As Microsofts’ annual dev conference Build opened today (May 19 2020), Microsoft announced the launch of the Microsoft Cloud For Healthcare, — a new Microsoft Industry Cloud solution.
Microsoft said that the solution aims to integrate Microsoft Cloud with an “industry-specific data model” “cross-cloud connectors,” and APIs to better help serve the global healthcare industry.
Global capabilities uniting the healthcare industry
The Microsoft Cloud for Healthcare wi bring together capabilities from across many Microsoft Cloud Services 365. This includes Microsoft 365, Dynamics 365, Power Platform, and if course Azure. This will be powered by a common data model which will allow the sharing of data across various applications to provide better analytics. Microsoft say that this will allow health providers globally to provide better services for patients, clinicians and doctors by helping make it easier to deploy resources to the needs of all hospital and care units.
For example, Cloud for Healthcare, will focus on what Microsoft has identified as important needs for the field, like engaging patients, facilitating health team collaboration and improving operational efficiency, all with strict security measures.
Of course, an important component of healthcare is aftercare, where medical professionals need to keep in touch with their patients to follow up on their recovery and any post opp treatment, tools available to do so are generally limited to follow-up phone calls and emails, which are not only tedious but can sometimes not meet security standards or provide the best care.
Microsoft’s Healthcare Bot Service will be available as part of this service, which Microsoft say is behind more than 1,500 instances of COVID-19-based bots that have gone live globally since March 2020. These bots can help alleviate the strain on emergency hotlines for public and provide health providers while addressing common questions that patients might have.
Microsoft has said that a public preview will be coming in coming days and will be free for 6 months for evaluation, with general availability bringing late this calendar year.
Microsoft has also said that although the healthcare industry will be “first served” with the solution, they also promised that more industry-specific clouds solutions will follow.
What do you think.. Is industry specific Cloud solutions a good next step for Microsoft?
Microsoft have announced that any customer using a subscription of a their commercial online services (Azure, Dynamics, Office 365 etc.) can connect all their cloud applications to Azure AD for single sign-on (SSO), and protect this access with multi-factor authentication (MFA) as a huge additional security benefit at no extra cost – other than internal (or partner) resource to configure and test it. Using MFA alone is proven to reduce the attack surface and prevent over 99% of breaches caused by credential theft.
Using SSO reduces the number of sign-in prompts for employees, reduces the number of different user ID and password combinations needed also enables one-click access to the most used line of business applications – and it should make working remotely even easier and more secure – since user access control can be made central – and under the protection and safeguard of Azure AD.
Microsoft has also added several other Azure AD enhancements which will help simplify identity and access management and improve the experiences for all those working remotely – these include the following:
Streamlined identity management
Improve application configuration and security for Azure AD SSO
Seamless and secure collaboration
Safeguard identities with industry-leading security
Another #MicrosoftTeams feature is rolling out (ok so it’s in public preview so pretty much rolled out).
This time is a feature aimed more at front line workers like retail for example who may oy have a mobile phone to access their busienss apps.
Introducing SMS based user sign-in
With SMS based user sign-in, users can simply sign-in with their phone number and receive a code via SMS, which will then log them in (the number needs to be registered against them in Azure Active Directory).
How’s it works?
Worth noting that this is just in preview and is still some key features missing (a key one being this doesn’t yet work with MFA… But it will).
As I mentioned in the introduction SMS-based authentication, lets users sign in without needing to provide, or even know, their username and password. After their account is created by an identity administrator, they can enter their phone number at the sign-in prompt, and provide an authentication code that’s sent to them via text message. This authentication method simplifies access to applications and services, especially for front line workers.
Whilst this will work for any Office 365, it’s primary aim is to help front line workers use and login to Team in mobile device as the illustration below shows
Each user enabled for SMS-sign in must have one of the following Azure AD or Microsoft 365 licenses: – Azure AD Premium P1 or P2 or – Microsoft 365 F1 or F3
Microsoft have clearly detailed a number of limitations which will apply during the public preview including.
SMS-based authentication isn’t currently compatible with Azure Multi-Factor Authentication.
With the exception of Teams, SMS-based authentication isn’t currently compatible with native Office applications.
SMS-based authentication isn’t recommended for B2B accounts.
Federated users won’t authenticate in the home tenant. They only authenticate in the cloud.
To learn more and for instructions in how to active and configure SMS sign in, see the Microsoft supporting information here.
