Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Takes Security to the Edge

Microsoft Unveils New Services and Features to Secure Internet of Things (IoT) Devices

Microsoft Unveils New Services and Features to Secure Internet of Things (IoT) Devices

At RSA Conference this week in San Francisco, Microsoft announced new tools and technologies aimed at protecting connected devices from security threats.

First on the list is Azure Sphere, what Microsoft describes as a holistic solution built for securing microcontroller unit (MCU)-based devices from the silicon to the cloud. With an estimated 9 billion cloud-connected devices shipping each year with tiny MCU chips inside, there’s clearly a large segment to keep secure, Microsoft says.

Azure Sphere, the software giant claims, is based on a new class of Microsoft-developed MCUs boasting five times the power of legacy MCUs. The company aims at licensing the IP for the MCUs royalty free to silicon manufacturers, and says that MediaTek is already producing Azure Sphere-certified silicon.

With Azure Sphere, these chips run “a new customized operating system built for IoT security,” Microsoft says. Featuring a custom Linux kernel and optimized for IoT, the operating system includes security innovations from Windows, aiming to deliver a highly secured software environment.

Additionally, a cloud security service will guard every Azure Sphere device, allowing for updates and upgrades for a 10-year lifetime of the device. Microsoft also claims that Azure Sphere will work alongside both private and proprietary cloud services, allowing customers to continue using their existing data infrastructure.

“This combined approach to Azure Sphere brings together the best of hardware, software and services innovation. It is open to any MCU chip manufacturer, open to additional software innovation by the open source community and open to work with any cloud. In short, it represents a critical new step for Microsoft by integrating innovation across every aspect of technology and by working with every part of the technology ecosystem, including our competitors,” Microsoft President Brad Smith notes.

Additionally, Microsoft announced new automated threat detection and remediation tools to help simplify and streamline the process of identifying and fixing threats before they spread. These automated investigation and remediation capabilities will arrive on systems as part of Windows Defender Advanced Threat Protection (ATP) in the upcoming Windows 10 update.

Through connecting Conditional Access and Windows Defender ATP, Microsoft is now providing customers with the ability to limit access to mission-critical information when malware is detected on devices.

Microsoft is working to deliver detection and response capabilities to Microsoft Azure customers as well, Rob Lefferts, Director of Enterprise and Security, Windows, says. Customers embracing the cloud can leverage Azure Security Center to stay up to date with threats and to simplify hybrid cloud security.

“Several new capabilities will be available with Security Center this week that help to identify and mitigate vulnerabilities proactively and detect new threats quickly. With the integration of Windows Defender ATP in preview, customers can get all the benefits of advanced threat protection for Windows servers in Azure Security Center,” Lefferts reveals.

For management purposes, the company announced Microsoft Secure Score, which delivers a single dashboard and summary score for organizations to tap into. Not only will organizations easily determine which controls to enable for an effective protection, but they will also be able to compare results with other organizations.

Starting today, a new Microsoft Graph security API is available for preview, enabling customers to connect to Microsoft products powered by the Microsoft Intelligent Security Graph. Through the new API, technology partners and customers should be able to speed up threat investigation and remediation, the tech giant says.

Security firms such as Palo Alto Networks, PwC and Anomali are already exploring the API for their solution, the company says. Through a newly launched Microsoft Intelligent Security Association program, partners can benefit from, and contribute to, the Intelligent Security Graph and Microsoft security products.

Another security improvement coming to Window 10 is support for the FIDO 2.0 standard, which aims at providing users with password-free authentication capabilities. Set to arrive in the next Windows 10 update, FIDO 2.0 support will bring the same experience to all Windows 10 devices managed by an organization.

“All of the advances we’re announcing today reflect another essential fact of life. Security has become a shared responsibility. We believe that Microsoft has an important responsibility and is in a unique position to help address the world’s security issues and contribute to long-term solutions,” Smith also said.

Microsoft also announced the inclus
ion of an Attack Simulator for Office 365 Threat Intelligence in Microsoft 365, a feature that should make it easier for IT teams to train users to guard against phishing.

Related: Microsoft Adds New Security Features to Office 365

Related: Industrial Internet Consortium Develops New IoT Security Maturity Model

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Endpoint Security

The Zero Day Dilemma

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...