Forrester: Microsoft Leading the Charge in XDR Innovation

This blog post captures Microsoft’s latest achievements, innovations and recognition in cybersecurity as reported by Forrester in their recent wave report on Extended Dedection and Response (XDR) plafforms. Here is have focussed on the latest developments and Microsoft’s move to leading in this report.

The ever-evolving landscape of cybersecurity, organisations face the challenge of defending against increasingly sophisticated cyberattacks. Based on the analysis performed by Forrester in their 2024 Wave report, Microsoft has yet again risen to the occasion, with them being placed at the far out leader in Forrester Wave: Extended Detection and Response (XDR) platforms – Q2, 2024, pushing them ahead of both Palo Alto and Crowdstrike in this recent report. They have been leaders in this space for over 4 years but this year pulled further ahead than ever before.

In the last year, 75% of security professionals witnessed an increase in attacks with 85% attributing this rise to bad actors using generative AI

Report By Security Magazine 2023


The Forrester report details how to protect against the constant and more spohisticated AI powered “intelligent attacks”, a Unified Approach to Cybersecurity is needed rather than a traditional add-on and multi-vendor approach. Forrester comment how Microsoft Defender XDR stands out with its unified visibility, investigation, and response capabilities. It integrates seamlessly across endpoints, IoT, OT, identities, email, collaboration tools, SaaS apps, cloud workloads, and data insights, providing end-to-end protection.

Generative A is the Game-Changer

Forrester say that the introduction of Microsoft Copilot for Security marks a significant milestone in Microsoft’s approach to XDR. This generative AI solution simplifies incident remediation, reverse engineers malware code, and empowers analysts with natural language processing to generate Kusto Query Language (KQL) queries.

Microsoft’s Automatic Attack Disruption – also powered by their latest AI and Threat Hunting services, has led to the development of automatic attack disruption features in Defender XDR. This technology can detect and disrupt ransomware and other advanced attacks within minutes, showcasing the power of AI in cybersecurity. The services work seemlessly toegther across their wider Azure and Microsoft 365 security portoflio making these a real multi-layered protect, detect and respond approach rather than multiple products stacked on top of each other.

The Future of Cyber Defense

Microsoft’s recognition by Forrester underscores its dedication to innovation and excellence in cybersecurity. As cyber threats continue to evolve, Microsoft’s XDR and unified security operations platforms will remain essential tools in the arsenal of cybersecurity professionals.

In Microsoft’s own blog post on the matter they state that “We believe Forrester’s recognition showcases that Microsoft Defender XDR is the broadest native XDR solution on the market and that our most recent additions of Microsoft Defender for Cloud data and Microsoft Purview Insider Risk Management data are critical to give the SOC access to end-to-end data. Its incident-level visibility, automatic attack disruption of advanced attacks, and accelerated detection and response now work across endpoints, Internet of Things (IoT), operational technology (OT), on-premises and cloud identities, email and collaboration tools, software as a service (SaaS) apps, cloud workloads, and data insights.”

“Microsoft is refining the most complete XDR offering in the market today, their dedication to innovation is demonstrated by its percentage of the R&D budget by revenue, which rivals the most innovative vendors in security.”

Forrester Wave Report: Q2 2024

Summary

Great to see Microsoft continue to innovate in this area, after Satya Nadella stated that they are “priotitising security above all else” in a recent report.

The recent report from Forrester does not of course mean that the other vendors in this report are no good. The familiar vendors such as Palo Alto, Crowdsrike continue to innovate in this space and the others are working hard to move up the quadrant.

Others to mention are Cisco who have moved into the Challengers Quadrant this year, following huge investments in thier Cisco Secure Cloud platform and their continued invenstment to bolster their security portfolio.

It is worth noting that XDR is just one of the security pillars reported on by Forrester and other leading analysts like Gartner.

Microsoft’s Copilot for Security available April 1st

No – it’s not an April Fools Joke – Microsoft yesterday (13th March 2024) announced that their much anticpiated Copilot for Security will be available to buy and use from 1st April 2024.

What Does Copilot for Security Do?

Originally announced a year ago and after extensive testing in private preview, Copilot for Security is aimed at IT Security and Sec Ops teams as it brings Microsoft’s Copilot technology, Microsoft’s threat intelligence services and Machine Learning into a dedicated security service powered by Copilot. .Copilot for Security can processes prompts and responds in eight languages, with over 25 languages supported at launch.

For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview this is a exciting time!

Image (c) Microsoft Security.

Copilot for Security is informed by large-scale data and threat intelligence, including Microsoft’s daily processing of more than 78 trillion security signals – a gaint increase from 65 trillion signals stated just last year. This is largest threat intelligence database in the world. Microsoft do not use any organisational data to train their LLMs.

One huge advantage of Copilot’s conversational abilities is its capacity to rapidly compose incident reports. It can also tailor these reports to be more or less technical based on the intended employee audience, say Microsoft.

Copilot for Security offers a huge variety of capabilities, including:

  • Human-readable explanations of vulnerabilities, threats, and alerts across all of Microsoft’s security products and services, aswell as, (later) third-party tooling as well.
  • Answer questions about alerts, threats and incidents in real-time and take action.
  • Automatically summarising incident analysis and offers recommendations for subsequent actions based on the tools the organisation is licnesed for and/or deployed.
  • Ability for users to edit the prompt to correct or adjust responses and share the findings with others and create extensive run books based on prompts as well as ability to share prompts with other anaysts in the team.

After nearly a year of various preview stages and vigorous testing both my Microosft Security Expert and enterprise organisations, Microsoft say the feedback has been “overwhelmingly positive.” A recent AI economic study by Microsoft demonstrated that security professionals work 22% faster and are 7% more accurate when utilising Copilot for Security. An impressive 86% of participants reported that Security Copilot enhanced the quality of their work, and >90% expressed a desire to use Security Copilot for future tasks. The report further indicates that security novices, possessing basic IT skills, performed significantly better with Security Copilot compared to members of a control group. Moreover, their superiors expressed greater confidence in their output.

Copilot for Security in Action

A year in readiness.

In the annoucement, Microsoft cited statements from Forrester VP Jess Pollard who said that “Experienced practitioners will reap the most rewards from the capabilities Microsoft offers, and while it’s unlikely to identify threats SOC [security operation center] teams would miss, it does make investigation and response faster”.

Just like Copilot for Microsoft 365 – Adoption and Training is Key

Just like any major technology change such as Copilot for Microsoft 365, adoption, training and practice is going to be vital to get maximum value anmd trust from Copilot for Security. Security teams will need to a fair amount of change management and training to ensure they can take advantage of the Microsoft Copilot for Security. Forrester cited in the report that “it takes around 40 hours of training to get security practitioners comfortable with using Copilot for Security. In addition, we heard that it takes four or more weeks — with many stops and starts — to get practitioners comfortable with the technology.”

With a global shortage of Cyber Security Skills, an exponential growth in attacks and attack surfaces and the rise of AI at cyber crimimals finger tips, Copilkot for Security has been one of the most anticipated uses for Copilot. There is no doubt that Copilot for Security can lower the barrier to entry into the cybersecurity industry, Forrester also said that “Though large language models and generative AI may level the playing field and allow for accelerated security talent development, no amount of out-of-the-box prompt books and guided response steps replace fundamental security knowledge, skills, and experience.

The Pros Microsoft Copilot for Security

Feedback from Microsoft early-access clients loved about Copilot for Security, including the following:

  • Making script analysis easier by de-obfuscating and explaining contents.
  • Accelerating threat hunting by helping write queries based on adversary methods.
  • Speeding up and simplifying complex KQL queries or PowerShell script creation.
  • Analysing phishing submissions by verifying true positives and providing inbox details.
  • Improving analyst experience by reducing the need to swap between various tools.
  • Generating leadership / executive-ready incident report summaries efficiently.

Things to be aware of at launch

There are serveral key areas which wont be available at intial launch, but epect to see rapid release cycles and updates once GA. Currently the following is not available but will be added over time.

  • Single Data Repositories – Copilot currently requires multiple instances for users / organisations that want to silo data between different business units, group companies or geo locations. These will be eventually be rolled into a single instance/interface but today will cause challenges for large MSPs and global / complex organisations.
  • Third Party Tools – At launch Copilot for Security will not provide integation into third party tools so organisations will need to be using Microsoft’s first party security tools like Defender for Ideneity and Defender for Endpoint. This is on roadmap.
  • Limited Integfration and Automation: Much of the work Copilot for Security does on day one is around reporting, alterting across mutiple signals sources and behaviour. Whilst it can execute run-books, some services like auto-quarantine and network isolation will not be available at launch.

New Features at Launch

In the annoucement, Vasu Jakkal, corporate VP of compliance, identity, management, and privacy at Microsoft said that as part of the launch, the following new features will be available to Copilot for Security:

  • Custom promptbooks,: allowing Security Teams to create and save their own natural language prompts for common security workstreams and tasks similar to the notebook feature in Copiolot for Microsoft 365.
  • Knowledge integrations: Which will enable the connecting of Copilot for Security to customers’ logic and workflow and the ability to perform activities based on company defined step-by-step guides.
  • Integration with customers’ curated external attack surface from Microsoft Defender External Attack Surface Management to identify and analyse the most up-to-date information.
  • Summarisation in natural language of additional insights from Microsoft Entra audit logs and diagnostic logs for a security investigation or IT issue analysis related to a specific user or event.
  • New fully customisationable usage dashboards to provide reporting on how teams interact with Copilot.

Which Organisations benefit most?

For organisations that already invest and consume Microsoft security services such as Sentinel, Defender, Entra, Priva, Intune, and Purview – Copilot for Security will likley be at tool that provides an indispensable enhancement that will not only reduce workload and increase productivity, but siginifcantly help Security Teams to work better together and detect and respond faster than ever.

Organistions that are not fully invested in Microsoft’s extensive secrtirty portfolio and choose to use other vendors will still benefit, but until wider third party support is available, runinng trials and evaluating the potential move to more Microsoft Security technologies is a smarter move. There will be increased funding pots and incentives to entice organisations to move to Microsoft Security.