Microsoft’s Azure Cloud and Office 365\Teams collaboration services have seen a significant, in fact colossal, spike in usage over the past week as companies globally continue to deal with an increase in remote workers due to the ongoing COVID-19 outbreak and lock downs that are being put in place to help control the infection rate and curb the impact on the world’s health services like our incredible NHS.
Microsoft said yesterday that in the last week it has seen a 775% increase in the use of its cloud services in regions where enforced social distancing and lock downs have been put in place such as here in the UK, most of Europe and many States in the US.
Microsoft Teams is seeing more than 900 million meeting and calling minutes per day.
Microsoft had previously stated just last week that they was prioritising traffic for critical front line and public services such as NHS as well as also tuning and reprioritising services to cope with this unprecedented demand. This includes prior temporary limits on free offers (outside key workers and NHS for example) to prioritise capacity for existing customers and the downgrading of video in Teams for example to help manage traffic. Microsoft has said that these limits are typically being isolated to regions/locations that are seeing the most demand and that customers impacted can use alternative regions to get around some of the performance hits while they even out and scale out their services to handle the new demands.
Last week, Microsoft has some issues with adding new services to Azure in some regions, including the UK which caused them to “drop below the typical 99.99% success rates.”. This was caused by the huge surge in new Azure Virtual Desktop services being spun up as organisations looked to quickly enable remote desktop to facilitate homeworking after the UK mandated work from home as part of the UK Covid19 lock down measures.
COVID-19 sees huge demand and growth
Microsoft said last week that Teams has “seen a very significant spike” in usage and counted more than 44 million daily users. This week new numbers have revealed that last week they also saw more than 900 million meeting and calling minutes per day.
Windows Virtual Desktop has also seen a 300% increase in the last week with hundreds of thousands of new Desktops being added globally.
Other collaboration platforms like Cisco’s Webex and Zoom have seen similar surges in network traffic tied to the COVID-19 outbreak.
It’s not just Microsoft though…
Microsoft of course isn’t the only Web conferencing provider seeing such growth. Other collaboration platforms including Cisco Webex and Zoom have seen similar surges in network traffic tied to the COVID-19 outbreak.
Cisco has also reported large growth and demand and said Webex traffic from China had increased by more than 2,000% since the outbreak began and that more than 30% of its enterprise customers have reached out for help getting their employees set up to work from home.
Since the start of the outbreak, Microsoft, Zoom and Cisco have made their platforms available for free to most businesses affected by COVID-19 and are having to work relentlessly to expand the capacity of their services to ensure as few disruptions as possible…. All have had growing pains and as the lock downs continue globally, it probably won’t be the last time!
Microsoft sent out warnings last week about an rise in phishing attacks and scare mongering related to the coronavirus outbreak with many cybercriminals playing on people’s fear in order to steal personal data.
Criminal groups have various ways to attack vulnerable people, including malware, but Microsoft have emphasised that “91 percent of all cyberattacks start with email” and almost all are aimed at tricking their targets into handing over their credentials.
Microsoft has a robust set of security and protections servives designed to detect and block malicious emails, links and attachments with Outlook.com, Office 365, Office 365 ATP, Microsoft Exchange, and Microsoft Defender all working in together to protect. These services leverage advanced machine learning, heuristics, and anomaly analysers to detect malicious behaviours in email to try to prevent these landing in user mailboxes and to protect them should they get through and users click on the links.
Unfortunately technology alone will never be 100% foolproof, therefore it’s important for users and for IT to ensure the latest security updates are deployed, services are enabled (a staggering number of organisations have services like Office Advanced Threat Protection for example but don’t use it) and use advanced anti-malware and Endpoint Protection service, such as Microsoft Defender.
MFA is Critical to Identity Protection
If you don’t use multi-factor authentication (MFA) on all of your personal and business Office 365 (and other mail products like Gmail etc.), I’d strongly suggest you enable it and use Microsoft’s Authenticator to protect you.
Combined with Password Self Reset and Risk Based Conditional access MFA can detect and prevent over 99% of phishing attacks by preventing user identities since logins are protected by an additional login authentication step (just like you need to access your online banking).
Education is still key
It’s still important for users to be vigalenr and to educate themselves around what to look for..
Bad spelling and grammar, suspicious links and attachments and emails that look to good to be true, should always raise your suspicions… Even with the extensive protection, if you are suspicious about an email, never click on links or open any attachments, especially those with weird file extensions such as pdf.exe” or “txt.hta”
Cybercriminals (especially now) use urgency and scare as an attack vector. Microsoft warn users about the current trends which should always trigger an alarm:
Threats. These types of emails cause a sense of panic or pressure to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
Spoofing. Spoofing emails appear to be connected to legitimate websites or from your boss, or medical insurer, but take you to phony (often legitiame) scam sites or display legitimate-looking pop-up windows. Always check the website and the Url.
