Your AI is only as good as your data.

Organizations are skeptical about AI transformation due to concerns of sensitive data oversharing and poor data quality. In fact, 86% of organizations lack visibility into AI data flows, operating in darkness about what information employees share with AI systems [1]. Compounding on this challenge, about 67% of executives are uncomfortable using data for AI due to quality concerns [2]. The challenges of data oversharing and poor data quality requires organizations to solve these issues seamlessly for the safe usage of AI. Microsoft Purview offers a modern, unified approach to help organizations secure and govern data across their entire data estate, in particular best in class integrations with M365, Microsoft Fabric, and Azure data estates, streamlining oversight and reducing complexity across the estate.

At FabCon Atlanta, we’re announcing new Microsoft Purview innovations for Fabric to help seamlessly secure and confidently activate your data for AI transformation. These updates span data security and data governance, granting Fabric users to both

1. Discover risks and prevent data oversharing in Fabric
2. Improve governance processes and data quality across their data estate

1. Discover risks and prevent data oversharing in Fabric

As data volume increases with AI usage, Microsoft Purview secures your data with capabilities such as Information Protection, Data Loss Prevention (DLP), Insider Risk Management (IRM), and Data Security Posture Management (DSPM). These capabilities work together to secure data throughout its lifecycle and now specifically for your Fabric data estate. Here are a few new Purview innovations for your Fabric estate:

Microsoft Purview DLP policies to prevent data leakage for Fabric Warehouse and KQL/SQL DBs

Now generally available, Microsoft Purview DLP policies allow Fabric admins to prevent data oversharing in Fabric through policy tip triggering when sensitive data is detected in assets uploaded to Warehouses. Additionally, in preview, Purview DLP enables Fabric admins to restrict access to assets with sensitive data in KQL/SQL DBs and Fabric Warehouses to prevent data oversharing. This helps admins limit access to sensitive data detected in these data sources and data stores to just asset owners and allowed collaborators. These DLP innovations expand upon the depth and breadth of existing DLP policies to ensure sensitive data in Fabric is protected.

Figure 1. DLP restrict access preventing data oversharing of customer information stored in a KQL database.

Microsoft Purview Insider Risk Management (IRM) indicators for Lakehouse, IRM data theft quick policy for Fabric, and IRM pay-as-you-go usage report for Fabric

Microsoft Purview Insider Risk Management is now generally available for Microsoft Fabric extending its risk-detection capabilities to Microsoft Fabric lakehouses (in addition to Power BI which is supported today) by offering ready-to-use risk indicators based on risky user activities in Fabric lakehouses, such as sharing data from a Fabric lakehouse with people outside the organization . Additionally, IRM data theft policy is now generally available for security admins to create a data theft policy to detect Fabric data exfiltration, such as exporting Power BI reports. Also, organizations now have visibility into how much they are billed with the IRM pay-as-you-go usage report for Fabric, providing customers with an easy-to-use dashboard to track their consumption and predictability on costs.

Figure 2. IRM identifying risky user behavior when handling data in a Fabric Lakehouse. 

Figure 3. Security admins can create a data theft policy to detect Fabric data exfiltration. 

Figure 4. Security admins can check the pay-as-you-go usage (processing units) across different workloads and activities such as the downgrading of sensitivity labels of a lakehouse through the usage report.

Microsoft Purview for all Fabric Copilots and Agents

Microsoft Purview currently provides capabilities in preview for all Copilots and Agents in Fabric. Organizations can:

• Discover data risks such as sensitive data in user prompts and responses and receive recommended actions to reduce these risks.
• Detect and remediate oversharing risks with Data Risk Assessments on DSPM, that identify potentially overshared, unprotected, or sensitive Fabric assets, giving teams clear visibility into where data exposure exists and enabling targeted actions—like applying labels or policies—to reduce risk and ensure Fabric data is AI‑ready and governed by design.
• Identify risky AI usage with Microsoft Purview Insider Risk Management to investigate risky AI usage, such as an inadvertent user who has neglected security best practices and shared sensitive data in AI.
• Govern AI usage with Microsoft Purview Audit, Microsoft Purview eDiscovery, retention policies, and non-compliant usage detection.

Figure 5. Purview DSPM provides admins with the ability to discover data risks such as a user’s attempt to obtain historical data within a data agent in the Data Science workload in Fabric. DSPM subsequently provides actions to solve this risk.

Now that we’ve covered how Purview helps secure Fabric data and AI, the next focus is ensuring Fabric users can use that data responsibly.

2. Improve governance processes and data quality across their data estate

Once an organization’s data is secured for AI, the next challenge is ensuring consumers can easily find and trust the data needed for AI. This is where the Purview Unified Catalog comes in, serving as the foundation for enterprise data governance. Estate-wide data discovery provides a holistic view of the data landscape, helping prevent valuable data from being underutilized. Built-in data quality tools enable teams to measure, monitor, and remediate issues such as incomplete records, inconsistencies, and redundancies, ensuring decisions and AI outcomes are based on trusted, reliable data.  Purview provides additional governance capabilities for all data consumers and governance teams and supplement those who utilize the Fabric OneLake catalog. Here are a few new innovations within the Purview Unified Catalog:

Publication workflows for data products and glossary terms

Now generally available, data owners can leverage Workflows in the Purview Unified Catalog to manage how data products and glossary terms are published. Customizable workflows enable governance teams to work faster to create a well curated catalog, specifically by ensuring that data products and glossary terms are published and governed responsibly. Data consumers can request access to data products and be reassured that the data is held to a certain governance standard by governance teams.

Figure 6. Customizing a Workflow for publishing a glossary term in your catalog.

Data quality for ungoverned assets in the Unified Catalog, including Fabric data  

In the Unified Catalog, Data Quality for ungoverned data assets allows organizations to run data quality on data assets, including Fabric assets, without linking them to data products. This approach enables data quality stewards to run data quality at a faster speed and on greater scale, ensuring that their organizations can democratize high quality data for AI use cases.

Figure 7.  Running data quality on data assets without it being associated with a data product.

Looking Forward

As organizations accelerate their AI ambitions, data security and governance become essential. Microsoft Purview and Microsoft Fabric deliver an integrated and unified foundation that enables organizations to innovate with confidence, ensuring data is protected, governed, and trusted for responsible AI activation.

We’re committed to helping you stay ahead of evolving challenges and opportunities as you unlock more value from your data. Explore these new capabilities and join us on the journey toward a more secure, governed, and AI‑ready data future.

[1] 2025 AI Security Gap: 83% of Organizations Flying Blind

[2] The Importance Of Data Quality: Metrics That Drive Business Success

The post New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation appeared first on Microsoft Security Blog.

Dow’s security team, led by Chief Information Security Officer Mario Ferket, proactively covers everything from governance, risk, compliance, identity and access management, and information protection to data privacy while their team continues to mature and grow. With this comes a partnership with Microsoft Security using tools including Microsoft Security Copilot.

Microsoft recently spoke with Ferket on Dow’s approach to AI in security, establishing a responsible AI team, and how Security Copilot is acting as a mentor within their apprentice program.

MICROSOFT: How has your security team evolved in the past few years to incorporate AI into your business?

FERKET: AI at Dow is being viewed as a significant business enabler to better serve our customers with innovative and sustainable products. To use AI in a responsible way, we partnered with our Enterprise Data and Analytics team, Legal, and other departments to establish a responsible AI team.

This team was tasked with defining a set of principles as well as creating an acceptable use policy for generative AI as we rolled out Microsoft Copilot in the company. Beyond that, the new cross-functional team has been looking at the new risks associated with the use of AI and how to protect ourselves, our data, and our customers. The team is also exploring how AI can be leveraged to enhance our security operations and use “AI to fight AI” in instances in which AI is potentially used with malicious intentions.

MICROSOFT: How is AI being integrated into Dow’s security efforts, and what specific capabilities are you leveraging?

FERKET: Our team is leveraging several AI- and machine learning-enabled capabilities to better detect and remove phishing emails, potential business email compromise (BEC) instances, and other malicious content sent to Dow through email.

For well over a year, we have been working with Microsoft in a design partnership to leverage Security Copilot as a key tool in the Dow Cyber Security Operations Center (CSOC). Given the sophistication and speed of cyberattacks, our original need was to eliminate repetitive manual tasks through automation and move to more automated interventions. This allows the team to spend more time on proactive activities. We are also using Security Copilot for threat hunting augmentation, automated incident summarization, and ticket enrichment by pulling indicators from intelligence services to provide context to the tickets being investigated, and generating queries to support threat hunting activities. We’ve found that this helps eliminate labor-intensive activities.

MICROSOFT: What impact has AI had on your team, and do you have any lessons learned from integrating AI into your security operations?

FERKET: Once the initial learning curve of Security Copilot was passed, the Dow CSOC quickly identified quick wins for leveraging the tool. It is now common in any investigation to hear the phrase “Have you asked Copilot?” for a wide variety of situations.

In the past, our Dow CSOC relied on extensive institutional knowledge within the team to know what “good” and “bad” looked like. Being able to query Security Copilot in natural language helps the team to quickly identify relevant information and act on it. The ability to leverage Security Copilot helps analysts to focus more on investigations and less on sifting through data. Before this level of automation, a member of my security team would have to manually source data from several sources to draw correlations and conclusions during an investigation. Now, when an alert trips, Security Copilot enriches alerts with contextualized data to support investigations. By using Security Copilot for incident summarization and enrichment, natural language search, and automation, the CSOC can decrease the time between when an alert fires and when action is taken.

Both Microsoft 365 Copilot and Security Copilot have become integral to the day-to-day operations of the CSOC, with analysts querying the tool several times a day for many reasons, ranging from data interpretation to ticket enrichment. Security Copilot enriches tickets with relevant data, cutting down the amount of time spent collating data. It has helped the Dow CSOC to automate the menial tasks of security investigations, allowing our more senior analysts to focus on proactive defensive measures. Our team has been surprised by how quickly we adopted the new capabilities and integrated them into our standard processes.

Within Dow, we also have an apprentice program with individuals from diverse backgrounds who are very often non-IT trained. Traditionally, it would take upwards of up a year of on-the-job training and job-shadowing of senior analysts for one of these apprentices to become “full” members of the team. Now, these apprentices can use Security Copilot as a “virtual mentor” for topics such as query building or learning the cyberthreat landscape, drastically decreasing the ramp time required for the apprentice to be productive and ensuring that senior analysts are able to focus on proactive defense.

MICROSOFT: What are the future directions and innovations you are considering in the field of AI and security, and how do you plan to implement them?

FERKET: Looking ahead, we’re exploring the use of advanced AI-powered capabilities to enhance detection of anomalies and patterns across large-scale telemetry. We’re also evaluating ways to streamline rule management through intelligent automation, aiming to reduce the manual overhead for our analysts. Another area of interest is dynamic prioritization of alerts, where contextual signals and threat intelligence can help refine response urgency. As always, we remain vigilant about the evolving use of AI by malicious actors and continue to assess its broader implications on the threat landscape.

MICROSOFT: What advice would you give to other security teams starting their AI journey?

FERKET: Be agile, but focused. AI is undoubtedly changing the cyber defense landscape, with many emergent tools being released regularly. It is easy to get lost in the “art of the possible” when it comes to AI tooling. Organizations starting their AI journey should be mindful of their core business objectives, the limitations of current AI capabilities, and be ready to pivot as things change rapidly. For the Dow CSOC, AI is seen as a great augmentation to help analysts be more effective and spend time on what really matters.

Microsoft Ignite 2025

Join us at Microsoft Ignite 2025 to explore our AI-first, end-to-end security platform, attend hands-on labs, get certified, connect with peers, and chat with industry experts
Register now.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Dow’s 125-year legacy: Innovating with AI to secure a long future appeared first on Microsoft Security Blog.

To help protect and inform customers, this blog highlights the protection coverage across the Microsoft Defender and Microsoft Sentinel security ecosystem and provides security posture hardening recommendations to protect against threat actors like Octo Tempest.

Overview of Octo Tempest 

Octo Tempest, also known in the industry as Scattered Spider, Muddled Libra, UNC3944, or 0ktapus, is a financially motivated cybercriminal group that has been observed impacting organizations using varying methods in their end-to-end attacks. Their approach includes: 

• Gaining initial access using social engineering attacks and impersonating a user and contacting service desk support through phone calls, emails, and messages.
• Short Message Service (SMS)-based phishing using adversary-in-the-middle (AiTM) domains that mimic legitimate organizations.
• Using tools such as ngrok, Chisel, and AADInternals.
• Impacting hybrid identity infrastructures and exfiltrating data to support extortion or ransomware operations.  

Recent activity shows Octo Tempest has deployed DragonForce ransomware with a particular focus on VMWare ESX hypervisor environments. In contrast to previous patterns where Octo Tempest used cloud identity privileges for on-premises access, recent activities have involved impacting both on-premises accounts and infrastructure at the initial stage of an intrusion before transitioning to cloud access. 

Octo Tempest detection coverage 

Microsoft Defender has a wide range of detections to detect Octo Tempest related activities and more. These detections span across all areas of the security portfolio including endpoints, identities, software as a service (SaaS) apps, email and collaboration tools, cloud workloads, and more to provide comprehensive protection coverage. Shown below is a list of known Octo Tempest tactics, techniques, and procedures (TTPs) observed in recent attack chains mapped to detection coverage.

Disrupting Octo Tempest attacks  

Disrupt in-progress attacks with automatic attack disruption:
Attack disruption is Microsoft Defender’s unique, built-in self-defense capability that consumes multi-domain signals, the latest threat intelligence, and AI-powered machine learning models to automatically predict and disrupt an attacker’s next move by containing the compromised asset (user, device). This technology uses multiple potential indicators and behaviors, including all the detections listed above, possible Microsoft Entra ID sign-in attempts, possible Octo Tempest-related sign-in activities and correlate them across the Microsoft Defender workloads into a high-fidelity incident. 

Based on previous learnings from popular Octo Tempest techniques, attack disruption will automatically disable the user account used by Octo Tempest and revokes all existing active sessions by the compromised user. 

While attack disruption can contain the attack by cutting off the attacker, it is critical for security operations center (SOC) teams to conduct incident response activities and post-incident analysis to help ensure the threat is fully contained and remediated.  

Investigate and hunt for Octo Tempest related activity:
Octo Tempest is infamously known for aggressive social engineering tactics, often impacting individuals with specific permissions to gain legitimate access and move laterally through networks. To help organizations identify these activities, customers can use Microsoft Defender’s advanced hunting capability to proactively investigate and respond to threats across their environment. Analysts can query across both first- and third-party data sources powered by Microsoft Defender XDR and Microsoft Sentinel. In addition to these tables, analysts can also use exposure insights from Microsoft Security Exposure Management.  

Using advanced hunting and the Exposure Graph, defenders can proactively assess and hunt for the threat actor’s related activity and identify which users are most likely to be targeted and what will be the effect of a compromise, strengthening defenses before an attack occurs.  

Proactive defense against Octo Tempest 

Microsoft Security Exposure Management, available in the Microsoft Defender portal, equips security teams with capabilities such as critical asset protection, threat actor initiatives, and attack path analysis that enable security teams to proactively reduce exposure and mitigate the impact of Octo Tempest’s hybrid attack tactics.

Ensure critical assets stay protected 

Customers should ensure critical assets are classified as critical in the Microsoft Defender portal to generate relevant attack paths and recommendations in initiatives. Microsoft Defender automatically identifies critical devices in your environment, but teams should also create custom rules and expand critical asset identifiers to enhance protection.  

Take action to minimize impact with initiatives 

Exposure Management’s initiatives feature provides goal-driven programs that unify key insights to help teams harden defenses and act fast on real threats. To address the most pressing risks related to Octo Tempest, we recommend organizations begin with the initiatives below: 

• Octo Tempest Threat Initiative: Octo Tempest is known for tactics like extracting credentials from Local Security Authority Subsystem Service (LSASS) using tools like Mimikatz and signing in from attacker-controlled IPs—both of which can be mitigated through controls like attack surface reduction (ASR) rules and sign-in policies. This initiative brings these mitigations together into a focused program, mapping real-world attacker behaviors to actionable controls that help reduce exposure and disrupt attack paths before they escalate.
• Ransomware Initiative: A broader initiative focused on reducing exposure to extortion-driven attacks through hardening identity, endpoint, and infrastructure layers. This will provide recommendations tailored for your organization.  

Investigate on-premises and hybrid attack paths

Security teams can use attack path analysis to trace cross-domain threats—like those used by Octo Tempest—who’ve exploited the critical Entra Connect server to pivot into cloud workloads, escalate privileges, and expand their reach. Teams can use the ‘Chokepoint’ view in the attack path dashboard to highlight entities appearing in multiple paths, making it easy to filter for helpdesk-linked accounts, a known Octo target, and prioritize their remediation.  

