Microsoft continues its huge investment and expansion of their leading cyber security, threat analysis and response solutions with the acquisition of Milburo, a world leader in foreign threat analysis and research detection services.
They announced via their security blog site that they have entered into an agreement to acquire Milburo, who will be ‘assimilated’ so to speak into Microsoft’s Customer Security and Trust organisation.
Microsoft will leverage Milburo portfolio to help bolster their current threat detection platforms while also expanding their abilities to counter new cyber threats and state sanctioned information operations and attacks. Miburo’s mission statement is to “protect democracies and the free information environment from malign influence and extremism.”
“Working in close collaboration with the Microsoft Threat Intelligence Center, our Threat Context Analysis team, our data scientists and others, the new analysts from Miburo will enable Microsoft to expand its threat detection and analysis capabilities to address new cyber-attacks and shed light on the ways in which foreign actors use information operations in conjunction with other cyber-attacks to achieve their objectives. Miburo has become a leading expert in identification of foreign information operations.”
Tom Burt |Microsoft
The public announcement arrives just a month after Microsoft acknowledged its role in combating many state-sanctioned cyber-attacks and disinformation campaigns aimed at Ukraine by Russia.
Microsoft has unveiled a new “software updates” dashboard in the Microsoft 365 admin center that enables IT to get a simple, unified overview of the installation status of Windows and Microsoft 365 app updates across all their devices. This is currently in preview.
“Keeping devices current with the latest security updates is an important part of an IT admin’s role. The software updates page in the health section of the Microsoft 365 admin center provides a high-level summary view that informs you of devices that may be behind on taking the latest updates released by Microsoft. “
The software updates page now has a new tab that shows Windows update status and end of service statistics. These charts provide information about all the Windows devices running unsupported versions of the Windows as well as those that reaching the end of support.
There is a separate tab which provides update status for Microsoft 365 Apps.
This new dashboard currently only provides update status for Microsoft 365 apps and the core Windows OS, but they plan to expand this in the future to cover critical on premises servers such as Exchange.
There is currently no ability to drill down into the non compliant devices. To do this you need to head the Security pane or Microsoft Endpoint Manager but I suspect this will be linked by the time it comes out of preview.
Windows Autopatch, a service to automatically keep Windows and Microsoft 365 up to date in enterprise organisations, has now reached public preview. When officially released (GA), it will be included Microsoft commercial customers with a Windows Enterprise E3 license or higher.
In short, Windows Autopatch automatically allows organisation to shift the management and deployment of Windows 10, Windows 11 and Microsoft 365 Apps including quality and feature updates, drivers, firmware to Microsoft.
What’s the purpose?
Essentially this aims to take the nightmare out of the age-old “patch Tuesday” and promises to be a great time saver for IT admins. With Autopatch, IT can continue to use their existing tools and processes for managing and deploying updates to devices OR can look to phase in or replace this in entirety and with this new “hands off” approach and let Windows Autopatch take care of security, driver and firmware updates.
“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations. By joining the public preview, you’ll be able to get comfortable with Windows Autopatch and ready your organisation to take advantage of the service at scale”.
Lior Bela | Senior Product Marketing Manager | Microsoft
The main purpose of Windows Autopatch is moving the update orchestration burden from the IT department to Microsoft. Once deployed, configured and tested, Autopatch should allow the entire effort around planning and managing the Windows Update process (sequencing and rollout) to be taken away from IT freeing up time and resources.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate,” Bela added.
“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate.”
Lior Bela | Senior Product Marketing Manager | Microsoft
How to enable Autopatch
Windows Autopatch devices must be managed by Microsoft Intune for this to work and Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.
As you’d expect, there are a handful of steps needed to enable the preview and to enrol your Microsoft 365 tenant into the Windows Autopatch public preview:
Log on to Endpoint Manager as a Global Admin and navigate to the Windows Autopatch blade which is under the Tenant Administration menu – this will only be visible if you have the right licenses deployed.
Using an InPrivate browser window, redeem your Autopatch preview code
Run the readiness assessment, add the required admin contact, and add the devices you want to enrol in the service.
Tick the box, to allow Microsoft to manage updates on behalf of your organisation.
Microsoft also provides detailed instructions(and video) on how to add devices to your test ring and how to resolve the status of “tenant not ready,” or a status of “device not ready” or “device not registered.”
