Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company’s holistic approach to enterprise security announced last year.
In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.
Office 365 will also get some new security management capabilities that will be integrated with Microsoft Cloud App Security. These include security alerts that notify administrators of suspicious activity in the service; cloud app discovery that lets IT departments know the cloud services Office 365 users are connecting to; and app permissions, allowing administrators to revoke or approve third-party services that users can connect to Office 365.
Early in the second quarter, Microsoft plans to roll out Customer Lockbox for SharePoint Online and OneDrive, which will improve the customer approval process and will provide more transparency in situations when Microsoft engineers need to access Office 365 accounts and data to troubleshoot problems. Customer Lockbox is already available for Exchange Online.
The Azure Security Center received additional security management and reporting options. Customers can now configure security policies for resource groups instead for an entire subscription base. This allows them to set different policies for different types of workloads.
Microsoft has added a new Power BI Dashboard to allow customers to better visualize, analyze and filter security alerts from any of their systems and devices in order to discover possible attack patterns and trends.
The Microsoft Operations Management Suite (OMS) has received a new dashboard, including information about network activity, authentication events, malware incidents and system updates across customer data centers.
The company has built other capabilities for Azure in line with a goal, outlined last year, of using its vast threat intelligence to help enterprises better detect and respond to attacks.
Azure Active Directory Identity Protection is a new feature that will enter public preview next week. It will be able to detect suspicious end user activities by using Microsoft’s data on brute force attacks, leaked credentials, authentications from unfamiliar locations and known infected devices.
The Azure Security Center can now collect crash events from Azure-hosted virtual machines, analyze them, and alert customers of potential compromises. Crashes often result from malware or failed exploitation attempts.
Microsoft also built its threat intelligence into its Operations Management Suite, where it can detect when systems are communicating with known malicious IP addresses by analyzing firewall logs, wire data or IIS logs.
Customers will also be able to easily provision firewall products from Microsoft partners through the Azure Security Center. Check Point vSEC is already available, and options from Cisco Systems, Fortinet and Imperva will follow soon. The security center will include alerts from these third-party products.
“As attackers get more sophisticated, we need to evolve our ability to get real-time insights and predictive intelligence across our network so we can stay a step ahead of the threats,” Bret Arsenault, chief information security officer at Microsoft, wrote in a blog post. “We must be able to correlate our security data with our threat intelligence data to know good from bad.”