On Monday, January 26, 2026, in Redmond, Washington, we brought together the all‑star players of the Microsoft Intelligent Security Association (MISA), partners, finalists, and Microsoft security leaders—to honor the innovators, defenders, and visionaries driving the future of cybersecurity.

Honoring excellence in security innovation

Just like in any great sport, success comes from strong teamwork and relentless practice. Over the past year, our partners have pushed the boundaries of what’s possible—from pioneering AI‑powered threat intelligence to advancing Zero Trust strategies that keep organizations safer than ever. The finalists and winners represent the very best of this collective effort: disciplined, innovative, and deeply committed players who raise the bar for everyone on the field.

After careful review of all nominations, our esteemed judging panel selected five finalists per category, with winners selected by votes from Microsoft and MISA members. We’re honored to recognize these standout contributors—thank you for being the teammates who make the whole ecosystem stronger.

Security Trailblazer

Partners that have delivered innovative AI-powered solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Avertium—Winner
• Avanade
• Bulletproof
• ExtraHop
• Ontinue

Data Security and Compliance Trailblazer

Partners recognized for leading innovative solutions and providing comprehensive strategies to secure customer data with Microsoft Purview. These leaders help customers protect data everywhere, address regulatory needs, and drive AI-powered outcomes with expertise across Purview’s advanced security and advisory services.

• BlueVoyant—Winner
• Invoke LLC
• Netrix Global
• Quorum Cyber
• water IT Security GmbH

Secure Access Trailblazer

Partners recognized for pioneering innovation in identity, security, and management using Microsoft Entra and Microsoft Intune. Their solutions advance secure access and endpoint management, applying Zero Trust principles to protect organizations and deliver strong security outcomes.

• Tata Consultancy Services—Winner
• Cayosoft
• Devicie
• IBM Consulting
• Inspark

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Anna Bordioug, Protiviti—Winner
• Jon Kessler, Epiq
• Justine Wolters, Cloud Life
• Mario Espinoza, Illumio
• Nithin RameGowda, Skysecure Technologies Pvt Ltd

Security Software Development Company of the Year

Security software development companies with standout AI-powered solutions that integrate with Microsoft Security products, delivering exceptional value and customer experiences while driving industry impact and adoption.

• Illumio—Winner
• ContraForce
• Darktrace
• inforcer
• Tanium

Security Services Partner of the Year   

Security Services partners that excel at integrating Microsoft products with security services, delivering strong results, driving adoption of Microsoft Security solutions, and leveraging advanced AI for innovation, sales, and customer support.

• Invoke LLC—Winner
• BlueVoyant
• Cloud4C
• Shanghai Flyingnets
• Quorum Cyber

Looking ahead: Stronger together

Congratulations once again to this year’s exceptional winners, and sincere appreciation to everyone who joined us in honoring our outstanding cybersecurity team players. Their unwavering commitment, innovative spirit, and deep expertise drive progress not only within our community but also across the industry as a whole. Together, their efforts empower us to advance our shared mission of creating a safer, more resilient digital world for all. We look forward to building on this momentum and continuing our collaborative journey toward a secure future.

Learn more

Learn more about the Microsoft Intelligent Security Association.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog.

In San Francisco, California, on Monday, April 28, 2025, we gathered our cybersecurity superheroes―Microsoft Intelligent Security Association (MISA) member finalists and winners. Together with Microsoft leadership, we celebrated the innovative defenders who are leading the charge against cybercriminals to ensure people and organizations can thrive.

“Congratulations to this year’s Microsoft Security Excellence Awards winners, and to all the incredible nominees,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business. “Our partners are the frontline defenders in an ever-changing cybersecurity landscape, working tirelessly to protect organizations and individuals from emerging cyberthreats. Their innovation and commitment are instrumental in advancing security worldwide. Together, we’re strengthening defenses and shaping the future of security.”

Celebrating the superheroes of cybersecurity

The past year has been a testament to the power of collaboration. From deploying AI-powered threat intelligence to fortifying Zero Trust strategies, our partners have continued to raise the bar. Together, we’re stronger, smarter, and more resilient in the face of growing cyberthreats.

The Microsoft Security Excellence Awards honor outstanding contributions across several categories. This year’s finalists and winners have demonstrated not only technical excellence but also a firm commitment to strengthening security for the organizations that rely on them. They’re the best of the best—pushing boundaries and embracing cutting-edge security technologies.

After a review of all the award nominations, our review panel created a shortlist of five nominees per category, with winners determined by votes from Microsoft and MISA members. Congratulations to you all!

Security Trailblazer

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• BlueVoyant—Winner
• Darktrace
• HCLTech
• Kocho
• Wortell

Data Security and Compliance Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in developing outcomes that provide a comprehensive approach to securing customer data with the Microsoft Purview platform.

• Avanade—Winner
• eShare
• Lighthouse
• Protiviti
• Quorum Cyber

Identity Trailblazer

Partners that are leaders in the identity space and have driven identity-related initiatives and delivered innovative solutions or services with Microsoft Entra ID.

• PwC—Winner
• IDmelon
• Kloudynet
• Oxford Computer Group
• Patriot Consulting

Endpoint Management Trailblazer

Partners that have proven expertise in helping customers modernize their endpoint and device management posture while enabling organizations to reduce costs.

• Bridewell—Winner
• Cloud4C
• Devicie
• InSpark
• Shanghai Flyingnets Information Technology Co., LTD.

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• EY—Winner
• 1Password
• Cyclotron
• Epiq
• Threatscape

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Micah Heaton, Executive Director, BlueVoyant—Winner
• Federico Charosky, Chief Executive Officer, Quorum Cyber
• Femke Cornelissen, Chief Copilot, Wortell
• Harman Kaur, Vice President (VP) of Artificial Intelligence, Tanium
• Sharon Ko, VP of Product Management, Armor

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• LTIMindtree Ltd—Winner
• BUI
• Jamf
• Orange Cyberdefense
• Silverfort

Security ISV of the Year

Independent software vendors (ISVs) that are all-around powerhouses and have innovative security solutions that integrate with a MISA-qualifying security product and demonstrate differentiated value and excellent customer experiences.

• Netskope—Winner
• ContraForce
• Delinea
• Kovrr
• Tanium

Security MSSP of the Year   

Managed security service providers (MSSPs) that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services and drive new security workloads, pipeline, usage, and consumption.       

• Quorum Cyber—Winner
• baseVISION AG
• glueckkanja AG
• Performanta
• Transparity

Meet the award presenters

This year’s awards were presented by Microsoft executives who recognize and support the critical role our partners play in cybersecurity:

Security Trailblazer: Andrew Conway, Vice President, Security Business and Marketing

Data Security and Compliance Trailblazer: Herain Oberoi, General Manager, Data Security, Governance, Compliance, Privacy Business and Marketing

Identity Trailblazer: Irina Nechaeva, General Manager, Identity and Network Access

Endpoint Management Trailblazer: Talal Alqinawi, Senior Director, Product Marketing Intune

Security Customer Champion: Nicole Ford, Vice President, Customer Security Officer

Security Changemaker: Vasu Jakkal, Corporate Vice President, Security Business

Diversity in Security: Dorothy Li, Corporate Vice President Security Copilot, Ecosystem and Marketplace

Security ISV of the Year: Steve Dispensa, Corporate Vice President Security Business Development

Security MSSP of the Year: Alym Rayani, Vice President Security GTM

Looking ahead: Stronger together

Congratulations again to this year’s winners and many thanks to all who were able to join us for a special evening celebrating our cybersecurity superheroes. Their dedication and expertise help us all move forward in our shared mission to build a safer, more secure world for everyone.

