Microsoft has just released a Data Loss Prevention Alert “Dashboard”

Data Loss Prevention (DLP) is used by organisations to define and enforce data protection policies that identify and prevent risky or inappropriate sharing, transfer or use of sensitive information across cloud, on-premise and endpoints within an organisation or establishment.

Until now it was possible to configure alerts, as a part of the DLP policy authoring experience which provide an effective way for admins or compliance officers  to get notified whenever a DLP policy is breached.

Microsoft has now announced the General Availability (GA) of their Data Loss Prevention “Alerts Dashboard” . This latest enhancement provides organisations with the ability to easily and holistically visualise and then investigate DLP policy violations across their entire infrastructure including:

New Alerts Dashboard enhances DLP experience

  • On-premises file shares
  • Exchange / Exchange Online
  • Teams
  • OneDrive
  • Other non msft cloud apps and SaaS apps
  • Devices (where endpoint DLP is used).

The alerts dashboard provides a list view of all of the DLP alerts. The relevant details can then be investigated by simply clicking on an alert. APIs of course exist to allow you to call these alerts from other event management platforms and SEIM products like Azure Sentinel for example.

Microsoft DLP dashboard (April 2021)

Microsoft DLP is of course just part of the comprehensive set of Gartner Magic Quadrant leading Information Protection, Compliance and Governance solutions that are part of the Microsoft 365 E5 (and Microsoft 365 Compliance stack).

Customers can easily sign up for a trial of Microsoft 365 E5 via the admin centre, or by speaking to your Microsoft Partner (like the company I work for at https://www.cisilion.com/microsoft) to get more information, arrange a demo or run a PoC.

More information on this with can be found on the Microsoft 365 blogs here.

The biggest announcements from MSFT Ignite 2021

So, it wouldn’t be a Microsoft event (#MSIgnite) without a handful of “wow” demos, updates, and new products announcement both in preview and GA across Teams, the wider Microsoft 365 platform, Azure, Windows 10 and Power Platform, but without doubt the biggest “thing” to happen at Ignite this year was Mcirosoft Mesh.  Anyway, here’s my 

As in previous years), Microsoft have published their “encyclopaedia” if you like, of Ignite (the #BookOfIgnite ) which covers all the announcements in detail along with links to blogs and tech articles.

This post, on the other hand is a summary of my personal “top 3” announcements across each of the core solution areas. Of course, depending on your role, line of business and priorities, and interests, you will have your own favourites so feel free to let me know yours in the comments.

 

Microsoft Mesh

This stole the show from the moment the keynote started and was without question the biggest news of Ignite 2021. Much of the keynote and later sessions were available to watch live AltSpace VR in both Mixed and Virtual Reality. Mesh is Microsoft’s new Mixed Reality Platform which is designed to allow people who are in physically various locations to join collaborative and shared holographic experiences across many kinds of devices.

The business case for Mesh builds upon the success of HoloLens 2 and is designed (and was highlighted) for organisations to let their teams joined shared virtual spaces for collaborative meetings, where everyone will appear as virtual avatars (reminds me of the holograms in the StarWars). Microsoft say that their target audience is both enterprise and commercial customers. Microsoft Mesh can be accessed through an updated version of AltSpace VR, which is Microsoft’s VR platform. Microsoft Mesh will be coming to HoloLens via a dedicated app and solutions built through Mesh by developers will also be able to be tailored/supported to Windows Mixed Reality, PCs, Macs, Smart Phones, and headsets like Oculus.

Microsoft Teams

Teams Ignite Features
Highlight of new Teams Meeting Features

 

Always needing its very own category, my top 3 in this category are:

1. Improvements for Teams Meetings and Live Events.

    • Teams can now be used to create and run fully interactive webinars for up to 1,000 attendees and will also support webinars with up to 20,000 attendees from later this month. This will also be included for any customer with Office 365 E3 and more without any additional licenses or cost.
    • Dynamic View for Teams meetings will be released next month and is all about ensuring more inclusive and natural meetings for remote/hybrid meetings making them more engaging. Dynamic view uses AI to adjust elements of the meeting to allow for display different modes such as charts, chats, etc next to video feeds as well as an overlay of presenter video and presentation space.
    • Improved privacy and security in meetings – with meeting-only meeting controls and end-to-end encryption in one-to-one calls.
    • PowerPoint Live in Teams is available now. The much-requested feature combines slides, notes, and meeting chat in a single view to help make presentations easier for speakers and presenters and to make them more engaging for attendees.

