Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID

/in /by

By Joy Chik, President, Identity & Network Access

A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between people, machines, apps, and devices that access and share data.

Protecting identities and access is critical. As our work and lives become increasingly digital, cyberattacks are becoming more frequent and more sophisticated, affecting organizations of every size, in every industry, and in every part of the world. In the last 12 months, we saw an average of more than 4,000 password attacks per second, an almost threefold increase from the 1,287 attacks per second we saw the previous year.2 We’re also seeing far more sophisticated attacks, including ones that manage to evade critical defenses, such as multifactor authentication, to steal access tokens, impersonate a rightful user, and gain access to critical data.

https://www.microsoft.com/en-us/videoplayer/embed/RW16VoB

To help organizations protect their ever-evolving digital estates, we’ve been expanding beyond managing directories and authenticating users to securing and governing access for any identity to any app or resource. Today, we’re thrilled to announce the next milestone in our vision of making it easy to secure access with two new products: Microsoft Entra Internet Access and Microsoft Entra Private Access. We’re adding these capabilities to help organizations instill trust, not only in their digital experiences and services but in every digital interaction that powers them.

Secure access to any app or resource, from anywhere

Flexible work arrangements and the resulting increase in cloud workloads are straining traditional corporate networks and legacy network security approaches. Using VPNs to backhaul traffic to the legacy network security stack weakens security posture and damages the user experience while using siloed solutions and access policies leaves security gaps.

Microsoft Entra Internet Access is an identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), and Microsoft 365 apps and resources. It extends Conditional Access policies with network conditions to protect against malicious internet traffic and other threats from the open internet. For Microsoft 365 environments, it enables best-in-class security and visibility, along with faster and more seamless access to Microsoft 365 apps, so you can boost productivity for any user, anywhere. Microsoft 365 scenarios in Microsoft Entra Internet Access are in preview today, and you can sign up for the preview of capabilities for all internet traffic and SaaS apps and resources that will be available later this year.

Microsoft Entra Private Access is an identity-centric Zero Trust Network Access that secures access to private apps and resources. Now any user, wherever they are, can quickly and easily connect to private apps—across hybrid and multicloud environments, private networks, and data centers—from any device and any network. Now in preview, Microsoft Entra Private Access reduces operational complexity and cost by replacing legacy VPNs and offers more granular security. You can apply Conditional Access to individual applications, and enforce multifactor authentication, device compliance, and other controls to any legacy application without changing those applications.

Together, Internet Access and Private Access, coupled with Microsoft Defender for Cloud Apps, our SaaS security-focused cloud access security broker, comprise Microsoft’s Security Service Edge (SSE) solution. We’ll continue to evolve our SSE solution as an open platform that delivers the flexibility of choice between solutions from Microsoft and our partners. Pricing for Microsoft Entra Internet Access and Microsoft Entra Private Access will be available when those products reach general availability.

Graphic showing the Microsoft security service edge ecosystem. It illustrates how you can secure access to any app or resource, from anywhere.

Figure 1. Microsoft’s Security Service Edge (SSE) solution.

Neither identity nor network security alone can protect the breadth of access points and scenarios that modern organizations require. That’s why, as cyberattacks get more sophisticated, we’re adding identity-centric network access to our cloud identity solutions. We’re converging controls for identity and network access so you can create unified Conditional Access policies that extend all protections and governance to all identities and resources. With a single place to safeguard and verify identities, manage permissions, and enforce intelligent access policies, protecting your digital estate has never been easier.

Microsoft Azure Active Directory is becoming Microsoft Entra ID

When we introduced Microsoft Entra in May of 2022, it included three products: Microsoft Azure Active Directory (Azure AD), Microsoft Entra Permissions Management, and Microsoft Entra Verified ID.1 We later expanded the Microsoft Entra family with Microsoft Entra ID Governance and Microsoft Entra Workload ID.3 Today, Microsoft Entra protects any identity and secures access to any resource—on-premises, across clouds, and anywhere in between—with a product family that unifies multicloud identity and network access solutions.

To simplify our product naming and unify our product family, we’re changing the name of Azure AD to Microsoft Entra ID. Capabilities and licensing plans, sign-in URLs, and APIs remain unchanged, and all existing deployments, configurations, and integrations will continue to work as before. Starting today, you’ll see notifications in the administrator portal, on our websites, in documentation, and in other places where you may interact with Azure AD. We’ll complete the name change from Azure AD to Microsoft Entra ID by the end of 2023. No action is needed from you.

Chart outlining all the product name changes that come with the renaming of Azure AD to Microsoft Entra ID.

Figure 2. With the name change to Microsoft Entra ID, the standalone license names are changing. Azure AD Free becomes Microsoft Entra ID Free. Azure AD Premium P1 becomes Microsoft Entra ID P1. Azure AD Premium P2 becomes Microsoft Entra ID P2. And our product for customer identities, Azure AD External Identities, becomes Microsoft Entra External ID. SKU and service plan name changes take effect on October 1, 2023.

More innovations in Microsoft Entra

Today we’d also like to highlight other innovations in the Microsoft Entra portfolio that strengthen defenses against attackers who are becoming more adept at exploiting identity-related vulnerabilities such as weak credentials, misconfigurations, and excessive access permissions.

Prevent identity takeover in real time

Several exciting changes to Microsoft Entra ID Protection (currently Azure AD Identity Protection) help IT and identity practitioners prevent account compromise. Instead of reactively revoking access based on stale data, ID Protection uses the power of advanced machine learning to identify sign-in anomalies and anomalous user behavior and then block, challenge, or limit access in real time. For example, it may trigger a risk-based Conditional Access policy that requires high-assurance and phishing-resistant authentication methods for accessing sensitive resources.

A new dashboard demonstrates the impact of the identity protections that organizations deploy with a comprehensive snapshot of prevented identity attacks and the most common attack patterns. On the dashboard, you can view simple metric cards and attack graphs that show risk origins, security posture over time, types of current attacks, as well as recommendations based on risk exposure, while highlighting the business impact of enforced controls. With these insights, you can further investigate your organization’s security posture in additional tools and applications for enhanced recommendations.

New Microsoft Entra ID Protection dashboard showing likely attacks and recommendations.

Figure 3. New Microsoft Entra ID Protection dashboard.

