Across many sessions and demos, we’ll address the top security pain points related to AI and empower you with practical, actionable strategies. Keep reading this blog for a guide of highlighted sessions for security professionals of all levels, whether you’re attending in-person or online.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

Be among the first to hear top news

Microsoft is bringing together every part of the company in a collective mission to advance cybersecurity protection to help our customers and the security community. We have four powerful advantages to drive security innovation: large-scale data and threat intelligence; end-to-end protection; responsible AI; and tools to secure and govern the use of AI.

Microsoft Chairman and Chief Executive Officer Satya Nadella said in May 2024 that security is the top priority for our company. At the Microsoft Ignite opening keynote on Tuesday, November 19, 2024, Microsoft Security Executive Vice President Charlie Bell and Corporate Vice President (CVP), Microsoft Security Business Vasu Jakkal will join Nadella to discuss Microsoft’s vision for the future of security. Other well-known cybersecurity speakers at Microsoft Ignite include Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO); Joy Chik, President, Identity, and Network Access; Mark Russinovich, Chief Technology Officer and Deputy CISO; and Sherrod DeGrippo, Director of Threat Intelligence Strategy.

For a deeper dive into security product news and demos, join the security general session on Wednesday, November 20, 2024, at 11:00 AM CT. Hear from Vasu Jakkal; Joy Chik; Rob Lefferts, CVP, Microsoft Threat Protection; Herain Oberoi, General Manager, Microsoft Data Security, Privacy, and Compliance; and Michael Wallent, CVP; who will share exciting security innovations to empower you with AI tools designed to help you get ahead of attackers.

These news-breaking sessions are just the start of the value you can gain from attending online.

Benefit from insights designed for your role

While cybersecurity is a shared concern of security professionals, we realize the specific concerns are unique to role. Recognizing this, we developed sessions tailored to what matters most to you.

• CISOs and senior security leaders: If you’ll be with us in Chicago, kick off the conference with the Microsoft Ignite Security Forum on November 18, 2024 from 1 PM CT to 5 PM CT. Join this exclusive pre-day event to hear from Microsoft security experts on threat intelligence insights, our Secure Future Initiative (SFI), and trends in security. Go back to your registration to add this experience on. Also for those in Chicago, be sure to join the Security Leaders Dinner, where you can engage with your peers and provide insights on your greatest challenges and successes. If you’re joining online, gain firsthand access to the latest Microsoft Security announcements. Whether you’re in person or online, don’t miss “Proactive security with continuous exposure management” (BRK324), which will explore how Microsoft Security Exposure Management unifies disparate data silos for visibility of end-to-end attack surface, and “Secure and govern data in Microsoft 365 Copilot and beyond” (BRK321), which will discuss the top concerns of security leaders when it comes to AI and how you can gain the confidence and tools to adopt AI. Plus, learn how to make your organization as diverse as the threats you are defending in “The Power of Diversity: Building a stronger workforce in the era of AI” (BRK330).
• Security analysts and engineers: Join actionable sessions for information you can use immediately. Sessions designed for the security operations center (SOC) include “Microsoft cybersecurity architect lab—Infrastructure security” (LAB454), which will showcase how to best use the Microsoft Secure Score to improve your security posture, and “Simplify your SOC with the unified security operations platform” (BRK310), which will feature a fireside chat with security experts to discuss common security challenges and topics. Plus, learn to be a champion of safe AI adoption in “Scott and Mark learn responsible AI” (BRK329), which will explore the three top risks in large language models and the origins and potential impacts of each of these.
• Developers and IT professionals: We get it—security isn’t your main focus, but it’s increasingly becoming part of your scope. Get answers to your most pressing questions at Microsoft Ignite. Sessions that may interest you include “Secure and govern custom AI built on Azure AI and Copilot Studio” (BRK322), which will dive into how Microsoft can enable data security and compliance controls for custom apps, detect and respond to AI threats, and managed your AI stack vulnerabilities, and “Making Zero Trust real: Top 10 security controls you can implement now” (BRK328), which offers technical guidance to make Zero Trust actionable with 10 top controls to help improve your organization’s security posture. Plus, join “Supercharge endpoint management with Microsoft Copilot in Intune” (THR656) for guidance on unlocking Microsoft Intune’s potential to streamline endpoint management.
• Microsoft partners: We appreciate our partners and have developed sessions aimed at supporting you. These include “Security partner growth: The power of identity with Entra Suite” (BRK332) and “Security partner growth: Help customers modernize security operations” (BRK336).

Attend sessions tailored to addressing your top challenge

When exploring effective cybersecurity strategies, you likely have specific challenges that are motivating your actions, regardless of your role within your organization. We respect that our attendees want a Microsoft Ignite experience tailored to their specific objectives. We’re committed to maximizing your value from attending the event, with Microsoft Security sessions that address the most common cybersecurity challenges.

• Managing complexity: Discover ways to simplify your infrastructure in sessions like “Simpler, smarter, and more secure endpoint management with Intune” (BRK319), which will explore new ways to strengthen your security with Microsoft Intune and AI, and “Break down risk silos and build up code-to-code security posture” (BRK312), which will focus on how defenders can overcome the expansive alphabet soup of security posture tools and gain a unified cloud security posture with Microsoft Defender for Cloud.   
• Increasing efficiency:: Learn how AI can help you overcome talent shortage challenges in sessions like “Secure data across its lifecycle in the era of AI” (BRK318), which will explore Microsoft Purview leveraging Microsoft Security Copilot can help you detect hidden risks, mitigate them, and protect and prevent data loss, and “One goal, many roles: Microsoft Security Copilot: Real-world insights and expert advice” (BRK316), which will share best practices and insider tricks to maximize Copilot’s benefits so you can realize quick value and enhance your security and IT operations.  
• Threat landscape: Navigate effectively through the modern cyberthreat landscape, guided by the insights shared in sessions like “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will share a secret in Microsoft Defender for Endpoint success and how it uses machine learning and threat intelligence, and the theater session “Threat intelligence at machine speed with Microsoft Security Copilot” (THR555), which will showcase how Copilot can be used as a research assistant, analyst, and responder to simplify threat management.
• Regulatory compliance: Increase your confidence in meeting regulatory requirements by attending sessions like “Secure and govern your data estate with Microsoft Purview” (BRK317), which will explore how to secure and govern your data with Microsoft Purview, and “Secure and govern your data with Microsoft Fabric and Purview” (BRK327), which will dive into how Microsoft Purview works together with Microsoft Fabric for a comprehensive approach to secure and govern data.
• Maximizing value: Discover how to maximize the value of your cybersecurity investments during sessions like “Transform your security with GenAI innovations in Security Copilot” (BRK307), which will showcase how Microsoft Security Copilot’s automation capabilities and use cases can elevate your security organization-wide, and “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will dive into the key secret to the success of Defender for Endpoint customers in reducing the risk of ransomware attacks as well maximizing the value of the product’s new features and user interfaces.

Explore cybersecurity tools with product showcases and hands-on training

Learning about Microsoft security capabilities is useful, but there’s nothing like trying out the solutions for yourself. Our in-depth showcases and hands-on trainings give you the chance to explore these capabilities for yourself. Bring a notepad and your laptop and let’s put these tools to work.

• “Secure access at the speed of AI with Copilot in Microsoft Entra” (THR556): Learn how AI with Security Copilot and Microsoft Entra can help you accelerate tasks like troubleshooting, automate cybersecurity insights, and strengthen Zero Trust.  
• “Mastering custom plugins in Microsoft Security Copliot” (THR653): Gain practical knowledge of using Security Copilot’s capabilities during a hands-on session aimed at security and IT professionals ready for advanced customization and integration with existing security tools. 
• “Getting started with Microsoft Sentinel” (LAB452): Get hands-on experience on building detections and queries, configuring your Microsoft Sentinel environment, and performing investigations. 
• “Secure Azure services and workloads with Microsoft Defender for Cloud” (LAB457): Explore how to mitigate security risks with endpoint security, network security, data protection, and posture and vulnerability management. 
• “Evolving from DLP to data security with Microsoft Preview” (THR658): See for yourself how Microsoft Purview Data Loss Prevention (DLP) integrates with insider risk management and information protection to optimize your end-to-end DLP program. 

