Microsoft Announces New Security Features for Devs, Customers

At this week’s Build virtual event, Microsoft announced new Identity and Azure features meant to improve security for both application developers and enterprise customers.

For developers, admins, and end-users alike, new Identity capabilities to help foster a secure and trustworthy app ecosystem include Publisher Verification, app consent policies, and general availability of Microsoft authentication libraries (MSAL) for Angular.

With Publisher Verification, developers can demonstrate to customers that their application comes from a trusted and authentic source. Applications will be marked when the publisher has verified their identity with the Microsoft Partner Network (MPN) and associated the account with the application registration.

Administrators will also be able to configure policies and determine the applications that users can consent to, such as those that have been Publisher Verified.

In addition to making MSAL generally available, Microsoft announced that a web library identity.web for ASP.NET Core is in public preview. With MSAL, devs can implement authentication patterns, security features, and integration points with support for any Microsoft identity (from Azure Active Directory accounts to Microsoft accounts).

The tech company also announced the preview of Azure AD External Identities, meant to help organizations and developers create and manage apps that connect with users outside an organization.

This week, Microsoft announced two new additions to Azure Security Center: the availability of Azure Secure Score API to customers, and the public availability of suppression rules for Azure Security Center alerts, which are meant to reduce alerts fatigue.

The company also announced that customers can now control encryption keys on 50 more Azure services, to ensure they meet compliance or regulatory requirements. The capability is now part of the Azure Security Benchmark.

Now, Azure Disk Encryption can be used to secure Red Hat Enterprise Linux BYOS Gold Images (Azure Disk Encryption can be enabled only after the subscription has been registered).

Azure Key Vault, the unified service for management of secrets, certificates, and encryption keys, now provides increased security with Private Link, an option that provides access to Azure Key Vault over a private endpoint in a virtual network (the traffic flows over the Microsoft backbone network).

Furthermore, Microsoft now allows customers to use SafeNet Luna HSMs or Fortanix SDKMS to generate encryption keys outside Azure and then import them into Azure Key Vault (previously, only nCipher nShield HSMs was supported).

Microsoft also released a public preview of notifications for keys, secrets, and certificates, to make it easier for customers to rotate secrets.

Recently, Microsoft announced the general availability of Azure Confidential Computing, which leverages the latest Intel SGX CPU hardware for a new class of VMs that can protect the confidentiality and integrity of customer data while in memory.

Customers can approve or reject data access requests through Customer Lockbox for Microsoft Azure, which now features expanded coverage of services, and is now available in preview for Azure Government cloud customers.

Related: Microsoft Open-Sources COVID-19 Threat Intelligence

Related: Microsoft Releases Azure Security Benchmark