Progress Report: Enterprise security for our mobile-first, cloud-first world

Last November Microsoft CEO Satya Nadella highlighted the need for a new approach to enterprise security and outlined some of the investments we’re making. This new approach empowers our customers to accelerate their adoption of a protect, detect, respond security posture.

Keeping our network safe, while protecting our data and our customers’ data, is paramount. As Chief Information Security Officer at Microsoft, I am constantly looking for ways to improve our security posture, through new technologies that accelerate our ability to protect, detect and respond to cyber incidents.

Protecting Microsoft’s environment entails managing security for more than 1 million corporate devices across the globe, using multiple platforms. The diversity of our computing environment often mirrors those of our customers, which enables us to develop services that meet their security needs. My team is often the first customer of our company’s technologies, and we work hard to ensure that the products are customer-ready before they go to market.

As attackers get more sophisticated, we need to evolve our ability to get real-time insights and predictive intelligence across our network so we can stay a step ahead of the threats. We must be able to correlate our security data with our threat intelligence data to know good from bad. And we must leverage the industry and our partners to ensure a broad, comprehensive approach. These three things align with the approach Microsoft brings to security for our customers – a holistic, agile security platform, informed by insights from our intelligent security graph and integration with partners and the industry. In the 100 days since Satya discussed our newly invigorated approach to security, we’ve made some significant progress, which I’d like to share with you today.

Secure Platform

We’ve made a number of enhancements to our platform to help IT enable rapid innovations while protecting corporate data and assets.

  • Microsoft Cloud App Security general availability
    In September Microsoft made a significant security investment when we acquired Adallom, the leading cloud access security broker (CASB), for protecting customer data inside SaaS applications. Since the acquisition we have been working hard to integrate the expertise and technology that Adallom brought with it into the cloud security capabilities we have in Microsoft Azure and Office 365.
  • Today, we are announcing Microsoft Cloud App Security, based on the Adallom technology, will become generally available in April 2016. Microsoft Cloud App Security brings the same level of visibility and control that IT departments have in their on-premises network to their SaaS applications including apps like Box, SalesForce, ServiceNow, Ariba, and of course Office 365.
  • For more information, read the Active Directory Team blog.
  • New security enhancements coming to Office 365
    Microsoft Cloud App Security will also power new advanced security management capabilities built into Office 365 that will improve IT visibility and control. These new capabilities include:

    • Advanced security alerts, which notify Office 365 admins of anomalous or suspicious activity in the service so that they can take action.
    • Cloud app discovery, which enables IT to analyze which cloud services their users are connecting to.
    • App permissions, which provides the ability to approve or revoke permissions for third party services that your users are authorized to connect to Office 365.
  • Read today’s Office blog for more information on these new Office 365 security capabilities.
  • Customer Lockbox for SharePoint Online and OneDrive for Business begins rolling out in early Q2
    In the very rare instances when a Microsoft engineer must request access to the Office 365 service, such as when troubleshooting a customer issue with a mailbox or document contents, they need to go through multiple levels of approval within Microsoft. In December, we announced general availability of Customer Lockbox for Exchange Online, which integrates the customer into the approval process.
  • Today, we are announcing that Customer Lockbox for SharePoint Online and OneDrive for Business will begin rolling out in early Q2 of this year. By extending Customer Lockbox to additional Office 365 services, we’re providing customers new approval rights, greater transparency and enhanced control over their data in Office 365.
  • For more information on Customer Lockbox for SharePoint and OneDrive for Business, please read this article on the Office blog.
  • More security management and reporting options in Azure Security Center
    Customers have the ability to configure security policies for each of their Azure subscriptions. Within a subscription, organizations could be running workloads that have different security requirements. To accommodate this, now in addition to configuring a Security Policy at the subscription level, customers will also have the option to configure a Security Policy for a Resource Group – enabling them to tailor the policy based on the security needs of specific workloads.
  • A new Power BI Dashboard enables customers to visualize, analyze, and filter recommendations and security alerts from anywhere, including a mobile device. Customers can use the Power BI dashboard to reveal trends and attack patterns.
  • The Azure blog has more information on the importance of this new, enhanced capability.
  • Extending Security and Auditing in Microsoft Operations Management Suite (OMS)
    A revamped Security and Audit dashboard will provide greater line of sight into security-related events across customer datacenters. This includes information about authentication and access control events, network activity, malware protections, and system updates.
  • You can find more information on these new Microsoft Operations Management Suite enhancements in this article on the Hybrid Management blog.