For anyone attending RSAC Conference from April 28 to May 1, 2025, be sure to stop by the Microsoft Booth 5744 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. Don’t miss these informative sessions:

• Wortell—Unified SecOps: Defending Critical Infrastructure with Microsoft Defender. Tuesday, April 29, 2025, 3:00 PM PT to 3:20 PM PT.
• Contraforce—Be Fast as Lightning: Automate Microsoft Defender XDR and Microsoft Sentinel Service Delivery. Tuesday, April 29, 2025, 3:30 PM PT to 3:50 PM PT.
• Microsoft Security—Unlocking Opportunities: A Guide to Partnering with Microsoft. Wednesday, April 30, 2025, 11:30 AM PT to 11:50 AM PT.
• EY—EY Security Copilot Powered Solutions. Wednesday, April 30, 2025, 12:00 PM PT to 12:20 PM PT.
• Netskope—Simplifying Data Security for the Modern Network with Microsoft Purview and Netskope One. Wednesday, April 30, 2025, 5:30 PM PT to 5:50 PM PT.
• Oxford Computer Group—Creating Bespoke Identity Governance Solutions with Microsoft Entra Suite. Thursday, May 1, 2025, 11:30 AM PT to 11:50 AM PT.

Learn more

Learn more about the Microsoft Intelligent Security Association.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2025 Security Excellence Awards winners appeared first on Microsoft Security Blog.

Alongside applauding our partners’ achievements, we highlighted the transformative impact of AI in security. AI is the defining technology of our time, revolutionizing how we anticipate, prevent, and respond to threats. MISA—a coalition of Microsoft leaders and subject matter experts, independent software vendors (ISVs), and managed security service providers (MSSPs)—and its members play a pivotal role in driving this evolution, ensuring a safer digital future for everyone.

Together, we work to defend organizations around the world from increasing cyberthreats. In San Francisco, California, on May 6, 2024, the first day of RSA Conference 2024 (RSAC), we were honored to bring together MISA members and Microsoft Security leadership to honor the top finalists and announce award winners.

“I’m so pleased to congratulate this year’s Microsoft Security Excellence awards recipients and to acknowledge all those who were nominated,” said Vasu Jakkal, Corporate Vice President, Microsoft Security Business. “Our partner community plays such an important role in helping our customers navigate a rapidly evolving cybersecurity landscape. Each of this year’s recipients demonstrates true innovation and an inspiring dedication to the mission of security. We are so proud to work alongside them in a shared commitment to building a safer world for everyone.”

Celebrating innovation and impact

This year we streamlined the award categories to spotlight the achievements that not only redefine our industry but also significantly advance our collective mission towards a more secure and efficient digital future.

We also introduced a new award category: the Endpoint Management Trailblazer, which celebrates partners’ contributions to modernizing endpoint and device management. As the landscape of cyberthreats continues to evolve, the security perimeter of organizations extends beyond traditional boundaries, making endpoint management more critical than ever.

Effective endpoint and device management ensures that every device connected to an organization’s network is continuously monitored and secured, reducing the risk of breaches. This not only includes safeguarding the devices themselves but also involves managing access to networks and data in a way that keeps up with the dynamic nature of cyberthreats.

By spotlighting our partners who excel in this area, we aim to underscore the importance of adopting forward-thinking security measures that align with the modern workplace’s needs, ultimately fostering a safer and more resilient digital environment for businesses and their stakeholders.

Meet the leaders behind this year’s awards

Executives from across Microsoft came together to recognize and celebrate all the award winner finalists and winners, including:

Security Trailblazer: Alym Rayani, Vice President Security GTM.

Compliance and Privacy Trailblazer: Herain Oberoi, General Manager, Data Security, Governance, Compliance, and Privacy.

Identity Trailblazer: Irina Nechaeva, General Manager, Identity and Network Access; and Morgan Webb, Principle Group Manager, Security Customer Experience Engineering.

Endpoint Management Trailblazer: Dilip Radhakrishnan, General Manager, Microsoft Intune.

Security Customer Champion: Jeffrey York, Vice President, Security Partner Investments and Incentives.

Security Changemaker: Ann Choi, General Manager, Commercial Cloud Partner Strategy.

Diversity in Security: Tara Knapp, Director, Security Business Development; and Tara Ragan, Channel Strategy and Operations Manager, Lighthouse.

Security MSSP of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

Security ISV of the Year: Vasu Jakkal, Corporate Vice President, Microsoft Security Business.

2024 Security Excellence Award winners

In line with this year’s theme focused on the evolution of cybersecurity, we’re proud to spotlight the key role of innovative technology and dedicated individuals in shaping a more secure future. After receiving many impressive award nominations, our review panel shortlisted five nominees for each category, with winners determined by votes from Microsoft and MISA members. The finalists and winners in each category are:

Security Trailblazer 

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Bulletproof—Winner
• Atech Cloud
• BlueVoyant
• Kovrr
• Performanta

Compliance and Privacy Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in driving holistic or end-to-end Microsoft compliance or privacy strategy with customers.

• Lighthouse—Winner
• archTIS
• Infotechtion
• PwC
• Secude

Identity Trailblazer

Partners that are leaders in the identity space, have driven identity-related initiatives, and delivered innovative solutions or services with Microsoft Entra ID.

• Thales—Winner
• InSpark
• Oxford Computer Group
• Valence Security
• Wipro

Endpoint Management Trailblazer

Partners that have proven expertise in helping customers modernize their endpoint and device management posture while enabling organizations to reduce costs.

• water IT Security—Winner
• CGI
• Insight
• Senserva
• Synergy Advisors

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• Ascent Solutions—Winner
• Protiviti
• PwC
• Quorum Cyber
• Tanium

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Anna Webb, Kocho—Winner
• Adrianna Chen, D3 Security
• Ricardo Nicolini, Bulletproof
• Scott Edwards, Summit 7
• Tom Boltman, Kovrr

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• Avanade—Winner
• Check Point
• CyberProof a UST Company
• Entrust
• Eviden

Security MSSP of the Year  

MSSPs that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services that drive the end-to-end Microsoft Security stack to our mutual customers.       

• Wortell—Winner
• Difenda
• glueckkanja AG
• Quorum Cyber
• Transparity

Security ISV of the Year

ISVs that are all-around powerhouses, show growth potential, and have innovative security solutions that integrate with a MISA-qualifying security product.

• ContraForce—Winner
• Kovrr
• Netskope
• Senserva
• Silverfort

We’re ready for what’s next 

This was an amazing evening, bringing together MISA members, Microsoft executives, and future security experts. Many thanks to all who came, and congratulations again to all our finalists and winners. One constant within the ever-changing world of cybersecurity is the way our community comes together to protect and empower customers. We look forward to seeing everything you accomplish in the upcoming year. 

If you’re at RSA Conference May 6-9, 2024, come and visit us at the Microsoft Booth 6044 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. We’d love to see you at the following Theater sessions: 

• ContraForce and Bulletproof—Hyperautomation for SecOps Service Management. Tuesday, May 7, 2024, 5:00 PM PT to 5:20 PM PT.
• glueckkanja AG—Use Microsoft Copilot for Security to bring context to your incidents. Tuesday, May 7, 2024, 5:30 PM PT to 5:50 PM PT.  
• Kovrr—The need for Shift Up Strategy: Financially Quantifying C-Suite Cyber Risk Management Decisions. Wednesday, May 8, 2024, 5:00 PM PT to 5:20 PM PT. 
• Darktrace—Combining the power of Darktrace & Microsoft Copilot for Security to Empower the Modern SOC. Wednesday, May 8, 2024, 5:30 PM PT to 5:50 PM PT.
• Avanade—Real world stories of using Microsoft Purview Data Protection to enable responsible adoption of Copilot for Microsoft 365. ​Thursday May 9, 2024, 10:30 AM PT to 10:50 AM PT. 

Learn more

Learn more about the Microsoft Intelligent Security Association.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2024 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.

Software as a service (SaaS) adoption has accelerated at a lightning speed, enabling collaboration, automation, and innovation for businesses large and small across every industry vertical—from government, education, financial service to tech companies. Every SaaS application is now expanding its offering to allow better integration with the enterprise ecosystem and advanced collaboration features, becoming more of a “platform” than an “application.” To further complicate the security landscape, business users are managing these SaaS applications with little to no security oversight, creating a decentralized administration model. All this is leading to a growing risk surface with complex misconfigurations that can expose organization’s identities, sensitive data, and business processes to malicious actors. 

