Microsoft Announces Security Compliance Product Improvements
A few Microsoft security governance and compliance improvements were announced this week.
Notable improvements were described for various products, including the Microsoft Endpoint Manager device management solution, the Microsoft 365 Admin Center management portal, as well as the Microsoft Defender for Cloud service.
Microsoft also this week talked up Microsoft Purview, its data governance service for organizations overseeing on-premises and multicloud environments. It specifically highlighted a Compliance Manager feature that shows "compliance criteria for over 350 regulations and standards globally."
Endpoint Manager Compliance Perks
Microsoft Endpoint Manager now has the ability to show device compliance based on the computer device models used in an organization, in addition to device health. This capability is currently at the "general availability" commercial-release stage.
"Administrators can quickly determine which device models are meeting performance expectations and goals, so they can quickly and easily see where action needs to be taken," Microsoft explained, in this "Compliance" announcement.
In a somewhat related note, Microsoft is promising that aggregated device management best practices information will get shared for users of the Microsoft Secure Score service, which will happen with a Q3 Secure Score product release. The service will be able to fetch information from "Windows, Mac, iOS/iPad and Android endpoints," Microsoft explained. The Secured Score service lets organizations assess their overall security postures and is accessed from the Microsoft 365 Defender portal.
Additionally, on the Microsoft Endpoint Manager front, a "customizable compliance capability" using PowerShell scripts is expected to reach the "general availability" commercial release stage with the release of Microsoft Endpoint Manager version 2207. The customizable compliance capability also be available with any subscriptions that include Microsoft Intune. Microsoft had explained this capability back in November as a way to alert end users on how to get their machines into a compliant state, based on measures customized by IT departments:
Custom compliance for Windows allows you to write a PowerShell script to detect almost any setting, such as BIOS version, and report that back to Intune's device compliance engine. You then can provide a JSON definition file for each custom compliance setting that includes remediation messages, which help your users know how to get compliant again.
Microsoft 365 Admin Center Update Status for Devices
The Microsoft 365 Admin Center now has the ability, at the preview stage, to show how an organization's devices are complying in terms of keeping current with Windows and Office software updates, according to this announcement.
A high-level summary of device patch status gets shown in a dashboard view under the "software updated page in the health section the Microsoft 365 Admin Center," the announcement explained.
Microsoft Defender for Cloud Remediation Assignments
Microsoft is previewing the ability of an IT department to assign "remediation timeframes" for addressing the security recommendations that arise from the Microsoft Defender for Cloud service, according to an announcement.
The security recommendations might concern fixing misconfigurations or hardening workloads against attacks. Organizations can assign remediation tasks to personnel directly or they can use "automatic governance rules" for the purpose.
The preview offers a dashboard view in Microsoft Defender for Cloud of all of the remediation tasks that have been assigned, as well as task completion progress. Additionally, e-mail notifications can be sent to personnel "on a weekly cadence."
Microsoft Catalogs Its Vast Array of Security Products
Microsoft's boldest announcement this week was a post aiming to provide a "light overview of Microsoft security products."
It's a bold attempt because Microsoft took a second stab at renaming its security products back in November, making it harder to remember them and what they do.
The overview announcement notably described Microsoft Defender for Cloud as offering "cloud native application protection across clouds and on-prem environments," so it's not just about cloud-based apps, apparently.
Microsoft 365 Defender was defined as Microsoft's extended detection and response (XDR) product for "email security, collaboration, identity security, device security, and SaaS app security." It's an umbrella service encompassing other products, namely Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity and Microsoft Defender for Cloud Apps.
For more, see Microsoft's long overview announcement. The article is well worth a bookmark in preparation for Microsoft's next "Defender" product rebrand, should such a thing be coming.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.