Archive for category: Security

• By Jessica Afeku, Senior Product Advertising Supervisor

1000’s of safety professionals will be part of us for Microsoft Ignite 2023 from November 14 to 17, 2023, the place we’ll share the best way to embrace the AI period confidently, with safety for folks, knowledge, units, and apps that extends throughout clouds and platforms. With greater than 45 safety periods, there are numerous thrilling keynotes, breakouts, and demonstrations to fill your time. That will help you navigate the Microsoft Safety expertise at Microsoft Ignite, we’ve put collectively a information of featured periods for safety professionals of all ranges, whether or not you’re attending in individual or on-line.  

Whereas our in-person tickets have offered out, registration for the digital occasion continues to be obtainable to take part within the Microsoft Safety expertise at Microsoft Ignite, which incorporates periods on safety methods and sensible functions. In each tracks,​ you’ll be taught concerning the newest improvements and implementation methods from Microsoft Safety throughout complete safety, unified visibility, and Microsoft Safety Copilot. Preserve studying this weblog submit for concepts on keynotes, breakout periods, and discussions to take a look at. Register to browse our session catalog and bookmark periods you’d prefer to attend.

Catch the information highlights throughout our keynote

Our announcement-packed keynote from Charlie Bell, Govt Vice President, Microsoft Safety, and Vasu Jakkal, Company Vice President, Safety, Compliance, Id, and Administration, Microsoft, might be highlighted on Day 2 of Microsoft Ignite. Don’t miss insights from them throughout their keynote, “The Future of Security with AI.” They are going to share how Microsoft is delivering AI for safety with Microsoft Security Copilot, and the way we allow organizations to safe and govern AI with new capabilities. This new period of AI affords unprecedented alternatives to raise human potential but additionally challenges organizations with unknowns and dangers.

Register for Microsoft Ignite Security sessions

Be taught safety methods for as we speak’s and tomorrow’s challenges 

Our cybersecurity technique periods are centered on equipping you to leverage AI and Microsoft Safety options to strengthen your risk protection technique. Be part of these periods to take your methods to the following stage throughout identification safety, code-to-cloud approaches, business finest practices for AI, and the newest learnings in risk intelligence.   

Technique periods to contemplate becoming a member of embrace:

• “How we secure the Microsoft estate” (BRK291H: in-person and on-line): Be part of a hearth chat with Bret Arsenault, Company Vice President and Chief Info Safety Officer, on Microsoft’s strategy to safety and the way Microsoft plans to adapt because the business continues to embrace the brand new period of AI.
• “Boosting ID Protection Amid Sophisticated Attacks” (BRK294H: in-person and on-line): Alex Weinert, Vice President, Id Safety, and Mia Reyes, Director, Foundational Safety—Cybersecurity, will supply a deep dive into the escalating panorama of cyberthreats focusing on digital identities amid the evolving tech realms of the Web of Issues, operational expertise, and hybrid workspaces. Study innovation in automated key administration and {Hardware} Safety Modules for fortified key storage, essential in mitigating human errors and bolstering defenses in opposition to refined aggressors.
• “This Year In Threats: Tales From Microsoft’s Global Fight Against APTs” (BRK299: in-person solely): Sherrod DeGrippo, Director of Risk Intelligence, and John Lambert, Company Vice President, Distinguished Engineer, Microsoft Safety Analysis, will talk about how Microsoft defends prospects on the nexus of the cyber and bodily worlds and the way they’ll be part of our international alliance to assist in giving unhealthy actors nowhere to cover. This 12 months, Microsoft Risk Intelligence stood with its companions on the forefront of the worldwide response to probably the most impactful threats and incidents. On this session, look again on the risk actors and campaigns that outlined 2023 and listen to our consultants inform their favourite tales from the entrance line.
• “Secure access in the AI era: What’s new in Microsoft Entra” (BRK297H: in-person and on-line): Jade D’Souza, Product Supervisor; John Savill, Cloud Answer Architect; and Pleasure Chik, President, Id and Community Entry, will supply particulars on improvements for Microsoft Entra ID (previously Azure Lively Listing) that may enable you to robotically forestall identification compromise, implement granular entry insurance policies, govern permissions, and leverage AI to safe entry for anybody to something from wherever. This demo-centric session will observe an worker as they onboard, entry sources, and collaborate.
• “Unifying XDR + SIEM: A new era in SecOps” (BRK293H: in-person and on-line): Preeti Krishna, Principal Product Supervisor, and Rob Lefferts, Company Vice President, Microsoft Risk Safety, will supply insights on how the newest improvements in generative AI, computerized assault disruption, embedded risk intelligence, decoy property, a reimagined consumer interface, and cloud posture administration capabilities will supercharge your risk detection, response, and protection.
• “Secure and govern your data in the era of AI” (BRK296H: in-person and on-line): Erin Miyake, Principal Product Supervisor; Herain Oberoi, Advertising Chief; Tina Ying, Senior Product Advertising Supervisor, Insider Danger Administration; and Rudra Mitra, Company Vice President, Microsoft Information Safety and Compliance, will reveal how Microsoft Purview’s complete strategy to knowledge safety, compliance, and privateness helps empower organizations to guard and govern their knowledge.
• “Security for AI: Prepare, protect, and defend in the AI era” (BRK298H: in-person and on-line): Douglas Santos, Senior Product Supervisor; Maithili Dandige, Associate Group Program Supervisor, Microsoft 365 Safety and Compliance; and Shilpa Bothra, Senior Product Advertising Supervisor, will talk about the significance of stopping delicate knowledge leaks in AI as third-party AI apps develop exponentially and hackers proceed to launch adversarial assaults utilizing generative AI. Depart this session with a stable protection and methods to safe knowledge as you work together with AI utilizing Microsoft’s complete safety suite.