Almost every Security vendor is adding Gen AI into their products and services, but today, no other organisation has built what Microsoft have (though this will likley change).

Pricing from $4 per hour

Yes, ok I saved this for the end.

Pricing will be offered through a consumption-based model, allowing customers to pay according to their usage needs. Usage will be categorised into Security Compute Units (SCUs). Customers will be billed for the number of SCUs provisioned on an hourly basis at a rate of $4 per hour, with a minimum usage requirement of one hour. Microsoft say this is an opportunity for any organisation to begin exploring Security Copilot and expand their usage as necessary.

This, lowers the entry point to the solution without a big initial license outlay and should simplify the pilot, on-boarding and rollout process. The PAYG model is also something organisations are used to, making it more accessible and straightforward and avoiding the complexity of traditional stackable licensing schemes.

Microsoft CSP partners, like Cisilion will be key in helping customers to manage their spend, working with the Sec Ops team to tweak and finetune the solution to help map, manage and plan spent.

My 8 AI tech predictions for 2024

man looking up a cloud thinking about AI advances in 2024

Our social media feeds will be full of predictions for the year ahead this week, after all, 2023 was an exciting and crazy year in tech with arguably some of the biggest advances we have seen for more than a decade. You can read my 2023 tech review here.

With all the advancements in Generative AI technology and chatbots in 2023, I have focussed my tech predications specifically around the rise and development of Generative AI, since every aspect of IT is going to be “AI infused” this year I believe, and organisations start to enter the next level of adoption maturity – from “what is coming” and “what might be possible” to real business impacts and tangible examples.

#1 AI is going to keep getting better and more “intelligent”.

This is quite a no-brainer really, as we already know that OpenAI has big plans for 2024 and with Google hot on their tail with Gemini, I would expect to see the release ChatGPT 4.5 (or even 5) at some point in the first half of 2024. We could also see image technology like DALL-E shift into video creation for the masses an not just images. There will also be more competition to win the Gen AI race from Microsoft, Apple, Google and Amazon. This could be the new browser and search engine wars. Microsoft will adopt the later ChatGPT and DALLE-3 tools into their Copilot products.

#2 Business will invest more AI and core technology training.

Outside of using Generative AI to help us write emails and documents, many organisations will be looking to AI to further enhance business automation and data processes to complement and enhance human capabilities.

With the output of most of the AI tools we will use in the enterprise being reliant on the data on which they use as a reference point or to operate, there will be a need to invest in skills around the fundamentals of AI and big data analytics. People will need to learn how to interface with AI, how to write to good prompts that deliver the right outcome and how to leverage these new tools to radially improve productivity and outcomes.

At the more basic levels, there will also be a focus and need to drive good adoption of the base technologies used within organisations as a result of the technologies and processes put in place. From good data labelling and classification, to simply working with and storing files in the right places in Office 365 and to using the new tools such as Copilot in Edge and Microsoft 365, Intelligent Recap in Teams, businesses will need to revisit the level of IT training given to employees, encouraging Centres of Excellence and building technology sponsors or mentors across different teams.

Training users on what tools to use, how to use them and when will be key and is something many organisations still do badly.

#3 We will see more Legal Claims against AI.

Whatever happens in terms of the tech advances of AI, there is no doubt that we see a leap in the number of legal claims from authors, publishers and artists against companies who have been building AI products – after all, we’ve already seen a few in 2023.

The reason for this, is that at the heart of any Generative AI products are large language models (LLMs). The leading AI companies such as Google, Microsoft and OpenAI, have worked really hard to ensure their models adhere to and respect copyright laws while “training” their models. In fact, Microsoft are so bold about this, they even put in place a copyright protect pledge to protect companies back in September last year.

Just last week (December 2023), the New York Times filed a huge lawsuit against Open AI and Microsoft for copyright infringement. They claim that their heavily journalism content was being used to train and develop ChatGPT without any form of payment.

OpenAI and Microsoft are also caught up in another lawsuit over the alleged unauthorised use of code in their AI tool Github Copilot and there have already been other examples of lawsuits against developers of generative AI products including Stability AI and Midjourney in which artists have accused the developers of using their content to train text-to-image and image creation generators on copyrighted artwork.

The legal battles of 2023 highlight some of the complex and evolving issues surrounding intellectual property rights with the development and use of AI.

As 2024 gets underway, I suspect we will see more examples (especially if the New York Times case is successful).

#4 The rise of robust governance policies.

As we move from proof of concepts and idealisation to real proven examples of how these AI tools can be used in our daily lives, I think we will see an increase in regional, state and local companies, putting in place robust governance policies, processes and tools including the testing and validation for content generated by AI generated content. This will require new tools for ensuring there are appropriate guard rails and monitoring throughout.

Organisations will need to have clear AI policies in place that map out what AI products and tools they allow, guidance around content and image generation as well as what they view as ethical, responsible, and inclusive use of AI, outside of the policies that the AI companies have in place and the guidance they provide.

Education will also be key to ensure that employees can learn and put to practice, the necessary skills to use AI tools in workplace and to ensure the above checks and policies are implemented. Creating centres of excellence and good practice sharing will also be key to ensure employees and organisations get maximum benefit and gains from using AI.

#5 Expect to see more deception, scams and deep fakes.

We will likely see more deception and trickery for financial gain this year as fake person generators and deep fake voice and videos become more of a widespread tool for phishing and scams. We have already seen cases (and warnings) by banks where voice cloning technologies can already accurately replicate human voices and threaten the security of voice print based security systems. In 2024,we are likely to see this go further to many more areas across personal, corporate and political exploitation and deception.

Left unsupervised and unprotected, the rapid growth and risks of digital deception imposes a huge risk and needs security response and protection organisations to respond. I think we will see more guidance, more safeguards, specialised detection tools, increased awareness and increased use of multi-factor protection. A new method of digital prints to detect such fakes is going to be critical if people and organisations are going to remain confident that these technologies can’t be beaten by deep fakes.

To protect the reliability of information in a fast-changing digital world, it will be essential to have the tools and skills to detect and counteract AI-generated fabrications.

#6 Proliferation of “new” wearable AI technology.

I expect to see a huge increase in products and services around AI wearables or AI-powered wearables. This will further drive the already increasing trend that shifts away from traditional screen-focused devices towards more integrated, context and environment aware devices that provide up-to-date monitoring that fuel data driven insights and decisions into personal and professional lives.

Applications: This could open up huge advances in for example continuous health monitoring devices, such as blood glucose monitors, anxiety detection, cancer scanning, gut health and even AI controlled insulin pumps. In sports we could a new level of performance monitoring and tracking with huge sponsorships deals by leading health and fitness companies. This will/could also lead to more data for unique advertising revenues…

Apple have also recently said they are working with OpenAI and plan to leverage the computing edge (their devices) by directly enabling AI processes on their devices rather than relying solely on cloud connected AI services.

Security comprises and wider privacy concerns are likely to be impacted by this shift especially as these devices (in a similar way to health trackers do today) will have the ability to record and process huge amounts of personal, health and other data. In the case of smart glasses for example, this could also lead to new laws and legislation (and restrictions) to ensure privacy isn’t compromised by recording or capturing video without permission or consent.

#7 Cyber attacks and defence will become “more AI driven”.

With any new technology – security plays a vital role. I think we will see a massive change to the level of attacks and therefore the protection and detection needed from cyber security systems this year. From an attacker perspective, it is likely that the use of Machine Learning and AI will continue to amplify the sophistication and effectiveness of cyber attacks – with more convincing personalised-driven tactics, including advanced deepfakes and intricate, personal phishing schemes, using AI to craft more convincing social engineering attacks that make it increasingly difficult to differentiate between legitimate and deceptive communications – both externally and from within the organisation. We will also see systems customise attacks based on industry, location and known threat protection landscape.

From a defence perspective, the fight against AI attacks will also be AI-centric with new AI-based detection tools and applications that work in real time. Identity will be the primary defence and attack vector. For example, Microsoft’s Security Copilot which is currently in preview promises to be the first generative AI security product to help businesses protect and defend their digital estate at AI speed and scale. These tools, in partnership with people powered response and remediation teams should at least even the fight between the AI powered attackers and the defenders that are needed to keep our businesses, industry and services safe.

Without playing the War Games/Terminator scare games, the treat of bad actors/nation state attackers. organised cyber crime division and opportunity hackers have a new set of tools available to help them. The battle between attackers and the biggest Cyber Security MSPs, Cloud giants and business is going to heat up. We will see victims and we will see scares. The battle against cyber threats is becoming ever more complex and intertwined with AI.

Businesses will need a more nuanced and advanced approach to cybersecurity which will mean simplification, standardisation and most likely reducing the number of different disconnected security products they have and adopting a more defence in depth approach with AI powered SEIM tools or full outsourced Managed Security.

#8 Zero Trust will finally be taken seriously.

To wrap it up – and with the growth of AI in to every part of our personal and work lives, working across more devices, applications, and services, the realm of control that IT traditionally had over the environment will continue to move outside of their control.

With the rise of AI and more importantly AI being used to drive more sophisticated attacks – compromising personal devices that are used to access corporate data, I think we will see more organisation adopting the zero-trust security models whilst consolidating their point product solutions into a more streamlined and unified approach.

Zero Trust is a security strategy – not a product or a service, but an approach in designing and implementing the following set of security principles regardless of what technology products or services an organisation uses:

  • Verify explicitly.
  • Use least privilege access.
  • Assume breach.

The core principle of Zero Trust is that nothing inside or outside the corporate firewall can be trusted. Instead of assuming safety, the Zero Trust model treats every request as if it came from an unsecured network and verifies it accordingly. The motto of Zero Trust is “never trust, always verify.”

