Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security
Cloud lineup gets security overhaul with 2FA and new monitoring tools
Ignite Microsoft is beefing up the security in its cloud services lineup with a handful of unveilings today at this year's Ignite conference.
The Redmond giant says the offerings are part of an aim to secure both its own web services and the partner ecosystems that have popped up around them.
Passwords out to pasture
Among the big declarations from security VP Rob Lefferts was that Microsoft was marking "the end of the era of passwords."
This will be done by extending the Microsoft Authenticator multi-factor phone app to Azure Directory (AD). Any network that uses AD to authenticate people will now be able to give those users the option of using Authenticator to sign in via a PIN, fingerprint, or face scan on their iOS or Android device.
So you can log into your account if you physically have your phone and a valid PIN for the Authenticator app, for example. If you have the app running on your handheld, and provide the right extra detail – a PIN, face scan, etc – then access is granted to your account via AD.
"Using a multi-factor sign-in method, you can reduce compromise by 99.9 percent, and you can make the user experience simpler by eliminating passwords," Lefferts declared.
"No company lets enterprises eliminate more passwords than Microsoft."
Threat Protection set to watch over Microsoft 365, Secure Score rates Azure
Companies opting for the Microsoft 365 Windows-as-a-service package will now be able to use a new security monitoring tool to track and manage all of the security features and reports generated by the various online and offline platforms.
Microsoft says the feature will allow admins to have a single screen where they can view reports from emails, Office applications and documents, Windows endpoints and managed infrastructure.
"This will let analysts save thousands of hours as they automate the more mundane security tasks," Lefferts declared.
Still holding out on Windows 10? Microsoft tempts upgrade with virtual desktop to AzureREAD MORE
Azure, meanwhile, will get new security reporting in the form of Secure Score, a service Microsoft says will give admins updates on what security policies are in effect at their company and where possible weak spots remain.
The idea of Secure Score is to search out best practices like securing admin accounts with multi-factor authentication and implementing two-factor auth for regular user accounts.
In addition to management for on-prem networks, Secure Score will take into account Azure instances, where score reports and rundowns will be shown in the Azure Security Center.
Confidential Compute for Azure clouds
For companies wanting to better isolate their cloud instances on Azure, Microsoft said it will be rolling out a new hardware-based service to the Azure DC line. The service will let customers opt to have their instances run on Intel SGX hardware to make sure that the code itself is running encrypted in a secure portion of the bare-metal machine itself.
Microsoft is also pushing the Information Protection SDK into general availability and adding new labeling options that will allow developers to apply Microsoft's content protections for sensitive data and files into their own code. With the new options, Redmond adds support for Office Apps and PDF docs.
Graph Security API lands
Also targeting Microsoft's dev community is the general availability release of the Graph Security API. The tool allows developers to plug their code into the Graph Security service and access things like its alert service, company Graph analysis, and scripts for configuring and managing the security settings for multiple products.
The idea, says Lefferts, is to make it easy for both customers and security vendors to share their threat intel and manage best practices and data analysis on malware and network attacks.
[Graph Security] helps our partners work with us and each other to give you better threat detection and faster incident response," he said.
"It connects a broad heterogeneous ecosystem of security solutions via a standard interface to help integrate security alerts, unlock contextual information, and simplify security automation." ®