Microsoft Ignite 2024 - Security Product Highlights

calendarNov 19, 2024 · 12 min read · AI Ignite CoPilot  ·
Share on: linkedincopy

This week, Microsoft Ignite is here! Hosted in Chicago from 19 till 21 November. With over 80 announcements, it is quite hard to follow them all. I've put my focus on the Security, which I will describe in this blog below. All the content is originating from the Microsoft "Ignite book of news" which can be found at here.

Security

  • [General Available] - Microsoft Security Exposure Management
    It delivers experience that empowers security decision-makers and security practitioners to effectively assess and reduce exposure to cyberthreats. Exposure Management enables organizations to adopt a continuous threat exposure management program to measure, monitor and manage their cyber threat exposure to proactively identify and remediate attack paths that pose risk to critical assets. Exposure Management includes Attack Surface Management, Attack Path Analysis, and Unified Exposure Insights— solutions that offer security teams unmatched visibility and insight into their risk landscape. Exposure Management works together with Extended Detection and Response, Microsoft Defender XDR and generative AI solution Security Copilot to provide complete protection for both pre- and post-breach situations through a unified SecOps platform.

Microsoft Purview

  • [General Available] - Microsoft Purview Insider Risk Management updates will strengthen data security
    Purview Insider Risk Management updates will strengthen data security
    Purview Insider Risk Management (IRM) usage indicators and policy template will provide new detections of intentional and unintentional insider risk activity on generative AI (GenAI) apps that can pose a risk to an organization. With the fast adoption of GenAI, customers need visibility into risky AI usage within their organizations to understand potential data security risks related to GenAI apps and prevent misuse of these technologies. These updates for Microsoft 365 Copilot, Copilot Studio, ChatGPT Enterprise and Azure OpenAI are now in preview. To provide better data security context to support SOC teams’ investigations, IRM alerts will be integrated into the Microsoft Defender XDR incident page and IRM analytics into Advanced Hunting, so teams can perform deeper and more complex analyses.
  • [General Available] - Microsoft Purview Data Security Posture Management for AI generally available
    this enables data and IT admins to proactively discover AI risks, strengthen their data posture and prevent incidents like data oversharing or data leakage. Security teams often find themselves in the dark when it comes to data security and compliance risks associated with AI usage. Data Security Posture Management for AI offers protection by:
    • Discovering data security, safety and compliance risks in AI prompts and responses, including Microsoft Copilots, custom-built AI apps built on Copilot Studio and third-party AI apps like ChatGPT Enterprise.
    • Providing policy recommendations, like configuring auto-labeling or data loss prevention (DLP) policies to mitigate these risks.
    • It provides recommendations on how to fix permissions with auto-labeling, Restricted Content Discovery and Access Review in SharePoint Advanced Management.
  • [Public Preview] - New controls in Microsoft 365 Copilot will help prevent data oversharing
    New generative AI controls will stop oversharing of sensitive information, will limit Microsoft 365 Copilot from using sensitive data and will detect risky AI usage in Microsoft 365 Copilot. These controls will give choices about the data used in Microsoft 365 Copilot summaries and responses, and alert them when prompts or responses contain sensitive information or may have risky intent. Data oversharing can occur when users have access to more data than necessary for their job duties. Organizations are requesting robust data security controls to help mitigate these risks. Microsoft Purview Data Loss Prevention (DLP) for Microsoft 365 Copilot will enable admins to configure policies to prevent Microsoft 365 Copilot from processing files based on their sensitivity label to help reduce the risk of accidental oversharing.
  • [Public Preview] - Microsoft Purview data governance solution renamed Unified Catalog
    Microsoft Purview Data Catalog is being renamed to Microsoft Purview Unified Catalog to better reflect the offering’s comprehensive customer benefits. The modern data governance solution delivers comprehensive visibility, data confidence and responsible innovation for greater business value in the era of AI. The solution streamlines metadata from disparate catalogs and sources, like Microsoft Fabric OneLake, Databricks Unity and Snowflake Polaris, into a unified experience. Additionally, the following new capabilities are available in preview:
    • Deeper data quality support: Microsoft Purview will offer deeper data quality support, through a new data quality scan engine for big data platforms, including Microsoft Fabric, Databricks Unity Catalog, Snowflake, Google Big Query, and Amazon S3, to support open standard file and table formats. This new scan engine will allow businesses to centrally perform richer data quality management across disparate data assets from within the Purview Unified Catalog.
    • Microsoft Purview Analytics in OneLake: This new capability will enable deeper data quality and lineage investigation using the rich capabilities in Power BI within Microsoft Fabric.
  • [Public Preview] - New Microsoft Purview DLP capabilities will help prevent sensitive data loss
    New capabilities in Microsoft Purview Data Loss Prevention (DLP) will help security teams prevent sensitive data loss in the era of AI and include the introduction of DLP for Microsoft 365 Copilot. This capability helps ensure that the content within sensitive documents is not summarized by Microsoft 365 Copilot or processed by Microsoft 365 Copilot for grounding data. These new capabilities will include:
    • Expanded file type coverage for endpoint DLP: Broader range of file types will be supported by endpoint DLP to enable more consistent coverage and protection across workloads.
    • Power Automate integration: Users will be able to set up custom Power Automate workflows (like alert triage and investigation) as an action for DLP policies.
    • Security Copilot-powered DLP policy understanding: Security Copilot will provide admins with policy summarization in natural language and policy gap analysis based on their organization’s needs.
    • Full file evidence (Microsoft-managed): Users will be able to store and view full files on Windows as evidence for investigations using Microsoft-managed storage.
    • Blanket protections for non-supported file types: Users will be able to enforce general protections for file types that endpoint DLP does not currently scan and monitor.
  • [Public Preview] - Microsoft Purview Data Security Posture Management will streamline visibility
    It will provide centralized visibility and contextual insights from across Microsoft Purview data security solutions and will enable organizations to manage their data security posture more effectively. Data security teams will be able to perform unified analysis through data, users and activities, leveraging DSPM as a crucial starting point for teams to understand the organization’s data environment, even before classifications or policies are put in place. DSPM insights will include views on the location and type of sensitive data, risky user activities and common channels for data exfiltration. By centralizing visibility across data security, DSPM will empower teams to accelerate investigations and uncover hidden data risks that could have been more easily overlooked in isolated views.
  • [Public Preview] - Microsoft Purview Information Protection will extend Azure RMS-defined sensitivity labels
    Microsoft Purview Information Protection will offer admins the ability to extend Azure Microsoft Rights Management (RMS)-defined sensitivity labels to Office files and PDFs at rest in a SharePoint document library. This prevents sensitive data leakage stemming from the egress of documents from SharePoint sites.
  • [Public Preview] - Security Copilot capabilities will be embedded in Microsoft Purview
    Microsoft Purview’s built-in integration with Microsoft Copilot Studio will offer data security and compliance features to low-code developers building custom AI apps. Benefits are:
    • Discovering data risks in custom-built AI interactions;
    • Governing the data generated through the custom-built AI app.
  • [almost Public Preview] - Security Copilot updates will use generative AI to aid in security efforts
    Security Copilot embedded capabilities will help data security and data compliance teams use natural language to uncover hidden data risks and accelerate tasks and investigations while strengthening teams’ expertise and efficacy. These capabilities will include:
    • Microsoft Purview Data Security Posture Management (DSPM);
    • Data Loss Prevention (DLP) Policy Understanding;
    • eDiscovery Case Summary;
    • New DLP investigation prompts;
    • Copilot-powered Knowledge Hub.