Achieve sensible functions with in-depth product views

When strategizing a safety strategy, expertise options play a vital position. That will help you turn into an professional on safety options and implement new options inside your group, Microsoft Ignite will embrace periods exploring the use instances of Microsoft options, together with Safety Copilot, Microsoft Entra, Microsoft Purview, and Microsoft Intune.

Sensible utility periods to contemplate becoming a member of embrace:

• “Boost multicloud security with a comprehensive code to cloud strategy” (BRK261H: in-person and on-line): Safeena Begum, Principal Product Supervisor, and Yuri Diogenes, Principal Product Supervisor, will discuss how Microsoft Defender for Cloud may also help you fortify your defenses and improve your incident response technique with cloud safety graphic insights and tailor-made analytics from Defender for Cloud workload safety plans.
• “Fortified security and simplicity come together with Microsoft Intune” (BRK263H: in-person and on-line): Archana Devi Sunder Rajan, Associate Group Product Supervisor, Microsoft Intune; Dilip Radhakrishnan, Associate Group Product Supervisor, Microsoft Intune; Jason Roszak, Chief Product Officer, Microsoft Intune; and Sangeetha Visweswaran, Associate Director of Engineering, will talk about how the following era of endpoint administration and safety capabilities from Microsoft Intune assist remodel safety and IT operations. Learn to simplify app updates, reduce the price of public key infrastructure lifecycle administration, mitigate dangers with AI-derived insights, and unencumber sources by automating IT workflows.
• “Modern management innovation shaping endpoint security” (BRK295H: in-person and on-line): Jeff Pinkston, Director of Engineering; Ramya Chitrakar, Company Vice President, Intune Engineering; and Steve Dispensa, Company Vice President, will discover the best way to defend in opposition to the evolving sophistication of cyberthreats whereas guaranteeing a productive workforce. The most recent wave of Microsoft Intune innovation can form your defense-in-depth technique for a safe and productive finish consumer computing property.
• “Beyond traditional DLP: Comprehensive and AI-powered data security” (BRK262H: in-person and on-line): Maithili Dandige, Shilpa Bothra, and Talhah Mir, Product Supervisor, will share how AI-powered Microsoft Purview Info Safety and Microsoft Purview Insider Danger Administration can remodel your knowledge loss prevention (DLP) program, enabling Adaptive Safety and fortifying your knowledge safety posture. Additionally, you will hear about new options that improve incident response and increase endpoint protection and achieve insights on the best way to improve their knowledge safety methods.
• “How Microsoft Purview helps you protect your data” (OD07: on-line solely): Anna Chiang, Senior Product Advertising Supervisor, and Tony Themelis, Principal Product Supervisor, will discover organizational paradoxes and the way Microsoft Purview may also help strengthen your knowledge safety posture. They may also reveal how our newest AI-powered and contextual classifiers can establish delicate commerce secrets and techniques, personally identifiable info, and extra in seconds throughout your digital property.
• “Effortless application migration using Microsoft Entra ID” (OD03: on-line solely): David Gregory, Director of Product Advertising, Id Compete, will share how our newly proposed device provides a one-click configuration to combine functions into Microsoft Entra ID. Throughout this on-demand session, we’ll present an outline of how our device affords a guided expertise to seamlessly facilitate the migration of your functions from Lively Listing Federation Companies to Microsoft Entra ID.
• “Bringing Passkey into your Passwordless journey” (OD02: on-line solely): Calvin Lui, Product Supervisor; Erik Dauner, Senior Program Supervisor; and Mayur Santani, Product Supervisor, stroll you thru the background of the place passkeys got here from, their influence on the passwordless ecosystem, and the product options and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing-resistant technique.
• “The power of Microsoft’s XDR: they attempted, we disrupted” (BRK265H: in-person and on-line): Dustin Duran, Director of Safety Analysis, and Kim Kischel, Director of Product Advertising—XDR, will talk about Microsoft 365 Defender’s computerized assault disruption expertise and provide you with a transparent understanding of assault disruption and the way it’s offering instant worth to prospects in the actual world as we speak.
• “Making end-to-end security real” (BRK267H: in-person and on-line): Mark Simos, Lead Cybersecurity Architect, and Sarah Younger, Senior Cloud Safety Advocate, will share fast wins that clear up real-world issues utilizing Microsoft’s built-in safety merchandise. This session will present you the best way to make progress on end-to-end safety throughout identification, safety operations, and extra.