To combat this challenge, Valence and Microsoft Security work together to ensure that SaaS applications are configured according to the best security practices and improve the security posture of identities configured in each individual SaaS application. Together, Valence and Microsoft:  

• Centrally manage SaaS identities permissions and access.
• Enforce strong authentication by ensuring proper MFA (multi-factor authentication) and SSO (single sign-on) enrollment and managing local SaaS users.
• Detect and revoke unauthorized non-human SaaS identities such as APIs, service accounts, and tokens.
• Incorporate SaaS threat detection capabilities to improve SaaS incident response.

As most of the sensitive corporate data shifted from on-prem devices to the cloud, security teams need to ensure they manage the risks of how this data is being accessed and managed. Integrating Valence’s SaaS Security with the Microsoft Security ecosystem now provides a winning solution. 

SaaS applications are prime targets  

Recent high profile breaches have shown that attackers are targeting SaaS applications and are leveraging misconfigurations and human errors to gain high privilege access to sensitive applications and data. While many organizations have implemented SSO and MFA as their main line of defense when it comes to SaaS, recent major breaches have proven otherwise. Attackers have identified that MFA fatigue, social engineering and targeting the SaaS providers themselves can bypass many of the existing mechanisms that security teams have put in place. These add to high-profile breaches where attackers leveraged legitimate third-party open authorization (OAuth) tokens to gain unauthorized access to SaaS applications, and many more attack examples. 

State of SaaS security risks 

According to our 2023 SaaS Security Report which analyzed real SaaS environments to measure their security posture before they implemented an effective SaaS security program. The results showed that every organization didn’t enforce MFA on 100% of their identities—there are some exceptions, such as service accounts, contractors, and shared accounts, or simply lack of effective monitoring of drift. In addition, one out of eight SaaS accounts are dormant and not actively used. Offboarding users is not only important to save costs, but attackers also like to target these accounts for account takeover attacks since they are typically less monitored. Other key stats were that 90% of externally shared files haven’t been used by external collaborators for at least 90 days and that every organization has granted multiple third-party vendors organization-wide access to their emails, files, and calendars. 

Figure 1. Top SaaS Security gaps identified in the 2023 State of SaaS Security Report.

Holistic SaaS security strategy 

Establishing a holistic SaaS security strategy requires to bring together many elements—from shadow SaaS discovery, through strong authentication, identity management of both humans and non-humans, managing and remediating SaaS misconfigurations, enforcing data leakage prevention policies, and finally, establishing scalable incident response. Valence and Microsoft take security teams one step further toward a more holistic approach. 

Valence joined the Microsoft Intelligence Security Association (MISA) and integrated with Microsoft security products—Microsoft Entra ID and ​​​​Microsoft Sentinel—to enhance customers’ capabilities to manage their SaaS risks, effectively remediate them, and respond to SaaS breaches. The Valence SaaS Security Platform provides insight and context on SaaS risks such as misconfigurations, identities, data shares, and SaaS-to-SaaS integrations. Extending existing controls with SaaS Security Posture Management (SSPM) capabilities and SaaS risk remediation capabilities. Valence is also a proud participant of the Partner Private Preview of Microsoft Copilot for Security. This involves working with Microsoft product teams to help shape Copilot for Security product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Copilot for Security’s extensibility. 

Figure 2. Illustrative data: The Valence Platform provides a single pane of glass to find and fix SaaS risk across four core use cases: data protection, SaaS to SaaS governance, identity security, and configuration management. 

Secure SaaS human and non-human identities

In the modern identity-first environment, most attackers focus on targeting high privilege users, dormant accounts, and other risks. Enforcing zero trust access has become a core strategy for many security teams. Security teams need to identify all the identities they need to secure. Microsoft Entra SSO management combined with Valence’s SaaS application monitoring—to detect accounts created—provides a holistic view into human identities and non-human (Enterprise Applications, service accounts, APIs, OAuth and 3rd party apps).  

Microsoft Entra ID centrally enforces strong authentication such as MFA and Valence discovers enforcement gaps or users that are not managed by the central SSO. Valence also monitors the SaaS applications themselves to discover the privileges granted to each identity and provides recommendations on how to enforce least privilege with minimal administrative access. To continuously validate verification based on risks, the final piece of zero trust strategy, Valence leverages the risky users and service principals signals from Microsoft Entra ID and combines them with signals from other SaaS applications for a holistic view into identity risks. 

Protect SaaS applications 

Microsoft has a wide SaaS offering that is fueling enterprise innovation. These services are central to core business functions and employee collaboration, cover many use cases, and are spread across multiple business units, but are tied together in many cases such as identity and access management, and therefore their security posture is often related as well. Managing the security posture of SaaS services can be complex because of the multiple configurations and the potential cross service effects that require security teams to build their expertise across a wide range of SaaS.  

Many security teams view SaaS apps as part of their more holistic view into SaaS security posture management and would like to create cross-SaaS security policies and enforce them. Valence’s platform integrates with Microsoft Entra ID and other SaaS services using Microsoft via Microsoft Graph to normalize the complex data sets and enable security teams to closely monitor the security posture of their SaaS applications in Microsoft alongside the rest of their SaaS environment. 

Enhance SaaS threat detection and incident response 

Improving SaaS security posture proactively reduces the chances of a breach, but unfortunately SaaS breaches can still occur, and organizations need to prepare their threat detection coverage and incident response plans. The built in human and non-human identity threat detection capabilities of Microsoft Entra ID, combined with Microsoft Sentinel log correlation and security automation, and Microsoft Copilot for Security’s advanced AI capabilities, create a powerful combination to detect and respond to threats. Valence expands existing detections from compromised endpoint and identity with important SaaS context—for example, did the compromise device belong to a SaaS admin user? Did the compromised identity perform suspicious activities in other SaaS applications? The expanded detections provide critical insights to prioritize and assess the blast radius of breaches. Additionally, Valence’s SaaS threat detection can trigger threat detection workflows in Microsoft products based on its unique indicator of compromise monitoring. 

Together, Valence and Microsoft combine the best of all worlds when it comes to SaaS security. From SaaS discovery, through SaaS security posture management, remediating risks, and detecting threats—Valence and Microsoft enable secure adoption of SaaS applications. Modern SaaS risks and security challenges require a holistic view into SaaS risk management and remediation. Get started today. 

About Valence Security 

Valence is a leading SaaS security company that combines SSPM and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications. With Valence, security teams can empower their business to securely adopt SaaS. Valence is backed by leading cybersecurity investors like Microsoft’s M12 and YL Ventures, and is trusted by leading organizations. Valence is available for purchase through Azure Marketplace. For more information, visit their website. 

Be among the first to hear about new products, capabilities, and offerings at Microsoft Secure digital event on March 13, 2024.​ Learn from industry luminaries and influencers. Register today.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Secure SaaS applications with Valence Security and Microsoft Security​​ appeared first on Microsoft Security Blog.

In a scenario familiar to many universities worldwide, Claremont Graduate University (CGU), a renowned research university located in Southern California, was struggling with how to bring Oracle PeopleSoft Campus Solutions into its Microsoft 365 and Microsoft Entra ID (formerly Azure Active Directory) environment and enable multifactor authentication and single sign-on (SSO) for students and staff who access Oracle PeopleSoft on a daily basis. The only option for the resource-strapped IT department seemed to be an expensive development effort until the university discovered Datawiza and accomplished its goal in just a few weeks.

CGU lacked security expertise and SDK programming experience to connect PeopleSoft to Microsoft Entra ID themselves. The IT team also lacked the resources to consult with PeopleSoft, Microsoft, and outside security resources, or had to hire a third party to do the project. The combination of Datawiza and Microsoft enabled CGU to quickly and easily connect PeopleSoft to Microsoft Entra ID and enable multifactor authentication and SSO. Datawiza swiftly crafted a proof of concept that CGU then thoroughly tested. Once approved, Datawiza promptly configured the solution to precisely suit the university’s needs, subsequently transitioning it to production.