Given Octo Tempest’s hybrid attack strategy, a representative attack path may look like this: 

Recommendations 

In today’s threat landscape, proactive security is essential. By following security best practices, you reduce the attack surface and limit the potential impact of adversaries like Octo Tempest. Microsoft recommends implementing the following to help strengthen your overall posture and stay ahead of threats: 

Identity security recommendations 

• Ensure multifactor authentication is enabled for all users: Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised.
• Enable Microsoft Entra ID Identity Protection sign-in risk policies: Turning on the sign-in risk policy ensures that suspicious sign-ins are challenged for.
• Ensure phishing-resistant multifactor authentication strength is required for Administrators.
• Ensure Microsoft Azure overprovisioned identities should have only the necessary permissions.
• Enable Microsoft Entra Privileged Identity Management as well as other protective measures to mitigate the risk of unnecessary or unauthorized access.

Endpoint security recommendations 

• Enable Microsoft Defender Antivirus cloud-delivered protection for Linux.
• Turn on Microsoft Defender Antivirus real-time protection for Linux.
• Enable Microsoft Defender for Endpoint EDR in block mode to block post breach malicious behavior on the device through behavior blocking and containment capabilities.
• Turn on tamper protection that essentially prevents Microsoft Defender for Endpoint (your security settings) from being modified.
• Block credential stealing from the Windows local security authority subsystem: Attack surface reduction (ASR) rules are the most effective method for blocking the most common attack techniques being used in cyber-attacks and malicious software.
• Turn on Microsoft Defender Credential Guard to isolate secrets so that only privileged system software can access them.

Cloud security recommendations 

• Key Vaults should have purge protection enabled to prevent immediate, irreversible deletion of vaults and secrets.
• To reduce risks of overly permissive inbound rules on virtual machines’ management ports, enable just-in-time (JIT) network access control. 
• Microsoft Defender for Cloud recommends encrypting data with customer-managed keys (CMK) to support strict compliance or regulatory requirements. To reduce risk and increase control, enable CMK to manage your own encryption keys through Microsoft Azure Key Vault.
• Enable logs in Azure Key Vault and retain them for up to a year. This enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised.
• Microsoft Azure Backup should be enabled for virtual machines to protect the data on your Microsoft Azure virtual machines, and to create recovery points that are stored in geo-redundant recovery vaults.

Microsoft Defender

Comprehensive threat prevention, detection and response capabilities for everyone.

Discover more

Explore security solutions

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Microsoft Security blog to keep up with our expert coverage on security matters.

Also, follow us on Microsoft Security LinkedIn and @MSFTSecurity on X for the latest news and updates on cybersecurity. 

The post Protecting customers from Octo Tempest attacks across multiple industries appeared first on Microsoft Security Blog.

The Microsoft Fabric and Microsoft Purview teams are excited to be in Las Vegas from March 31 to April 2, 2025, for the second annual and highly anticipated Microsoft Fabric Community Conference. With more than 200 sessions, 13 focused tracks, 21 hands-on workshops, and two keynotes, attendees can expect an engaging and informative experience. The conference offers a unique opportunity for the community to connect and exchange insights on key topics such as data and AI.

AI innovation is impacting every industry, business process, and individual. About 75% of knowledge workers today are currently using some sort of AI in their day to day.¹ At the same time, the regulatory landscape is evolving at an unprecedented pace. Around the world, at least 69 countries have proposed more than 1,000 AI-related policy initiatives and legal frameworks to address public concerns around AI safety and governance.² With the need to adhere to regulations and policy frameworks for AI transformation, a comprehensive solution is needed to address security, governance, and privacy concerns. Additionally, with the convergence of the responsibilities of cybersecurity and data teams, customers are asking for a solution that turns data security and data governance into a team sport to address issues such data discovery, data classification, data loss prevention, and data quality in a unified way. Microsoft Purview delivers a comprehensive set of solutions that address these needs, helping customers seamlessly secure and confidently activate their data in the era of AI.

We are excited to announce new innovations that help security and data teams accelerate their organization’s AI transformation:

1. Enhancing Microsoft Purview Data Loss Prevention (Purview DLP) support for lakehouse in Microsoft Fabric to help prevent sensitive data loss by restricting access.
2. Expanding Purview DLP policy support for additional Fabric items such as KQL databases and Mirrored databases to send users notification through policy tips when they are working with sensitive data.
3. Microsoft Purview integration with Copilot in Fabric, specifically for Power BI.
4. Data Observability within the Microsoft Purview Unified Catalog.

Seamlessly secure data

Microsoft Purview is extending its proven data security value delivered to millions of Microsoft 365 users worldwide, to the Microsoft data platform. This helps users drive consistency across their multicloud and multiplatform data estate and simplify risks related to data leaks, oversharing, and risky user behavior as more users are managing and handling data in the era of AI.

1. Enhancing Microsoft Purview Data Loss Prevention (DLP) support for lakehouse in Fabric to help prevent sensitive data loss by restricting access

Microsoft Purview Data Security capabilities are used by hundreds of thousands of customers for their integration with Microsoft 365 data. Since last year’s Microsoft Fabric Community Conference, Microsoft Purview has extended Microsoft Purview Information Protection and Purview DLP policy tip value across the data estate, including Fabric. Currently, Purview DLP supports the ability to show users notifications for when they are working with sensitive data in lakehouse. We are excited to share that we are enhancing the DLP value in lakehouse to prevent sensitive data leakage to guest users by restricting access. Data Security admins can configure policies and limit access to only internal users or data owners based on the sensitive data found. This control is valuable for when a Fabric tenant includes guest users and domain owners want to limit access to internal proprietary data in their lakehouses. 

Figure 1. DLP policy restricting access for guest users into lakehouse due to personally identifiable information (PII) data discovered 

2. Expanding DLP policy support for additional Fabric items such as KQL databases and Mirrored databases to show users notification through policy tips when they are working with sensitive data

A key part of securing sensitive data is to provide visibility to your users on where and how they are interacting with sensitive data. Purview DLP policies can help notify users when they are working with sensitive data through policy tips in lakehouse in Fabric. We are excited to announce that we are extending policy tips support for additional Fabric items—KQL databases and Mirrored databases in preview. (Mirrored Database sources include Azure Cosmos DB, Azure SQL Database, Azure SQL Managed Instance, Azure Databricks Unity Catalog, and Snowflake, with more sources available soon). KQL databases are the only databases used for real-time analytics so detecting sensitive data that comes through real-time analytics is huge for Fabric customers. Purview DLP for Mirrored databases reduces the security risk of sensitive data leakage when data is transferred in Fabric. We are happy to extend Purview DLP value to more data sources, providing end-to-end protection for customers within their Fabric environments, all to prepare for the safe deployment of AI.

Figure 2. Policy tip triggered by Purview DLP due to PII being discovered in KQL databases.

Figure 3. Policy tip triggered by Purview DLP due to PII being discovered in Mirrored databases.

3. Microsoft Purview for Copilot in Fabric

As organizations adopt AI, implementing data controls and a Zero Trust approach is crucial to mitigate risks like data oversharing and leakage, and potential non-compliant usage in AI. We are excited to announce Microsoft Purview capabilities in preview for Copilot in Fabric, starting with Copilot for Power BI. By combining Microsoft Purview and Copilot for Power BI, users can:

• Discover data risks such as sensitive data in user prompts and responses and receive recommended actions in their Microsoft Purview Data Security Posture Management (DSPM) dashboard to reduce these risks.
• Identify risky AI usage with Microsoft Purview Insider Risk Management to investigate risky AI usage, such as an inadvertent user who has neglected security best practices and shared sensitive data in AI or a departing employee using AI to find sensitive data and exfiltrating the data through a USB device.
• Govern AI usage with Microsoft Purview Audit, Microsoft Purview eDiscovery, retention policies, and non-compliant usage detection.

Figure 4. Purview DSPM for AI provides admins with comprehensive reports on Copilot in Fabric’s user activities, as well as data entered and shared within the copilot.

Confidently activate data

4. Data observability, now in preview, within Microsoft Purview Unified Catalog

Within the Unified Catalog in Microsoft Purview, users can easily identify the root cause of data quality issues by visually investigating the relationship between governance domains, data products, glossary terms, and data assets associated with them through its lineage. Data assets and their respective data quality are visible across your multicloud, hybrid data estate. Maintaining high data quality is core to driving trustworthy AI innovation forward, and with the new data observability capabilities in Microsoft Purview, users can now improve how fast they can investigate and resolve root cause issues to improve data quality and respond to regulatory reporting requirements.