Network with Microsoft and other industry professionals

While you’ll gain a wealth of insights and learn about our latest product innovations in sessions, our ancillary events offer opportunities to connect and socialize with Microsoft and other security professionals as committed to you to strengthening the industry’s defenses against cyberthreats. That’s worth celebrating!

• Pre-day Forum: All Chicago Microsoft Ignite attendees are welcome to add on to the event with our pre-day sessions on November 18, 2024, from 1 PM CT to 5 PM CT. Topics covered will include threat intelligence, Microsoft’s Secure Future Initiative, AI innovation, and AI security research, and the event will feature a fireside chat with Microsoft partners and customers. The pre-day event is designed for decision-makers from businesses of all sizes to advance your security strategy. If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.
• Security Leaders Dinner: We’re hosting an exclusive dinner with leaders of security teams, where you can engage with your peers and provide insights on your greatest challenges and successes. This intimate gathering is designed specifically for CISOs and other senior security leaders to network, share learnings, and discuss what’s happening in cybersecurity.   
• Secure the Night Party: All security professionals are encouraged to celebrate the cybersecurity community with Microsoft from 6 PM CT to 10 PM CT on Wednesday, November 20, 2024. Don’t miss this opportunity to connect with Microsoft Security subject matter experts and peers at our “Secure the Night” party during Microsoft Ignite in Chicago. Enjoy an engaging evening of conversations and experiences while sipping tasty drinks and noshing on heavy appetizers provided by Microsoft. We look forward to welcoming you. Reserve your spot today! 

Something that excites us the most about Microsoft Ignite is the opportunity to meet with cybersecurity professionals dedicated to modern defense. Stop by the Microsoft Security Expert Meetup space to say hello, learn more about capabilities you’ve been curious about, or ask questions about Microsoft’s cybersecurity efforts. 

Hear from our Microsoft Intelligent Security Association partners at Microsoft Ignite

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security technology, will be back at Microsoft Ignite 2024.

We kick things off by celebrating our Security Partner of the Year award winners BlueVoyant (Security), Cyclotron (Compliance), and Inspark (Identity) who will join Vasu Jakkal for a fireside chat on “How security strategy is adapting for AI,” during the Microsoft Ignite Security Pre-day Forum. This panel discussion includes insights into trends partners are seeing with customers relating to AI, a view on practical challenges, and scenarios that companies encounter when deploying AI, as well as the expert guidance and best practices that security partners can offer to ensure successful AI integration in security strategies.

MISA is thrilled to welcome small and medium business (SMB) verified solution status to its portfolio. This solution verification highlights technology solutions that are purpose built to meet the needs of small and medium businesses, and the MSSPs who often manage IT and security on behalf of SMBs. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with Blackpoint Cyber and Huntress.

Join MISA members including Blackpoint Cyber and Huntress at the Microsoft Expert Meetup Security area where 14 members will showcase their solutions and Microsoft Security Technology. Review the full schedule below.

We are looking forward to connecting with our customers and partners at the Microsoft Secure the Night Party on Wednesday, November 20, from 6 to 10 PM CT.  This evening event offers a chance to connect with Microsoft Security subject matter experts and MISA partners while enjoying cocktails, great food, and entertainment. A special thank you to our MISA sponsors: Armor, Cayosoft, ContraForce, HID, Lighthouse, Ontinue, and Quorum Cyber.

Register today to attend Microsoft Ignite online

There’s still time to register to participate in Microsoft Ignite online from November 19 to 22, 2024, to catch security-focused breakout sessions, product demos, and participate in interactive Q&A sessions with our experts. No matter how you participate in Microsoft Ignite, you’ll gain insights on how to secure your future with an AI-first, end-to-end cybersecurity approach to keep your organizations safer.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite. Microsoft Experts will be hosting live Ask Microsoft Anything sessions on topics from Security for AI to Copilot for Security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

In response, many leading organizations are re-evaluating their security strategy and moving away from a patchwork of disparate solutions in an effort to reduce costs, eliminate gaps, and improve security posture overall. They are adopting an end-to-end security approach, which is not an entirely new concept but rather an evolving vision of the technology, culture, and training necessary to tackle cybersecurity successfully. End-to-end security focuses on fully securing your entire digital estate pre- and post-breach, with management, mitigation, and assessment capabilities. For instance, Microsoft Security spans more than 50 categories within six product families, aligning seamlessly with our Security Future Initiative efforts introduced in November 2023.

End-to-end security is a comprehensive and proactive approach to protecting your environment that is grounded in a Zero Trust security strategy. It’s about a cohesive user experience as much as it is about complete threat intelligence and a consistent data platform. All products work together effectively to address identity, devices, clouds, data, and network. It requires that you have a multitude of capabilities in place, from identity to data to threat protection to governance and compliance. It protects you from every angle, across security, compliance, identity, device management, and privacy. And you can accelerate the benefits of end-to-end security even further with generative AI.

Zero Trust security

Build a secure hybrid workforce and drive business agility with a Zero Trust approach to security.

Get started

Why an evolving landscape makes end-to-end security appealing

You can’t protect what you can’t see or understand. Many organizations are siloed rather than possessing a single vision for cybersecurity. And when these siloed areas of the organization—perhaps none are more siloed than IT and security teams—are not talking to each other, the integration of tools, people, and processes faces a major roadblock. With AI tools gaining popularity in the digital workplace, communication challenges are more apparent as organizations seek increased visibility and greater control of AI usage.

Another challenge is the enormous scale of data that needs analysis to produce threat intelligence and effective threat response. The volume can be overwhelming, and with a patchwork security strategy, even best-in-breed tools are less effective because they cannot contribute to a complete view of the data and offer no way to organize it.

To optimize for the evolving landscape, organizations are changing their security priorities.

Figure 1. A list of nine of the top security priorities organizations should implement in the face of the ever evolving cybersecurity landscape.

The desire for simplification and more effective security are motivating organizations to move to an end-to-end security approach because of significant advantages. Microsoft customers tell us that juggling myriad security products is difficult to maintain and they want to seize opportunities for AI and better manage risk.

ING, one of the biggest banks in Europe, is a great example of how an organization benefits from an end-to-end approach. ING consolidated a fragmented, complicated mix of security tools into an end-to-end security approach for better protection of their private, public, and multicloud environments. The firm is using the solution to protect the company and the 38 million customers it serves across 40 countries.

What are the advantages of an end-to-end security approach?

The end-to-end security approach consolidates all your cybersecurity tools, from data protection to incident response and everything in between, into one solution. According to IDC’s North American Tools and Vendors Consolidation Survey conducted in November and December 2023, approximately 86% of organizations are either actively consolidating or planning to consolidate their tools. And 50% of those planning a consolidation have almost 50 tools (20 vendors on average).³ By interconnecting different tools through APIs, you simplify the security of your organization and gain greater visibility over everything happening. Without that visibility, you lack the knowledge of what you need to protect and govern your data, as well as investigate when a breach occurs.  

When combined with AI, end-to-end security overcomes challenges that can’t be solved by automation or code. That kind of agility is critical to address potential risks and successfully defend against modern cyberthreats, especially in confronting the scale at which breaches are occurring.

Plus, end-to-end security solves challenges in a way that allows for data gravity, which involves bringing applications and services to your data rather than the other way around. It’s useful in instances where the data is extremely large. Introducing data gravity enables new types of security scenarios to be built, sparking innovation in your security strategy. And end-to-end security paves the way for security assessments of your resources and other benefits of continuous posture management.

“By adopting multiple interoperable Microsoft security solutions, we have improved our preventative capabilities, our incident response times, and our scope for monitoring our environment,” said Glauco Sampaio, Chief Information Security Officer at Cielo. “It was surprisingly simple to enable real-time visibility across our environment. It’s been a leap in our security maturity level.”

Explore how adopting end-to-end security benefits you

Taking an end-to-end approach to security can pay major dividends, especially as you align to the Zero Trust framework. You will be able to determine which solutions to deploy and identify any gaps. An end-to-end approach will help you consolidate the number of tools and applications and use the ones that maximize your benefits. To explore how Microsoft Security with Microsoft Copilot for Security enables you to safeguard your people, data, and infrastructure, visit our webpage.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Execs: Partners ‘Critical’ To Achieving Responsible AI, Security, CRN. May 23, 2024.

