Microsoft unveils a host of new security capabilities
Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company has announced a host of new security capabilities as part of the run-up to the massive RSA security conference in San Francisco.
On the Windows front, the company announced that it is adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organisations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.
Furthermore, Microsoft has launched a new tool that is designed to help customers configure the Surface hardware under their administration, allowing measures such as disabling the tablets’ cameras.
Office 365 customers get a new security assessment tool and the private beta of a service aimed at showing them information about security threats.
Microsoft has been pushing advanced security capabilities such as these as a key part of its pitch to enterprises concerned about securing their data from a growing threat landscape.
New Windows capabilities
Windows Hello, Microsoft’s biometric-based authentication system, is getting two new enhancements with the forthcoming Windows 10 Creators Update. Firstly, Microsoft is making it possible to use its biometric Windows Hello log-in system solely with on-premises Active Directory servers, rather than requiring Azure Active Directory.
Microsoft is also trying to address the problem of users forgetting to lock their computers by using a new Dynamic Lock feature in Windows Hello. That will connect a user’s smart phone with their Windows 10 device, and automatically lock the device when the phone’s Bluetooth signal drifts far away.
Using it requires customers have the Microsoft Authenticator app installed on their smart phones. Once the app is connected to a PC, it uses the Windows Hello Companion Device Framework to automatically lock the computer when its user walks away. The Surface Enterprise Management Mode (SEMM) allows enterprise customers to apply additional hardware restrictions to Microsoft’s Surface Pro 4 tablet, Surface Book laptop, and Surface Studio desktop in order to comply with security needs, making such measures possible as disabling the device’s microphone.
Administrators can set policies that only kick in under a particular set of conditions, such as when a Surface is connected to a specific network. Applying the policies requires that administrators have physical access to the Surfaces in question but does not require they erase them.
SEMM works at the Unified Extensible Firmware Interface level (UEFI), “so a lot of the attacks you would expect attackers to use in order to just re-enable the camera without the user knowing, won’t even work, because the device is disabled at a fundamental, hardware level,” said Rob Lefferts, the director of programme management for Windows Enterprise and Security.
Microsoft is also allowing mobile device management (MDM) software to apply settings and configurations from the Security Baseline Policies list. Previously, those settings were only available through Group Policy. It is a move that is designed to make it possible for administrators to have the same policies on devices managed using Group Policy and MDM.
The company also released a new MDM Migration Analytics Tool designed to help customers figure out migrating from Group Policy to MDM. It scans a system for all policies applied to it, tries to map those policies to their MDM equivalents, and spits out a report of the results.
There is one hitch to MMAT when it comes to international users, and that is the tool only works on the English names of Group Policy settings, which means that the system it runs on needs an English language pack. At this point, Microsoft recommends that users install English on a non-English system to work around that issue.
Windows Defender Advanced Threat Protection, which is designed to help find and contain security threats, is gaining support for custom security rules to protect against particular threats.
Organisations using Office 365 can use a new Secure Score tool to benchmark their security. It analyses an organisation’s configuration, then provides them with a score based on the security controls they have fully or partially deployed.
The feature also provides guidance on what Office 365 security features administrators could use that would improve the security of the organisations they work for. By default, the Score Analyser first shows users features that provide the most security benefit with the least impact to users and then lets people drill down further from there.
While the score is a useful tool for giving organisations an at-a-glance view of their security practices, it will also have some practical considerations. The Hartford plans to use the Secure Score in evaluating customers that it’s considering for cybersecurity insurance, Microsoft CISO Bret Arsenault said in a blog post.
Microsoft also announced the private beta of its previously-announced Office 365 Threat Intelligence service. That allows administrators to see information about the cybersecurity threats both inside and outside an organisation.
For example, admins can see who in their organisation is the most targeted for attack, along with general information about security threats, like how much bitcoin attackers usually request from a ransomware attack.
IDG News Service