Microsoft's Approach to Securing Hybrid Work with Zero Trust
12th May 2021, ahead of RSA 2021, Microsoft announces improvements to its security products for better-protecting organizations in a post-pandemic world.
The future of work is hybrid
Hybrid work refers to a post-pandemic work pattern where employees spend more time working from home but some time working in the office. Employees will move between home and corporate networks more than ever before and step seamlessly between personal and business activity online.
It will no longer be that remote workers are secured differently from workers behind a corporate firewall. Microsoft says that the shift to hybrid work is driving its clients to adopt Zero Trust security across the board, not just for remote workers.
Securing hybrid work with Zero Trust
Zero Trust is a security framework. It stems from the idea that you shouldn’t trust anyone. And that includes your own employees. Microsoft’s identity-centric Zero Trust model requires that every user accessing an application must be verified. Zero Trust requires that all requests for access, regardless of where they originate, must be verified as if they come from an untrusted network.
For more on Zero Trust, check out 7 Steps to Better Security with Zero Trust Maturity on Petri.
In a recent blog post by Vasu Jakkal, Corporate Vice President of Security, Compliance and Identity, Jakkal outlines improvements for hybrid work to Microsoft’s existing suite of cloud security products.
Azure Active Directory Conditional Access device filters and named locations
Azure Active Directory (Azure AD) is central to Microsoft’s Zero Trust strategy. Azure AD Conditional Access looks at data and signals related to user access, letting organizations implement a real-time policy engine to assess whether users should be granted access to resources.
Conditional Access device filters are now in public preview, providing granular policies that are based on specific device attributes, so you can require access from devices that meet your organization’s criteria. Named locations also enter public preview and let you restrict access from specific countries or regions based on a user’s GPS location.
Onboarding frontline workers and Android data protection and privacy
Microsoft has made it easier for organizations to onboard iOS and macOS devices in Microsoft Endpoint Manager with a public preview of a new app called Setup Assistant. Setup Assistant enables Automated Device Enrollment and modern authentication for iOS/iPadOS and macOS devices.
Shared device mode on Android Enterprise devices will provide single sign-in, sign-out, and data clearing across applications that are designed to support multiple users. This will allow frontline workers that need to share a device, to reduce the number of steps before starting work when they receive a device from a coworker. Microsoft has already optimized Teams and Managed Home Screen for Shared device mode, with more apps coming soon.
Microsoft Defender for Endpoints gets unmanaged device protection
Microsoft Defender for Endpoints now provides visibility into IoT devices connected to the local network. Regardless of where an endpoint is located, Defender can identify IoT devices like printers and IP cameras that might need attention.
The technology is based on Microsoft’s Azure IoT security solution and it provides visibility into vulnerable network devices that hackers might target. Furthermore, insecure IoT devices can be isolated through existing network tooling when they are in place on a corporate network.
Azure Sentinel SIEM
Azure Sentinel is Microsoft’s cloud-based Security Information and Event Management solution (SIEM). Microsoft announced the launch of a solutions marketplace in Azure Sentinel. Azure Sentinel Solutions, currently in preview, is an easier way to discover and deploy use cases. It bundles data connectors, analytics rules, interactive workbooks, automation playbooks, and more so that you can quickly enable new use cases with a single package.
As part of the announcement for Sentinel Solutions, Microsoft is also now able to monitor and respond to threats in SAP environments.
Customizable Machine Learning (ML) anomalies is now in public preview. It allows security analysts to modify the parameters used in the ML model, so they can tweak anomalies to an organization’s specific needs, all without using any code. The anomalies currently cover 11 of the 14 MITRE ATT&CK tactics.
There is also a new integration for Microsoft Teams. In a single click, you can create a team for a particular incident, providing team members a central point to investigate and easy access to the relevant incident data. When an incident is closed in Sentinel, the team is automatically archived.
Microsoft Defender for Office 365
And finally, Microsoft is highlighting several new features that were recently released as part of Microsoft Defender for Office 365 to protect Exchange Online, because 90% of security breaches start with email. Preset Security Policies are designed to simplify applying the recommended policies for spam, malware, and phishing across an organization.
Configuration Analyzer provides ongoing monitoring for customers to ensure their configurations don’t deviate from the recommend security presets. And overrides provide tenant or user-level configurations that tell Office 365 to deliver mail even if a message has been flagged as malicious. For example, you could create an override that bypasses filtering of specific IP ranges.
There are a lot of security announcements from Microsoft ahead of RSA 2021 and I’ll be covering some of them in more detail on Petri in the coming weeks.