Microsoft looks to the cloud to expand its security offerings

Ignite is Microsoft’s main annual conference for bringing together its enterprise users and IT community. It’s no surprise then that security is one of the main topics at the event, with almost 150 sessions dedicated to the topic. And just as unsurprisingly, Microsoft is also using the event to announce a number of new security features, largely around its Microsoft 365 offerings. What ties many of these updates together is that they rely on security services and machine-learning based risk assessments that run in the cloud.

Microsoft 365 is a relatively new program, but it’s essentially a subscription offering that gives businesses of any size access to Office 365, Windows 10, Microsoft’s enterprise mobility services and other tools (based on the subscription tier).

Let’s start with some more general security updates, though. Azure Active Directory (AAD), Microsoft’s identity and access management system, currently manages 450 billion authentications per month and because those authentications are all running through Microsoft’s cloud, the company probably has a better view of what’s happening with identity than virtually any other company. This “Intelligent Security Graph,” as Microsoft calls it, form the basis of a number of updates the company is announcing today.

“One of the most valuable things that we’ve built ever is the intelligent security graph and that’s where we bring all of this data together. In that graph, every enterprise identity now has a risk score attached to it,” Microsoft’s Brad Anderson, CVP Microsoft Enterprise Mobility + Security, told me ahead of today’s announcements. “Having a lot of data is great, but having the right unique data is incredible.” Conway also noted that over 10 terabyte of data flow through this algorithm every day.

The most important of these is probably Cloud App Security, which allows IT to monitor and control how employees use their cloud-based applications. Typically, IT doesn’t have much insight here and while admins may be able to control how documents flow through an internal email system, it’s harder to control the documents a user may share through a third-party file storage service in the cloud. With this, IT can decide that it’s ok for a user to access a certain cloud app from an unmanaged device, but that the user isn’t allowed to download a document from that service.

Microsoft is also making it easier for IT to give conditional access to some files and it’s implementing support for two-step authentication from RSA, Duo and Trusona.

Moving on to the Microsoft 365 world, one of the most interesting updates here is an enhancement to Office 365 message encryption that will allow you to send encrypted messages to users outside of Office 365, including those who use consumer services like Gmail and Outlook.com. Sadly, the details here remain a bit vague, but Microsoft’s Andrew Conway, the general manager of product marketing for its enterprise mobility and security solutions, tells me that the idea here is to make the experience seamless for everybody involved.

Email is also the main vector for phishing attacks, so the company today also launched an update to the Office 365 Advanced Threat Protection service that now also covers links and files shared in SharePoint Online, OneDrive for business and Teams, the company’s Slack competitor.

At some point, even the best security system will see a breach, though. At that point, it’s about detecting unusual activity as soon as possible. Using the Security Graph and Microsoft’s on-premises threat detection tools, the new Azure Advanced Threat Protection service now looks at who is accessing which files at what time and from where to scan for unusual behavior. For Windows machines, Microsoft has now also built Hexadite‘s AI tech, which it acquired for $100 million earlier this year, into the Windows Defender Advanced Threat Protection service (these names definitely follow a certain pattern, but nobody is going to say they roll off the tongue…).

In addition to these Active Directory and Office updates, Microsoft is also launched a new security tool for Azure, the Azure Security Center. This new tool watches over workloads that can run across clouds and automatically looks for potential threats.