Enterprise Mobility and Security Blog

RSS

Howdy folks,

Today we’ve got some big news to share!

As many of you know, Microsoft has a strong, ongoing commitment to help customers stay safe in a world with ever increasing threats from cyber criminals. As Satya announced last year and our Chief Information Security Officer (CISO) reiterated today, Microsoft is making huge investments to help our customers stay secure.

Protecting identities is at the foundation of how we secure and manage users, devices, apps, and data with the Microsoft Enterprise Mobility Suite (EMS). In a world of the cloud and devices, we see identity as the critical new control plane for enterprises and believe customers can benefit both from the visibility and insights that come from machine learning applied to vast datasets, and the protection applied at multiple layers to monitor and identify threats.

As we continue to invest in the future, our identity and security technologies are already helping keep our customers’ data protected, for example:

  • Every day we automatically deflect 1.5 million attacks by challenging or blocking fraudulent login attempts across our consumer online services like Microsoft Account and XBOX Live.
  • We identify over 30k compromised user accounts per day, making resulting security reports available to our customers in Microsoft Azure Active Directory Premium (included as part EMS) every day. Azure Active Directory identifies these users through anomaly detection in login activities, as well as through signals contributed by researchers, law enforcement, industry partners, the Microsoft Digital Crime Unit (DCU) and services such as Office 365.
  • Customers are already protecting 4 million users and 6 million devices from advanced attacks every day by using Microsoft Advanced Threat Analytics, which was released only 6 months ago!

Now we are excited to announce a new set of security solutions, Microsoft Cloud App Security and Azure AD Identity Protection that together give you a complete solution for monitoring and protecting enterprise cloud apps.

Microsoft Cloud App Security – General Availability in April

Cloud application usage in the enterprise is exploding. More and more organizations have adopted cloud applications like Box, Dropbox, Salesforce and Office 365 to reduce costs and unlock competitive advantages such as improved time to market and better collaboration.
With this transition, many IT organizations are concerned about storing corporate data in the cloud and making it accessible to users across a variety of mobile devices without comprehensive visibility, auditing and controls.

Microsoft Cloud App Security is a new service from Microsoft that provides IT visibility, control, and security over cloud applications at a level similar to on-premises. With this cloud access security broker (CASB) solution, customers can get the benefits of cloud applications, while gaining insight into user activity, detection of anomalous behavior and compromised accounts, and increased protection over critical company data.

Based on our recent acquisition of Adallom, Cloud App Security is an industry leading cloud – delivered solution built for today’s heterogeneous cloud environments. It works with popular cloud applications such as Box, Dropbox, ServiceNow, Salesforce, Office 365, and more. This cross-cloud approach is a critical part of our strategy as we work to help our customers secure their information across their entire IT estate. We’re excited about this strategy and we’re excited to be partnering with cloud providers like Box to deliver this value:

At Box, we believe in a modern content management and collaboration experience where information can move easily and securely between individuals and organizations and across devices and applications. By working closely with Microsoft Cloud App Security, we’re providing businesses with stronger controls and deeper visibility around their cloud apps, and protecting unwanted access to critical business content.” Roger Murff, Vice President of Technology Partnerships at Box

Microsoft Cloud App Security will be generally available in April 2016. If you are interested in learning more and trying it out when it is available, please visit here.


Fig 1: Microsoft Cloud App Security Dashboard

Microsoft Cloud App Security will also power new advanced security management capabilities for Office 365 that will improve IT visibility and control. These new capabilities include advanced security alerting, cloud app discovery and app permissions. Read today’s Office blog for more information on these new Office 365 security capabilities.

Azure Active Directory Identity Protection – Public Preview next week!

Today we’re also letting you know that Azure Active Directory Identity Protection will go into public preview next week.

As many of you know, phishing attacks and account compromise are major cybercrime risks organizations face today. A single leaked set of credentials can give cyber-criminals an entry point into your environment. And once they have entry, they can perform lateral attacks, look for opportunities to escalate privileges and eventually gain full control of your resources.

We’ve been working for more than a year building Azure Active Directory Identity Protection based on the vision that we could help our customers protect themselves from these attacks. We knew that in order to make this vision real we would need to deliver a world class identity security and protection service, one that harnesses the power of adaptive machine learning, deep security expertise, huge amounts of cloud compute and giant data sets that only a few companies in the world have access to.

Azure AD Identity Protection is the realization of that vision.

Azure AD Identity Protection helps prevent the use of compromised credentials and user accounts using industry leading, machine learning based, real time detection and automatic mitigation, helping protect all of the cloud and on-premises applications our customers use with Azure AD.


Fig 2: Azure Active Directory Identity Protection

To make this happen, our system processes > 10 terabytes of data every day, including information on over 14B authentications from the nearly 1B active users in the Azure AD and Microsoft Account systems. This data is combined with signals from Office 365, Outlook.com, Skype, OneDrive and Xbox. We also add in data feeds from Microsoft’s Digital Crimes Unit and the Microsoft Security Response Center, as well as information we acquire by partnering with law enforcement, academia, security researchers, and industry partners all around the globe.

Then we use all of that data and our world class machine learning to continuously train our detection algorithms so that as cyber criminals change their attack methods, the system evolves to detect and block new emerging attacks patterns. (Of note: Microsoft Advanced Threat Analytics provides you with similar mechanisms to detect attacks for your on-premises environment.)

All this intelligence results in real-time user and login risk scores for every Azure AD authentication request. Azure AD’s Conditional Access system uses these scores to automatically respond to threats by blocking logins, issuing Azure Active Directory Multi-Factor Authentication challenges, or if the evidence is strong enough, requiring the users to change their credentials all based on each organizations unique set of access policies.

All of which gives our customers unprecedented options for better protecting their enterprises from cybercrime. This is some of the most innovative work we’ve ever done in Azure AD and we can’t wait to share all the details with you when we turn on the preview next week!

Julia White (@julwhite) is going to demo Microsoft Cloud App Security and Azure AD Identity Protection during Brett Arsenault’s session at RSA next Wednesday, Mar 2.  If you’re attending RSA we encourage you to attend this session and visit the Microsoft booth to learn more.

We hope you’ll find both these new services useful in protecting your organization from cyberattacks! And as always, we’d love to receive any suggestions or feedback you have.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)                David Howell (Twitter: @David_A_Howell)

Director of Program Management                     Partner Group Program Manager