Microsoft Ignite - November 2021 - Book of News
With another Ignite in 2021, and yet again another Virtual event thanks to the ongoing pandemic, we see another Book of News launched with a load of new announcements. This time I will be focusing on the Security announcements and news.
The link to the Book of News is here- Microsoft Ignite 2021 Book of News
Although only managed to have a brief look through, the key pieces I have pulled out of this are:
Defender for Cloud - Now natively protects MultiCloud
With a large percentage of organisations, especially those in the Enterprise environment categories, Multi Cloud is a key strategy for them, so by Microsoft building out the capabilities to enable the same experience organisations have with managing Azure workloads in Defender for Cloud, Microsoft have extended this to other cloud environments.
What does this mean? Well Microsoft have enabled the ability to easily onboard AWS Environments to Defender for Cloud by removing the dependency on AWS Security Hub, so this enables Cloud workload protection to AWS as well as Cloud Security Posture Management.
The other key thing is the consolidation of the names, so previously referred to as Azure Security Centre and Azure Defender, these are now named Defender for Cloud, to encapsulate the multi-Cloud nature of the toolset.
The key new capabilities are:
- The Ability to assess AWS Configurations against Security Best Practices and Common Regulatory Standards, with out of the box recommendations and the ability to build custom ones.
- AWS Security recommendations being reflected in Secure Score
- Support for Amazon Elastic Kubernetes Services for Workload Protection
- Integration with Azure Purview to enable discovery, classification, tracking and Securing of sensitve information across cloud workloads
Defender for Endpoint Plan 1
A brand-new Defender Plan, to be integrated into Microsoft 365 E3 capabilities as well as being able to be purchased as a standalone offering. The plan aims to provide foundational endpoint security capabilities including:
- Next-generation AntiMalware
- Host Firewall
- Device Control
- Host-Intrusion Protection
Microsoft Defender for Endpoint Plan 1 includes protection for Windows, macOS, Android and iOS
Microsoft Defender for IoT - Enterprise IoT Devices
Microsoft Defender for IoT (formerly Azure Defender for IoT) is an agentless solution that is being extended to discover and secure enterprise IoT devices like Voice over Internet Protocol (VoIP) phones, smart conferencing systems and building automation.
This solution also secures OT and industrial control system (ICS) devices in sectors like manufacturing, energy, water and oil and gas. Microsoft Defender for IoT is deeply integrated with Microsoft Sentinel and Microsoft Defender, and SIEM and XDR solutions.
Identity Governance - Expanded and New Workflow capabilities
Azure AD Identity Governance has been expanded to allow for it to be able to reach more business critical applications including those hosted on-premises and in private clouds.
This allows for organisations to unify their Identity and access lifecycle management to ensure they can keep track of access rights across their entire environment.
Conditional Access Enhancements
The new enhancements have been added to Conditional Access to bolster the zero trust capabilities:
Conditional Access device filters:ย These allow customers to apply different Conditional Access policies on specific devices and exclude or target individual devices or device groups when creating Conditional Access policies
Conditional Access app filters:ย IT admins can tag applications with custom security attributes and apply Conditional Access policies based on those tags, rather than individually selecting apps
Conditional Access overview dashboard and templates:ย IT admins will now have a comprehensive and integrated view of Conditional Access policy gaps and coverage, empowering them to easily manage organizational policies. They can also leverage pre-built templates for recommended Conditional Access policies
Anomalous token and token issuer detections:ย These updates will flag suspicious activities related to token-based authentication
Continuous Accessย Evaluationย (CAE):ย CAE provides more robust securityย by continuous monitoring of each access session and security policy enforcement in real-time if a critical security event is detected
Conditional Access for workload identities:ย This capability will enable IT admins to enforce organizational security policies for workload identities and apps, for example, block access to sensitive resources from non-trusted locations
Microsoft Cloud App Security is now Defender for Cloud Apps
Microsoft have rebranded MCAS to Defender for Cloud Apps to unify the Defender stack and demonstrate their XDR capabilities, with this new functionality has been added to enable the ability to protect the growing need to protect apps and data.
App governanceย now provides additional app behaviour context in Microsoft Defender for Cloud Apps. App governance is a security and policy management capability to monitor and govern app behaviours and quickly identify, alert and protect data, users and apps. Designed to identify anomalous behaviours in OAuth-enabled apps that access Microsoft 365 data via the Microsoft Graph API, app governance uses machine learning models and data access policies to provide actionable insights via reports, dashboards and real-time alerts.
Defender for Cloud Apps also hasย extended the discovery of shadow ITย to MacOSย devices deployed within the environment via integration with Microsoft Defender for Endpoint.
Microsoft Sentinel
To aid overworked security operations teams, significant updates have been made to Microsoft Sentinel across the full security operations lifecycle: These updates include:
More than 100 solutionsย in data collection in a new content hub for easy delivery and deployment of data sources.
User Behaviour Analytics (UEBA) detection modelsย to identify threats based on behavioural anomalies. These can be customized using new Watchlist templates to provide insights relevant to the organization. In addition, expanded fusion can help identify unknowns and correlate them with existing inputs to create prioritized inputs for rapid investigation.
Using Microsoft Azure Synapseย to tap into the limitless power of big data analytics and machine learning models.
Near real-time analytic rules, tuning recommendations and streamlined management/deployment of rules from GitHub and Azure DevOps repositories to improve the efficiency of a security operations center (SOC)