• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Juniper Networks inspires overarching approach to connected security

Microsoft Office 365: This new feature will keep you safe from malware-filled documents

November 24, 2020
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Friday, February 26, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

Microsoft Office 365: This new feature will keep you safe from malware-filled documents

by AZURE SECURITY NEWS EDITOR
November 24, 2020
in News
0
Juniper Networks inspires overarching approach to connected security
494
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

So far, Microsoft’s Windows Defender Application Guard technology (first introduced in the RS3 release of Windows 10) has really protected only one application: the original and (more recently) the new Chrome-based Edge browsers — the WDAG extensions for Chrome and Firefox let you open sites you don’t trust in Edge instead.

But the same technology will soon run Word, Excel and PowerPoint in a hardware-virtualised sandbox when you open documents from the internet, letting you copy, print, edit and save documents without having to click out of Protected View and reopen the document (which is both annoying and an opportunity to get infected with malware).

Application Guard for Office delivers “container-based WDAG support for key Office applications,” Dave Weston, director of OS security at Microsoft told TechRepublic. It’s a big step forward because Office macros, embedded scripts, active content like OLE and COM controls, and documents with obfuscated links to malware remain a major source of attacks — and Protected View leaves a key security decision up to users who may be ill-equipped to decide which documents are safe.

“Office is the most productive application out there. What people love about it is the extensibility; we love the fact that you can probably build an entire oil or energy platform on top of Office with macros, with a few Excel files. But that also obviously gives attackers the opportunity to confuse users into opening documents with macro-based attacks or other [malicious] content,” Weston said.

Protection based on Windows Defender Application Guard (WDAG) is expanding from Microsoft’s Edge browsers to include Word, Excel and PowerPoint.
Image: Microsoft

Active content isn’t the only threat, said Weston. Although it’s rare, some attackers have used zero-day exploits to attack enterprises through Office documents. “In recent years we’ve seen zero-day exploits that get code execution initially into protected mode and then combine that with some sort of a kernel or other vulnerability to ‘escape’ the sandbox.”

Application Guard addresses both styles of attack, Weston said. “There is no access in the container to things like credentials transparently, so you can’t just do NTLM attacks. And of course, active content is kept within the container and only promoted once it gets past a deeper analysis. The fact that Application Guard can allow you to contain any threat from the internet in essentially a shrunk-down version of the Azure hypervisor is incredibly valuable.”

Protected View is safe but annoying, because you can’t sort an Excel spreadsheet or print a PowerPoint without turning it off and waiting for the document to reopen. Application Guard is seamless, as the document opens in the container straight away. Attackers would also try to trick users into turning it off.

“Attackers would put things in their documents like ‘this image is blurry but if you click the bar to turn off Protected View, that will give you a nice clear image’ so it becomes part of their lure,” Weston pointed out. “All of that is gone. You can edit the document, you can save and persist it and reopen it in the container; you essentially have a separate virtually secured and segmented workspace and you can edit, print and do all the basic functions, without having to ‘escape’ the container.”

Running in a container doesn’t make opening documents slower, Weston stressed. “We’ve made numerous performance improvements — things like GPU access, better network management, all sorts of tweaks — and there are lots of under-the-hood performance optimizations.” Rather than loading the Office application from scratch, Application Guard loads a virtual machine with the application already running. “When you start up Office with an untrusted document, we resume that VM, and rehydrate that process so it effectively feels instantaneous.”

“If you compare the time it takes for a user to go through and click all the buttons required to edit or print a document to the few seconds that are required to spin up a container, in some cases it can actually be faster to use than the traditional software-based Protected View sandbox.”

There is still a way to take documents out of the Application Guard sandbox, using the Safe Documents feature that’s already in Office Insider public preview (although it’s off by default because currently all files are sent to the US region for scanning). This checks the documents to see if they’re safe to open.

“If you’ve got a vital business document that you want to promote into the enterprise space, you can release it from the container, but it first needs to go through deep analysis through our Defender ATP engine, where we run things like our AMSI interface to understand that it’s secure.” Administrators also get the option to decide whether users can mark documents as safe by having them scanned this way.

