Microsoft adds SafeLinks protection to Teams

Microsoft 365 now has “Safe Links” protections across Microsoft Teams for any organisation that uses Microsoft Defender for Office 365 (formally Office 365 ATP).

Defender for Office 365

What is Safe Links?

Safe Links is a feature of Defender for Office 365 that scans URLs clicked by end users to check for malware and malicious or phishing sites in real time.

Safe Links was first introduced in 2015 (for just Exchange Online at the time) and was originally used to “detonate” links in e-mails to detect malicious payloads. Safe Links was subsequently added to Microsoft 365 applications, as well, such as PowerPoint and Word.

With the latest update and expansion across Microsoft 365, Safe Links now provides transparent, integrative and native intelligent protections against malicious links in conversations, group chats and channels chat across Microsoft Teams.

Enabling the feature

This can be configured in the Microsoft 365 Defender portal. Detailed instructions can be found here

As with SafeLinks across the other Office services, admins can add exclusions and trusted sites if needed.

Microsoft buys CloudKnox, the only multi-cloud, hybrid cloud permissions management platform

After their acquisition RiskIQ just last week and ReFirm the month before, Microsoft have just annouced they are now aquiring CloudKnox, a leader in Cloud Infrastructure Entitlement Management (CIEM).

Who are CloudKnox?

Founded in 2015, CloudKnox, are the only multi-cloud, hybrid cloud permissions management platform that provide granular visibility, automated remediation and continuous monitoring consistently enforcing least-privilege principles to reduce risk. CloudKnox works with Azure, as well as the AWS and Google public clouds as well with leading virtualisation and hybrid cloud vendors including VMware.

Image displaying key features of CloudKnox
CloudKnox

CloudKnox are the leaders in Cloud Infrastructure Entitlement Management (CIEM) space and offers complete visibility into privileged access within cloud services.

What Microsoft plans to do with the CloudKnox acquisition.

In Microsoft’s most recent security blog, Joy Chik (VP of Identity at Microsoft) said:

“Modern identity security needs to protect all users and resources consistently across multi-cloud and hybrid cloud environments….Today, Microsoft is taking a significant step toward this goal with the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. This strengthens our comprehensive approach to cloud security.”

Joy Chik, Corporate VP of Microsoft Identity

The post (which can be read here) summarises how Microsoft will leverage the CloudKnox technology to help Security Admins with tasks such as managing privileged access in multi-cloud and hybrid cloud environment through a set of comprehensive yet simple threat assessments and prevention methods as well as ensuring security enforcement and governance.

Finally Microsoft said that the acquisition of CloudKnox will allow Microsoft to further harden Azure Active Directory with more granular visibility, continuous monitoring and automated remediation for their hybrid and multi-cloud identities, access and permissions further solidifying their market leading position in Identity and Access Management.


There are no clouds in space… But there is Azure!

I read an article recently about Stephen Kitay – the Former Deputy Assistant Secretary of Defense for Space Policy, who is now  Senior Director at Microsoft Azure Space. It got me thinking… Firstly.. what a cool job title…. and secondly… what is Azure Space..

It’s quite cool.. Tech and Space!

Microsoft says that “Azure Space was created to be the platform and ecosystem of choice for the mission needs of the space community” . It’s designed to make connectivity and compute increasingly attainable across industries including agriculture, energy, telecommunications, and government.”

Azure Space Overview

I loved researching and sharing some of what I read. What a great project to be part of… Imagine being asked what do you at a networking event and saying “supporting customers on their space missions off and on the planet, using the power of cloud and space technology to help business across industries re-imagine solutions to some of the world’s most challenging problems”

Taking cloud-powered innovation beyond Earth with “Azure Space”.

With the enormous challenges space presents, there also comes great opportunity. The space community is growing rapidly, and innovation is lowering the barriers of access for public and private sector organizations.

Microsoft is the first hyperscale cloud service provider to join the Space Information Sharing and Analysis Center (ISAC) as a member organization and they plan to share our unique global threat insights to protect critical infrastructure and strengthen cybersecurity expertise across the space community.

What is the purpose and applications for Azure Space?

Microsoft are diligently working to make Azure the platform of choice for the mission needs of the space community, bringing our unique global threats insights to protect critical infrastructure and strengthen cybersecurity expertise in the space industry“.

But…. Its not just about sticking Azure in space stations and shuttles.

Putting compute, data and AI into space makes connectivity and compute increasingly more attainable and accessible across the globe and has huge benefits across industries such as agriculture, energy, telecommunications as well as across the public sector and in particular in regions where traditional connectivity and access to compute is more sparse. Third and developing world nations will also hugely benefit. “ our ambition is to grow the entire world community, which is the basis for Azure Space.”

OK so what is Azure Space though?

Azure Space is basically a set of innovative service offerings, a new partner ecosystem and a global strategy focused on specific core areas to addresses never-before-seen security challenges. Azure Space is made up of 3 main things..

Azure Space Components Overview

Azure orbital

Azure Orbital is a Ground Station As-a-Service that provides communication and control of a satellite and enables satellite operators to communicate with and control their satellites, process data, and scale operations within Microsoft Azure.

Azure Orbital brings satellite data directly into Azure, where it can immediately be processed with market-leading data analytics, geospatial tools, machine learning, and Azure AI services.

In essence Azure Orbital will allow  organisations/providers of “space connected stuff”, to take full advantage of the Microsoft’s global network and services infrastructure to build new product offerings and services with the edge, 5G, SD-WAN, and AI.

Azure Modula Datacenter

 The Azure Modular Datacenter (MDC) is a complete, rugged datacenter solution for organisations/servjce providers that need cloud computing capabilities in hybrid, sparse or challenging environments like space.

Microsoft designed the MDC to support high-intensity, secure cloud computing in challenging environments, such as situations where critical prerequisites like power and building infrastructure are unreliable. Built on Azure Stack(r), it is a self-contained unit the provides the capability to deploy a complete datacenter to remote locations, or to complement existing infrastructure. The MDC runs primarily on terrestrial fiber, low-bandwidth networks, or be completely disconnected.

Azure Orbital Simulator

With space mow opening up to more commercial and government space organisation, the pace and demand of developing interconnected satellite networks increases exponentially.

To aid with this, Microsoft have created Azure Orbital Emulator, an emulation environment that conducts massive satellite constellation simulations with software and hardware in the loop. This allows satellite developers to evaluate and train AI algorithms and satellite networking before ever launching a single satellite reducing cost, time and money as well as human safety naturally. With Azure Orbital Emulator, Azure can emulate an entire satellite network including complex, real-time scene generation using pre-collected satellite imagery for direct processing by virtualized and actual satellite hardware.

“The Goal of Azure Orbital Emulator is to aid the preparation of space missions with the power of Azure.”

Azure Orbital Emulator is already being used Azure Government customers globally.

Credits and further reading

Some of the content here is referenced/quoted from the full comprehensive report. https://www.helpnetsecurity.com/2021/07/13/microsoft-azure-space and on twitter at @helpnetsecurity. Much of the information comes from Microsoft Azure blogs referenced below.

For further reading (it’s quite interesting) you can read Microsofts official blurb and ongoing updates here.

Microsoft makes another security acquisition…

Microsoft has just announced that they are to acquire cyber security company RiskIQ in a $500m deal.

RiskIQ provide cloud-based software as a service (SaaS) for businesses to identity various phishing, fraud, malware and other online threats.

Risk IQ

Microsoft’s Eric Doerr (VP of Cloud Security) explained in their annoucement how RiskIQ’s expertise and global threat intelligence platform will help their customers to better apprehend online threats in their digital transformation journey with the technology to become part of their integrated Security and Threat protection suite(s).

“The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response”.

Eric Doerr (Microsoft VP of Cloud Security)

Microsoft have a growing and comprehensive industry leading portfolio of integrated security and threat protection solutions for addressing the needs of hybrid and multi-cloud environments. The acquisition of RiskIQ’s expertise follows an ongoing list of acquisitions in the cybersecurity area.

“Our (Risk IQs) technology and amazing people will be a powerful addition to Microsoft solutions. Together, we’ll empower CISOs and security operations teams to proactively detect and defend their enterprise against all threats, both on-premise and across multi-cloud. “

Statement from RiskIQ

You can read the full annoucement in the Microsoft Security Blog here.

Microsoft “Authenticator app” now lets users change their passwords directly from the app

The Microsoft Authenticator app on Android has been updated and now lets users change security information and passwords right from within the app. This update also lets users view recent sign in activity, such as recent login attempts or changes to their account. This features update bring the android version upto date with the iOS version, which got this update back in May.

With the updated version, users can tap on the account name in the app which then opens a full-screen page for that account’s settings. Here it provides the one-time passcode for second-factor authentication, along with other options such as changing the password, updating security information, reviewing recent activity, and removing the account from authenticator should you wish.

These options are presented directly inside the app in a kind of in-line browser that lets users perform these actions without needing to switch to a browser or make these changes on the web. This works for corporate accounts as well as personal Microsoft accounts such as those with personal Microsoft 365 accounts.

Note: the account management options are not be available to Azure AD accounts as Microsoft want to empower IT admins to choose which options are made available to users from the Authenticator App.

Users can download the Microsoft Authenticator app for Android from the Google Play Store here.

There’s a myth that #Microsoft doesn’t “do” #security… Think again..

The myth that Microsoft isn’t a security vendor continues… led mainly by the traditional security appliance vendors and organisations that are still predominately on premise and therefore defend their data centre and office perimeters with traditional security blockers.. (sorry that was a bit of a generalist statement and not meant to offend)!

In reality, nothing could be further from the truth. With more than a billion dollar investment in security each year (excluding acquisitions), Microsoft has been recognised as a leader in multiple security-related Gartner Magic Quadrants, the Forrester Wave for Endpoint Security, and by I dependant AV testing firms such as AV TEST, AV Comparatives, and SE Labs in 2019 alone.

Security is built in across everything Microsoft designs, deploys and makes available and I’m proud to work and lead a certified and accredited partner is this space with Gold in Enterprise Mobility and Security competencies.

Check out the latest reports:

Take the time to read the reports and I’d love to hear your experiences thoughts and views on where you think Microsoft has its biggest gaps in this space.

Finally, theres some new announcements this week at Ignite to be sure to check these out.. The latest today is the announcment of #safedocuments which adds ATP type protection to Office desktop apps. Rolling over the next couple of month, when a user wants to consider a document “trusted”, Safe Documents will automatically check the file against the ATP threat cloud before it releases the document.

Thanks for reading and have a good day..
Rob

New WannaCry-type exploit threatens XP, Server 2003 and Windows 7… What do you need to do?

Microsoft has started warning users of older versions of Windows desktop and Sever to urgently apply a Windows Update today to protect against a potential widespread attack similar to the infamous WannaCry attack.

“Windows 7 users are still vast.. Make sure you are patched..”

Microsoft have yet again issues patched to close the critical remote code execution vulnerability that can be exploited in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions including Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.

Microsoft seems to be continually “doing the right thing” of still releasing critical patches for Windows XP and Windows Server 2003 even though both operating systems have been out of support for some time.

Anyone still running Windows XP, (yes I know) will need to manually download the update from Microsoft’s website.

As you know Windows 7 reaches end of extended support in just 7 months. #Windows10 offers more than 30 odd significant advances in security and OS hardening compared to its older siblings and whilst many organisations are rapidly migrating to #Windows10 there are still many organisations that have not.

Microsoft did announce yesterday extended support for Windows10E5 subscribers for another 12 months as a benefit to their “commitment” to move to Windows 10.