Automate access governance

An important part of securing access for any identity to any app is ensuring that only the right identities have the right access at the right time. Some organizations only realize they need to take this approach when they fail a security audit. Microsoft Entra ID Governance, now generally available, is a complete identity governance solution that helps you comply with organizational and regulatory security requirements while increasing employee productivity through real-time, self-service, and workflow-based app entitlements.4

ID Governance automates the employee identity lifecycle to reduce manual work for IT and provides machine learning-based insights about identities and app entitlements. Because it’s cloud-delivered, it scales to complex cloud and hybrid environments, unlike traditional on-premises identity governance point solutions. It supports cloud and on-premises apps from any provider, as well as custom-built apps hosted in the public cloud or on-premises. Our global system integrator partners—including Edgile, a Wipro company, EY, KPMG, and PwC—started helping with the planning and deployment of ID Governance on July 1, 2023.

New Microsoft Entra ID Governance dashboard showing governance posture and recommendations.

Figure 4. New Microsoft Entra ID Governance dashboard.

Personalize and secure access to any application for customers and partners

As we announced at Microsoft Build 2023, new developer-centric capabilities in Microsoft Entra External ID are now in preview. External ID is an integrated identity solution for external users, including customers, patients, citizens, guests, partners, and suppliers. It offers rich customization options, Conditional Access, identity protection, and support for social identity providers. Using our comprehensive developer tools, even those developers who have little to no identity experience can create personalized sign-in and sign-up experiences for their applications within minutes.

Simplify identity verification with Microsoft Entra Verified ID

Since we announced the general availability of Microsoft Entra Verified ID last summer, organizations around the world have been reinventing business processes, such as new employee onboarding, around this new, simpler way of verifying someone’s identity.5 For example, we recently announced that millions of LinkedIn members will be able to verify their place of work using a Verified ID credential.6 At the 2023 Microsoft Build event, we launched the Microsoft Entra Verified ID SDK so that developers can quickly add a secure digital wallet to any mobile application. The app can then store and verify a wide range of digital ID cards.

Microsoft Entra: Secure access for a connected world

You can see our expanded Microsoft Entra product family in Figure 5. Visit the Microsoft Entra website to learn more.

Microsoft Entra family of identity and network access products.

Figure 5. The Microsoft Entra family of identity and network access products.

We’re committed to building a more secure world for all and making life harder for threat actors, easier for admins, and more secure for every user. As part of that commitment, we’ll keep expanding Microsoft Entra to provide the broadest possible coverage along with a flexible and agile model where people, organizations, apps, and even smart things can confidently make real-time access decisions.

Encourage your technical teams to dive deeper into these announcements by attending the Tech Accelerator event on July 20, 2023, on the Microsoft Tech Community.

Microsoft Entra

Meet the family of multicloud identity and access products.

Learn more 

a man looking at the camera

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Secure access for a connected world—meet Microsoft Entra, Joy Chik and Vasu Jakkal. May 31, 2022.

2Microsoft internal data.

3Do more with less—Discover the latest Microsoft Entra innovations, Joy Chik. October 19, 2022.

4Microsoft Entra ID Governance is generally available, Joseph Dadzie. June 7, 2023.

5Microsoft Entra Verified ID now generally available, Ankur Patel. August 8, 2022.

6LinkedIn and Microsoft Entra introduce a new way to verify your workplace, Joy Chik. April 12, 2023.

New Microsoft identity and data security capabilities to accelerate CMMC compliance for the Defense Industrial Base

/in /by

By Steve Faehl, Federal Security Chief Technology Officer, Microsoft

As Department of Defense (DoD) Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification (CMMC) is necessary to ensure that the United States raises the bar for protecting sensitive information.1 The DoD is leading by example towards this goal by implementing Zero Trust practices and introducing CMMC to strengthen the supply chain throughout the Defense Industrial Base (DIB) because shared information is only as secure as the weakest link.2

The DIB as a whole has been making progress toward improving its security posture, but it can still be challenging to prepare for the required full third-party audit—especially for small and medium-sized businesses (SMBs).3 While some DIB organizations may be well-positioned to pass a Third-Party Assessment Organization (3PAO) audit, it’s important for all DIB organizations to achieve CMMC compliance to realize the objective.

Microsoft is introducing new capabilities in Microsoft Entra ID and Microsoft Purview that support CMMC compliance while also helping DIB organizations accelerate their Zero Trust journeys. Identity and data protection are central to compliance, security, and empowering more user productivity and collaboration.

Voluntary self-assessment? Why would we do that?

Although CMMC 2.0 is still in its early stages, DIB companies should move ahead with meeting today’s CMMC requirements, including undergoing voluntary assessments. Doing so helps bolster national security while also preparing companies for future DoD compliance requirements.

One of the callouts from the National Cybersecurity Strategy is that those that can do more, should. Microsoft affirmed this principle by signing up for CMMC voluntary assessment effort, where we earned a perfect 110-point score. This validation demonstrates that Microsoft Azure Government and Microsoft 365 GCC High services can be effectively used to help DIB members accelerate their compliance.

Microsoft is taking the opportunity to share lessons learned and best practices that can inform planning within the DIB. Adopting Microsoft 365 GCC High and Azure Government as starting points allows organizations to use familiar Microsoft 365 productivity tools and Microsoft Azure Cloud Services while accelerating their compliance journey. As a primary platform for collaboration, Microsoft 365 also satisfies controls beyond the cloud; its configuration is a well-documented path to compliance with the National Institute of Standards and Technology (NIST) SP 800-171 controls.

We have recently developed capabilities and guidance for identity, data, and device protection that can help DIB members achieve and measure progress on compliance faster and more effectively.

The benefits of utilizing cloud identity

CMMC encompasses 72 practices across 13 domains, so the ability to address them holistically through Microsoft Entra ID delivers huge advantages in terms of time, resources, and visibility. Identity provides a strong starting point for CMMC 2.0 compliance given its ability to address multiple domains in CMMC 2.0 Levels 1-3.

AZURE ACTIVE DIRECTORY IS BECOMING MICROSOFT ENTRA IDLearn more 

Microsoft Entra ID is unique in providing elevated security, increased collaboration, and a better user experience. The newest features of Microsoft Entra ID make passwordless authentication easier and establishes trust through the cloud for business-to-business (B2B) collaboration, which are some of the ways Microsoft Entra ID helps enable CMMC compliance while also making users more productive and increasing teamwork within and across secure environments.