Intelligent Security Graph

As customers evolve their security strategies from a simple “protect and recover” model, to a more holistic protect, detect, respond posture, intelligence becomes central. In November we shared how we use unique insights from our intelligent security graph, formed by trillions of signals from billions of sources, to better detect attacks, accelerate our response and better protect our customers and partners from modern day threats.

New products we are rolling out today will improve our security signal, help us protect you and help you protect yourself.

  • Azure Active Directory Identity Protection in public preview
    A great example of a new Microsoft security investment in this area is Azure Active Directory Identity Protection. Azure Active Directory security capabilities are built on Microsoft’s experience protecting consumer identities, and gains tremendous accuracy by analyzing the signal from over 14 billion logins to help identify 30,000 potentially compromised users per day. Azure Active Directory Identity Protection builds on these results and detects suspicious activities for end users and privileged identities based on signals like brute force attacks, leaked credentials, sign ins from unfamiliar locations and infected devices. Based on these suspicious activities, a user risk severity is calculated and risk-based policies can be configured allowing the service to automatically protect the identities of your organization from future threats.  We are announcing that Azure Active Directory Identity Protection will be available for public preview next week.
  • For more information on Azure Active Directory Identity Protection please read this article on the Active Directory Team blog.
  • Azure Security Center Advanced Threat Detection
    After years of examining crash dumps that our customers opted to send to Microsoft from more than a billion PCs worldwide, Microsoft has developed the capability to analyze this data to effectively detect compromised systems because crashes are often the result of failed exploitation attempts and brittle malware.
  • These capabilities have been integrated into Azure Security Center, which offers advanced threat detection for customers hosting virtual machines in Microsoft Azure. Now Azure Security Center automatically collects crash events from Azure virtual machines, analyzes the data, and alerts the customer when it has detected that one of their virtual machines is likely compromised. Similarly, additional network and behavioral analytics have also been integrated into Azure Security Center as we continue to evolve these capabilities to detect and mitigate an even wider array of threats and provide actionable intelligence to our customers.
  • You can find more information on these new Azure Security Center capabilities in this article on the Azure blog.
  • New Threat Visualization in OMS
    Operations Management Suite taps into Microsoft global threat intelligence to alert you when firewall logs, Wire Data, or IIS logs indicate that one of your servers is communicating with a malicious IP address. By charting the source of these attacks on an interactive map, customers will now be able to visualize attack patterns and drill in to learn more.
  • You can find more information on these new Microsoft Operations Management Suite enhancements in this article on the Hybrid Management blog.

Working with Partners

No single company can solve the security challenges that our customers face today, which is why the security ecosystem, and all of our security partners, are key to our approach. Today we are announcing new Azure Security Center partner solutions that make it easier than ever for customers to bring their trusted security solutions with them to the cloud.

  • Expanded Azure Security Center partner offerings
    We are announcing that in the next few weeks, Azure Security Center will discover deployments for which a Next Generation Firewall is recommended, and enable customers to provision Check Point vSEC in just a few clicks. Next Generation Firewall solutions from Cisco and Fortinet will follow, as will Web Application Firewall solutions Imperva SecureSphere and Imperva Incapsula. Alerts from these partner solutions will also be integrated in Security Center so customers can view and respond to security issues affecting their Azure resources in one place.
  • For more information on these new Azure Security Center partner offerings please see this article on the Azure blog.

Our customers can get started using the technology we announced today to better protect themselves from current and emerging threats. At next week’s RSA Conference 2016 we’ll share more about our approach and our commitment to provide the platform, intelligence and partners that will help protect our customers now and into the future.

Bret Arsenault