Figure 5. Lineage view of data assets that showcases data quality within a Data Product.

Microsoft Purview and Microsoft Fabric can help secure and activate data

As your organization continues to implement AI, Microsoft Fabric and Microsoft Purview will serve as key solutions to safely activate your data for AI. Stay tuned for even more exciting innovations to come and check out the Fabric blog to read more about the innovations in Fabric.

Learn more

Explore these resources to stay updated on our product innovations in security and governance for your data:

• Learn how to secure and govern your entire data estate with Microsoft Purview.
• Learn more about Microsoft Purview Data Governance.
• Get started with Microsoft Fabric.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Work Trends Index

²AI Regulations around the World – 2025

The post New innovations in Microsoft Purview for protected, AI-ready data appeared first on Microsoft Security Blog.

Across many sessions and demos, we’ll address the top security pain points related to AI and empower you with practical, actionable strategies. Keep reading this blog for a guide of highlighted sessions for security professionals of all levels, whether you’re attending in-person or online.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

Be among the first to hear top news

Microsoft is bringing together every part of the company in a collective mission to advance cybersecurity protection to help our customers and the security community. We have four powerful advantages to drive security innovation: large-scale data and threat intelligence; end-to-end protection; responsible AI; and tools to secure and govern the use of AI.

Microsoft Chairman and Chief Executive Officer Satya Nadella said in May 2024 that security is the top priority for our company. At the Microsoft Ignite opening keynote on Tuesday, November 19, 2024, Microsoft Security Executive Vice President Charlie Bell and Corporate Vice President (CVP), Microsoft Security Business Vasu Jakkal will join Nadella to discuss Microsoft’s vision for the future of security. Other well-known cybersecurity speakers at Microsoft Ignite include Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO); Joy Chik, President, Identity, and Network Access; Mark Russinovich, Chief Technology Officer and Deputy CISO; and Sherrod DeGrippo, Director of Threat Intelligence Strategy.

For a deeper dive into security product news and demos, join the security general session on Wednesday, November 20, 2024, at 11:00 AM CT. Hear from Vasu Jakkal; Joy Chik; Rob Lefferts, CVP, Microsoft Threat Protection; Herain Oberoi, General Manager, Microsoft Data Security, Privacy, and Compliance; and Michael Wallent, CVP; who will share exciting security innovations to empower you with AI tools designed to help you get ahead of attackers.

These news-breaking sessions are just the start of the value you can gain from attending online.

Benefit from insights designed for your role

While cybersecurity is a shared concern of security professionals, we realize the specific concerns are unique to role. Recognizing this, we developed sessions tailored to what matters most to you.

• CISOs and senior security leaders: If you’ll be with us in Chicago, kick off the conference with the Microsoft Ignite Security Forum on November 18, 2024 from 1 PM CT to 5 PM CT. Join this exclusive pre-day event to hear from Microsoft security experts on threat intelligence insights, our Secure Future Initiative (SFI), and trends in security. Go back to your registration to add this experience on. Also for those in Chicago, be sure to join the Security Leaders Dinner, where you can engage with your peers and provide insights on your greatest challenges and successes. If you’re joining online, gain firsthand access to the latest Microsoft Security announcements. Whether you’re in person or online, don’t miss “Proactive security with continuous exposure management” (BRK324), which will explore how Microsoft Security Exposure Management unifies disparate data silos for visibility of end-to-end attack surface, and “Secure and govern data in Microsoft 365 Copilot and beyond” (BRK321), which will discuss the top concerns of security leaders when it comes to AI and how you can gain the confidence and tools to adopt AI. Plus, learn how to make your organization as diverse as the threats you are defending in “The Power of Diversity: Building a stronger workforce in the era of AI” (BRK330).
• Security analysts and engineers: Join actionable sessions for information you can use immediately. Sessions designed for the security operations center (SOC) include “Microsoft cybersecurity architect lab—Infrastructure security” (LAB454), which will showcase how to best use the Microsoft Secure Score to improve your security posture, and “Simplify your SOC with the unified security operations platform” (BRK310), which will feature a fireside chat with security experts to discuss common security challenges and topics. Plus, learn to be a champion of safe AI adoption in “Scott and Mark learn responsible AI” (BRK329), which will explore the three top risks in large language models and the origins and potential impacts of each of these.
• Developers and IT professionals: We get it—security isn’t your main focus, but it’s increasingly becoming part of your scope. Get answers to your most pressing questions at Microsoft Ignite. Sessions that may interest you include “Secure and govern custom AI built on Azure AI and Copilot Studio” (BRK322), which will dive into how Microsoft can enable data security and compliance controls for custom apps, detect and respond to AI threats, and managed your AI stack vulnerabilities, and “Making Zero Trust real: Top 10 security controls you can implement now” (BRK328), which offers technical guidance to make Zero Trust actionable with 10 top controls to help improve your organization’s security posture. Plus, join “Supercharge endpoint management with Microsoft Copilot in Intune” (THR656) for guidance on unlocking Microsoft Intune’s potential to streamline endpoint management.
• Microsoft partners: We appreciate our partners and have developed sessions aimed at supporting you. These include “Security partner growth: The power of identity with Entra Suite” (BRK332) and “Security partner growth: Help customers modernize security operations” (BRK336).

Attend sessions tailored to addressing your top challenge

When exploring effective cybersecurity strategies, you likely have specific challenges that are motivating your actions, regardless of your role within your organization. We respect that our attendees want a Microsoft Ignite experience tailored to their specific objectives. We’re committed to maximizing your value from attending the event, with Microsoft Security sessions that address the most common cybersecurity challenges.

• Managing complexity: Discover ways to simplify your infrastructure in sessions like “Simpler, smarter, and more secure endpoint management with Intune” (BRK319), which will explore new ways to strengthen your security with Microsoft Intune and AI, and “Break down risk silos and build up code-to-code security posture” (BRK312), which will focus on how defenders can overcome the expansive alphabet soup of security posture tools and gain a unified cloud security posture with Microsoft Defender for Cloud.   
• Increasing efficiency:: Learn how AI can help you overcome talent shortage challenges in sessions like “Secure data across its lifecycle in the era of AI” (BRK318), which will explore Microsoft Purview leveraging Microsoft Security Copilot can help you detect hidden risks, mitigate them, and protect and prevent data loss, and “One goal, many roles: Microsoft Security Copilot: Real-world insights and expert advice” (BRK316), which will share best practices and insider tricks to maximize Copilot’s benefits so you can realize quick value and enhance your security and IT operations.  
• Threat landscape: Navigate effectively through the modern cyberthreat landscape, guided by the insights shared in sessions like “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will share a secret in Microsoft Defender for Endpoint success and how it uses machine learning and threat intelligence, and the theater session “Threat intelligence at machine speed with Microsoft Security Copilot” (THR555), which will showcase how Copilot can be used as a research assistant, analyst, and responder to simplify threat management.
• Regulatory compliance: Increase your confidence in meeting regulatory requirements by attending sessions like “Secure and govern your data estate with Microsoft Purview” (BRK317), which will explore how to secure and govern your data with Microsoft Purview, and “Secure and govern your data with Microsoft Fabric and Purview” (BRK327), which will dive into how Microsoft Purview works together with Microsoft Fabric for a comprehensive approach to secure and govern data.
• Maximizing value: Discover how to maximize the value of your cybersecurity investments during sessions like “Transform your security with GenAI innovations in Security Copilot” (BRK307), which will showcase how Microsoft Security Copilot’s automation capabilities and use cases can elevate your security organization-wide, and “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will dive into the key secret to the success of Defender for Endpoint customers in reducing the risk of ransomware attacks as well maximizing the value of the product’s new features and user interfaces.

Explore cybersecurity tools with product showcases and hands-on training

Learning about Microsoft security capabilities is useful, but there’s nothing like trying out the solutions for yourself. Our in-depth showcases and hands-on trainings give you the chance to explore these capabilities for yourself. Bring a notepad and your laptop and let’s put these tools to work.