Identity empowers Zero Trust

CMMC documents several key identity components and controls critical to achieving security transformation with Zero Trust. Getting these aspects right from the start can enable a faster path to success across the other Zero Trust pillars.

One example is the utilization of a centralized identity management system which is also a requirement of Executive Order (EO) 14028. While smaller organizations are at a disadvantage for CMMC in some ways, this is one area in which SMBs can often be more agile. There are simple changes any organization can make to rapidly mature its posture—including implementing some of the best practices and prescriptive CMMC identity guidance published by Microsoft.

Strong authentication is pivotal for achieving higher levels of CMMC compliance. However, relying solely on the strongest authentication method available may be inflexible and at times hinder user productivity. Having multiple authentication methods offers users greater flexibility while enhancing their productivity. A new option in Microsoft Entra ID offers the strongest authentication option available by default, allowing organizations to safely direct users toward higher security measures.

There’s more than one way to approach user challenges. Organizations can take advantage of Microsoft Authenticator’s easy access to strong authentication tools. However, we also support tools from partners such as Yubico. This provides a variety of ways for DIB members to perform authentication, which we can then map to the appropriate level of assurance.

Secure sensitive data with a platform approach

Another goal of CMMC 2.0 is safeguarding sensitive information, such as Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), which includes many categories of data such as personal records or contract information for sensitive projects. When this data is put at risk, it can have significant consequences for national security.

Microsoft’s data security platform, Microsoft Purview, can help government agencies identify and locate their data, detect data security risks, and prevent data loss across clouds, apps, and devices. Recently, Microsoft announced more than 25 new features for government and commercial customers to help them get ahead of potential security incidents, such as data leaks and theft, along with the availability of additional logs to enhance security monitoring and incident response. Data protection is supported by three key products within the Microsoft Purview family:

  1. CMMC requires organizations to implement specific security controls and practices based on the sensitivity of the data they handle, so information protection is essential. Microsoft Purview Information Protection enables customers to classify data, protect it through encryption, and gain visibility into sensitive data. It can also help government organizations discover, classify, and protect data using built-in and ready-to-use advanced classifiers, which include sensitive information types (SITs) that can identify personal information such as credit card numbers, addresses, and medical conditions. More complex data types and scenarios can utilize custom AI classifiers that can be easily trained from sample data.
  2. Falling under the CMMC Audit and Accountability domain, insider risk can be a significant challenge for organizations. According to a report by the Insider Threat Defense Group, insider risks accounted for 33 percent of all data breaches in the public sector.4 Microsoft Purview Insider Risk Management helps customers uncover elusive insider risks through multiple machine learning models with intelligent detection and analysis capabilities.
  3. Under CMMC, data loss prevention (DLP) solutions are a critical part of preventing the unauthorized transfer and use of data, as well as data exfiltration. Microsoft Purview Data Loss Prevention (DLP) acts as an integrated and extensible offering that allows organizations to manage their DLP policies from a single location.
Chart showing the Microsoft Partner Ecosystem categories of Information Protection, Inspire Risk Management, and Data Loss Prevention.

Each of these three solutions integrates seamlessly to enable agencies to fortify data security with a defense-in-depth approach—all while facilitating easier CMMC compliance.

Additionally, Compliance Manager provides CMMC assessment templates to help organizations assess their compliance posture against CMMC in a comprehensive control-by-control way. Regulations are added to Compliance Manager as new laws and regulations are enacted and can be used to help organizations meet national, regional, and industry-specific requirements governing the collection and use of data.

Go-forward guidance for DIB organizations

While the final rules under CMMC 2.0 have not yet been published, we do know that the underlying technical controls will continue to be based on NIST 800-171. For DIB members, having a trusted platform that has gone through accreditation requirements itself is a great starting point. Beyond a trusted platform adoption, DIB organizations can also follow the guidelines for secure configuration that we provide.

As we continue down this path with the adoption of CMMC 2.0, there will be more guidance that we can bring to the table with lessons learned from our own voluntary audit. The successful audit also provides evidence that Microsoft can accept the flow-down terms applicable to cloud service providers.

Compliance capability built for every DIB organization

Microsoft platforms and tools, including Microsoft Entra ID, Microsoft Authenticator, and Microsoft Purview, can ease compliance for DIB organizations of different sizes and structures, particularly companies that may be resource-constrained.

New capabilities and enhancements built on Secure-by-Design and Secure-by-Default principles are making it easier for organizations to improve their security posture and meet CMMC requirements. Our goal behind compiling CMMC-specific guidance in a single place is to empower the entire DIB ecosystem to support more secure, effective interactions with the federal government.

Learn more

Learn more about Microsoft Entra ID and Microsoft Purview.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

1DOD CIO Says CMMC 2.0 Coming Soon: ‘We Want to Get This Right’, Charles Lyon-Burt. May 17, 2023.

2Defense Primer: U.S. Defense Industrial Base, Congressional Research Service. April 17, 2023.

3CMMC: Managing digital risk for the Defense Industrial Base (DIB) and beyond, CyberAB.

4Insider Threat Report, Cybersecurity Insiders. 2020.

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report

/in /by

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a paradigm shift in how organizations protect their digital estates. That’s why Microsoft embraces an end-to-end Zero Trust architecture: a comprehensive approach to security that helps our customers effectively mitigate business risk in the era of hybrid and remote work.

Microsoft’s leadership

Zero Trust has become the industry standard for securing complex, highly distributed digital estates. And Microsoft is in a unique position to help customers with their security needs, as Microsoft delivers end-to-end cross-cloud, cross-platform security solutions, which integrate more than 50 different categories across security, compliance, identity, device management, and privacy, informed by more than 65 trillion threat signals we see each day. Microsoft is actively engaged with the National Institute of Standards and Technology (NIST), most recently providing public commentary for the NIST National Cybersecurity Center of Excellence (NCCoE) and participating in The Open Group where we co-chaired the Zero Trust Architecture (ZTE) forum. As we look to the future, Microsoft recognizes that customers are entering the era of AI. And by combining the principles of Zero Trust with the capabilities of AI, organizations will have the potential to create a formidable defense against modern cyberthreats. In this blog, we will explore Forrester’s latest evaluation of the Microsoft end-to-end Zero Trust architecture and what the future will hold by leveraging the power of AI.