We also know many organisation have a huge amount of digital dept when it comes to security – with lots of point products, duplicate products and dis-jointed systems. I think we will see organisations focus more around:

  • Closing the gaps in the Zero Trust strategy– making sure they have adequate protection against each of the layers
  • Focus on data protection to minimise data breach risk – things like Data Loss Prevention, encryption, conditional access, labelling and data classification etc.
  • Doing more with less – by removing redundant or duplicate products and aligning with tools that better integrate with one another and that can be managed holistically through a single pane of glass.
  • Doubling down on Identity and Access control – moving to passwordless authentication methods, tighter role based access control, time-based access for privileged roles and stricter conditional access policies.

I also think that Generative AI has a huge potential to strengthen both our awareness of data security, and in adding an additional layer of visibility and protection. I expect we will see admin tools become smarter at looking at information over sharing, pockets of risk and potential compromise and having the ability to take action (expect more premium SKUs) to close the gaps, inform information owners or alert Sec Ops teams. I think we will see organisations spend more time looking at risk management and insider risk too.


I could probably go on – as there is so much happening and the pace we saw in 2023 will only continue and if not increase.

Conclusion

In conclusion, this article has discussed some of the major trends and my predictions for AI in 2024, based on the developments, achievements, rumours and general trajectory seen last year.

In short, my predictions, include the improvement and competition of generative AI models, the need for more AI and data skills training, the legal and ethical challenges of AI-generated content, the rise of AI governance and security policies, the increase of deception and deepfakes, the proliferation of AI wearables, and the role of AI in cyberattacks and defence.

These trends highlight the both the opportunities and risks of AI for personal, professional, and societal domains, and the importance of being aware and prepared for the impact of AI in the near future.

Microsoft 365 E5 to get Defender for IoT for free

Introducing Defender for IoT

Microsoft have announced that organisations with Microsoft 365 E5 subscriptions will soon be getting a new “service plan” called “Defender for IoT – Enterprise IoT Security – Enterprise IoT Security”.

As spotted in the Microsoft 365 Message [ID: MC673712] update over the weekend, this service plan will provide both Microsoft 365 E5 customers and those who have the Microsoft M365 E3 add-on [E5 Security] with real-time device discovery, continuous monitoring, and vulnerability management capabilities for up to 5x Enterprise IoT devices (such as printers, scanners, cameras, Smart TVs, VoIP phones) per user license [so an organisation with 2,500 devices will get support for cross the organisation. Additional per-per device licenses will also be available for purchase.

Illustration of "Defender for IOT" - Image (c) Microsoft.

The Internet of Things (IoT) supports billions of connected devices that use both operational technology (OT) and IoT networks. IoT/OT devices and networks are often built using specialized protocols and may prioritise operational challenges over security.

When IoT/OT devices can’t be protected by traditional security monitoring systems, each new wave of innovation increases the risk and attack surfaces across those IoT devices and OT networks.

Microsoft

This will start to roll-out next month (October 2023) and provides tools and insights for protect enterprise IoT networks, including:

  • Tools and insights for protect enterprise IoT networks
  • Agentless IoT device monitoring
  • Support for cloud, on-premises, and hybrid OT networks
  • Support for modern and proprietary Operations technology (OT) protocols
  • Lightweight security micro-agents which allow IT to build security straight into IoT operations and innovations.

Read more on Securing IoT devices for “Defender for IoT – Enterprise IoT Security

https://learn.microsoft.com/en-gb/azure/defender-for-iot/organizations/overview?view=o365-worldwide

Cisco Live 2023 – Cisco’s Key Announcements

Yesterday (6th June 2023) was the first day of Cisco Live which was hosted in Las Vegas.

CEO Chuck Robbins hosted the keynote, along with a host of product leads and Cisco executives who ran through their huge list of updates. The core focus for Cisco and the announcements made, were focussed on security, networking, cloud, AI, and sustainability. Some of the key announcements were:

  • Updates to their Full Stack Observability Platform (FSO), a cloud-based service that provides comprehensive visibility and insights into applications and networks.
  • Cisco Cloud Application Security, a new feature of their FSO ⬆️ that monitors and protects cloud applications from threats.
  • Cisco Networking Cloud, a unified cloud network management platform that simplifies connectivity and security across devices and networks.
  • Cisco Secure Access, a single sign-on solution that enables users to access any application from any device or network.
  • Cisco Multicloud Defense, a platform that unifies security controls across clouds and applications, with support for multiple firewalls.
  • Cisco Secure Firewall 4200, a new, faster, and more reliable firewall that works with their Multicloud Defense service
  • Cisco SOC Assistant, an AI-powered tool that helps security teams detect and respond to incidents, with optimized remediation tactics.

Cisco Key Themes

Chuck Robbins highlighted, Cisco’s five key themes going forward as:

  • Reimagine your applications.
  • Power your hybrid work.
  • Transform your infrastructure.
  • Secure your enterprise.
  • Your journey to sustainability.

Reimagine your applications

The first main product announcement was that of the general availability of Cisco’s Full Stack Observability (FSO) Platform which has been in preview for a few months.

The focus and need for FSO was positioned as the fact that “Every business is a digital business“. She discussed how that while having the right applications is critical to getting work done, they also need to work efficiently for people to be productive, wherever they work. Liz Centoni pointed out that the magnitude of apps used by businesses can “lead to an avalanche of data and insights that can be overwhelming, meaning delays in functions such as threat detection“.

Origibally announced last year, but now available to all, FSO is designed to let organisations gain insights and analytics almost any data source, helping reduce the number of monitoring tools needed, speed up support efforts and keep users online and productive. One of the key use cases for FSO is that in customer digital experience monitoring, whereby Cisco are able to measure predict and monitor the end-to-end user experience across various parts of a customer journey (for example, during an online e-commerce experience).

Joining FSO to Security, Cisco also announced that a new product – Cisco Cloud Application Security, is also coming FSO, which will bring a new layer of security insights into FSO to help understand, see, and act on threats affecting the organisation.

Power your Hybrid Work

The focus on this topic was really blended into Security and FSO which I cover later. There was not much talk about collaboration tools like Webex, though they did say that Webex was remains as a key part of Cisco’s collaboration strategy, which is now able to work seamlessly with Microsoft Teams with their support for Cisco Powered Teams Rooms. Cisco revealed how global organisations like Audi, Carhartt, and MGM Resorts International are using the end-to-end Cisco stack to enable hybrid work and improve productivity.

Journey to Sustainability

Sustainability was a key focus for Cisco, and they publicised a few key initiatives and some major pledges and initiatives to help both Cisco and their customers get greener, recycle more, and ensure sustainability manufacturer, supply chain and lifecycle management. “If you take our technology and put our ecosystem along it, it can help the transition to a modern and low-carbon economy” was a statement given by Cisco Chief Strategy Officer Liz Centoni.

Transform your Infrastructure

Jonathan Davidson, EVP and General Manager of Cisco Networking, announced the launch of Cisco Networking Cloud, a simplified, single cloud network management platform that aims to make cloud networking easier and more secure for organisations. During the announcement he said that Cisco Networking Cloud will provide

  • Unified experiences across technologies, applications, and networks
  • Radical simplification through platform consolidation
  • Cloud-first management with enhanced security and visibility
  • A simpler design experience with consistent interfaces

Cisco’s claim and message around Cisco Networking Cloud was “If it’s connected – it’s now protected“, and the key focus was about simplicity, with their vision being to bring unified visibility and management covering all an organisations’ technologies, applications, and networks. Cisco said that today, in the most, such unified experiences are being inhibited by operational complexity, but that Cisco is leading the fightback with what he called, “radical simplification“.

Secure your Enterprise

Liz Centoni said, in her presentation that “When it comes to security, we want to frustrate attackers, not users…..giving users safe and easy access to their apps and data“.

Security was the biggest talking point for at the keynote this year and was the topic for the last part of the presentation. The session was led Jeetu Patel, Cisco’s EVP and General Manager of Security & Collaboration. During this part of the keynote, he talked about Cisco’s vision and solutions for network, cloud, and application security. Some of the key points he shared were around how security services needs proper coordination and management to avoid discord and inefficiency – comparing them to an orchestra where everything needs to work in harmony to avoid just being lots of different noises.

Cisco also spoke about the issues and complexities that the traditional patchwork approach of the security has in most organisations and that these point products and solutions typically creates silos and complexity for customers as well increased cost and often areas of little or no protection.

This was used as a hook into announcing Cisco Security Cloud, which is an open, integrated security platform for multi-cloud environments that leverages generative AI capabilities to optimise performance and security of every connection.

Cisco shared how they now observe over four hundred billion security events every day, which provides them intelligence and trends and insights into the threats facing businesses. Cisco talked about the importance of AI within their products sets, which cuts around one hundred billion hours of work in threat detection and mitigation across their customer base.

Cisco emphasised the need for organisations to adopt zero trust and zero friction security, whereby users can connect to any application, from any device, or any network, without compromising on security or having a clunky and difficult user experience. Cisco talked about their Cisco Secure Access, solution – a single sign-on offering that is claimed to “enable seamless connectivity”. Linked to this was Apple iCloud Private Relay an integration with Apple devices and iOS that provides secure access to an organisation’s apps and services with the need to download anything extra on their iOS device. The words “Cisco makes security simple and magical for users” was one of my favourite quotes of the day!

“The world needs security defenses that are completely synchronised, this is what we set out to do – provide a platform for security”

Jeetus Patel | EVP of Security & Collaboration | Cisco

Finally, Cisco talked about the integration of Cisco Secure Access and Thousand Eyes (which is their cloud-based network intelligence platform that provides visibility and insights SaaS applications network performance and user experience. Jeetus Patel, talked about the challenge of securing private and public clouds, which often have different admin consoles, firewalls, and security controls. Cisco said that that their new Cisco Multicloud Defense platform is a new solution that will provide a translation layer to enable seamless communication and unified security across an organisation’s multi-cloud environments.

Cisco also introduced the new Cisco Secure Firewall 4200, a faster (and more energy efficient) offering that improves redundancy and was built alongside their new Multicloud defense platform as well as Cisco SOC Assistant, an AI-powered tool that helps security teams detect and respond to incidents, with optimized remediation tactics.