• “Secure access at the speed of AI with Copilot in Microsoft Entra” (THR556): Learn how AI with Security Copilot and Microsoft Entra can help you accelerate tasks like troubleshooting, automate cybersecurity insights, and strengthen Zero Trust.  
• “Mastering custom plugins in Microsoft Security Copliot” (THR653): Gain practical knowledge of using Security Copilot’s capabilities during a hands-on session aimed at security and IT professionals ready for advanced customization and integration with existing security tools. 
• “Getting started with Microsoft Sentinel” (LAB452): Get hands-on experience on building detections and queries, configuring your Microsoft Sentinel environment, and performing investigations. 
• “Secure Azure services and workloads with Microsoft Defender for Cloud” (LAB457): Explore how to mitigate security risks with endpoint security, network security, data protection, and posture and vulnerability management. 
• “Evolving from DLP to data security with Microsoft Preview” (THR658): See for yourself how Microsoft Purview Data Loss Prevention (DLP) integrates with insider risk management and information protection to optimize your end-to-end DLP program. 

Network with Microsoft and other industry professionals

While you’ll gain a wealth of insights and learn about our latest product innovations in sessions, our ancillary events offer opportunities to connect and socialize with Microsoft and other security professionals as committed to you to strengthening the industry’s defenses against cyberthreats. That’s worth celebrating!

• Pre-day Forum: All Chicago Microsoft Ignite attendees are welcome to add on to the event with our pre-day sessions on November 18, 2024, from 1 PM CT to 5 PM CT. Topics covered will include threat intelligence, Microsoft’s Secure Future Initiative, AI innovation, and AI security research, and the event will feature a fireside chat with Microsoft partners and customers. The pre-day event is designed for decision-makers from businesses of all sizes to advance your security strategy. If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.
• Security Leaders Dinner: We’re hosting an exclusive dinner with leaders of security teams, where you can engage with your peers and provide insights on your greatest challenges and successes. This intimate gathering is designed specifically for CISOs and other senior security leaders to network, share learnings, and discuss what’s happening in cybersecurity.   
• Secure the Night Party: All security professionals are encouraged to celebrate the cybersecurity community with Microsoft from 6 PM CT to 10 PM CT on Wednesday, November 20, 2024. Don’t miss this opportunity to connect with Microsoft Security subject matter experts and peers at our “Secure the Night” party during Microsoft Ignite in Chicago. Enjoy an engaging evening of conversations and experiences while sipping tasty drinks and noshing on heavy appetizers provided by Microsoft. We look forward to welcoming you. Reserve your spot today! 

Something that excites us the most about Microsoft Ignite is the opportunity to meet with cybersecurity professionals dedicated to modern defense. Stop by the Microsoft Security Expert Meetup space to say hello, learn more about capabilities you’ve been curious about, or ask questions about Microsoft’s cybersecurity efforts. 

Hear from our Microsoft Intelligent Security Association partners at Microsoft Ignite

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security technology, will be back at Microsoft Ignite 2024.

We kick things off by celebrating our Security Partner of the Year award winners BlueVoyant (Security), Cyclotron (Compliance), and Inspark (Identity) who will join Vasu Jakkal for a fireside chat on “How security strategy is adapting for AI,” during the Microsoft Ignite Security Pre-day Forum. This panel discussion includes insights into trends partners are seeing with customers relating to AI, a view on practical challenges, and scenarios that companies encounter when deploying AI, as well as the expert guidance and best practices that security partners can offer to ensure successful AI integration in security strategies.

MISA is thrilled to welcome small and medium business (SMB) verified solution status to its portfolio. This solution verification highlights technology solutions that are purpose built to meet the needs of small and medium businesses, and the MSSPs who often manage IT and security on behalf of SMBs. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with Blackpoint Cyber and Huntress.

Join MISA members including Blackpoint Cyber and Huntress at the Microsoft Expert Meetup Security area where 14 members will showcase their solutions and Microsoft Security Technology. Review the full schedule below.

We are looking forward to connecting with our customers and partners at the Microsoft Secure the Night Party on Wednesday, November 20, from 6 to 10 PM CT.  This evening event offers a chance to connect with Microsoft Security subject matter experts and MISA partners while enjoying cocktails, great food, and entertainment. A special thank you to our MISA sponsors: Armor, Cayosoft, ContraForce, HID, Lighthouse, Ontinue, and Quorum Cyber.

Register today to attend Microsoft Ignite online

There’s still time to register to participate in Microsoft Ignite online from November 19 to 22, 2024, to catch security-focused breakout sessions, product demos, and participate in interactive Q&A sessions with our experts. No matter how you participate in Microsoft Ignite, you’ll gain insights on how to secure your future with an AI-first, end-to-end cybersecurity approach to keep your organizations safer.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite. Microsoft Experts will be hosting live Ask Microsoft Anything sessions on topics from Security for AI to Copilot for Security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

In response, many leading organizations are re-evaluating their security strategy and moving away from a patchwork of disparate solutions in an effort to reduce costs, eliminate gaps, and improve security posture overall. They are adopting an end-to-end security approach, which is not an entirely new concept but rather an evolving vision of the technology, culture, and training necessary to tackle cybersecurity successfully. End-to-end security focuses on fully securing your entire digital estate pre- and post-breach, with management, mitigation, and assessment capabilities. For instance, Microsoft Security spans more than 50 categories within six product families, aligning seamlessly with our Security Future Initiative efforts introduced in November 2023.

End-to-end security is a comprehensive and proactive approach to protecting your environment that is grounded in a Zero Trust security strategy. It’s about a cohesive user experience as much as it is about complete threat intelligence and a consistent data platform. All products work together effectively to address identity, devices, clouds, data, and network. It requires that you have a multitude of capabilities in place, from identity to data to threat protection to governance and compliance. It protects you from every angle, across security, compliance, identity, device management, and privacy. And you can accelerate the benefits of end-to-end security even further with generative AI.

Zero Trust security

Build a secure hybrid workforce and drive business agility with a Zero Trust approach to security.

Get started

Why an evolving landscape makes end-to-end security appealing

You can’t protect what you can’t see or understand. Many organizations are siloed rather than possessing a single vision for cybersecurity. And when these siloed areas of the organization—perhaps none are more siloed than IT and security teams—are not talking to each other, the integration of tools, people, and processes faces a major roadblock. With AI tools gaining popularity in the digital workplace, communication challenges are more apparent as organizations seek increased visibility and greater control of AI usage.

Another challenge is the enormous scale of data that needs analysis to produce threat intelligence and effective threat response. The volume can be overwhelming, and with a patchwork security strategy, even best-in-breed tools are less effective because they cannot contribute to a complete view of the data and offer no way to organize it.

To optimize for the evolving landscape, organizations are changing their security priorities.

Figure 1. A list of nine of the top security priorities organizations should implement in the face of the ever evolving cybersecurity landscape.

The desire for simplification and more effective security are motivating organizations to move to an end-to-end security approach because of significant advantages. Microsoft customers tell us that juggling myriad security products is difficult to maintain and they want to seize opportunities for AI and better manage risk.

ING, one of the biggest banks in Europe, is a great example of how an organization benefits from an end-to-end approach. ING consolidated a fragmented, complicated mix of security tools into an end-to-end security approach for better protection of their private, public, and multicloud environments. The firm is using the solution to protect the company and the 38 million customers it serves across 40 countries.

What are the advantages of an end-to-end security approach?

The end-to-end security approach consolidates all your cybersecurity tools, from data protection to incident response and everything in between, into one solution. According to IDC’s North American Tools and Vendors Consolidation Survey conducted in November and December 2023, approximately 86% of organizations are either actively consolidating or planning to consolidate their tools. And 50% of those planning a consolidation have almost 50 tools (20 vendors on average).³ By interconnecting different tools through APIs, you simplify the security of your organization and gain greater visibility over everything happening. Without that visibility, you lack the knowledge of what you need to protect and govern your data, as well as investigate when a breach occurs.  

When combined with AI, end-to-end security overcomes challenges that can’t be solved by automation or code. That kind of agility is critical to address potential risks and successfully defend against modern cyberthreats, especially in confronting the scale at which breaches are occurring.

Plus, end-to-end security solves challenges in a way that allows for data gravity, which involves bringing applications and services to your data rather than the other way around. It’s useful in instances where the data is extremely large. Introducing data gravity enables new types of security scenarios to be built, sparking innovation in your security strategy. And end-to-end security paves the way for security assessments of your resources and other benefits of continuous posture management.

“By adopting multiple interoperable Microsoft security solutions, we have improved our preventative capabilities, our incident response times, and our scope for monitoring our environment,” said Glauco Sampaio, Chief Information Security Officer at Cielo. “It was surprisingly simple to enable real-time visibility across our environment. It’s been a leap in our security maturity level.”