Universities like CGU rely on PeopleSoft, one of the first client-server solutions introduced in the 1990s to store student records, which typically includes personally identifiable information (PII), such as social security numbers, credit card numbers, transcripts, schedules, financial aid history, and more. Though it remains a powerful and functional solution, PeopleSoft has no built-in support for modern security standards such as multifactor authentication or SSO, nor does it easily connect to Microsoft Entra ID to bridge the gap.

As a result, CGU students and staff needed to log into an application outside of their secure Microsoft account to access and update information in PeopleSoft. This led to confusion and frustration for them and significant ongoing support issues and trouble tickets related to password management. It also increased security risks as users who must remember multiple passwords are more likely to write them down and leave them where others can access them.

“With Datawiza, CGU was able to rapidly enhance security and improve the user experience for Oracle PeopleSoft through [multifactor authentication] and SSO without having to go through the time and expense of coding their own connector,” said Manoj Chitre, Associate Vice President and Chief Information Officer, Technology Services and Information Systems at Claremont Graduate University. “The response from students and staff has been tremendous. Users no longer need to maintain and remember a separate PeopleSoft password, and the number of trouble tickets related to PeopleSoft login issues has plummeted.”

Today, nearly 2,000 GCU students and staff access PeopleSoft through multifactor authentication and their single SSO password, completely eliminating the unnecessary security risk, as well as all the time and resource-consuming effort associated with IT having to maintain a separate password environment for PeopleSoft.

“Microsoft Entra ID is the flagship of our identity and access solutions which help organizations secure access to everything in a hybrid, multicloud world. We are pleased to see companies like Datawiza support this mission through the Microsoft Intelligent Security Association.” 

– Irina Nechaeva, General Manager, Identity, Microsoft

Datawiza, the Zero Trust Access Management Platform

Datawiza provides Microsoft Entra ID-based SSO and multifactor authentication integration with PeopleSoft using Security Assertion Markup Language (SAML) or OpenID Connect. The cloud-native, no-code or low-code Datawiza platform can be deployed in minutes and connected to PeopleSoft—and other legacy or on-premises applications—without the need for Oracle Access Manager or Oracle Identity Cloud Service and without any application patches or additional installations for the existing PeopleSoft deployment.

Once PeopleSoft is connected to Microsoft Entra ID, IT administrators can also easily apply existing Microsoft Entra Conditional Access policies to PeopleSoft.

Datawiza is a simple, highly secure platform consisting of two major components. The Datawiza Access Proxy (DAP) is a lightweight container-based proxy. DAP integrates with identity providers to enable SSO, multifactor authentication, and granular authorization. DAP can be deployed in a customer’s environment or hosted by the Datawiza Cloud. The Datawiza Cloud Management Console (DCMC) is a centralized console for configuring access policies. DCMC aggregates logs and provides visibility. Once the solution is set up and configured by Datawiza, IT administrators will only need to manage user access through the DCMC.

Datawiza: A trusted solution

Datawiza joined the Microsoft Intelligent Security Association Program (MISA) in February 2021, and the solution has previously been described in detail in a MISA blog post. Datawiza is also a fully managed service built by security experts, eliminating the need for a university’s IT team to deploy and manage a new solution or hire or contract with additional security expertise. This makes the combination of Datawiza and Microsoft the easiest and most powerful way to rapidly improve security and user access for the valuable data stored in PeopleSoft.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Learn more

The Datawiza Platform is available in the Microsoft commercial marketplace. More information and a free trial are also available on the Datawiza website.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.    

Learn more about Microsoft Entra ID.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post How Datawiza uses Microsoft Entra ID to help universities simplify access appeared first on Microsoft Security Blog.

Along with every merger and acquisition between two companies comes the need to combine and strengthen their IT infrastructure. In particular, there is an immediate and profound impact on the identity and access management (IAM) postures of both companies. With a newly combined workforce, where does all the user information live? Where are the authentications going to be handled? What changes are going to be made for authorization to applications; will users have access to the apps of the other organization? All these problems must be solved quickly in order to provide continuous day-to-day operations in a secure way.

While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and time-consuming process. The untangling (and re-entangling) of dozens or hundreds of enterprise applications and their identity stacks takes time and deliberation. Meanwhile, there may be immense pressure from users and app owners for secure access to the appropriate apps, along with pressure from regulators and investors to unlock and demonstrate value from the combined organization. Not to mention the pressure from investors and the board to deliver immediate value after the transaction’s close.

As one of the most comprehensive and advanced IAM platforms available today, Microsoft Entra ID is often the choice to be the dominant set of identity services in the combined architecture. Microsoft strives to make the merger and acquisition process as easy as possible and works with Strata Identity for a seamless integration. Strata’s Maverics Identity Orchestration platform does this by acting as abstraction layer to accelerate and simplify the path to consolidation.

The identity challenges with mergers and acquisitions

Addressing IAM issues is one of the most pressing issues in a merger and acquisition scenario. Typically, other operational issues such as application workloads can continue to operate in their status quo indefinitely until such time as it makes sense to address them. The cybersecurity implications of user access, however, are immediate and need to be addressed quickly, whether this be through some sort of identity consolidation, or through a higher-level abstraction encompassing the existing systems.

One factor that makes a migration complex is the tendency for applications to be tightly coupled with their current identity provider (IdP). When creating an application, developers and app owners may end up writing code that is very specific to their current IdP. Switching that IdP is seldom trivial, especially for long-lived applications that may have been written against a now-legacy protocol, or may have “rolled their own” authentication and authorization. Very often this calls for a complete rewrite of the application; an onerous task that is particularly daunting years or decades after its inception, when the original app team may be long gone.

This makes the common natural approach of wholesale migration somewhat untenable, especially with the time constraints imposed by governance and regulation. Even disregarding those factors, the sheer expense of refactoring and rewriting a sizable portion of your application library—anything older than about five years is probably using an outdated security profile—is prohibitively expensive.

The end goal in a merger and acquisition scenario is to quickly (and cost effectively) transition to a unified and tractable IAM posture, despite having a mix of user pools, protocols, and applications tightly coupled. Such transitions often need to happen in weeks or months, whereas a wholesale rewrite-and-migration might take years.

Microsoft Entra ID

Safeguard your organization with a cloud identity and access management solution that connects employees, customers, and partners to their apps, devices, and data.

Learn more and try free

Addressing your merger and acquisition challenges with Microsoft Entra ID and Strata Identity

Strata Identity takes a different approach to the challenges of managing disparate identity systems during a merger or acquisition. Instead of focusing on a migration of identities, Strata’s Maverics Identity Orchestration Platform provides an abstraction layer on top of your apps, IdPs, and services to enable you to create your own identity fabric.

The Maverics Platform is composed of individual Orchestrators distributed throughout the target environment. These lightweight Orchestrators can live anywhere within the infrastructure on any operating system within Kubernetes clusters or just on standalone virtual machines. They act as a distributed mesh of control, able to pull identity information from any system—whether that be through directing for authentication or just pulling additional user information for an existing session—and convert identity information into the formats needed and expected by applications.

Importantly, this approach means that existing applications do not need to be refactored or rewritten as part of the identity consolidation process. Any application that cannot be trivially swapped over to a new source of identity information—and, importantly, that isn’t up-to-date on the very latest security practices—is simply harnessed by Maverics. It continues to consume identity information in the way that it has always known and Maverics handles the rest. Sessions that are allowed to flow through to the application have had the Microsoft Entra identity controls applied for both authentication and authorization before the traffic is permitted to reach the application in the first place. Even app owners have their burdens reduced significantly, being needed only for some basic smoke testing during a changeover.

This also allows for a deliberate and calculated roll out of changes to your infrastructure. No more stressful projects with hard cutover dates, with those long all-or-nothing weekend cutovers and the associated frantic testing of every application to make sure everything transitioned smoothly. Using the Maverics platform from Strata allows for measured incremental changes. Cutover a single application, at a time—or even a subset of an application’s users—and test with leisure.