Did you attend or tune into Cisco Live? What were you most excited about?

Microsoft 365 Security vs Point Solutions

TL;DR

Microsoft now claims that they handle, process and act upon more than forty-three trillion daily threat signals.

This blog, however, does not go into the specific features and security across Microsoft 365 and Azure, but instead explores the fact that despite the extensive array of security services, tools, and products that Microsoft offer, Microsoft report that only about a quarter of their customers are actively using the core security products they’ve invested in.

Only about a quarter of our customers are actively using the core Microsoft security products that they have invested in.

Microsoft (& Forrester)

This of course can mean that organisation might:

  • Have unnecessary security gaps, protection weaknesses and risk exposure
  • Be wasting money (through Microsoft protection services bought but not enabled)
  • Be buying twice (or more) through duplicate tools and services.
  • Have a more complex protection strategy than is necessary
  • Not be aware of Microsoft’s comprehensive multi-cloud security offerings

This blog shares some of the collective thoughts, and discussions I had with my customer advisory panel in our September fireside chat which focussed on the pros, cons, questions, and concerns around embracing the end-to-end protection across Microsoft 365 and beyond vs using point products and third-party security add-ons.

I’ve also included some (hopefully) useful links and content at the end of this blog.


if you’d rather watch / listen to the show, you can find the recording below:
Fireside Chat: Microsoft 365 vs muti point security

Here’s the summary of the discussion points from my recent fireside chat.

1. Microsoft Security – What is in the SKU?

Speaking to the panel on my recent Fireside Chat, I believe that most organisations don’t know enough about the breadth and depth of the Microsoft 365 Security Stack they have bought and invested in.

We use a variety of Microsoft 365 licenses but need a better understanding of what is included in, and what are we might be missing by not investing and adopting the wider Microsoft 365 E5.

Rowland Hills | COO | Leathwaite Human Capital Limited.

This is due, in part, to the constant change, enhancements and investment [$4b a year in R&D] with regards the changing threat landscape and the death and breadth of tools of available within Microsoft 365 E5. Add to this the renaming of Microsoft products (they do far too much IMO).

There’s a plethora of tools within the Microsoft 365 E5 licence. Understanding what those tools do, what is included, what they can replace and how they fit together is the biggest challenge for us. The stack is constantly changing, and new products are added or renamed so it is hard to keep up.

Jas Bassi | Head of Solutions Delivery | Gately Legal

2. Does having too many different security vendors lead to unnecessary complexity?

The Cyber Security market is huge. In a recent KPMG survey of 500 CEOs, 18% said that cyber security When I was first an IT consultant in the early noughties, security was always about having strong passwords and the best “black box device” to protect on-premises stuff! Be it, firewalls, mail security, web filters, VPN, IPS etc that protect aspects of an organisation’s internal network or Data Centre environment.

The average organisation has over seventy security products from thirty-five different vendors.

Gartner | 2021

As the world has, and continues to shift to a perimeter less, multi-cloud and distributed workforce (with home working creating thousands of “offices of one”), many organisations now struggle with not only the ever-expanding threat landscape and increasing talent shortage, but the growing number of vendor solutions, their associated mounting costs, cross over of product, and features.

In a world of highly distributed data and disappearing perimeters, today’s enterprises are struggling not only with the expanding threat landscape, but the growing solutions landscape and their associated complexity and mounting costs.

Forrester

Complexity is the new enemy, meaning that silos and multi-vendor point products are the bane of Security Operations. Not only are they costly, but their features also overlap, they don’t necessarily integrate and in most cases, there is no single pane of glass or “intelligence” across the platforms.

This not only causes complexity and cost, but above all does not provide a holistic view of security and threats across their organisation without the use of yet more expensive tools and connectors into a SEIM platform.

We see this quite often with our customers too – particular in the case where Microsoft 365 has been organically deployed. We often see that customers, whilst heavily invested in Microsoft 365 continuing to invest and use a plethora of third-party tools and thus are not realising the true value and protection of the extensive and integrated Microsoft 365 Security Suite.

This is not just about cost either. Having too many tools addressing point solutions, combined with no holistic view of security can cause too much “noise” and alerts meaning real potential threats are ignored or get lost. This is the primary reason Microsoft cite for why “only one quarter of their customers are actively using the core security products they’ve purchased“.

As well as the advantages of a joined up and integrated security portfolio, any organisation that has, or is embracing the Microsoft Cloud, can recognise cost savings of over 52% and see ROI of 92% (according to Microsoft & Gartner) by adopting the vast array of security services within their Microsoft 365 subscription and/or by displacing legacy point products.

Organisations can typically save 52% on their security by using Microsoft 365 E5 Security compared to point products and solutions.

2021 Microsoft Zero Trust Solutions – Total Economic Value Report

3. “In my opinion” Microsoft Security is world class

It doesn’t have to be this way though, and once there is joint awareness, understanding and trust in the Microsoft security portfolio – this complexity and silo approach to security can be a thing of the past.

Microsoft (as any end to end security provider) would say that that Microsoft can secure and protect the entire digital footprint for every enterprise customer, however the reality is for any organisation that has, or is embracing Microsoft Cloud, significant cost advantages (>52% according to Microsoft & Gartner) can be achieved in security alone by enabling the services they have bought and displacing all or most of their legacy point security products.

Joining us on the Fireside chat this month was Jose Lazaro Pinos, a Security Architect at Microsoft. He said that:

Our solutions deliver comprehensive protection across your entire digital estate – Identity, Data, Apps, Endpoints, and Infrastructure Network. Where we differentiate is that security is built into our products rather than bolted on.

We have a building block approach to security and compliance and provide protection in over fifty security categories.

We are investing $20b in security over next 5 years.

Jose Lazaro Pinos | Security Architect | Microsoft

Many of the clients we work are onboard and committed to leveraging Microsoft Cloud and Microsoft Security across the board. This extends to beyond basic hygiene services such as Azure AD, Conditional Access, Identity Protection and Privilege Identity Management, into the more advanced compliance and protection services such as Defender for Office 365, Identity and Endpoint, DLP and Purview (formerly Microsoft Information Protection) for compliance and data protection and Sentinel for SEIM and XDR.

We use Microsoft Security for most things. We also use Microsoft Information Protection and DLP and were an early adopter for Azure Sentinel.

Paul Clark | Director Security & Services | London & Quadrant Housing

L&Q, like many organisations have a hugely diverse workforce and the tight integration of the Microsoft Security products have enabled them to have confidence that their employees, devices, and data are well protected wherever they are. Paul also said in the chat, that with the Exec board are on-top of Security and it’s very much front and centre so Paul and his team need to top of their game and trying to ensure they continue to get value from the new things coming to Microsoft Security is top of mind and again enforces what we hear about point one above.

The Microsoft ecosystem is our primary security stack, but if the business is not educated and engaged, it can be easy to be sold multiple products that overlap or do the same thing. We have a drive to consolidate where we can with Microsoft 365.

Alex Taylor | Group IT Director | AWIN

4. What are the downsides of a single vendor approach?

In short, the consensus from the panel was “probably none” – not anymore.

Go back just 5 years and I’d say most IT and security teams had a negative (or empty) view of Microsoft as a “security company”. Even as their reputation improved, it was still commonplace to see many organisations that were accepting of just how extensive Microsoft’s security offering has become still question “what if one vendor gets compromised, you need protection from the other vendor that hadn’t been compromised“.

Our security team used to preference a multi-vendor approach, but the benefits of a single vendor approach are recognised – single pane of glass, consolidated reporting and joined up protection across the digital estate

Lee Phipps | Strategic Enterprise Architect | East Riding of Yorkshire Council

More recently, this view is changing, as my customer panel confirmed. Zero Trust is all about defense in depth and having multiple layers of protection. The key principle is not necessary about a single or multi-vendor, but more important is the need for seamless join up and integration between the service layers – whether this is a mix of vendor products connected via API driven integration into a SEIM, or the integration and consistency (which is key) through using a joined-up suite of products which provides multi-layer protection.

Its critical of course that whatever you use can see and protect all your applications, services and infrastructure including services which sit outside the Microsoft Cloud.

Zero Trust Security Architecture

Previously we used to use third-party multi-vendor products for monitoring and DLP, but we took the decision to remove these and move them to Microsoft and to configure the ruleset in Azure Sentinel to give us a seamless view and dashboard.

Mudassar Ulhaq | CIO| Waverton Investment Management

The panel also agreed that managing multiple security tools creates unnecessary workload for their IT and SecOps team as they have multiple products dashboards to check and consolidate and the terminology signals don’t always align.

Rowland Hills said that the reality here is that for any smaller business, where you are struggling to have a couple of people in IT and in which case have one or sometimes no dedicated security focussed person. The impact of attack of course is no different no matter how big or small you are, but one of the things about leveraging cloud for security means that the smallest or largest organisations benefit from the power of Microsoft Cloud which has some impressive threat protection stats (which they asked me to share).

Microsoft Infographic showing extent of Microsoft Security Graph and Signals.
(c) Microsoft -43Trillion daily threat signals include data seen through Risk IQ acquisition

Microsoft Security On-Ramp – where to start

Firstly, you don’t have to spend loads of money to get some increased awareness – you can work with your Microsoft Cloud Security partner and/or leverage some of the free tools, assessments, workshops, and training available to you as a Microsoft 365 customer.

Collaborate to Sharing Best Practice

We also find more recently that organisations are starting to form security alliances where they share best practice methodologies, observations and even training and workshops with their peers in similar organisations.

We work with other housing associations in a collective intelligence forum where we share information around cyber awareness and best practice and if any of us have an issue, we have others to lean in and help each other out.

Paul Clark | London & Quadrant Housing

This can be a great way to reduce the burden on stretched IT resources as well as reduce cost when they are paying for or attending security assessments and workshops, much in the same way we do with our customer panel on our monthly Fireside Chats.

