Announcements include Defender for DevOps, automatic ransomware attack disruption with Microsoft 365 Defender and a new public preview of Microsoft Entra Identity Governance.
New Microsoft Defender for Cloud previews
Microsoft introduced new previews related to Defender for Cloud. One preview is for a Defender for DevOps service meant to provide visibility across multiple development operations environments for a central location to manage DevOps security.
The service is also meant to strengthen cloud resource configurations in code and prioritize remediation of critical issues. Defender for DevOps supports GitHub and Azure DevOps, with support for other DevOps platforms coming "soon", according to Microsoft.
Another preview is for Defender Cloud Security Posture Management (CSPM), which aims to deliver integrated insights across DevOps, runtime infrastructure, external attack surfaces and other cloud resources. Defender CSPM is built on Microsoft's cloud security graph and provides a proactive attack path analysis, according to Microsoft.
The free CSPM experience also now comes with a comprehensive multi-cloud security framework for Defender for Cloud, which is meant to help map best practices across clouds and industry frameworks, according to Microsoft.
A number of other capabilities are in preview, including agentless scanning for Defender for Servers and an agent-based approach to virtual machines (VMs) in Microsoft Azure and Amazon Web Services (AWS). A preview is also available for expanded multi-cloud threat protection with agentless scanning in AWS Elastic Container Registry.
Added automation in Microsoft 365 Defender
Microsoft introduced a way for 365 Defender to automatically disrupt ransomware attacks through the collection and correlation of signals from endpoints, identities, emails, documents and cloud applications.
The new automation is meant to contain affected endpoints, user identities and other assets to stop ransomware from spreading laterally, reducing attack cost and improving recovery resiliency, according to Microsoft.
Security operations teams are still needed for investigating, remediating and bringing assets back online once healthy, according to Microsoft.
Endpoint management upgrades
In March, Microsoft will launch an Advanced Management Suite premium endpoint management plan.
The vendor also named its expanding suite of endpoint management products Microsoft Intune, which will feature Microsoft Configuration Manager. Individual add-ons for Intune include Microsoft Tunnel for mobile app management (MAM) and endpoint privilege management.
Microsoft will release MAM in January as an add-on and included in the future bundle, according to Microsoft. Tunnel for MAM is meant to allow workers to access company resources securely without device enrollment. Users can keep personal data private while using a work device of choice.
In preview is endpoint privilege management, which will let IT dynamically elevate standard users with administrative permissions through policies, reducing the risk of attack on those users, according to Microsoft. Endpoint privilege management will launch with Intune Suite.
The suite will also have automated application patching as an add-on, enhancements to Windows remote help and an added remote help for Android add-on, according to Microsoft.
Microsoft Entra Identity Governance public preview
Entra Identity Governance, which is now in public preview, received new capabilities for life cycle workflows for automation and connection to on-premises for consistent policies, according to Microsoft.
Entra Identity Governance also gained a separation of duties feature for entitlements management and compliance safeguarding.
Now generally available is conditional access authentication context for setting more granular access policies, including specific actions users perform in applications, not just the entire app.
Users can ask for step-up authentication for material changes in a critical business app or accessing critical data in the app, according to Microsoft.
In November, a workload identities feature will become generally available. Users can create risk-based policies, detect and respond to compromised workloads and perform reviews to enforce least-privileged access.
And in preview is certificate-based authentication (CBA), which meets the United States Executive Order on Cybersecurity. With CBA, users can more easily deploy phishing-resistant authentication, according to Microsoft.