²ISC2 Publishes 2023 Workforce Study, ISC2. October 31, 2023.

³North American Security Tools and Vendors Consolidation Study: Insights on Product Consolidation Plans, IDC. April 2024.

The post How comprehensive security simplifies the defense of your digital estate appeared first on Microsoft Security Blog.

We are also excited to announce new innovations including an embedded Copilot in Microsoft Purview experience for data governance, deeper integrations with Microsoft Fabric, and broadening our partner network to help organizations confidently activate their data estate. In this post, we will highlight the growing challenges facing today’s data landscape and explore how Microsoft Purview Data Governance is helping customers establish a federated data-driven culture.

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Security and governance have become a team sport

In today’s world, the sophistication of cyberattacks, increasing regulations, an ever-expanding data estate, and business demand for insights are converging. This convergence pressurizes business leaders to adopt a unified strategy to confidently ensure AI readiness. Microsoft Purview is a comprehensive set of solutions that can help organizations secure, govern, and manage their data, wherever it lives. The unification of data security and governance capabilities in Microsoft Purview reflects our belief that our customers need a simpler approach to data. Microsoft Purview’s modern data governance solution addresses the challenges of the AI era with a business-friendly solution that empowers organizations to confidently democratize their data.

Governing data has been easier said than done

The practice of data governance is not just about technology. It starts with people and processes. Without a clear vision, strategy, and roadmap, organizations often struggle to align stakeholders, define roles, and communicate the benefits of data governance across the organization. This can result in low adoption and resistance to change. Data leaders encounter four primary challenges when implementing governance solutions:

1. Fragmentation—Organizations find themselves using multiple tools to govern data. This can generate blind spots and lead to difficulties maintaining consistent data quality, security, and compliance.
2. Labor-intensive tasks—Processes such as data classification, metadata management, and compliance reporting can be manual and time consuming.
3. Centralized governance—A centralized approach stifles innovation and leads to shadow business intelligence where business units—often sales and marketing teams—resort to their own unauthorized tools.
4. Technical interfaces—A poor user experience for business units can block their participation, leaving the practice of data governance centralized around IT.

Microsoft Purview Data Governance: a solution for the era of AI

About a decade ago, Microsoft’s Senior Leadership team, led by Chief Executive Officer Satya Nadella, asked a team of senior leaders, “Do we know where all of our data lives?” The question was difficult to answer. Like many organizations, our data was kept in silos, contributing to a lack of visibility and governance. This realization created an urgency for Microsoft to solve this problem in a way that could help our own business and our customers. We needed to streamline data visibility, management and access.

The biggest cultural change was the shift from a centralized approach to a federated governance structure with central guidance, training, and policies. This allowed individual business units to manage their own data quality while staying in sync with the main data office to maintain policy efficacy. This federated approach combined with the right technology tilts the scale in favor of the business, enabling every user to leverage high quality, trusted data. The re-imagined solution is grounded in years of applied learning and proven practices from navigating our own data transformation journey. Our vision for the new data governance solution is based on the following design principles: 

AI-powered—To eliminate the drudgery of tasks surrounding manual classification and tagging of data, AI has been infused at every layer of the experience to help automate manual tasks and accelerate data curation, data management, and data discovery. For example, data stewards can now generate data quality rules automatically, saving hours of manual work. Data consumers can quickly find data products by specifying the data they are looking for in their natural language. With the power of AI, you can automate tasks like assigning business domains, providing glossary terms, and setting data quality rules and objectives and key results (OKRs) to make your data easily discoverable by the line of business users.

Figure 1. AI-powered data discovery in Microsoft Purview Data Governance.

Business-friendly—Designed with the user in mind, the new experience supports multiple functions across an organization with clear role definitions. The Data Catalog is an enterprise repository to help data stewards (people responsible for data governance) and data owners (people handling day-to-day maintenance of data) curate assets and enable responsible democratization of data. Within the experience, the data health capability was purpose-built for the data office to ensure data quality, alignment with industry standards (for example, Cloud Data Management Capabilities framework), and built-in reports to assess the health of the governance practice across the organization. For example, customers can easily define and organize data with business domains (such as finance and claims) and set OKRs to link business objectives to the Data Catalog.

Figure 2. Business-friendly browsing experience in the Data Catalog.

Unified—The unified experience reduces the need for fragmented point solutions. The integrated Microsoft Purview portal provides a centralized solution for data classification, labeling, lineage, audit logging, and management across a variety of platforms, including the built-in integration with Microsoft Fabric to ensure a best-in-class governance experience as you bring your data into the era of AI. The new experience also offers comprehensive data governance capabilities such as the extraction of metadata, scanning, and data quality across additional sources including SQL, ADLS, Synapse Analytics, and Azure Databricks, as well as third-party sources such as Snowflake. This streamlines the process, saving both time and the expense of integrating disparate solutions. Additionally, the new solution enables visibility across the health of your data assets, providing insights into curated data in your catalog, classification status, and sensitivity labels. Lastly, the solution includes built-in workflow capabilities to help you efficiently assign action owners to improve your governance posture.

Figure 3. Built-in workflows to improve governance posture.

“Embracing Microsoft Purview Data Governance has been a game-changer for Vanderlande. As a preview customer over the past 18 months, we’ve witnessed Microsoft Purview’s remarkable growth and the eagerness of Microsoft to bring a state-of-the-art governance solution to the market. Based on the general availability, we will start the implementation of these capabilities across our global organization.”

—Geert-Jan Verdonk, Data Governance Lead, Vanderlande (a Toyota automated logistics company)

New capabilities coming with general availability

Copilot embedded experience in Microsoft Purview (Preview)—We are introducing Copilot capabilities within the Data Governance experience to guide customers in getting started with the solution. This experience will recommend proven best practices to create an enterprise catalog, helping data professionals quickly discover, curate, and manage their data.

Deeper Microsoft Fabric integration (Preview)—As part of our tight integration with Microsoft Fabric, we are excited to announce the ability to build your own custom reports out of Fabric data. In addition, the data quality feature will now support any Microsoft Fabric source, whether it is mirrored or shortcut. If a source is supported by Fabric, Microsoft Purview can now scan it and use it as part of its data quality rules.

Broadening our partner network—As we announced in March 2024, a modern data governance solution integrates across your digital estate. We are excited to announce two more partners to our ecosystem: ER Studio (an Idera company) for data modeling and RELTIO for master data management. Additionally, CluedIn, Profisee, Semarchy, and Solidatus have their integrations live in Azure Marketplace today.

Try it today

Please log on to the Microsoft Purview portal and give the data governance experience within the “Data Catalog” icon a try. If you want to learn more, please access the following resources:

• Microsoft Purview Data Governance learning docs.
• Webinar: Fabric + Purview webinar—The CDO Dilemma.
• Visit the Microsoft Purview Data Governance website.
• Visit us at the CDOIQ Symposium at MIT in Massachusetts from July 16 to18, 2024.
• Blog: Modern Data Governance for the era of AI.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview Data Governance will be generally available September 1, 2024 appeared first on Microsoft Security Blog.

Fragmentation is in the way

The market has responded with dozens of products that address this challenge locally. Security and governance teams often bolt on security controls to protect individual data stores, having to stitch together a patchwork of solutions. This approach not only strains resources but is also ineffective. Security outcomes are worse—audits are failed and brand reputations are damaged.

In Microsoft’s most recent Data Security Index report, we found that 74% of organizations experienced some sensitive data exposure in the past year. Similarly, 68% of companies reported not being able to gather the right data insights, leading to poor data quality.² And even though organizations are quickly adopting generative AI, less than half of business leaders are confident in their organization’s ability to mitigate AI risks and adhere to its upcoming regulations.³ In the era of AI, before unlocking the power of data, organizations are looking for integrated security and governance solutions to help them confidently activate their data estate.

“In the age of data-driven decision making, organizations must recognize that governance practices are prerequisites for extracting trusted and responsible insights from their data. Without proper security and governance, analytics initiatives are at risk of producing unreliable or compromised results, which in turn negatively impacts business outcomes.”

—Chandana Gopal, Research Director, Enterprise Intelligence, IDC

Microsoft Purview—Seamlessly securing and confidently activating your data estate

The rise of generative AI and data democratization in the form of new analytics tools has made organizations look inward to adopt responsible analytics practices. At Microsoft, we believe that the key to responsible analytics is in adopting integrated solutions to secure your data, so you can confidently activate it. Security and governance are no longer an aftermath to data deployments, they are table stakes.