2. Teams Connect

A new channel-sharing feature coming to Teams “later” this calendar year. This will enable users to share channels with anyone, internal or external. Unlike guest access, the shared channel will appear within a user’s primary Teams tenant, alongside other Teams channels meaning that “multiple organisations can share a single channel” that all members can then access from their own Teams environments. Channel sharing seems is great for scenarios where multiple organisations are collaborating on a specific project for example. Guest Access isn’t going anywhere and is still relevant as this is more suited to situations where an external organisation or person needs broad access to data, meetings, and information, beyond just a specific channel. This is currently in “private preview”.

3. Teams Calling Updates

  1. Direct Routing and Survivable Brach Appliances: With the explosion of customers enabling and migrating to PSTN calling in Teams from traditional IP PBXs, the use of Direct Routing grown 8-fold, Microsoft announced several new certified Session Border Controllers (SBC) for Direct Routing, with 6 new SBCs completing certification in just the past 3 months. Additionally, to add resiliency to the most critical locations, Survivable Branch Appliance (SBAs) are now generally available, enabling PSTN calling in the event an outage does not allow the Teams client to directly connect to Microsoft 365 global services.

  2. Operator Connect Conferencing brings an “operator-managed service” that provides “bring your own operator” for conferencing, meaning customers can keep their preferred operator contracts in place as they migrate their PSTN infrastructure to the cloud. This also allows additional geographic dial-in coverage, enhanced support, and reliability with locally agreed technical support and SLAs. This enters private preview from June, with the initial wave of qualified partners, including BT, Deutsche Telekom, Intrado, NTT, Orange Business Services, and Telenor.

  3. New Cloud Calling Plan Countries were also announced, with Microsoft native calling plans coming to 8 new markets from April 2021 including New Zealand, Singapore, Romania, Czech Republic, Hungary, Finland, Norway, and Slovakia, bringing native Microsoft Teams Calling Plans to 26 markets across the globe.

    Teams Calling Countries - April 2021

Identity, Security & Compliance

1. Identity

Focusing on helping organisations deliver on their Zero Trust strategy including, 

    1. Password-less authentication which is now “generally available” for cloud and hybrid environments meaning customers can move towards a truly password-less world leveraging multi-factor authentication and risk based conditional access to provide just in time, assume breach, challenge everything approach to identify and access management without the need for passwords.

    2. Azure AD Conditional Access now uses authentication context to enforce more granular policies based on user actions across the applications they are using or the sensitivity of data they’re trying to access.

    3. Azure AD verifiable credentials will be in public preview later this month. Verifiable credentials allow organisations to confirm information without collecting or storing personal data, improving security and privacy.

2. Security announcements

A wealth of announcements here as well, all of which will further strengthen, Microsoft’s commitment to deliver the absolute best security protection, detection, and response for all clouds and all platforms:

    1. Azure Sentinel now seamlessly integrates with Microsoft 365 Defender with shared incidents, schema, and user experiences to simplify investigations for a totally aligned view and remediation surface.
    2. Endpoint and Office 365 defender capabilities are now also integrated into the Microsoft 365 Defender portal.

    3. New Threat Analytics experience within the Microsoft 365 Defender portal provides a set of reports from expert Microsoft security researchers designed to help customers understand, prevent, and mitigate active threats, like the recent Solorigate / SolarWinds attacks.

    4. The Secure-core services that are now build into Surface devices (and other leading Windows 10 devices) is also coming to Windows Server and Azure edge devices to help minimise risk from firmware vulnerabilities, attacks, and advanced malware in IoT and hybrid cloud environments.

3. Compliance announcements

    1. Co-authoring of Microsoft Information Protection-protected documents will be available in “public preview” from this week. This in my experience the number one blocker of being able to properly deploy organisational wide information protect across SharePoint sites, Teams, and individual documents since currently (well, prior to this announcement) it was not possible to co-author docs that were encrypted which makes most of the power of Modern Office 365 and co-authoring useless. This feature helps significantly close the gap between security and productivity.

