News

Microsoft Outlines Latest Security Efforts at Ignite

• By Chris Paoli
• 11/20/2024

In the wake of last year's CrowdStrike incident, Microsoft has worked to publicly rehabilitate its security image through new initiatives and public commitments to improve. That push continued this week at Ignite, where Microsoft announced a handful of new security tools and updates.

Microsoft said this week's new security updates and additions adhere to its Secure Future Initiative, which dictates three core tenets for the company: secure by design, secure by default and secure operations.

Protecting your data and ensuring the integrity of your systems is paramount," wrote David Weston, vice president of Enterprise and OS Security at Microsoft, in an Ignite blog post. "From chip to cloud, Microsoft provides multiple layers of security to help protect identities and data, and enables an expansive ecosystem for innovation at a critical time. As the security landscape evolves, we continuously enhance Windows' security and resilience, ensuring it remains a secure platform for our partners, developers and customers. A strong security posture is essential for your business, and a shared responsibility across our ecosystem."

Security Exposure Management Launch
Microsoft has launched Security Exposure Management, a solution designed to help organizations assess and reduce threat exposure. Now generally available to Microsoft Security customers, the tool offers a unified view of an organization's attack surface by consolidating data across devices, identities, applications and hybrid environments.

The platform automates attack path assessments to critical assets and provides prioritized recommendations to strengthen security. It integrates with tools like Microsoft Defender XDR and Security Copilot, offering a seamless pre- and post-breach SecOps experience.

Key features include Attack Surface Management for asset discovery, Attack Path Analysis for risk assessment, and Unified Exposure Insights to align security initiatives with business goals. The solution supports continuous threat exposure management, enabling organizations to proactively monitor, measure, and remediate cyber risks.

Bolstered Windows 11 Security
Microsoft outlined key changes coming to Windows 11 and a new initiative focused on further protecting Windows 11 users. Called the Windows Resiliency Initative, Microsoft said it will aim to harden Windows 11 through the following four areas:

• Strengthen reliability based on learnings from the incident we saw in July.
• Enabling more apps and users to run without admin privileges.
• Stronger controls for what apps and drivers are allowed to run.
• Improved identity protection to prevent phishing attacks.

Microsoft has unveiled new Windows 11 security features that fall into the company's new Windows Resiliency Initiative. These updates, now in preview, aim to bolster protection for commercial customers.

• Administrator Protection addresses the risks of running apps with elevated privileges, a major source of security incidents. Instead of persistent admin access, users can temporarily authorize system changes via Windows Hello, creating a secure, short-lived admin token. This approach prevents malware from exploiting elevated permissions.
  
• To combat credential theft, Windows Hello now includes passkey support, offering built-in multifactor authentication that blocks more than 99.99% of attacks, according to Microsoft.
  
• New protections against malicious apps include Smart App Control and App Control for Business, which ensure only verified apps and drivers can run, backed by AI-enhanced policy management.
  
• Personal Data Encryption provides file-level security for sensitive folders, integrating with Windows Hello and OneDrive to safeguard enterprise data.
  
• Hotpatching minimizes system restarts during critical updates, while Config Refresh ensures policy compliance by resetting unauthorized changes.

These enhancements, part of Microsoft's ongoing Zero Trust strategy, aim to strengthen security without compromising user productivity, said Microsoft. The features are being tested internally and prepared for broader enterprise deployment.

Windows Security Copilot Updates
Microsoft has introduced new advancements to Security Copilot, leveraging generative AI to enhance security across organizations.

The updates bring AI-driven insights directly into Microsoft tools, making security management more efficient. Data security administrators can now access a clearer view of their environments through Microsoft Purview Data Security Posture Management, while identity administrators get AI assistance in the Microsoft Entra admin center to simplify tasks and enforce least-privilege access policies. IT administrators can also take advantage of AI-powered Kusto Query Language (KQL) support for faster troubleshooting and easier patch management.

Microsoft said Security Operations Center (SOC) analysts can benefit from an improved side panel for resolving identity issues and broader insights via the Microsoft Threat Intelligence plugin and new promptbooks simplify workflows, enhancing efficiency.

Security Copilot also integrates with third-party plugins, enabling teams to leverage Microsoft's threat intelligence. A Logic Apps connector allows automation of security tasks enriched by AI.

With enterprise-ready features like audit logs and role-based access control, these updates aim to streamline operations, enhance protection, and scale with organizational needs.