Work together with the consultants

Deliver your questions on Microsoft options. Our consultants have solutions. Join with them throughout dwell discussions to be taught extra.

Alternatives to work together with the consultants embrace:

• “Windows 11, Windows 365, & Microsoft Intune Q&A” (DIS657H: in-person and on-line): Gabe Frost, Group Product Supervisor; Harjit Dhaliwal, Senior Product Advertising Supervisor; Jason Githens, Principal Group Product Supervisor; and Joe Lurie, Senior Product Supervisor, will take part in a collaborative query and reply session about the place we’re as we speak with Home windows 11 and gadget administration—and what it’s essential to propel your group and IT methods. We’ll shortly define just a few of the newest industrial enhancements, however the focus right here is in your ideas and questions.
• “Preventing loss of sensitive data: Microsoft Purview DLP Q&A” (DIS666H: in-person and on-line): Shekhar Palta, Principal Product Advertising Supervisor, and Shilpa Bothra will talk about Microsoft Purview DLP and the best way it may well forestall unintended or intentional lack of delicate knowledge throughout apps and units. Be part of us to debate how one can modernize your DLP and get began shortly, and find out how DLP works with Microsoft Defender merchandise.
• “Panel discussion: Resilient. Compliant. Secure by default” (DISFP375: on-line solely): Joye Purser, International Lead, Area Cybersecurity, Veritas Applied sciences; Saurabh Sensharma, Principal Product Supervisor, Microsoft; Simon Jelley, Normal Supervisor for SaaS Safety, Endpoint and Backup Govt, Veritas Applied sciences; and Tim Burlowski, Senior Director of Product Administration, Veritas Applied sciences, will talk about safety methods. Be part of Veritas consultants for an interactive query and reply on guaranteeing your cloud functions are resilient and your knowledge is protected, compliant, and recoverable when it issues most.

Socialize with us and your friends

As you’ve in all probability skilled your self at earlier conferences and enterprise networking occasions, a few of the finest concepts are sparked throughout conversations with different safety professionals. Get social and be part of us and your cybersecurity friends at two unimaginable networking occasions.

• The Lounge at Microsoft Ignite: Positioned within the Hub on Stage 5 (Summit Conference Heart), the Lounge is the principle gathering space for group. The Lounge might be staffed by Microsoft full time workers and attending Most Helpful Professionals (MVPs) to supply steady query and reply alternatives.
• Microsoft Ignite Safety After Get together: Community and join over drinks and appetizers on Wednesday, November 15, 2023, at The Collective. Companions, prospects, Microsoft MVPs, and Microsoft subject-matter consultants will combine and mingle. Register to reserve your spot.

Register as we speak for Microsoft Ignite

Be part of us on-line from wherever from November 15 to 16, 2023, to listen to main product bulletins, inspiring messages, and professional insights on the way forward for cybersecurity and Microsoft options. And in the event you’re not in a position to take part in any respect this 12 months, you possibly can nonetheless try loads of session content material, product bulletins, and keynotes after Microsoft Ignite wraps up. Will probably be obtainable on demand after the occasion. Reserve your spot today. Hope you possibly can be part of us!

Be part of the Safety Tech Accelerator

We’re additionally having a Tech Accelerator occasion on Wednesday, December 6, 2023. Ask questions concerning the newest product bulletins from Ignite and join together with your safety friends at this digital skilling occasion hosted on the Safety Tech Neighborhood—register today.

Be taught extra

To be taught extra about Microsoft Safety options, go to our website. Bookmark the Security blog to maintain up with our professional protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Security) and X (previously often known as Twitter) (@MSFTSecurity) for the newest information and updates on cybersecurity.

By Steve Faehl, Federal Security Chief Technology Officer, Microsoft

As Department of Defense (DoD) Chief Information Officer Hon. John Sherman said recently, Cybersecurity Maturity Model Certification (CMMC) is necessary to ensure that the United States raises the bar for protecting sensitive information.¹ The DoD is leading by example towards this goal by implementing Zero Trust practices and introducing CMMC to strengthen the supply chain throughout the Defense Industrial Base (DIB) because shared information is only as secure as the weakest link.²

The DIB as a whole has been making progress toward improving its security posture, but it can still be challenging to prepare for the required full third-party audit—especially for small and medium-sized businesses (SMBs).³ While some DIB organizations may be well-positioned to pass a Third-Party Assessment Organization (3PAO) audit, it’s important for all DIB organizations to achieve CMMC compliance to realize the objective.

Microsoft is introducing new capabilities in Microsoft Entra ID and Microsoft Purview that support CMMC compliance while also helping DIB organizations accelerate their Zero Trust journeys. Identity and data protection are central to compliance, security, and empowering more user productivity and collaboration.

Voluntary self-assessment? Why would we do that?

Although CMMC 2.0 is still in its early stages, DIB companies should move ahead with meeting today’s CMMC requirements, including undergoing voluntary assessments. Doing so helps bolster national security while also preparing companies for future DoD compliance requirements.

One of the callouts from the National Cybersecurity Strategy is that those that can do more, should. Microsoft affirmed this principle by signing up for CMMC voluntary assessment effort, where we earned a perfect 110-point score. This validation demonstrates that Microsoft Azure Government and Microsoft 365 GCC High services can be effectively used to help DIB members accelerate their compliance.

Microsoft is taking the opportunity to share lessons learned and best practices that can inform planning within the DIB. Adopting Microsoft 365 GCC High and Azure Government as starting points allows organizations to use familiar Microsoft 365 productivity tools and Microsoft Azure Cloud Services while accelerating their compliance journey. As a primary platform for collaboration, Microsoft 365 also satisfies controls beyond the cloud; its configuration is a well-documented path to compliance with the National Institute of Standards and Technology (NIST) SP 800-171 controls.

We have recently developed capabilities and guidance for identity, data, and device protection that can help DIB members achieve and measure progress on compliance faster and more effectively.

The benefits of utilizing cloud identity

CMMC encompasses 72 practices across 13 domains, so the ability to address them holistically through Microsoft Entra ID delivers huge advantages in terms of time, resources, and visibility. Identity provides a strong starting point for CMMC 2.0 compliance given its ability to address multiple domains in CMMC 2.0 Levels 1-3.

AZURE ACTIVE DIRECTORY IS BECOMING MICROSOFT ENTRA IDLearn more 

Microsoft Entra ID is unique in providing elevated security, increased collaboration, and a better user experience. The newest features of Microsoft Entra ID make passwordless authentication easier and establishes trust through the cloud for business-to-business (B2B) collaboration, which are some of the ways Microsoft Entra ID helps enable CMMC compliance while also making users more productive and increasing teamwork within and across secure environments.

Identity empowers Zero Trust

CMMC documents several key identity components and controls critical to achieving security transformation with Zero Trust. Getting these aspects right from the start can enable a faster path to success across the other Zero Trust pillars.

One example is the utilization of a centralized identity management system which is also a requirement of Executive Order (EO) 14028. While smaller organizations are at a disadvantage for CMMC in some ways, this is one area in which SMBs can often be more agile. There are simple changes any organization can make to rapidly mature its posture—including implementing some of the best practices and prescriptive CMMC identity guidance published by Microsoft.

Strong authentication is pivotal for achieving higher levels of CMMC compliance. However, relying solely on the strongest authentication method available may be inflexible and at times hinder user productivity. Having multiple authentication methods offers users greater flexibility while enhancing their productivity. A new option in Microsoft Entra ID offers the strongest authentication option available by default, allowing organizations to safely direct users toward higher security measures.

There’s more than one way to approach user challenges. Organizations can take advantage of Microsoft Authenticator’s easy access to strong authentication tools. However, we also support tools from partners such as Yubico. This provides a variety of ways for DIB members to perform authentication, which we can then map to the appropriate level of assurance.

Secure sensitive data with a platform approach

Another goal of CMMC 2.0 is safeguarding sensitive information, such as Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), which includes many categories of data such as personal records or contract information for sensitive projects. When this data is put at risk, it can have significant consequences for national security.

Microsoft’s data security platform, Microsoft Purview, can help government agencies identify and locate their data, detect data security risks, and prevent data loss across clouds, apps, and devices. Recently, Microsoft announced more than 25 new features for government and commercial customers to help them get ahead of potential security incidents, such as data leaks and theft, along with the availability of additional logs to enhance security monitoring and incident response. Data protection is supported by three key products within the Microsoft Purview family:

1. CMMC requires organizations to implement specific security controls and practices based on the sensitivity of the data they handle, so information protection is essential. Microsoft Purview Information Protection enables customers to classify data, protect it through encryption, and gain visibility into sensitive data. It can also help government organizations discover, classify, and protect data using built-in and ready-to-use advanced classifiers, which include sensitive information types (SITs) that can identify personal information such as credit card numbers, addresses, and medical conditions. More complex data types and scenarios can utilize custom AI classifiers that can be easily trained from sample data.
2. Falling under the CMMC Audit and Accountability domain, insider risk can be a significant challenge for organizations. According to a report by the Insider Threat Defense Group, insider risks accounted for 33 percent of all data breaches in the public sector.⁴ Microsoft Purview Insider Risk Management helps customers uncover elusive insider risks through multiple machine learning models with intelligent detection and analysis capabilities.
3. Under CMMC, data loss prevention (DLP) solutions are a critical part of preventing the unauthorized transfer and use of data, as well as data exfiltration. Microsoft Purview Data Loss Prevention (DLP) acts as an integrated and extensible offering that allows organizations to manage their DLP policies from a single location.
   

Each of these three solutions integrates seamlessly to enable agencies to fortify data security with a defense-in-depth approach—all while facilitating easier CMMC compliance.

Additionally, Compliance Manager provides CMMC assessment templates to help organizations assess their compliance posture against CMMC in a comprehensive control-by-control way. Regulations are added to Compliance Manager as new laws and regulations are enacted and can be used to help organizations meet national, regional, and industry-specific requirements governing the collection and use of data.

Go-forward guidance for DIB organizations

While the final rules under CMMC 2.0 have not yet been published, we do know that the underlying technical controls will continue to be based on NIST 800-171. For DIB members, having a trusted platform that has gone through accreditation requirements itself is a great starting point. Beyond a trusted platform adoption, DIB organizations can also follow the guidelines for secure configuration that we provide.

As we continue down this path with the adoption of CMMC 2.0, there will be more guidance that we can bring to the table with lessons learned from our own voluntary audit. The successful audit also provides evidence that Microsoft can accept the flow-down terms applicable to cloud service providers.

Compliance capability built for every DIB organization

Microsoft platforms and tools, including Microsoft Entra ID, Microsoft Authenticator, and Microsoft Purview, can ease compliance for DIB organizations of different sizes and structures, particularly companies that may be resource-constrained.

New capabilities and enhancements built on Secure-by-Design and Secure-by-Default principles are making it easier for organizations to improve their security posture and meet CMMC requirements. Our goal behind compiling CMMC-specific guidance in a single place is to empower the entire DIB ecosystem to support more secure, effective interactions with the federal government.

Learn more

Learn more about Microsoft Entra ID and Microsoft Purview.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹DOD CIO Says CMMC 2.0 Coming Soon: ‘We Want to Get This Right’, Charles Lyon-Burt. May 17, 2023.

²Defense Primer: U.S. Defense Industrial Base, Congressional Research Service. April 17, 2023.

³CMMC: Managing digital risk for the Defense Industrial Base (DIB) and beyond, CyberAB.

⁴Insider Threat Report, Cybersecurity Insiders. 2020.

While attacks are getting more sophisticated, so are our defenses. With recent innovations like secured-core PCs that are 60 percent more resilient to malware than non-secured-core PCs,¹ and the Microsoft Pluton Security Processor that adds more protection by isolating sensitive data like credentials and encryption keys, Windows 11 has elevated the security bar for all. Our goal is to protect organizations by simplifying security, building in stronger protections from the chip to the cloud.

From more secure and easy-to-use authentication with multifactor authentication to adding extra layers of protection for applications and data, we’ve simplified and enabled more security features by default than ever before with Windows 11. These features are designed to help stop attacks we’re seeing now as well the more sophisticated and targeted attacks that we expect to become more mainstream in the future. We have also begun to adopt memory-safe languages like Rust, starting with using Rust code for two traditional attack targets—Font Parsing and Win32k Kernel.

When we launched Windows 11 it came with new hardware and software features like secure boot, virtualization-based security, hypervisor-protected code integrity, and Windows Hello using the Trusted Platform Module (TPM) on by default in many regions. Since turning those features on, organizations have reported a 58 percent reduction in security incidents, and a three times reduction in firmware attacks—a highly attractive and lucrative target for attackers. Our data shows that 83 percent of Windows 11 devices use three or more security features. 

We’re excited to take the next step on this journey with updates for security and IT professionals available today and on by default for new installs of Windows 11.

New Windows 11 security features

Windows 11 features give you the power to create, collaborate, and keep your stuff protected.

Learn more 

The next step towards eliminating passwords entirely

Microsoft global threat intelligence processes more than 65 trillion security signals every day. That intel has shown us there are more than 4,000 password attacks every second.² Everyday cybercriminals as well as nation-state attackers like Peach Sandstorm are leveraging password spray attacks to compromise high-value targets in sectors like satellite, defense, and pharmaceuticals. Organizations can reduce their risk of compromise to these kinds of attacks with Windows passwordless authentication and multifactor authentication features that offer more protection than traditional passwords.

Passkeys make passwordless easier and more universal: Windows 11 will make it much harder for hackers who exploit stolen passwords through phishing attacks by empowering users to replace passwords with passkeys. Passkeys are the cross-platform future of secure sign-in management. Microsoft and other technology leaders are promoting passkeys as part of the FIDO Alliance. A passkey creates a unique, unguessable cryptographic credential that is securely stored on your device. Instead of using a username and password to access a website or application, Windows 11 users will be able to use and protect passkeys using Windows Hello or Windows Hello for Business, or their phone. This will allow users to access the site or app using their face, fingerprint, or device PIN. Passkeys on Windows 11 will work on multiple browsers including Microsoft Edge, Google Chrome, Firefox, and others. Setting up a passkey in Windows is accomplished by:

• The website or application owner creates a passkey and offers it to you as a sign-in option instead of your password—website and app owners will need to develop their own passkeys infrastructure on their sign-in experience.
• Once you create the passkey on your device, the next time you sign in to that website or app from your device it will recognize that you have its passkey, and you can use it instead of a password. If you are using Windows Hello or Windows Hello for Business, you will be able to use your face, PIN, or fingerprint to sign in more easily. In addition, you can now use a passkey from your phone or tablet to complete the sign-in process.
• Users will have a management dashboard through Settings –> Accounts –> Passkeys to see and manage passkeys on their Windows 11 device.