Do it yourself with Microsoft Secure Score

Microsoft Secure Score enables your IT or Security Operations team to review, score and benchmark your organisation’s secure posture. Secure Score works by representing your security metric across the entire digital estate irrespective of whether you’re using a Microsoft or third-party tools.

Secure Score does four things

  1. Provides a tool to help you assess the state of your security posture across identity, devices, information, apps, and infrastructure. You can also benchmark your organisation’s status over time and compare it to other organisations.
  2. Evaluate each recommendation using embedded guidance to determine which vectors of attack are a priority and how they can be mitigated. Can also be used to help identity and add improvement actions to your posture improvement plan.
  3. Help determine potential user impact using integrated workflow capabilities to and identify the procedures necessary to implement each recommendation in your environment.
  4. Use historical reports to track and maintain progress, identify regressions, and report to leaderships teams. Using measurable data, clearly demonstrate the progress you’re making to better secure your environment.
Microsoft Secure Score(r)

Leverage Free* Cloud Security Workshops

Cisilion are one of a handful of trusted Microsoft Cloud Security partners that can deliver free (*funded – subject to approval by Microsoft) workshops, threat assessments and awareness workshops to help organisations understand, test drive, and prove the value of Microsoft Security whether they have already invested int he product suites or not.

These provide an overview, deep dive, and hands on exposure to help you understand key areas and aspects of key areas of threat protection including:

  • Securing corporate identities and access
  • Defending against threats with SEIM plus XDR
  • Securing Azure and multi-cloud environments
  • Mitigating compliance and privacy risks including “insider risk”
  • Protect and govern sensitive data
  • Defense and visibility in depth with Azure Sentinel
  • Securing the endpoint

We have created a quick guide/overview to the funded workshops. To register for one of these, speak to us, contact us, or get a referral to Cisilion from your friendly Microsoft Account Team.

Microsoft Fast Track Services

All paying Microsoft 365 commercial and public sector organisations will have entitlement to Microsoft Fast Track Services. This is a free consultative and guidance service delivered by Microsoft or their trusted Fast Track partners and provides free guidance and assistance for the enablement and adoption of Microsoft Cloud Technology.

Public Webinars and News

There is lots of useful content, webinars and new on the Microsoft Security Pages:

Join Our Security Community – Microsoft Tech Community


Should every organisation be considering Windows 365?

Windows 365 has just celebrated its first birthday – but what is it and why is Microsoft betting big on Windows 365 to help improve the employee experience, tighten security, and provide better agility for employees?

Businesses globally are once again being hit head on with challenges unrivalled in recent business history. Employee churn-rates are at record levels presenting unique business challenges, whilst the continuing shift in the workforce from centralised offices to home working has increased the number of “work locations” exponentially. Combined with the on-going global supply chain shortages, and logistical difficulties in procuring, preparing, and shipping new devices to employees makes onboarding new employees more challenging than ever. The continuing need to provide employees with a secure, professional, corporate desktop environment is pressuring IT to make decisions that can impact process, security, governance and above all employee satisfaction.

Microsoft are betting big with Windows 365, since it can help organisations significantly reduce the time it takes to provide new employees with access to their corporate desktop environment from days or weeks to minutes without compromising security. What’s more, unlike traditional on-premises Virtual Desktop Infrastructure (VDI) environments, Windows 365 (which is a new category of cloud computing, known as Cloud PC, simplifies the entire provisioning process and user experience.

In conjunction with the Enterprise Security Group, Microsoft recently carried out a TEI study which found that by leveraging Windows 365 Cloud PC, organisations can significantly lower the cost of providing access to an organisation’s end user computing environment whilst improving security and employee satisfaction. The ESG report also revealed that Windows 365 can provide a “typical organisation” with an overall annual benefit of up $7,271 per user for small businesses and up to $6,765 per user for companies with over 1,000 employees.

What is Windows 365?

In short, Windows 365 unlocks a new category of hybrid personal computing, called “Cloud PC” that delivers Windows from the cloud. It aims to provide a hybrid approach to providing client computing by utilising a cloud service that is not tied to any specific hardware.

Image (c) Microsoft

Windows 365 combines the power and security of Windows 10 or Windows 11 with the scalability and versatility of cloud to provide a personal, reliable, and familiar work/desktop environment on any supported physical device. If want to see it in action, you can head over to Microsoft’s YouTube video here.

Similar in concept, but different to VDI technology, Cloud PCs are one of the newest Microsoft cloud solutions to come to market. Cloud PCs are optimised for business and user agility, are highly secure, persistent to the user and are billed on a per-user, per-month model that simplifies the cost and infrastructure complexity of client computing environments and on-premises VDI solutions.

The report by ESG validated that Windows 365 provides capabilities that address nine of the ten business challenges identified by IT leaders.

Source: ESG Complete Survey Results, End-user Computing Trends, February 2022.

SIMPLE, COST EFFECTIVE, POWERFUL, SECURE – Windows 365 works by giving each user a dedicated Cloud PC (of a chosen specification) that runs their own individual Windows 10 or Windows 11 desktop environment while providing an extremely simple-to-manage ecosystem all managed via Microsoft’s Endpoint Manager toolset which is used to manage the rest of the physical desktop or laptop estate. For users, this means they can bring their existing device and instantly be presented with a familiar and powerful end-user computing experience either while they “wait” for their replacement or physical device or instead of waiting for IT to procure, provision, and image a new corporate device. In turn the ESG report finds that Cloud PC technology provides an effective solution for organisations of any size and sector, which are working to meet the complex needs of a hybrid or remote workforce.

Benefits of Windows 365 Cloud PC

Cost Predictability

The ESG report, concludes that Windows 365 delivers a combination of lowered costs, eliminated costs, and a predictable fixed cost model which can provides significant financial benefit in several areas.

  • Lower costs: Shifting to Windows 365 lowers and eliminates costs in several areas, including VDI licensing, server operating systems, remote desktop licensing, storage, management, power and cooling, license management, VDI management, procurement, and end-of-life costs.
  • Fixed-price model: Windows 365 Cloud PC pricing is based on a simple per-user, per-month model which that allows organisations to match computing and storage needs to individual user requirements. There is value in being able to project costs in business. Most VDI pricing models are based on consumption, which, while this may initially seem like an advantage, most organisation often find that their monthly charges extend far beyond projections when usage spikes unexpectedly.
  • Ability to cross-charge services: Organisations that charge internal or external business groups fees for licenses, hardware, or services will find that the Windows 365 predictable cost model makes it much easier to allocate specific costs in a granular and predictable way, especially when compared to the capital-intensive purchases needed to facilitate on-premises VDI or DaaS.

Business and User Agility

With employee churn-rates are at record levels, continuing delays in supply chains and with more employees, contractors and temporary staff being permanently remote, getting new employees up and running as quickly as possible is a big challenge. Windows 365 allows companies to provide highly secure Cloud PCs running Windows 11 on their device within minutes verses hours, days, or weeks.

  • Time to employee enablement: The time from when a new employee, temporary worker, or contractor is hired to when they are fully onboarded with their corporate device often takes time, leads to the employee getting a second-hand device, or means it delays their onboarding time. Leveraging Cloud PC technology can, however, means that organisations can now provide new starters with a new Windows desktop is under an hour, allowing them to security access their work environment from any supported device that the new worker wishes to use, even if it is only a temporary situation.
  • Enablement of temporary/seasonal workers – The cost in both money and time to empower short-term workers with a company work environment is often high, and either inhibits an organisation’s willingness to employ temporary works or worse, means they are forced to compromise on security due to the time to procure and provision a device. With Windows 365, temporary workers can quickly be provisioned so they have immediate access to the corporate environment while safe in the knowledge that all intellectual property stays secured within the corporate environment, and that the Cloud PC can be immediately removed at the end of the contract period.
  • Efficient IT Management – When compared to the effort required in procuring, preparing, and delivering laptops to users or even configuring and deploying virtual desktops with traditional VDI platforms, deployment of Cloud PC technology like Windows 365 can result in a 46% reduction in IT effort.
  • Ability to use any device – Windows 365 allows IT to provide workers with a highly secure, Windows 11 desktop on any supported device even though the host device may not be capable of natively running the OS. This is also great for “Bring Your Own Device” (BYOD) scenarios for employees who may just be starting or have shifted to working from home or short-term workers such as interns, contractors, and consultants.
  • Increased ability to react quicky to seasonal demand – The ability to get a secure, corporate desktop to users quickly is one of the barriers to rapid enablement. Windows 365 Cloud PCs empower businesses to immediately create and decommission desktops to react to opportunities that might be ignored in other DaaS or VDI environments.
  • Equality with the employees – The mindset of the workforce has changed from “May I have a job?” to an attitude of “What are you willing to do to keep me as an employee?”. Treating all employees as equals and providing them with a premium, professional-grade work environment is two of the key criteria for ensuring employee satisfaction. With Windows 365, employees can access a highly secure, personalized Windows 11 work experience through their Cloud PC, regardless of location or available device.
  • Merger and acquisition (M&A) scenarios – Mergers and acquisition events take months, even years, to align the separate work environments that result in an M&A to the same access and security postures. This limits potential cooperation between the entities and delays the full realization of value for the event. The ability to rapidly assimilate the new entities to the existing EUC solution accelerates the time to value and reduces the cost and risk of running parallel environments. The time to combine these two work environments into one can be significantly reduced by using Windows 365 Cloud PC.

Improved Security Posture

Employees and contractors today are working outside conventional environments and often on hardware that was never intended to be on corporate networks. The result is an increased risk of security breaches and data loss and, in many cases, missed business opportunities. ESG has found that organizations that adopt Windows 365 can help enhance their security posture in the following areas.