Forrester Wave™: Zero Trust Platforms report

See why Forrester recognizes Microsoft as a Leader in Zero Trust.

Read the report 

Side view close-up of a man typing on his phone while standing behind a Microsoft Surface Studio.

Comprehensive end-to-end protection

Its Copilot theme carries over to a notable vision to provide end-to-end, step-by-step guidance for implementing ZT while leveraging AI. This means customer can take their ZT journey with Microsoft in lockstep.Forrester Wave™: Zero Trust Platforms, Q3 2023 report

We are proud that the Microsoft Zero Trust platform has been recognized as a Leader in the Forrester Wave™: Zero Trust Platforms, Q3 2023 report, which we believe demonstrates Microsoft’s strong track record for being a comprehensive end-to-end platform.

Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report

The Forrester Wave™ report evaluates Zero Trust platforms based on criteria that include network security, centralized management and usability, data security, device security, automation, orchestration, people, and identity security—along with both on-premises and cloud deployments. In the latest evaluation for Q3 2023, the Microsoft end-to-end Zero Trust architecture has demonstrated its excellence in these areas by being named a Leader in this inaugural Forrester Wave™ report evaluating Zero Trust Platform Providers. The Microsoft end-to-end Zero Trust model received the highest possible score in the following categories based on the Forrester analyst criteria: people and identity security, device security, enabling and protecting the hybrid workforce, data security, automation and orchestration, visibility, and analytics.

Zero Trust in the age of AI

In an era where AI is rapidly transforming how we work, its convergence with cybersecurity brings both immense opportunities and new challenges. Here’s why Zero Trust becomes even more crucial:

  1. Sophistication of threats: As cyberattacks have become more sophisticated and capable of evading traditional security measures, Zero Trust, with its emphasis on continuous verification, explicit verification, and least privileged access, offers a more effective defense against these advanced threats with or without AI capabilities.
  2. Data protection and privacy: AI relies on vast amounts of customers’ data to help the user be more productive, and safeguarding this data is paramount. Zero Trust’s data-centric approach ensures that access to sensitive data is highly controlled, mitigating the risk of unauthorized AI-driven breaches.
  3. Automated responses: AI-enabled security can provide rapid automated responses to threats. When integrated with Zero Trust, AI-driven responses become even more effective by improving alert fatigue, adapting access controls in real-time, minimizing damage, and containing potential breaches.

Looking to the future

Microsoft’s leadership in Zero Trust, as shown by the latest Forrester Wave™, highlights our commitment to continuously evolving cybersecurity to meet the security demands of the digital age. With AI becoming a cornerstone of modern threats and defenses, the Zero Trust principles of assume breach, least privileged access, and continual explicit verification are more crucial than ever. As organizations navigate the evolving landscape of cyberthreats, the synergy between Microsoft’s end-to-end Zero Trust strategy and the capability of AI provides a formidable defense mechanism that is both forward-looking and resilient.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2023 report

Learn more


To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave™. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.

Forrester Wave™: Zero Trust Platform Providers, Q3 2023, Carlos Rivera and Heath Mullins, September 19th, 2023

Microsoft 365 Defender demonstrates 100 percent protection coverage in the 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise 

/in /by

By Tanmay Ganacharya, Partner Director, Security Research, Microsoft 365 Defender

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise. The attack used during the test highlights the importance of a unified XDR platform and showcases Microsoft 365 Defender as a leading solution, enabled by next-generation protection, industry-first capabilities like automatic attack disruption, and more.  

Microsoft 365 Defender demonstrated 100 percent visibility and complete coverage across all stages of the attack and achieved 100 percent protection across both Windows and Linux, showcasing the strong multiplatform capabilities of the solution. These results demonstrate that Microsoft’s XDR provides organizations with industry-leading visibility and protection in a world of evolving threats.  

A diagram showing the level of coverage Microsoft provided across each step in the attack.

Figure 1. Microsoft 365 Defender providing full attack chain coverage.

These results are only possible with continuous innovations built on the feedback of our customers. In just the last 12 months, Microsoft 365 Defender strengthened its endpoint protection with capabilities such as automatic attack disruption, which uses AI to suspend in-progress ransomware attacks, the release of a unified device settings management experience, and expanded identity protection to include Active Directory Certificate Services (AD CS). 

This year’s ATT&CK® Evaluations emulated the Turla threat group, tracked by Microsoft Threat Intelligence as Secret Blizzard. They are a Russian-based activity group that has been primarily targeting government organizations worldwide since the early 2000s. They employ extensive resources to remain on a target network in a clandestine manner, making detection more challenging for traditional security products.    

Let’s take a closer look at how Microsoft 365 Defender once again achieved industry-leading results in this year’s MITRE evaluation and how Microsoft’s AI breakthroughs are shaping the future of security to respond to threats like Turla.  

Microsoft 365 Defender

Elevate your defenses with unified visibility, investigation, and response across the kill chain with Microsoft’s extended detection and response (XDR) solution.

Learn more 

a man sitting in front of a laptop

100 percent visibility across all stages of the attack chain in real-time 

In the face of a rapidly evolving threat carried out by adversaries like Turla, the speed of response makes a significant difference in a security team’s effectiveness in mitigating an attack. A single delay can mean the difference of your organization’s devices getting encrypted or not. Microsoft 365 Defender’s XDR platform accelerates the security team’s ability to respond by providing real-time, unparalleled breadth and depth of understanding an attack, starting with 100 percent visibility in real-time. This unique breadth of Microsoft’s XDR extends across endpoints, network, hybrid identities, email, collaboration tools, software as a service (SaaS) apps, and data with centralized visibility, powerful analytics, and automatic attack disruption.  

Figure 2. Microsoft 365 Defender provides 100 percent visibility without delay in every attack stage.  

100 percent ATT&CK technique-level detections at every attack stage without delay 

As an attack unfolds, security teams need to know what they’re up against the moment it’s happening. Delayed and incomplete detections make it difficult for analysts to understand the attack in full, providing attackers an opportunity escalate their campaign by moving laterally, stealing credentials, or executing other malicious activities. With Microsoft 365 Defender’s 100 percent real-time ATT&CK technique-level coverage, analysts immediately receive relevant details within the alert that describe the attacker’s approach, equipping them with the knowledge to effectively and rapidly respond.