Altered web addresses. A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, “www.micorsoft.com” or “www.mircosoft.com”.
Incorrect spelling or salutation of your name.
Mismatches. The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
What do I do if I get a suspicious link?
If you think you have encounter a suspicious email or website, speak to your IT team. Microsoft also recommends using the built-in tools in Outlook on the Web, on the desktop Outlook app and in the Outlook Mobile app to report suspicious messages.
If you’re using Microsoft Edge, you can also report suspicious sites by clicking the More (…) icon > Send feedback > Report Unsafe site.
While bad actors are attempting to capitalize on the COVID-19 crisis, they are using the same tactics they always do. You should be especially vigilant now to take steps to protect yourself,” the company said today. You can learn more about Microsoft’s recommendations on their Security blog.
The annual RSA Conference brings together 50,000 cybersecurity professionals to connect with peers from around the world to uncover new and better ways to keep the digital world safe. Most of the leading Security vendors are there as you expect. As is becoming the annual norm, Microsoft used this opportunity to being more exciting announcements around its ever expanding offerings and capabilities in security.
Inside Risk Management
Insider Risk Management which has been in preview for a couple of months is now widely available.
The world we work in today with Internet everywhere, multiple devices being carried by employees and a work from anywhere culture means corporate data is likely to be stored or accessed on laptops, tablets phones, and even watches. Where blocking access is not an option, IT need ways to identify, take action on, and prevent insider risks to keep their busienss data safe.
Insider Risk Management (part of Microsoft 365) helps tackle this challenge by gathering signals from across Microsoft 365 and other third-party systems, and then leverages the Intelligent Security Graph Insider Risk and machine learning to identify anomalies in user behavior and flag high-risk activities – enabling businesses to more effectively protect and govern their data.
Communication Compliance, which extends the existing complaince services within Microsoft 365 can be tuned to leverage machine learning to quickly identify and take action on code of conduct policy violations within all company communications channels. This has also just been generally released.
Microsoft Threat Protection
Over the past year Microsoft has been busy consolidating and harmonising all the various theat protection services and standardising the signalling, risk profile and events. In a world where multiple vendor solutions are no longer the recommended approach to provide end to end security, Microsoft Threat Protection helps simply whilst strengthening protection for the enterprise.
Traditionally, Security and IT have an endless list of alerts coming in from multiple monitoring systems and across their network, cloud, data centre and devices , making it almost impossible to link those at speed, recognise an attack, prioritise, and act quickly on the most critical threats or risks.
The unification of Microsoft’s Threat Protection services means that security/IT teams can now get a correlated, incident-level view of threats rather than having to manage and investigate multiple individual alerts from multiple systems.
The key capabilities in Microsoft Threat Protection include:
Investigating threats, automatically (or semi automatically) responding to them, and restoring affected assets to a secured state automatically, while simplifying hunting across the landscape for other signs of attack.
Self-healing compromised user identities, endpoints, and mailboxes, allowing security and IT teams to spend more time focussing on projects and policies by using AI and ML to automate remediation.
Sharing critical threat insights in real time to help stop the progression of an attack.
Azure Sentinel enhancements which are covered below.
Updates to Azure Sentinal
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) solution which allows business of any size to keep pace with the exponential growth in security data, improve security outcomes, and reduce hardware and operational costs.
New enhancements have been announced this week at RSA in San Francisco designed to deliver instant value and increased efficiency for security operations teams. These include
New community rewards (bounty program) for contributions to develop dashboards, orchestration, playbooks etc
New developer guides and APIs along with GitHub code and data collections
Ability to import AWS CloudTrail logs at no cost until June 2020
New security campaign views which gives security teams an all-encompassing view of email attack campaigns targeted at their organisation
New connectors for easier data collection from a wider range of security appliances and services
Security Campaign Views
Campaign views and compromise detectionand response has also been made generally available following a short preview.
This feature gives security teams an all-encompassing view of email attack campaigns targeted at their organisation, along with making it easy to spot vulnerable users or configuration issues that enabled the attack or breach to succeed in the first place.
Early detection and response to compromised users is critical to ensuring that attacks are detected and actioned/remiated as early as possible so that the impact of a breach is minimised.
New Security Awareness Training
Through a partnership with Terranova, a market leader in computer-based training, Microsoft will be including Terranova’s entire phishing-related training set for free for organisations that use or are licensed for Office 365 Advanced Threat Protection Plan 2 (including in Microsoft 365 E5).
