Microsoft adds new security enhancements to its cloud offerings

Office 365 and Azure will soon get a range of new security management and reporting capabilities

Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company's holistic approach to enterprise security announced last year.

In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.

Office 365 will also get some new security management capabilities that will be integrated with Microsoft Cloud App Security. These include security alerts that notify administrators of suspicious activity in the service; cloud app discovery that lets IT departments know the cloud services Office 365 users are connecting to; and app permissions, allowing administrators to revoke or approve third-party services that users can connect to Office 365.

Early in the second quarter, Microsoft plans to roll out Customer Lockbox for SharePoint Online and OneDrive, which will improve the customer approval process and will provide more transparency in situations when Microsoft engineers need to access Office 365 accounts and data to troubleshoot problems. Customer Lockbox is already available for Exchange Online.

The Azure Security Center received additional security management and reporting options. Customers can now configure security policies for resource groups instead for an entire subscription base. This allows them to set different policies for different types of workloads.

Microsoft has added a new Power BI Dashboard to allow customers to better visualize, analyze and filter security alerts from any of their systems and devices in order to discover possible attack patterns and trends.

The Microsoft Operations Management Suite (OMS) has received a new dashboard, including information about network activity, authentication events, malware incidents and system updates across customer data centers.

The company has built other capabilities for Azure in line with a goal, outlined last year, of using its vast threat intelligence to help enterprises better detect and respond to attacks.

Azure Active Directory Identity Protection is a new feature that will enter public preview next week. It will be able to detect suspicious end user activities by using Microsoft's data on brute force attacks, leaked credentials, authentications from unfamiliar locations and known infected devices.

The Azure Security Center can now collect crash events from Azure-hosted virtual machines, analyze them, and alert customers of potential compromises. Crashes often result from malware or failed exploitation attempts.

Microsoft also built its threat intelligence into its Operations Management Suite, where it can detect when systems are communicating with known malicious IP addresses by analyzing firewall logs, wire data or IIS logs.

Customers will also be able to easily provision firewall products from Microsoft partners through the Azure Security Center. Check Point vSEC is already available, and options from Cisco Systems, Fortinet and Imperva will follow soon. The security center will include alerts from these third-party products.

"As attackers get more sophisticated, we need to evolve our ability to get real-time insights and predictive intelligence across our network so we can stay a step ahead of the threats," Bret Arsenault, chief information security officer at Microsoft, wrote in a blog post. "We must be able to correlate our security data with our threat intelligence data to know good from bad."

Join the CSO newsletter!

Error: Please check your email address.

More about AribaCheck PointCiscoCustomersFortinetImpervaMicrosoftServiceNow

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts