Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Microsoft Announces New Security Capabilities Across Platforms

In addition to new security tools for Azure, at the Ignite 2019 conference this week, Microsoft announced new capabilities aimed at improving the security of its users across platforms.

In addition to new security tools for Azure, at the Ignite 2019 conference this week, Microsoft announced new capabilities aimed at improving the security of its users across platforms.

Office 365 ProPlus is getting Application Guard, a new feature that aims to keep attacks launched via malicious files contained. Already integrated in Microsoft Edge, Application Guard will allow users to open untrusted documents in a virtualized container and print, edit and save changes.

The feature is currently in limited preview, but the tech giant expects it to become generally available in the summer of 2020.

Also in preview are new built-in analytics and investigation tools in Azure Sentinel, to expand detection and provide deep insights into suspicious URLs. Azure Sentinel also features built-in connectors from security partners for improved data collection, and new Graph Security API integrations that enable customers to sync alerts from multiple Microsoft and third-party solutions.

Microsoft Defender Advanced Threat Protection (ATP) for Mac was released in preview for enterprise customers earlier this year, and is set to bring endpoint detection and response capabilities to Mac users in December (in private preview).

Microsoft also added remote deployment guidance for Microsoft Defender ATP and Office 365 ATP to FastTrack Center, at no cost for eligible customers in North America, in English only. The feature should become available worldwide at the beginning of next year.

By mid-December, Microsoft will bring Microsoft Office ATP capabilities to the desktop with the launch of Microsoft Safe Documents. The feature is expected to deliver improved security when compared to Protected View, which was initially introduced in Office 2010 to keep users safe from untrusted documents.

The tech company has added automation capabilities to Office 365 ATP through the general availability of Automated Incident Response, which aims to reduce the potential impact of data breaches.

For improved data breach detection, Office 365 ATP now features enhanced compromise detection and response, which is currently available in public preview.

On Monday, the company also announced that secured-core PCs, which are devices that apply security best practices to firmware, and which were announced a couple of weeks ago, are now shipping from both Microsoft and its partners.

An updated scoring system is now available in Microsoft Secure Score to help users better understand, benchmark, and track progress in improving their security posture. New planning capabilities and new CISO Metrics & Trends reports are also available now.

Furthermore, Microsoft Secure Score has been integrated with Microsoft Teams, Microsoft Planner, and ServiceNow for improved collaboration (available now), and with Azure Security Center in an effort to deliver centralized visibility and additional options for improvement actions (availability is expected by early 2020).

At Ignite, the tech giant also introduced Insider Risk Management, a Microsoft 365 solution that correlates signals and abnormal user behavior to identify hidden patterns and risks.

The feature includes configurable playbooks for risks such as digital IP theft, confidentiality breach, and potential security violations; allows for the anonymization of names for risky users; and features end-to-end integrated workflows so that only the right people are involved in investigation and response.

Azure Active Directory customers can now use Microsoft Authenticator for passwordless access to their apps, with general availability expected next year. Starting November 1, 2019, both multifactor authentication and passwordless authentication can be used at no charge.

Microsoft 365 now offers new identity features to secure firstline workers’ access to their organization’s resources. New features include SMS sign, global sign-out (for Android) and delegated user management. Now in private preview, these features should become available later this year.

Also for Microsoft 365 customers, the tech giant announced a new service that aims to provide people with knowledge, learning, and expertise and to help businesses increase their efficiency. Referred to as Project Cortex, the service is now in private preview and will become generally available in the first half of 2020.

In addition to a new Office app for Android and iOS, now in public preview, Microsoft announced security improvements for Outlook Mobile for iOS and Android, which can now better protect personal and company data. A new email notification experience now encrypts data on the lock screen until the device is unlocked.

The company is also rolling out a Global reader role in Azure Active Directory, now available for all Microsoft 365 tenants. It aims to reduce the number of Global admins by allowing users to view settings and administrative information across their Microsoft 365 without needing Global admin permissions.

Starting this week, Microsoft will also be rolling out new AI-powered recommendations in the Microsoft 365 admin center to help customers improve their security and compliance posture.

Another addition to the company’s portfolio is Microsoft Endpoint Manager, which brings together Intune and Configuration Manager functionality and data, along with new intelligent actions, to provide end-to-end management capabilities.

The cloud-based enterprise mobility management tool will also manage the Surface Unified Extensible Firmware Interface and leverage device management in the cloud, courtesy of Device Firmware Configuration Interface (DFCI), thus bringing provisioning, security, quality, and streamlined updating to a single console.

Microsoft will include DFCI support in all Surface for Business devices. DFCI management capabilities will become available in Microsoft Endpoint Manager in public preview starting this month.

Additional details on Microsoft’s announcements are available on the company’s tech community blogs, Microsoft 365 blog, and Azure blog.

Related: Microsoft Unveils New Security Tools for Azure

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...