  • Inclusive, Secure, yet Flexible remote work – Cloud PCs can enable a hybrid workforce in a highly secure manner, even if those workers sometimes or always do their work on devices that aren’t expected to have direct access to corporate networks. Windows 365 Cloud PCs offer a layer of isolation that provides strong protection for the work environment and helps prevent data leakage or loss, with configurable options for how the Cloud PC interact with available physical device.
  • Business continuity and governance – As we know, COVID-19 forced almost every business to suddenly rethink, re-shift and re-prioritise their approach to remote work in a matter of days – doing all they could to get devices, repurpose old kit, leverage employee’s personal devices and ramp up VDI deployments, VPN and remote access tech to enable their people to work, often at the expense of usability, security and governance. As the future of this now unfolds into the hybrid workplace we see before us, technology like Windows 365 becomes a viable BC/DR solution. In short, Windows 365 could now be a vital cornerstone of a business continuity strategy and one that minimises disruption, maintains security and governance and provides a smooth transition for users.
  • Immediate on-boarding and offboarding of employees/contractors – The cost of PC recovery in the event of an offboarded employee or contractor is high and can take weeks in today’s expanded work environment. Interestingly, IBM estimates that 44% of breach events are caused intentionally by disgruntled employees who have been terminated but still have access to company hardware and resources. One of the benefits of Windows 365 is that as well as near instant provisioning, it also allows for the immediate removal of access to the Cloud PC along with all company data.
  • Protection of company data – the FBI estimate that 1 in 10 laptop devices will be lost or stolen during their lifetime, with the risk and financial exposure per event estimated to be between £25,000 and £45,000. Since Windows 365 Cloud PC devices store no data on the host device, a lost or stolen Cloud PC can be limited to the cost of the hardware and can be instantly accessed on another device, meaning no loss of productivity and no risk or loss or theft or corporate data.

What’s your experience of Windows 365?

As always, I’d love to hear your experiences, thoughts, and feedback on this – please leave a comment in the boxes below.


To read more about Windows 365, you can also check out Microsoft’s official FAQ

Microsoft adds “Defender” to more of their Security Products Names

Microsoft Security Logo

As a continuation of Microsoft’s standardisation and integration of their security products across Microsoft 365 and Azure, several other products have now “completed” the name change branding to “Defender” in line with others which moved across earlier this year.

This is the currently “Defender” line up as of Dec 2021.

Previous NameNew Name
Microsoft Cloud App Security (MCAS)Microsoft Defender for Cloud Apps
Microsoft Threat ProtectionMicrosoft 365 Defender
Microsoft Defender Advanced Threat ProtectionMicrosoft Defender for Endpoint
Office 365 Advanced Threat ProtectionMicrosoft Defender for Office 365
Azure Advanced Threat ProtectionMicrosoft Defender for Identity
Azure Defender for IoTMicrosoft Defender for IoT
Azure SentinelMicrosoft Sentinel
Azure Security Center + Azure DefenderMicrosoft Defender for Cloud
Azure Defender for StorageMicrosoft Defender for Storage
Name changes for Microsoft Security Products – Dec 2021

Microsoft’s comprehensive and extensive range of security products and suites are designed to protect organisations from threats across devices, identities, apps, email, data, and cloud workloads.

Microsoft Sentinel is a cloud-native SIEM tool;
Microsoft 365 Defender provides XDR capabilities for end-user environments (email, documents, identity, apps, and endpoint); and
Microsoft Defender for Cloud provides XDR capabilities for infrastructure and multi-cloud platforms including virtual machines, databases, containers, and IoT.

Windows 11 is now available globally

Windows11 Image on Laptop

From midnight last night around the globe, Microsoft pressed the button the availability of Windows 11 which will be offered to eligible Windows 10 PCs from today via Windows Update (or via your IT team if they are ready to press the button on your corporate roll out).

Windows 11 was officially announced to the public in June this year and has endured a short public testing period by Windows Insiders before being made available as an Operating System for everyone (hardware compatibility dependant of course) from 5th Oct 21.

Windows 11 – Born October 5th, 2021

Windows 11 is rolling out in waves

The Windows 11 update will continue rolling out in waves over the holiday and into 2022. Microsoft says it expects to have offered Windows 11 to all eligible Windows 10 PCs by mid-2022, and it will not be forced upon Windows 10 users at any point. Windows 11 is an optional release, and users are free to remain on Windows 10 if they wish. Windows 10 will be getting its own 21H2 release later this year.

As is always the case, Microsoft is also making available offline installation media, as well as the Upgrade Tool that will allow you to install Windows 11 today if you don’t want to wait for it to be offered via Windows Update. The final build of Windows 11 appears to be 22000.194, though that will continue to increase as time passes, as Microsoft continues servicing Windows 11 with bug fixes and security updates.

For Business or for Pleasure

Windows 11 looks different with a simpler, cleaner, and more modern look and feel with many of the key components and stock apps updated. The start menu has also had the biggest overhaul since Windows 8. Beyond the aesthetics and look and feel however, Windows 11 also brings many new features that business users should welcome.

Microsoft say that Windows 11 has been optimised for hybrid working, whereby employees split their time between the home, office and anywhere else they need to work. There has been a focus on improving multi-screen and multi-device set-ups, with options that will help users more easily multi-task and pick up where they left off.

One of my favourite enhancements is a new feature called Snap Layouts, which gives users a greater range of orientation options when multitasking across multiple windows, screens, and applications as you can see in the illustration below.

Windows 11 Snap View Layout Picker
Windows 11 | Snap View Layout Picker


Windows 11 also sets a new benchmark for performance and security, designed to help speed up multi-tasking and memory management whilst (and most importantly), better protecting employees against an ever-growing and evolving cyber attacks and threats with Microsoft’s “Secure from Chip to Cloud” promise for Windows 11.

Windows 11 | Secure from Chip to Cloud

Will my device run Windows 11?

In short, if your device meets the following requires, you will be able to upgrade (or install) Windows 11 on your existing PC.

  • 8th Gen Processor (ok there are some 7-Gens that do work like the Surface Studio 2)
  • 64GB Storage
  • 4GB RAM
  • UEFI Secure Boot with TPM 2.0 Enabled

On personal (our non-managed devices), the easiest way to check compatibility is to use the PC Health Check app that Microsoft have released that will tell you if your device meets the requirements to run Windows 11 or not and gives you a detailed breakdown as to what may be stopping you running it and whether or not they can be resolved (by putting more memory in for example, or upgrading your devices BIOS to support TPM2.0).

You can run this on non-corporate IT managed devices only here:
(thanks to my friend Rowland Hills for spotting the error before)

For managed devices, within an organisation, then IT can check if devices are ready for it using Intune/Endpoint Configuration Manager and can be accessed from https://endpoint.microsoft.com and then navigate to “Reports/Endpoint Analytics/Work from anywhere” blade.

Windows 11 Readiness in Microsoft Endpoint Manager

Note: It is possible (though of course not recommended) to attempt to bypass the checks by installing Windows 11 clean on an unsupported device, though your mileage may vary as to whether it works. Microsoft guarantees no updates on devices that are “unsupported” on Windows 11 except for security patches.

New Devices will ship with Windows 11

Windows 11 will be available to buy pre-loaded on new PCs if also meet the minimum requirements. Microsoft say that devices like the Surface Laptop Studio and Surface Pro 8 will be amongst the first to ship with Windows 11 out of box. Lenovo and Dell are also releasing theirs very soon after.

People say Windows 11 isn’t ready

It is…. but there’s still more work to do and things to polish.

Like Windows 10 before that, Windows is services regularly based on feedback from testers and now the wider public and corporate users. Microsoft is already hard at work on the next update to Windows 11, known as version 22H2 that will continue Microsoft’s vision of simplifying and modernising the Windows User Experience throughout. Windows Insiders in the DEV channel have been testing early builds of future builds for a couple of weeks.

We already know that the next build will add a more consistent and complete dark mode, a continued effort in updating legacy interfaces and apps that haven’t changed since Windows 7/8 and Android App Support which is dubbed to be released early 2022. Based on user feedback in the Insider Hub, there will also likely be enhancements to the task bar and start menu such as “re-enabling” drag and drop of files across apps via the taskbar – one of my bug bears in Windows 11.

This is just the beginning…

…of the Windows 11 journey. You can check the Feedback Hub in the OS, visit the Microsoft Blog pages or become a Windows Insider to help shape the future of Windows 11.

Microsoft now lets you make your password more secure….by removing it completely!

Microsoft has made a giant leap forward in making your online world more secure by making passwords optional for personal MSA accounts like your personal Office 365 account/Hotmail etc.

It’s no secret, that Microsoft is actively striving to make passwords a thing of the past by supporting passwordless accounts. Microsoft already have support for passwordless sign in for commercial Microsoft 365 users as well as personal (MSA) accounts, but is taking this a step further by allowing the password to be totally removed!!!

Beginning today, you can now completely remove the password from your Microsoft consumer account. Use Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favourite apps and services, such as Outlook, OneDrive, FamilySafety, and more.

Vasu Jakkal | CVP of Microsoft Security

How is passwordless more secure than MFA?

Firstly, Microsoft isn’t alone in their view here with both Facebook and Google also starting to actively champion the “death of the password” which is typically the weakest link in online account security since it’s often compromised stolen or phished. Lets face it, nobody likes passwords as we have to create evermore complex and unique passwords, remember them, and change them frequently (and of course use different ones across different sites).

In a blog on the topic today, Microsoft said that they “have heard great feedback from our enterprise customers who have been on the passwordless journey with us. In fact, Microsoft itself is a great test case — nearly 100% of our employees use passwordless options to log in to their corporate account.”.

Going Passwordless

In order to make your MSA account totally passwordless, you need to ensure you have and are using the Microsoft Authenticator app on your phone and ensure it’s set-up to use Muti-Factor Authentication.

Once this is working, you can then go to https://account.microsoft.com , sign in, and then navigate to “Advanced Security Options”. Once here, you should now see a subsection called “Additional Security Options” where there will be a “Passwordless Account” option, which you can turn on.

Enabling Passwordless

It is unknown if or when Microsoft will remove passwords all together and at the moment, you can still re-add a password for your Microsoft account if you want/need to.