How Autopatch works
The Windows Autopatch service automatically splits your organisation’s device estate into four groups of devices described by Microsoft as “testing rings”.
Test Ring: Contains a minimum number of devices for test purposes
First Ring: Contains ~1% of all endpoints (think of this like the early adopter ring)
Fast Ring: Contains ~9% of devices
Broad Ring: Contains the rest of the devices.
The updates are deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period in which the system and IT can monitor device performance and compare it to pre-update metrics through End Point Analytics.
Autopatch also features a nifty, feature called “Halt and Rollback” that block updates from being applied to higher test rings or rolled back automatically. This is key for critical dates or projects which may be impacted by updates or where quality errors are detected in the Test Ring updates.
What about Patch Tuesday and Critical Updates?
Microsoft will continue to deliver monthly security and quality updates for supported versions of the Windows on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date. These will be delivered by Autopatch also.
For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.
Any updates addressing a critical vulnerability, such as Zero Day threats, will be expedited by Windows Autopatch with a aim to patch all devices immediately.
Microsoft has just announced “Entra“, which is the latest “family of products” and joins their other suites alongside Priva and Viva.
Entra brings together all of Microsoft’s identity and access products and services and includes Microsoft Azure Active Directory (Azure AD), as well as their Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity services.
Identity is one of the biggest cornerstones for cybersecurity.
Microsoft Entra aims to help simply the way organisations approach and accomplish attack surface reduction in the multicloud, hyperconnected world by filling the biggest and most critical gaps. It does this by:
Protecting access to any application or resource for each and every user
Secure and verify every identity across hybrid and multicloud environments
Discovering and governing permissions in multicloud environments
Simplying the user experience with real-time intelligent access decisions.
Microsoft Entra embodies our vision for what modern secure access should be. Identity should be an entryway into a world of new possibilities, not a blockade restricting access, creating friction, and holding back innovation. We want people to explore, to collaborate, to experiment – not because they are reckless, but because they are fearless.
Entra works with the majority of all cloud platforms, including Azure, AWS, Google Cloud, as well as other Microsoft apps and websites.
To find out more, visit the Microsoft Entra website to learn more about how Azure AD, Microsoft Entra Permissions Management, and Microsoft Entra Verified ID deliver secure access for our connected world.
Microsoft’s security business is growing faster than any of their other mainstream products and services, and today they announced they will be adding three new services designed to help organisations spot and respond to cybersecurity incidents.
Here’s the TL;DR version.
Microsoft are bolstering their security services offerings to go along with its technology products and partners.
Security is the fastest-growing broad product category for Microsoft.
Microsoft are increasing annual research and development spend in cybersecurity from $1 billion to $4 billion (more than any other security vendor anywhere).
The new services will see Microsoft’s own cyber security experts providing hands-on, proactive threat hunting for organisations unable to fully build out their own SOC due to the global security skills shortage and cost.
Keep reading to learn more…
This new announced investment comes as we see increasing reports from industry analysts on the continued increase in cyber security budgets globally as organisation continue to invest in protecting against the ever-increasing threat of ransomware attacks, identity theft and network hacks.
Attacks are getting smarter and more targeted
Cybercrime attacks are continuing to rise and get increasing sophisticated, costing the world’s businesses $6 trillion USD last year, with that number expected to rise to $10.6 trillion in 2025.
According to Microsoft, “most human-operated ransomware attacks share some common traits, as attackers take advantage of an organization’s reliance on legacy software configurations or poor “credential hygiene” to gain entry into systems, and once in to find privilege escalation points to move through systems and carry out attacks.“.
Whilst identity hygiene is improving many organisations still do not get the basics right with poor identity protection, lax controls, no (or patchy) MFA and a disjointed and fragmented approach to security rather than a Zero Trust ‘defence in depth mindset’
“Guarding single points of entry is not enough anymore, and a system or systems of managed extended detection and response (MXDR) is helping to help companies take a step back and look to guarding overall systems rather than focusing on locking down network ports or domains etc. “, Microsoft said in their latest security blog.
What is Microsoft Security Experts?
Microsoft Security Experts is a newly announced set of human, AI and software led services they will offer to organisations which will provide managed security services without them needing to build everything in house.
Whilst just the start, the three new security managed services include Defender Experts for Hunting, Defender Experts for XDR, and Security Services for Enterprise.