This security awareness training, coupled with Microsoft security solutions and risk analytics, will enable and extend Office 365 Advanced Threat Protection to provide a complete solution, encompassing customised user learning paths that enable IT and your compliance teams to create governance around organisational risk and maintain a stronger security posture.
I talk to a lot of customers about Exchange Online and about the need and desire to use 3rd party add on services like backup, DLP threat protection and archiving.
Many don’t realise or are not up to date on the continuous updates and improvements to Exchange Online in particular and it’s unlimited archive feature is just one of the services that could help you save costs and simplify your management. That’s not to say there is never a need for 3rd party complementary services (there is sometimes a use case), but I wanted to highlight the power and extent of this archive feature.
What is “unlimited archiving”
Exchange Online Archiving is an enterprise-class service that assists these organizations with their archiving, compliance, regulatory, and e-discovery challenges while simplifying their on-premises infrastructure, thereby saving costs and easing the IT management overhead. (source:Microsoft)
In Exchange Online, Microsoft provides archive mailboxes which provide users with additional mailbox storage space. Once a user’s archive mailbox is enabled (it’s not on by default), up to 100 GB of additional storage is made available automatically.
Previously, whilst this feature did exist, it was quite hidden away and the only way to active it was to contact Microsoft and request additional storage space for an archive mailbox. This is no longer required and the process is fully automated (if enabled).
This “unlimited archiving” feature called auto-expanding archiving, provides additional storage in archive mailboxes once the storage quota in the primary archive mailbox is reached. Exchange Online then automatically increases the size of the archive, meaning users won’t run out of mailbox storage space and Exchange Admins don’t need to traukt through storage alterts, respond to help desk requests or contact Microsoft to request additional storage for archive mailboxes.
How auto-expanding archiving works
Once enabled, Exchange Online periodically checks the size of the users archive mailbox. When an archive mailbox gets close to its storage limit, it automatically creates additional storage space for the archive. Should this space also run out (now that’s a lot of mail), more space is automatically added to the user’s mail archive meaning now additional management the archive is needed. Here’s how it works.
Archiving is enabled for a user mailbox or a shared mailbox. An archive mailbox with 100 GB of storage space is created, and the warning quota for the archive mailbox is set to 90 GB.
Exchange Online admin enables auto-expanding archiving for the mailbox.
When the archive mailbox (including the Recoverable Items folder) reaches 90 GB, it’s converted to an auto-expanding archive, and extra storage space is added to the archive.
What gets moved to the archive storage space?
The process is fully automatic. In order to make efficient use of auto-expanding archive storage, folders may get moved as part of the archive move.
What items and folders are moved is determined by Exchange Online whenever additional storage is added to the archive. Sometimes when a folder is moved, one or more subfolders are automatically created and items from the original folder are distributed to these folders to facilitate the moving process.
When viewing the archive portion of the folder list in Outlook or Outlook Online, these subfolders are displayed under the original folder.
The naming convention used to name these subfolders is <folder name>_yyyy (Created on mmm dd, yyyy h_mm), where:
yyyy is the year the messages in the folder were received.
mmm dd, yyyy h_m is the date and time that the subfolder was created by Office 365, based on the user’s time zone and regional settings in Outlook.
What about Compliance and Data Governance?
eDiscovery: if your organisation uses Office 365 eDiscovery, such as Content Search or In-Place eDiscovery, the additional storage areas in an auto-expanded archive are also searched.
Retention: When a mailbox is placed “on hold” by using tools such as Litigation Hold in Exchange Online or if an Office 365 eDiscovery case holds and retention policies in the security and compliance center, content located in an auto-expanded archive is also placed on hold.
Messaging records management (MRM): If you use MRM deletion policies in Exchange Online to permanently delete expired mailbox items, expired items located in the auto-expanded archive will also be deleted.
PST Import service: You can use the Office 365 Import service to import PST files to a user’s auto-expanded archivenof up to 100 GB of data.
Can I access my archive at anytime or does need IT input? You can access any folder in thearchive mailbox, including ones that were moved to the auto-expanded storage area.
What about search? Can I search items in the archive? Yep.. But the search process is a little different. You can search for items that were moved these additional storage area but only by searching the folder itself. If the archive folder contains subfolders, you have to search each subfolder separately. This is due to performance and speed since the archive folders are stored on lower tier disks within Exchange Online (well it is an archive).