In 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate. Since then, the teams have worked tirelessly to bring this vision to life. With a unified approach, Microsoft Purview combines a variety of capabilities to allow customers to seamlessly secure, and confidently activate data, while adhering to regulatory requirements in one single solution built on a shared set of AI-powered data governance, classification, and audit logging, all under a unified management experience.

Seamlessly secure your data with built-in controls

With the rapid adoption of platforms such as Microsoft Fabric, we are excited to announce new innovations—all in preview—to help organizations adopt built-in data security across their most utilized systems. Starting today, we are enabling the following experiences:

• Built-in protections: Business users can now apply label-based protections—a familiar concept to the millions of users who employ Microsoft 365 labels and data loss prevention (DLP) policies, into Microsoft Fabric workloads. 
• Consistent enforcements: Admins can now extend their label-based protections across structured and unstructured data stores, including Microsoft Azure SQL, Microsoft Azure Data Lake Storage, and Amazon S3 buckets.
• Data risk detections: Data doesn’t move itself. People move data. Security teams can now ingest signals coming from Microsoft Fabric into the millions of signals across Microsoft Purview Insider Risk Management.

Click here to watch the Microsoft Mechanics video to see this scenario in action!

These capabilities enable a confident approach to data democratization as organizations work on all types of data, whether sensitive or not, in a secure and responsible way. Learn more about how to seamlessly secure your data estate with our new capabilities.

Confidently activate your data with modern data governance

We are thrilled to introduce the new Microsoft Purview Data Governance experience. This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate. The new experience is:

• Business-friendly, federated, multicloud: Purpose-built for federated governance with efficient data office management and oversight that offers customizable business terms, roles, and policies for your multisource, multicloud data estate.
• Designed for business efficiency: Scan and search data assets and accelerate your practice with built-in templates, terms, and policy recommendations served up based on your metadata. Define data quality policies that follow the data through your governance practice.
• Actionable and informative: Aggregated actions and health insights help you put the practice in data governance by showcasing the overall health of your governed estate through built-in reports while interactive summarized actions help you improve the overall posture of your data governance practice.

Click here to learn more about our new modern Data Governance experience.

Expanding across your data estate

These innovations, all in public preview, are just the beginning of our journey to provide you with an integrated solution to secure and govern your data estate. We invite you to try them out and share your feedback with us. These capabilities will come in a new pay-as-you-go consumptive model, available at no additional cost during preview in the near term, with pricing details to follow in the future.

Join us at the Fabric Community Conference

Please join us at the first ever Microsoft Fabric Community Conference in Las Vegas. If you’re attending, don’t miss the “Microsoft Purview for the Age of AI” keynote and our sessions on Microsoft Purview. Explore more details on how Microsoft Purview can help you and read our e-book “Crash Course in Microsoft Purview: A guide to securing and managing your data estate.”

Microsoft Purview

Secure and govern data across your data estate while reducing risk and meeting compliance requirements.

Learn more

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on X at @MSFTSecurity for the latest news and updates on cybersecurity.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

¹Worldwide Global DataSphere and Global StorageSphere Structured and Unstructured, DOC #US50397723, Data Forecast, 2023–2027 Market Forecast. June 13, 2023.

²2022 Chief Data Officer survey, Deloitte. September 2022.

³ISMG First Annual Generative AI Study: Business rewards vs. Security Risks. January 31, 2024.

The post The foundation for responsible analytics with Microsoft Purview appeared first on Microsoft Security Blog.

Microsoft Intune

Enhance security and IT efficiency with the Microsoft Intune Suite.

Learn more

The broad value of the Intune Suite

While the solutions of the Intune Suite launched at different points in time, three fundamental principles have been there from the beginning.

First, one place for workloads adjacent to Unified Endpoint Management. If you’re currently using a mix of third-party solutions, the integrated experience in Microsoft Intune provides security and efficiency on multiple levels. First, one unified solution means fewer integrations to manage across third parties, meaning fewer attack vectors for malicious actors. And second, on a deeper level, the broader Intune proposition (both Intune Suite and Intune) is integrated with Microsoft 365 and Microsoft Security solutions. This provides a consolidated and seamless experience for IT professionals with a single pane of glass for end-to-end endpoint management.

Second, all parts of the Intune Suite are ready to support your cloud and AI-enabled future. Intune Suite will help accelerate organizations’ digital transformation to cloud native and simplify their IT operations. Additionally, data from Intune Suite are consolidated with other Intune and security data, meaning complete visibility across the device estate, informing and improving emerging technologies like Microsoft Copilot for Security. The more interrelated data that Copilot can use, the more it can proactively advise on the next best action.

Lastly, Intune Suite is available in a single unified plan. So, rather than having separate solutions for remote assistance, privilege management, analytics, and more, these advanced solutions can all be consolidated and simplified into one. This provides value in two ways: directly, by reducing the overall licensing cost, as the cost of Intune Suite is less than purchasing separate solutions; and the economic value of the Intune Suite is also in indirect savings: no need to manage separate vendors, train IT admins on separate tools, or maintain costly on-premises public key infrastructure (PKI). The Intune Suite makes it easier for IT admins, reducing overhead costs.

“With what we get out of Intune Suite, we can eliminate other products that our customers need. It’s now a suite of many components that enable customers who want to consolidate solutions and save money.”

—Mattias Melkersen Kalvåg, Mobility and Windows Management Consultant at MINDCORE, and| Microsoft Certified Professional & MVP

From today: A comprehensive suite across applications, access needs, and support

Let’s get into specifics. For application security, Enterprise App Management helps you find, deploy, and update your enterprise apps. And Endpoint Privilege Management lets you manage elevation rules on a per-app basis so that even standard users can run approved privileged apps. Cloud PKI lets you manage certificates from the cloud in lieu of complex, on-premises PKI infrastructure. And Microsoft Tunnel for Mobile Application Management (MAM) is perfect for unenrolled, personal mobile devices, to help broker secure access to line of business apps. Advanced Analytics gives you data-rich insights across your endpoints. And Remote Help lets you view and control your PCs, Mac computers, and specialized mobile devices, right from the Intune admin center. Let us take each of those three product areas in turn.

Increase endpoint security with Enterprise App Management and Endpoint Privilege Management

Enterprise App Management gives you a new app catalog, allowing you to easily distribute managed apps, but also keep them patched and always up to date. With this initial release, you will be able to discover and deploy highly popular, pre-packaged apps, so you no longer need to scour the Internet to find their installation files, repackage, and upload them into Intune. Simply add and deploy the apps directly from their app publishers. You can also allow the apps you trust to self-update, and when a new update is available, it is just one click to update all your devices with that app installed. We will continuously expand and enrich the app catalog functionality in future releases to further advance your endpoint security posture and simplify operations. 

“I’m very excited about Enterprise App Management as it’s powered by a strong app catalog and natively integrated in Intune. This single pane of glass experience is what we’re all looking for.”

—Niklas Tinner, Microsoft MVP and Senior Endpoint Engineer at baseVISION AG

For more control over your apps, with Endpoint Privilege Management, you can scope temporary privilege elevation, based on approved apps and processes. Then, as a user in scope for this policy, you can elevate only the processes and apps that have been approved. For example, users can only run a single app for a short period of time as an administrator. Unlike other approaches that give local admin permissions or virtually unlimited scope, you can selectively allow a user to elevate in a one-off scenario by requesting Intune admin approval, without you needing to define the policy ahead of time.

“Endpoint Privilege Management offers tight integration into the operating system. And the focus that Microsoft has over only elevating specific actions and apps versus making you an admin for a period of time—this is security at its best, going for the least privileged access.”

—Michael Mardahl, Cloud Architect at Apento

Cloud PKI and Microsoft Tunnel for MAM powers secure access

With Cloud PKI, providing both root and issuing Certificate Authorities (CA) in the cloud, you can simply set up a PKI in minutes, manage the certificate lifecycle, reduce the need for extensive technical expertise and tools, and minimize the effort and cost of maintaining on-premises infrastructure. In addition, support for Bring-Your-Own CA is available, allowing you to anchor Intune’s Issuing CA to your own private CA. Certificates can be deployed automatically to Intune-managed devices for scenarios such as authentication to Wi-Fi, VPN, and more; a modern PKI management option that works well to secure access with Microsoft Entra certificate-based authentication. In the initial release, Cloud PKI will also work with your current Active Directory Certificate Services for SSL and TLS certificates, but you do not need to deploy certificate revocation lists, Intune certificate connectors, Network Device Enrollment Service (NDES) servers, or any reverse proxy infrastructure. You can issue, renew, or revoke certificates directly from the Intune admin center automatically or manually. 

Microsoft Tunnel for MAM helps secure mobile access to your private resources. Microsoft Tunnel for MAM works similarly to Microsoft Tunnel for managed devices; however, with this advanced solution, Microsoft Tunnel for MAM works with user-owned (non-enrolled) iOS and Android devices. Microsoft Tunnel for MAM provides secure VPN access at the app level, for just the apps and browser (including Microsoft Edge) your IT admin explicitly authorizes. So, for personally owned devices, the user can access approved apps, without your company’s data moving onto the user’s personal device. App protection policies protect the data within the apps, preventing unauthorized data leakage to other apps or cloud storage locations.

“Cloud PKI within the Intune Suite allows you to go cloud native in terms of certificate deployment, which means you can provision PKIs with just a few clicks—that’s a blessing for all the IT administrators. With this built-in service, Microsoft hosts everything for you to manage certificates.”  

—Niklas Tinner

Resolve support issues quicker with Advanced Analytics and Remote Help

Advanced Analytics in Intune is a powerful set of tools for actionable reporting and AI-driven analytics. It provides deep, near real-time insights into your connected devices and managed apps that help you understand, anticipate, and proactively improve the user experience. We continue to infuse AI and machine learning into our analytics products. For example, you can get ahead of battery degradation in your device fleet through our advanced statistical analysis and use that information to prioritize hardware updates. Intune Suite now includes real-time device querying on-demand using Kusto Query Language for individual devices, useful for troubleshooting and resolving support calls quicker.

With Remote Help, you can also streamline the way you remotely view and interact with your managed devices, for both user-requested or unattended sessions. As a help desk technician, you can securely connect to both enrolled and unenrolled devices. Users also have peace of mind in being able to validate the technician’s identity, to avoid help desk spoofing attempts. Right now, Remote Help works for remote viewing and controlling in Windows PCs and Android dedicated Enterprise devices, and supports remote viewing for macOS. Especially useful for frontline workers, Remote Help for Android allows help desk administrators to configure and troubleshoot unattended devices, meaning issues can be revolved off-shift.

“Remote Help takes away the requirement and the need for third-party remote help tools. Remote Help is native, it’s interactive, and you don’t have to worry about installing anything, it’s already there. It’s part of Intune, it’s part of the build.”

—Matthew Czarnoch, Cloud and Infrastructure Operations Manager at RLS (Registration and Licensing Services)

To see many of these new capabilities in action, we invite you to watch this new Microsoft Mechanics video.

Analyst recognition for Microsoft

With the additions to the Intune Suite now available, IT can power a more secure and productive future at an important time as AI comes online. Notably, analyst recognition is validating the importance of its value. For example, Microsoft again assumes the strongest leadership position in the Omdia Universe: Digital Workspace Management and Unified Endpoint Management Platforms 2024. Omdia wrote: “Microsoft is focused on reducing management costs by utilizing the Microsoft Intune Suite and integrating different solutions with it.” They added: “The company plans to invest in Endpoint Analytics and Security Copilot to introduce data-driven management, helping IT professionals shift from reactive, repetitive tasks to strategic ones by utilizing Endpoint Analytics and automation.” Omdia’s recognition follows that from others like Forrester, who named Microsoft as a Leader in The Forrester Wave™ for Unified Endpoint Management, Q4 2023.

Get started with consolidated endpoint management solutions with the Microsoft Intune Suite

The February 2024 release of the solutions in the Intune Suite marks a key milestone, offering a consolidated, comprehensive solution set together in a cost-effective bundle (and available as individual add-on solutions) for any plan that includes Intune. And in April 2024, they will also be available to organizations and agencies of the United States government community cloud. We look forward to hearing your reactions to the new Intune Suite.

• Microsoft Intune News at Microsoft Ignite 2023.
• Learn more about Microsoft Intune.
• Omdia Universe: Digital Workspace Management/Unified Endpoint Management Platforms 2024.
• Forrester Wave™ for Unified Endpoint Management, Q4 2023. 
• Microsoft Cloud PKI blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Enterprise App Management blog announcement at Microsoft Ignite 2023.
• Microsoft Intune Advanced Analytics blog announcement at Microsoft Ignite 2023.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Ease the burden of managing and protecting endpoints with Microsoft advanced solutions, Dilip Radhakrishnan and Gideon Bibliowicz. April 5, 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The Forrester Wave™: Unified Endpoint Management, Q4 2023, Andrew Hewitt, Glen O’Donnell, Angela Lozada, Rachel Birrell. November 19, 2023.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

Microsoft Purview Audit

Discover new capabilities that will transform how you secure your organization's data across clouds, devices, and platforms.

Learn more

New default retention period for activity logs

Starting in October 2023, we began rolling out changes to extend default retention to 180 days from 90 for audit logs generated by Audit (Standard) customers. Audit (Premium) license holders will continue with a default of one year, and the option to extend up to 10 years. Our public roadmaps detail when retention changes will reach your organization, starting with worldwide enterprise customers and quickly followed by our government customers in accordance with our standard service rollout process. This update helps all organizations minimize risk by increasing access to historical audit log activity data that is critical when investigating the impact from a security breach incident or accommodating a litigation event.

New logs for increased security

Every day, Microsoft Purview Audit Logs record and retain the thousands of user and admin activities that take place in Microsoft 365 applications. Authorized administrators can search and access the logs from the Microsoft Purview compliance portal to determine the scope of a compromise and enhance their investigations. Audit (Standard) license holders will be able to access an additional 30 audit logs, shown in the table below over the next several months. To learn more about when the logs will be available in your tenant, please visit the Public roadmap.

Microsoft has worked closely with CISA to identify these critical logs and include them in our Microsoft Purview Audit (Standard) license. Audit (Premium) license holders will continue to get longer default retention, broader access to export data, higher bandwidth API access, and logs enriched by Microsoft’s AI-powered intelligent insights.

Additional enhancements recently released and coming soon

In addition to the retention extension and newly available logs, we also have a number of new enhancements in Purview Audit recently released or coming soon, that will help improve your experience:

• Audit Search Graph API: Programmatically access new async Audit Search experience for improved reliability and search completeness, through Microsoft Graph API. 
• Granular scoping with role-based access controls: Delegate role-based permissions to users or analysts in a granular way and access role-based information with Audit search results.  
• Audit Custom Activities Search: Admins can use the custom search bar to search for several audit log events directly. 
• Customized retention policies (short): Customers with the 10-Year Audit Log Retention add-on for Microsoft Purview Audit (Premium) can create additional customized retention policies (7 days, 30 days, three years, five years, and seven years retention). And customers with the Audit (Premium) SKU will have additional short-term retention policies available (7 days and 30 days).
• Customized retention policies (long): New long-term retention policies for the 10-Year Audit Log Retention add-on for Microsoft Purview Audit (Premium) (three years, five years, and seven years).

We are pleased to share today’s cloud logging update as a continuation of the thoughtful conversations we’ve had with our security experts, customers, and influential authorities like CISA. Please visit the Public roadmap to get the latest information on updates coming to Microsoft Purview Audit. 

Learn more

Learn more about Microsoft Purview Audit or sign up now for a free trial.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X, formerly known as Twitter, (@MSFTSecurity) for the latest news and updates on cybersecurity. 

¹Expanding cloud logging to give customers deeper security visibility, Vasu Jakkal. July 19, 2023.

The post Expanding audit logging and retention within Microsoft Purview for increased security visibility appeared first on Microsoft Security Blog.

Microsoft 365 Defender is our security solution for phishing and related cyberthreats. Some great analysis has been done by the Microsoft Threat Intelligence team on BazaCall’s Tactics, Techniques, and Procedures (TTPs). They’ve also shared how to use Microsoft 365 Defender to locate exploitation activity.

I wanted to take another perspective with this post and share the role that Microsoft Purview data security solutions play, together with Microsoft 365 Defender and Microsoft Sentinel, to provide defense-in-depth mitigation. With defense-in-depth, we create barriers to the bad actor, increasing their resources required and uncertainty, interfering with their business case.

Microsoft Purview provides important value with unified data governance and compliance solutions but it’s Microsoft Purview’s data security capabilities within Microsoft 365 we’ll be discussing in this blog.

What makes BazaCall different from most phishing attacks is using a malicious email to have the victim initiate a call to a phony call center run by the bad actor that then coaches the victim to install malware. Replacing malicious links and attachments in email with a phone number to the call center is used to evade email protection.

An overview of the BazaCall attack flow is provided at the end of this post.

The mitigations suggested here will be of value for attacks where the bad actor has control of a Microsoft 365 account and is attempting to exfiltrate sensitive data.

The data security benefits of Microsoft Purview for attack mitigation are sometimes overlooked. These solutions may be managed by other groups in the organization, such as the compliance team rather than the security team, and so may not be the go-to tools in the toolbox when preparing for or responding to an attack. These solutions should be part of a defense-in-depth strategy and Zero Trust architecture.

Microsoft Purview Mitigations

Microsoft Purview Information Protection sensitivity labels can be applied to protect sensitive files from unauthorized access. These sensitivity labels can have scoped encryption, among other protections, which travels with the file inside and outside of the organization’s environment. This would make the file unreadable except by the party for which the encryption is scoped—for example, only employees, a partner, or a customer organization—or it can be defined by the user to be consumable only by specific individuals.

Figure 1. Sensitivity Label with scoped encryption—accessible only to employees.

Automation, configured by the administrators, can be used to support the user in applying these labels including making the application of a label mandatory if the file contains sensitive information.

Microsoft Purview Data Loss Prevention (Purview DLP) can be used to prevent the sensitive information from being exfiltrated through several egress channels, including user’s endpoint devices, Microsoft cloud services such as SharePoint Online, OneDrive for Business, Exchange Online, Teams, and Microsoft PowerBI, browsers such as Microsoft Edge, Chrome, and Firefox, as well as non-Microsoft applications such as Salesforce, Dropbox, Box, and more, including the free file-sharing services used as part of the BazaCall TTPs.

Customers can create policies that block and do not allow override for their top priority sensitive information such that even if the bad actor manages to get access to the user’s account, they are blocked from exfiltrating any sensitive content. Purview DLP policies can be configured leveraging a variety of out-of-the-box or custom criteria including machine learning-based trainable classifiers as well as the sensitivity labels created in Information Protection.

Figure 2. Purview DLP preventing the upload of sensitive files into Dropbox.

Microsoft Purview Insider Risk Management can alert the security team to the bad actor’s activities, including the exfiltration of sensitive information to the file-sharing service. Insider Risk Management can reason over and parse through user activity signals, by leveraging more than 100 ready-to-use indicators and machine learning models, including sequence detection and cumulative exfiltration detection. With Adaptive Protection powered by Insider Risk Management, the security team can detect high-risk actors, such as a bad actor-controlled account, and automatically enforce the strictest DLP policy to prevent them from exfiltrating data.  

Figure 3. Insider Risk Management uses specialized algorithms and machine learning to identify data exfiltration and other risks.

Microsoft Defender for Cloud Apps can make a file-sharing site used for sensitive file exfiltration unreachable from the user’s browser or it can prevent sensitive files from being moved to the site. Alternatively, the policy can be configured to only allow files to be moved to the file-sharing site if they have a sensitivity label applied that contains scoped encryption. If this protected file is exfiltrated it would not be readable by the bad actor.

Figure 4. Microsoft Defender for Cloud Apps blocking access to file sharing and backup site.

Microsoft Purview Audit provides forensic information to scope a possible breach. This is especially valuable when bad actors are “living off the land.” Among the audit items made available are the terms that a user searched in email and SharePoint. If the bad actor was searching for sensitive information to exfiltrate, this item will assist the investigation.

Purview Audit, recently expanded for accessibility and flexibility, will also provide insight to mail items accessed and mail sent, which would be impactful when investigating scope and possible exfiltration channels. Although a bad actor’s known TTPs may not include these channels, we need a fulsome investigation. Their TTPs are likely not static.

Purview Audit Premium provides more logging event retention capabilities, with one-year retention (up from 180 days with Standard) and an option to increase retention to 10 years among other upgraded features.

Figure 5. Premium Audit solution searching forensic events.

Microsoft Purview Data Lifecycle Management policies and labeling could be used to purge unneeded information from the organization’s environment. An auditable review can be required prior to deletion or deletion can be automated without user or administrator action.

If information is not in the environment, it cannot be exfiltrated by the bad actor or put the organization at risk.

Figure 6. Disposal of unneeded documents reduces exfiltration risk to the organization.

About BazaCall

BazaCall uses a phishing campaign that tricks unsuspecting users into phoning the attacker, who coaches them into downloading BazaLoader malware, which retrieves and installs a remote monitoring and management (RMM) tool onto the user’s device. The email typically claims that the user has reached the end of a free trial of some type, that billing will begin shortly and provides an option to cancel by phoning a call center. The threat of unjustified billing is the lever that the attacker uses to get the victim to comply.

Typically, the file download has been a malicious Excel document that purports to be a “cancellation form” for the unwanted service and charges referred to in the phishing campaign. The bad actor coaches the victim into accepting macros and disabling security solutions to complete the phony “cancellation.”

RMM software provides multiple useful purposes for attackers: The software allows an attacker to maintain persistence and deploy malicious tools within a compromised network. It can also be used for an interactive command-and-control system. With command and control established, the bad actor organization can spread laterally through the environment to steal sensitive data and deploy ransomware. Once command and control of the user’s machine is established, bad actor hands-on keyboard is used to exfiltrate data including through free cloud-based file-sharing sites. TTPs have evolved in the last two years, including the use of file-sharing sites for exfiltration in addition to open-source tools like RClone.

The user is also subject to human-operated ransomware.

The mitigations discussed in this post are focused on the data exfiltration aspects in the “hands-on-keyboard” phase of the attack.

Figure 7. BazaCall attack flow.

Microsoft Purview can help protect from BazaCall attacks

Microsoft Purview data security for Microsoft 365 is not a cure-all for phishing attacks. It is part of a defense-in-depth strategy that includes user training, antimalware, vulnerability management, email security, access control, monitoring, and response. The data security solutions within Microsoft Purview should be considered based on risk-based criteria for inclusion in the strategy.

These tools may be managed by different teams in the organization. Collaboration among these teams is critical for coordinated defense and incident response. 

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Purview data security mitigations for BazaCall and other human-operated data exfiltration attacks appeared first on Microsoft Security Blog.

The DIB as a whole has been making progress toward improving its security posture, but it can still be challenging to prepare for the required full third-party audit—especially for small and medium-sized businesses (SMBs).³ While some DIB organizations may be well-positioned to pass a Third-Party Assessment Organization (3PAO) audit, it’s important for all DIB organizations to achieve CMMC compliance to realize the objective.

Microsoft is introducing new capabilities in Microsoft Entra ID and Microsoft Purview that support CMMC compliance while also helping DIB organizations accelerate their Zero Trust journeys. Identity and data protection are central to compliance, security, and empowering more user productivity and collaboration.

Voluntary self-assessment? Why would we do that?

Although CMMC 2.0 is still in its early stages, DIB companies should move ahead with meeting today’s CMMC requirements, including undergoing voluntary assessments. Doing so helps bolster national security while also preparing companies for future DoD compliance requirements.

One of the callouts from the National Cybersecurity Strategy is that those that can do more, should. Microsoft affirmed this principle by signing up for CMMC voluntary assessment effort, where we earned a perfect 110-point score. This validation demonstrates that Microsoft Azure Government and Microsoft 365 GCC High services can be effectively used to help DIB members accelerate their compliance.

Microsoft is taking the opportunity to share lessons learned and best practices that can inform planning within the DIB. Adopting Microsoft 365 GCC High and Azure Government as starting points allows organizations to use familiar Microsoft 365 productivity tools and Microsoft Azure Cloud Services while accelerating their compliance journey. As a primary platform for collaboration, Microsoft 365 also satisfies controls beyond the cloud; its configuration is a well-documented path to compliance with the National Institute of Standards and Technology (NIST) SP 800-171 controls.