Microsoft Defender Experts for Hunting.
This involves Microsoft Security engineers hunting and altering organisations of issues they proactive hunt in clients’ devices, Office 365 productivity software installations, cloud apps and identity platforms programs.
This will put Microsoft into a more direct competition with pure-play security software companies such as CrowdStrike.
Cost is circa $3 pupm.
Microsoft Defender Experts for XDR.
This is a more people intense service that will see Microsoft Security Experts helping organisations act on threats. Microsoft say that this type of work is typically done by a variety of different organisations today, including the big four accounting firms.
Cost is $14 pupm.
Microsoft Security Services for Enterprise
This service includes an even broader set of people-driven services.
It aims to be more specific and customised to the needs of large enterprise organisations.
It’s set to help elevate the global security skills and people challenge which affecting almost every organisation.
Costs are bespoke to each organisation.
Microsoft and Security
Security is already a $15 billion annual business for Microsoft, and in 2021/22 it has increased faster than any other significant product or service that Microsoft sold – up 45% YoY.
Microsoft is of course no new kid on the block when it comes to cyber defence, and last year blocked over 9.6 billion malware threats and 35.7 billion malicious emails as well taking down several huge state nation attacks.
Microsoft believe that they are uniquely positioned to help their customers and partners do more to meet today’s security challenges. “We secure devices, identities, apps, and clouds—the fundamental fabric of our customers’ lives – with the full scale of our comprehensive multicloud, multiplatform solutions. At Microsoft, we understand today’s security challenges because we live this fight ourselves every single day“.
Microsoft’s CEO Satya Nadella had already announced last year that their annual cyber security research and development spending is increasing to a staggering $4 billion, up from an already huge $1 billion.
What about the role of the Microsoft Partner?
Details are still emerging about how partners that sell security consultancy, enablement, training and of course managed extended detections and response (XDR) will be able to leverage these and build on their services.
Microsoft has said in their Yammer partner community site that they will be making a whole new set of investments in partners to help advance (or build) their managed extended detection and response (XDR) services business.
According to Gartner, demand is on a fast growth trajectory, and more than 50 percent of organizations will be using managed detection and response (MDR) services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities by 2025.
Microsoft say that their Partners will play a critical role in addressing this incredible customer demand.
Today (May 3rd 2022) Microsoft formally announced the general availability of the standalone version of Microsoft Defender for Business.
Why should I care?
Well firstly, it’s a myth that smaller organisations are not targeted and attacked. Security continues to be an increasing challenge for small and medium businesses with a more than 300% increase in ransomware attacks alone in the past year alone, leading to increase cost in time and money, whilst pulling you away from doing what matters most – running your business and making money.
As an example, the solicitor I was personally using last year for a house purchase was victim of a cyber-attack in September last year and it took them almost 3 months to get back on their feet which cost them loads of business – including mine!
In addition, according to a report commission by Microsoft – over 90% SMB organisations admit to buying “bad” endpoint security (which means it is below par, nor is it integrated into their wider security portfolio).
What is Defender for Business
Microsoft Defender for Business brings enterprise-grade security to smaller and medium sizes businesses (SMBs), including world-class endpoint detection and response capabilities.
Microsoft position this as “the solution for the new Hybrid Workforce”. As employees increasingly work across a mix of different devices and locations, Defender for Business delivers end-to-end security and moves beyond traditional end-point anti-virus, with their cloud connected, AI-powered service that is backed by trillions of daily signals, bringing enterprise grade, real time detection of known or trending threats including zero-day attacks and ransomware.
Microsoft Defender for business is part of the wider Microsoft 365 Defender family – a unified pre- and post-breach enterprise defence suite which natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
Reduce your vulnerability with Defender’s risk-based management approach
Help eliminate risks by reducing the surface area of attack
Protect against cyberthreats like ransomware and malware
Detect and investigate advanced persistent attacks
Automatically investigate alerts and helps respond to complex threats
Here’s how it works
If you think of your business as like you might think about your own house, we can use this simple by effective analogy:
Threat and Vulnerability Management is like a proactive police/crime assessment – looking at your doors and windows for potential weaknesses. It’s a risk prevention approach to vulnerability management that reduces threats before they grow into serious problems.
Attack surface reduction works by making sure the windows are locked, and only the right people have keys to the front door. This helps minimise risk by reducing the attack surfaces open across your devices.