Better yet, if any issues are found the rollback is trivial. Since Maverics is acting as an abstraction layer over the identity process, the swapping between user stores or IdPs is handled in one simple interface. The user is unlikely to notice any impact at all as changes are made—either to migrate to the new identity source or to roll back to the old configuration.

Another benefit of this approach is that user impacting changes can be rolled out with deliberation, giving users a chance to acclimate to any new process. Let’s say, for instance, that as part of your migration you need to add multifactor authentication to a body of users that didn’t use it previously. The identity abstraction layer allows you to notify your users of impending changes, and can even assist in the enrollment of the new security factors.

This abstraction layer lets Maverics serve as the single pane of glass through which you can view the combined identity systems, securely controlling all access while, at the same time, making the incremental updates and changes to move the locus of control from these disparate systems into Microsoft Entra ID.

Strata Identity: The last mile in mergers and acquisitions with Microsoft Entra ID

With Strata’s Maverics Orchestration Platform, mergers and acquisitions don’t have to be a long, risky, and labor-intensive effort. By adding an abstraction layer over the existing identity stacks, Strata makes shifting control of authentication and authorization over to Microsoft Entra ID seamless and simple, regardless of how complex and disjointed the previous implementation might have been. Strata also prevents the nightmare of having to rewrite all your apps, using its ability to harness legacy apps with modern identity protocols to save your team immense time and effort.

About Strata Identity

Strata Identity is a pioneer in Identity Orchestration for multicloud and hybrid cloud. The orchestration recipe-powered Maverics platform enables organizations to integrate and control incompatible identity systems with an identity fabric that does not change the user experience or require rewriting apps. By decoupling applications from identity, Maverics makes it possible to implement modern authentication, like passwordless, and enforce consistent access policies without refactoring apps.

The Maverics platform is available on the Azure Marketplace and is an IP co-sell Benefits Eligible solution.

Learn more

Learn more about Microsoft Entra ID.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions appeared first on Microsoft Security Blog.

Passwords are a security weakness and phishing attacks to exploit accounts protected by passwords are on the rise. The last 12 months have seen an average of more than 4,000 password attacks per second an almost threefold increase from the previous year, a phishing continues to be the preferred attack method by cybercriminals.¹ Clearly, better solutions are needed to help reduce reliance on passwords and increase security. Phishing-resistant multifactor authentication methods like certificate-based authentication (CBA) are proven to increase account security while decreasing reliance on passwords. Microsoft studies found that your account is more than 99.9 percent less likely to be compromised if you use multifactor authentication.² The power of Axiad Cloud complements Microsoft Azure Active Directory, now Microsoft Entra ID, with Axiad CBA for identity and access management (IAM) to prevent common phishing attacks by provisioning and managing phishing-resistant, passwordless credentials for users everywhere. Together, Axiad and Microsoft enable customers to secure entities, enhancing security and reducing IT complexity.

The rise in cyberattacks

Multifactor authentication fatigue has become increasingly popular among bad actors in recent years. Multifactor authentication fatigue involves flooding user authentication apps with push notification requests to authorize a sign-in. The goal is to frustrate users to the point where they accept one of the approval notifications typically to get the notifications to stop. Once that occurs, the attacker can gain access to the victim’s account. Sometimes these attacks become more sophisticated and add a social engineering or spear phishing component where an attacker will pose as an IT or help desk employee to a targeted victim and ask the victim to approve authentication through an app or ask for the victim’s one-time password (OTP) code. Both techniques can result in an organization losing money and damaging its reputation to remediate the attack.

One example of a high-profile multifactor authentication fatigue attack is the ridesharing platform breach by Lapsus$, a hacking group notorious for their social engineering attacks, that occurred in September 2022. According to an article by Infosecurity Magazine, one of the documents included in the breach may have contained email addresses and information for more than 77,000 employees.³

As IT environments become more complex and multilayered to combat cybersecurity attacks, authentication processes for applications, operating systems, and workplace locations are increasingly managed in silos. This leaves IT teams overwhelmed and organizations vulnerable to the attacks they are working to avoid.

Implementing CISA’s guidance for enhanced security

As bad actors have found ways to bypass some authentication protocols, many organizations are looking to enhance their security with phishing-resistant multifactor authentication. Cybersecurity and Infrastructure Security Agency (CISA) has released guidance for implementing stronger, phishing-resistant multifactor authentication to enhance authentication security and avoid phishing attacks.⁴ The guidance urges all organizations to implement phishing-resistant multifactor authentication methods, such as CBA. These protocols have additional built-in protections to prevent phishing and resist increasingly automated, sophisticated attacks on authentication processes. The Identity Defined Security Alliance (IDSA) recently created an infographic illustrating the 2022 trends in securing digital identities.⁵ IDSA found that 96 percent of organizations that have suffered a breach report that it could have been prevented or minimized by implementing identity-related security outcomes. Implementation of phishing-resistant multifactor authentication methods can drastically help reduce that risk.

Axiad recommends organizations implement phishing-resistant multifactor authentication methods. This is one of the simplest steps organizations can take to protect their environments and keep hackers out. Axiad Cloud is a great complement to existing Microsoft Entra ID customers looking to strengthen their security perimeter.

Integrate with Microsoft Entra ID

The power of Axiad Cloud complements Microsoft Entra ID with Axiad CBA for IAM by provisioning and managing phishing-resistant, passwordless credentials for users everywhere. Microsoft customers can leverage Microsoft Entra ID CBA with certificates provisioned and managed by Axiad Cloud. Axiad CBA for IAM can support issuing and managing certificates with a variety of authenticators such as physical smart cards, virtual smart cards, and YubiKeys. The Axiad Cloud-issued user certificates can be used to authenticate Microsoft 365 applications and workstations to protect companies’ most sensitive information and devices. This eliminates the need for multiple forms of authentication and reduces IT complexity. All entities are secured without using passwords or shared secrets, so the authentication process is secure from end to end.

This joint solution offers the following benefits:

Passwordless multifactor authentication: Provisions multiple types of authenticators that do not rely on a password or push notification that can easily be intercepted or compromised and supports phishing-resistant authentication as recommended by CISA.

Consolidated view: Provides administrators and users with a consolidated view of all authenticators and helps manage them from Axiad MyIdentities, which uniquely provides visibility into all user authenticators, including Microsoft Authenticator, Windows Hello for Business, OTP codes, and security keys. All authenticators and credentials can be managed with the Axiad Unified Portal. The portal provides administrators and users, the ability to provision credentials through a number of delivery workflows.

Self-service: Empowers self-service by enabling the workforce to issue department-level credential resets with Axiad MyCircle, thereby avoiding temporary passwords and reducing user friction. This improves user experience and reduces calls to the IT help desk for credential resets.

Increased efficiency: Replaces the use of multiple tools for enterprise deployment, management, and support of authenticators and credentials with Axiad Airlock. Organizations can automate multifactor authentication processes and checklists (for example, enforcing initial smart card setup and renewal) before an employee can gain full access to systems. Axiad Airlock allows organizations to streamline provisioning authenticators and credentials. Organizations can provide self-service credential lifecycle management including account recovery (replacement, temporary credentials, and PIN resets), expirations, renewals, and more.

With these benefits, CBA is increasingly deployed in the public sector. The majority of federal agency and defense employees and contractors use a Personal Identity Verification (PIV) card or Common Access Card (CAC), which are both forms of smart cards used for authentication. CBA simplifies the process of authenticating to Microsoft Entra ID using PIV- or CAC-based smart cards and meets the federal government’s requirement to move to phishing-resistant multifactor authentication solutions.

To further support Microsoft users on their journey to passwordless, Axiad is also an active member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their solutions with Microsoft Security products to better defend against a world of increasing threats. Through working in MISA, and with Microsoft product teams, Axiad is fully committed to aligning with Microsoft’s vision for securing customers’ environments with the best solutions possible.

