Microsoft Outlines Upcoming Improvements to Office 365 and Azure Security
Microsoft this week revealed some security tweaks coming to the company's cloud-based offerings.
Expect a heavy cloud emphasis from Microsoft at RSA. Cloud-enabled security hangs over its entire agenda, as shown in this blog post. A few new cloud security developments were highlighted today in an announcement by Bret Arsenault, Microsoft's chief information security officer.
The new developments include Azure Security Center improvements, a coming preview of Azure Active Directory Identity Protection, and a preview of a new Operations Management Suite dashboard. There also are a few Office 365 security improvements arriving this year.
Microsoft has been using its cloud datacenter capabilities to improve security for organizations, Arsenault noted. It's used to get "real-time insights," to correlate threat intelligence data and use "predictive intelligence" information to help ward off threats. It's done, in part, using Microsoft's "intelligent security graph" technology for collecting data, as well as machine-learning technology. Microsoft is also collaborating with security solution partners on Azure security protections.
These efforts were kicked into high gear not long after Satya Nadella took the CEO helm at Microsoft. For an overview of Microsoft's cloud and operational security shift, see this January Redmond article. Microsoft has been evolving its Trustworthy Computing effort into a kind of security-as-a-service approach.
Azure Security Center Preview Improvements
Much of Microsoft's security announcements today centered on Azure Security Center, which is still at the preview stage after its debut in December. Azure Security Center offers monitoring tools, threat intelligence via machine learning and alerts via dashboards. Arsenault indicated that organizations now will be able to configure policies for the Azure Security Center based on Resource Groups. Previously, IT pros only could set policies across the whole subscription. This change will let organizations set policies based on particular workloads, he explained.
In addition, Microsoft has integrated advanced threat detection capabilities into the Azure Security Center. Crash events are automatically collected from Azure virtual machines. The data get analyzed and an alert is sent to organizations if a virtual machine has been compromised, Arsenault explained. Analytics have been added for "SSH brute force attacks" on Linux virtual machines. It's also capable of detecting RDP brute force attacks on Windows virtual machines. IT pros get the details via a Power BI-based dashboard, which can be customized to mash up other logged data.
Microsoft plans to expand its partner support for Azure Security Center in "the next few weeks," according to its announcement. The Azure Security Center preview already allows organizations to add Web application firewalls and antimalware software from third-party software makers. Microsoft is adding a new partner add-on category called "next generation firewalls" in coming weeks. These next-generation firewalls will be "virtual appliances" from vendors such as Cisco, Check Point and Fortinet, according to an Azure blog post. The Azure Security Center itself will alert users when a next-generation firewall is recommended. Also, Microsoft's roster of Web application firewall vendors will be expanding. Imperva solutions will be added on top of Microsoft's current partners, Barracuda, F5 and Trend Micro.
Microsoft provides a demonstration of its Azure Security Center in this Channel 9 video. The costs, if any, for Azure Security Center haven't been determined yet. Likely they'll be based on "nominal" Azure storage and egress costs, according to Tom Shinder, a Microsoft program manager for Azure security.
Azure AD Identity Protection Preview
Microsoft is planning to release a public preview next week of its Azure Active Directory Identity Protection solution, which tracks the compromised credentials of user accounts. It does so by pulling authentication request information, analyzing the data and then issuing login risk scores.
The Azure Active Directory Identity Protection service uses machine-learning processing of more than 14 billion authentications to pull out this information, which takes up 10TB of data space per day, according to the Azure blog post. It uses signals from Microsoft's applications and data from the Microsoft Security Response Center, as well as Microsoft's Digital Crimes Unit.
OMS Security and Audit Preview
Microsoft announced today that it has improved the Security and Audit dashboard within its Operations Management Suite (OMS). The OMS is Microsoft's management service that works across different cloud platforms.
This improved Security and Audit dashboard is being rolled out as a preview feature of OMS' Log Analytics capability. Some features will be available today and others will be available "over the coming weeks," according to a Microsoft server and cloud blog post.
This Security and Audit preview release shows identity and access information, networking data, malware assessments, and update assessments. It can graph data over specific time periods, such as 24 hours or weekly, or a custom time period can be specified. It can link its reporting to the Azure Security Center.
Office 365 Cloud App Security
Microsoft has further developed its Office 365 Cloud App Security solution and is planning a "general availability" product release in April. This service uses technology Microsoft acquired when it bought cloud security firm Adallom to secure data associated with software-as-a-service (SaaS) apps. It shows which SaaS apps are used, user activity, compromised accounts and "anomalous behavior." It can be used to add security to services such as "Box, Dropbox, Salesforce and Office 365," according to an Active Directory team blog post.
The Adallom technology will power three forthcoming Office 365 management capabilities that will be offered under E5 subscription plans. The capabilities include "advanced security alerts," "cloud app discovery" and "app permissions," which will be added in Q3 of this year, according to an Office blog post.
Office 365 Customer Lockbox
Customer Lockbox, which provides a means for organizations to approve Microsoft's access to Office 365 tenant data, was announced at last year's RSA security conference. Microsoft has been gradually rolling it out for various Office 365 services. It reached "general availability" release status for Exchange Online back in December.
Today, Microsoft announced that Customer Lockbox will begin rolling out for its OneDrive for Business and SharePoint Online services in Q2 of this year.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.