Next Generation Protection acts as the lock for your front door. It helps to stop the things you don’t want to enter, from file-based and fileless malware, to spyware.
Endpoint Detection and Response is like a security camera system, helping you see and record an intruder in the building. Defender’s advanced tools then sets off the alarms, allowing you to respond directly to the problem, device, or file.
Auto Investigation and Remediation is like your smart alarm system, calling the authorities and taking the intruder away. Defender for Business automatically investigates alerts and helps remediate complex threats, acting as your personal security analyst, working 24/7 to protect your business.
In short, Microsoft Defender for Business looks across your environment, multiple activities, devices, and users and then aggregates your alerts into a single incident making it easier for you (or your IT Services partner) to manage and respond to threats before they impact your business.
How does it compare to Defender for Enterprise?
Defender for Business provides the same premium protection at endpoint level for SMBs as it does for Enterprise organisations – the only difference is the price point and simplified management. The table below, shows the main differences.
How do I get it?
All these features and more are available as part of Microsoft 365 business premium plan or can be purchased (if you are not a Microsoft 365 subscriber) as a standalone application.
Speak to your Microsoft Partner or CSP license provider in the first instance. They can probably also help you quickly get started and set it up..
Defender for Business is already included as part of Microsoft 365 Business Premium – Microsoft’s comprehensive security and productivity solution for businesses with up to 300 employees (or as part of a blended licensing approach). Microsoft Business Premium costs just £16.50 per user per month.
You can (from today) also purchase Defender for Business as a standalone solution for just £2.75 per user, per month and what’s more support for On-Premises and Cloud Hosted Servers for SMB is also coming later this year.
Microsoft has launched their first Cyber Signals, a new quarterly cyber intelligence brief that highlights the latest cyber security threats, tactics, and strategies and is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers and other senior security opps teams.
The brief is built using Microsoft’s extensive threat and data and research which leverages insights from more than 24 million security signals as well as intelligence data mined from the monitoring of 40 nation-state groups and over 140 threat groups. Microsoft has focused the first edition specifically on identity, which they believes is “the battleground for security” and the biggest weakest link in most organisations security posture.
In the briefing, Microsoft state that “Our identities are made up of everything we say and do in our lives, recorded as data that spans across a sea of apps and services. While this delivers great utility, if we don’t maintain good security hygiene our identities are at risk. And over the last year, we have seen identity become the battleground for security.“
Perhaps the biggest point raised in this Cyber Signals report is the worrying low adoption of strong identity authentication across organisations. This includes multifactor authentication (MFA) which are proven to reduce the risk of compromised identity by 99.9%.
Here are they key highlights from the report.
Only 22% of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021.
Microsoft Defender for Endpoint blocked more than 9.6 billion malware threats targetting enterprise and consumer customer devices
From January 2021 through December 2021, Microsoft blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.
The full brief also examines how nation-states are using spear phishing attacks and targeted social engineering to obtain passwords and other sensitive data. It also details the latest Ransomware attack trends and how they are being along with guidance and recommendations for how to stop the attacks.
Much of the research explained by leading security chiefs including Christopher Glyer – the principal threat intelligence lead at the Microsoft Threat Intelligence Center which employs nearly 4,000 security experts and threat hunters.
As of today (14th Jan 2022) Microsoft Defender for Endpoint Plan 1 is now included within Microsoft 365 E3/A3 licenses.
Microsoft Defender for Endpoint (Plan 1) extends Microsoft 365 security by including world class threat and attack prevention capabilities to help you deliver against your Zero Trust strategy, reduce cost (by negating the need for additional products) and simplifies security management.
Defender for Endpoint Plan 1 includes the following key features (among others).
Next generation, born in the cloud, antivirus, anti malware and anti ransomware protection that leverages all the intelligence of the Intelligent Security Graph to help keep users endpoints secure and protected.
World class attack surface reduction capabilities that harden the device, prevent zero day attacks, and provide granular control over access.
Device based conditional access which leverages Azure AD and the Intelligent Security Graph to provide additional layers of protection and breach protection and forms a key part of your Zero Trust Security architecture.
Microsoft Defender is a Top right Magic Quadrant leader for Endpoint Protection.
What’s included in Defender for Endpoint Plan 1
The following diagram from Microsoft illustrates the key services and features included within both Plan 1 (now part of Microsoft 365 E3 and A3) and Plan 2 (part of Microsoft 365 E5 and A5 or available as an add-on).
