Security

As expected there was a huge amount of updates in security announced at ignite across Azure infromation Protection, Cloud App, Windows ATP & so much more.

To be honest its hugely difficult to reduce this summary to just one page, so we’ve tried to collate the best posts, videos & announcements. Once great summary at the highest level which i think is a must read is the Stepping up protection with intelligent security.

See some more key areas in focus below:

Office 365 Advanced Threat Protection

Since introducing Office 365 Advanced Threat Protection last year, we’ve seen significant adoption. We’re excited to announce several enhancements, including:

• New reports – Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing. The new reports will be in preview later this year.
• Dynamic delivery – Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email. Dynamic Delivery is starting to roll out to customers now.
• URL detonation – Deeper protection against malicious URLs. Not only do we check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioral malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection today; URL detonation will be in preview later this year.
• Intelligence sharing with Windows Defender Advanced Threat Protection – Security admins will be able to see malware activity and relationships across Windows 10 and Office 365. It provides deep insights into threats – provided by Microsoft’s global presence, the Intelligent Security Graph, and input from cyber threat hunters.
• Broader protection – Advanced Threat Protection will extend to include protection for SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business.
• Office 365 Compliance and Security – Secure score is a security analytics tool to help organizations better understand their security posture in Office 365, while the compliance score provides a broader view of an organization’s data protection and compliance posture in the Microsoft cloud services – Azure, Dynamics 365, and Office 365.
• Security trust centre launched – Understand how Microsoft Cloud services protect your data and how you can manage data security and compliance for your Cloud services.

Security for SharePoint

Site-Scoped Conditional Access Policies in SharePoint Online
Conditional access investments to address the ever-changing security landscape and business needs by introducing new levels of granularity with conditional access that allow administrators to scope de-vice-based policies at the site collection level. In addition, this granular policy can be configured to allow users on unmanaged to edit Office Online documents in the browser.

Security for OneDrive

• Silent Sync Auto-Account Configuration for OneDrive with ADAL – Microsoft Azure Active Directory Authentication Library will now support silent sync and account configuration for OneDrive.
• Microsoft 365 Powered Device with OneDrive – Combining the power of Windows AutoPilot with Windows 10 RS3, Exchange Online w/ Office Click to Run and OneDrive Files On-Demand with ADAL, we showed how an IT admin can provision a fully powered PC over the air without any physical interaction with the device.
• Simple and secure external sharing without a Microsoft account – Supporting external sharing in SharePoint Online and OneDrive without the need for a Microsoft account (MSA) by allowing you to create a one time use passcode to grant external users access to content. First release end of October 2017, GA – end of year. More info here

 

 

 

 

 

 

• Multi-Geo – For customers who want to control where each individual in their organization’s OneDrive resides – multi-geo capabilities will be decided on an individual basis.
• Service Level Encryption with Customer Key – This allows customers to meet regulatory and compliance obligations and control by bringing their own keys to encrypt OneDrive and SharePoint data at rest.
• Support for synchronization of libraries encrypted with Information Rights Management (IRM) or Digital Rights Management (DRM) – We will now fully support the syncing or DRM/IRM libraries in OneDrive.

Guest Access in Teams

Customers have told us they expect guest access in Teams to provide enterprise-grade security and compliance assurances. In Teams, guest accounts are added and securely managed within Azure AD through Azure AD B2B Collaboration. This enables enterprise-grade security, like conditional access policies for guest user access. Azure AD also uses adaptive machine learning algorithms and heuristics to detect anomalies and suspicious incidents, enabling mitigation or remediation actions, such as multi-factor authentication, to be triggered as appropriate.

In addition, with Azure AD, IT departments have unparalleled insight into the activities of external users in their organization through detailed sign-in and access reports. Guest user content and activities are under the same compliance and auditing protection as the rest of Office 365.

Resources

• Accessibility features in Sharepoint Online.
• Enterprise security and compliance with Microsoft Teams.
• Build applications to secure and manage your enterprise using Microsoft Graph.
• Read a selection of Trust Documents.
• Multi Geo in One Drive & Sharepoint Online.
• What’s New in Windows 10 Security? Raising the bar of security once again with the Creators Update.