Figure 3. Microsoft 365 Defender delivers ATT&CK technique-level detections at every attack stage without delay.

100% protection for every attack stage across Windows and Linux 

This is the third year that MITRE has included a protection scenario as part of the evaluation, and for the third year running, Microsoft 365 Defender successfully blocked 100 percent of the attack stages across Windows and Linux platforms. Microsoft’s AI-powered next-generation protection blocked each attack attempt across 13 steps, representing complete prevention of any malicious activity. This outcome showcases the strong multiplatform capabilities of the solution, independent of the device’s operating system.  

A bar chart showing the effectiveness of MITRE evaluation participants in blocking the attack across major steps.

Figure 4. Microsoft 365 Defender blocks every attack stage across Windows and Linux.  

Deep visibility into Linux devices 

With the prevalence of increasingly complex attacks, visibility into low-level protocols is critical for security teams to protect against sophisticated network sniffing and drive-by compromise attacks. Microsoft 365 Defender provides that visibility through ingestion of raw socket operations as well as into script content on Linux devices. It also takes action on script content that is obfuscated or encrypted, as well as suspicious network and other protocol behaviors.

A screenshot of the Microsoft 365 Defender portal showing detection of traffic signaling and network sniffing.

Figure 5. 9.A.12: Traffic Signaling (T1205) and 9.A.13: Network Sniffing (T1040).

Eliminated blind spots with network detection and response 

Several stages of the Turla emulation involved network-based techniques. They are an increasingly popular way of infiltrating and moving across systems laterally as they leave minimal traces on source and target devices. Security teams gain full visibility into network traffic with Microsoft 365 Defender’s network detection and response capabilities. As a result, analysts receive high-confidence, context-rich alerts to hunt down and block these sophisticated attacks early in the kill chain. In addition, analysts can discover both managed and unmanaged devices, identify blind spots, and reduce their attack surface to increase their security posture. 

A screenshot of the Microsoft 365 Defender portal showing the product identifying beaconing behavior.

Figure 6. Sub-step 11.A.5 identifies beaconing behavior determining it to be a command-and-control type activity based on process and network frequency analysis.  

Deep visibility into each stage of lateral movement 

Adversaries wage increasingly sophisticated campaigns by moving across hosts in a domain. The test involved significant lateral movement with a total of 6 steps, which is more than 30 percent of the total steps. Microsoft’s XDR solution provides visibility into each stage of lateral movement, whether access is gained through brute force (5.A.3), valid accounts (14.A.3), pass the hash (17.A.1) or any other technique. When tools are being transferred laterally (sub-steps 5.A.6, 18.A.3), Microsoft’s XDR shows the full context of what was transferred, from which host to which destination. Whether the execution on the target host happens through masqueraded PsExec (17.A.1), plink.exe (9.A.5), or WMI (18.A.5), we provide detection and visibility. 

A screenshot of the Microsoft 365 Defender portal showing tools being transferred across hosts.

Figure 7. Sub-step 5.A.6 Microsoft 365 Defender portal showing tools being transferred across hosts.

Identity threat detection and response spanning the cloud to on-premises 

Part of the MITRE evaluation emulated one of the fastest-growing threat vectors—identity-based attacks where malicious actors seek to exploit identities in the cloud and on-premises, or the underlying infrastructure and policies governing them. Microsoft XDR has native endpoint and identity protection to counter these types of attacks by providing security teams with high-fidelity, contextual signals that other vendors either lack entirely or require a separate integration for. Throughout the attack, Microsoft 365 Defender provided visibility on all identity-related attack steps like sensitive group enumeration, password spraying, and creation of accounts and unusual additions to sensitive groups.  

Screenshot of the Microsoft 365 Defender portal showing details on a suspected brute-force attack.

Figure 8. Sub-step 5.A.3: Our identity sensors on Active Directory revealed the utilization of the Password Spraying technique, providing information about the users whose login attempts failed and number of such attempts. 

Screenshot of Microsoft 365 Defender portal showing signals from Active Directory indicating the creation of suspicious accounts, aimed at establishing persistence.
Screenshot of the Microsoft 365 Defender portal showing a signal of unusual additions to a sensitive group, aimed at establishing persistence.

Figures 9 and 10. Sub-step 17.A.5: Active Directory signals revealed the creation of accounts and unusual additions to sensitive group, all aimed at establishing persistence.   

Security in the era of AI 

The MITRE ATT&CK evaluation focused on detection and prevention in the case of one type of attack, for which Microsoft effectively blocked at the earliest step at every attack stage. In real world scenarios where millions of attacks are waged every day, sometimes adversaries can breach the security perimeter. With AI breakthroughs introduced by Microsoft, security teams have already seen first-hand how they can scale their defenses against breaches and respond in novel ways that challenge the assumption of an asymmetric battlefield.  

Announced in November 2022, Microsoft 365 Defender’s unique, industry-first automatic attack disruption stops the most sophisticated attack campaigns at machine speed like this Turla attack, spanning ransomware, business email compromise, and adversary-in-the-middle. This capability combines our industry-leading detection with AI-powered enforcement mechanisms to block threats early in the kill chain and contain their advancement. Analysts have a powerful tool against human-operated attacks while leaving them in complete control of investigating, remediating, and bringing assets back online. 

Microsoft Security Copilot, first announced at Microsoft Secure in March 2023, is the industry’s first generative AI security product that allows security teams to move at machine speed. It combines OpenAI’s GPT-4 generative AI model with Microsoft’s security-specific model informed by our unique global threat intelligence and more than 65 trillion daily signals. Security teams benefit from Security Copilot by simplifying complex tasks with capabilities like guided response actions, and gaining intuitive, actionable insight across the threat landscape such as summarized incidents in natural language. As a result, organizations can detect threats earlier and outpace adversaries. Security Copilot is currently in private preview and in the nomination period for an early access program. The single best way to prepare to realize the benefits of Microsoft Security Copilot is by adopting and deploying Microsoft 365 Defender today.  

Customer reality is core to Microsoft’s testing approach 

As the threat landscape rapidly evolves, Microsoft is committed to empowering defenders with industry-leading, cross-platform XDR. Our evaluation philosophy is to reflect the real world by configuring the product as customers would in line with industry best practices. For instance, our configuration used the most updated OS versions to test the latest protection available to customers. In the MITRE Evaluations, as with all simulations, Microsoft 365 Defender achieved industry-leading visibility without manual processing or fine-tuning and can be run in customer environments without generating an untenable number of false positives. Microsoft’s commitment to protection while minimizing false positives is reflected in regularly occurring public evaluations.  