Explore how adopting end-to-end security benefits you

Taking an end-to-end approach to security can pay major dividends, especially as you align to the Zero Trust framework. You will be able to determine which solutions to deploy and identify any gaps. An end-to-end approach will help you consolidate the number of tools and applications and use the ones that maximize your benefits. To explore how Microsoft Security with Microsoft Copilot for Security enables you to safeguard your people, data, and infrastructure, visit our webpage.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Execs: Partners ‘Critical’ To Achieving Responsible AI, Security, CRN. May 23, 2024.

²ISC2 Publishes 2023 Workforce Study, ISC2. October 31, 2023.

³North American Security Tools and Vendors Consolidation Study: Insights on Product Consolidation Plans, IDC. April 2024.

The post How comprehensive security simplifies the defense of your digital estate appeared first on Microsoft Security Blog.

We are also excited to announce new innovations including an embedded Copilot in Microsoft Purview experience for data governance, deeper integrations with Microsoft Fabric, and broadening our partner network to help organizations confidently activate their data estate. In this post, we will highlight the growing challenges facing today’s data landscape and explore how Microsoft Purview Data Governance is helping customers establish a federated data-driven culture.

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Security and governance have become a team sport

In today’s world, the sophistication of cyberattacks, increasing regulations, an ever-expanding data estate, and business demand for insights are converging. This convergence pressurizes business leaders to adopt a unified strategy to confidently ensure AI readiness. Microsoft Purview is a comprehensive set of solutions that can help organizations secure, govern, and manage their data, wherever it lives. The unification of data security and governance capabilities in Microsoft Purview reflects our belief that our customers need a simpler approach to data. Microsoft Purview’s modern data governance solution addresses the challenges of the AI era with a business-friendly solution that empowers organizations to confidently democratize their data.

Governing data has been easier said than done

The practice of data governance is not just about technology. It starts with people and processes. Without a clear vision, strategy, and roadmap, organizations often struggle to align stakeholders, define roles, and communicate the benefits of data governance across the organization. This can result in low adoption and resistance to change. Data leaders encounter four primary challenges when implementing governance solutions:

1. Fragmentation—Organizations find themselves using multiple tools to govern data. This can generate blind spots and lead to difficulties maintaining consistent data quality, security, and compliance.
2. Labor-intensive tasks—Processes such as data classification, metadata management, and compliance reporting can be manual and time consuming.
3. Centralized governance—A centralized approach stifles innovation and leads to shadow business intelligence where business units—often sales and marketing teams—resort to their own unauthorized tools.
4. Technical interfaces—A poor user experience for business units can block their participation, leaving the practice of data governance centralized around IT.

Microsoft Purview Data Governance: a solution for the era of AI

About a decade ago, Microsoft’s Senior Leadership team, led by Chief Executive Officer Satya Nadella, asked a team of senior leaders, “Do we know where all of our data lives?” The question was difficult to answer. Like many organizations, our data was kept in silos, contributing to a lack of visibility and governance. This realization created an urgency for Microsoft to solve this problem in a way that could help our own business and our customers. We needed to streamline data visibility, management and access.

The biggest cultural change was the shift from a centralized approach to a federated governance structure with central guidance, training, and policies. This allowed individual business units to manage their own data quality while staying in sync with the main data office to maintain policy efficacy. This federated approach combined with the right technology tilts the scale in favor of the business, enabling every user to leverage high quality, trusted data. The re-imagined solution is grounded in years of applied learning and proven practices from navigating our own data transformation journey. Our vision for the new data governance solution is based on the following design principles: 

AI-powered—To eliminate the drudgery of tasks surrounding manual classification and tagging of data, AI has been infused at every layer of the experience to help automate manual tasks and accelerate data curation, data management, and data discovery. For example, data stewards can now generate data quality rules automatically, saving hours of manual work. Data consumers can quickly find data products by specifying the data they are looking for in their natural language. With the power of AI, you can automate tasks like assigning business domains, providing glossary terms, and setting data quality rules and objectives and key results (OKRs) to make your data easily discoverable by the line of business users.

Figure 1. AI-powered data discovery in Microsoft Purview Data Governance.

Business-friendly—Designed with the user in mind, the new experience supports multiple functions across an organization with clear role definitions. The Data Catalog is an enterprise repository to help data stewards (people responsible for data governance) and data owners (people handling day-to-day maintenance of data) curate assets and enable responsible democratization of data. Within the experience, the data health capability was purpose-built for the data office to ensure data quality, alignment with industry standards (for example, Cloud Data Management Capabilities framework), and built-in reports to assess the health of the governance practice across the organization. For example, customers can easily define and organize data with business domains (such as finance and claims) and set OKRs to link business objectives to the Data Catalog.

Figure 2. Business-friendly browsing experience in the Data Catalog.

Unified—The unified experience reduces the need for fragmented point solutions. The integrated Microsoft Purview portal provides a centralized solution for data classification, labeling, lineage, audit logging, and management across a variety of platforms, including the built-in integration with Microsoft Fabric to ensure a best-in-class governance experience as you bring your data into the era of AI. The new experience also offers comprehensive data governance capabilities such as the extraction of metadata, scanning, and data quality across additional sources including SQL, ADLS, Synapse Analytics, and Azure Databricks, as well as third-party sources such as Snowflake. This streamlines the process, saving both time and the expense of integrating disparate solutions. Additionally, the new solution enables visibility across the health of your data assets, providing insights into curated data in your catalog, classification status, and sensitivity labels. Lastly, the solution includes built-in workflow capabilities to help you efficiently assign action owners to improve your governance posture.

Figure 3. Built-in workflows to improve governance posture.

“Embracing Microsoft Purview Data Governance has been a game-changer for Vanderlande. As a preview customer over the past 18 months, we’ve witnessed Microsoft Purview’s remarkable growth and the eagerness of Microsoft to bring a state-of-the-art governance solution to the market. Based on the general availability, we will start the implementation of these capabilities across our global organization.”

—Geert-Jan Verdonk, Data Governance Lead, Vanderlande (a Toyota automated logistics company)

New capabilities coming with general availability

Copilot embedded experience in Microsoft Purview (Preview)—We are introducing Copilot capabilities within the Data Governance experience to guide customers in getting started with the solution. This experience will recommend proven best practices to create an enterprise catalog, helping data professionals quickly discover, curate, and manage their data.

Deeper Microsoft Fabric integration (Preview)—As part of our tight integration with Microsoft Fabric, we are excited to announce the ability to build your own custom reports out of Fabric data. In addition, the data quality feature will now support any Microsoft Fabric source, whether it is mirrored or shortcut. If a source is supported by Fabric, Microsoft Purview can now scan it and use it as part of its data quality rules.

Broadening our partner network—As we announced in March 2024, a modern data governance solution integrates across your digital estate. We are excited to announce two more partners to our ecosystem: ER Studio (an Idera company) for data modeling and RELTIO for master data management. Additionally, CluedIn, Profisee, Semarchy, and Solidatus have their integrations live in Azure Marketplace today.

Try it today

Please log on to the Microsoft Purview portal and give the data governance experience within the “Data Catalog” icon a try. If you want to learn more, please access the following resources:

• Microsoft Purview Data Governance learning docs.
• Webinar: Fabric + Purview webinar—The CDO Dilemma.
• Visit the Microsoft Purview Data Governance website.
• Visit us at the CDOIQ Symposium at MIT in Massachusetts from July 16 to18, 2024.
• Blog: Modern Data Governance for the era of AI.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview Data Governance will be generally available September 1, 2024 appeared first on Microsoft Security Blog.

Fragmentation is in the way

The market has responded with dozens of products that address this challenge locally. Security and governance teams often bolt on security controls to protect individual data stores, having to stitch together a patchwork of solutions. This approach not only strains resources but is also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.

In Microsoft’s most recent Data Security Index report, we found that 74% of organizations experienced some sensitive data exposure in the past year. Similarly, 68% of companies reported not being able to gather the right data insights, leading to poor data quality.² And even though organizations are quickly adopting generative AI, less than half of business leaders are confident in their organization’s ability to mitigate AI risks and adhere to its upcoming regulations.³ In the era of AI, before unlocking the power of data, organizations are looking for integrated security and governance solutions to help them confidently activate their data estate.

“In the age of data-driven decision making, organizations must recognize that governance practices are prerequisites for extracting trusted and responsible insights from their data. Without proper security and governance, analytics initiatives are at risk of producing unreliable or compromised results, which in turn negatively impacts business outcomes.”