“Defender for Endpoints” will now be included for free as part of Microsoft 365 E3/A3

Microsoft Security Logo

Microsoft have announced a more cost effective endpoint protection plan for Microsoft 365 and Windows customers. Named Microsoft Defender for Endpoint P1 this provides comprehensive threat prevention and protection for any endpoints including those running Windows, macOS, Android, and iOS and will be included for free in Microsoft 365 E3/A5 SKUs.

The existing Microsoft Defender for Endpoints SKU will become Defender for Endpoints Plan 2 and is the version currently included in Windows E5 and Microsoft 365 E5.

Microsoft say that this new solution “will make it easier for more security teams across the globe to buy and adopt the best of breed fundamentals of Microsoft Defender for Endpoint” and will provide generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI are some of the capabilities of this new plan.

Why now?

The endpoint remains one of the most targeted attack surfaces as new and sophisticated malware and ransomware continue to be prevalent threats and it’s not slowing down. Ransomware in particular continues to persist and evolve, financial damage continues to increase, and the impact is felt across numerous industries.

Over the last year, Microsoft have seen more than a 120% increase in organisations who have encountered some form of ransomware attack as shown in the graphic provided by Microsoft.

thumbnail image 1 captioned Volume of organizations affected by ransomware.
Image from Microsoft Security

Microsoft are keen to ensure they provide “security for all” and this comes just days after a commitment with Biden to invest more than $20billion in security over the next 5 years.

Microsoft claims they already provide best of breed, multi-platform, and multi-cloud security for all organisations across the globe and their integrated suite of security and threat protection and remediation services provides simplified, comprehensive protection that prevents breaches and enables our customers to innovate and grow.

Microsoft say that “as part of that commitment, we’re excited to offer a foundational set of our market leading endpoint security capabilities for Windows, macOS, Android, and iOS at a lower price in a new solution to be named Microsoft Defender for Endpoint Plan 1 (P1) which will also be included in Microsoft 365 E3 for free.

Licensing and Pricing

The great news is that “Plan 1” will be included in Microsoft 365 E3 /A3 at no addition cost and will be a made available as a low cost add-on for other SKUs. Microsoft 365 E5/A5 will continue to include Defender for Endpoint “Plan 2”.

This is currently in public preview, meaning you can sign-up for it for free for 90 days now. After the 90 days is up, you can buy this from your friendly Microsoft CSP or licensing partner. Customers already of Microsoft 365 E3/A5 will get this for free once released for General Availability (within the next 90 days) and will then be able to enable/user the service.

thumbnail image 10 captioned Microsoft Defender for Endpoint P1 capabilities are offered as a standalone license or as part of Microsoft 365 E3.
How to buy Defender for Endpoints Plan 1

Plan and Plan 2 compared

The diagram below shows the extent of the threat protection and remediation services offered by Microsoft Defender for Endpoints.

thumbnail image 2 captioned Microsoft Defender for Endpoint P1 offers attack surface reduction, next generation protection, APIs and integration, and a unfied security experience for client endpoints including Windows, macOS, Android, and iOS.
Microsoft Defender for Endpoint (C) Microsoft.

Plan 1 is aimed at organisations looking for mainly endpoint protection (EPP) where you get best of breed fundamentals in prevention and protection for all your client endpoints. It includes next generation protection, device control, endpoint firewall, network protection, web content filtering, attack surface reduction rules, controlled folder access, device based conditional access, APIs and connectors, and the ability to bring your own custom TI. Finally, it includes access to the Microsoft 365 Defender security experience to view alerts and incidents, security dashboards, device inventory, and perform investigations and manual response actions on next generation protection events.

Plan 2 is aimed at most larger enterprises who need full endpoint detection and response (EDR). This builds on Plan 1 and provides full EDR capabilities to further prevent security breaches, reduce time to remediation, and minimise the scope of attacks with vulnerability management, endpoint detection and response, fully automated remediation, advanced hunting, sandboxing, managed hunting services, and in-depth threat intelligence and analysis about the latest malware campaigns and nation state threats.

The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.

thumbnail image 3 captioned Comparison between Microsoft Defender for Endpoint P1 and P2 capabilities.
Image (c) Microsoft.

Getting Started

You can sign up for the preview using the link here, and Microsoft have provided a detailed blog which goes into more detail than have shared above also provide a simple walk-through for admins and sec ops.

You can also read the latest Gartner report which details Industry leading security capabilities.

Windows Server and SQL 2008 and 2012 – Extended Support Options

SQL and Windows Server 2008

Extended Security Updates were made available (at a cost) by Microsoft for both SQL Server and Windows Server versions 2008 and 2008 R2 since “official support” ended but these extended support update are also now coming to an end on:

  • SQL Server 2008: July 9th, 2022
  • Windows Server 2008/2008 R”: Jan 14th, 2023 respectively.

If your organisation is still running any of these older server products in Azure then you will be currently entitled to (and receiving) 3 years of free Extended Security Updates, and Microsoft have recently announced that one more year of Extended Security Updates will be available BUT ONLY if these workloads are running in Azure.

 

SQL Server and Windows 2012

Support for SQL Server 2012 and Windows Server 2012 / 2012 R2 is also coming to an end:

  • SQL Server 2012: July 12th, 2022
  • Windows Server 2012/2012 R2 on October 23rd 2023

As with version 2008, Microsoft will be making (again at a cost) 3 years of Extended Security Updates available from your licensing partner or Cloud Solution Provider (CSP) and, as before these will be free if these workloads are running (or moved into) Azure

If you are no planning on moving these into Azure, then you’ll need to buy licences for each server instance you need to cover.

Cost for ESU are

  • Year 1: 75% of the licence cost
  • Year 2: 100% of the licence cost
  • Year 3: 125% of the licence cost

What are my options?

If you are still on Windows Server 2008 or SQL 2008, you have 3 options:

  1. Migrate the VMs/Servers into Azure for  ONE MORE YEAR of free support
  2. Migrate or Rehost apps and workloads to Windows Server and SQL Server on Azure virtual machines
  3. Modernize with Azure services such as App Service and Azure SQL Managed Instance, and never have to patch or upgrade again.

If you are Windows or SQL Server 2012, you have 4 options:

  1. Pay for Extended Support for up to 3 years
  2. Upgrade the Servers to a supported version of SQL and Windows 
  3. Migrate or Rehost apps and workloads to Windows Server and SQL Server on Azure virtual machines
  4. Modernize with Azure services such as App Service and Azure SQL Managed Instance, and never have to patch or upgrade again.

 

Further Reading and References

You can find the formal announcement here, along with the data sheet which does into more detail, as well as a FAQ from Microsoft. 

Microsoft announces $10b in Security Revenue and is leading the battle on the Cyber Security Crisis

Microsoft Security Logo

I first blogged about the sheer size and capability of Microsoft as a cybersecurity giant about a year ago, but last week Microsoft homed in on this as they highlighted the revenue from its various security offerings as part of its FY21 Q2 quarterly earnings.

$10 billion over the last 12 months.

You might think that for a global organisation like Microsoft, that this is just a number, but what is significant is that this amounts to a 40% year-over-year jump in the security and compliance part of Microsoft which means that Security and Compliance now makes up circa 7% of their total revenue for the previous year to date.

In a statement at the earnings report, Microsoft’s CEO, Satya Nadella said “We waited in some sense until this milestone to show the depth, the breadth, the span of what we are doing.” …”there is a lot of work ahead, but we are investing very heavily because guess what? You know 10 years from now we’ll still be talking about it as technology becomes even [a deeper part] of our lives in our society in all critical industries.”

Satya went on to say in the announcement that “What we have built is very helpful in times of crisis and there is a big crisis right now, but you need to sort of obviously build all of this over a period of years if not decades and then sustain it through not just product innovation, but also I would say, practice every day.”

Proven hunters

Back in December 2020, Microsoft’s were the forerunner and lead investigator in the uncovering and closing of the massive global SolarWinds cyber-attack which hit private companies like cybersecurity company FireEye, many leading FTSE 100 organisations as well as UK, US, and other global government agencies (even Microsoft themself were affected).

Microsoft we the “defenders that other defenders were turning to” Microsoft said, they “were working with FireEye and across the public sector and private sector coming together”.

Zero Trust is more important than ever.

Part of Microsoft’s ability to respond to the SolarWinds hack has to do with what the tech and sec industry refers to as a “zero trust” approach to security. This means an organisation needs to continuously adopt an “assume breach” mindset and authenticate and validate access continuously. This is similar in some respects to fight against Covid19 of “assume you are infected”.

For anyone still sceptical about Microsoft as a security player, there is no doubting the giant that they have become. There are of course many “best of breed” products out there to protect against certain services or pillars, but what Microsoft has done well, really well is to have built a “best of suite” which spans not just across Azure and Microsoft 365 but also across pretty much any cloud, hybrid or on-premises apps and services a business uses.

Microsoft’s investment clearly goes far further than just having a good security portfolio, which is substantial when you look at technologies like Microsoft Defender, Sentinel or Azure Active Directory, but it is their ability to take these services, integrate them into all their products and infuse more AI and data signals (almost 7 Trillion a day) than anyone else.

MIcrosoft Security Infographic

Working from home adds to companies’ security needs

The ongoing coronavirus pandemic forced many companies to change how they work and think about work, with their employees now working from home either temporarily or (in many cases) for the foreseeable future in some capacity at least.

This has of course introduced and opened the way for new attack vectors for cyber hackers because the physical layers of security (in person identification and swipe card access for example into buildings), perimeter network security (such as network access control), and the fact that we probably only used “managed devices” meant that IT had a good awareness and grip on control of things like malware or odd user/network activity.

Working remotely changes this for most. When working remotely at home (unless only via a secured VDI), employees are running on their own network (and they aren’t sec admins) often in a false sense of security because “no one will hack my home“, often preventing or inhibiting IT to monitor them without changing their approach and toolsets.

For most (especially if using shared or personal devices), it doesn’t take much for just one person to download malware on their computer at home, then accidentally send that malware to your company’s systems or file shares when they next connect to the network to update a spreadsheet or send a report.

