Endpoint security Insights | Microsoft Security Blog http://approjects.co.za/?big=en-us/security/blog/topic/endpoint-security/ Expert coverage of cybersecurity topics Thu, 14 Nov 2024 18:59:27 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 Microsoft Ignite: Sessions and demos to improve your security strategy http://approjects.co.za/?big=en-us/security/blog/2024/10/30/microsoft-ignite-sessions-and-demos-to-improve-your-security-strategy/ Wed, 30 Oct 2024 16:00:00 +0000 Join us at Microsoft Ignite 2024 for sessions, keynotes, and networking aimed at giving you tools and strategies to put security first in your organization.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

]]>
Now more than ever is the time for every organization to prioritize security. The use of AI by cyberattackers gives them an asymmetric advantage over defenders, as cyberattackers only have to be right once, while defenders have to be right 100% of the time. The way to win is with AI-first, end-to-end security—a key focus for Microsoft Security at Microsoft Ignite, November 18 to 22, 2024. Join thousands of security professionals at the event online to become part of a community focused on advancing defenders against ever-evolving cyberthreats.

Across many sessions and demos, we’ll address the top security pain points related to AI and empower you with practical, actionable strategies. Keep reading this blog for a guide of highlighted sessions for security professionals of all levels, whether you’re attending in-person or online.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

Be among the first to hear top news

Microsoft is bringing together every part of the company in a collective mission to advance cybersecurity protection to help our customers and the security community. We have four powerful advantages to drive security innovation: large-scale data and threat intelligence; end-to-end protection; responsible AI; and tools to secure and govern the use of AI.

Microsoft Chairman and Chief Executive Officer Satya Nadella said in May 2024 that security is the top priority for our company. At the Microsoft Ignite opening keynote on Tuesday, November 19, 2024, Microsoft Security Executive Vice President Charlie Bell and Corporate Vice President (CVP), Microsoft Security Business Vasu Jakkal will join Nadella to discuss Microsoft’s vision for the future of security. Other well-known cybersecurity speakers at Microsoft Ignite include Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO); Joy Chik, President, Identity, and Network Access; Mark Russinovich, Chief Technology Officer and Deputy CISO; and Sherrod DeGrippo, Director of Threat Intelligence Strategy.

For a deeper dive into security product news and demos, join the security general session on Wednesday, November 20, 2024, at 11:00 AM CT. Hear from Vasu Jakkal; Joy Chik; Rob Lefferts, CVP, Microsoft Threat Protection; Herain Oberoi, General Manager, Microsoft Data Security, Privacy, and Compliance; and Michael Wallent, CVP; who will share exciting security innovations to empower you with AI tools designed to help you get ahead of attackers.

These news-breaking sessions are just the start of the value you can gain from attending online.

Benefit from insights designed for your role

While cybersecurity is a shared concern of security professionals, we realize the specific concerns are unique to role. Recognizing this, we developed sessions tailored to what matters most to you.

  • CISOs and senior security leaders: If you’ll be with us in Chicago, kick off the conference with the Microsoft Ignite Security Forum on November 18, 2024 from 1 PM CT to 5 PM CT. Join this exclusive pre-day event to hear from Microsoft security experts on threat intelligence insights, our Secure Future Initiative (SFI), and trends in security. Go back to your registration to add this experience on. Also for those in Chicago, be sure to join the Security Leaders Dinner, where you can engage with your peers and provide insights on your greatest challenges and successes. If you’re joining online, gain firsthand access to the latest Microsoft Security announcements. Whether you’re in person or online, don’t miss “Proactive security with continuous exposure management” (BRK324), which will explore how Microsoft Security Exposure Management unifies disparate data silos for visibility of end-to-end attack surface, and “Secure and govern data in Microsoft 365 Copilot and beyond” (BRK321), which will discuss the top concerns of security leaders when it comes to AI and how you can gain the confidence and tools to adopt AI. Plus, learn how to make your organization as diverse as the threats you are defending in “The Power of Diversity: Building a stronger workforce in the era of AI” (BRK330).
  • Security analysts and engineers: Join actionable sessions for information you can use immediately. Sessions designed for the security operations center (SOC) include “Microsoft cybersecurity architect lab—Infrastructure security” (LAB454), which will showcase how to best use the Microsoft Secure Score to improve your security posture, and “Simplify your SOC with the unified security operations platform” (BRK310), which will feature a fireside chat with security experts to discuss common security challenges and topics. Plus, learn to be a champion of safe AI adoption in “Scott and Mark learn responsible AI” (BRK329), which will explore the three top risks in large language models and the origins and potential impacts of each of these.
  • Developers and IT professionals: We get it—security isn’t your main focus, but it’s increasingly becoming part of your scope. Get answers to your most pressing questions at Microsoft Ignite. Sessions that may interest you include “Secure and govern custom AI built on Azure AI and Copilot Studio” (BRK322), which will dive into how Microsoft can enable data security and compliance controls for custom apps, detect and respond to AI threats, and managed your AI stack vulnerabilities, and “Making Zero Trust real: Top 10 security controls you can implement now” (BRK328), which offers technical guidance to make Zero Trust actionable with 10 top controls to help improve your organization’s security posture. Plus, join “Supercharge endpoint management with Microsoft Copilot in Intune” (THR656) for guidance on unlocking Microsoft Intune’s potential to streamline endpoint management.
  • Microsoft partners: We appreciate our partners and have developed sessions aimed at supporting you. These include “Security partner growth: The power of identity with Entra Suite” (BRK332) and “Security partner growth: Help customers modernize security operations” (BRK336).

Attend sessions tailored to addressing your top challenge

When exploring effective cybersecurity strategies, you likely have specific challenges that are motivating your actions, regardless of your role within your organization. We respect that our attendees want a Microsoft Ignite experience tailored to their specific objectives. We’re committed to maximizing your value from attending the event, with Microsoft Security sessions that address the most common cybersecurity challenges.

  • Managing complexity: Discover ways to simplify your infrastructure in sessions like “Simpler, smarter, and more secure endpoint management with Intune” (BRK319), which will explore new ways to strengthen your security with Microsoft Intune and AI, and “Break down risk silos and build up code-to-code security posture” (BRK312), which will focus on how defenders can overcome the expansive alphabet soup of security posture tools and gain a unified cloud security posture with Microsoft Defender for Cloud.   
  • Increasing efficiency:: Learn how AI can help you overcome talent shortage challenges in sessions like “Secure data across its lifecycle in the era of AI” (BRK318), which will explore Microsoft Purview leveraging Microsoft Security Copilot can help you detect hidden risks, mitigate them, and protect and prevent data loss, and “One goal, many roles: Microsoft Security Copilot: Real-world insights and expert advice” (BRK316), which will share best practices and insider tricks to maximize Copilot’s benefits so you can realize quick value and enhance your security and IT operations.  
  • Threat landscape: Navigate effectively through the modern cyberthreat landscape, guided by the insights shared in sessions like “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will share a secret in Microsoft Defender for Endpoint success and how it uses machine learning and threat intelligence, and the theater session “Threat intelligence at machine speed with Microsoft Security Copilot” (THR555), which will showcase how Copilot can be used as a research assistant, analyst, and responder to simplify threat management.
  • Regulatory compliance: Increase your confidence in meeting regulatory requirements by attending sessions like “Secure and govern your data estate with Microsoft Purview” (BRK317), which will explore how to secure and govern your data with Microsoft Purview, and “Secure and govern your data with Microsoft Fabric and Purview” (BRK327), which will dive into how Microsoft Purview works together with Microsoft Fabric for a comprehensive approach to secure and govern data.
  • Maximizing value: Discover how to maximize the value of your cybersecurity investments during sessions like “Transform your security with GenAI innovations in Security Copilot” (BRK307), which will showcase how Microsoft Security Copilot’s automation capabilities and use cases can elevate your security organization-wide, and “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will dive into the key secret to the success of Defender for Endpoint customers in reducing the risk of ransomware attacks as well maximizing the value of the product’s new features and user interfaces.

Explore cybersecurity tools with product showcases and hands-on training

Learning about Microsoft security capabilities is useful, but there’s nothing like trying out the solutions for yourself. Our in-depth showcases and hands-on trainings give you the chance to explore these capabilities for yourself. Bring a notepad and your laptop and let’s put these tools to work.

  • “Secure access at the speed of AI with Copilot in Microsoft Entra” (THR556): Learn how AI with Security Copilot and Microsoft Entra can help you accelerate tasks like troubleshooting, automate cybersecurity insights, and strengthen Zero Trust.  
  • “Mastering custom plugins in Microsoft Security Copliot” (THR653): Gain practical knowledge of using Security Copilot’s capabilities during a hands-on session aimed at security and IT professionals ready for advanced customization and integration with existing security tools. 
  • “Getting started with Microsoft Sentinel” (LAB452): Get hands-on experience on building detections and queries, configuring your Microsoft Sentinel environment, and performing investigations. 
  • “Secure Azure services and workloads with Microsoft Defender for Cloud” (LAB457): Explore how to mitigate security risks with endpoint security, network security, data protection, and posture and vulnerability management. 
  • “Evolving from DLP to data security with Microsoft Preview” (THR658): See for yourself how Microsoft Purview Data Loss Prevention (DLP) integrates with insider risk management and information protection to optimize your end-to-end DLP program. 

