Microsoft introduces Azure Sentinel updates, a mobile security app, new certifications, and much more

Vasu Jakkal
Vasu Jakkal, corporate vice president, Microsoft security, compliance and identity , runs down the security announcements at Ignite . Source: Microsoft Ignite.

Although the flagship launch at Microsoft Ignite, which wound up on Wednesday, was the flashy Microsoft Mesh, there were many security-focused product and feature announcements that should bring a smile to admins’ faces. Here’s a look at some of what’s here now and what’s coming.

Generally available

Passwordless authentication for cloud and hybrid environments. Azure AD lets users sign in with biometrics or a tap using Windows Hello for Business, the Microsoft Authenticator app, or a compatible FIDO2 security key from Microsoft Intelligent Security Association partners such as Yubico, Feitian, and AuthenTrend. With Temporary Access Pass, now in preview, you can generate a time-limited code to set up or recover a passwordless credential.

More than 30 new connectors for Azure Sentinel make it easier to collect data across all cloud environments, including Salesforce Service Cloud, VMware, and Cisco Umbrella. It also has new security orchestration response (SOAR) playbooks to create automation rules, block suspicious IP addresses in Azure Firewall, isolate endpoint devices with Microsoft Intune and update a user’s risk state with Azure Active Directory Identity Protection. There are also improvements in data ingestion and enhanced analytics.

Now in preview

Windows Server 2022, to be available this calendar year, will allow customers to run applications on Azure, on-premises, or at the edge. Along with its increased functionality, it will boast a couple of appealing security features. The key one is the Secured-core server, which uses hardware, firmware, and operating system capabilities. It includes Trusted Platform Module 2.0  (TPM 2.0) to provide hardware root-of-trust, firmware protection, and virtualization-based security. The Windows Admin Center security tool (also in preview) will report on the Secured-core features and enable them where applicable.

 

More Ignite coverage:

Microsoft Ignite 2021: More Teams updates and enhancements [Full story]

Microsoft announces three new industry-specific cloud offerings [Full story]

Microsoft launches Mesh mixed reality platform at Ignite [Full Story]

 

Edge Secured-core will apply Secured-core security to IoT devices.

A unified mobile security app for iOS and Android will combine Microsoft Defender for Endpoint and Microsoft Tunnel (VPN) to simplify the end-user experience and increase customer security. It will be known as Microsoft Defender for Endpoint and will be in preview this month.

Azure Key Vault Managed HSM is a fully-managed single-tenant key management service with FIPS 140-2 Level 3 validated hardware security modules.

Always Encrypted with secure enclaves (protected regions of memory enabling confidential queries) is available for preview in SQL Server 2019 and Azure SQL Database.

Trusted Launch, which protects boot kits, rootkits and kernel-level malware, is now available for confidential and non-confidential virtual machines (VMs).

Azure Security Center gets new reporting capabilities to create quick reports, either with out-of-the-box reports or by writing their own in Azure Workbooks.

Azure Sentinel will share incident views, schema, and integrated user experiences with Microsoft 365 Defender. It will also offer connectors to Azure Storage, Azure SQL, Azure Kubernetes Service and Azure Key Vault.

Microsoft 365 Defender enhancements will let customers investigate and remediate issues on endpoints and in Office 365 through a single integrated Defender 365 portal. It will include unified alerts, user and investigation pages that allow automated analysis, extended email alerts, and a learning hub.

Threat Analytics, previously available for Defender for Endpoint, is coming for Microsoft 365 Defender.

Microsoft 365 Insider Risk Management Analytics, which can identify potential insider risk activity within an organization and help inform policy configurations, enters public preview later this month.

Microsoft 365 is offering data loss prevention (DLP) for Chrome browsers and on-premises server-based environments such as file shares and SharePoint Server 2010/2013/2016).

Tackling the security skills gap

Microsoft has added four new certifications in the security realm to address the skills gap:

  • The Microsoft Certified: Security, Compliance, and Identity Fundamentals certification will help individuals get familiar with the fundamentals of security, compliance and identity across cloud-based and related Microsoft services.
  • The Microsoft Certified: Information Protection Administrator Associate certification focuses on planning and implementing controls that meet organizational compliance needs.
  • The Microsoft Certified: Security Operations Analyst Associate certification helps security operational professionals design threat protection and response systems.
  • The Microsoft Certified: Identity and Access Administrator Associate certification helps individuals design, implement and operate an organization’s identity and access management systems by using Azure Active Directory (Azure AD).

Would you recommend this article?

+1
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Lynn Greiner
Lynn Greiner
Lynn Greiner has been interpreting tech for businesses for over 20 years and has worked in the industry as well as writing about it, giving her a unique perspective into the issues companies face. She has both IT credentials and a business degree.

Related Tech News