    2. Microsoft Azure Purview was announced in more detail. Purview provides new cross-platform support and deeper insight into data classification and protection across structured and un-structured data across on-premises, data bases, Microsoft Cloud and third-party services including Google and AWS – it’s Azure Information Protection on steroids!

    3. Microsoft 365 data loss prevention (DLP) now supports Google Chrome browsers and on-premises file shares and SharePoint Server as well as SharePoint Online and of course Microsoft’s Edge (Chromium based) browser.

    4. Microsoft 365 Insider Risk Management Analytics was released into public preview.

Power Platform

1. Power Automate Desktop was made free!

This is really really big news for any organisation that is looking, using, or intending to use Robotic Process Automation (RPA).  Power Automate Desktop is a an “attended Robotic Process Automation” solution which is a macro recorder on steroids. You can download it now if you want to try it. It will be available first for #WindowsInsiders to try (built into Windows 10), however it will eventually be rolled out to Windows 10 as a core product (most likely as an optional feature). Until now, a per user for month for the tool would cost about £12 a month. Power Automate currently has circa 400 actions to help build flows across different applications and the best part is that it enables you to build your own scripts to automate time consuming repetitive tasks which saves time and money. Microsoft’s goal here is to “democratise the development for everybody with Power Platform” by making no-code/low-code accessible to everyone not just developers.

2. PowerFX (a new low code programming language) was announced.

PowerFx is a low code programming language that is based on the foundation of the Microsoft Power Apps canvas. What’s great is that since Power Fx is based on Microsoft Excel, it will naturally be a great fit for a wide range of people since it will leverage skills, they “many” already know and becomes a common ground for business users and professional developers alike to express logic and solve problems. Microsoft also said they were planning make Power Fx, open source, making the language available for open contribution by the broader community on GitHub.

3. Dynamics 365 now seamlessly integrates with Microsoft Teams

This ensures conversations, calls, meetings, and chat will be available across dynamics 365 – within opportunities, sales, marketing, finance, and operations.

Windows 10

Windows 10 usually gets a backseat at Microsoft Ignite (as it typically focusses on cloud services and new things), but this year, there were some things which resonated.

1. Power Automate Desktop

As discussed above, Power Automate Desktop was announced and will be free for all Windows 10 users including Windows 10 Home and Pro and not just to Enterprise users. You can read more about this above.

2. Windows 10 in Cloud 

Simply put, cloud configuration is a Microsoft-recommended device configuration for Windows 10, cloud-optimised for users with specific workflow needs. IT admins use Microsoft Endpoint Manager to apply a standard, cloud-based, easy-to-manage configuration of Windows 10 to a selected set of new or existing devices. The configuration works on devices running Windows 10 Pro or Windows 10 Enterprise and may be appropriate for workers who only need a limited number of IT-curated and approved applications to meet their targeted workflow needs. User accounts are registered in Azure Active Directory and devices are enrolled for cloud management in Intune, so they are automatically updated with continuous product and security updates.

Microsoft announced that the newly announced Windows 10 in Cloud has now been integrated into Microsoft Endpoint Manager, which will make it even easier to provide a secure device configuration regardless of the type of worker. Microsoft also made a full “Windows 10 in cloud configuration overview and setup guide” available which is designed to help solution integrators, partners, and internal IT teams to apply a uniform, secure and easy-to-manage cloud-based configuration of Windows 10 Professional or Enterprise devices.

3. New version of Windows 10 Perhaps?

Well maybe! During a Fireside chat session at Ignite, Surface and Windows Lead, Panos Panay “teased” of some major updates and design changes coming to Windows. Windows 10 Insider LogoThese were very much hints and teases than any firm commitments but talked a lot about the fact that Microsoft has not “talked about the next generation of Windows for a while” and that he was “so pumped” for it – ending with “it’s going to be a massive year for Windows.”


Written: 05 March 2021

Microsoft announces $10b in Security Revenue and is leading the battle on the Cyber Security Crisis

Microsoft Security Logo

I first blogged about the sheer size and capability of Microsoft as a cybersecurity giant about a year ago, but last week Microsoft homed in on this as they highlighted the revenue from its various security offerings as part of its FY21 Q2 quarterly earnings.

$10 billion over the last 12 months.

You might think that for a global organisation like Microsoft, that this is just a number, but what is significant is that this amounts to a 40% year-over-year jump in the security and compliance part of Microsoft which means that Security and Compliance now makes up circa 7% of their total revenue for the previous year to date.

