced audit trail of investigator and analyst activity

When security or investigative teams are looking into organizational activity, it is crucial that investigations align with regulatory requirements and your organization’s compliance and security policies. It is also key to ensuring objectivity on the part of the investigators and analysts who are reviewing user activities.

Microsoft is announcing new audit events for insider risk management, including audit events of activities within the content explorer, activity explorer, and user timeline. These additional audit log events mean that anyone reviewing audit logs will have a better understanding of what investigators or analysts did within the insider risk management interface.

New customer complaints model in communication compliance

In highly regulated industries, such as financial services, pharmaceuticals, and food, organizations are mandated by law to track and address customer complaints made on their products or services. We are excited to announce the preview of a new customer complaint classifier that detects possible complaints filed by customers and surfaces matches for customer complaint management.

This new feature can help organizations meet regulations that mandate detection and triage of complaints, such as the Consumer Financial Protection Bureau and the Food and Drug Administrator requirements. Additionally, this feature can help organizations gain insight into how to improve their products and services.

Microsoft partners with other security leaders to address insider risk

In addition to our work in growing the capabilities of our insider risk management and communication compliance solutions, Microsoft is focused on reducing insider risks through partnerships and knowledge sharing. Microsoft is a Founding Research Sponsor of MITRE Engenuity’s Center for Threat-Informed Defense (Center), which launched a knowledge base to identify insider threats. See the Center’s release announcement here.

This latest resource from the Center is designed to help insider threat programs and security operation centers (SOCs) “detect, mitigate, and emulate insider actions on IT systems” and to stop those behaviors deemed risky or damaging. These resources include a Knowledge Base of Tactics, Techniques, and Procedures (TTPs) and the Design Principles and Methodology report.

As a Founding Research Sponsor, Microsoft researchers and security practitioners collaborated with other security industry partners to share TTPs and insights for what we are seeing in the insider risk space. “Microsoft’s work with the Center team and other security leaders confirms that insider risks pose a huge threat and that detection requires context beyond standard TTPs. Through this program, Microsoft’s Digital Security and Resilience and engineering teams partnered with and learned from others, and we are excited to see the collaboration in this space grow,” shared Rob McCann, Principal Data Scientist in Microsoft’s Security Research division. “This initial Knowledge Base sets the stage for industry-wide expansion and increased awareness of insider risk across the security community, and helps lay a foundation for further development and understanding of the insider risk landscape. This is an exciting step forward, and we’re grateful to have been a part of it.”

The insights and learnings from Microsoft’s participation in the Center have reaffirmed the priorities that have shaped Microsoft’s investments, both internally and in solutions available to our customers, including insider risk management.

Building an effective insider risk program

Over the past 18 months, we have seen high-profile insider risk incidents across a number of industries, ranging from data theft to corporate code of conduct violations. Recent high-profile examples have included the theft of confidential documents related to COVID-19 vaccines in the pharmaceutical industry to workplace harassment.

PwC and Microsoft advocate for an enterprise-wide approach to insider risk by leveraging key stakeholders to identify potential insider risks and tailor technical controls to address them. See how your organization can benefit from this approach by downloading the PwC and Microsoft whitepaper Building an effective insider risk management program.

Get started

These new features in insider risk management and communication compliance for Microsoft 365 have already rolled out or will start rolling out to customer tenants in the coming weeks. These solutions are also generally available across government clouds, supported in Government Community Cloud (GCC), GCC-High, and US Department of Defense (DoD) tenants.

We are happy to share that there is now an easier way for you to try Microsoft compliance solutions directly in the Microsoft 365 compliance center. By enabling the trial in the compliance center, you can quickly start using all capabilities of Microsoft Compliance, including insider risk management, communication compliance, records management, Advanced Audit, Advanced eDiscovery, MIP, DLP, and Compliance Manager.

If you are a current Microsoft 365 E3 user and interested in experiencing insider risk management, check out the Insider Risk Management Trial or the Microsoft E5 Compliance Trial to see how insider risk solutions and analytics can give you actionable insights.

Learn more about how to get started and configure policies in your tenant in the supporting documentation for insider risk management and communication compliance. Keep a lookout for updates to the documentation with information on the new features over the coming weeks.

Explore more about the importance of managing insider threats.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

¹Insider Risk Management Program Building: Summary of Insights from Practitioners, CyLab, Carnegie Mellon University. May 2021.

²The Great Reshuffle and how Microsoft Viva is helping reimagine the employee experience, Seth Patton, Microsoft 365. September 28, 2021.

³Gartner, Magic Quadrant for Enterprise Information Archiving, Michael Hoeck, Jeff Vogel, Chandra Mukhyala, Gartner. January 24, 2022.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post How Microsoft can help reduce insider risk during the Great Reshuffle appeared first on Microsoft Security Blog.