As always, security was at the forefront for Microsoft Corp. today at Ignite 2022, with its extensive range of product updates coming alongside multiple new capabilities aimed at helping companies to provide better safeguards for their data and applications.

The main focus of the software and cloud giant’s security updates today was Microsoft Defender for Cloud, the company’s multicloud security offering, which extends protections beyond Microsoft Azure to other cloud platforms.

Microsoft Defender for Cloud was previously two separate products, Azure Security Center and Azure Defender. It’s designed to provide advanced threat protection across hybrid cloud environments. The company rebranded the platform last year before it announced it was integrating with Amazon Web Services Inc.’s public cloud platform. Since then, it has also integrated with Google Cloud.

The new capabilities in Microsoft Defender for Cloud are designed to help organizations strengthen their cloud security posture by extending its threat protections across workloads, with integrated DevOps security now a staple of the offering.

Microsoft Defender for DevOps is an entirely new offering that aims to provide more visibility across DevOps environments, giving teams a way to centrally manage DevOps security while strengthening cloud resource configurations in code. In addition, it can help teams to prioritize the remediation of critical issues in code, across multicloud and multipipeline environments. Available in preview now, Microsoft Defender for DevOps supports GitHub, Azure DevOps at launch and will soon extend its capabilities to others.

Also launching in preview is Microsoft Defender Cloud Security Posture Management, a new tool that promises to deliver integrated security insights across cloud resources, including DevOps environments, runtime infrastructure and external attack surfaces. Defender CSPM provides proactive attack path analysis, built on the new cloud security graph, Microsoft said, and it’s aimed at helping identify the most exploitable resources across connected workloads.

Other new features in Microsoft Defender for Cloud include the new cloud security benchmark, which is a comprehensive multicloud security framework that maps best practices across clouds and industry frameworks to ensure multicloud security compliance. The expanded workload protection capabilities meanwhile include support for agentless scanning, in addition to the existing agent-based approach to virtual machines running on Azure and AWS.

Microsoft 365 Defender

Microsoft’s suite of protection tools for Windows, Office and other key software has gained new anti-ransomware capabilities. The company said Microsoft 365 Defender now automatically disrupts ransomware attacks the moment they’re detected.

That’s possible thanks to the way Microsoft 365 Defender continuously collects and correlates signals across endpoints, documents, identities, emails and cloud applications. It curates them as unified incidents so it can identify attacks early, before any damage is done, with a high level of confidence.

As the company explains, time is critical in ransomware attacks. So there should be big benefits derived from Microsoft 365 Defender’s new-found ability to automatically contain affected assets, such as user identities or endpoints. In this way, it can prevent ransomware from spreading laterally, significantly reducing the damage caused by an attack and making it easier for a company to recover.

Microsoft Entra Identity Governance

Now available in preview, Microsoft Entra Identity Governance is a brand-new offering within its secure identity and access management product Microsoft Entra. According to the company, it will help organizations to ensure the right people have access to the right resources, at the right time. In other words, it’s a comprehensive identity governance product for both on-premises and cloud-based user directories that promises to help organizations simplify operations, consolidate multiple identity solutions and support regulatory compliance.

Its capabilities include lifecycle workflows that automate repetitive tasks, connections to on-premises resources to ensure consistent policies for all users, and separation of duties in entitlements management to ensure compliance.

Microsoft Entra itself is also being updated. One of the new features is Workload Identities, which is a tool for managing and securing identities for digital workloads such as applications and services, and also controls access to cloud resources. With it, customers can create risk-based policies with Conditional Access, detect and respond to compromised workload identities, and perform access revues to enforce least-privileged access.

Another new feature is certificate-based authentication, a new multifactor authentication method that meets the U.S. Executive Order on Cybersecurity and is now available in preview. Companies can adopt easily deployable and phishing-resistant authentication, Microsoft said.

Lastly, Microsoft Entra gets new functionality around conditional access authentication context, enabling customers to set access policies on a more granular level, including the specific actions a user performs within an application. This feature is generally available now, giving companies a way to ask for step-up authentication when making a key change, or accessing confidential data, within a business-critical app.

Image: Microsoft