Microsoft Defender for Endpoint Plan 1 supports client endpoints running Windows 7 with Extended Security Updates, 8.1, 10, 11, macOS, Android, and iOS.
What about Plan 2?
Microsoft say that Plan one provides a strong baseline and leading edge protection against modern day, zero day and every advancing threats.
For the complete set of endpoint security capabilities, as shown above, Microsoft advise that organisations strongly consider Microsoft Defender for Endpoint Plan 2.
“Plan 2 builds on Plan 1 and provides a best in class EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities which which combined with the wider Microsoft Defender suite provides seemless, integrated and cross architecture protection”.
To find out more, please refer to the official Microsoft documentation.
As a continuation of Microsoft’s standardisation and integration of their security products across Microsoft 365 and Azure, several other products have now “completed” the name change branding to “Defender” in line with others which moved across earlier this year.
This is the currently “Defender” line up as of Dec 2021.
Microsoft Cloud App Security (MCAS)
Microsoft Defender for Cloud Apps
Microsoft Threat Protection
Microsoft 365 Defender
Microsoft Defender Advanced Threat Protection
Microsoft Defender for Endpoint
Office 365 Advanced Threat Protection
Microsoft Defender for Office 365
Azure Advanced Threat Protection
Microsoft Defender for Identity
Azure Defender for IoT
Microsoft Defender for IoT
Azure Security Center + Azure Defender
Microsoft Defender for Cloud
Azure Defender for Storage
Microsoft Defender for Storage
Name changes for Microsoft Security Products – Dec 2021
Microsoft’s comprehensive and extensive range of security products and suites are designed to protect organisations from threats across devices, identities, apps, email, data, and cloud workloads.
Microsoft Sentinel is a cloud-native SIEM tool; Microsoft 365 Defender provides XDR capabilities for end-user environments (email, documents, identity, apps, and endpoint); and Microsoft Defender for Cloud provides XDR capabilities for infrastructure and multi-cloud platforms including virtual machines, databases, containers, and IoT.
I feel I must congratulate Cisco on the annoucement of their new partner and customer centric Enterprise Agreement.
Simple and Inclusive
This looks and feels like one of the simplest yet powerful subscription based licensing programmes in the channel… at a time when “other” major vendors seem to be struggling to get a model right that is fair and offers value to both customer and partners regardless of size.
Consistent across their solution portfolio
When fully available in early 2022, Cisco will make their full portfolio of services available through a single agreement rather than the current multiple EAs with different terms, rules and portals they have today. Instead the EA will cover all five of Cisco’s solution areas – application infrastructure, networking infrastructure, collaboration, security and services.
Helps make it easy for customer to buy solutions across the stack
This new EA will dramatically simplify purchasing and selling as it creates one program and one experience for everything Cisco do and aligned to their product portfolio.
For example, Cisco has been beating the drum hard with the concept of “full stack observability”, which is growing in importance in this multi-cloud centric, highly mobile and hybrid world.
To make this a reality, customers, need to buy products across multiple technology and solution stacks, including services like AppDynamnics, ThousandEyes, Intersight etc., but this new should make it much easier for partners to sell and for customers to buy.
Microsoft has made a giant leap forward in making your online world more secure by making passwords optional for personal MSA accounts like your personal Office 365 account/Hotmail etc.
It’s no secret, that Microsoft is actively striving to make passwords a thing of the past by supporting passwordless accounts. Microsoft already have support for passwordless sign in for commercial Microsoft 365 users as well as personal (MSA) accounts, but is taking this a step further by allowing the password to be totally removed!!!
Beginning today, you can now completely remove the password from your Microsoft consumer account. Use Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favourite apps and services, such as Outlook, OneDrive, FamilySafety, and more.
Vasu Jakkal | CVP of Microsoft Security
How is passwordless more secure than MFA?
Firstly, Microsoft isn’t alone in their view here with both Facebook and Google also starting to actively champion the “death of the password” which is typically the weakest link in online account security since it’s often compromised stolen or phished. Lets face it, nobody likes passwords as we have to create evermore complex and unique passwords, remember them, and change them frequently (and of course use different ones across different sites).
