Archive for category: Security

By Dasha Zenkovich, Senior Product Marketing Manager

AI adoption is picking up speed. Many companies are growing their technology estates by embracing powerful new solutions like generative AI. But to maximize the benefits of new technology with confidence, security professionals need to stay compliant with the evolving regulatory and audit requirements in the age of AI. It is in this spirit that Microsoft invites you to join us at RSAC^TM 2025 Conference in San Francisco, where we will showcase end-to-end security designed to help organizations accelerate the secure adoption of AI with ready-to-go security and governance tools and solutions to multiply security teams’ productivity.

Across the Microsoft Security portfolio, our innovations, together with world-class threat and regulatory intelligence, will help give security experts the advantage they need in the era of AI. From our signature Pre-Day to hands-on demos and one-on-one meetings, join the Microsoft experience at RSAC 2025 designed just for you.

Microsoft at RSAC

From our signature Pre-Day to hands-on demos and one-on-one meetings, discover how Microsoft Security can give you the advantage you need in the era of AI.

Explore events 

Kick things off at Microsoft Pre-Day

The Microsoft experience at RSAC 2025 begins with Microsoft Pre-Day on Sunday, April 27, 2025, at the Palace Hotel, just around the corner from the Moscone Center. For the fourth year running, the keynote speech held on Microsoft Pre-Day will kick off the full lineup of Microsoft events and activities throughout RSAC 2025. By joining us on Sunday, you’ll have the chance to hear directly from Microsoft Security business leaders—including Vasu Jakkal, Corporate Vice President, Microsoft Security Business; Charlie Bell, Executive Vice President, Microsoft Security; Sherrod DeGrippo, Director of Threat Intelligence Strategy; and other Microsoft Security leaders as they share reporting on emerging cyberthreat trends and the product innovations designed to protect against them. Vasu will also take the RSAC 2025 stage on Day 1 for the conference keynote.

At Pre-Day, attendees will hear Microsoft Security threat intelligence on emerging trends, explore new AI-first tools, demos, and best practices, and attain a better understanding of how Microsoft can help them secure and govern their AI deployments. Attend to discover how the adaptive, end-to-end security platform from Microsoft, including Microsoft Security Copilot, can help your team catch what others miss, speed up remediation, lower your total cost of ownership, and boost—rather than burden—you and your teams.

Stick around after Pre-Day for the reception—an evening of fun, networking, and entertainment, celebrating the vibrant security community. This is a unique opportunity to meet Microsoft security leaders, expand your professional network, and learn how others are addressing the latest security trends and challenges. Light refreshments will be served. CISOs who register to attend Microsoft Pre-Day will automatically be invited to a chief information security officer (CISO) dinner with Vasu Jakkal.  

Make sure to register for Microsoft Pre-Day to join in on all the day’s activities.

Register for Microsoft Pre-Day at RSAC 2025

Dedicated calendar of events for CISOs

Microsoft will be hosting a number of events tailored to CISOs throughout RSAC 2025. To kick off the week, Microsoft will be hosting a Pre-Day, followed by the exclusive CISO dinner on April 27, 2025. Following, there will be daily lunch and learn opportunities that address some of the primary challenges facing CISOs organizations:

• Monday April 28, 2025: Innovating Securely CISO Lunch—Learn insights concerning secure innovation centered around the new AI regulations, including the EU Act, Digital Operational Resilience Act (DORA), and more.
• Tuesday April 29, 2025: SFI Executive Lunch—Open to all and focused around the needs of Latin America-based CISOs, this lunch will bring together leaders and experts interested in understanding the latest Secure Future Initiative (SFI) progress and exchanging their thoughts on related best practices.
• Wednesday April 30, 2025: Embracing Cyber resilience CISO Lunch—Attendees are invited to network, learn, and exchange their insights regarding cyber resilience as the AI landscape evolves.

Finally, CISOs who attend RSAC 2025 are invited to stay through the end of the conference to attend the Microsoft Post-Day Forum at the Microsoft Experience Center at Silicon Valley on Thursday, May 1, 2025, from 9:00 AM PT to 1:00 PM PT. The day will be full of insightful presentations, interactive discussions, networking opportunities, and a curated CISO roundtable session. This informative day will also include an immersive tour of the unique state-of-the-art Microsoft Experience Center, which highlights larger-than-life solutions that show Microsoft’s cutting-edge technology solving many of today’s challenges. This experience is facilitated by envisioning specialists who spark inspired conversations, creative ideas, and new opportunities for leaders to participate in before returning home.

Sign up for Microsoft experiences at RSAC, including the Pre-Day, the CISO dinner, CISO lunch, and the Post-Day Forum. Request a one-on-one meeting with Microsoft experts to discuss your most pressing questions here.

Discover solutions to your challenges during the keynote speech and Microsoft sessions

As part of the RSAC agenda, Vasu Jakkal will take the stage on Monday, April 28, 2025, at 4:40 PM PT. During the speech, she will discuss the potential of agentic workflows to dramatically reshape the security landscape. Agentic AI has the power to enable more complex problem-solving, deeper agent collaboration, and iterative learning. All of this leads us toward a previously unheard-of new paradigm for security. Join Vasu Jakkal for an imaginative look at the future of AI security agents and how the people of our security teams will work alongside them to change the game.

​After the keynote and throughout the conference, attendees will be able to split their time between the Microsoft Security sessions included in the RSAC 2025 agenda, live demonstrations at booth #5744 in Moscone North, and a variety of roundtables, one-on-one meetings, and presentations at the Microsoft Security Hub at the Palace Hotel.

Here are two sessions not to miss:

• Tuesday, April 29, 2025, at 9:40 AM PT: Shaping the Future of Security with Agentic AI​—In a time of rapidly evolving cyberthreats, agentic AI is emerging as a transformative force in security. Join Dorothy Li, Corporate Vice President of Microsoft Security Copilot and Marketplace, to discover how autonomous decision-making is reshaping our approach to cybersecurity. This session will reveal how agentic AI empowers organizations to proactively mitigate risks, enhance operational efficiency, and elevate the effectiveness of your security tools. Attendees will gain actionable insights and practical strategies for harnessing the potential of agentic AI. Prepare to rethink the future of security and position your organization at the forefront of innovation.​
• Wednesday, April 30, 2025, at 9:40 AM PT: Accelerate AI Adoption with Stronger Security—AI adoption is accelerating, creating both new opportunities and security challenges. Led by Neta Haiby, Partner Product Manager at Microsoft​, this session covers key AI adoption trends, emerging risks, and common cyberthreats. Discover actionable steps to secure and govern AI, from establishing a dedicated security team for AI to adopting AI-specific solutions, ensuring your organization can innovate with confidence.​

Other well-known Microsoft experts will host session sharing what they’ve learned from their work pioneering and securing AI:

• Wednesday, April 30, 2025 at 8:30 AM PT: Guardians of the Cyber Galaxy: Allies Against AI-Powered Cybercrime by Sean Farrell, Assistant General Counsel, Digital Crimes Unit.
• Monday, April 28, 2025 at 1:10 PM PT: AI Era Authentication: Securing the Future with Inclusive Identity by Abhilasha Bhargav-Spantzel, Partner Security Architect, and Aditi Shah, Senior Data and Applied Scientist.
• Tuesday, April 29, 2025, at 8:30 AM PT: AI Safety: Where Do We Go From Here? by Ram Shankar Siva Kumar, Principal Research Lead, AI Red Team Lead.
• Tuesday, April 29, 2025, at 2:25 PM PT: Lessons Learned from a Year(ish) of Countering Malicious Actors’ Use of AI by Sherrod DeGrippo, Director, Threat intelligence strategy.

View live demonstrations and discover engaging ways to learn at booth #5744

At the Microsoft booth, attendees will have the chance to engage with experts, discover ready-to-go security and governance tools built for generative AI, and watch theater sessions showcasing the latest products, innovations, and industry perspectives from Microsoft. They’ll also get to enjoy a fun and interactive gaming experience. 

Microsoft product and partner experts will be on hand to showcase the newest advancements through captivating demonstrations, informative videos, and valuable resources. 

Visit the Microsoft booth theater for exclusive 20-minute demos and expert-led sessions on the latest in security and AI. Explore strategies to protect, govern, and secure AI. Listen in to insights on identity, compliance, privacy, threat defense, data protection, and more. Don’t miss this opportunity to learn from industry leaders and stay ahead in the ever-evolving security landscape.

Meetings and connections at the Microsoft Security Hub

The historic and luxurious Palace Hotel is home base for Microsoft during the week. RSAC 2025 attendees are invited to meet with Microsoft experts and executives, attend thought leadership sessions and roundtable lunches, and join networking opportunities. Detailed information about individual sessions can be found on the Microsoft Security Experiences at RSAC 2025 Landing Page.

Customers are also invited to deepen their understanding of the latest cybersecurity threats, trends, and developments by discussing their most important security product and threat intelligence questions directly with Microsoft security experts through scheduled one-on-one meetings, held from Monday, April 28, 2025, to Wednesday, April 30, 2025, at the Palace Hotel. Request your meeting directly through the Microsoft Security Experiences at RSAC 2025 Home Page.

Microsoft Intelligent Security Association featured partners

The Microsoft Intelligent Security Association (MISA) will once again have a considerable presence at RSAC 2025. MISA partners will be featured in the Microsoft Booth #5744 and included in other events happening throughout the week. Additionally, the sixth annual Microsoft Security Excellence Awards, presented by MISA, will be held at the Palace Hotel in San Francisco on April 28, 2025, celebrating our finalists and announcing winners in nine award categories as well as enjoying a time of connecting. 

Activities include:

• MISA demo station: Stop by the Microsoft Booth to explore the innovative solutions developed by MISA members, which integrate Microsoft Security technology.
• Theater sessions: Attend one or more of our five theater sessions at the Microsoft booth, led by MISA members, focusing on partner strategies and solutions for cyberthreat protection.
• View the MISA demo and theater schedule.
• MISA Partner awards: MISA members are invited to attend the Microsoft Security Excellence Awards on Monday, April 28, 2025, where winners will be announced in nine security award categories.

Get the most by staying through Microsoft Post-Day

Microsoft Post-Day Forum is a unique experience designed to help customers, CISOs, and security leaders dive deep into new concepts, ask questions they need answered about product features, and prepare to realize and enable the AI-first, end-to-end security concepts they’ve learned about throughout RSAC 2025. The Microsoft Post-Day Forum, hosted by Microsoft Security executives, will be held on Thursday, May 1, 2025, from 10:00 AM PT to 1:00 PM PT, at the Silicon Valley Experience Center. Pick up for the event will be held at the Palace Hotel at 8:00 AM PT, with drop off organized for 2:00 PM PT.

We look forward to seeing you at RSAC 2025!

Learn more about the Microsoft experience at RSAC 2025

Customers and partners can register for the events highlighted in this blog as well as other Microsoft ancillary events and more here.

Explore Microsoft Security events at RSAC 2025

By Benjamin Lim, Director, Microsoft Safety Occasions

Inspiration can spark immediately once you’re at a convention. Maybe you uncover a brand new instrument throughout a keynote that might prevent hours of time. Or possibly a peer shares a narrative over espresso that makes you rethink an strategy. One dialog, one session, or one occasion may offer you recent concepts, renewed pleasure, and a imaginative and prescient for what to do subsequent.

Within the present AI panorama, inspiration and knowledge are extra vital than ever for safety professionals to remain forward of risk actors. So when you’re seeking to enhance your abilities and keep forward of the risk panorama, be a part of Microsoft Safety on the prime cybersecurity occasions in 2025.

Whether or not you be a part of us at an business staple like RSAC or one among our personal occasions like Microsoft Safe, you’ll be able to profit in a number of key methods:

• Get insights and techniques wanted to beat obstacles and drive your safety initiatives ahead with confidence.
• See reside demos of the most recent merchandise, product options, abilities, and instruments you should utilize in your work. Be among the many first to listen to about Microsoft Safety improvements, corresponding to Microsoft’s Safe Future Initiative and XSPA (cross-site port assault) updates attendees of Microsoft Ignite 2024 heard.
• Study from Microsoft Safety consultants on international risk intelligence.
• Community with different like-minded safety professionals, be taught greatest practices out of your friends, and meet one-on-one with our consultants.

No matter your function, there’s an occasion for you and a path to efficiently safeguarding your group.

Microsoft at RSAC

From our signature Pre-Day to hands-on demos and one-on-one conferences, uncover how Microsoft Safety can provide the benefit you want within the period of AI.

Register now 

Conferences to encourage and have interaction everybody

Safety professionals of all ranges can profit from attending one of many greatest cybersecurity occasions, together with RSAC, Black Hat, plus two premier Microsoft occasions—Microsoft Safe (digital) and Microsoft Ignite (in-person and digital). If you happen to love being the primary to listen to about Microsoft product improvements, don’t miss these Microsoft occasions with insights each safety skilled can put to good use.

Microsoft Safe

Date: April 9, 2025
Location: On-line solely

Microsoft Safe is Microsoft’s cybersecurity convention. This 12 months’s one-hour digital showcase will highlight AI-first, end-to-end safety improvements with clear use circumstances and buyer tales of how they use our instruments every day. Attendees will deep-dive into cybersecurity merchandise and techniques together with hundreds of different cybersecurity professionals.

RSAC

Dates: April 27-Could 1, 2025
Location: San Francisco, CA

RSAC 2025 is a can’t-miss safety convention, bringing collectively greater than 40,000 safety professionals to debate the most recent cybersecurity challenges and innovation with one of the best of one of the best. With the theme of “Many Voices. One Neighborhood,” RSAC will function keynotes, monitor classes, interactive classes, networking alternatives, and an expo designed to foster superior safety methods.

All through RSAC, Microsoft Safety will showcase end-to-end safety improvements and share world class risk and regulatory intelligence to provide the benefit you want within the period of AI. From our signature Pre-Day to hands-on demos and one-on-one conferences, uncover how Microsoft Safety can provide the benefit you want within the period of AI.​ Try the full Microsoft at RSAC experience.

Learn more about the Microsoft Events at RSA Conference 2025

Black Hat

Dates: August 2-7, 2025
Location: Las Vegas, NV

The Black Hat Conference is a premier studying occasion within the cybersecurity business, identified for its in-depth technical classes and cutting-edge analysis displays on subjects like essential infrastructure and knowledge safety analysis information.

Microsoft is a key sponsor of the convention annually, the place we showcase our newest discoveries and AI analysis on real-world issues and options. Final 12 months, our AI Pink Teaming in Follow coaching classes and our AI Summit roundtables have been successful. Black Hat can also be identified for its safety group celebrations, together with the Cybersecurity Lady of the 12 months Awards and the Researcher celebrations, which we participate in yearly.

Learn more about the Black Hat Conference 2025

Microsoft Ignite

Dates: November 17-21, 2025
Location: San Francisco, CA, and on-line

Microsoft Ignite is Microsoft’s greatest annual convention for builders, IT professionals, enterprise leaders, safety professionals, and companions. Hundreds of safety professionals such as you attend yearly to listen to the most important safety product bulletins from Microsoft Safety and acquire coaching and skilling to organize for future developments in AI. Safety professionals of all ranges can be a part of interactive labs, workshops, keynotes, technical breakout classes, demos, and extra, led by Microsoft Safety leaders and consultants.

Over the previous few years, we’ve actually boosted Microsoft Safety experiences at Microsoft Ignite. Final 12 months, we hosted the Microsoft Ignite Safety Discussion board for safety leaders and two workshops on AI crimson teaming and Microsoft 365 Copilot deployment. Plus, we hosted greater than 30 sessions demoing new options that will help you safe your setting, use your favourite Microsoft instruments safely and securely, and ensure your organizational processes prioritize safety first.

If you happen to attend Microsoft Ignite in particular person this 12 months, you gained’t need to miss our Safety Leaders Dinner or the safety group social gathering. If you happen to’re not capable of attend in particular person, you’ll be able to register for our digital occasion.​ Signal as much as be taught extra.

Learn more about Microsoft Ignite 2025

Occasions for safety leaders and decision-makers

Microsoft AI Tour

Dates: By way of Could 30, 2025
Location: A number of worldwide

The Microsoft AI Tour is a free, one-day occasion for executives that explores the methods AI can drive progress and create lasting worth in a number of cities across the globe. Whether or not you’re a purposeful decision-maker who evaluates investments, an IT staff member charged with safety, or a CISO revamping your safety technique, there can be useful safety content material tailor-made to your wants.

Microsoft Safety’s prime enterprise leaders attend AI tour places worldwide to share with you the way Microsoft Security Copilot enables you to shield on the velocity and scale of AI. They’re additionally out there to fulfill with you.

Reserve your spot at an event near you

Gartner Safety and Danger Administration Summit

Dates: June 11th of September, 2025
Location: Nationwide Harbor, MD

The Gartner Security and Risk Management Summit (Gartner SRM) explores traits in cybersecurity threat administration, together with the combination of generative AI, being an efficient CISO, the significance of balancing response and restoration efforts with prevention, combating misinformation, and shutting the cybersecurity abilities hole to construct a resilient workforce.

Microsoft Safety executives host classes at Gartner SRM that will help you make sure the safety of AI techniques and undertake AI to drive innovation and effectivity. Our hottest subjects focus on securing and governing AI.

Learn more about the Gartner Security and Risk Management Summit

Occasions for technical and safety practitioners

Safety groups search for conferences that present specialised data on the business by which they work or on a slender cybersecurity matter.

Legalweek

Dates: March 24-27, 2025
Location: New York, NY

Legalweek is a weeklong convention the place roughly 6,000 members of the authorized group will collect to community with their friends, discover rising traits, highlight the most recent tech, and provide a roadmap by way of business shifts. Matters explored at previous Legalweek conferences embrace the moral and regulatory influence of utilizing your knowledge to coach AI, litigation within the age of cybersecurity, and maximizing effectivity and authorized automation.  

This 12 months, we’ll be sponsoring three classes on AI and one on collaboration in advanced litigation. As in years previous, Microsoft is internet hosting an Government Breakfast at Legalweek from 7:30 AM ET-8:45 AM ET on Tuesday, March 25, 2025. RSVP today and cease by Sales space #3103 in New York Hilton Midtown Americas Corridor 2 to be taught extra in regards to the newest Microsoft Purview improvements. If you happen to’d like to fulfill with our staff whereas at Legalweek, sign up for a one-on-one meeting.

Learn more about Legalweek 2025

Identiverse

Dates: June 3-6, 2025
Location: Las Vegas, NV

Limiting entry to AI, apps, and assets to these with the correct permissions is a vital a part of safety. The Identiverse conference supplies schooling, collaboration, and perception into the way forward for identification safety. Greater than 2,500 attendees will share insights, develop new concepts, and advance the state of contemporary digital identification and safety.

The occasion options classes on greatest practices, business traits, and newest applied sciences; an exhibition corridor to showcase the most recent identification answer improvements; and networking alternatives. Microsoft will host a sales space the place attendees can join with Microsoft Safety consultants and leaders.

Learn more about Identiverse 2025

Occasions for builders

The cybersecurity expertise scarcity is requiring many to step up even when cybersecurity isn’t of their official job description. In case you are an IT skilled being tasked with cybersecurity or somebody with an eagerness to be taught cybersecurity ways, be a part of our Microsoft occasions geared toward serving to you uplevel your cybersecurity abilities.

Microsoft Construct

Dates: Could 19-22, 2025
Location: Seattle, WA

Safety is a staff sport and builders are more and more the primary string staff members who construct safety into the event of functions. Microsoft Build Conference 2025 is Microsoft’s developer-focused occasion. It should showcase thrilling updates and improvements from Microsoft Safety for builders to create AI-enabled safety options for his or her organizations.

The occasion consists of connection alternatives, demos, and security-focused classes. Previous subjects have included utilizing AI to speed up improvement processes, instruments for enhancing the developer expertise, and techniques for constructing within the cloud. Keep updated on Microsoft Construct information and find out when registration is open.

Learn more about the Microsoft Build Conference 2025

Discover your inspiration at an occasion this 12 months

Cybersecurity occasions foster a tradition of steady studying and adaptation, empowering you to remain forward of rising cyberthreats and keep a resilient safety posture. The concepts will stream freely at these occasions. Whether or not you attend one of many greatest conferences of the 12 months or a smaller occasion (or each), you’ll be in good firm. Microsoft Safety can be there be, too, excited to share and wanting to be taught.

Hope to see you at a future occasion!

To be taught extra about Microsoft Safety options, go to our website. Bookmark the Security blog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.

• By Jessica Afeku, Senior Product Advertising Supervisor

1000’s of safety professionals will be part of us for Microsoft Ignite 2023 from November 14 to 17, 2023, the place we’ll share the best way to embrace the AI period confidently, with safety for folks, knowledge, units, and apps that extends throughout clouds and platforms. With greater than 45 safety periods, there are numerous thrilling keynotes, breakouts, and demonstrations to fill your time. That will help you navigate the Microsoft Safety expertise at Microsoft Ignite, we’ve put collectively a information of featured periods for safety professionals of all ranges, whether or not you’re attending in individual or on-line.  

Whereas our in-person tickets have offered out, registration for the digital occasion continues to be obtainable to take part within the Microsoft Safety expertise at Microsoft Ignite, which incorporates periods on safety methods and sensible functions. In each tracks,​ you’ll be taught concerning the newest improvements and implementation methods from Microsoft Safety throughout complete safety, unified visibility, and Microsoft Safety Copilot. Preserve studying this weblog submit for concepts on keynotes, breakout periods, and discussions to take a look at. Register to browse our session catalog and bookmark periods you’d prefer to attend.

Catch the information highlights throughout our keynote

Our announcement-packed keynote from Charlie Bell, Govt Vice President, Microsoft Safety, and Vasu Jakkal, Company Vice President, Safety, Compliance, Id, and Administration, Microsoft, might be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them throughout their keynote, “The Future of Security with AI.” They are going to share how Microsoft is delivering AI for safety with Microsoft Security Copilot, and the way we allow organizations to safe and govern AI with new capabilities. This new period of AI affords unprecedented alternatives to raise human potential but additionally challenges organizations with unknowns and dangers.

Register for Microsoft Ignite Security sessions

Be taught safety methods for as we speak’s and tomorrow’s challenges 

Our cybersecurity technique periods are centered on equipping you to leverage AI and Microsoft Safety options to strengthen your risk protection technique. Be part of these periods to take your methods to the following stage throughout identification safety, code-to-cloud approaches, business finest practices for AI, and the newest learnings in risk intelligence.   

Technique periods to contemplate becoming a member of embrace:

• “How we secure the Microsoft estate” (BRK291H: in-person and on-line): Be part of a hearth chat with Bret Arsenault, Company Vice President and Chief Info Safety Officer, on Microsoft’s strategy to safety and the way Microsoft plans to adapt because the business continues to embrace the brand new period of AI.
• “Boosting ID Protection Amid Sophisticated Attacks” (BRK294H: in-person and on-line): Alex Weinert, Vice President, Id Safety, and Mia Reyes, Director, Foundational Safety—Cybersecurity, will supply a deep dive into the escalating panorama of cyberthreats focusing on digital identities amid the evolving tech realms of the Web of Issues, operational expertise, and hybrid workspaces. Study innovation in automated key administration and {Hardware} Safety Modules for fortified key storage, essential in mitigating human errors and bolstering defenses in opposition to refined aggressors.
• “This Year In Threats: Tales From Microsoft’s Global Fight Against APTs” (BRK299: in-person solely): Sherrod DeGrippo, Director of Risk Intelligence, and John Lambert, Company Vice President, Distinguished Engineer, Microsoft Safety Analysis, will talk about how Microsoft defends prospects on the nexus of the cyber and bodily worlds and the way they’ll be part of our international alliance to assist in giving unhealthy actors nowhere to cover. This 12 months, Microsoft Risk Intelligence stood with its companions on the forefront of the worldwide response to probably the most impactful threats and incidents. On this session, look again on the risk actors and campaigns that outlined 2023 and listen to our consultants inform their favourite tales from the entrance line.
• “Secure access in the AI era: What’s new in Microsoft Entra” (BRK297H: in-person and on-line): Jade D’Souza, Product Supervisor; John Savill, Cloud Answer Architect; and Pleasure Chik, President, Id and Community Entry, will supply particulars on improvements for Microsoft Entra ID (previously Azure Lively Listing) that may enable you to robotically forestall identification compromise, implement granular entry insurance policies, govern permissions, and leverage AI to safe entry for anybody to something from wherever. This demo-centric session will observe an worker as they onboard, entry sources, and collaborate.
• “Unifying XDR + SIEM: A new era in SecOps” (BRK293H: in-person and on-line): Preeti Krishna, Principal Product Supervisor, and Rob Lefferts, Company Vice President, Microsoft Risk Safety, will supply insights on how the newest improvements in generative AI, computerized assault disruption, embedded risk intelligence, decoy property, a reimagined consumer interface, and cloud posture administration capabilities will supercharge your risk detection, response, and protection.
• “Secure and govern your data in the era of AI” (BRK296H: in-person and on-line): Erin Miyake, Principal Product Supervisor; Herain Oberoi, Advertising Chief; Tina Ying, Senior Product Advertising Supervisor, Insider Danger Administration; and Rudra Mitra, Company Vice President, Microsoft Information Safety and Compliance, will reveal how Microsoft Purview’s complete strategy to knowledge safety, compliance, and privateness helps empower organizations to guard and govern their knowledge.
• “Security for AI: Prepare, protect, and defend in the AI era” (BRK298H: in-person and on-line): Douglas Santos, Senior Product Supervisor; Maithili Dandige, Associate Group Program Supervisor, Microsoft 365 Safety and Compliance; and Shilpa Bothra, Senior Product Advertising Supervisor, will talk about the significance of stopping delicate knowledge leaks in AI as third-party AI apps develop exponentially and hackers proceed to launch adversarial assaults utilizing generative AI. Depart this session with a stable protection and methods to safe knowledge as you work together with AI utilizing Microsoft’s complete safety suite.

Achieve sensible functions with in-depth product views

When strategizing a safety strategy, expertise options play a vital position. That will help you turn into an professional on safety options and implement new options inside your group, Microsoft Ignite will embrace periods exploring the use instances of Microsoft options, together with Safety Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Sensible utility periods to contemplate becoming a member of embrace:

• “Boost multicloud security with a comprehensive code to cloud strategy” (BRK261H: in-person and on-line): Safeena Begum, Principal Product Supervisor, and Yuri Diogenes, Principal Product Supervisor, will discuss how Microsoft Defender for Cloud may also help you fortify your defenses and improve your incident response technique with cloud safety graphic insights and tailor-made analytics from Defender for Cloud workload safety plans.
• “Fortified security and simplicity come together with Microsoft Intune” (BRK263H: in-person and on-line): Archana Devi Sunder Rajan, Associate Group Product Supervisor, Microsoft Intune; Dilip Radhakrishnan, Associate Group Product Supervisor, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Associate Director of Engineering, will talk about how the following era of endpoint administration and safety capabilities from Microsoft Intune assist remodel safety and IT operations. Learn to simplify app updates, reduce the price of public key infrastructure lifecycle administration, mitigate dangers with AI-derived insights, and unencumber sources by automating IT workflows.
• “Modern management innovation shaping endpoint security” (BRK295H: in-person and on-line): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Company Vice President, Intune Engineering; and Steve Dispensa, Company Vice President, will discover the best way to defend in opposition to the evolving sophistication of cyberthreats whereas guaranteeing a productive workforce. The most recent wave of Microsoft Intune innovation can form your defense-in-depth technique for a safe and productive finish consumer computing property.
• “Beyond traditional DLP: Comprehensive and AI-powered data security” (BRK262H: in-person and on-line): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Supervisor, will share how AI-powered Microsoft Purview Info Safety and Microsoft Purview Insider Danger Administration can remodel your knowledge loss prevention (DLP) program, enabling Adaptive Safety and fortifying your knowledge safety posture. Additionally, you will hear about new options that improve incident response and increase endpoint protection and achieve insights on the best way to improve their knowledge safety methods.
• “How Microsoft Purview helps you protect your data” (OD07: on-line solely): Anna Chiang, Senior Product Advertising Supervisor, and Tony Themelis, Principal Product Supervisor, will discover organizational paradoxes and the way Microsoft Purview may also help strengthen your knowledge safety posture. They may also reveal how our newest AI-powered and contextual classifiers can establish delicate commerce secrets and techniques, personally identifiable info, and extra in seconds throughout your digital property.
• “Effortless application migration using Microsoft Entra ID” (OD03: on-line solely): David Gregory, Director of Product Advertising, Id Compete, will share how our newly proposed device provides a one-click configuration to combine functions into Microsoft Entra ID. Throughout this on-demand session, we’ll present an outline of how our device affords a guided expertise to seamlessly facilitate the migration of your functions from Lively Listing Federation Companies to Microsoft Entra ID.
• “Bringing Passkey into your Passwordless journey” (OD02: on-line solely): Calvin Lui, Product Supervisor; Erik Dauner, Senior Program Supervisor; and Mayur Santani, Product Supervisor, stroll you thru the background of the place passkeys got here from, their influence on the passwordless ecosystem, and the product options and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant technique.
• “The power of Microsoft’s XDR: they attempted, we disrupted” (BRK265H: in-person and on-line): Dustin Duran, Director of Safety Analysis, and Kim Kischel, Director of Product Advertising—XDR, will talk about Microsoft 365 Defender’s computerized assault disruption expertise and provide you with a transparent understanding of assault disruption and the way it’s offering instant worth to prospects in the actual world as we speak.
• “Making end-to-end security real” (BRK267H: in-person and on-line): Mark Simos, Lead Cybersecurity Architect, and Sarah Younger, Senior Cloud Safety Advocate, will share fast wins that clear up real-world issues utilizing Microsoft’s built-in safety merchandise. This session will present you the best way to make progress on end-to-end safety throughout identification, safety operations, and extra.

Work together with the consultants

Deliver your questions on Microsoft options. Our consultants have solutions. Join with them throughout dwell discussions to be taught extra.

Alternatives to work together with the consultants embrace:

• “Windows 11, Windows 365, & Microsoft Intune Q&A” (DIS657H: in-person and on-line): Gabe Frost, Group Product Supervisor; Harjit Dhaliwal, Senior Product Advertising Supervisor; Jason Githens, Principal Group Product Supervisor; and Joe Lurie, Senior Product Supervisor, will take part in a collaborative query and reply session about the place we’re as we speak with Home windows 11 and gadget administration—and what it’s essential to propel your group and IT methods. We’ll shortly define just a few of the newest industrial enhancements, however the focus right here is in your ideas and questions.
• “Preventing loss of sensitive data: Microsoft Purview DLP Q&A” (DIS666H: in-person and on-line): Shekhar Palta, Principal Product Advertising Supervisor, and Shilpa Bothra will talk about Microsoft Purview DLP and the best way it may well forestall unintended or intentional lack of delicate knowledge throughout apps and units. Be part of us to debate how one can modernize your DLP and get began shortly, and find out how DLP works with Microsoft Defender merchandise.
• “Panel discussion: Resilient. Compliant. Secure by default” (DISFP375: on-line solely): Joye Purser, International Lead, Area Cybersecurity, Veritas Applied sciences; Saurabh Sensharma, Principal Product Supervisor, Microsoft; Simon Jelley, Normal Supervisor for SaaS Safety, Endpoint and Backup Govt, Veritas Applied sciences; and Tim Burlowski, Senior Director of Product Administration, Veritas Applied sciences, will talk about safety methods. Be part of Veritas consultants for an interactive query and reply on guaranteeing your cloud functions are resilient and your knowledge is protected, compliant, and recoverable when it issues most.

Socialize with us and your friends

As you’ve in all probability skilled your self at earlier conferences and enterprise networking occasions, a few of the finest concepts are sparked throughout conversations with different safety professionals. Get social and be part of us and your cybersecurity friends at two unimaginable networking occasions.

• The Lounge at Microsoft Ignite: Positioned within the Hub on Stage 5 (Summit Conference Heart), the Lounge is the principle gathering space for group. The Lounge might be staffed by Microsoft full time workers and attending Most Helpful Professionals (MVPs) to supply steady query and reply alternatives.
• Microsoft Ignite Safety After Get together: Community and join over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Companions, prospects, Microsoft MVPs, and Microsoft subject-matter consultants will combine and mingle. Register to reserve your spot.

Register as we speak for Microsoft Ignite

Be part of us on-line from wherever from November 15 to 16, 2023, to listen to main product bulletins, inspiring messages, and professional insights on the way forward for cybersecurity and Microsoft options. And in the event you’re not in a position to take part in any respect this 12 months, you possibly can nonetheless try loads of session content material, product bulletins, and keynotes after Microsoft Ignite wraps up. Will probably be obtainable on demand after the occasion. Reserve your spot today. Hope you possibly can be part of us!

Be part of the Safety Tech Accelerator

We’re additionally having a Tech Accelerator occasion on Wednesday, December 6, 2023. Ask questions concerning the newest product bulletins from Ignite and join together with your safety friends at this digital skilling occasion hosted on the Safety Tech Neighborhood—register today.

Be taught extra

To be taught extra about Microsoft Safety options, go to our website. Bookmark the Security blog to maintain up with our professional protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Security) and X (previously often known as Twitter) (@MSFTSecurity) for the newest information and updates on cybersecurity.

By Steve Faehl, Federal Security Chief Technology Officer, Microsoft

As Department of Defense (DoD) Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification (CMMC) is necessary to ensure that the United States raises the bar for protecting sensitive information.¹ The DoD is leading by example towards this goal by implementing Zero Trust practices and introducing CMMC to strengthen the supply chain throughout the Defense Industrial Base (DIB) because shared information is only as secure as the weakest link.²

The DIB as a whole has been making progress toward improving its security posture, but it can still be challenging to prepare for the required full third-party audit—especially for small and medium-sized businesses (SMBs).³ While some DIB organizations may be well-positioned to pass a Third-Party Assessment Organization (3PAO) audit, it’s important for all DIB organizations to achieve CMMC compliance to realize the objective.

Microsoft is introducing new capabilities in Microsoft Entra ID and Microsoft Purview that support CMMC compliance while also helping DIB organizations accelerate their Zero Trust journeys. Identity and data protection are central to compliance, security, and empowering more user productivity and collaboration.

Voluntary self-assessment? Why would we do that?

Although CMMC 2.0 is still in its early stages, DIB companies should move ahead with meeting today’s CMMC requirements, including undergoing voluntary assessments. Doing so helps bolster national security while also preparing companies for future DoD compliance requirements.

One of the callouts from the National Cybersecurity Strategy is that those that can do more, should. Microsoft affirmed this principle by signing up for CMMC voluntary assessment effort, where we earned a perfect 110-point score. This validation demonstrates that Microsoft Azure Government and Microsoft 365 GCC High services can be effectively used to help DIB members accelerate their compliance.

Microsoft is taking the opportunity to share lessons learned and best practices that can inform planning within the DIB. Adopting Microsoft 365 GCC High and Azure Government as starting points allows organizations to use familiar Microsoft 365 productivity tools and Microsoft Azure Cloud Services while accelerating their compliance journey. As a primary platform for collaboration, Microsoft 365 also satisfies controls beyond the cloud; its configuration is a well-documented path to compliance with the National Institute of Standards and Technology (NIST) SP 800-171 controls.

We have recently developed capabilities and guidance for identity, data, and device protection that can help DIB members achieve and measure progress on compliance faster and more effectively.

The benefits of utilizing cloud identity

CMMC encompasses 72 practices across 13 domains, so the ability to address them holistically through Microsoft Entra ID delivers huge advantages in terms of time, resources, and visibility. Identity provides a strong starting point for CMMC 2.0 compliance given its ability to address multiple domains in CMMC 2.0 Levels 1-3.

AZURE ACTIVE DIRECTORY IS BECOMING MICROSOFT ENTRA IDLearn more 

Microsoft Entra ID is unique in providing elevated security, increased collaboration, and a better user experience. The newest features of Microsoft Entra ID make passwordless authentication easier and establishes trust through the cloud for business-to-business (B2B) collaboration, which are some of the ways Microsoft Entra ID helps enable CMMC compliance while also making users more productive and increasing teamwork within and across secure environments.

Identity empowers Zero Trust

CMMC documents several key identity components and controls critical to achieving security transformation with Zero Trust. Getting these aspects right from the start can enable a faster path to success across the other Zero Trust pillars.

One example is the utilization of a centralized identity management system which is also a requirement of Executive Order (EO) 14028. While smaller organizations are at a disadvantage for CMMC in some ways, this is one area in which SMBs can often be more agile. There are simple changes any organization can make to rapidly mature its posture—including implementing some of the best practices and prescriptive CMMC identity guidance published by Microsoft.

Strong authentication is pivotal for achieving higher levels of CMMC compliance. However, relying solely on the strongest authentication method available may be inflexible and at times hinder user productivity. Having multiple authentication methods offers users greater flexibility while enhancing their productivity. A new option in Microsoft Entra ID offers the strongest authentication option available by default, allowing organizations to safely direct users toward higher security measures.

There’s more than one way to approach user challenges. Organizations can take advantage of Microsoft Authenticator’s easy access to strong authentication tools. However, we also support tools from partners such as Yubico. This provides a variety of ways for DIB members to perform authentication, which we can then map to the appropriate level of assurance.

Secure sensitive data with a platform approach

Another goal of CMMC 2.0 is safeguarding sensitive information, such as Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), which includes many categories of data such as personal records or contract information for sensitive projects. When this data is put at risk, it can have significant consequences for national security.

Microsoft’s data security platform, Microsoft Purview, can help government agencies identify and locate their data, detect data security risks, and prevent data loss across clouds, apps, and devices. Recently, Microsoft announced more than 25 new features for government and commercial customers to help them get ahead of potential security incidents, such as data leaks and theft, along with the availability of additional logs to enhance security monitoring and incident response. Data protection is supported by three key products within the Microsoft Purview family:

1. CMMC requires organizations to implement specific security controls and practices based on the sensitivity of the data they handle, so information protection is essential. Microsoft Purview Information Protection enables customers to classify data, protect it through encryption, and gain visibility into sensitive data. It can also help government organizations discover, classify, and protect data using built-in and ready-to-use advanced classifiers, which include sensitive information types (SITs) that can identify personal information such as credit card numbers, addresses, and medical conditions. More complex data types and scenarios can utilize custom AI classifiers that can be easily trained from sample data.
2. Falling under the CMMC Audit and Accountability domain, insider risk can be a significant challenge for organizations. According to a report by the Insider Threat Defense Group, insider risks accounted for 33 percent of all data breaches in the public sector.⁴ Microsoft Purview Insider Risk Management helps customers uncover elusive insider risks through multiple machine learning models with intelligent detection and analysis capabilities.
3. Under CMMC, data loss prevention (DLP) solutions are a critical part of preventing the unauthorized transfer and use of data, as well as data exfiltration. Microsoft Purview Data Loss Prevention (DLP) acts as an integrated and extensible offering that allows organizations to manage their DLP policies from a single location.
   

Each of these three solutions integrates seamlessly to enable agencies to fortify data security with a defense-in-depth approach—all while facilitating easier CMMC compliance.

Additionally, Compliance Manager provides CMMC assessment templates to help organizations assess their compliance posture against CMMC in a comprehensive control-by-control way. Regulations are added to Compliance Manager as new laws and regulations are enacted and can be used to help organizations meet national, regional, and industry-specific requirements governing the collection and use of data.

Go-forward guidance for DIB organizations

While the final rules under CMMC 2.0 have not yet been published, we do know that the underlying technical controls will continue to be based on NIST 800-171. For DIB members, having a trusted platform that has gone through accreditation requirements itself is a great starting point. Beyond a trusted platform adoption, DIB organizations can also follow the guidelines for secure configuration that we provide.

As we continue down this path with the adoption of CMMC 2.0, there will be more guidance that we can bring to the table with lessons learned from our own voluntary audit. The successful audit also provides evidence that Microsoft can accept the flow-down terms applicable to cloud service providers.

Compliance capability built for every DIB organization

Microsoft platforms and tools, including Microsoft Entra ID, Microsoft Authenticator, and Microsoft Purview, can ease compliance for DIB organizations of different sizes and structures, particularly companies that may be resource-constrained.

New capabilities and enhancements built on Secure-by-Design and Secure-by-Default principles are making it easier for organizations to improve their security posture and meet CMMC requirements. Our goal behind compiling CMMC-specific guidance in a single place is to empower the entire DIB ecosystem to support more secure, effective interactions with the federal government.

Learn more

Learn more about Microsoft Entra ID and Microsoft Purview.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DOD CIO Says CMMC 2.0 Coming Soon: ‘We Want to Get This Right’, Charles Lyon-Burt. May 17, 2023.

²Defense Primer: U.S. Defense Industrial Base, Congressional Research Service. April 17, 2023.

³CMMC: Managing digital risk for the Defense Industrial Base (DIB) and beyond, CyberAB.

⁴Insider Threat Report, Cybersecurity Insiders. 2020.