Support cloud migration

Microsoft has recently advised their customers with on-premises Active Directory Federation Services (AD FS) to migrate to cloud-based Microsoft Entra ID for identity and access management. This helps customers to authenticate to Microsoft services directly against Microsoft Entra ID and eliminates the need for federated AD FS. This allows customers to simplify infrastructure and improve costs, security, and scalability. But how do customers ensure secure CBA remains intact while migrating to the cloud?

Customers can enable cloud migration by using the same certificate issued by Axiad Cloud to authenticate to on-premises resources protected by AD FS, and Microsoft 365 services by leveraging Microsoft Entra ID CBA. Axiad Cloud credentials used by AD FS to authenticate on-premises resources can continue to be used as applications are migrated to authenticate to Microsoft Entra ID. This provides flexibility in a cloud migration strategy and deployment. Users will also have the same authentication experience during the migration process as the same Axiad Cloud-issued credential will be used for authentication. This supports CBA across Microsoft 365 services.

Overall, this joint solution supports authentication needs across an enterprise environment. Together, these products can manage a broad range of phishing-resistant authenticators ranging from enterprise-grade mobile-based to government-grade compliant approaches. By creating a consolidated authentication experience across devices, authenticators, and locations, the solution both enhances security and reduces user friction. Axiad CBA for IAM helps organizations migrate to Microsoft Entra ID more rapidly or operate a hybrid Azure AD and on-premises active directory environment by keeping secure certificate-based authentication intact during the migration process.

Learn more about how Axiad Cloud, with Microsoft Entra ID, allows organizations to protect and easily authenticate to Microsoft 365 applications by visiting their website.

For more information about Axiad’s support of Microsoft Entra ID, visit the Azure Marketplace.

Microsoft Entra ID

New name, same powerful capabilities: Azure Active Directory is becoming Microsoft Entra ID.

Learn more

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.   

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID, Joy Chik. July 11, 2023.

²Your Pa$$word doesn’t matter, Alex Weinert. July 9, 2019.

³Uber Hit By New Data Breach After Attack on Third-Party Vendor, Alessandro Mascellino. December 13, 2022.

⁴More than a Password, CISA.

⁵2022 Trends in Securing Digital Identities, IDSA. 2022.

The post Boost identity protection with Axiad Cloud and Microsoft Entra ID appeared first on Microsoft Security Blog.

Cloud development challenges conventional thinking about risk. A “perimeter” was always the abstraction that security teams could start from—defining their perimeter and exposing the cracks in firewalls and network access. With more and more infrastructure represented as ephemeral code, protecting your perimeter is no longer a matter of software vulnerabilities and network checks. It’s a complex web of interconnected risks that can exacerbate network gaps or workload vulnerabilities.

When it comes to remediating risks, context is always king, and siloed pillars of cloud security—identity, data, platform, and workloads—kill context. Protecting a broad Microsoft Azure footprint means having a deep understanding of how these risks can combine to create unintended access to your company’s sensitive data, and then prioritizing threats based on potential business impact. This means understanding identity, workload, platform configuration, and data security through a single pane of glass providing visibility across the entire digital estate.

Sonrai integrates with Microsoft Sentinel and Microsoft Defender for Cloud to uncover and remediate sophisticated threats in a timely manner.

Microsoft released Defender for Cloud to protect across hybrid and multicloud environments. Sonrai works with Defender for Cloud’s infrastructure and operational controls for powerful event logging to ingest all information and bring context into one place. Sonrai’s patented analytics evaluate how identity and data risks compound with platform and workload risks to create access to sensitive data within Azure.

To help Azure customers understand the true blast radius of every vulnerability, Sonrai integrates with Microsoft Sentinel to monitor threats across vectors and automate responses by leveraging security orchestration, automation, and response (SOAR) playbooks, and Defender for Cloud to provide visibility across the entire digital estate by identifying possible attack paths and remediating vulnerabilities.

Backed by these insights, an organization can successfully operationalize a risk remediation practice. They are additionally able to enable DevOps and security teams to fully harness the digital transformation and time-to-delivery benefits that Azure can power, without worrying about sacrificing speed for security.

Microsoft Defender for Cloud

Secure multicloud and hybrid environments.

Learn more

Identity as perimeter, data as prioritizer

A consistent research finding is that most cloud data breaches involve a compromised identity—one study cites 81 percent of breaches¹ involve exploiting an overprivileged identity, while another claims that 74 percent of breaches² surveyed started with privileged credential abuse. It’s clear that the way we use identity now in the cloud—as a de facto “perimeter” and locus of privileges and access—makes it imperative to put identity at the center of any enterprise security strategy.

The behavior and management of non-people identities (think: service principles) are conceptually much different than when we managed a list of users from Microsoft Azure Active Directory. The main reason? The majority of identities in a given cloud represent services, devices, and applications—not employees. For example, your cloud may have many identities representing Azure Serverless compute, which may only exist for a few minutes a day, rely on assuming access from a role, and being capable of cross-organization access. The privileges associated with this identity might be in a policy several degrees of separation away through a nested group. Using managed identities and, ideally, the enforcement of the Principle of Least Privilege, is a good place to start. The harder part is the hidden relationships that don’t show in a traditional identity management tool.

Especially as DevOps gets more sophisticated with infrastructure as code (IaC) provisioning, these complex relationships become commonplace. Templatized infrastructure means further nested rights and inheritances through complex relationships.

Continuous monitoring and analytics of identity trust chains become imperative for understanding what privileges any identity truly has. The most important thing is: How do these identities tie back to sensitive data?

Data is the pot of gold at the end of an attacker’s rainbow. In the cloud, identity is the stepping stone attackers can leverage to move laterally and find ways to your data. Exposed data and overprivileged identities are red flags organizations need to look for when considering vulnerabilities and posture misconfigurations. Sonrai Security’s Workload Protection Platform refers to these red flags as “Risk Amplifiers.” In the next section, we’ll address why understanding how threats tie back to identity and data risks matter.

Vulnerabilities: Which are relevant?

Cloud development has changed how we look at vulnerabilities. Distributed, rapid, and open source-fueled continuous integration and continuous delivery (CI/CD) pipelines can introduce more vulnerabilities to staging and production environments, lending enterprises to deal with thousands of common vulnerabilities and exposures (CVEs) regularly. If cloud innovation continues at such a rapid pace, and developers leverage public libraries and prioritize speed over security, CVEs will proliferate. The question is: which ones should we care about first?

Traditionally, information about the vulnerability itself would determine its priority for patching. A common vulnerability scoring system score, its age, and known exploits would give you a picture of how likely it was to lead to a breach. But this tells only half the story: the context of the workload that vulnerability is on tells you what the potential blast radius could be, and therefore gives you the true potential impact on the business.

A vulnerability on a deadened workload shouldn’t be prioritized before one with a Service Principal on it that can self-escalate privileges and access sensitive data. This prioritization is critical, otherwise, your security operations center (SOC) team might be chasing alerts that would never impact the business, but meet the traditional definition of a risk. Fixing it will close a ticket, but “tickets closed” is a poor stand-in for real risk reduction.

Connecting the dots: Analyzing an Azure attack path

Let’s piece this story together by examining an example of a typical path that a bad actor might take to access data.

We’ll start with a vulnerability, let’s say one from Microsoft Defender for Cloud’s agentless vulnerability scanner in Microsoft Defender Cloud Security Posture Management.

Figure 1. Sonrai platform displaying a vulnerability with risk amplifiers including network and identity risks.

There are a few things to review examining Figure 1. First, Sonrai has detected multiple network-related risk amplifiers, showing a path into the environment from an exposed Azure Virtual Machine open to the internet.

This basic risk aggregation is critical to have network issues detected and remediated through Defender Cloud Security Posture Management (or through Sonrai). You can see a visualization of the “Azure Port 22 Host with Ingress from Internet” in Figure 2.

Figure 2. Sonrai platform permission chain showing how a machine identity connects to a network misconfiguration.