Security must be built in at every single point and can no longer be an afterthought. “There needs to be a real different approach to creating a cybersecurity solution for customers,” Satya Nadella said.

Security Giants

According to Microsoft, they now protect more than 400,000 customers across 120 countries, including 90 Fortune 100 companies. Microsoft currently categorise their security offerings into four pillars:

Security | Compliance | Identity | Threat Management.

This milestone figure of $10 billion comes from the security-related revenue generated by services including Microsoft’s Azure Active Directory, Intune, Microsoft Defender for Endpoint, Office 365, Microsoft Cloud App Security, Microsoft Information and Governance, Azure Sentinel, Azure Monitoring, and Azure Information Protection.

Microsoft Edge now alerts you if any of your online passwords are leaked!

Password Dialogue Screen

Let’s face it – all of us re-use our passwords across different systems, and most use one password for pretty much everything they online – and whilst these may be secure (and yes, some sites may enforce MFA – that’s something at least), if just one of these sites/company’s get’s breached – then your password is out there!!!

Microsoft are trying to help prevent this – well, at least make sure you know so you can do something about it quickly…

Whilst anyone running Beta or Dev version of Edge have had this for a while, the latest “stable” update to roll out this week, has introduced / released probably of the most important feature to help users (everyone) understand anywhere where their password may have been breached/compromised – not just on their Office 365 or laptop credentials but across any (and i mean) any web site or SaaS service they use in Edge.

Introducing Password Monitor in Edge

Microsoft have released a new feature called Password Monitor (which is included in Edge build 88 and later), which notifies users if any of their saved passwords have been found in a third-party breach.

Edge Password Monitor Graphic

This is done by using password hash comparison (so Microsoft doesn’t actually learn or store passwords anywhere), so users can be assured that neither Microsoft nor any other party can learn the user’s passwords while they are being monitored for breach.

When you turn on Password Monitor, Edge  starts periodically (you can force it too) checking the passwords you’ve saved in the browser against a huuuuuuge database of known leaked passwords that are stored in the cloud. If any of your passwords match those in the database, they’ll appear on the Password Monitor page in Microsoft Edge Settings. and you also get a pop-up notification if new ones are found. What this is basically telling you is that “any passwords listed there are no longer safe to use” and you should change them immediately – pretty damn useful advice for anyone!
 

Why this so important

Each year, hundreds of millions of usernames and passwords are exposed online when websites or apps become the target of data leaks and as i mentioned at the start, whilst the public are regularly cautioned against reusing the same username and password combination for more than one online account, it’s a common practice, which leaves them vulnerable on multiple sites when even one passwords gets leaked. Even if your password is complex – it only takes one site to be leaked and your password and username is out there – its like leaving the front door of your house wide-open.

Leaked usernames and passwords often end up for sale on the online black market, commonly referred to as the Dark Web. Hackers use automated scripts to try different stolen username and password combinations to hijack people’s accounts. If one of your accounts is taken over, you can be the victim of fraudulent transactions, identity theft, illegal fund transfers, or other illegal activities and bear in mind many of these sites allow you to save or store payment information, address information, family information on them – perfect for an identity theft!

Password Monitor helps protect your online accounts in Microsoft Edge by informing you when any of your passwords have been compromised, so you can update them. Changing passwords immediately is the best way to prevent your account from being hijacked.

Enabling Password Monitor

This new feature is not enabled by default. In order to active this, you need to carry out these simple steps

  1. Sign in to Microsoft Edge using your Microsoft account or your work or school account.
  2. Navigate to Settings and more > Settings > Profiles > Passwords.
  3. Turn on Show alerts when passwords are found in an online leak.
  4. Any unsafe passwords will then be displayed on the Password Monitor page.

Screenshot of settings in Edge

If you are signed in and syncing your passwords, Password Monitor is automatically enabled in your browsers – auto enablement

When you first enable Password Monitor for the first time, all your passwords will be checked to see if any of them have been compromised. If any of your passwords match those in the list of known leaked passwords, a notification appears:

 

This notification appears only once each time a new password is found to be unsafe. Microsoft give you two options at this point:  – view the details or dismiss the notification – its ok you can come back to them later. 

 

Responding to notifications

If Edge informs you that a user / password combination has been breached / therefore is no longer safe, can go here to learn more :

Settings and more > Settings > Profiles > Passwords > Password Monitor.

Here you will see a list of all the unsafe passwords Microsoft has found, and then for each account listed on the page you can be redirected to that site to allow you to update and change your password.  If an entry in the list of compromised passwords is no longer relevant (you may have deleted your account for example), you can click ignore – remember though, if just one site is breached and you use that account elsewhere – change it!

Microsoft have provided a nice Q&A and support page for this here: Password Monitor support page.

 

Read More about how Password Monitor works

Password Monitor will be made available to Edge users on a rolling basis so it will not be immediately visible to everyone.

You can read more about how this works and why is such a vital step forward for privacy, security and control of your online life here: Password Monitor: Safeguarding passwords in Microsoft Edge – Microsoft Research

Microsoft Defender now unifies SIEM and XDR

Microsoft Security Logo

At #Ignite2020 (September 2020), Microsoft announced a change to their Security and threat protection with a new, unique approach designed to “empower security professionals to get ahead of today’s complex threat landscape” with fully integrated SIEM and XDR (eXtended Detect and Response) tools from a single vendor so you get the best of both worlds. – much of the summary below is taken from the wider Microsoft Blog.

As part of this, Microsoft are unifying their XDR tech under the Microsoft Defender brand.

“The new Microsoft Defender is now the most comprehensive XDR in the market and prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms”.

With Microsoft Defender, Microsoft are both rebranding our existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.

Microsoft Defender is delivered in two main areas,

  • Microsoft 365 Defender for end-user environments and
  • Azure Defender for cloud and hybrid infrastructure.

Microsoft 365 Defender

This delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents, using AI to reduce the SOC’s work items. Microsoft claims this can consolidated 1,000 alerts to just 40 high-priority incidents and that built-in self-healing technology fully automates remediation with a success rate of over 70%, ensuring the SOC can focus on “other tasks” that better leverage their knowledge and expertise.

An image of the Microsoft 365 Defender dashboard.

As part of this, the following branding changes have also been made to the Microsoft 365 security services:

  • Microsoft Threat Protection is now Microsoft 365 Defender

  • Microsoft Defender ATP is now Microsoft Defender for Endpoint

  • Office 365 ATP is now Microsoft Defender for Office 365

  • Azure Advanced Threat Protection is now Microsoft Defender for Azure

As well as the name change, several new features are now also available or coming:

  • New mobile for Apple iOS (now in Preview) and Android support now released. As a result, Microsoft now delivers endpoint protection across all major OS platforms.
  • Extension of the current macOS support with addition of threat and vulnerability management.
  • Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information. 

Azure Defender

Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center and delivers XDR capabilities to protect multi-cloud and hybrid workloads, including VMs, databases, containers, IoT, and more. 

An image of Defender.

Aligned with the Microsoft 365 brand changes, there are also new name changes as well as some new features naturally!

  • Azure Security Centre Standard is now Azure Defender for Servers
  • Azure Security Centre for IoT is now Azure Defender for IoT 
  • Advanced Threat Protection for SQL is now Azure Defender for SQL 

Along with the name change, these new features were also announced: 

  • New unified experience for Azure Defender that makes it easy to see which resources are protected and which need protection.
  • Added protection for SQL servers on-premises and in multi-cloud environments
  • Added protection for virtual machines in multi-cloud
  • Improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
  • Support for operational technology networks with the integration of CyberX into Azure Defender for IoT.

The video below from Microsoft shows how it all works

Video from Microsoft Mechanics on the New Microsoft Defender

 

And finally…. let’s not forget Azure Sentinel

Whilst the XDR capabilities of Microsoft Defender delivered through Azure Defender and Microsoft 365 Defender provides rich insights and prioritised alerts, to gain visibility across your entire environment and include data from other security solutions such as firewalls and existing security tools, we connect Microsoft Defender to Azure Sentinel, Microsoft cloud-native SIEM.

Azure Sentinel is deeply integrated with Microsoft Defender so you can integrate your XDR data in only a few clicks and combine it with all your security data from across your entire enterprise.

An image of Azure Sentinel.

You can read the full Microsoft Blog on this here:

“Application Guard” for Office Desktop Apps enters public preview

Image of Office Application Splash Screen

Microsoft has released a new security feature for Microsoft 365 into Public Preview. This new feature, known as “application guard“, has been designed to help prevent risky, malicious, or untrusted files from accessing your trusted resources.

This feature is turned off by default, and it’s currently only available to organisations that have Microsoft 365 E5 or Microsoft 365 E5 Security licenses.

When enabled however, files from the internet and other potentially unsafe (not yet scanned or trusted) locations can contain viruses, worms, or other kinds of malware that can attempt to infect or harm users’ devices and data, in the case of malware, spread to other areas.

With the new Application Guard feature enabled, Office apps will open files from potentially unsafe locations in Application Guard, which is a secure container (in memory) that is isolated and shielded from other applications, device hardware, processes, and system memory through hardware-based virtualisation.

When enabled, users will see a change to the standard Office splash screen on the first launch of an untrusted office document that indicates that Application Guard for Office has been enabled, and that the file is being opened in a secure environment. In addition, the application will also display a visual indicator, such as a callout in the ribbon and the taskbar icon, to inform the user that the Application Guard is running.

Screenshot showing Office Application GuardImage of Office Application Splash Screen

What is nice about this new feature is that unlick the previous “protected mode” which limited editing functions for example and prevented some aspects of the document or excel macros from running, with Application Guard, users do NOT get a compromised experience, meaning they can securely read, edit, print, and save those files without having to re-open files outside the “safe” container.

As I said at the start, this feature is off by default and needs to be enabled by IT admin using a group policy or a CSP entry in your MDM . Details on how to enable Application Guard are provided by Microsoft here

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide