Microsoft Enhances Azure Cloud Security for Greater Visibility into Third-Party Access

Microsoft | May 25, 2020

  • Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services.

  • The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today.

  • Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts.


Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services. The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today. Azure Active Directory External Identities is an extension of Azure Active Directory to external identities. This allows Active Directory to secure and manage the identities of third parties that need access to corporate properties, including the range of Office 365 tools. This can provide greater visibility into who actually has access to an organization's applications and data. According to the company, it also will allow developers to build more user-centric experiences for external users and streamline how IT administrators manage directories and identities through Azure Active Directory.


Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts. This API allows organizations to actually get a score on the security posture of their environment. According to Microsoft, it will provide a more effective way to assess risk in the environment and prioritize actions to reduce it. This type of scoring can be very important for many reasons, said Doug Cahill, vice president and group director for cybersecurity at Enterprise Strategy Group."Because of the dynamic nature of cloud, staying on top of how your cloud services are configured is really important. You can inadvertently introduce configuration vulnerabilities. You can leave your infrastructure open to a variety of exploits if you're not regularly hardening your configuration," he said.



Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE
 

"Security to date has largely been treated as an afterthought," he said. "And now that lines of business are doing their own application development, it has become increasingly important to incorporate security at development time as well as build time and runtime."

~ Microsoft Say


It also helps address the confusion around who is actually responsible for configurations—the subscriber to cloud services or the cloud service provider. While Microsoft is not taking responsibility for updating configurations, this scoring capability does provide some visibility to subscribers on where they might have insecure configurations. Developers are the focus of the third announcement. Developers with a verified Microsoft Partner Network account can now mark apps "Publisher Verified." Through this capability, developers can essentially integrate a "publisher verified" stamp in the code, indicating that it is a legitimate piece of software.

” This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said.”


This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said. Along the same lines, Microsoft has announced more granular application consent controls for IT administrators. This allows administrators to create more detailed policies that specify exactly which users can consent to specific applications. In other words, Cahill said, it gives developers a way to create a "white list" for end users based on policy.Finally, Microsoft announced that its Authentication Library now supports additional platforms, including Angular (GA) and Microsoft .Identity.Web for ASP.NET Core. This essentially provides developers with more ways of authenticating access to applications they are building, Cahill explained. Attackers can exploit misconfigurations in hybrid networks composed of Azure Active Directory and Windows Active .


Directory servers to compromise synchronization servers, reveal user passwords, and create backdoors into corporate networks, security researchers from Synacktiv have revealed. The work, one of several similar research ventures conducted on Azure Active Directory security, underlines the need for security teams to learn to navigate the complexities of this fast-growing technology. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. The technology allows an organization’s employees to sign in and access resources in services like Microsoft Office 365, the Azure portal, and SaaS applications, along with internal resources and other cloud-based apps. There is, however, some confusion between Azure AD and Windows AD, the perhaps better-known directory service for centralized domain management.


Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS .
 

Spotlight

Being the bank customers want – and will need in the future – comes with a unique set of challenges that organizations in financial services should start to embrace now. Whether this is the way artificial intelligence is now delivering everyday capabilities we can see and touch, or the impending revolution coming from quantum co


Other News
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY

Cyber Security & Cloud North America – New Line-Up Speakers Announced

TechEx Events Ltd | April 17, 2023

The Cyber Security & Cloud Congress North America (17-18th May) has announced exciting new additions to its line-up of speakers and panellists for the upcoming two-day event in Santa Clara. The event will take place on May 17th and 18th, 2023, and will feature a diverse range of tech industry experts, including CIOs, CTOs, Cyber Security, Cloud Architects, and other key players in the field. Attendees will have a great opportunity to hear from the most talented speakers including: Prasanna P., Digital Transformation Leader – Enterprise Architecture & Enterprise Strategy Leader – Molina Healthcare Shea Lovan, Chief Security Officer – UC Santa Barbara Sachin Vaidya, EVP Chief Information Officer of Heritage – Bank of Commerce Kishore Viswanathan, Senior Technical Program Manager, Cybersecurity and Compliance – Lucid Motors Sameh Emam, Division Risk Manager – Union Bank Kavitha Venkataswamy, Director – Digital Product Security – Capital One Richard Paz, CISM, Cyber Security Engineer – NASA Jet Propulsion Laboratory & many more! In addition to these keynote speakers, the event will also feature several panel discussions covering a wide range of topics, including Zero Trust, Threat Detection & Response, Training, Talent & Culture, Identity & Access Management, Application Security, Data Security and more. Attendees will have the opportunity to network with other industry professionals and gain valuable insights into the latest trends and technologies shaping the cybersecurity and cloud technology landscape. The Cyber & Cloud Congress North America promises to be a knowledge-packed, innovative, and engaging event for all those interested in Cyber Security and Cloud technology, but also the newest technology solutions, products and services that will be showcased during the event. “We are thrilled to have such an outstanding group of speakers joining us for the Cyber & Cloud Expo,” said Lia Richards, Head of Conference. “With their diverse backgrounds and extensive experience, they will bring a wealth of knowledge and insights to our attendees. We look forward to hearing their perspectives on the most pressing issues facing the industry today”. WHAT ELSE TO EXPECT? Over the course of two days at Cyber Security & Cloud Congress North America attendees will have a great number of opportunities to visit exhibition stalls and connect with the representatives of some of the world’s biggest brands including IBM, IDC, Bosh, AWS, Zoho and many more, all implementing the latest in Cyber Security & Cloud technologies within their sectors. Paying attendees will also have a chance to join the networking party event following Day 1 of the conference, where all will be able to connect and network in a more relaxed setting, with free food and drinks provided. This opportunity is open for Gold and Ultimate Pass Holders, Speakers, Press, Sponsors, and Exhibitors. Find out more information here: https://www.cybersecuritycloudexpo.com/northamerica/networking-party/ Early-bird registration offering 25% discount of the full ticket price is open until 17th April, and interested attendees are encouraged to secure their tickets before the offer ends to avoid missing out on this exciting opportunity. Follow this link to discover ticket types and prices: https://www.cybersecuritycloudexpo.com/northamerica/ticket-types-and-prices/. About TechEx Events Ltd The TechEx Event portfolio is an international conference and tech showcasing cutting-edge tech innovation in enterprise. Featuring real-life use cases and in-depth industry insights, the event series delves into the AI, Big Data, Blockchain, Cyber Security, 5G, IoT and Edge Computing ecosystems. Running for over six years, our co-located events strengths lie within our expert community. We bring the heroes responsible for pushing game changing tech and strategy together, to craft relationships and creative solutions. We are the place where networking never stops – The one-stop-shop for enterprise innovators.

Read More

Spotlight

Being the bank customers want – and will need in the future – comes with a unique set of challenges that organizations in financial services should start to embrace now. Whether this is the way artificial intelligence is now delivering everyday capabilities we can see and touch, or the impending revolution coming from quantum co

Resources