We thank MITRE Engenuity for the opportunity to contribute to and participate in this year’s evaluation. 

Learn more

Learn more about Microsoft 365 Defender.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

About MITRE Engenuity ATT&CK® Evaluations  

ATT&CK® Evaluations is built on the backbone of MITRE’s objective insight and conflict-free perspective. Cybersecurity providers turn to the Evaluations program to improve their offerings and to provide defenders with insights into their product’s capabilities and performance. Evaluations enable defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology using a collaborative, threat-informed, purple-teaming approach that brings together providers and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity’s commitment to serve the public good, Evaluations results and threat emulation plans are freely accessible. ATT&CK Evaluations | MITRE Engenuity (mitre-engenuity.org) 

About MITRE Engenuity 

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle © 2023 MITRE Engenuity, LLC. Approved for Limited Release to MITRE Engenuity ATT&CK® Evaluations: Enterprise 2023: Turla Participants. national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, investing in pandemic preparedness, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. 

New security features in Windows 11 protect users and empower IT

/in /by

While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,1 and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive data like credentials and encryption keys, Windows 11 has elevated the security bar for all. Our goal is to protect organizations by simplifying security, building in stronger protections from the chip to the cloud.

From more secure and easy-to-use authentication with multifactor authentication to adding extra layers of protection for applications and data, we’ve simplified and enabled more security features by default than ever before with Windows 11. These features are designed to help stop attacks we’re seeing now as well the more sophisticated and targeted attacks that we expect to become more mainstream in the future. We have also begun to adopt memory-safe languages like Rust, starting with using Rust code for two traditional attack targets—Font Parsing and Win32k Kernel.

When we launched Windows 11 it came with new hardware and software features like secure boot, virtualization-based security, hypervisor-protected code integrity, and Windows Hello using the Trusted Platform Module (TPM) on by default in many regions. Since turning those features on, organizations have reported a 58 percent reduction in security incidents, and a three times reduction in firmware attacks—a highly attractive and lucrative target for attackers. Our data shows that 83 percent of Windows 11 devices use three or more security features. 

We’re excited to take the next step on this journey with updates for security and IT professionals available today and on by default for new installs of Windows 11.

New Windows 11 security features

Windows 11 features give you the power to create, collaborate, and keep your stuff protected.

Learn more 

Side view close-up of a man typing on his phone while standing behind a Microsoft Surface Studio.

The next step towards eliminating passwords entirely

Microsoft global threat intelligence processes more than 65 trillion security signals every day. That intel has shown us there are more than 4,000 password attacks every second.2 Everyday cybercriminals as well as nation-state attackers like Peach Sandstorm are leveraging password spray attacks to compromise high-value targets in sectors like satellite, defense, and pharmaceuticals. Organizations can reduce their risk of compromise to these kinds of attacks with Windows passwordless authentication and multifactor authentication features that offer more protection than traditional passwords.

Passkeys make passwordless easier and more universal: Windows 11 will make it much harder for hackers who exploit stolen passwords through phishing attacks by empowering users to replace passwords with passkeys. Passkeys are the cross-platform future of secure sign-in management. Microsoft and other technology leaders are promoting passkeys as part of the FIDO Alliance. A passkey creates a unique, unguessable cryptographic credential that is securely stored on your device. Instead of using a username and password to access a website or application, Windows 11 users will be able to use and protect passkeys using Windows Hello or Windows Hello for Business, or their phone. This will allow users to access the site or app using their face, fingerprint, or device PIN. Passkeys on Windows 11 will work on multiple browsers including Microsoft Edge, Google Chrome, Firefox, and others. Setting up a passkey in Windows is accomplished by:

  • The website or application owner creates a passkey and offers it to you as a sign-in option instead of your password—website and app owners will need to develop their own passkeys infrastructure on their sign-in experience.
  • Once you create the passkey on your device, the next time you sign in to that website or app from your device it will recognize that you have its passkey, and you can use it instead of a password. If you are using Windows Hello or Windows Hello for Business, you will be able to use your face, PIN, or fingerprint to sign in more easily. In addition, you can now use a passkey from your phone or tablet to complete the sign-in process.
  • Users will have a management dashboard through Settings –> Accounts –> Passkeys to see and manage passkeys on their Windows 11 device.

Simplifying and modernizing security for IT by reducing the attack surface 

The latest Windows 11 will also include powerful new tools that enable IT teams to keep their organizations and employees more secure. We’re improving authentication, making it easier for IT to lock down and maintain policy configurations, adding more controls through Intune.

Phish-resistant credentials with Windows Hello for Business Passwordless: Windows 11 devices with Windows Hello for Business or FIDO2 security keys can protect user identities by removing the need to use passwords from day one. IT can now set a policy for Microsoft Entra ID-joined machines, so users no longer see the option to enter a password when accessing company resources. Once the policy is set, it will remove passwords from the Windows user experience, both for device unlock as well as in-session authentication scenarios. With this change, users can now navigate through their core authentication scenarios using strong, phish-resistant credentials like Windows Hello for Business or FIDO2 security keys. If ever necessary, users can leverage recovery mechanisms such as Windows Hello for Business PIN reset or web sign-in. Web sign-in is now available for all supported Microsoft Entra ID authentication mechanisms in addition to Temporary Access Pass (TAP) and education scenarios.

Maintain IT policy control with Config Refresh: Config Refresh is designed to revert policies to a secured state if they’ve been tampered with by potentially unwanted applications or user tampering with the registry. Config Refresh allows Windows 11 devices to be reset every 90 minutes by default, or every 30 minutes if desired, within the policy configuration service provider (CSP). This capability ensures that your settings are retained in the way IT configured them. The policy CSP covers hundreds of settings that were traditionally set with Group Policy and does so through Mobile Device Management, like Microsoft Intune. To enable help desk technicians to support their teams more efficiently Config Refresh can also be paused by IT administrators for a configurable period of time, after which it will be automatically re-enabled. It can also be turned back on at any time by an IT administrator. Starting today, Config Refresh is available to our Insiders and coming soon to all organizations.

