2021 will be a year that organizations continue to focus on enhancing their security footprint.
The first technology that we predict will gain serious momentum is Azure Information Protection. Call it rights management, call it sensitivity labeling, call it black-eyed-pea salad: just know that it’s happening.
This has always been my favorite part of any security focused customer immersion experience, and it became such a part of the “show” that it even found its way into more than a few productivity sessions, too. I would send a protected document in a protected message from one organization to a few members of another, and challenge the room to share the document beyond my original intentions.
Quarantine is a big part of the timing. Folks are taking corporate data home and accessing our secrets in ways we never envisioned. Relying on VPN and email security isn’t useful once the data has been copied off the corporate network. With Azure Information Protection, we can establish persistent protections on files, provide simple sensitivity labels for users to classify documents, enable auto classification with no additional licensing requirements, and now even apply sensitivity to whole Teams channels and SharePoint libraries.
EDR (Endpoint Detection and Response) / XDR (Extended Detection and Response)
Speaking of sensitivity labeling, Microsoft Defender for Endpoint has always had a cursory tie-in with Azure Information Protection, but in H2 2020 that tie-in got a real purpose. MD4E can now report on the highest sensitivity label that’s been detected on a given machine, helping us understand the true severity of an attack. Defender for Endpoint now also supports Mac, Android, Linux, and pretty much any other OS you want to throw at it, while also enabling web content filtering.
SIEM/SOAR
Microsoft may have been late to the party with a SIEM, but they showed up with chips and brought friends. With zero infrastructure, free ingestion of Office 365 data, and incredibly low data retention costs, Azure Sentinel is becoming the go-to solution to get up and running with almost instantaneous results. Look for our webinar on January 28, and a further exploration of this in next month’s blog post, but if you’re trying to drive toward compliance and need to keep audit logs longer than 30 days, Sentinel is your ticket.
Remote Provisioning
None of us got to send users home for quarantine at a convenient point in our device lifecycle, and one issue I’ve heard consistently over the past year has been the cost of deploying technology to a remote workforce. Microsoft Endpoint Manager’s Autopilot capabilities can fill this gap for zero-touch provisioning. I see a bunch of projects coming from organizations that are struggling to replace aging equipment, and also a lot of work from companies that are recognizing the value of hiring out-of-area talent and want to eliminate on-premise imaging & shipping of new devices. With Endpoint Manager, we can unify the configuration, app management, and compliance controls across the user’s entire device portfolio.
Endpoint DLP
This one is the one I’m the most jazzed about, though, because it’s the question I probably heard the most in 2020, and while there was a solution, it wasn’t one you could monitor. It’s all good & well to say you have DLP on endpoints and within apps, but...do you, really? You may have seen me demo the little briefcase that Windows Information Protection enables on corporate apps & websites, but that technology was all client-based. Well now we have a cloud-side implementation of that same functionality, and I can’t wait to show you.
If you would like to learn more about these technologies, we’re ready to help. We’d be happy to set up a Security Immersion Workshop for your organization to learn more about how these Microsoft technologies can improve your security posture.