Security CoPilot The latest advancements of Security Copilot updates

  • [General Available] - Leverage new third-party plugins: Security Copilot’s thriving partner ecosystem empowers security teams to use existing tools while leveraging Microsoft’s global threat intelligence and generative AI capabilities.
  • [General Available] - Build on enterprise readiness: Supported features for audit logs and role-based access control.
  • [Public Preview] - Boost comprehensive security: New embedded capabilities across Microsoft security solutions will allow admins and analysts to bolster their domain security using everyday tools.
  • [Public Preview] - Automate security tasks and empower security teams: The new Logic Apps connector.



Intune

  • [Public Preview] - Microsoft Security Copilot in Intune will expand to more platforms, scenario
    Security Copilot in Intune has been transforming endpoint management and security for IT admins. The Intune Suite and Windows Autopatch, Security Copilot in Intune will be equipped to address more of the everyday challenges faced by IT teams. This embedded, generative AI experience as part of Security Copilot and embedded in the Intune admin center experience will redefine how IT teams protect and enhance productivity across their organizations.
  • [Private Preview] - Microsoft Intune expanding core device hardware inventory capability
    Microsoft Intune is expanding its core device hardware inventory capability for Windows to iOS, Android, macOS and Linux devices. Device data is the foundation of modern endpoint management and Microsoft recognizes the importance of having complete end-to-end visibility across devices. Admins will be able to retrieve real-time data of an online cloud-managed Windows device on demand with Intune Advanced Analytics. Intune will expand this functionality to retrieve and analyze the device details across multiple devices using a Kusto Query Language (KQL) interface. Intune is introducing a new set of device actions which can be taken based on the analysis of the KQL device queries with Intune Advanced Analytics.