In a statement at the earnings report, Microsoft’s CEO, Satya Nadella said “We waited in some sense until this milestone to show the depth, the breadth, the span of what we are doing.” …”there is a lot of work ahead, but we are investing very heavily because guess what? You know 10 years from now we’ll still be talking about it as technology becomes even [a deeper part] of our lives in our society in all critical industries.”

Satya went on to say in the announcement that “What we have built is very helpful in times of crisis and there is a big crisis right now, but you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”

Proven hunters

Back in December 2020, Microsoft’s were the forerunner and lead investigator in the uncovering and closing of the massive global SolarWinds cyber-attack which hit private companies like cybersecurity company FireEye, many leading FTSE 100 organisations as well as UK, US, and other global government agencies (even Microsoft themself were affected).

Microsoft we the “defenders that other defenders were turning to” Microsoft said, they “were working with FireEye and across the public sector and private sector coming together”.

Zero Trust is more important than ever.

Part of Microsoft’s ability to respond to the SolarWinds hack has to do with what the tech and sec industry refers to as a “zero trust” approach to security. This means an organisation needs to continuously adopt an “assume breach” mindset and authenticate and validate access continuously. This is similar in some respects to fight against Covid19 of “assume you are infected”.

For anyone still sceptical about Microsoft as a security player, there is no doubting the giant that they have become. There are of course many “best of breed” products out there to protect against certain services or pillars, but what Microsoft has done well, really well is to have built a “best of suite” which spans not just across Azure and Microsoft 365 but also across pretty much any cloud, hybrid or on-premises apps and services a business uses.

Microsoft’s investment clearly goes far further than just having a good security portfolio, which is substantial when you look at technologies like Microsoft Defender, Sentinel or Azure Active Directory, but it is their ability to take these services, integrate them into all their products and infuse more AI and data signals (almost 7 Trillion a day) than anyone else.

MIcrosoft Security Infographic

Working from home adds to companies’ security needs

The ongoing coronavirus pandemic forced many companies to change how they work and think about work, with their employees now working from home either temporarily or (in many cases) for the foreseeable future in some capacity at least.

This has of course introduced and opened the way for new attack vectors for cyber hackers because the physical layers of security (in person identification and swipe card access for example into buildings), perimeter network security (such as network access control), and the fact that we probably only used “managed devices” meant that IT had a good awareness and grip on control of things like malware or odd user/network activity.

Working remotely changes this for most. When working remotely at home (unless only via a secured VDI), employees are running on their own network (and they aren’t sec admins) often in a false sense of security because “no one will hack my home“, often preventing or inhibiting IT to monitor them without changing their approach and toolsets.

For most (especially if using shared or personal devices), it doesn’t take much for just one person to download malware on their computer at home, then accidentally send that malware to your company’s systems or file shares when they next connect to the network to update a spreadsheet or send a report.

Security must be built in at every single point and can no longer be an afterthought. “There needs to be a real different approach to creating a cybersecurity solution for customers,” Satya Nadella said.

Security Giants

According to Microsoft, they now protect more than 400,000 customers across 120 countries, including 90 Fortune 100 companies. Microsoft currently categorise their security offerings into four pillars:

Security | Compliance | Identity | Threat Management.

This milestone figure of $10 billion comes from the security-related revenue generated by services including Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection.

Microsoft Edge now alerts you if any of your online passwords are leaked!

Password Dialogue Screen

Let’s face it – all of us re-use our passwords across different systems, and most use one password for pretty much everything they online – and whilst these may be secure (and yes, some sites may enforce MFA – that’s something at least), if just one of these sites/company’s get’s breached – then your password is out there!!!

Microsoft are trying to help prevent this – well, at least make sure you know so you can do something about it quickly…

Whilst anyone running Beta or Dev version of Edge have had this for a while, the latest “stable” update to roll out this week, has introduced / released probably of the most important feature to help users (everyone) understand anywhere where their password may have been breached/compromised – not just on their Office 365 or laptop credentials but across any (and i mean) any web site or SaaS service they use in Edge.

Introducing Password Monitor in Edge

Microsoft have released a new feature called Password Monitor (which is included in Edge build 88 and later), which notifies users if any of their saved passwords have been found in a third-party breach.