Next, this alert is rated with critical severity, but it’s on a sandbox account. Normally, a vulnerability in a sandbox environment without sensitive data wouldn’t trigger critical severity, so there must be something deeper. Looking further at Figure 1, there’s an “additionally impacted swimlane” (Sonrai’s grouping mechanism for cloud environments) named “creditapp-production.” Now, looking at the identity-related risk amplifiers from Figure 1, we see there are several sources for this.

One of the identity amplifiers listed is “Compute has access to sensitive data in Azure.” How is it possible that Compute in a sandbox account ends up accessing Production data? Let’s examine Figure 3. There are multiple complex potential routes that could be leading this Compute to sensitive data. Once the Compute is attached to the user, or service principle, it has access to several nested groups and policies. To learn exactly where Sonrai finds data access, let’s go a step further.

Figure 3. Sonrai platform complex permission chaining, revealing how a machine identity holds covert privileges.

By examining the piece of Compute in the Sonrai Security Platform “Node” view, the platform tells us exactly the subscriptions the Compute has access to, among them being “creditapp-production”—what we’re concerned with currently. Within prod, we can see in Figure 4, all the data accessible to the Compute and what actions it can take.

Figure 4. Sonrai platform data node view displaying every asset a particular identity can access.

Finally, we see in Figure 5 an exact path of how the Compute ended up accessing production data. You can consider this an Azure attack path waiting to be exploited.

Figure 5. Sonrai platform permission chain revealing how compute access data through nested groups and policies.

Ultimately, we have a typical vulnerability on our hands, but what’s impactful is knowing how both an identity and platform misconfiguration severely exacerbate the severity of this vulnerability and created an exploitable attack path.

This is useful when you consider the scale of vulnerabilities and security tickets your typical environment is experiencing. It begs the question of how security and cloud ops teams can keep up with remediating them all. When you can understand each security threat’s risk amplifiers and how they tie back to platform, identity, and data risks, your team can chip away at the highest priority threats based on potential business impact.

Microsoft and Sonrai Security make cloud security better together.

About Sonrai Security

Sonrai offers a total public cloud security solution for Microsoft Azure. Sonrai has been a MISA member since 2021 and works with Microsoft Defender for Cloud, Advanced Data Security, Microsoft Sentinel, Azure Active Directory, and many other Azure Services.

The Sonrai Security Platform is available on the Azure Marketplace and offers a Shared Responsibility Model with Azure.

Sonrai Security has offices in New York and New Brunswick, Canada and is backed by ISTARI, Menlo Ventures, Polaris Partners, and TenEleven Ventures. For more information, visit their website.

Learn more

Learn more about Microsoft Sentinel and Microsoft Defender for Cloud.

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now, Louis Columbus. July 27, 2018.

²74% Of Data Breaches Start With Privileged Credential Abuse, Louis Columbus. February 26, 2019.

The post How Microsoft and Sonrai integrate to eliminate attack paths appeared first on Microsoft Security Blog.

MISA is a coalition of Microsoft leaders and subject matter experts, independent software vendors (ISVs), and managed security service providers (MSSPs). Together, we work to defend organizations around the world from increasing threats. Security is a broad, collaborative business, and our amazing partners continue to show their resilience and excellence in delivering comprehensive protection integrated with Microsoft Security technology.

In San Francisco, California, on the first day of the RSA Conference (RSAC), we were honored to bring together MISA members and Microsoft Security leadership to honor the top finalists and announce award winners.

“It is my privilege to acknowledge this year’s Microsoft Security Excellence Awards recipients, who continually inspire us with their commitment to building a safer world for all. Their solutions, services, innovative spirit, and customer focus are integral to this goal. Security is a team sport, and we are proud to partner with our MISA community. My warmest congratulations to all the awardees.”

—Vasu Jakkal, Corporate Vice President (CVP), Microsoft Security, Compliance, Identity, and Privacy

Security for all  

We believe that inclusivity is not just an ethical choice, but also a strategic advantage. That’s why we’re proud to showcase the investment and efforts our partner ecosystem has made to promote diversity and inclusion. This year we recognized the first winner of the new Diversity in Security award. This award honors a partner who has gone above and beyond to foster diversity and cultivate positive change within the industry, and ultimately improve our ability to protect customers against cyberthreats.

Security is a team sport, one that always needs new players. So, we were also proud to recognize the next generation of security defenders. Microsoft is partnering with Last Mile Education Fund by funding scholarships for underrepresented students to help target the nationwide shortage of cybersecurity talent while Shadow Hunter is our gamified experience that immerses contestants in a simulated real-world cybersecurity scenario to build and test security skills. Bringing the two together was natural. We invited students from around the United States to challenge themselves in our special Last Mile Education Fund and Microsoft Security Immersion Event: Shadow Hunter four-hour virtual events. To acknowledge those students who achieved the top scores among their peers, Bret Arsenault, CVP and Chief Information Security Officer, Microsoft, and Ruthe Farmer, Founder, Last Mile Education Fund, recognized the top 10 students—Logan Gamma, Joan Waldron, Dialla Diarra, Cristian Carrillo Mendez, Lisa Friel, Afraz Sakib, Alexandra Farina, Sean Dixon, Amanda Hite, and Angelina Zhukova—for their ongoing accomplishments.

2023 Security Excellence Award winners

Both technology and people are essential for creating a secure future, and we were thrilled to recognize some of the top companies and individuals in the field across 11 award categories that reflect the diverse and valuable contributions of MISA members. We were impressed by the hundreds of award nominations we received. The panel diligently reviewed each one and shortlisted five nominees for each category. Winners were then decided by the votes of Microsoft and MISA members.

We are proud to announce the finalists and winners in each category:

Security Trailblazer

Partners that have delivered innovative solutions or services that leverage the full Microsoft range of security products and have proven to be outstanding leaders in accelerating customers’ efforts to mitigate cybersecurity threats.

• Ascent Solutions—Winner
• Critical Start
• D3 Security
• Quorum Systems
• Synack

Compliance and Privacy Trailblazer

Partners that deliver innovative solutions or services and are distinguished leaders in driving holistic or end-to-end Microsoft compliance or privacy strategy with customers.

• Protiviti—Winner
• archTIS
• Epiq
• Infotechtion
• Relativity

Identity Trailblazer

Partners that are leaders in the identity space and have driven identity-related initiatives and delivered innovative solutions or services with Microsoft Azure Active Directory.

• EY—Winner
• HCLTech
• Squadra Technologies
• Synergy Advisors
• Thales

Zero Trust Champion

Partners that are dedicated to supporting customers in their Zero Trust journey and have demonstrated vital integrations with the Microsoft Zero Trust platform.

• Silverfort—Winner
• Avanade
• Netskope
• Oxford Computer Group
• Yubico

Security Software Innovator

ISVs that have developed innovative solutions with disruptive and transformative technology in collaboration with Microsoft that makes work easier for our mutual customers.

• Relativity—Winner
• 42Crunch
• Axiad
• ContraForce
• Theom

Security Services Innovator

MSSPs that are exceptional at educating the market on security risks and driving holistic end-to-end managed extended detection and response (MXDR) security strategy with customers using Microsoft Security products and that deliver innovative and transformative security services to customers.

• Ontinue—Winner
• Bridewell
• Difenda
• Quorum Cyber
• Wortell

Security Customer Champion

Partners that go above and beyond to drive customer impact and that have a proven track record of customer obsession and success.

• Vectra—Winner
• Epiq
• F5
• Lighthouse
• Ontinue

Security Changemaker

Individuals within partner organizations who have made a remarkable security contribution to the company or the larger security community.

• Katie Nickels, Red Canary—Winner
• Federico Charosky, Quorum Cyber
• Jeffrey J. Engle, Conquest Cyber
• Harry Haramis, Keyfactor
• Mike Ounsworth, Entrust

Diversity in Security

Partners that have demonstrated a significant commitment to enhancing diversity, equity, and inclusion to better serve security customers and foster change in the industry.

• Lighthouse—Winner
• Difenda
• KnowBe4
• Recorded Future
• Wortell

Security ISV of the Year

ISVs that are all-around powerhouses, show growth potential and have innovative security solutions that integrate with a MISA-qualifying security product.

