Security Announcements at Microsoft Ignite: A Quick Look

How ITC Secure Can Help Leverage New Capabilities

Microsoft’s annual event, Ignite 2022, opened amidst global, economic and societal turbulence to introduce new technology capabilities and help people and businesses navigate unpredictability. The predominant theme was to equip organisations to do more with less. As Microsoft Chairman and CEO Satya Nadella explained, “It means applying technology to amplify what an organisation can achieve amidst today’s constraints.”

Whilst there were announcements aplenty at the event, this discussion will focus on those related to security, what they mean to customers, and how ITC can facilitate organisations to take advantage of new capabilities. 

As more core operations go digital and organisations become exposed, strengthening security has become a high strategic priority. Yet McKinsey estimates the current penetration of security solutions to be woefully low at just 10%. New Microsoft announcements – aimed at reducing complexities in achieving cloud-enabled digital transformations securely – will help address that gap.

Below is a summary of the main security announcements with insights into what they mean to customers.

Enhanced Endpoint Management

MICROSOFT INTUNE: Microsoft Intune is the new name for the expanding family of endpoint management products in the cloud wherein Microsoft Configuration Manager will remain a part of the product line. The Advanced Management Suite will be launched in March 2023 as a cost-effective premium endpoint management solution.

MICROSOFT TUNNEL: To be released in January, this is primarily for mobile app management (MAM). A VPN solution for Microsoft Intune, MAM will enable employees to securely access company resources without requiring device enrolment. Employees will be able to use a device of choice and retain privacy of personal data, while IT will be empowered to apply policies for enhanced protection.

ENDPOINT PRIVILEGE MANAGEMENT: To be launched with Microsoft Intune, this capability allows IT to set policies and dynamically elevate standard users with admin permissions to enhance productivity, while reducing risks for admin privileges. 

Boosting Cyber Defense

Organisations are moving away from legacy antivirus and modernising with Microsoft Defender for Endpoint. To facilitate the transition, Microsoft is offering an attractive 50% discount for a limited time on Defender for Endpoint Plan 1 and Plan 2 licences. This will empower organisations to do more even as they modernise with a leading endpoint protection platform. 

MICROSOFT DEFENDER FOR SERVERS support agentless scanning in addition to an agent-based approach to virtual machines (VMs) in Azure and AWS. Defender for Servers P2 will provide Microsoft Defender Vulnerability Management premium capabilities. 

MICROSOFT DEFENDER FOR CONTAINERS will expand multicloud threat protection with agentless scanning in AWS Elastic Container Registry. These updates are in preview. 

MICROSOFT DEFENDER FOR DEVOPS: Provides visibility across multiple DevOps environments; centrally manages DevOps security; strengthens cloud resource code configurations; prioritises remediation of critical issues across multipipeline and multicloud environments; and supports leading platforms like GitHub and Azure DevOps.

MICROSOFT 365 DEFENDER: Available in Microsoft 365 E5 licences, it secures customer deployments with faster detection and responds accurately to external attacks and insider risks. Automatic attack disruption capability to protect organisations’ SOCs at machine speed using extended detection and response (XDR). Correlates trillions of signals across identities, endpoints, email, documents and cloud apps, to detect in-progress attacks like ransomware and financial fraud. 

Securing Multicloud

MICROSOFT DEFENDER CLOUD SECURITY POSTURE MANAGEMENT (CSPM): Currently in preview, this solution builds on existing capabilities to deliver integrated insights across cloud resources, including DevOps, runtime infrastructure and external attack surfaces. Provides contextual risk-based information. Defender CSPM provides proactive attack path analysis to identify the most exploitable resources across workloads and reduce recommendation noise by 99%.

MICROSOFT CLOUD SECURITY BENCHMARK: A comprehensive multicloud security framework is now generally available with Microsoft Defender for Cloud as part of the free Cloud Security Posture Management experience. This built-in benchmark maps best practices across clouds and industry frameworks, enabling security teams to drive multicloud security compliance. 

MICROSOFT DEFENDER EXTERNAL ATTACK SURFACE MANAGEMENT: Instead of sifting through long lists of vulnerable resources, customers can use the attack path analysis built on the cloud security graph to reduce recommendation noise. 

Modernising Governance

MICROSOFT ENTRA IDENTITY GOVERNANCE: This in-preview solution helps organisations to ensure the right people have the right access to the right resources at the right time. It extends existing capabilities of converged identity governance and access management for on-premise and cloud-based user directories. Key capabilities include:

  •  Workload Identities: Identity and access management to manage and secure identities for apps, services and access cloud resources. Customers can create risk-based policies with conditional access, detect and respond, and enforce least-privileged access. 
  • Certificate-based Authentication (CBA): Multi-factor authentication that meets the US Executive Order on cyber security. Now in preview, it enables customers to easily deploy phishing-resistant authentication. Improved UX to identify certificate authentication factors. 
  • Conditional Access Authentication: Granular access to allow users to perform specific actions rather than access the entire app. Now customers can ask for step-up authentication to make material change such as changes to a company financial report or access critical data in the app. 
What ITC Brings to the Table

Most of the new capabilities are already available to existing M365 E5 subscribers. However, it requires expertise to identify specific requirements and activate the capabilities to secure more with what you already have in the stack. 

ITC has a 25+ year track record of delivering business-critical services for over 300 blue-chip organisations globally, across the private and public sector . In early 2020, we were the first managed security service provider in Europe to take Microsoft Sentinel to market as a managed SIEM service. Since then, our partnership with Microsoft has grown from strength to strength. 

This week, ITC was the second organisation in the UK to achieve Microsoft verified Managed Extended and Response (MXDR) solution status. ITC is also a Microsoft Solutions Partner in Security with Specializations in Cloud Security, Identity and Access Management, and Threat Protection.

With deep understanding of emerging technologies and the threat landscape, we can diagnose gaps and advise investment in one or all of the Microsoft security technologies to align with business-specific requirements. 

The advantages of working with ITC include the following:

  •  Experienced experts in the Microsoft security stack holding over 10 certifications and 23 badges from Microsoft in Identity and Security, including one of the first five cyber security professionals in the world to achieve Microsoft Level 5 Sentinel Black Belt. 
  • Taking an advisory-led approach, we work with you to understand your business needs and tailor your solutions based on our assessment, providing proactive, intelligent insight on the steps you need to take. 
  • Our customer success team builds and runs your cyber solution so that you can focus on your business. 
  • We are an award-winning business; awards include the UK Business Tech Awards, UK Customer Experience Awards, named in the Top 250 MSSPs, a certified Great Place to Work® and Best WorkplacesTM in Tech 2022. 
How to get started:
  •  Assessment of how the existing Microsoft estate is being utilised and advice on the best way to improve security and cut costs. 
  • ITC can offer workshops fully funded by Microsoft targeted at specific use cases such as identity, security, threat protection and more to facilitate eligible businesses that are unsure about where to start. For more details: https://itcsecure.com/workshops-microsoft-commerce-incentive
  • Register to attend the ITC Cyber Summit 2023. Learn how to simplify cyber security and use it as an enabler for your business, whilst optimising existing investments and gaining accelerated ROI. The event brings together industry experts to discuss the biggest cyber security trends and issues affecting organisations today. View the agenda and register today: https://go.itcsecure.com/cybersummit2023/save-your-space