Network with Microsoft and other industry professionals

While you’ll gain a wealth of insights and learn about our latest product innovations in sessions, our ancillary events offer opportunities to connect and socialize with Microsoft and other security professionals as committed to you to strengthening the industry’s defenses against cyberthreats. That’s worth celebrating!

  • Pre-day Forum: All Chicago Microsoft Ignite attendees are welcome to add on to the event with our pre-day sessions on November 18, 2024, from 1 PM CT to 5 PM CT. Topics covered will include threat intelligence, Microsoft’s Secure Future Initiative, AI innovation, and AI security research, and the event will feature a fireside chat with Microsoft partners and customers. The pre-day event is designed for decision-makers from businesses of all sizes to advance your security strategy. If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.
  • Security Leaders Dinner: We’re hosting an exclusive dinner with leaders of security teams, where you can engage with your peers and provide insights on your greatest challenges and successes. This intimate gathering is designed specifically for CISOs and other senior security leaders to network, share learnings, and discuss what’s happening in cybersecurity.   
  • Secure the Night Party: All security professionals are encouraged to celebrate the cybersecurity community with Microsoft from 6 PM CT to 10 PM CT on Wednesday, November 20, 2024. Don’t miss this opportunity to connect with Microsoft Security subject matter experts and peers at our “Secure the Night” party during Microsoft Ignite in Chicago. Enjoy an engaging evening of conversations and experiences while sipping tasty drinks and noshing on heavy appetizers provided by Microsoft. We look forward to welcoming you. Reserve your spot today

Something that excites us the most about Microsoft Ignite is the opportunity to meet with cybersecurity professionals dedicated to modern defense. Stop by the Microsoft Security Expert Meetup space to say hello, learn more about capabilities you’ve been curious about, or ask questions about Microsoft’s cybersecurity efforts. 

Hear from our Microsoft Intelligent Security Association partners at Microsoft Ignite

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security technology, will be back at Microsoft Ignite 2024.

We kick things off by celebrating our Security Partner of the Year award winners BlueVoyant (Security), Cyclotron (Compliance), and Inspark (Identity) who will join Vasu Jakkal for a fireside chat on “How security strategy is adapting for AI,” during the Microsoft Ignite Security Pre-day Forum. This panel discussion includes insights into trends partners are seeing with customers relating to AI, a view on practical challenges, and scenarios that companies encounter when deploying AI, as well as the expert guidance and best practices that security partners can offer to ensure successful AI integration in security strategies.

MISA is thrilled to welcome small and medium business (SMB) verified solution status to its portfolio. This solution verification highlights technology solutions that are purpose built to meet the needs of small and medium businesses, and the MSSPs who often manage IT and security on behalf of SMBs. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with Blackpoint Cyber and Huntress.

Join MISA members including Blackpoint Cyber and Huntress at the Microsoft Expert Meetup Security area where 14 members will showcase their solutions and Microsoft Security Technology. Review the full schedule below.

Graphic showing the MISA partner schedule at Microsoft Ignite 2024.

We are looking forward to connecting with our customers and partners at the Microsoft Secure the Night Party on Wednesday, November 20, from 6 to 10 PM CT.  This evening event offers a chance to connect with Microsoft Security subject matter experts and MISA partners while enjoying cocktails, great food, and entertainment. A special thank you to our MISA sponsors: Armor, Cayosoft, ContraForce, HID, Lighthouse, Ontinue, and Quorum Cyber.

Register today to attend Microsoft Ignite online

There’s still time to register to participate in Microsoft Ignite online from November 19 to 22, 2024, to catch security-focused breakout sessions, product demos, and participate in interactive Q&A sessions with our experts. No matter how you participate in Microsoft Ignite, you’ll gain insights on how to secure your future with an AI-first, end-to-end cybersecurity approach to keep your organizations safer.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite. Microsoft Experts will be hosting live Ask Microsoft Anything sessions on topics from Security for AI to Copilot for Security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

]]>
​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms http://approjects.co.za/?big=en-us/security/blog/2024/09/25/microsoft-is-named-a-leader-in-the-2024-gartner-magic-quadrant-for-endpoint-protection-platforms/ Wed, 25 Sep 2024 19:00:00 +0000 Gartner® names Microsoft a Leader in Endpoint Protection Platforms—a reflection, we believe, of our continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center teams.

The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

]]>
Since 2023, Microsoft has seen a 2.75 times increase in the number of organizations encountering ransomware campaigns.1 And up to 90% of successful ransomware campaigns leverage unmanaged endpoints, which are typically personal devices that people bring to work.1 While the number of ransomware attempts has increased drastically, Microsoft Defender for Endpoint has reduced the percent of successful ransomware attacks at a higher rate—more than three times over the same time period.1

The key to fighting ransomware at scale is Microsoft’s unwavering commitment to simplifying, automating, and augmenting security analyst workstreams to meet the demands of today’s and tomorrow’s cyberthreat environment. We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time. We believe this announcement reflects Microsoft’s continued progress in helping organizations protect their endpoints against even the most sophisticated attacks, while driving continued efficiency for security operations center (SOC) teams.

Microsoft Defender for Endpoint is an endpoint security platform that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across Windows, Linux, macOS, Android, iOS, and Internet of Things (IoT) devices. It is core to Microsoft Defender XDR and built on global threat intelligence—informed by more than 78 trillion daily signals and more than 10,000 security experts—empowering security teams to fend off sophisticated threats.2

Graphic with four boxes showing Gartner's Magic Quadrant for Endpoint Protection Platforms that puts Microsoft as a Leader.

Our customers and partners have been an invaluable part of this multiyear journey, and we are grateful for both their business and their partnership. Read the complimentary report providing more details on our positioning as a Leader.

Microsoft Defender for Endpoint is built from the ground up with operational resilience in mind. It starts with our agent architecture that follows best practices for Windows by limiting its reliance on kernel mode while protecting customers in real-time. It does not load content updates from files in the kernel mode driver. As an added safeguard, we deliver updates to customers applying Microsoft’s long-established safe deployment practices (SDP) model. Customers have full control over how these updates are delivered and how controls are applied to their device estate. This model of shared control helps provide security and resiliency. 

Over the last 12 months, Microsoft has delivered significant innovations that have helped defenders gain the upper hand against cyberthreats including: improved attack disruption, Microsoft Copilot for Security, a new Linux agent, simplified settings management, the unified security operations platform and Microsoft Defender Experts for XDR.

Automatic attack disruption, unique to Microsoft, is a self-defense capability that stops in-progress cyberattacks by analyzing the attacker’s intent, identifying compromised assets, and isolating or disabling assets like users or devices at machine speed. For example, in July 2024 we discovered the CVE-2024-37085 vulnerability. Numerous ransomware operators exploited it to encrypt the entire file system and move laterally in the network. Attack disruption fends off such sophisticated ransomware attempts by blocking lateral movement and remote encryption in a decentralized way across all your device estate—in just three minutes on average.3 This is a capability that Microsoft continues to invest in to disrupt more scenarios even earlier in the cyberattack chain.  

Microsoft Copilot for Security is the industry’s first generative AI that empowers security teams to protect at the speed and scale of AI, generally available as of April 2024. Embedded within the Defender XDR experience, it assists analysts by providing enriched context for faster and smarter decisions. It accelerates investigation, containment, and remediation with prescriptive step-by-step guidance. Analysts can now easily understand attacker actions with intuitive script analysis and launch complex Kusto Query Language (KQL) queries using plain language. The results from a randomized controlled trial based on 147 security professionals showed significant efficiency gains including speed and quality improvements when using Copilot for Security. Security professionals were up to 22% faster across all tasks, and more than 93% of users wanted to use Copilot again.

A new Linux agent has been built from scratch, using eBPF sensor technology to deliver the performance and stability needed for mission-critical server workloads while providing visibility into cyberthreats. We continue prioritizing innovations across every type of endpoint from Windows, Linux, macOS, iOS, Android, and IoT to provide the holistic endpoint security that organizations need.

Simplified setup and change management help analysts configure devices correctly to minimize threat exposure. With the general availability of simplified settings management, SOC analysts can manage security policies without leaving the Defender XDR portal.

Unified security operations platform brings the foundational tools a SOC needs into a single experience, with a consistent data model, unified capabilities, and broad protection. This unification helps SOCs close critical security gaps and streamline their operations, delivering better overall protection, reducing their response time, and improving overall efficiency. Defender for Endpoint is core to this platform, which combines “the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security.” By working seamlessly across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Copilot for Security, security analysts need only a single set of automation rules and playbooks. Plus, they can use plain language to execute complex tasks in an instant with Copilot for Security embedded in the platform.

Microsoft Defender Experts for XDR gives your security team coverage with around-the-clock access to Microsoft expertise. Recognizing that sophisticated cyberthreats go beyond the endpoint, Microsoft offers Microsoft Defender Experts for XDR. This managed service is available 24 hours a day, 7 days a week, helping organizations extend their SOC team to fully triage events and respond to incidents across domains.

Thank you to all our customers. You inspire us as together we work to create a safer world.

Learn more

If you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform. 

Are you a regular user of Microsoft Defender for Endpoint? Review your experience on Gartner Peer Insights™ and get a $25 gift card.    

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


12024 Microsoft Digital Defense Report. Publishing October 15, 2024.

2Microsoft Digital Defense Report, Microsoft. 2023.

3Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview, Rob Lefferts. April 3, 2024.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024. 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, MAGIC QUADRANT and PEER INSIGHTS are registered trademarks of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. 

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft. 

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

]]>
Microsoft again ranked number one in modern endpoint security market share http://approjects.co.za/?big=en-us/security/blog/2024/08/21/microsoft-again-ranked-number-one-in-modern-endpoint-security-market-share/ Wed, 21 Aug 2024 16:00:00 +0000 IDC Worldwide Corporate Endpoint Security Market Shares report for 2023 ranks Microsoft number one in market share with a 40.7% increase in share over last year.

The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Security Blog.

]]>
Today’s remote workforce has become the standard. But the security challenges created by remote work continue to be a key point of exploitation by bad actors. In fact, 80% to 90% of all successful ransomware compromises originate through unmanaged devices.1 Because endpoints are a broadly targeted vector and remote work necessitates so many varied endpoints, organizations need to ensure their endpoint security is part of a comprehensive and robust detection and response strategy, to disrupt ransomware and minimize risk.

We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024).

Diagram illustrating a breakdown of vendor market share for worldwide modern endpoint technology.

And with more than 25.8% of the market share, Microsoft has the endpoint security solution more customers use to defend their multiplatform devices than any other vendor. As depicted in Figure 1, that’s a 40.7% increase in share over the previous year. Thanks to the invaluable partnership with organizations of all sizes around the globe, this distinction comes in addition to Microsoft being recognized as a Leader in the 2024 IDC MarketScape reports for Worldwide Modern Endpoint Security across all three segments—enterprise2, midsize3, and small businesses4—the only vendor positioned in the “Leaders” category in all three reports. 

Side profile of a woman wearing a dark shirt in a dim office reaching up and working on a Microsoft Surface Studio.

Microsoft Defender for Endpoint

Help secure endpoints with industry-leading, multiplatform detection and response.

Disrupt ransomware on any platform

For enterprises, Microsoft Defender for Endpoint delivers AI-powered endpoint security with industry-leading, multiplatform threat detection and response across all devices—spanning client, mobile, Internet of Things (IoT), and servers. It is purpose-built to protect against the unique threat profiles per platform including Windows, macOS, Linux, Android, and iOS. It’s a comprehensive endpoint security platform that helps fend off known and emerging cyberattacks, with capabilities that include:

  • Vulnerability management.
  • Protections tailored to each operating system.
  • Next-generation antivirus.
  • Built-in, auto-deployed deception techniques.
  • Endpoint detection and response.
  • Automatic attack disruption of ransomware.

And with more than 78 trillion daily signals and insights from more than 10,000 world-class experts, you can quickly detect, protect, respond to, and proactively hunt for cyberthreats to keep intruders at bay.5 Plus, its automatic attack disruption capabilities stop sophisticated attacks with high confidence, so you can disrupt cyberthreats early in the cyberattack chain and block lateral movement of bad actors across your devices.

For small and medium-sized businesses (SMBs), Microsoft Defender for Business goes beyond traditional antivirus protection. Defender for Business delivers many of the enterprise-grade security features from Defender for Endpoint in a way that is easy for SMBs to use without requiring security expertise. 70% of organizations encountering human-operated ransomware attacks have fewer than 500 employees, so choosing the right endpoint protection is imperative.1 Defender for Business is designed to help you save money by consolidating multiple products into one security solution that’s optimized for your business—and includes out-of-the-box policies that streamline onboarding, simplified management controls for security operations, and monthly security summary reports to help you understand your security posture.

Stay one step ahead of the evolving threat landscape

Defender for Endpoint is core to Microsoft Defender XDR, making it seamless to extend the scope of your organization’s cyberthreat detection to include other layers of your security stack with incident-level visibility across the cyberattack chain. Disrupt advanced cyberattacks and accelerate response—across endpoints, IoT, hybrid identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.

Built-in, security-specific generative AI with Microsoft Copilot for Security makes it easy for security analysts to rapidly investigate and respond to incidents and help them learn new skills such as quickly reverse-engineering malicious scripts, getting guided response actions, using natural language to do advanced hunting, and more. Copilot is now embedded in Microsoft Defender XDR for Copilot customers.

Learn more

If you are not yet using Microsoft Defender for Endpoint, learn more on our website. If you a regular user of Microsoft Defender for Endpoint, please review your experience on Gartner Peer Insights™ and get a $25 gift card.

If your organization has less than 300 users, we also encourage you to explore Microsoft 365 Business Premium and Defender for Business.  

Learn how to supercharge your security operations with Microsoft Defender XDR.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report 2023.

2IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024).

3IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

4IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024).

5Microsoft Threat Intelligence.

The post Microsoft again ranked number one in modern endpoint security market share appeared first on Microsoft Security Blog.

]]>
Vulnerabilities in PanelView Plus devices could lead to remote code execution http://approjects.co.za/?big=en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/ Tue, 02 Jul 2024 16:00:00 +0000 Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell’s PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). PanelView Plus devices are graphic terminals, which are known as human machine interface (HMI) and are used in the industrial space.

The post Vulnerabilities in PanelView Plus devices could lead to remote code execution appeared first on Microsoft Security Blog.

]]>
Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device. The DoS vulnerability takes advantage of the same custom class to send a crafted buffer that the device is unable to handle properly, thus leading to a DoS.

PanelView Plus devices are graphic terminals, also known as human machine interface (HMI) and are used in the industrial space. These vulnerabilities can significantly impact organizations using the affected devices, as attackers could exploit these vulnerabilities to remotely execute code and disrupt operations.

We shared these findings with Rockwell Automation through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR) in May and July 2023. Rockwell published two advisories and released security patches in September and October 2023. We want to thank the Rockwell Automation product security team for their responsiveness in fixing this issue. We highly recommend PanelView Plus customers to apply these security patches.

The discovered vulnerabilities are summarized in the table below:

CVE IDCVSS ScoreVulnerability
CVE-2023-20719.8Remote code execution (RCE)
CVE-2023-294648.2DoS via out-of-bounds read

In this blog post, we will focus on the technical details of the CVE-2023-2071 remote code execution vulnerability and how it was discovered, as well as provide an overview of the protocol used for both the RCE and DoS vulnerabilities. Additionally, we will offer technical details about the vulnerability and demonstrate the exploitation method. By sharing this research with the larger security community, we aim to emphasize the importance of collaboration in the effort to secure platforms and devices.

Suspicious remote registry query

One of the primary responsibilities of the Microsoft Defender for IoT research team is to ensure that the product properly analyzes various operational technology (OT) and Internet of Things (IoT) protocols. During this process, we observed a legitimate packet capture of two devices communicating using the Common Industrial Protocol (CIP), with one device sending a request containing a path to a registry value named “ProductCode,” and the other device responding with what appeared to be the product code value. The lack of encryption and absence of prior authentication in the communication raised concerns, as it appeared to involve a remote registry query. Further investigation revealed that the requesting device was an engineering workstation, and the responding device was an HMI – specifically, PanelView Plus.

We hypothesized that this remote registry querying functionality could be abused by querying system keys to access secrets or even gain remote control. To validate this hypothesis, we needed to locate the code responsible for this functionality. Since the two devices communicated using the CIP, our first step was to understand the protocol in depth.

Screenshot of the packet that triggered our investigation and led to our discovery of the vulnerability
Figure 1. The packet that triggered our investigation

Object-oriented protocol for industrial automation applications

CIP is an industrial protocol designed for industrial automation applications. Various vendors in the industrial sector utilize this protocol, and the communication we observed took place over Ethernet/IP – a protocol that adapts CIP to standard Ethernet.

According to the official CIP documentation: “A CIP node is modeled as a collection of Objects. (…) A Class is a set of Objects that all represent the same kind of system component. An Object Instance is the actual representation of a particular Object within a Class.”

From this description, we can deduce that CIP is an object-oriented protocol, where messages are directed towards specific objects, identified by their Class ID and Object Instance ID. Additionally, the term “Service Code” is defined as: “An integer identification value which denotes an action request that can be directed at a particular object instance or object attribute”. Therefore, when messaging an object, we should also specify a Service Code, which informs the object what action it should perform.

The CIP specification outlines common Class IDs and Service IDs, as well as ranges for vendor-specific IDs.

Screenshot of the packet, showing Class ID, Service ID, and vendor-specific ID.
Figure 2. The packet’s fields

Returning to the packet capture, we observed that both Service ID and Class ID values were vendor specific. This means that to understand the meaning of these Class and Service IDs and locate the code responsible for the functionality, we must analyze the HMI firmware.

Firmware analysis

According to Rockwell Automation’s online resources, PanelView Plus HMIs operate on the Windows 10 IoT (or Windows CE for older versions) operating system. We were able to extract the DLLs and executables related to Rockwell Automation from the most recent firmware. There are several DLLs responsible for receiving different Class IDs and processing their requests, one of which is responsible for processing the Class ID we observed in the packet capture.

Screenshot of registry query data from CIP
Figure 3 Registry query by data from CIP

Upon examining the functionality associated with this Class ID, we confirmed that it is indeed responsible for querying the registry and sending the value in the response. However, we also discovered that the code managing this functionality performs input verification, allowing the reading of registry values only from specific Rockwell keys.

Potentially exploitable custom class

Although our initial hypothesis was proven incorrect, this finding allowed us to gain valuable insights into Rockwell’s process of handling different CIP classes. Additionally, we learned how to identify the classes that a specific DLL is responsible for processing. This knowledge leads us to our second hypothesis: there might be another custom class, managed by the same DLL as the one responsible for the registry class, that could be exploited to gain remote control of the device.

Remote code execution

We began analyzing the DLL that handles the custom CIP class for reading and writing registry keys and discovered that this DLL also manages two other undocumented custom CIP classes from Rockwell. We decided to investigate these classes further to determine if they could be exploited for our attack and help validate our hypothesis.

Custom class 1

The first class we examined had an intriguing functionality: it accepts a path to a DLL file, a function name, and a third parameter as input. It then loads the DLL using LoadLibrary and calls the specified function using GetProcAddress, passing the third parameter as an argument.

Screenshot of LoadLibrary
Figure 4 LoadLibrary based on CIP data

This seemed like a possible avenue for executing arbitrary code. However, there was a catch: the class included a verification function that checked if the DLL name was remotehelper.dll and if the function name was one of the predefined values. If these conditions were not met, the class would return an error and not execute the function.

Custom class 2

Next, we examined the second class found within the same DLL. This class allowed reading and writing files on the device. It also included a verification function, but it was more permissive: it only checked whether the path for reading/writing began with a specific string. We realized that this class could potentially be exploited by uploading a malicious DLL to the device and place it in almost any location.

Exploitation approach

Having gained a comprehensive understanding of the vulnerabilities, we had an idea of how an attacker could utilize the two custom classes to launch code remotely on the device. The idea was to compile a DLL compatible with Windows 10 IoT, the operating system of the device. This DLL would contain the code we wanted to run on the device and would be exported under the name GetVersion, which is one of the valid function names that can be invoked by custom class 1. We would then use custom class 2 to upload our DLL to the device, placing it in a random folder and naming it remotehelper.dll. Finally, we would execute it using custom class 1.

Diagram showing the exploitation approach, from compiling malicious DLL, uploading the DLL using custom class 2, and invoking the DLL using custom class 1
Figure 5. Exploitation approach

To further explore how the vulnerability can be exploited, we decided to leverage an existing function in the original remotehelper.dll file. We discovered that this file had an export called InvokeExe, which allowed running any executable file on the device. However, this function was not in the list of valid function names for custom class 1, so we could not use it directly. To overcome this obstacle, we patched the remotehelper.dll file and altered one of the valid export names to point to the InvokeExe function. We then uploaded our patched DLL to the device, placing it in a different folder than the original. Subsequently, we used custom class 1 to invoke our patched DLL and run cmd.exe, which granted us a command shell on the device. We confirmed that the exploit was successful and that we had gained full control of the device.

Diagram showing the exploit POC using the exploitation approach we described in this blog
Figure 6. Exploit PoC

Mitigation and protection guidance

Microsoft recommends the following measures to help protect organizations from attacks that take advantage of the PanelView Plus vulnerabilities shared in this blog post:

To assist with identifying impacted devices, Microsoft released a tool for scanning and performing forensics investigation on Rockwell Rslogix devices as part of its arsenal of open-source tools available on GitHub.

Microsoft Defender for IoT detections

Microsoft Defender for IoT provides the following protection measures against these vulnerabilities, associated exploits, and other malicious behavior:  

  • Defender for IoT detects and classifies devices that use CIP.  
  • Defender for IoT raises alerts on unauthorized access to devices using CIP, and abnormal behavior in these devices.  
  • Defender for IoT raises alerts if a threat actor attempts to exploit these vulnerabilities. Alert type: “Suspicion of Malicious Activity”.

Yuval Gordon
Microsoft Threat Intelligence Community

References

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn at https://www.linkedin.com/showcase/microsoft-threat-intelligence, and on X (formerly Twitter) at https://twitter.com/MsftSecIntel.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast: https://thecyberwire.com/podcasts/microsoft-threat-intelligence.

The post Vulnerabilities in PanelView Plus devices could lead to remote code execution appeared first on Microsoft Security Blog.

]]>
How to achieve cloud-native endpoint management with Microsoft Intune http://approjects.co.za/?big=en-us/microsoft-365/blog/2024/06/12/how-to-achieve-cloud-native-endpoint-management-with-microsoft-intune/ Wed, 12 Jun 2024 15:00:00 +0000 In this post, we’re focusing on what it really takes for organizations to become fully cloud-native in endpoint management—from the strategic leadership to the tactical execution.

The post How to achieve cloud-native endpoint management with Microsoft Intune appeared first on Microsoft Security Blog.

]]>
This is the final blog post in our series highlighting the increasing benefits of becoming fully cloud-native in endpoint management with Microsoft Intune.

In our first post, we talked about why more of our customers are migrating to cloud-native endpoint management. Our second post presented a three-phase model for how customers can go cloud-native with Intune. In this final post, we’re focusing on what it really takes for organizations to make this valuable change—from the strategic leadership to the tactical execution.

A security professional working on a cloud migration project

Microsoft Intune

Your command center for endpoint management

Get started 

A change in vision

“Copilot…frees up my time to use my expertise to create more value, and spend less time on lower-value activities, and instead focus on what drives impact and drives change for our clients.”—Sally Penson, Head of Transforming Delivery, UK Insights

Microsoft Copilot for Security and Copilot in Intune signals a shift in the information technology and security landscape. While it is relatively easy to envision how individual tasks and routines may be changed by AI and automation, it is harder to see exactly how this will impact business in five years and beyond, but there’s little doubt it will be significant. Imagining what that impact may be is critical to understanding the opportunities and challenges ahead, and re-defining your capital “V” Vision for your enterprise is fundamental to making the most of it.

Historically, IT has been treated like an electrical utility—make sure that the information is flowing, and if it isn’t, get it back with as little disruption as possible. The future will be a very different place. As I see it, IT is at the start of a truly radical change. Routine maintenance and troubleshooting will be automated away or made easier. This leaves experienced technology experts with more time to focus. They will need to use their knowledge of your business and technology to become value-creators—this is the change in vision that will need to come from the top.

“Have a growth mindset and invest time into developing and learning the ever-evolving technology of cloud management.”—IT administrator, Thorlabs Inc.

BUILD A FOUNDATION FOR AI SUCCESSTechnology and data strategy 

Setting the stage for this transformation now—by expanding your corporate vision to encompass the new tech landscape—can help with the next level of change. But successful implementation will depend on how well you can help your IT professionals align their own vision of their roles, and of themselves, to the changing technology landscape. One theme we hear over and again—especially from customers who have spent years learning and mastering the complex controls and arcana of endpoint management—is “Why would I give up the total control I have now?” or “why fix what isn’t broken?”

These questions and concerns are common to those who have built and mastered their craft in the utility model: This is a complex system that I understand and manage expertly, and it enables the flow of information exactly as we need. This is a model that prioritizes knowledge of and experience with processes and tools. Experts should rightly be proud of their abilities, and some systems and processes simply can’t be updated. The challenge is that for the systems that can be updated, the processes, tools, maintenance, and the complexity of systems will be vastly different. In a world with Copilot and AI-aided automation, process will be secondary to data. The knowledge and experience of problem-solving and of how to harness technology to improve your business will become more valuable than the knowledge of tools. Instead of merely keeping the information flowing, IT teams will need to tap into that flow to find new efficiencies and business opportunities.

And while I am confident in the impacts we will see, I don’t want to leap too far into the future.

Changing the vision of the role of IT administrator isn’t going to happen overnight. The first change that can lay the groundwork for the new mindset the future will require is to prepare your organization to take advantage of the AI and automation that’s already here. That means going cloud-native and moving endpoint management to Intune. Less radical than the changes to come, but no less jarring—this move eliminates the need for a lot of specialized equipment and specialized knowledge of the tools that run it all. It also requires a re-imagining of security, policies, and approaches to endpoint management. Faced with having to start fresh in creating these policies, many choose the status quo. But as we talked about in our first post in this series, moving endpoints to the cloud grants access to the value-add of cloud management and the next generation of technologies. So a fresh mindset is needed, along with a fresh look at device configuration and compliance policies.

I make no assertions that such change is easily accomplished. In fact, we have customers with the directive to change the vision at the top who are stymied at the point of implementation. The human element, the vision an IT admin has for their own future, must be given consideration—and a plan.

A change in process

“It’s time to leave behind the old mindset and start from the beginning.”—IT administrator, Multinational Chemical Company

We have found that the combination of inertia and inherent complexity in making a change to endpoint management solutions causes a lot of hesitation. No one wants to be the one who pushes the button to make the information stop flowing—even if you assure them no such button exists. Customers who have had successful migrations to Intune overcome this hesitation by creating smaller pilot programs, rolling out changes incrementally, and identifying and organizing “champions”—stakeholders committed to the project who advocate for its adoption. Hewlett Packard Enterprise even shared their advice with us for this case study.

With this approach, potential negative outcomes are limited. Small wins can be quantified, and champions help with communicating clearly what’s happening to other stakeholders at every step, building trust and easing minds.

A change in our process

We have heard from customers that the power and flexibility of the Intune platform presents an array of options and configurations that can be daunting. It isn’t possible for our experts to embed with every customer every day—though the FastTrack and Customer Acceleration Teams provide great support and can consult on particularly complex scenarios. What those teams hear over and over is “just tell us what to do.” So we at Intune have decided to change our process a bit, to help our customers to change theirs.

As part of this new approach, we’ve created what we call “one-size-fits-most” guidance to help configure the basic settings companies need to get endpoints more secure and productive with Intune. We’ve also streamlined the Microsoft Intune documentation hub, highlighting this guidance and making the path to implementation a little clearer. Our hope is that the IT administrators tasked with actually making Intune “go” will have the confidence to do just that.

We have also cultivated a robust community around Intune, full of fellow IT administrators and support professionals—which can be a great resource when that “one-size” approach doesn’t quite fit. Find the Intune Tech Community, and engage our Intune customer success team on X or their Tech Community page.

For those whose job entails proving the return on investment (ROI) of Intune we’ve even published a new tool that helps you calculate your ROI with Intune.

Learn more about Microsoft Intune

The post How to achieve cloud-native endpoint management with Microsoft Intune appeared first on Microsoft Security Blog.

]]>
​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-named-as-a-leader-in-three-idc-marketscapes-for-modern/ba-p/4083116 Thu, 14 Mar 2024 16:00:00 +0000 Microsoft was named a Leader in IDC MarketScape for Worldwide Modern Endpoint Security across Enterprise, Midsize, and Small Businesses.

The post ​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 appeared first on Microsoft Security Blog.

]]>
Organizations have seen the number of human-operated ransomware attacks increase more than 200% since September 2022 and about 70% of organizations encountering these attacks had fewer than 500 employees[1]. With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security (MES) market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft continues to develop solutions that help protect organizations of all sizes and today we are thrilled to announce that we have been recognized as a Leader in the IDC MarketScape reports for Worldwide Modern Endpoint Security across three (3) segments for enterprise[2], midsize[3], and small businesses[4] – the only vendor positioned in the “Leaders” category in all three reports. 

thumbnail image 1 of blog post titled 
	
	
	 
	
	
	
				
		
			
				
						
							​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024

IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. 

Microsoft Defender for Endpoint is a comprehensive enterprise endpoint security platform that helps organizations secure their digital estate across Linux, macOS, Windows, iOS, Android, and Internet of Things (IoT). It provides AI-powered, industry-leading endpoint detection and response that is core to Microsoft Defender XDR that enables organizations to build a holistic approach with full visibility and signal correlation across security domains. Built on the industry’s broadest threat intelligence informed by more than 65 trillion daily signals and over 10,000 security experts, Defender for Endpoint empowers security teams to fend off sophisticated threats. With the scale and sophistication of enterprise device security in mind, these are some of the ways Defender for Endpoint uniquely empowers analysts:  

  • Automatically disrupt ransomware: Terminate sophisticated cyberthreat campaigns like ransomware, business email compromise and adversary-in-the-middle early in the kill chain with automatic attack disruption — an industry-first, Microsoft-patented capability that helps you outmaneuver attackers.  
  • Move at machine speed with Security Copilot: Use the industry’s first generative AI security product, embedded in Defender for Endpoint, that enables analysts to use natural language to speed up daily tasks such as investigating and responding to incidents, prioritizing alerts, and upskilling. 
  • Put security posture into action: Your best offense is a secure defense, made possible with built-in vulnerability management capabilities like Microsoft Secure Score. Improve the collective security configuration state of your devices with in-console, prioritized recommendations optimized to reinforce best practices across the application, operating system, network, accounts, and controls. Validate your ideal configuration levels against benchmarks collected from vendors, security feeds, and Microsoft Security’s research teams. 
  • Catch adversaries early on: Create early-stage, high-fidelity signals that force adversaries to be correct 100% of the time with built-in deception techniques and automatically generate and disperse decoys and lures at scale that resemble real users and assets in your organization. 

Small and medium businesses (SMBs) face an even more challenging landscape—with increasing cyberthreats, coupled with even more limited security staff or expertise. Built on the principle that SMBs need a similar level of protection as enterprises, Microsoft Defender for Business brings many enterprise-grade capabilities from Defender for Endpoint in a simplified and affordable package for organizations with 1-300 employees. Key capabilities for Defender for Business include endpoint detection and response (EDR) with industry first attack disruption, vulnerability management, attack surface reduction (ASR), next-generation antivirus, and automated investigation and response. It supports platforms such as Windows, MacOS, Android, iOS, and Linux. Many features have been optimized for SMBs and include: 

  • Quickly and easily onboard your devices: Wizard-based onboarding gets you up and running quickly with out-of-the-box security policies that are “on by default” and a simplified management experience makes it easy for even non-technical users to manage security operations.  
  • Get peace of mind with automatic attack disruption: AI-powered attack disruption helps automatically contain ransomware attacks by limiting lateral movement from compromised users or devices. This capability is on-by default, so it is easy for SMBs to stay protected. 
  • Protect mobile devices from one solution: You can onboard iOS and Android onto Defender for Business without requiring additional device management solutions or costly add-ons. 
  • Share security insights in a simple format: Monthly security summary reports help you better understand the security status of your identity, devices, data, and applications by seeing threats prevented and detected and recommendations to strengthen your security posture. 

Defender for Business is available as a standalone and as part of the Microsoft 365 Business Premium suite. Microsoft 365 Business Premium brings together Office apps, Microsoft 365 services and Teams, with comprehensive security. In addition to ransomware protection with Defender for Business, other key security capabilities include identity and access protection with Microsoft Entra ID Plan 1, safeguarding against phishing attacks and malware in email, OneDrive and Teams with Defender for Office 365, data protection with Microsoft Purview Information Protection, and device management with Microsoft Intune.  

Many SMB customers also rely on Managed Service Provider (MSP) partners to secure their environments. In recognition of the key role that partners play in serving SMB customers, Microsoft has made product investments to help enable partners to deliver security services at scale:

  • Manage multiple customers in one place with Microsoft 365 Lighthouse: View security incidents and alerts, create and apply security baselines across all customers, and configure customized email alerts for delivery to users, groups, or third-party ticketing systems such as Professional Services Automation (PSA) systems. 
  • Build out your security services: Use streaming APIs to stream device events for advanced hunting and attack disruption.  
  • Integrate with 3rd party Managed Detection and Response services: Many MSPs do not have the in-house security resources to build their own security operations center (SOC). Integrate with leading Managed Detection and Response (MDR) services such as Blackpoint Cyber and ConnectWise.   

Learn More

Read more about our comprehensive set of security solutions for enterprise, midsize, and small business.  

You can also download the excerpts of the following reports for more details: 

[2]- IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024) 

[3]- IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024) 

[4]- IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024)  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

Reference 

[1]- Microsoft Digital Defense Report, Microsoft. 2023. 

2 Likes

 Like

The post ​​Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 appeared first on Microsoft Security Blog.

]]>
3 new ways the Microsoft Intune Suite offers security, simplification, and savings http://approjects.co.za/?big=en-us/security/blog/2024/02/01/3-new-ways-the-microsoft-intune-suite-offers-security-simplification-and-savings/ Thu, 01 Feb 2024 17:00:00 +0000 The main components of the Microsoft Intune Suite are now generally available. Read about how consolidated endpoint management adds value and functionality for security teams.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

]]>
Today, we are taking a significant step in completing the delivery of functionality we promised when we first unveiled the vision for the Microsoft Intune Suite.1 We are launching three new solutions: Microsoft Intune Enterprise Application Management, Microsoft Intune Advanced Analytics, and Microsoft Cloud PKI. With these additions, the Intune Suite now goes beyond unified endpoint management to bring you a comprehensive collection of advanced cross-platform capabilities across three core areas: streamlined application security, secure access to on-premises and private cloud resources, and improved troubleshooting and support. While we will continue to add more functionality over time, today’s release marks “the end of the beginning,” as the main components of the Intune Suite are generally available this month. As such, let’s take the opportunity to recap the principles behind the value and functionality of the Intune Suite.

Microsoft Intune

Enhance security and IT efficiency with the Microsoft Intune Suite.

a desktop computer sitting on top of a desk

The broad value of the Intune Suite

While the solutions of the Intune Suite launched at different points in time, three fundamental principles have been there from the beginning.

First, one place for workloads adjacent to Unified Endpoint Management. If you’re currently using a mix of third-party solutions, the integrated experience in Microsoft Intune provides security and efficiency on multiple levels. First, one unified solution means fewer integrations to manage across third parties, meaning fewer attack vectors for malicious actors. And second, on a deeper level, the broader Intune proposition (both Intune Suite and Intune) is integrated with Microsoft 365 and Microsoft Security solutions. This provides a consolidated and seamless experience for IT professionals with a single pane of glass for end-to-end endpoint management.

Second, all parts of the Intune Suite are ready to support your cloud and AI-enabled future. Intune Suite will help accelerate organizations’ digital transformation to cloud native and simplify their IT operations. Additionally, data from Intune Suite are consolidated with other Intune and security data, meaning complete visibility across the device estate, informing and improving emerging technologies like Microsoft Copilot for Security. The more interrelated data that Copilot can use, the more it can proactively advise on the next best action.

Lastly, Intune Suite is available in a single unified plan. So, rather than having separate solutions for remote assistance, privilege management, analytics, and more, these advanced solutions can all be consolidated and simplified into one. This provides value in two ways: directly, by reducing the overall licensing cost, as the cost of Intune Suite is less than purchasing separate solutions; and the economic value of the Intune Suite is also in indirect savings: no need to manage separate vendors, train IT admins on separate tools, or maintain costly on-premises public key infrastructure (PKI). The Intune Suite makes it easier for IT admins, reducing overhead costs.

“With what we get out of Intune Suite, we can eliminate other products that our customers need. It’s now a suite of many components that enable customers who want to consolidate solutions and save money.”

—Mattias Melkersen Kalvåg, Mobility and Windows Management Consultant at MINDCORE, and| Microsoft Certified Professional & MVP

From today: A comprehensive suite across applications, access needs, and support

Let’s get into specifics. For application security, Enterprise App Management helps you find, deploy, and update your enterprise apps. And Endpoint Privilege Management lets you manage elevation rules on a per-app basis so that even standard users can run approved privileged apps. Cloud PKI lets you manage certificates from the cloud in lieu of complex, on-premises PKI infrastructure. And Microsoft Tunnel for Mobile Application Management (MAM) is perfect for unenrolled, personal mobile devices, to help broker secure access to line of business apps. Advanced Analytics gives you data-rich insights across your endpoints. And Remote Help lets you view and control your PCs, Mac computers, and specialized mobile devices, right from the Intune admin center. Let us take each of those three product areas in turn.

Increase endpoint security with Enterprise App Management and Endpoint Privilege Management

Enterprise App Management gives you a new app catalog, allowing you to easily distribute managed apps, but also keep them patched and always up to date. With this initial release, you will be able to discover and deploy highly popular, pre-packaged apps, so you no longer need to scour the Internet to find their installation files, repackage, and upload them into Intune. Simply add and deploy the apps directly from their app publishers. You can also allow the apps you trust to self-update, and when a new update is available, it is just one click to update all your devices with that app installed. We will continuously expand and enrich the app catalog functionality in future releases to further advance your endpoint security posture and simplify operations. 

“I’m very excited about Enterprise App Management as it’s powered by a strong app catalog and natively integrated in Intune. This single pane of glass experience is what we’re all looking for.”

—Niklas Tinner, Microsoft MVP and Senior Endpoint Engineer at baseVISION AG

For more control over your apps, with Endpoint Privilege Management, you can scope temporary privilege elevation, based on approved apps and processes. Then, as a user in scope for this policy, you can elevate only the processes and apps that have been approved. For example, users can only run a single app for a short period of time as an administrator. Unlike other approaches that give local admin permissions or virtually unlimited scope, you can selectively allow a user to elevate in a one-off scenario by requesting Intune admin approval, without you needing to define the policy ahead of time.

“Endpoint Privilege Management offers tight integration into the operating system. And the focus that Microsoft has over only elevating specific actions and apps versus making you an admin for a period of time—this is security at its best, going for the least privileged access.”

—Michael Mardahl, Cloud Architect at Apento

Cloud PKI and Microsoft Tunnel for MAM powers secure access

With Cloud PKI, providing both root and issuing Certificate Authorities (CA) in the cloud, you can simply set up a PKI in minutes, manage the certificate lifecycle, reduce the need for extensive technical expertise and tools, and minimize the effort and cost of maintaining on-premises infrastructure. In addition, support for Bring-Your-Own CA is available, allowing you to anchor Intune’s Issuing CA to your own private CA. Certificates can be deployed automatically to Intune-managed devices for scenarios such as authentication to Wi-Fi, VPN, and more; a modern PKI management option that works well to secure access with Microsoft Entra certificate-based authentication. In the initial release, Cloud PKI will also work with your current Active Directory Certificate Services for SSL and TLS certificates, but you do not need to deploy certificate revocation lists, Intune certificate connectors, Network Device Enrollment Service (NDES) servers, or any reverse proxy infrastructure. You can issue, renew, or revoke certificates directly from the Intune admin center automatically or manually. 

Microsoft Tunnel for MAM helps secure mobile access to your private resources. Microsoft Tunnel for MAM works similarly to Microsoft Tunnel for managed devices; however, with this advanced solution, Microsoft Tunnel for MAM works with user-owned (non-enrolled) iOS and Android devices. Microsoft Tunnel for MAM provides secure VPN access at the app level, for just the apps and browser (including Microsoft Edge) your IT admin explicitly authorizes. So, for personally owned devices, the user can access approved apps, without your company’s data moving onto the user’s personal device. App protection policies protect the data within the apps, preventing unauthorized data leakage to other apps or cloud storage locations.

“Cloud PKI within the Intune Suite allows you to go cloud native in terms of certificate deployment, which means you can provision PKIs with just a few clicks—that’s a blessing for all the IT administrators. With this built-in service, Microsoft hosts everything for you to manage certificates.”  

—Niklas Tinner

Resolve support issues quicker with Advanced Analytics and Remote Help

Advanced Analytics in Intune is a powerful set of tools for actionable reporting and AI-driven analytics. It provides deep, near real-time insights into your connected devices and managed apps that help you understand, anticipate, and proactively improve the user experience. We continue to infuse AI and machine learning into our analytics products. For example, you can get ahead of battery degradation in your device fleet through our advanced statistical analysis and use that information to prioritize hardware updates. Intune Suite now includes real-time device querying on-demand using Kusto Query Language for individual devices, useful for troubleshooting and resolving support calls quicker.

With Remote Help, you can also streamline the way you remotely view and interact with your managed devices, for both user-requested or unattended sessions. As a help desk technician, you can securely connect to both enrolled and unenrolled devices. Users also have peace of mind in being able to validate the technician’s identity, to avoid help desk spoofing attempts. Right now, Remote Help works for remote viewing and controlling in Windows PCs and Android dedicated Enterprise devices, and supports remote viewing for macOS. Especially useful for frontline workers, Remote Help for Android allows help desk administrators to configure and troubleshoot unattended devices, meaning issues can be revolved off-shift.

“Remote Help takes away the requirement and the need for third-party remote help tools. Remote Help is native, it’s interactive, and you don’t have to worry about installing anything, it’s already there. It’s part of Intune, it’s part of the build.”

—Matthew Czarnoch, Cloud and Infrastructure Operations Manager at RLS (Registration and Licensing Services)

To see many of these new capabilities in action, we invite you to watch this new Microsoft Mechanics video.

Analyst recognition for Microsoft

With the additions to the Intune Suite now available, IT can power a more secure and productive future at an important time as AI comes online. Notably, analyst recognition is validating the importance of its value. For example, Microsoft again assumes the strongest leadership position in the Omdia Universe: Digital Workspace Management and Unified Endpoint Management Platforms 2024. Omdia wrote: “Microsoft is focused on reducing management costs by utilizing the Microsoft Intune Suite and integrating different solutions with it.” They added: “The company plans to invest in Endpoint Analytics and Security Copilot to introduce data-driven management, helping IT professionals shift from reactive, repetitive tasks to strategic ones by utilizing Endpoint Analytics and automation.” Omdia’s recognition follows that from others like Forrester, who named Microsoft as a Leader in The Forrester Wave™ for Unified Endpoint Management, Q4 2023.

Get started with consolidated endpoint management solutions with the Microsoft Intune Suite

The February 2024 release of the solutions in the Intune Suite marks a key milestone, offering a consolidated, comprehensive solution set together in a cost-effective bundle (and available as individual add-on solutions) for any plan that includes Intune. And in April 2024, they will also be available to organizations and agencies of the United States government community cloud. We look forward to hearing your reactions to the new Intune Suite.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Ease the burden of managing and protecting endpoints with Microsoft advanced solutions, Dilip Radhakrishnan and Gideon Bibliowicz. April 5, 2022.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

The Forrester Wave™: Unified Endpoint Management, Q4 2023, Andrew Hewitt, Glen O’Donnell, Angela Lozada, Rachel Birrell. November 19, 2023.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft Security Blog.

]]>
Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms http://approjects.co.za/?big=en-us/security/blog/2024/01/12/microsoft-is-named-a-leader-in-the-2023-gartner-magic-quadrant-for-endpoint-protection-platforms/ Fri, 12 Jan 2024 17:00:00 +0000 Gartner has named Microsoft a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.

The post Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

]]>
It’s no secret that ransomware is top of mind for many chief information security officers (CISOs) as the number of attacks has increased exponentially. As seen in the latest Microsoft Digital Defense Report, our “telemetry indicates that organizations faced an increased rate of ransomware attacks compared to last year, with the number of human-operated ransomware attacks up more than 200% since September 2022.”1 In addition, organizations on average employ 80 security tools that can further overwhelm security analysts with data and alerts, while offering at best an obscured view of their environment. Scaling device protection and security operations center (SOC) efficiency by simplifying, automating, and augmenting security analyst workstreams is paramount to countering this dynamic and core to our product vision. 

Today we are excited to announce that Gartner has named Microsoft a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms. We believe this recognition showcases Microsoft’s continued progress and excellence in helping organizations protect their endpoints against even the most sophisticated attacks and driving continued efficiency for SOC teams.

Microsoft Defender for Endpoint is an endpoint security platform that helps organizations secure their digital estate using AI-powered, industry-leading endpoint detection and response across all platforms, devices, and Internet of Things (IoT). It is core to Microsoft Defender XDR. Built on the industry’s broadest threat intelligence informed by more than 65 trillion daily signals and over 10,000 security experts, it empowers security teams to fend off sophisticated threats.1

The 2023 Gartner Magic Quadrant for Endpoint Protection Platforms as of December 2023. Companies are categorized as Leaders, Challengers, Visionaries, or Niche Players based on their ability to execute and completeness of vision. Microsoft is named a Leader.

Figure 1. Gartner® Magic QuadrantTM for Endpoint Protection Platforms. Source: Gartner (December 2023).

Microsoft’s leadership in endpoint security reflects the close partnership forged with customers that has shaped our product development and innovation. Recent highlights include:

  • Elevate your security posture: An organization’s best offense is a secure defense. Key to minimizing threat exposure is a combination of simplified security settings management to curtail misconfigurations (generally available as of November 2023), proactive vulnerability management to harden your defenses, and next-generation antivirus to neutralize malware at the perimeter. Defender for Endpoint is unique in providing built-in posture assessments and vulnerability management capabilities that continually evaluate an organization’s security posture and prioritizes remediation suggestions. Other security vendors treat these capabilities as a separate product that must be integrated, further burdening organizations that require such protections up front. Additionally, Defender for Endpoint’s next-generation antivirus, which has been tested and recognized in various industry tests, such as the 2023 MITRE Engenuity ATT&CK® Evaluations, fortifies the strong prevention stack to protect against endpoint-based threats.
  • Protect against the most sophisticated threats: Drawing on vast threat intelligence informed by 65 trillion daily signals and more than 10,000 security experts around the globe, Microsoft possesses a unique vantage point on the emerging threat landscape.1 Microsoft Defender XDR’s industry-first automatic attack disruption capability reflects this distinctive position, harnessing the seamless integration across the workloads (identities, endpoints, email, and software as a service [SaaS] apps) to disrupt advanced cyberthreats such as ransomware, business email compromise, and attacker-in-the-middle with high confidence. Attack disruption has rapidly evolved to now stopping human-operated attacks, on average within 3 minutes, with just Defender for Endpoint. Coupled with the new deception capabilities introduced in November 2023, automatic attack disruption can disrupt threat campaigns even earlier with the high-fidelity signal.
  • Secure all devices across the enterprise: Defender for Endpoint continued to expand its coverage with network detection and enterprise IoT devices included at no added cost as a part of Microsoft 365 E5 and E5 Security plans. Cross-platform enhancements across macOS, Linux, and Windows regularly roll out, keeping customers at the forefront of available protections.

Endpoint security is at the core of the Microsoft Defender suite. The following recent innovations reinforce Microsoft’s leadership in helping SOCs scale protection and efficiency on a platform level.

  • See and act on a complete view of the digital threat landscape with an AI-powered, unified security operations platform: In November 2023, we announced the industry’s first unified platform that will help close the talent gap for security and data professionals and accelerate SOC efficiency. Defender for Endpoint is core to this platform. It combines “the power of leading solutions in security information and event management (SIEM), extended detection and response (XDR), and generative AI for security.” By working seamlessly across Microsoft Sentinel, Microsoft Defender XDR, and Microsoft Security Copilot, security analysts only need to work with a single set of automation rules and playbooks. Plus, they only need to use plain language to execute complex tasks in an instant with Security Copilot embedded in the platform.
  • Give your security team coverage with around-the-clock access to Microsoft expertise: Recognizing that sophisticated threats go beyond the endpoint, Microsoft introduced Microsoft Defender Experts for XDR. This managed service is available 24 hours a day, 7 days a week, helping organizations extend their SOC team to fully triage events and respond to incidents across domains.

Download the complimentary report to get more details on our positioning as a Leader. Our customers and partners have been an invaluable part of this multiyear journey. We owe our immense gratitude to you.

Unmatched customer impact defending against ransomware

With capabilities unique to Microsoft Defender such as automatic attack disruption, the odds are starting to tilt in favor of defenders. For example, in August 2023, hackers compromised the devices of a medical research lab. With lives and millions of dollars in research at stake, the potential reward for hackers to encrypt the devices and demand a ransom was high. Automatic attack disruption immediately shut them out from accessing any of the lab’s devices. And the security analysts didn’t even have to lift a finger.

Thanks to the invaluable partnership and insights from organizations of all sizes around the globe, Microsoft has been named a Leader in every Gartner® Magic QuadrantTM for Endpoint Protection Platforms report since 2019. In 2024 customers will continue to see leading innovation as we further build on a strong foundation of AI-enabled capabilities to empower defenders and drive efficiencies for SOC teams with more automated disruption of advanced threats, Microsoft Security Copilot supported tasks, and more.

Are you a regular user of Microsoft Defender for Endpoint? Review your experience on Gartner Peer Insights™ and get a $25 gift card. 

Microsoft Defender for Endpoint

Protect every layer of your environment with a unified security operations platform embedded with Microsoft Security Copilot.

Security practitioner checking security posture while working from home.

Learn more

We know that diving deep into how a solution really works is key to making any investment. If you are not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to start evaluating the leading endpoint protection platform.

Person typing on laptop with Microsoft cyberthreat protection screen

Cybersecurity and AI news

Discover the latest trends and best practices in cyberthreat protection and AI for cybersecurity.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report, Microsoft. 2023.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Max Taggett, Franz Hinner, Nikul Patel, 31 December 2023.

Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Microsoft is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms appeared first on Microsoft Security Blog.

]]>
Forrester names Microsoft Intune a Leader in the 2023 Forrester Wave™ for Unified Endpoint Management http://approjects.co.za/?big=en-us/security/blog/2023/11/28/forrester-names-microsoft-intune-a-leader-in-the-2023-forrester-wave-for-unified-endpoint-management/ Tue, 28 Nov 2023 17:00:00 +0000 The Forrester Wave™: Unified Endpoint Management, Q4 2023 report recognizes Intune as a leader. Find out how it helps secure systems and simplify management, reduces costs, and frees up resources for creativity and innovation.

The post Forrester names Microsoft Intune a Leader in the 2023 Forrester Wave™ for Unified Endpoint Management appeared first on Microsoft Security Blog.

]]>
Maintaining a secure and optimized digital environment allows new ideas to flourish wherever they occur. In the modern workplace, where devices and locations are no longer fixed, Microsoft Intune eases the task of managing and protecting the endpoints of businesses everywhere. It helps secure systems and simplify management, reduces costs, and frees up resources for creativity and innovation, which propel real business growth. The Forrester Wave Unified Endpoint Management, Q4 2023 report recognizes Intune as a Leader.

Wave graphic showing Microsoft is identified as a leader in Unified Endpoint Management scoring higher than competitors in strategy and Market presence.

Propelling business growth

The Forrester report recognizes the advances made to the Microsoft Intune platform in the last year:

This new platform approach aims to help customers simplify management, reduce costs, and transform experiences with AI and automation, all factors that enable Microsoft to vastly outperform others across key metrics like devices under management and revenue growth.

Moving to cloud management with Intune aids customers in applying Zero Trust security principles, improves user experience, and streamlines operations with AI and automation. Exemplary endpoint management doesn’t often get the credit for propelling business growth like research and development initiatives. But companies that reduce the administrative overhead on their talent have more hours and focused attention available to tackle more challenges and innovate. And “talent” isn’t just made up of users; IT and security teams can tackle more valuable projects after simplifying and automating management tasks for themselves. As just one example, new cloud-based controls to manage the local admin passwords for Windows devices make this critical security operation simpler and reduces the need for on-premises resources.

The report also made note of the Microsoft Intune Suite, saying “it includes new support for mobile application management (MAM)-only, ruggedized, remote control, privilege management, and DEX (digital experience) use cases.”

The Intune Suite extends the capabilities of Intune and powers better digital experiences. Solutions like Endpoint Privilege Management ease the burdens on help desks and keep users productive, and Remote Help makes real-time troubleshooting faster, easier, and more secure for users and administrators alike. The time saved and frustration spared keep everyone focused on progress rather than process.

Defining the endpoint management experience 

In The Unified Endpoint Management Landscape, Q3 2023 report, Forrester offers this market definition of unified endpoint management: “[Unified endpoint management] solutions help EUC (end user computing) professionals balance three priorities at once: exceptional DEX, cost-efficient management, and foundational threat prevention.” 

Exceptional digital experience

How is the Intune digital experience exceptional? Devices are verified as healthy and made more secure without impeding the flow of work—or even rising to the notice of the user. Zero-touch provisioning with Autopilot creates a seamless out-of-box experience. Single sign-on, recently added to Intune’s now-comprehensive MacOS management capabilities, reduces password fatigue and helps users get to work with fewer interruptions. Mobile application management allows users to use their own mobile and Windows devices to access secure resources without enrollment, allowing them greater freedom to work (and be inspired) where they see fit. That Intune works so well with Microsoft Entra ID, Microsoft Defender, Windows, and Windows 365, further enhances the experience of work with fewer hassles and greater peace of mind.

Cost-efficient management

As a truly unified platform, Intune allows admins to manage Windows, Linux, MacOS, Android, iOS, and specialty devices. This reduces the burden of consolidating data from multiple sources and of switching between tools for privilege management, update management, and user experience. Intune instead offers broad management and protection capabilities and true visibility into endpoint performance in one place. With the Intune Suite, the productivity of admins and users can be accelerated even more.

Many enterprises are able to realize the value of Intune at no additional cost as part of their Microsoft 365 licenses. Additional savings can be realized by consolidating specialized management tools with redundant features, by retiring on-premises infrastructure, and by moving to true cloud-native management. Automation of tasks with flows, PowerShell runbooks, and scripts extends efficiency into the day-to-day operations of administrators, and the ability to grant Conditional Access to bring-your-own devices eases the need for dedicated, company-owned devices for employees. The reduction in support tickets and security incidents afforded by the baselines and tools that keep devices compliant and hardened against threat reduce costs of remediation.

