Microsoft Corp. is betting on the zero-trust approach to computer security that was first advanced by its rival Google LLC, with a whole swath of updates announced at Ignite 2021 today aimed at extending the protection it offers to data, devices, identities, platforms and clouds.
Zero trust is a security concept that centers on shifting access controls from the perimeter, as with traditional firewall-based security, to individual devices and users. The main idea is to enable employees to work securely from any location without the need for a traditional virtual private network.
With zero trust, access control is no longer based on whether users are requesting that access from inside or outside the corporate network. Instead, the model assumes that users requesting access from inside the network are just as untrustworthy as those seeking remote access, so access requests are instead granted based on details about the particular users, their jobs and the security status of the devices they’re using.
In a blog post today, Vasu Jakkal, Microsoft corporate vice president of security, compliance and identity, said Microsoft is a passionate proponent of the zero-trust mindset and that it believes the correct approach is to address security, compliance, identity and device management as an “interdependent who.”
With that in mind, Jakkal identified four key areas, namely Identity, Security, Compliance and Skilling, that he said must be combined to ensure companies are protected against today’s challenging security requirements. It’s those areas that are the focus of today’s security-related announcements.
Azure Active Directory is gaining a bunch of new capabilities, including passwordless authentication that’s now available for all cloud and hybrid environments. Users can now sign into any cloud using Azure AD using biometrics or simply by tapping an icon on Windows Hello for Business, the Microsoft Authenticator app or a compatible FIDO2 security key.
Meanwhile, Azure AD Conditional Access, which is the policy engine at the heart of Azure AD, now uses authentication context to enforce granular security policies based on the user’s actions within each application, or the sensitivity of the data they’re attempting to access. Jakkal said this will help admins to protect important data without unduly restricting access to less sensitive content.
In addition, Azure AD verifiable credentials, which make it possible for companies to confirm information such as someone’s educational or professional certifications without storing their personal data, will enter public preview in a few weeks, Jakkal said.
Constellation Research Inc. analyst Holger Mueller told SiliconANGLE that security is always on the minds of enterprise leaders, so it doesn’t come as a surprise to see Microsoft beefing things up at Ignite.
“The starting point is obviously with Azure Active Directory, which has more than 425 million users already.” Mueller said. “So increasing security for identities with passwordless and biometric logins is a welcome strengthening of that.”
On the physical security side, Microsoft announced updates to its Security Information and Event Management and Extended Detection and Response tools that help to eliminate fragmentation and complexity. Microsoft Defender for Endpoint and Defender for Office 365 get new capabilities that make it possible for users to investigate and remediate threats from within the Microsoft 365 Defender portal. It helps unify security alerts and investigations and provide deeper, more automated analysis with simple visualizations into what’s happened.
Further, Jakkal said that incidents, schema and user experiences are now common between Microsoft 365 Defender and Azure Sentinel, which is the company’s cloud-native SIEM service. Threat Analytics gets an update too, and can now provide a set of reports from Microsoft security experts that can help organizations to understand, prevent and mitigate active threats from within Microsoft 365 Defender.
Jakkal stressed that protecting against insider threats is just as important in a zero-trust security framework as protection from outside attacks. And that doesn’t just apply to Microsoft’s cloud, but all clouds and platforms its customers use.
To that end, Microsoft is extending its inside-out protection capabilities to third parties through a number of new compliance offerings.
New capabilities include co-authoring of documents protected with Microsoft Information Protection, enabling multiple users to work simultaneously on documents. There’s also a new Microsoft 365 Insider Risk Management Analytics tool that helps companies to identify potential insider risk activity and inform policy configurations to prevent this. And Microsoft 365 now offers data loss prevention in Chrome-based browsers and on-premises server-based environments such as file shares and SharePoint Server.
Meanwhile, Jakkal said, the new Azure Purview service announced at Ignite today is being integrated with Microsoft Information Protection, enabling companies to apply the same sensitivity labels defined in the Microsoft 365 Compliance Center to data that resides in third-party clouds and on-premises environments.
The final piece of Microsoft’s zero-trust security puzzle relates to skilling, or providing customers with the learning resources they need to keep up to date with the complex cybersecurity attack landscape. Jakkal said Microsoft is stepping its game up here with the addition of more material to its Security Technical Content Library that provides access to hundreds of different security learning resources.
At the same time, the company is announcing four new security, compliance and identity certifications now available in its Certifications resource page. These include a new Security, Compliance, and Identity Fundamentals certification that starts with the basics of security, compliance and identity across cloud environments and related services, and an Information Protection Administrator Associate certificate that’s focused on planning and implementing compliance controls.
Third is the Security Operations Analyst Associate certification, which helps security professionals to design threat protection and response systems. And fourth is the Identity and Access Administrator Associate certification that teaches how to design, implement and operate an organization’s identity and access management systems using Azure AD.