• Adobe—Winner
• Cloudflare
• Delinea
• Silverfort
• Thales

Security MSSP of the Year

MSSPs that are all-around powerhouses with strong integration between Microsoft products and ongoing managed security services that drive the end-to-end Microsoft Security stack to our mutual customers.

• BlueVoyant—Winner
• glueckkanja-gab
• PwC
• Red Canary
• Wipro

We’re ready for what’s next

This was an amazing evening, bringing together MISA members, Microsoft executives, and future security experts. Many thanks to all who came, and congratulations again to all our finalists and winners. One constant within the ever-changing world of cyberthreats is the way our community comes together to protect and empower customers. We look forward to seeing everything you accomplish in the upcoming year.

If you’re at the RSA Conference through April 27, 2023, come and visit us at the Microsoft Booth 6044 North Expo where MISA members will be showcasing their solutions at our MISA demo station and the Microsoft Theater. We’d love to see you at the following sessions:

• Session 20: Build your MXDR environment using the Azure Marketplace in 5 minutes (Wednesday, April 26, 2023, 10:10 AM PT to 10:30 AM PT).
• Session 21: Using breach and attack simulation across the Microsoft Security portfolio to optimize your SecOps (Wednesday, April 26, 2023, 10:40 AM PT to 11:00 AM PT).
• Session 22: Achieving Zero Trust application access with Cloudflare One and Microsoft Security (Wednesday, April 26, 2023, 11:10 AM PT to 11:30 AM PT).
• Session 23: “Power of Partnerships”—Services + Technology + Microsoft (Wednesday, April 26, 2023, 11:40 AM PT to 12:00 PM PT).
• Session 28: The new MXDR paradigm: Nonstop SecOps through real-time collaboration and AI-driven automation (Wednesday, April 26, 2023, 2:10 PM PT to 2:30 PM PT).

Figure 1. MISA member companies will share how they work together with Microsoft to protect customers from cyberthreats. Sessions will be presented by the following MISA members: BUI, SafeBreach, Cloudflare, Relativity and Epiq, and Ontinue.

Figure 2. MISA and its ecosystem of ISVs and MSSPs, with solutions integrated with the Microsoft’s security technology, will have a demo station at the RSAC Microsoft booth. Demos will take place on Monday, April 24, 2023, through Thursday, April 27, 2023, throughout the conference hours. The following MISA ISV and MSSP vendors will be giving demos: Cerby Kovrr, Elevate Security, Red Canary, Yubico, Lighthouse, Ascent Solutions, Wipro, Adobe, Forsyte, Corelight, 42Crunch, Maureen Data Systems, Datawiza, Secude, Avanade, archTIS, Difenda, Quorom Cyber, Netrix, Theom, BlueVoyant, BigID, and Synergy Advisors.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft announces the 2023 Microsoft Security Excellence Awards winners appeared first on Microsoft Security Blog.

Global supply chains face a broad range of risks, from physical threats to cybersecurity threats. Sharing information with suppliers is essential for the supply chain to function effectively, but it creates significant risks simultaneously with a potential loss of intellectual property (IP). Security is only as strong as the weakest link in the supply chain. Data compromised in the supply chain can be as damaging as that from within the organization. Digital rights management (DRM) is used by many industries, such as the music industry, to protect intellectual property. Organizations are beginning to look at this technology to protect their corporate IP. Netwoven Govern 365 and Microsoft Purview Information Protection provide a robust solution for managing your IP. 

Nine must-haves to implement a resilient supply chain information protection framework 

The following items are essential for a robust supply chain framework: 

1. Keep an updated database of leading suppliers and their sub-tiers. This hierarchy can be very fluid, so it must be maintained and used carefully.  
2. Deploy Microsoft Purview Information Protection to automatically discover, classify, label, and protect sensitive data found in files and documents within your organization.  
3. Ensure all IP-related files emanating from applications such as computer-aided design software, productivity software, and other types of software are protected using the labels for the appropriate suppliers.  
4. Ensure that all information is protected appropriately based on the current hierarchy of leading suppliers and their sub-tiers.  
5. Establish that all data egress points from the company where sharing of files can occur with suppliers are protected. 
6. Put in place all appropriate legal contracts with the leading suppliers. 
7. Confirm that external users are registered appropriately in your identity management system to have access to the files.  
8. Limit trade restricted individuals from accessing critical information as a violation could lead to fines by the government. 
9. Create a solution that is easy to use by all users for adoption. 

Using Govern 365 for managing your supply chain 

Govern 365 with Microsoft Purview Information Protection provides an automated and frictionless solution to protect your company’s sensitive information and limit litigation and compliance exposure, without burdening productivity. 

The key features of Govern 365 that help improve supply chain protection are:

• Supply chain hierarchy management.
• Content Protection across the supply chain hierarchy.
• Easy to use self-service provisioning with Microsoft Teams.
• Ability to add and remove users easily using the workspace manager.
• Ability to restrict restricted individuals from accessing the workspace.
• Visibility and auditing capabilities for tracking usage.
• Dynamic Watermarking capabilities for additional protection.

Govern 365 provides these features by leveraging your investments in Microsoft Purview. Microsoft Purview comes with information protection and data loss prevention capabilities leveraged by Govern 365. 

A particular use case of Intellectual Property Management is a Virtual Data Room (VDR). Historically, VDR platforms were primarily used in specific industries that required enhanced protection of sensitive information. Consequently, the emphasis of these solutions has always been on the secure sharing of said information rather than secure collaboration during its ideation and creation.  

Govern 365 provides the ability to create VDRs. Here are some of the key features of Govern 365 VDR that organizations can use for supply chain IP protection. 

Unified Dashboard 

The Unified Dashboard is a simple interface available in Microsoft Teams and the web that provides access to your existing VDRs and creates new ones easily. 

Figure 1. Govern 365 Unified Dashboard.

The icons in the dashboard cards provide easy-to-navigate features for the user. 

Self-Service Workspace Provisioning 

The provisioning wizard provides a self-service mechanism to create VDR workspaces easily. The choices below are examples that can be configured differently for your organization at the time of deployment. 

Figure 2. Govern 365 New Workspace Request.

User Permissions Management 

Using Govern 365 Access Manager, the workspace owner can easily add or remove users from the workspace or manage permissions at the workspace level. This automatically adjusts the permissions of the content in the workspace for the users.  

Figure 3. Govern 365 Workspace Manager.

The workspace manager allows for access management at the workspace level. 

Use of Corporate Sensitivity Labels 

Govern 365 leverages your corporate sensitivity labels to protect content in VDRs for internal and external use. It allows for encryption and content marking including dynamic watermarking. 

Analytics 

The solution should automatically collect the necessary information about the user’s actions within a given workspace in the form of an audit log that you can extract as a CSV file format at any time, better monitoring your security. 

The workspace analytics integrates with Microsoft Power BI to offer an exhaustive content inventory report of the workspace utilization. 

Doing more with less 

Choosing a VDR provider for your organization takes work. Govern 365’s VDRs are built to work with Microsoft Teams and SharePoint to protect your sensitive information while ensuring data sovereignty. Built on Information Protection, external and internal recipients can safely and securely take advantage of secure collaboration while having data stored in their repository, having an intuitive user experience that allows you to customize the product to suit your organizational needs. All in all, Govern 365 enables you to do more with less by utilizing your existing Microsoft 365 estate to its fullest, keeping your return on investment calculator ticking. 

About Netwoven

Netwoven is a Microsoft Solutions Partner focused on unraveling complex business problems leveraging Microsoft technologies. They work with their clients to create and execute digital transformation strategies around secure collaboration, modern software applications, more profound insights from data, advanced infrastructure, and security. Explore Govern 365 and visit the Microsoft Azure Marketplace for a free trial. 

Learn more

Learn more about Microsoft Purview Information Protection. 

To learn more about the Microsoft Intelligent Security Association (MISA), visit the website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.  

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Protect intellectual property with Govern 365 and Microsoft Purview appeared first on Microsoft Security Blog.