In a blog on the topic today, Microsoft said that they “have heard great feedback from our enterprise customers who have been on the passwordless journey with us. In fact, Microsoft itself is a great test case — nearly 100% of our employees use passwordless options to log in to their corporate account.”.
In order to make your MSA account totally passwordless, you need to ensure you have and are using the Microsoft Authenticator app on your phone and ensure it’s set-up to use Muti-Factor Authentication.
Once this is working, you can then go to https://account.microsoft.com , sign in, and then navigate to “Advanced Security Options”. Once here, you should now see a subsection called “Additional Security Options” where there will be a “Passwordless Account” option, which you can turn on.
It is unknown if or when Microsoft will remove passwords all together and at the moment, you can still re-add a password for your Microsoft account if you want/need to.
Microsoft have announced that real-time co-authoring support for encrypted documents (which has been in preview for a while) is now generally available. Co-authoring is a feature that allows users to collaborate on documents across Word, Excel, and PowerPoint for example, but it only worked on files that weren’t protected with encrypted….. until now.
“With Microsoft 365, when sensitivity labels are used to encrypt Word, Excel, or PowerPoint documents, multiple users can now edit these documents in real-time with AutoSave, empowering teams to do their best work while maintaining protection across the document lifecycle,” Paras Kapadia, Principal Program Manager for Office 365 explained.
Co-authoring support for protected files is supported now on the Web, Windows and Apple Mac clients and willbe coming to iOS and Android “soon“.
You must “enable it” to enable it!!
It’s worth noting that unlike many Microsoft 365 features which are “on by default”, organisations who want to use co-authoring on protected documents need to enable this in the Microsoft 365 Compliance Center.
Microsoft also provide full guidance for admins on how to do this here. Please note: once enabled, you need to contact Microsoft support should you want/need to turn this off for any reason.
Microsoft have announced a more cost effective endpoint protection plan for Microsoft 365 and Windows customers. Named Microsoft Defender for Endpoint P1 this provides comprehensive threat prevention and protection for any endpoints including those running Windows, macOS, Android, and iOS and will be included for free in Microsoft 365 E3/A5 SKUs.
The existing Microsoft Defender for Endpoints SKU will become Defender for Endpoints Plan 2 and is the version currently included in Windows E5 and Microsoft 365 E5.
Microsoft say that this new solution “will make it easier for more security teams across the globe to buy and adopt the best of breed fundamentals of Microsoft Defender for Endpoint” and will provide generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI are some of the capabilities of this new plan.
The endpoint remains one of the most targeted attack surfaces as new and sophisticated malware and ransomware continue to be prevalent threats and it’s not slowing down. Ransomware in particular continues to persist and evolve, financial damage continues to increase, and the impact is felt across numerous industries.
Over the last year, Microsoft have seen more than a 120% increase in organisations who have encountered some form of ransomware attack as shown in the graphic provided by Microsoft.
Microsoft are keen to ensure they provide “security for all” and this comes just days after a commitment with Biden to invest more than $20billion in security over the next 5 years.
Microsoft claims they already provide best of breed, multi-platform, and multi-cloud security for all organisations across the globe and their integrated suite of security and threat protection and remediation services provides simplified, comprehensive protection that prevents breaches and enables our customers to innovate and grow.
Microsoft say that “as part of that commitment, we’re excited to offer a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android, and iOS at a lower price in a new solution to be named Microsoft Defender for Endpoint Plan 1 (P1) which will also be included in Microsoft 365 E3 for free.
Licensing and Pricing
The great news is that “Plan 1” will be included in Microsoft 365 E3 /A3 at no addition cost and will be a made available as a low cost add-on for other SKUs. Microsoft 365 E5/A5 will continue to include Defender for Endpoint “Plan 2”.
This is currently in public preview, meaning you can sign-up for it for free for 90 days now. After the 90 days is up, you can buy this from your friendly Microsoft CSP or licensing partner. Customers already of Microsoft 365 E3/A5 will get this for free once released for General Availability (within the next 90 days) and will then be able to enable/user the service.
Plan and Plan 2 compared
The diagram below shows the extent of the threat protection and remediation services offered by Microsoft Defender for Endpoints.
Plan 1 is aimed at organisations looking for mainly endpoint protection (EPP) where you get best of breed fundamentals in prevention and protection for all your client endpoints. It includes next generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI. Finally, it includes access to the Microsoft 365 Defender security experience to view alerts and incidents, security dashboards, device inventory, and perform investigations and manual response actions on next generation protection events.