Only allow trusted apps with Custom App Control: Applications are the lifeblood of our digital experiences, but they can also become entry points for attackers. With application control, only approved and trusted apps are allowed onto devices. By controlling unwanted or malicious code from running, application control is a critical part of an overall security strategy. Application control is often cited as one of the most effective means of defending against malware. Organizations using Windows 10 and above use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital estate from malicious code. Organizations using Microsoft Intune to manage their devices are now able to configure App Control for Business in the admin console, including setting up Intune as a managed installer.

New configurations in Windows Firewall: We are excited to announce some enhanced management and capabilities for the built-in Windows Firewall to help IT provide better overall protection. Windows Firewall now supports:

  • Application Control for Business (previously known as Windows Defender Application Control) app ID tagging with Windows Firewall rules though Intune. This enables IT to target Windows Firewall rules to specific applications without an absolute file path. 
  • The ability to configure network list manager settings to determine when a Microsoft Entra ID (previously known as Azure Active Directory) device is on your on-premises domain subnets so firewall rules can properly apply. The network list manager settings for Windows Firewall can be used for location awareness. 
  • There is now better support in settings to configure more granular Windows Firewall logging for domain, private, and public firewall profiles, as well as the ability to specify Windows Firewall inbound and outbound rules for ICMP types and codes.

Our continued investment in security and innovation

Our MORSE team, Microsoft Offensive Research and Security Engineering, has been working hard to ensure security is a critical piece of the software development lifecycle. In the last year, the team has dedicated 1.9 million virtual machine hours and more than 84,000 Azure CPU cores dedicated to proactively fuzzing code. In addition to that, we’ve made nearly 700 improvements in our code just the last few months by strengthening the software development lifecycle with security checks and balances, including new automation and AI to help developers find bugs on their own. The proactive work of this team to continue to improve the integrity of our code both old and new is part of our commitment to ongoing investment and innovation in security. The team has released learnings and tools to the community as well like our open source fuzzing tool, Microsoft OneFuzz.

We’re looking forward to continuing this journey to make Windows more secure from the chip to the cloud with every update.

Identity hunting with an enhanced IdentityInfo table

/in /by

by Or Tsemah

Advanced hunting with an enhanced IdentityInfo table

Back in June 2023, we announced the enhanced IdentityInfo table in Microsoft 365 advanced hunting for Microsoft Defender for Identity customers. Today, we are expanding the availability of this table for all Microsoft defender for Cloud apps customers as part of our journey to enable this experience for all Microsoft 365 Defender customers.

thumbnail image 1 of blog post titled Identity hunting with an enhanced IdentityInfo table

What do I get?

With this new table, security analysts have much broader experience with identity-based hunting, allowing them to query more attributes from all detected providers, such as Entra ID assigned roles or Defender for Identity Sensitivity tags for on-premises Active Directory identities, to further enhance their experience and create new powerful queries and custom detections.

Do I need to do anything?

No, the new updated table will appear for all Defender for Identity and cloud apps automatically.

Where can I learn more?

You can view the updated schema details here.

What’s next?

We are constantly working on expanding the available schema with more attributes, stay tuned.

Microsoft Purview DevOps policies for Azure SQL MI enters Public Preview

/in /by

by Vlad Rodriguez

Access to system metadata is crucial for IT and DevOps personnel to ensure that critical database systems are healthy, performing to expectations, and secure. You can grant and revoke that access efficiently and at scale through Microsoft Purview DevOps policies.

Microsoft Purview DevOps policies already support integrations with Azure SQL Database (GA) and SQL Server 2022 via Azure Arc (GA). DevOps policies is already Generally Available (GA) for those two data sources. I am pleased to announce that today we are adding one more data source to the list: Azure SQL Managed Instance into Public Preview.

thumbnail image 1 captioned Figure 1: Screenshot of DevOps policyFigure 1: Screenshot of DevOps policy

Here is a quick video showcasing Microsoft Purview DevOps policies: https://aka.ms/Microsoft-Purview-DevOps-Policies-Video

Here is how you can configure DevOps policies for Azure SQL MI:

Manage access to Azure SQL MI system health and performance using Microsoft Purview DevOps policies,…

2 Likes

 Like

Basic cyber hygiene prevents 98% of attacks

/in /by

by Quy Nguyen

In today’s digital era, businesses rely heavily on technology and online systems. To help safeguard against cyber threats and ensure business continuity, maintaining basic cyber hygiene is imperative. Adhering to basic security hygiene can protect against 98% of attacks.1

thumbnail image 1 of blog post titled Basic cyber hygiene prevents 98% of attacks

Here are five key standards every organization should adopt:

  1. Require phishing-resistant multifactor authentication (MFA):
    • Enable MFA to help prevent 99.9% of attacks on your accounts.2
    • Opt for MFA options with minimal user friction, like biometrics or FIDO2 compliant factors such as Feitan or Yubico security keys.
    • Use conditional access policies and single sign-on (SSO) to streamline the user experience.
  2. Apply Zero Trust principles:
    • Implement a Zero Trust approach to security, verifying every transaction, asserting least-privilege access, and relying on intelligence, advance detection, and real-time response to threats.
  3. Use modern anti-malware:
    • Deploy extended detection and response and anti-malware solutions to help detect threats, automatically block attacks, and provide actionable insights.
    • Leverage security automation and orchestration to streamline threat detection and response.
  4. Keep systems up to date:
    • Unpatched and out of date systems can lead to increased risk. Regularly update firmware, operating systems, and applications to reduce vulnerabilities.
  5. Protect data:
    • Understand your data landscape, label and classify sensitive data, and establish access controls.
    • Address insider risks using the right people, processes, training, and tools to help take into account user context around data.
    • Ensure the proper access controls are in place to help prevent data loss while managing data throughout its lifecycle.

In today’s threat environment, meeting the minimum standards for cybersecurity hygiene is essential and these five pillars can help offer strong protection and reduce risk.

Learn more in the guide Basic cyber hygiene prevents 98% of attacks and visit Security Insider to get more threat intelligence insights.

12022 Microsoft Digital Defense Report

2One simple action you can take to prevent 99.9 percent of attacks on your accounts

4 Likes

 Like

Introducing credit monitoring and privacy protection for Microsoft Defender

/in /by

by Jorn Lutters

Staying safer online in a modern world

Where there once was a clear distinction between our online identities and our offline selves, today they are increasingly intertwined. Similarly, where people were previously occasionally offline, today we’re living in a world of constant connectivity.