Simplifying and modernizing security for IT by reducing the attack surface 

The latest Windows 11 will also include powerful new tools that enable IT teams to keep their organizations and employees more secure. We’re improving authentication, making it easier for IT to lock down and maintain policy configurations, adding more controls through Intune.

Phish-resistant credentials with Windows Hello for Business Passwordless: Windows 11 devices with Windows Hello for Business or FIDO2 security keys can protect user identities by removing the need to use passwords from day one. IT can now set a policy for Microsoft Entra ID-joined machines, so users no longer see the option to enter a password when accessing company resources. Once the policy is set, it will remove passwords from the Windows user experience, both for device unlock as well as in-session authentication scenarios. With this change, users can now navigate through their core authentication scenarios using strong, phish-resistant credentials like Windows Hello for Business or FIDO2 security keys. If ever necessary, users can leverage recovery mechanisms such as Windows Hello for Business PIN reset or web sign-in. Web sign-in is now available for all supported Microsoft Entra ID authentication mechanisms in addition to Temporary Access Pass (TAP) and education scenarios.

Maintain IT policy control with Config Refresh: Config Refresh is designed to revert policies to a secured state if they’ve been tampered with by potentially unwanted applications or user tampering with the registry. Config Refresh allows Windows 11 devices to be reset every 90 minutes by default, or every 30 minutes if desired, within the policy configuration service provider (CSP). This capability ensures that your settings are retained in the way IT configured them. The policy CSP covers hundreds of settings that were traditionally set with Group Policy and does so through Mobile Device Management, like Microsoft Intune. To enable help desk technicians to support their teams more efficiently Config Refresh can also be paused by IT administrators for a configurable period of time, after which it will be automatically re-enabled. It can also be turned back on at any time by an IT administrator. Starting today, Config Refresh is available to our Insiders and coming soon to all organizations.

Only allow trusted apps with Custom App Control: Applications are the lifeblood of our digital experiences, but they can also become entry points for attackers. With application control, only approved and trusted apps are allowed onto devices. By controlling unwanted or malicious code from running, application control is a critical part of an overall security strategy. Application control is often cited as one of the most effective means of defending against malware. Organizations using Windows 10 and above use App Control for Business (formerly called Windows Defender Application Control) and its next-generation capabilities to protect their digital estate from malicious code. Organizations using Microsoft Intune to manage their devices are now able to configure App Control for Business in the admin console, including setting up Intune as a managed installer.

New configurations in Windows Firewall: We are excited to announce some enhanced management and capabilities for the built-in Windows Firewall to help IT provide better overall protection. Windows Firewall now supports:

• Application Control for Business (previously known as Windows Defender Application Control) app ID tagging with Windows Firewall rules though Intune. This enables IT to target Windows Firewall rules to specific applications without an absolute file path. 
• The ability to configure network list manager settings to determine when a Microsoft Entra ID (previously known as Azure Active Directory) device is on your on-premises domain subnets so firewall rules can properly apply. The network list manager settings for Windows Firewall can be used for location awareness. 
• There is now better support in settings to configure more granular Windows Firewall logging for domain, private, and public firewall profiles, as well as the ability to specify Windows Firewall inbound and outbound rules for ICMP types and codes.

Our continued investment in security and innovation

Our MORSE team, Microsoft Offensive Research and Security Engineering, has been working hard to ensure security is a critical piece of the software development lifecycle. In the last year, the team has dedicated 1.9 million virtual machine hours and more than 84,000 Azure CPU cores dedicated to proactively fuzzing code. In addition to that, we’ve made nearly 700 improvements in our code just the last few months by strengthening the software development lifecycle with security checks and balances, including new automation and AI to help developers find bugs on their own. The proactive work of this team to continue to improve the integrity of our code both old and new is part of our commitment to ongoing investment and innovation in security. The team has released learnings and tools to the community as well like our open source fuzzing tool, Microsoft OneFuzz.

We’re looking forward to continuing this journey to make Windows more secure from the chip to the cloud with every update.