Can I delete items from the mail archive? Yes, You can delete items in a subfolder that points to an auto-expanded storage area, but the folder itself cannot be deleted manually.
Interested to hear how other Exchange Online Archiving compares and if you see the need for 3rd parties still…?
Microsoft Security. Now a Leader in 5 Gartner Magic Quadrants
Whatever you may have once thought about Microsoft and Security, (I remember the days when security engineers would say that its due to the amount of security holes in Microsoft that they have a job) Microsoft is now a global leader in cybersecurity, and invest more than $1b annually in security R&D as well as processing more than 6.5Trillion security and threat signals per day to protect organisations and further enhance and develop their platform and their customers businesses.
Gartner has now named Microsoft Security a Leader in five Magic Quadrants whichclearly demonstratesbreadth and depth of their security portfolio and depth of integration across their platforms. The leader awards include…
Cloud Access Security Broker (CASB)
Enterprise Information Archiving
Unified Endpoint Management (UEM)
Endpoint Protection Platforms
Gartner places vendors as Leaders who are able to demonstrate balanced progress and effort in all execution and vision categories. This means that Leaders not only have the people and capabilities to deliver strong solutions today, they also understand the market and have a strategy for meeting customer needs in the future.
Given this, Microsoft Security doesn’t just deliver strong security products in five crucial security areas only, as you look across the Microsoft 365, Azure and Dymanics platforms but also across customers in premise and 3rd party cloud providers, they are able to provide a comprehensive set of security solutions that are built to work together, from identity and access management to threat protection to information protection and cloud security.
Their services integrate easily and share intelligence from the 6.5 trillion of signals generated daily on the Microsoft Intelligent Security Graph. Customer thst are bought in to the wider Microsoft Security approach can monitor and safeguard identity, devices, applications and data across their end to end infrastructure and cloud solutions whether that is Microsoft Azure, Amazon Web Services, Slack, SAP, Citrix, Oracle, Salesforce, Google or many many others.
They key to this is their ability (like few others) to unify their security tools, bringing end to end visibility into their customer entire environment all drawn together with their new SEIM platform Azure Sentinel.
Where are the gaps?
There are some… Some of the main ones I see are around
1. Web security and DNS security.. The kind of stuff Cisco does really well with Umbrella for example.
2. Network and LAN segmentation. This is possible in Azure but other than some relatively “old” Network Access Control services in Windows Server, this is also an area Microsoft don’t really play in.
3. Industry Specific scenarios where long (99 year or so) retention policies and archiving is required. These are areas where solutions like Proof Point do really well in my experience.
What others do you see? Interested in your views and comments..
Microsoft Threat Protection now unifies your incident response process by integrating key capabilities across Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security, and Azure ATP which is powered by the #IntelligentSecurityGraph processing and responding to over 6.5 Trillion threat signals per day!
This is just the latest in an ongoing list of updates and features being rolled out across Microsoft 365 and Azure to protect organisations on premises and cloud environment and is a result of their $1billion investment in security each year.
If you have Microsoft 365 E5 you can take a Sneak peak at the new public preview (you need to be an admin or sec admin of course)!
This unified experience now adds powerful new features that can be accessed from the Microsoft 365 security Centre #intelligentsecurity#microsoft365
Microsoft is now top right in the Gartner Magic Quadrant in 6 areas including Cloud App Security Broker, Unified end point management, information protection, data archiving and Endpoint threat protection.
The myth that Microsoft isn’t a security vendor continues… led mainly by the traditional security appliance vendors and organisations that are still predominately on premise and therefore defend their data centre and office perimeters with traditional security blockers.. (sorry that was a bit of a generalist statement and not meant to offend)!
In reality, nothing could be further from the truth. With more than a billion dollar investment in security each year (excluding acquisitions), Microsoft has been recognised as a leader in multiple security-related Gartner Magic Quadrants, the Forrester Wave for Endpoint Security, and by I dependant AV testing firms such as AV TEST, AV Comparatives, and SE Labs in 2019 alone.
Security is built in across everything Microsoft designs, deploys and makes available and I’m proud to work and lead a certified and accredited partner is this space with Gold in Enterprise Mobility and Security competencies.
Take the time to read the reports and I’d love to hear your experiences thoughts and views on where you think Microsoft has its biggest gaps in this space.
Finally, theres some new announcements this week at Ignite to be sure to check these out.. The latest today is the announcment of #safedocuments which adds ATP type protection to Office desktop apps. Rolling over the next couple of month, when a user wants to consider a document “trusted”, Safe Documents will automatically check the file against the ATP threat cloud before it releases the document.