Foundational threat prevention

Microsoft Intune offers fundamental capabilities for creating and enforcing Zero Trust security at enterprise scale, and was given the top score in the Security category of the report. Device health compliance capabilities help keep potentially compromised devices from accessing sensitive resources. Privilege management and Conditional Access policy enforcement permit users to remain productive without increasing risk. The ability to define and enforce data protection policies at the device level keeps information flowing to the right places and helps prevent it from leaking to the wrong ones. Using Intune in concert with Microsoft Defender for Endpoint extends the security capabilities even further.

Strategic strength

The Forrester Wave™: Unified Endpoint Management, Q4 2023 report evaluates product strategy in addition to current features when identifying leaders, and Microsoft received the highest possible score in this area. According to the Forrester report, The Unified Endpoint Management Landscape, Q3 2023, “AI will fundamentally change the job of endpoint administrators, allowing them to query endpoints faster and more granularly, help inform policy decisions, and even replace scripting.”

Microsoft has begun to realize that future today with insights driven by machine learning already informing the Intune service. SOC and IT admins using Intune and the Intune Suite will see data from those services used by Microsoft Security Copilot, and expanded capabilities will emerge as the technology evolves.  

Innovation and improvements to Intune are driven by our engineers, partners, and customers. We’re grateful to all our stakeholders for the hard work, extensive feedback, and broad adoption of Intune (Forrester indicates Microsoft has the largest Market presence, too) that has enabled the solution to become a leader in unified endpoint management.

Microsoft Intune

Protect and manage endpoints in one place.

Chief information security officer collaborating with a practitioner in a security operations center.

Learn more

While we hope that this recognition gives confidence to all those who are interested in Intune, we know that diving deep into how a solution really works is key to making any investment. Check out Intune and Windows Tech Takeoff sessions to get technical breakdowns of existing workloads and explore what’s new.  You can also subscribe to our ongoing news by returning to the Microsoft Intune blog home then join the conversation on Twitter at @MSIntune and LinkedIn.

Learn more about Microsoft Intune.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.


The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. 

Forrester Wave™: Unified Endpoint Management, Q4 2023, Andrew Hewitt, Glen O’Donnell, Angela Lozada, Rachel Birrell. November 19, 2023. 

The post Forrester names Microsoft Intune a Leader in the 2023 Forrester Wave™ for Unified Endpoint Management appeared first on Microsoft Security Blog.

]]>
Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report http://approjects.co.za/?big=en-us/security/blog/2023/10/23/forrester-names-microsoft-a-leader-in-the-2023-endpoint-security-wave-report/ Mon, 23 Oct 2023 16:00:00 +0000 Microsoft has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023 report.

The post Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report appeared first on Microsoft Security Blog.

]]>
We are excited to share that Microsoft has been named a Leader in The Forrester Wave™: Endpoint Security, Q4 2023. Microsoft received the highest possible scores in the strategy category for the vision and roadmap criteria. Forrester notes, “Microsoft’s outstanding roadmap for endpoint security includes expanding [Microsoft Defender for Endpoint] functionality to operational technology (OT) and Internet of Things (IOT) devices and continuing its strategy of building an extensive partner community.”

In the current offering category, Microsoft achieved the highest possible scores in the threat intelligence, suite automation, endpoint, including performance impact, runtime behavior detection and response protection, network cyberthreat detection, mobile device security, behavioral analysis capabilities, and vulnerability patching remediation criteria. Forrester also noted, “Being natively integrated into Windows minimizes the agent performance overhead…the Defender agent performs well on other operating systems (OS), and the agent’s runtime behavior protection functions integrate into conditional access methods that can provide device trust.”

Microsoft Defender for Endpoint

Discover and secure endpoint devices across your multiplatform enterprise.

a person sitting on the seat of a car

AI and SOC efficiency: core to our vision and roadmap

As Vasu Jakkal, Corporate Vice President, Security, Compliance, Identity, and Management, Microsoft, states in her blog, the global shortage of skilled security professionals and the continued, unprecedented cybersecurity threats faced by organizations have been key drivers to create and integrate new technologies to help tip the scales in favor of security teams.

AI is one such technology. Bringing its breakthroughs, such as generative AI, within reach of organizations of all sizes has been core to Microsoft Defender for Endpoint’s strategy. AI goes hand-in-hand with security operations center (SOC) efficiency that spans our vision of protecting every endpoint on the planet for organizations of all sizes to our roadmap of capabilities that empower security teams to outmaneuver sophisticated adversaries. Automatic attack disruption, Microsoft Security Copilot, and native settings management are just three examples of how our vision and roadmap are already transforming the SOC in recent months.

Disrupting ransomware early in the cyberattack chain with automatic attack disruption

Gif demonstrating automatic attack disruption.

Figure 1. How automatic attack disruption stops a ransomware attack.

Security teams need every advantage in the fight against ransomware. Introduced in November 2022, Microsoft 365 Defender’s unique, industry-first automatic attack disruption stops the most sophisticated cyberattack campaigns—such as ransomware, business email compromise, and attacker-in-the-middle—at machine speed by leveraging multidomain signals across the extended detection and response (XDR) platform. This capability combines our industry-leading detection with AI enforcement mechanisms to block cyberthreats and limit their spread within the organization. In October 2023, we introduced the next evolution of automatic attack disruption that stops human-operated cyberattacks earlier in the cyberattack chain in a decentralized way across devices. This industry-first, Microsoft-patented capability contains compromised users across devices just by deploying Defender for Endpoint, bringing this XDR AI-powered security within reach of even more organizations.

Accelerating investigation and response with Security Copilot

Screenshot of the Microsoft 365 Defender portal where Microsoft Security Copilot is embedded in a security analyst workflow where they use natural language to create a complex KQL query for advanced hunting.

Figure 2. Microsoft 365 Defender portal showing Security Copilot within advanced hunting editor.

Security professionals are scarce, and we must empower them to disrupt cyberattackers’ traditional advantages. With this challenge in mind, we introduced Microsoft Security Copilot in March 2023. It is the industry’s first generative AI security product that allows security teams to move at machine speed. It combines OpenAI’s GPT-4 generative AI model with Microsoft’s security-specific model informed by our unique global threat intelligence and more than 65 trillion daily signals.1 This month, organizations started gaining access to Security Copilot. Embedded within Microsoft 365 Defender’s existing analyst workflows, Security Copilot simplifies complex tasks with capabilities like guided response actions, and provides intuitive, actionable insight across the cyberthreat landscape such as summarized incidents in natural language.

Fast-tracking setup with simplified settings management

Screenshot of the Microsoft 365 Defender portal settings management experience across Windows, mac, and iOS so that the security analyst can remain within this portal.

Figure 3. Security policy interface in the Microsoft 365 Defender portal.

Helping security teams move with speed and agility doesn’t always require AI. Security teams can now set up and configure Defender for Endpoint so much faster with simplified security settings management, announced in July 2023. The new streamlined approach is all contained within the unified Microsoft 365 Defender portal experience, supported across the multiplatform workloads of Windows, MacOS, and Linux. While the Microsoft Intune portal is no longer required as part of the setup experience, Microsoft Defender for Endpoint continues to work great with Intune, sharing a single consistent source of truth for endpoint security settings.  

In the coming months we look forward to introducing more AI-powered and efficiency-focused capabilities across all platforms.

Industry-leading endpoint security

Microsoft Defender for Endpoint is core to Microsoft 365 Defender, our XDR solution that spans identities, endpoints, cloud apps, email, and documents. Microsoft 365 Defender delivers intelligent, automated, and integrated security in a unified security operations experience, with detailed cyberthreat analytics and insights, unified threat hunting, and rapid detection and automation across domains—detecting and stopping cyberattacks anywhere in the cyberattack chain and eliminating persistent cyberthreats.

Our continued leadership in security is due in part to the close partnership we have with customers who give us continuous feedback in the product development process. We are grateful for their continued trust in us and are committed to delivering innovative security capabilities that help them secure their organizations.

Our mission is to empower security teams with the best security capabilities in the industry so that you can focus on what’s important: preventing and remediating cyberthreats.

You can download the report to get more details about our position as a Leader. We thank our customers and partners for being on this journey with us.

Recognition across the industry

Defender for Endpoint has consistently been recognized as delivering as an industry leader across analyst and customer evaluations:

Learn more

Microsoft Defender for Endpoint is a comprehensive, AI-powered endpoint security across platforms, devices, and IoT. With our solution, organizations can automatically disrupt ransomware on any platform. If you are not yet taking advantage of Microsoft’s unrivaled cyberthreat optics and proven capabilities, sign up for a free trial of Microsoft Defender for Endpoint today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (formerly known as “Twitter”) (@MSFTSecurity) for the latest news and updates on cybersecurity.


1Microsoft Digital Defense Report 2023, Microsoft. 2023.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.


Forrester Wave™: Endpoint Security, Q4 2023, Paddy Harrington, Merritt Maxim, Angela Lozada, Christine Turley. October 18, 2023.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Chris Silva, 31 December 2022. Gartner is a registered trademark and service mark and Magic Quadrant is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post Forrester names Microsoft a Leader in the 2023 Endpoint Security Wave™ report appeared first on Microsoft Security Blog.

]]>