—Chandana Gopal, Research Director, Enterprise Intelligence, IDC

Microsoft Purview—Seamlessly securing and confidently activating your data estate

The rise of generative AI and data democratization in the form of new analytics tools has made organizations look inward to adopt responsible analytics practices. At Microsoft, we believe that the key to responsible analytics is in adopting integrated solutions to secure your data, so you can confidently activate it. Security and governance are no longer an aftermath to data deployments, they are table stakes.

In 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate. Since then, the teams have worked tirelessly to bring this vision to life. With a unified approach, Microsoft Purview combines a variety of capabilities to allow customers to seamlessly secure, and confidently activate data, while adhering to regulatory requirements in one single solution built on a shared set of AI-powered data governance, classification, and audit logging, all under a unified management experience.

Seamlessly secure your data with built-in controls

With the rapid adoption of platforms such as Microsoft Fabric, we are excited to announce new innovations—all in preview—to help organizations adopt built-in data security across their most utilized systems. Starting today, we are enabling the following experiences:

• Built-in protections: Business users can now apply label-based protections—a familiar concept to the millions of users who employ Microsoft 365 labels and data loss prevention (DLP) policies, into Microsoft Fabric workloads. 
• Consistent enforcements: Admins can now extend their label-based protections across structured and unstructured data stores, including Microsoft Azure SQL, Microsoft Azure Data Lake Storage, and Amazon S3 buckets.
• Data risk detections: Data doesn’t move itself. People move data. Security teams can now ingest signals coming from Microsoft Fabric into the millions of signals across Microsoft Purview Insider Risk Management.

Click here to watch the Microsoft Mechanics video to see this scenario in action!

These capabilities enable a confident approach to data democratization as organizations work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to seamlessly secure your data estate with our new capabilities.

Confidently activate your data with modern data governance

We are thrilled to introduce the new Microsoft Purview Data Governance experience. This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate. The new experience is:

• Business-friendly, federated, multicloud: Purpose-built for federated governance with efficient data office management and oversight that offers customizable business terms, roles, and policies for your multisource, multicloud data estate.
• Designed for business efficiency: Scan and search data assets and accelerate your practice with built-in templates, terms, and policy recommendations served up based on your metadata. Define data quality policies that follow the data through your governance practice.
• Actionable and informative: Aggregated actions and health insights help you put the practice in data governance by showcasing the overall health of your governed estate through built-in reports while interactive summarized actions help you improve the overall posture of your data governance practice.

Click here to learn more about our new modern Data Governance experience.

Expanding across your data estate

These innovations, all in public preview, are just the beginning of our journey to provide you with an integrated solution to secure and govern your data estate. We invite you to try them out and share your feedback with us. These capabilities will come in a new pay-as-you-go consumptive model, available at no additional cost during preview in the near term, with pricing details to follow in the future.

Join us at the Fabric Community Conference

Please join us at the first ever Microsoft Fabric Community Conference in Las Vegas. If you’re attending, don’t miss the “Microsoft Purview for the Age of AI” keynote and our sessions on Microsoft Purview. Explore more details on how Microsoft Purview can help you and read our e-book “Crash Course in Microsoft Purview: A guide to securing and managing your data estate.”

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on X at @MSFTSecurity for the latest news and updates on cybersecurity.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

¹Worldwide Global DataSphere and Global StorageSphere Structured and Unstructured, DOC #US50397723, Data Forecast, 2023–2027 Market Forecast. June 13, 2023.

²2022 Chief Data Officer survey, Deloitte. September 2022.

³ISMG First Annual Generative AI Study: Business rewards vs. Security Risks. January 31, 2024.

The post The foundation for responsible analytics with Microsoft Purview appeared first on Microsoft Security Blog.

Today, we are taking a significant step in completing the delivery of functionality we promised when we first unveiled the vision for the Microsoft Intune Suite.¹ We are launching three new solutions: Microsoft Intune Enterprise Application Management, Microsoft Intune Advanced Analytics, and Microsoft Cloud PKI. With these additions, the Intune Suite now goes beyond unified endpoint management to bring you a comprehensive collection of advanced cross-platform capabilities across three core areas: streamlined application security, secure access to on-premises and private cloud resources, and improved troubleshooting and support. While we will continue to add more functionality over time, today’s release marks “the end of the beginning,” as the main components of the Intune Suite are generally available this month. As such, let’s take the opportunity to recap the principles behind the value and functionality of the Intune Suite.

Microsoft Intune

Enhance security and IT efficiency with the Microsoft Intune Suite.

Learn more

The broad value of the Intune Suite

While the solutions of the Intune Suite launched at different points in time, three fundamental principles have been there from the beginning.

First, one place for workloads adjacent to Unified Endpoint Management. If you’re currently using a mix of third-party solutions, the integrated experience in Microsoft Intune provides security and efficiency on multiple levels. First, one unified solution means fewer integrations to manage across third parties, meaning fewer attack vectors for malicious actors. And second, on a deeper level, the broader Intune proposition (both Intune Suite and Intune) is integrated with Microsoft 365 and Microsoft Security solutions. This provides a consolidated and seamless experience for IT professionals with a single pane of glass for end-to-end endpoint management.

Second, all parts of the Intune Suite are ready to support your cloud and AI-enabled future. Intune Suite will help accelerate organizations’ digital transformation to cloud native and simplify their IT operations. Additionally, data from Intune Suite are consolidated with other Intune and security data, meaning complete visibility across the device estate, informing and improving emerging technologies like Microsoft Copilot for Security. The more interrelated data that Copilot can use, the more it can proactively advise on the next best action.

Lastly, Intune Suite is available in a single unified plan. So, rather than having separate solutions for remote assistance, privilege management, analytics, and more, these advanced solutions can all be consolidated and simplified into one. This provides value in two ways: directly, by reducing the overall licensing cost, as the cost of Intune Suite is less than purchasing separate solutions; and the economic value of the Intune Suite is also in indirect savings: no need to manage separate vendors, train IT admins on separate tools, or maintain costly on-premises public key infrastructure (PKI). The Intune Suite makes it easier for IT admins, reducing overhead costs.

“With what we get out of Intune Suite, we can eliminate other products that our customers need. It’s now a suite of many components that enable customers who want to consolidate solutions and save money.”

—Mattias Melkersen Kalvåg, Mobility and Windows Management Consultant at MINDCORE, and| Microsoft Certified Professional & MVP

From today: A comprehensive suite across applications, access needs, and support

Let’s get into specifics. For application security, Enterprise App Management helps you find, deploy, and update your enterprise apps. And Endpoint Privilege Management lets you manage elevation rules on a per-app basis so that even standard users can run approved privileged apps. Cloud PKI lets you manage certificates from the cloud in lieu of complex, on-premises PKI infrastructure. And Microsoft Tunnel for Mobile Application Management (MAM) is perfect for unenrolled, personal mobile devices, to help broker secure access to line of business apps. Advanced Analytics gives you data-rich insights across your endpoints. And Remote Help lets you view and control your PCs, Mac computers, and specialized mobile devices, right from the Intune admin center. Let us take each of those three product areas in turn.

Increase endpoint security with Enterprise App Management and Endpoint Privilege Management

Enterprise App Management gives you a new app catalog, allowing you to easily distribute managed apps, but also keep them patched and always up to date. With this initial release, you will be able to discover and deploy highly popular, pre-packaged apps, so you no longer need to scour the Internet to find their installation files, repackage, and upload them into Intune. Simply add and deploy the apps directly from their app publishers. You can also allow the apps you trust to self-update, and when a new update is available, it is just one click to update all your devices with that app installed. We will continuously expand and enrich the app catalog functionality in future releases to further advance your endpoint security posture and simplify operations. 

“I’m very excited about Enterprise App Management as it’s powered by a strong app catalog and natively integrated in Intune. This single pane of glass experience is what we’re all looking for.”

—Niklas Tinner, Microsoft MVP and Senior Endpoint Engineer at baseVISION AG

For more control over your apps, with Endpoint Privilege Management, you can scope temporary privilege elevation, based on approved apps and processes. Then, as a user in scope for this policy, you can elevate only the processes and apps that have been approved. For example, users can only run a single app for a short period of time as an administrator. Unlike other approaches that give local admin permissions or virtually unlimited scope, you can selectively allow a user to elevate in a one-off scenario by requesting Intune admin approval, without you needing to define the policy ahead of time.