Edge Password Monitor Graphic

This is done by using password hash comparison (so Microsoft doesn’t actually learn or store passwords anywhere), so users can be assured that neither Microsoft nor any other party can learn the user’s passwords while they are being monitored for breach.

When you turn on Password Monitor, Edge  starts periodically (you can force it too) checking the passwords you’ve saved in the browser against a huuuuuuge database of known leaked passwords that are stored in the cloud. If any of your passwords match those in the database, they’ll appear on the Password Monitor page in Microsoft Edge Settings. and you also get a pop-up notification if new ones are found. What this is basically telling you is that “any passwords listed there are no longer safe to use” and you should change them immediately – pretty damn useful advice for anyone!
 

Why this so important

Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps become the target of data leaks and as i mentioned at the start, whilst the public are regularly cautioned against reusing the same username and password combination for more than one online account, it’s a common practice, which leaves them vulnerable on multiple sites when even one passwords gets leaked. Even if your password is complex – it only takes one site to be leaked and your password and username is out there – its like leaving the front door of your house wide-open.

Leaked usernames and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. If one of your accounts is taken over, you can be the victim of fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities and bear in mind many of these sites allow you to save or store payment information, address information, family information on them – perfect for an identity theft!

Password Monitor helps protect your online accounts in Microsoft Edge by informing you when any of your passwords have been compromised, so you can update them. Changing passwords immediately is the best way to prevent your account from being hijacked.

Enabling Password Monitor

This new feature is not enabled by default. In order to active this, you need to carry out these simple steps

  1. Sign in to Microsoft Edge using your Microsoft account or your work or school account.
  2. Navigate to Settings and more > Settings > Profiles > Passwords.
  3. Turn on Show alerts when passwords are found in an online leak.
  4. Any unsafe passwords will then be displayed on the Password Monitor page.

Screenshot of settings in Edge

If you are signed in and syncing your passwords, Password Monitor is automatically enabled in your browsers – auto enablement

When you first enable Password Monitor for the first time, all your passwords will be checked to see if any of them have been compromised. If any of your passwords match those in the list of known leaked passwords, a notification appears:

 

This notification appears only once each time a new password is found to be unsafe. Microsoft give you two options at this point:  – view the details or dismiss the notification – its ok you can come back to them later. 

 

Responding to notifications

If Edge informs you that a user / password combination has been breached / therefore is no longer safe, can go here to learn more :

Settings and more > Settings > Profiles > Passwords > Password Monitor.

Here you will see a list of all the unsafe passwords Microsoft has found, and then for each account listed on the page you can be redirected to that site to allow you to update and change your password.  If an entry in the list of compromised passwords is no longer relevant (you may have deleted your account for example), you can click ignore – remember though, if just one site is breached and you use that account elsewhere – change it!

Microsoft have provided a nice Q&A and support page for this here: Password Monitor support page.

 

Read More about how Password Monitor works

Password Monitor will be made available to Edge users on a rolling basis so it will not be immediately visible to everyone.

You can read more about how this works and why is such a vital step forward for privacy, security and control of your online life here: Password Monitor: Safeguarding passwords in Microsoft Edge – Microsoft Research

Microsoft Defender now unifies SIEM and XDR

Microsoft Security Logo

At #Ignite2020 (September 2020), Microsoft announced a change to their Security and threat protection with a new, unique approach designed to “empower security professionals to get ahead of today’s complex threat landscape” with fully integrated SIEM and XDR (eXtended Detect and Response) tools from a single vendor so you get the best of both worlds. – much of the summary below is taken from the wider Microsoft Blog.

As part of this, Microsoft are unifying their XDR tech under the Microsoft Defender brand.

“The new Microsoft Defender is now the most comprehensive XDR in the market and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms”.

With Microsoft Defender, Microsoft are both rebranding our existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.

Microsoft Defender is delivered in two main areas,

  • Microsoft 365 Defender for end-user environments and
  • Azure Defender for cloud and hybrid infrastructure.

Microsoft 365 Defender

This delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents, using AI to reduce the SOC’s work items. Microsoft claims this can consolidated 1,000 alerts to just 40 high-priority incidents and that built-in self-healing technology fully automates remediation with a success rate of over 70%, ensuring the SOC can focus on “other tasks” that better leverage their knowledge and expertise.