We have recently developed capabilities and guidance for identity, data, and device protection that can help DIB members achieve and measure progress on compliance faster and more effectively.

The benefits of utilizing cloud identity

CMMC encompasses 72 practices across 13 domains, so the ability to address them holistically through Microsoft Entra ID delivers huge advantages in terms of time, resources, and visibility. Identity provides a strong starting point for CMMC 2.0 compliance given its ability to address multiple domains in CMMC 2.0 Levels 1-3.

Microsoft Entra ID is unique in providing elevated security, increased collaboration, and a better user experience. The newest features of Microsoft Entra ID make passwordless authentication easier and establishes trust through the cloud for business-to-business (B2B) collaboration, which are some of the ways Microsoft Entra ID helps enable CMMC compliance while also making users more productive and increasing teamwork within and across secure environments.

Identity empowers Zero Trust

CMMC documents several key identity components and controls critical to achieving security transformation with Zero Trust. Getting these aspects right from the start can enable a faster path to success across the other Zero Trust pillars.

One example is the utilization of a centralized identity management system which is also a requirement of Executive Order (EO) 14028. While smaller organizations are at a disadvantage for CMMC in some ways, this is one area in which SMBs can often be more agile. There are simple changes any organization can make to rapidly mature its posture—including implementing some of the best practices and prescriptive CMMC identity guidance published by Microsoft.

Strong authentication is pivotal for achieving higher levels of CMMC compliance. However, relying solely on the strongest authentication method available may be inflexible and at times hinder user productivity. Having multiple authentication methods offers users greater flexibility while enhancing their productivity. A new option in Microsoft Entra ID offers the strongest authentication option available by default, allowing organizations to safely direct users toward higher security measures.

There’s more than one way to approach user challenges. Organizations can take advantage of Microsoft Authenticator’s easy access to strong authentication tools. However, we also support tools from partners such as Yubico. This provides a variety of ways for DIB members to perform authentication, which we can then map to the appropriate level of assurance.

Secure sensitive data with a platform approach

Another goal of CMMC 2.0 is safeguarding sensitive information, such as Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), which includes many categories of data such as personal records or contract information for sensitive projects. When this data is put at risk, it can have significant consequences for national security.

Microsoft’s data security platform, Microsoft Purview, can help government agencies identify and locate their data, detect data security risks, and prevent data loss across clouds, apps, and devices. Recently, Microsoft announced more than 25 new features for government and commercial customers to help them get ahead of potential security incidents, such as data leaks and theft, along with the availability of additional logs to enhance security monitoring and incident response. Data protection is supported by three key products within the Microsoft Purview family:

1. CMMC requires organizations to implement specific security controls and practices based on the sensitivity of the data they handle, so information protection is essential. Microsoft Purview Information Protection enables customers to classify data, protect it through encryption, and gain visibility into sensitive data. It can also help government organizations discover, classify, and protect data using built-in and ready-to-use advanced classifiers, which include sensitive information types (SITs) that can identify personal information such as credit card numbers, addresses, and medical conditions. More complex data types and scenarios can utilize custom AI classifiers that can be easily trained from sample data.
2. Falling under the CMMC Audit and Accountability domain, insider risk can be a significant challenge for organizations. According to a report by the Insider Threat Defense Group, insider risks accounted for 33 percent of all data breaches in the public sector.⁴ Microsoft Purview Insider Risk Management helps customers uncover elusive insider risks through multiple machine learning models with intelligent detection and analysis capabilities.
3. Under CMMC, data loss prevention (DLP) solutions are a critical part of preventing the unauthorized transfer and use of data, as well as data exfiltration. Microsoft Purview Data Loss Prevention (DLP) acts as an integrated and extensible offering that allows organizations to manage their DLP policies from a single location.
   
   

Each of these three solutions integrates seamlessly to enable agencies to fortify data security with a defense-in-depth approach—all while facilitating easier CMMC compliance.

Additionally, Compliance Manager provides CMMC assessment templates to help organizations assess their compliance posture against CMMC in a comprehensive control-by-control way. Regulations are added to Compliance Manager as new laws and regulations are enacted and can be used to help organizations meet national, regional, and industry-specific requirements governing the collection and use of data.

Go-forward guidance for DIB organizations

While the final rules under CMMC 2.0 have not yet been published, we do know that the underlying technical controls will continue to be based on NIST 800-171. For DIB members, having a trusted platform that has gone through accreditation requirements itself is a great starting point. Beyond a trusted platform adoption, DIB organizations can also follow the guidelines for secure configuration that we provide.

As we continue down this path with the adoption of CMMC 2.0, there will be more guidance that we can bring to the table with lessons learned from our own voluntary audit. The successful audit also provides evidence that Microsoft can accept the flow-down terms applicable to cloud service providers.

Compliance capability built for every DIB organization

Microsoft platforms and tools, including Microsoft Entra ID, Microsoft Authenticator, and Microsoft Purview, can ease compliance for DIB organizations of different sizes and structures, particularly companies that may be resource-constrained.

New capabilities and enhancements built on Secure-by-Design and Secure-by-Default principles are making it easier for organizations to improve their security posture and meet CMMC requirements. Our goal behind compiling CMMC-specific guidance in a single place is to empower the entire DIB ecosystem to support more secure, effective interactions with the federal government.

Learn more

Learn more about Microsoft Entra ID and Microsoft Purview.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DOD CIO Says CMMC 2.0 Coming Soon: ‘We Want to Get This Right’, Charles Lyon-Burt. May 17, 2023.

²Defense Primer: U.S. Defense Industrial Base, Congressional Research Service. April 17, 2023.

³CMMC: Managing digital risk for the Defense Industrial Base (DIB) and beyond, CyberAB.

⁴Insider Threat Report, Cybersecurity Insiders. 2020.

The post New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base appeared first on Microsoft Security Blog.

Moving to the cloud gives organizations significant advantages in terms of performance, automatic software updates, and centralized security monitoring. Log data plays an important role in incident response because it provides granular, auditable insight into how different identities, applications, and devices access a customer’s cloud services. These logs themselves do not prevent attacks, but they can be useful in digital forensics and incident response when examining how an intrusion might have occurred, such as when an attacker is impersonating an authorized user.   

Today we are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost. As these changes take effect, customers can use Microsoft Purview Audit to centrally visualize more types of cloud log data generated across their enterprise.

Microsoft Purview Audit enables customers to centrally visualize cloud log data generated across their enterprise, thus helping them effectively respond to security events, forensic investigations, internal investigations and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded and retained in customers unified Purview Audit logs. 

As our expanded logging defaults roll out, Microsoft Purview Audit (Standard) customers will receive deeper visibility into security data, including detailed logs of email access and more than 30 other types of log data previously only available at the Microsoft Purview Audit (Premium) subscription level. In addition to new logging events becoming available, Microsoft is also increasing the default retention period for Audit Standard customers from 90 days to 180 days.

Commercial and government customers with E5/G5 licenses already using Microsoft Purview Audit (Premium) will continue to receive access to all available audit logging events, including intelligent insights, which help determine the scope of potential compromise by using the Audit log search in the Microsoft Purview compliance portal and the Office 365 Management Activity API. Additional Audit Premium features include longer default retention periods and automation support for importing log data into other tools for analysis.   

Today’s news comes as a result of our close partnership with CISA, which has called for the industry to take action in order to better protect itself from potential cyberattacks. It also reflects our commitment to engaging with customers, partners, and regulators to address the evolving security needs of the modern world.

Microsoft is deeply committed to building a safer world for all, and over the last years has continued to build solutions that are secure by design with built-in chip-to-cloud technology, our security development cycle, and multifactor authentication default settings. Today is another milestone in that commitment and we are grateful to work in close coordination with CISA and our customers as we continue to invest in our built-in security and other protections. 

“After working collaboratively for over a year, I am extremely pleased with Microsoft’s decision to make necessary log types available to the broader cybersecurity community at no additional cost,” said CISA Director Jen Easterly. “While we recognize this will take time to implement, this is truly a step in the right direction toward the adoption of Secure by Design principles by more companies. We will continue to work with all technology manufacturers, including Microsoft, to identify ways to further enhance visibility into their products for all customers.” 

