Today, at the Microsoft Ignite Conference<\/a> in Orlando, Florida, I\u2019m thrilled to share the significant progress we\u2019re making on delivering endpoint security from<\/em> Microsoft, not just for<\/em> Microsoft. The Microsoft Intelligent Security Association (MISA)<\/a>, formed just last year, has already grown to more than 80 members and climbing! These partnerships along with the invaluable feedback we get from our customers have positioned us as leaders in recent analyst reports, including Gartner\u2019s Endpoint Protection Platform Magic Quadrant<\/a>, Gartner\u2019s Cloud Access Security Broker (CASB) Magic Quadrant<\/a> and Forrester\u2019s Endpoint Security Suites Wave<\/a> and more.<\/p>\n As we continue to focus on delivering security innovation for our customers, we are:<\/p>\n \n Join us online November 4\u20138, 2019 to livestream keynotes, watch selected sessions on-demand, and more.<\/p>\n\t\t\t\t\t<\/div>\n\n\t\t\t\t\t\t\t\t\t\t\t There\u2019s no way one person, or even one team, no matter how large could tackle this volume of alerts on a daily basis. The Microsoft Intelligent Security Graph<\/a>, the foundation for our security solutions, processes 8.2 trillion signals every day. We ground our solutions in this intelligence and build in protections through automation that\u2019s delivered through our cloud-powered solutions, evolving as the threat landscape does. Only this combination will enable us to take back control and deliver on a Zero Trust network with more intelligent proactive protection.<\/p>\n Here\u2019s a bit more about some of the solutions shared above:<\/p>\n As the volume of cloud applications continues to grow, security and IT departments need more visibility and control to prevent Shadow IT. At last year\u2019s Ignite, we announced<\/a> the native integration of Microsoft Cloud App Security<\/a> and Microsoft Defender ATP, which enables our Cloud Access Security Broker (CASB) to leverage the traffic information collected by the endpoint, regardless of the network from which users are accessing their cloud apps. This seamless integration gives security admins a complete view of cloud application and services usage in their organization.<\/p>\n At this year\u2019s Ignite, we\u2019re extending this capability, now in preview, with native access controls based on Microsoft Defender ATP network protection that allows you to block access to risky and non-complaint cloud apps. We also added the ability to coach users who attempt to access restricted apps and provide guidance on how to use cloud apps securely.<\/p>\n As we continue to build in stronger protections at the operating system level, we\u2019ve seen attackers shift their techniques to focus on firmware\u2014a near 5x increase in the last three years. That\u2019s why we worked across our vast silicon and first- and third-party PC manufacturing partner ecosystem to build in stronger protections at the hardware level in what we call Secured-core PCs<\/a> to protect against these kind of targeted attacks. Secured-core PCs combine identity, virtualization, operating system, hardware, and firmware protection to add another layer of security underneath the operating system.<\/p>\n Secured-core PCs deliver on the Zero Trust model, and we want to further build on those concepts of isolation and minimizing trust. That\u2019s why I\u2019m thrilled to share that the same hardware-level containerization we brought to the browser with Application Guard integrated with Microsoft Edge<\/a> will be available for Office 365.<\/p>\n This year at Ignite, we are providing an early view of Application Guard capabilities integrated with Office 365 ProPlus. You will be able to open an untrusted Word, Excel, or PowerPoint file in a virtualized container. View, print, edit, and save changes to untrusted Office documents\u2014all while benefiting from that same hardware-level security. If the untrusted file is malicious, the attack is contained and the host machine untouched. A new container is created every time you log in, providing a clean start as well as peace of mind.<\/p>\n When you want to consider the document \u201ctrusted,\u201d files are automatically checked against the Microsoft Defender ATP threat cloud before they\u2019re released. This integration with Microsoft Defender ATP provides admins with advanced visibility and response capabilities\u2014providing alerts, logs, confirmation the attack was contained, and visibility into similar threats across the enterprise. To learn more or participate, see the Limited Preview Sign Up<\/a>.<\/p>\n More than two billion vulnerabilities are detected every day by Microsoft Defender ATP and the included Threat and Vulnerability Management capabilities, and we\u2019re adding even more capabilities<\/a> to this solution.