“Endpoint Privilege Management offers tight integration into the operating system. And the focus that Microsoft has over only elevating specific actions and apps versus making you an admin for a period of time—this is security at its best, going for the least privileged access.”

—Michael Mardahl, Cloud Architect at Apento

Cloud PKI and Microsoft Tunnel for MAM powers secure access

With Cloud PKI, providing both root and issuing Certificate Authorities (CA) in the cloud, you can simply set up a PKI in minutes, manage the certificate lifecycle, reduce the need for extensive technical expertise and tools, and minimize the effort and cost of maintaining on-premises infrastructure. In addition, support for Bring-Your-Own CA is available, allowing you to anchor Intune’s Issuing CA to your own private CA. Certificates can be deployed automatically to Intune-managed devices for scenarios such as authentication to Wi-Fi, VPN, and more; a modern PKI management option that works well to secure access with Microsoft Entra certificate-based authentication. In the initial release, Cloud PKI will also work with your current Active Directory Certificate Services for SSL and TLS certificates, but you do not need to deploy certificate revocation lists, Intune certificate connectors, Network Device Enrollment Service (NDES) servers, or any reverse proxy infrastructure. You can issue, renew, or revoke certificates directly from the Intune admin center automatically or manually. 

Microsoft Tunnel for MAM helps secure mobile access to your private resources. Microsoft Tunnel for MAM works similarly to Microsoft Tunnel for managed devices; however, with this advanced solution, Microsoft Tunnel for MAM works with user-owned (non-enrolled) iOS and Android devices. Microsoft Tunnel for MAM provides secure VPN access at the app level, for just the apps and browser (including Microsoft Edge) your IT admin explicitly authorizes. So, for personally owned devices, the user can access approved apps, without your company’s data moving onto the user’s personal device. App protection policies protect the data within the apps, preventing unauthorized data leakage to other apps or cloud storage locations.

“Cloud PKI within the Intune Suite allows you to go cloud native in terms of certificate deployment, which means you can provision PKIs with just a few clicks—that’s a blessing for all the IT administrators. With this built-in service, Microsoft hosts everything for you to manage certificates.”  

—Niklas Tinner

Resolve support issues quicker with Advanced Analytics and Remote Help

Advanced Analytics in Intune is a powerful set of tools for actionable reporting and AI-driven analytics. It provides deep, near real-time insights into your connected devices and managed apps that help you understand, anticipate, and proactively improve the user experience. We continue to infuse AI and machine learning into our analytics products. For example, you can get ahead of battery degradation in your device fleet through our advanced statistical analysis and use that information to prioritize hardware updates. Intune Suite now includes real-time device querying on-demand using Kusto Query Language for individual devices, useful for troubleshooting and resolving support calls quicker.

With Remote Help, you can also streamline the way you remotely view and interact with your managed devices, for both user-requested or unattended sessions. As a help desk technician, you can securely connect to both enrolled and unenrolled devices. Users also have peace of mind in being able to validate the technician’s identity, to avoid help desk spoofing attempts. Right now, Remote Help works for remote viewing and controlling in Windows PCs and Android dedicated Enterprise devices, and supports remote viewing for macOS. Especially useful for frontline workers, Remote Help for Android allows help desk administrators to configure and troubleshoot unattended devices, meaning issues can be revolved off-shift.

“Remote Help takes away the requirement and the need for third-party remote help tools. Remote Help is native, it’s interactive, and you don’t have to worry about installing anything, it’s already there. It’s part of Intune, it’s part of the build.”

—Matthew Czarnoch, Cloud and Infrastructure Operations Manager at RLS (Registration and Licensing Services)

To see many of these new capabilities in action, we invite you to watch this new Microsoft Mechanics video.

Analyst recognition for Microsoft

With the additions to the Intune Suite now available, IT can power a more secure and productive future at an important time as AI comes online. Notably, analyst recognition is validating the importance of its value. For example, Microsoft again assumes the strongest leadership position in the Omdia Universe: Digital Workspace Management and Unified Endpoint Management Platforms 2024. Omdia wrote: “Microsoft is focused on reducing management costs by utilizing the Microsoft Intune Suite and integrating different solutions with it.” They added: “The company plans to invest in Endpoint Analytics and Security Copilot to introduce data-driven management, helping IT professionals shift from reactive, repetitive tasks to strategic ones by utilizing Endpoint Analytics and automation.” Omdia’s recognition follows that from others like Forrester, who named Microsoft as a Leader in The Forrester Wave™ for Unified Endpoint Management, Q4 2023.

Get started with consolidated endpoint management solutions with the Microsoft Intune Suite

The February 2024 release of the solutions in the Intune Suite marks a key milestone, offering a consolidated, comprehensive solution set together in a cost-effective bundle (and available as individual add-on solutions) for any plan that includes Intune. And in April 2024, they will also be available to organizations and agencies of the United States government community cloud. We look forward to hearing your reactions to the new Intune Suite.

• Microsoft Intune News at Microsoft Ignite 2023.
• Learn more about Microsoft Intune.
• Omdia Universe: Digital Workspace Management/Unified Endpoint Management Platforms 2024.
• Forrester Wave™ for Unified Endpoint Management, Q4 2023. 
• Microsoft Cloud PKI blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Enterprise App Management blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Advanced Analytics blog announcement at Microsoft Ignite 2023.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Ease the burden of managing and protecting endpoints with Microsoft advanced solutions, Dilip Radhakrishnan and Gideon Bibliowicz. April 5, 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The Forrester Wave™: Unified Endpoint Management, Q4 2023, Andrew Hewitt, Glen O’Donnell, Angela Lozada, Rachel Birrell. November 19, 2023.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

Microsoft Purview Audit

Discover new capabilities that will transform how you secure your organization’s data across clouds, devices, and platforms.

Learn more

New default retention period for activity logs

Starting in October 2023, we began rolling out changes to extend default retention to 180 days from 90 for audit logs generated by Audit (Standard) customers. Audit (Premium) license holders will continue with a default of one year, and the option to extend up to 10 years. Our public roadmaps detail when retention changes will reach your organization, starting with worldwide enterprise customers and quickly followed by our government customers in accordance with our standard service rollout process. This update helps all organizations minimize risk by increasing access to historical audit log activity data that is critical when investigating the impact from a security breach incident or accommodating a litigation event.

New logs for increased security

Every day, Microsoft Purview Audit Logs record and retain the thousands of user and admin activities that take place in Microsoft 365 applications. Authorized administrators can search and access the logs from the Microsoft Purview compliance portal to determine the scope of a compromise and enhance their investigations. Audit (Standard) license holders will be able to access an additional 30 audit logs, shown in the table below over the next several months. To learn more about when the logs will be available in your tenant, please visit the Public roadmap.

Microsoft has worked closely with CISA to identify these critical logs and include them in our Microsoft Purview Audit (Standard) license. Audit (Premium) license holders will continue to get longer default retention, broader access to export data, higher bandwidth API access, and logs enriched by Microsoft’s AI-powered intelligent insights.

Additional enhancements recently released and coming soon

In addition to the retention extension and newly available logs, we also have a number of new enhancements in Purview Audit recently released or coming soon, that will help improve your experience:

• Audit Search Graph API: Programmatically access new async Audit Search experience for improved reliability and search completeness, through Microsoft Graph API. 
• Granular scoping with role-based access controls: Delegate role-based permissions to users or analysts in a granular way and access role-based information with Audit search results.  
• Audit Custom Activities Search: Admins can use the custom search bar to search for several audit log events directly. 
• Customized retention policies (short): Customers with the 10-Year Audit Log Retention add-on for Microsoft Purview Audit (Premium) can create additional customized retention policies (7 days, 30 days, three years, five years, and seven years retention). And customers with the Audit (Premium) SKU will have additional short-term retention policies available (7 days and 30 days).
• Customized retention policies (long): New long-term retention policies for the 10-Year Audit Log Retention add-on for Microsoft Purview Audit (Premium) (three years, five years, and seven years).

We are pleased to share today’s cloud logging update as a continuation of the thoughtful conversations we’ve had with our security experts, customers, and influential authorities like CISA. Please visit the Public roadmap to get the latest information on updates coming to Microsoft Purview Audit. 

Learn more

Learn more about Microsoft Purview Audit or sign up now for a free trial.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X, formerly known as Twitter, (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹Expanding cloud logging to give customers deeper security visibility, Vasu Jakkal. July 19, 2023.

The post Expanding audit logging and retention within Microsoft Purview for increased security visibility appeared first on Microsoft Security Blog.