Microsoft will begin rolling out these logging updates in September 2023 to all government and commercial customers. To access existing and new logs as they become available, visit the Microsoft Purview compliance portal and select Audit from the Solutions panel. Microsoft has historically provided security log data to customers, with options to maintain logs through Microsoft’s storage services or with other security and storage vendors, depending on preferences. Different customers have varying preferences and needs for where they save their audit logs, how they are analyzed, and how long they are retained. We know customers have multiple issues to consider, including data storage capacity and which Microsoft or third-party log management tools they want to use, and our newly expanding, flexible logging options help customers decide what is best for their requirements. 

Cybersecurity is a team sport relying on trust and transparency, which is why we are pleased to share today’s cloud logging announcement as the result of thoughtful conversations between our security experts, customers, and influential authorities like CISA. We look forward to keeping the community posted on this expanded logging rollout and sharing additional news moving forward. 

Learn more

Learn more about Microsoft Purview Audit.

Explore data security resources and trends

Gain insights into the latest data security advancements, including expert guidance, best practices, trends, and solutions.

Get started

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post ​​Expanding cloud logging to give customers deeper security visibility appeared first on Microsoft Security Blog.

1. Choose a reliable cloud service provider

Choosing a reputable cloud service provider is the first step toward securing data. The provider should offer secure data storage, encryption, and access controls. Look for providers that are compliant with relevant security standards and regulations, such as ISO 27001, HIPAA, and PCI DSS. Microsoft Cloud has several certifications making it a trusted choice for customers. For an exhaustive list of the compliance offerings, refer to compliance offerings for Microsoft 365, Azure, and other Microsoft services.

2. Understand your security responsibilities

When you move your data to cloud services, it’s important to understand who is responsible for securing it. In most cases, the cloud provider is responsible for securing the infrastructure, while the customer is responsible for securing the data stored on that infrastructure. Make sure you know your responsibilities and take the necessary steps to secure your data. The below picture shows how the responsibility shifts from the customer to the cloud provider as the customers move their applications to cloud services. While customers maintain end-to-end responsibility of maintaining the environment on-premises, as they move to cloud services, more and more responsibilities are taken over by the cloud provider. However, maintaining and securing data, devices, and identities is always the customer’s responsibility.

Figure 1. Shared responsibility model in the cloud.

3. Use strong authentication

While passwords are the first line of defense against unauthorized access, we are aware that passwords can be stolen, leaked, or compromised. Using strong authentication methods, such as multifactor authentication, can significantly reduce the risk of unauthorized access to data. Multifactor authentication requires users to provide multiple forms of authentication, such as a password and a code sent to a mobile app, before gaining access to the cloud environment. However, the best defense is provided by passwordless technologies like facial recognition, fingerprints, or mobile apps. Microsoft provides a host of such technologies like Windows Hello, Microsoft Authenticator, or FIDO2 Security keys. Using these methods, you can mitigate the risk of password theft.

Figure 2. Authentication methods.

4. Implement encryption

Encryption is a critical component of cloud security. It involves encoding data in such a way that only authorized users can access it. Implementing encryption for data in transit and data at rest can help protect sensitive data from unauthorized access and data breaches. In the Microsoft Cloud, data is always encrypted at rest, in transit, and in use. Microsoft Azure Storage Service Encryption provides encryption for data at rest with 256-bit AES using Microsoft Manage Keys. It encrypts data in Azure Managed Disks, blob storage, Azure files, Azure queues and table storage. Azure Disk Encryption provides encryption for data at rest in Windows and Linux VMs using 256-AES encryption. Transparent Data Encryption provides encryption for Microsoft Azure SQL Database and Azure Data Warehouse.

5. Protect data wherever it lives or travels

The biggest problem faced by businesses today is discovering where their sensitive data is. With more than 80 percent of corporate data “dark”, organizations need tools to help them discover this data. Microsoft Purview Information Protection helps you scan data at rest across Microsoft 365 applications, SharePoint Online, Exchange Online, Teams, non-Microsoft Cloud apps, and on-premises file shares and SharePoint servers using the Microsoft Purview Information Protection scanner tool, to discover sensitive data. Identifying the data is not enough. Organizations need to be aware of the risk associated with this data and protect the data by applying things such as encryption, access restrictions, and visual markings. With Microsoft Purview Information Protection you can automatically apply sensitivity labels to identify the data as highly confidential, confidential, or general, depending on your label schema by using more than 300 Sensitive Information Types and Trainable Classifiers.

Organizations also suffer from inadvertent or malicious data loss. They need to have controls in place to prevent sensitive data from being accessed by unauthorized individuals. Microsoft Purview Data Loss Prevention helps prevent data loss by identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive information across cloud, apps, and on endpoint devices. It is a cloud-native solution with built-in protection so that you no longer need to deploy and maintain costly on-premises infrastructure or agents.

Data doesn’t move itself; people move data. That is why understanding the user context and intent behind data movement is key to preventing data loss. Microsoft Purview Insider Risk Management offers built-in, ready-to-use machine learning models to detect and mitigate the most critical data security risks around your data. And by using Adaptive Protection, organizations can automatically tailor the appropriate data loss prevention controls based on a user’s risk level, ensuring that the most effective policy—such as blocking data sharing—is applied only to high-risk users, while low-risk users can maintain their productivity. The result: your security operations team is now more efficient and empowered to do more with less.

Learn more about data protection for businesses.

Figure 3. Microsoft’s approach to data security.

6. Implement access control

Implementing access controls can help limit access to sensitive data in cloud services. Access controls should be based on the principle of least privilege, where users are granted the minimum access required to perform their tasks. Role-based access control can be used to assign roles and permissions to users based on their job responsibilities. Microsoft Entra encompasses all such Identity and Access capabilities from Microsoft.

7. Monitor cloud activity and know your security posture

Monitoring cloud activity can help detect and prevent unauthorized access to data. Cloud service providers offer monitoring services that can alert administrators when suspicious activity is detected. Regularly reviewing cloud logs and audit trails can help identify potential security threats. Microsoft Defender for Cloud is a cloud-native application protection platform that combines the capabilities of Cloud Security Posture Management with integrated data-aware security posture and Cloud Workload Protection Platform to help prevent, detect, and respond to threats with increased visibility into and control over the security of multicloud and on-premises resources such as Azure Storage, Azure SQL, and open-source databases.

Figure 4. Microsoft Defender for Cloud.

In addition, Microsoft Sentinel, Microsoft’s AI-enriched, cloud-native security information and event management, can uncover sophisticated threats and automate response. It acts as a centralized hub across multicloud environments to monitor attackers as they move across vectors.

Figure 5. Microsoft Sentinel.

8. Use secure APIs

APIs are used to access cloud services, and they can be vulnerable to attacks if not secured properly. Secure APIs should be implemented with strong authentication and encryption to prevent unauthorized access to cloud services.

9. Conduct regular security assessments

Conducting regular security assessments can help identify security vulnerabilities and assess the effectiveness of security measures. Regular security assessments can be conducted internally or by third-party security experts.

10. Train your employees

Ensure that your employees are aware of the security risks associated with storing data in cloud services and are trained on best practices for securing data. This includes regular security awareness training and policies for reporting suspicious activity.

11. Implement principles of Zero Trust

Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing the following set of security principles:

• Verify explicitly – Always authenticate and authorize based on all available data points.
• Use least privilege access – Limit user access with Just-In-Time and Just-Enough-Access (JIT/JEA), risk-based adaptive policies, and data protection.
• Assume breach – Minimize blast radius and segment access.

A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end-to-end strategy. This is done by implementing Zero Trust controls and technologies across six foundational elements of identity, endpoints, data, apps, infrastructure, and network.

Figure 6. Zero Trust across the vectors.

Each of these is a source of signal, a control plane for enforcement, and a critical resource to be defended. Here is Microsoft’s guide to securing data with Zero Trust.

What’s next

In conclusion, securing data in cloud services is essential for businesses to protect their sensitive information from unauthorized access and data breaches. End-to-end security design and implementation is the foundation of securing data in cloud services. Microsoft recommends a defense in depth approach implementing the principles of Zero Trust across identity, endpoints, data, apps, infrastructure, and network.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post 11 best practices for securing data in cloud services appeared first on Microsoft Security Blog.