Plan 2 is aimed at most larger enterprises who need full endpoint detection and response (EDR). This builds on Plan 1 and provides full EDR capabilities to further prevent security breaches, reduce time to remediation, and minimise the scope of attacks with vulnerability management, endpoint detection and response, fully automated remediation, advanced hunting, sandboxing, managed hunting services, and in-depth threat intelligence and analysis about the latest malware campaigns and nation state threats.
The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.
You can sign up for the preview using the link here, and Microsoft have provided a detailed blog which goes into more detail than have shared above also provide a simple walk-through for admins and sec ops.
You can also read the latest Gartner report which details Industry leading security capabilities.
MICROSOFT and Rubrik (a US-based, Gartner leading data backup and protection company) have announced a new strategic partnership which will see them working together to providing Zero Trust data protection to help organisations protect and mitigate against the rising threat and risks of ransomware attacks across cloud and hybrid cloud environments, including or course Azure and Microsoft 365.
This work will address the rising customer needs to protect against surging ransomware attacks, which are growing 150% year on year.
As part of the partnership, Microsoft has also made an equity investment in Rubrik.
Who are Rubrik?
Rubrik work with enterprise customers, helping them protect and recover from ransomware attacks, automate data security operations, and transition data from on premises data centres to the cloud.
Like Microsoft, Rubrik takes a Zero Trust approach to data management, which follows the NIST principles of Zero Trust. Zero Trust is based on the concept of “never trust, always verify.” In practice, this means that access to any resource within the network must be subject to specified trust dimensions, or parameters. Failure to meet these parameters results in denial or revocation of access. This is in complete contrast to previous security models thatassumed implicit trust within the network perimeter.
Rubrik said in an annoucement that;
“As the pioneer of Zero Trust Data Management, Rubrik is helping the world’s leading organizations manage their data and recover from ransomware. Together with Microsoft, we are delivering tightly integrated data protection while accelerating and simplifying our customer’s journey to the cloud.”
Bipul Sinha | Co-founder and CEO |Rubrik
The better together story
Rubrik and Microsoft are already partners and according to Microsoft in their press statement, have been working together with over 2,000 mutual customers using Azure across six continents. In a press release announcing this new strategic partnership, Microsoft said that “the two companies will be providing Zero Trust data protection for hybrid cloud environments, including Microsoft 365“.
“End-to-end application and data management is critical to business success, and we believe that integrating Rubrik’s Zero Trust Data Management solutions with Microsoft Azure and Microsoft 365 will make it easy for customers to advance their Zero Trust journey and increase their digital resilience. ”
Nick Parker, Microsoft CVP Global Partner Solutions.
Summary and Thoughts
The data backup and recovery market is a big and crowded marketplace with leading companies like Veeam, Acronis, Veritas, ArcSerce, Commvault etc, making data backup and recovery their market and currency.
Microsoft uses a “shared responsibility” model for data and availability in that they take responsibility for the services being available, online and resilient, but it’s up to the customer delivered online to govern, secure, backup, and maintain their data and content which has been where the traditional backup and recovery vendors have stepped in.
This investment could signal a new longer term area of focus and growth for Microsoft which could put pressure on the other vendors in this space especially if Microsoft now have a vetted interest to have a “preferred” partner / vendor for data protection and recovery.
What do you think?
Do you work with or use Rubrik for data protection? How do you see this playing out. Good or bad for the market?
Microsoft 365 now has “Safe Links” protections across Microsoft Teams for any organisation that uses Microsoft Defender for Office 365 (formally Office 365 ATP).
What is Safe Links?
Safe Links is a feature of Defender for Office 365 that scans URLs clicked by end users to check for malware and malicious or phishing sites in real time.
Safe Links was first introduced in 2015 (for just Exchange Online at the time) and was originally used to “detonate” links in e-mails to detect malicious payloads. Safe Links was subsequently added to Microsoft 365 applications, as well, such as PowerPoint and Word.
With the latest update and expansion across Microsoft 365, Safe Links now provides transparent, integrative and native intelligent protections against malicious links in conversations, group chats and channels chat across Microsoft Teams.
Enabling the feature
This can be configured in the Microsoft 365 Defender portal. Detailed instructions can be found here
As with SafeLinks across the other Office services, admins can add exclusions and trusted sites if needed.