<\/p>\n Going into public preview this month, we have several enhancements, including: vulnerability assessment support for Windows Server 2008R2 and above; integration with Service Now to further improve the communication across IT and security teams; role-based access controls; advanced hunting across vulnerability data; and automated user impact analysis to give you the ability to simulate and test how a configuration change will impact users.<\/p>\n In September, we announced the general availability of Automated Incident Response<\/a>, a new capability in Office 365 ATP that enables security teams to efficiently detect, investigate, and respond to security alerts. We\u2019re building on that announcement, using the breadth of signals from the Intelligent Security Graph to amplify your ability to detect breaches through new enhanced compromise user detection and response<\/a> capabilities in Office 365 ATP.<\/p>\n Now in public preview, the solution leverages the insights from mail flow patterns and Office 365 activities to detect impacted users and alert security teams. Automated playbooks then investigate those alerts, look for possible sources of compromise, assess impact, and make recommendations for remediation.<\/p>\n Attackers think in terms of campaigns. They continuously morph their email exploits by changing attributes like sending domains and IP addresses, payloads (URLs and attachments), and email templates attempting to evade detection. With campaign views in Office 365 ATP, you\u2019ll be able to see the entire scope of the campaign targeted at your organization. This includes deep insights into how the protection stack held up against the attack\u2014including where portions of the campaign might have gotten through due to tenant overrides thereby exposing users. This view helps you quickly identify configuration flaws, targeted users, and potentially comprised users to take corrective action and identify training opportunities. Security researchers will be able to use the full list of indicators of compromise involved in the campaign to go hunt further. This capability will be in preview by the end of the year.<\/p>\n Work doesn\u2019t happen in just one place. We know that people use a variety of devices and apps from various locations throughout the day, taking business data with them along the way. That means more complexity and a larger attack surface to protect. Microsoft\u2019s Intelligent Security Graph detects five billion threats on devices every month. To strengthen enterprise detection and response (EDR) capabilities for endpoints, we\u2019re adding EDR capabilities to Microsoft Defender ATP for Mac<\/strong><\/a>, entering public preview this week. Moving forward, we plan to offer Microsoft Defender ATP for Linux servers, providing additional protection for our customers\u2019 heterogeneous networks.<\/p>\n We understand the pressure defenders are under to keep pace with these evolving threats. We are grateful for the trust you\u2019re putting in Microsoft to help ease the burdens on your teams and help focus your priority work.<\/p>\n Today, at the Microsoft Ignite Conference in Orlando, Florida, I\u2019m thrilled to share the significant progress we\u2019re making on delivering endpoint security from Microsoft, not just for Microsoft.<\/p>\n","protected":false},"author":96,"featured_media":90116,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","footnotes":""},"content-type":[3662],"topic":[3677,3685,3689],"products":[3690,3691,3692,3726],"threat-intelligence":[],"tags":[3742],"coauthors":[1935],"class_list":["post-90096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-news","topic-misa","topic-siem-and-xdr","topic-zero-trust","products-microsoft-defender","products-microsoft-defender-for-cloud","products-microsoft-defender-for-cloud-apps","products-microsoft-sentinel","tag-azure"],"yoast_head":"\n\n
![\"\"](\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2019\/10\/Ignite-icon.png\"){kind=icon}
\t\t\t\t<\/div>\n\t\t\t\n\t\t\tMicrosoft Ignite<\/h2>\n\n\t\t\t\t\t
![\"Infographic](\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2019\/11\/Enhancing-security-1.png\")
<\/a><\/p>\nDiscovering and controlling cloud apps natively on your endpoints<\/h3>\n
Building stronger protections starting with hardware<\/h3>\n
Application Guard container protections coming to Office 365<\/h3>\n
Automation and impact analysis reinvent Threat and Vulnerability Management<\/h3>\n
Automation in Office 365 ATP blocked 13.5 billion malicious emails this year<\/h3>\n
Campaign detections coming to Office 365 ATP<\/h3>\n
Protection across platforms: enterprise detection and response (EDR) for Mac<\/h3>\n
Related links<\/h3>\n
\n