An image of the Microsoft 365 Defender dashboard.

As part of this, the following branding changes have also been made to the Microsoft 365 security services:

  • Microsoft Threat Protection is now Microsoft 365 Defender

  • Microsoft Defender ATP is now Microsoft Defender for Endpoint

  • Office 365 ATP is now Microsoft Defender for Office 365

  • Azure Advanced Threat Protection is now Microsoft Defender for Azure

As well as the name change, several new features are now also available or coming:

  • New mobile for Apple iOS (now in Preview) and Android support now released. As a result, Microsoft now delivers endpoint protection across all major OS platforms.
  • Extension of the current macOS support with addition of threat and vulnerability management.
  • Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information. 

Azure Defender

Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center and delivers XDR capabilities to protect multi-cloud and hybrid workloads, including VMs, databases, containers, IoT, and more. 

An image of Defender.

Aligned with the Microsoft 365 brand changes, there are also new name changes as well as some new features naturally!

  • Azure Security Centre Standard is now Azure Defender for Servers
  • Azure Security Centre for IoT is now Azure Defender for IoT 
  • Advanced Threat Protection for SQL is now Azure Defender for SQL 

Along with the name change, these new features were also announced: 

  • New unified experience for Azure Defender that makes it easy to see which resources are protected and which need protection.
  • Added protection for SQL servers on-premises and in multi-cloud environments
  • Added protection for virtual machines in multi-cloud
  • Improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
  • Support for operational technology networks with the integration of CyberX into Azure Defender for IoT.

The video below from Microsoft shows how it all works

Video from Microsoft Mechanics on the New Microsoft Defender

 

And finally…. let’s not forget Azure Sentinel

Whilst the XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritised alerts, to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, Microsoft cloud-native SIEM.

Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise.

An image of Azure Sentinel.

You can read the full Microsoft Blog on this here:

“Application Guard” for Office Desktop Apps enters public preview

Image of Office Application Splash Screen

Microsoft has released a new security feature for Microsoft 365 into Public Preview. This new feature, known as “application guard“, has been designed to help prevent risky, malicious, or untrusted files from accessing your trusted resources.

This feature is turned off by default, and it’s currently only available to organisations that have Microsoft 365 E5 or Microsoft 365 E5 Security licenses.

When enabled however, files from the internet and other potentially unsafe (not yet scanned or trusted) locations can contain viruses, worms, or other kinds of malware that can attempt to infect or harm users’ devices and data, in the case of malware, spread to other areas.

With the new Application Guard feature enabled, Office apps will open files from potentially unsafe locations in Application Guard, which is a secure container (in memory) that is isolated and shielded from other applications, device hardware, processes, and system memory through hardware-based virtualisation.

When enabled, users will see a change to the standard Office splash screen on the first launch of an untrusted office document that indicates that Application Guard for Office has been enabled, and that the file is being opened in a secure environment. In addition, the application will also display a visual indicator, such as a callout in the ribbon and the taskbar icon, to inform the user that the Application Guard is running.

Screenshot showing Office Application GuardImage of Office Application Splash Screen

What is nice about this new feature is that unlick the previous “protected mode” which limited editing functions for example and prevented some aspects of the document or excel macros from running, with Application Guard, users do NOT get a compromised experience, meaning they can securely read, edit, print, and save those files without having to re-open files outside the “safe” container.

As I said at the start, this feature is off by default and needs to be enabled by IT admin using a group policy or a CSP entry in your MDM . Details on how to enable Application Guard are provided by Microsoft here

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide

 

 

Cisco Live 2020: “To power an inclusive future for all”

The Cisco Live 2020 keynote yesterday (June 16 2020) followed the same theme as many of the other leading tech vendor events and focussed primarily on the current social and economic climate brought about by the global COVID19 pandemic before touches on new Cisco Webex and Cisco SecureX features which were the core focus of announcements on day 1.

Key Priorities Announced

“Possibilities” was the main theme of the keynote on Tuesday 16th June, in which Chuck Robbins summarised the current climate and demand on technology as the need to reimagine applications, secure data, transform traditional network and data centre infrastructure, and the “empowering” of teams through technology as being more important now than ever. which namely allowed Cisco to ire-introduce and emphasise some of the new core features coming to their Webex and SecureX platforms. 