This has brought with it many innovations and improvements to our lives but have also made the risks of cyber attacks seriously disrupting our lives a lot more real.


A thriller like 1995’s “The Net” might’ve seemed like a far-fetched scenario when that movie came out nearly 30 years ago, but today people are living the realities of identity theft on a daily basis. According to identitytheft.org, the FTC received 1.4 million identity theft related reports in 2023 to date.

In today’s security landscape, the emphasis of attackers is much more on the person using the device then the person’s devices, requiring modern security solutions to look past the device boundaries to help address these concerns.


Microsoft knows this, and it’s exactly why we launched our first identity theft monitoring functionalities for Defender last year (https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-identity-theft-m…) to help our users keep tabs on leaks affecting their personal data.

Today, we’re excited to announce the expansion of this functionality with two crucial additions to Defender’s security arsenal coming soon to the US: credit monitoring and privacy protection.

thumbnail image 1 of blog post titled Introducing credit monitoring and privacy protection for Microsoft Defender

Credit monitoring

We’re proud to announce we are expanding our identity theft monitoring capabilities with new credit monitoring functionality1. Where identity theft monitoring users already got real time alerts and insights into leaks containing up to 64 of their identity assets online2, credit monitoring helps them stay ahead of any potential impacts of such leaks by continuously monitoring their credit file and credit activities for signs of malicious behavior.

All too often breaches have a delayed fuse; A breach happens, you get alerted about it by the affected party (hopefully), you check your accounts, and life goes on. Right?
The reality is that this breached data is often compiled into big archives that trade hands on the dark web to the highest bidder. And now, five months after the breach happened, you’re noticing you are suddenly getting a lot more spam calls then you used to. That’s the delayed fuse.

And while it’s annoying to have to deal with spam callers, things can get really painful, really quickly when attackers manage to get a hold of credit information or identity details that enable them to access your credit file and impersonate you (such as a Social Security Number). Sometimes you’re lucky and you’ll notice a weird transaction when your credit card statement arrives at the end of the month.

Often times though, these attacks go entirely unnoticed for months or years when malicious individuals will attempt to take out credit in their victim’s names and the affected individual only finds out when they want to take out a new loan or remortgage their house.

This is where credit monitoring comes in. It constantly monitors your credit and will alert you as soon as it sees any activity that might be malicious, from something as small as an unexpected credit activity increase, to credit inquiries, authentication attempts, address changes, and even new credit accounts being opened in your name.

By giving you access to this information as it happens, credit monitoring allows you to take action immediately, and help stop any malicious activity while it is occurring. From contacting the lender involved in the activity to report a fraudulent attempt, or placing a credit freeze, to contacting our 24/7 restoration experts for advice on how to deal with the issue at hand.

And (as is the case for all Defender identity theft monitor subscribers) users of credit monitoring are also covered by identity theft insurance3 up to USD $1 million, and lost funds recovery up to USD $100,000 for added piece of mind.

Together with the existing dark web scanning functionalities in identity theft monitoring, the new credit monitoring functionality helps you and your family stay safer by knowing what data is out there and alerting you if anyone attempts to maliciously use this information for financial gain.

thumbnail image 2 of blog post titled Introducing credit monitoring and privacy protection for Microsoft Defender

Privacy protection

In today’s interconnected world, where the internet plays an integral role in our daily lives, safeguarding our digital security and privacy has become more crucial than ever. We want to be always connected, anytime, and any place. We want to keep our family member’s connections safer. Enter Microsoft Defender’s Privacy protection4, a security feature designed to shield your sensitive data from threats when you are connected via open and public Wi-Fi networks.

When you connect to a public Wi-Fi network, such as at a coffee shop, airport or hotel, you can expose your data to anyone who might be snooping on the same network. Privacy protection reduces online tracking and protects against hackers on unsecured networks. With privacy protection, you can hide your IP address and location from websites, apps, and advertisers that may attempt to track your online activity and collect your personal data.

This feature also encrypts your internet traffic and data through a virtual private network (VPN), making it unreadable and inaccessible to anyone who may try to intercept it, such as hackers, internet service providers (ISPs), or government agencies. At the heart of privacy protection is a commitment to preserving your privacy.

Microsoft holds firm in our promise never to utilize this feature to track, log, or sell your online activities. We believe that your internet usage should remain your business alone. By choosing Defender’s privacy protection, you opt for a service that places your privacy at the forefront, providing you with a genuine sense of online security.

Get Microsoft Defender today

Start using the protections available today by signing into the Microsoft Defender web portal at mydefender.microsoft.com.
Sign-in with the personal Microsoft account (@gmail, @outlook, etc.) linked to your Microsoft 365 Personal or Family subscription or start your 1-month Microsoft 365 Family trial5.

You can download the app from the Microsoft StoreGoogle Play Store, and Apple App Store or as a direct download for MacOS. (if you haven’t already)!

Start using credit monitoring and privacy protection on October 2 2023.

To get started with credit monitoring and privacy protection, visit https://mydefender.microsoft.com, sign-in with the personal Microsoft account (@gmail, @outlook, etc.) linked to your Microsoft 365 subscription, find the identity theft monitoring card on the dashboard, and select “Get started.” 

For privacy protection, download the app and select “Get started” on the privacy protection tile.1

  1. Feature available in the United States and US territories. Credit score is a single bureau VantageScore 3.0 provided by Experian®. The monthly credit report is provided by Experian® using single bureau data. For users under the age of 18 or those without a credit history, credit score not included. Family organizers will not have the ability to onboard, view, and receive alerts related to family member credit monitoring. Your device’s primary display language must be set to English.
  2. A one-time parent or legal guardian verification is required to receive alert details for children. If the organizer’s family member is under 13, consent is not required to create and/or monitor a child’s identity or credit. Consent is required to create and/or monitor identity or credit status of family members over 13 years of age.
  3. The identity theft insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.
  4. Available on Android devices in the United States and US territories. Some streaming services are excluded. After 10 GB per month, data transfer speeds may be limited.
  5. Subscription automatically renews. Cancel any time to stop future charges. After your 1-month free trial, Microsoft 365 Family is $99.99 per year. Credit card required. Cancel any time to stop future charges.