Entra

  • [General Available] - New capabilities strengthen Microsoft’s Security Service Edge solution
    Microsoft has several updates and feature additions for the products that comprise its Security Service Edge (SSE) solution in the Microsoft Entra Suite. These updates include:
    • Microsoft Entra Private Access simplified the migration to Zero Trust Network Access from traditional VPNs, with general availability of quick access policies that simplify onboarding of private apps to Microsoft Entra and preview of App Discovery that will allow organizations to easily discover all their private apps.
    • Microsoft Entra Internet Access will improve its ability to extend adaptive access controls universally with the preview of universal continuous access evaluation (CAE), a capability that revokes access when conditions change, in near real-time, to all internet destinations, agnostic of the app or client being natively CAE aware.
  • [Public Preview] - Microsoft Security Copilot will be embedded in Microsoft Entra portal
    Microsoft Security Copilot will be embedded directly into Microsoft Entra admin center, bringing the available identity skills from the standalone Security Copilot experience, along with new identity capabilities, directly to identity admin workflows, making it easy for them to operate at the speed and scale of AI. Security Copilot in Entra is now in preview and will include:
    • AI-driven assistance and recommendations for identity and access management (IAM) scenarios, simplifying data challenges and reducing administrative overload;
    • The ability for admins to quickly troubleshoot access failures during critical moments, offering automation and actionable insights.

Defender for Cloud

  • [General Available] - Microsoft Defender for Cloud integrates with Endor Labs
    Microsoft Defender for Cloud has natively integrated with Endor Labs, a leader in reachability-based Software Composition Analysis (SCA). With the native integration, teams can correlate SCA findings with runtime alerts to view code-to-runtime attack paths. This means security teams can trace vulnerabilities found in open-source software (OSS) dependencies to potential exploit paths in their cloud environments.
  • [General Available] - Strengthened partner ecosystem will benefit small and medium business security
    Microsoft is strengthening its partner ecosystem to make it easier for Managed Solution Provider (MSP) partners to support small and medium businesses (SMBs), which are facing increased cyberattacks. MSP partners help augment the limited internal security resources that SMBs have by providing security services. Updates include:
    • Defender for Business and Entra integration with Huntress (24/7 Security Operations Center will triage);
    • Microsoft Intelligent Security Association (MISA) portfolio addition;
    • Boosted email defense with intent-based detections backed by large language models (LLMs) for SMBs.
  • [Public Preview] - Microsoft Defender for Cloud to bolster container security through app lifecycle
    New updates:
    • The ability to scan container images from their creation in the continuous integration/continuous delivery CI/CD pipeline through cloud and in the Kubernetes cluster where they are deployed;
    • Built-in visibility into container security issues and actionable security insights;
    • Enhanced monitoring and alerting capabilities with the improved integration of Defender for Cloud and Microsoft Defender XDR now processes Kubernetes container data in real-time to help detect and respond to a broader range of potential vulnerabilities and threats.
    • Binary drift detection identifies and responds to unauthorized changes in container configurations at runtime and helps users ensure container images remain unmodified after deployment;
    • The ability to create custom queries to detect suspicious activities in containers and other cloud resources. Users can quickly contain vulnerabilities in runtime by limiting pod communication or isolating the network to prevent unauthorized access to sensitive data and critical resources through one-click containment. This will significantly reduce mean time to resolve (MTTR).
    • The ability to leverage AI-driven guided threat remediation with step-by-step assistance, empowering SOC teams to manage container-specific incidents efficiently, even with minimal expertise.
  • [Public Preview] - Microsoft develops enhancements for Security Operations Center platform
    New updates:
    • Microsoft Defender for Office 365 will be able to identify the attacker’s intent using large language models to more effectively protect against key threats like business email compromise;
    • Expanded Threat Intelligence Platform (TIP) capabilities for Microsoft Sentinel will include support of new STIX objects, threat actors, identities, attack patterns and relationships;
    • A unified experience will integrate insider risk information into Microsoft Defender XDR, unify into a single agent across endpoints, identity protection and operational technical security and enable Microsoft Sentinel to have access to the unified SecOps platform experience;
    • Customers will get recommendations in Microsoft’s unified SecOps operations platform that will help them improve their protection and save costs in their log ingestion;
    • Microsoft Sentinel will be available in Microsoft’s unified SecOps platform to customers who do not use Microsoft Defender XDR.
  • [Public Preview] - Microsoft Defender for Cloud updates will enable proactive approach to security
    New innovations span APIs, containers and AI security posture management and include:
    • API security posture capabilities will be natively integrated into Defender Cloud Security Posture Management (CSPM), providing security teams with visibility and remediation tools to quickly address API-driven app security risks;
    • Container security posture capabilities will help ensure ongoing visibility into vulnerabilities throughout the software development lifecycle; AI security posture management capabilities help security teams discover and map generative AI models and technologies within multicloud environments across Azure OpenAI Service, Azure Machine Learning and Amazon Bedrock.