Outside of this, most of the keynote didn’t focus on new announcements, but openly discussed the chaos that #Covid19 has thrown on the world nicely introducing the keynotes’ main theme – simple “Possibilities”. 

2020 has been a difficult and challenging year,”, “We started out with a new decade with hope, and we never imagined that in June we would have experienced what we’ve experienced this year.” Chuck Robbins, Cisco Live 2020

Chuck Robbins went on to talk about the combination of the COVID19 pandemic, and the fundamental change to business, employees and how we work, combined with the urgency, rapid change in direction and crazy tasks that every organisation has been faced with ensuring the technology, people and business can function from home which has of course been a challenge for many organisations globally. 

One of those big challenges included shifting office workers to a remote work style. This stark change, on top of all of the exterior issues, has taken a toll–both on the enterprise and individuals.” Chuck Robbins, Cisco Live 2020

Additions to Webex and SecureX

Javed Khan, VP of collaboration at Cisco, was next on the virtual stage joined by Gee Rittenhouse, senior VP at Cisco, to discuss some of the new features being added to their WebEx and SecureX platforms.

Webex 

With so many people working from home now and for the foreseeable future due to #COVID19, video and web conferencing use has skyrocketed across all major platforms, namely Zoom, Microsoft Teams and of course WebEx.

By April 2020, Cisco said they were seeing more than 25 billion meeting minutes a month (which was up nearly 3 fold  which is three times the size of the normal monthly average and said that “We have the unique opportunity to use our collaboration technology and our amazing people to help power an inclusive future for all.

We already know the future of Webex (currently in preview) will bring an enhanced experience leveraging what Cisco have called “Cognitive Collaboration” which will deliver insights about upcoming meetings, contacts as well as information about your day to reduce the need to keep flicking between Webex and Outlook.

NewWebEx
New WebEx Preview interface

 

Next, Javed Khan formerly announced the addition of the Webex Assistant, a personal digital assistant that can be used within the WebEx platform to enable handsfree operation and event in meeting administration WebEx meetings. With the Webex Assistant, users can “ask” Webex to record the meeting, take notes, and even send highlights to attendees when the meeting has finished. 

Picture of Cisco WebEx Assistant

Security built in was another focus of WebEx improvement, with extended data loss prevention (DLP) retention, Legal Hold tools for chat and content which is also coming to Webex Meetings. Cisco also announced an expansion to their end-to-end encryption including AES 256 Bit encryption with GCM mode for increased protection for meeting data and resistance against tampering. Security around meetings has of course been very top of mind for many whereby Zoom have had their reputation dented over claims and fears of poor security across their platform. 

Cisco also announced the Webex Desk Pro – an “AI powered” collaboration device that features a 27-inch 4K display, 71-degree HD camera and digital whiteboarding which looks like a cross between a Surface Studio and a Cisco EX device.

Picture of a Cisco WebEx Desk Pro

Cisco said that they would be “doubling down on AI” and that they would be adding even more intelligence into their contact centre solutions, converting customer support agents into “super agents” to ensure that they always have all the all the right information at their fingertips to allow them to solving customer issues faster than ever.  Javed Khan said that the goal of Cisco Contact Centre platform is to “improved customer satisfaction and improved customer loyalty.”

It’s also very apparent that Cisco are going to be dropping the “Webex Teams” name and moving to “Webex App” or simply back to just “Webex” as part of their next update integrations. I think this is a good move as to be honest, customers got confused when Webex Teams simply got Teams, which, let’s face it, every assumed they meant Microsoft Teams!

SecureX Update

From a security perspective, another huge focus for Cisco, Gee Rittenhouse talked about some of the new optimised features within SecureX, which he called 
“the most comprehensive cloud native platform in the industry.”

Gee Rittenhouse continued his explanation of the SecureX platform, stating that “In one place, you can see your entire environment, threats and incidents, and resolve policy changes.” 

Cisco SecureX dashboard

This was followed by a quick demo in which Cisco illustrated how Cisco SecureX customers could directly see all the possible security threats across their network through a single view/dashboard.  They demo showed a “kill chain” explorer view whereby, upon clicking on a particular detected threat, the system generated a relationship graph so that the SecOp team can see everything related to that single threat along the ability to then block it across the organisation with a just couple of clicks. There is also some automation behind this allowing some auto remediation as you’d expect. 

