Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

New Security Capabilities Announced for Microsoft 365, Azure

Microsoft on Tuesday unveiled several new security capabilities for its Microsoft 365 and Azure solutions, including for data security, compliance, and risk management.

Microsoft on Tuesday unveiled several new security capabilities for its Microsoft 365 and Azure solutions, including for data security, compliance, and risk management.

Microsoft 365 has built-in data loss prevention capabilities for Teams, Exchange, SharePoint, OneDrive and third-party cloud apps. The new Endpoint Data Loss Prevention (DLP) solution, which is currently available in public preview, extends those DLP capabilities to the endpoint in an effort to help organizations protect sensitive information on endpoints and meet compliance requirements.

Endpoint DLP is built into Windows 10, Edge and Office apps, and security teams can see what data has been accessed and shared directly from the Microsoft 365 compliance center.

Microsoft also announced new Microsoft 365 features designed to help organizations address insider risk and code of conduct violations. These features, also available in public preview, enhance the detection and remediation capabilities in Insider Risk Management and Communication Compliance.

Specifically, the latest Insider Risk Management release expands the quality of signals used to detect potentially risky behavior associated with malicious or non-malicious insider activity. These improvements included new Windows 10 signals (e.g. copying files to a USB drive or a network share), integration with Defender ATP, additional native signals from Microsoft 365 products, and improvements to the native HR connector.

Customers are also provided new data leak policy and security policy violation templates to help them identify more risks, and Microsoft has announced integration with ServiceNow to allow incident responders to easily create tickets for identified risks.

Advertisement. Scroll to continue reading.

As for Communication Compliance, which is designed to allow companies to detect violations of regulatory compliance and code of conduct (e.g. harassment and threats), Microsoft has introduced enhancements designed to make it easier to review and address potential issues.

In the case of its Azure Sentinel SIEM solution, Microsoft announced new third-party connectors that will enable organizations to easily obtain data from third-party firewall, endpoint security, network security and vulnerability management products.

Finally, Microsoft announced Double Key Encryption for Microsoft 365, which enables organizations to remain in full control of the encryption keys they use to protect their most sensitive data. Microsoft believes this will be highly useful to certain organizations, such as ones in the financial sector, which need to meet stricter compliance requirements.

“Double Key Encryption for Microsoft 365 uses two keys to protect your data, with one key in your control and the second in Microsoft’s control. To view the data, one must have access to both keys. Since Microsoft can access only one key, your data and key are unavailable to Microsoft, helping to ensure the privacy and security of your data,” Microsoft explained.

Endpoint DLP, Insider Risk Management, Communication Compliance, and Double Key Encryption are all available in public preview starting on July 21 for Microsoft 365 E5 customers.

Related: Microsoft Announces New Security Capabilities Across Platforms

Related: Microsoft Unveils New Azure, Windows Defender ATP Tools

Related: Microsoft Threat Protection Now Generally Available

Related: Microsoft Open-Sources COVID-19 Threat Intelligence

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.