Application Guard requires Windows 10 for the hardware-based virtualisation that powers the containers; Safe Documents doesn’t. On other systems, users will be able to have a document checked by Defender ATP before it leaves Protected View.

“You’re going to be accessing your mail on other systems like Macs or Android devices, or maybe older versions of Windows that wouldn’t have containers available,” Weston pointed out. Having both will still give you more comprehensive protection. “Detection is incredibly valuable, we do a great job with it, but it’s not perfect so having a container as a backstop is an excellent way to cover all your bases.”

E5 for integration


Application Guard for Office 365 ProPlus will be available “very soon” Weston said: it’s been in private preview and has already been announced as a Windows 10 2004 feature.

It will work automatically for Outlook attachments, documents downloaded from any domain that’s not your intranet or a trusted site, and files in untrusted folders like the Temporary Internet folder, as long as Application Guard is enabled as a Windows 10 feature (which can be done by policy or the user), the documents are opened in Office 365 ProPlus and you have either a Microsoft 365 E5 or Microsoft 365 Security E5 license.

Safe Documents also needs an E5 licence and Office 365 ProPlus. The E5 requirement isn’t about making this a premium feature: it’s because you need an E5 licence for Windows Defender Advanced Threat Protection, and the integration with that makes Application Guard far more useful to enterprises, by giving defenders visibility into attacks and helping to protect them on more than just Windows 10 devices.

“These things work together hand-in-hand because if you’ve prevented an attack, you almost always want to investigate that,” Weston pointed out. “You want to understand where it came from, so that you ensure that that attack hasn’t pivoted to somewhere else in your enterprise that might not have hardcore prevention. What we see as magical is the experience where we can prevent basically anything under the sun, including kernel exploits, where you fully prevented this attack but you have all the options for detecting and responding to it; and we can only provide that experience if it’s built into the suite.

“Having worked security incidents for so many years, the fact that I could go from a detonation on the client to investigating mailboxes across an enterprise is incredible progress. That’s the type of thing you used to have to do in Excel or spending hours writing Python scripts and mining logs, and now that happens in seconds.”

Because Safe Documents and Application Guard feed information about dangerous documents back into the Microsoft Security Graph, they indirectly protect users who don’t have Office 365 ProPlus or an E5 licence.

“If someone gets a document from any location, whether that’s OneDrive, Dropbox or Gmail, and they open it and we determine it’s a threat in the container, based on Defender ATP analysis, we can then take that information up into the security graph, put it into the SecOps ATP portal and immediately pivot into other mailboxes that haven’t even read the threat yet and eradicate it there,” Weston explained.

Details like the X-Mail header and the file hash will be used to automatically build machine-learning models to detect the same attack on other devices. “The rest of the security graph will be protected instantaneously, because that’s immediately going to be consumed into our models and turned into protection without humans doing anything,” said Weston.

And in time Application Guard and Safe Documents may be available beyond Office ProPlus and E5 tenants. “We’re starting with enterprise because that’s where the demand is and we want to mature the technology. But ultimately we want to protect users, so we will continue to look for opportunities to trickle down that technology.”

Weston also predicts that Application Guard will likely protect more than just Word, Excel and PowerPoint in the future. “We’re going to look hard at Outlook and some of the other parts of the Office suite, and determine if there’s enough customer demand and we have the right experience for those types of apps. You could even go as far as Teams.”

None of those applications are on the roadmap yet, and it depends on what applications are targeted by attackers, Weston said. “As we can mature the technology and deliver a good experience, we would look at any place that attackers are moving to, to give this type of security

Reference: https://www.techrepublic.com/article/microsoft-office-365-this-new-feature-will-keep-you-safe-from-malware-filled-documents/

Share198Tweet124Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

Latest launched research document on Global Cloud Security in Banking Market study of 111 Pages provides detailed analysis with presentable...

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

ZEDEDA announced an integration with Microsoft Azure IoT services that provides customers with full lifecycle management capabilities (edge hardware, OS, Azure IoT Edge...

Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

In December, the disclosure of the supply chain attack against SolarWinds sent shockwaves throughout federal agencies responsible for the security...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In