Cisco said they have a huge and growing number of integration partners, and are sharing intelligence and threat protection details with other leading security vendors including Microsoft, McAfee, and many others

Summary

As you’d expect from Cisco – huge focus on collaboration and security which right now is top of mind as many organisations get ready for a quite different future for the time-being at least.

What did you think? Did you attend the conference? What were your key takeaways and what did I miss?

 

Revamped alert page now live in Microsoft Defender ATP

Microsoft have released a completely redesigned alert page in the Microsoft Defender Security Center (which is now in public preview).

The new Microsoft Defender ATP alert page is designed to help security admins more effectively triage, investigate, and take effective actions on alerts. Microsoft say that the changes to the page were guided by customer feedback on how to make the experience better and as a result the new page constructs a detailed alert story with full context which will provides the following:

  • Improved focus – at the forefront so that analysts have less clicks to get to relevant insights.
  • An investigation-oriented approach – alerts related to the same execution tree will appear on the same page, increasing efficiency, and awareness to the investigation scope.
  • Easier to take actions – with necessary actions built into the workflow, doing what you need just became that much faster.
New Defender ATP alert page

To learn more about the new Microsoft Defender ATP alert page, see the Microsoft Defender ATP alert page documentation.

Microsoft “Authenticator app” now lets users change their passwords directly from the app

The Microsoft Authenticator app on Android has been updated and now lets users change security information and passwords right from within the app. This update also lets users view recent sign in activity, such as recent login attempts or changes to their account. This features update bring the android version upto date with the iOS version, which got this update back in May.

With the updated version, users can tap on the account name in the app which then opens a full-screen page for that account’s settings. Here it provides the one-time passcode for second-factor authentication, along with other options such as changing the password, updating security information, reviewing recent activity, and removing the account from authenticator should you wish.

These options are presented directly inside the app in a kind of in-line browser that lets users perform these actions without needing to switch to a browser or make these changes on the web. This works for corporate accounts as well as personal Microsoft accounts such as those with personal Microsoft 365 accounts.

Note: the account management options are not be available to Azure AD accounts as Microsoft want to empower IT admins to choose which options are made available to users from the Authenticator App.

Users can download the Microsoft Authenticator app for Android from the Google Play Store here.

Microsoft announces “Cloud for Healthcare” at #MSBuild2020

As Microsofts’ annual dev conference Build opened today (May 19 2020), Microsoft announced the launch of the Microsoft Cloud For Healthcare, — a new Microsoft Industry Cloud solution.

Microsoft said that the solution aims to integrate Microsoft Cloud with an “industry-specific data model” “cross-cloud connectors,” and APIs to better help serve the global healthcare industry.

Global capabilities uniting the healthcare industry

The Microsoft Cloud for Healthcare wi bring together capabilities from across many Microsoft Cloud Services 365. This includes Microsoft 365, Dynamics 365, Power Platform, and if course Azure. This will be powered by a common data model which will allow the sharing of data across various applications to provide better analytics. Microsoft say that this will allow health providers globally to provide better services for patients, clinicians and doctors by helping make it easier to deploy resources to the needs of all hospital and care units.

For example, Cloud for Healthcare, will focus on what Microsoft has identified as important needs for the field, like engaging patients, facilitating health team collaboration and improving operational efficiency, all with strict security measures.

Sample Health App powered services


Of course, an important component of healthcare is aftercare, where medical professionals need to keep in touch with their patients to follow up on their recovery and any post opp treatment, tools available to do so are generally limited to follow-up phone calls and emails, which are not only tedious but can sometimes not meet security standards or provide the best care.

Microsoft’s Healthcare Bot Service will be available as part of this service, which Microsoft say is behind more than 1,500 instances of COVID-19-based bots that have gone live globally since March 2020. These bots can help alleviate the strain on emergency hotlines for public and provide health providers while addressing common questions that patients might have.

Availability

Microsoft has said that a public preview will be coming in coming days and will be free for 6 months for evaluation, with general availability bringing late this calendar year.

Microsoft has also said that although the healthcare industry will be “first served” with the solution, they also promised that more industry-specific clouds solutions will follow.

Thoughts..

What do you think.. Is industry specific Cloud solutions a good next step for Microsoft?