{"id":41839,"date":"2021-03-02T14:16:24","date_gmt":"2021-03-02T14:16:24","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=957347955120b0c077d0b837ead63ecd"},"modified":"2021-03-02T14:16:24","modified_gmt":"2021-03-02T14:16:24","slug":"microsoft-doubles-down-on-zero-trust-security-policies","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/microsoft-doubles-down-on-zero-trust-security-policies\/","title":{"rendered":"Microsoft doubles down on zero trust security policies"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
2 Mar, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

Microsoft has launched new functionality across its Azure Active Directory (AD) authentication portal and Microsoft 365 to advance its\u00a0zero trust security strategy<\/a>\u00a0and protect its customers against insider threats.\u00a0<\/p>\n

\u2018Zero trust\u2019 is a security strategy based on the need for businesses to adapt to increasingly sophisticated threats, and is based on the assumption that nothing within the corporate network can be trusted.\u00a0<\/p>\n

<\/p>\n

\nMicrosoft is among a\u00a0handful of tech companies<\/a>\u00a0to adopt these policies in a meaningful way over the past few years, with features revealed at its Ignite 2021 conference in Azure AD and Microsoft 365 bolstering the firm\u2019s zero trust capabilities.\u00a0<\/p>\n

Passwordless authentication<\/a>\u00a0is now generally available in AD across all cloud and hybrid environments, with users able to use\u00a0biometrics<\/a>, Windows Hello for Business, the Microsoft Authenticator app or FIDO2 security key to log-in.<\/p>\n

The policy engine Azure AD Conditional Access now uses authentication context to enforce more granular policies based on user interactions within an app, also taking into account the sensitivity of data they\u2019re trying to access.\u00a0<\/p>\n

Verifiable credentials, which lets organisations confirm pieces of information on their employees such as education or professional certificates, is also entering public preview within the next few weeks. This verifies claims made without collecting any personal data. The government of Flanders and the NHS are already piloting this service.<\/p>\n

\u201cAs defenders ourselves, we are passionate proponents of a Zero Trust mindset, encompassing all types of threats – both outside in and inside out,\u201d said Microsoft\u2019s corporate VP for security, compliance and identity, Vasu Jakkal.<\/p>\n

\u201cWe believe the right approach is to address security, compliance, identity, and device management as an interdependent whole, and to extend protection to all data, devices, identities, platforms, and clouds \u2013 whether those things are from Microsoft, or not.\u201d<\/p>\n

Changes in Microsoft 365 are largely based on trying to\u00a0eliminate the insider threat<\/a>, both malicious and unwitting, with the firm investing in creating inside-out protection by extending its capabilities to third parties.<\/p>\n

Improvements in compliance include co-authoring documents protected with Microsoft Information Protection, which allows multiple users to work simultaneously on documents while benefitting from the extensive protection for documents and emails across Microsoft 365 apps.<\/p>\n

Microsoft 365\u2019s Insider Risk Management Analytics will allow customers to identify potential insider risk activity within an organisation, which will then inform policy configurations. Tools include daily scans of tenant audit logs, including historical activities, with\u00a0machine learning<\/a>\u00a0used to identify any risky activity.<\/p>\n

Azure Pureview, Microsoft\u2019s unified government platform for on-premises, multi-cloud and software as a service (Saas) data, can also be used to scan and classify data residing in AWS S3 buckets, SAP EEC, SAP S4\/HANA and Oracle Database.<\/p>\n

\u201cAdopting a Zero Trust strategy is a journey,\u201d Jakkal continued. \u201cEvery single step you take will make you more secure. In today\u2019s world, with disappearing corporate network perimeters, identity is your first line of defence.\u00a0<\/p>\n

\u201cWhile your Zero Trust journey will be unique, if you are wondering where to start, our recommendation is to start with a strong cloud identity foundation. The most fundamental steps like strong authentication, protecting user credentials, and protecting devices are the most essential.\u201d<\/p>\n

Microsoft is also launching what it calls an \u201cassume breach\u201d toolset, which comprises tools and features that can help customers adopt the assume breach mentality without being hampered by the complexity that it can often entail. This is a critical component of the overall zero trust umbrella.\u00a0<\/p>\n

Among the improvements,\u00a0Microsoft Defender<\/a>\u00a0for Endpoint and Defender for Office 365 customers can now probe threats directly from the Microsoft 365 Defender portal, which provides alerts and in-depth investigation pages. A Threat Analytics section also provides a set of reports from Microsoft security researchers that help customers understand, prevent and mitigate active threats. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

2 Mar, 2021 <\/p>\n

Microsoft has launched new functionality across its Azure Active Directory (AD) authentication portal and Microsoft 365 to advance its\u00a0zero trust security strategy\u00a0and protect its customer…<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41839","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41839","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41839"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41839\/revisions"}],"predecessor-version":[{"id":41840,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41839\/revisions\/41840"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}