Archive

Archive for the ‘Identity’ Category

Guiding principles of our identity strategy: staying ahead of evolving customer needs

July 27th, 2020 No comments

Last June, when I shared the 5 principles driving a customer-obsessed identity strategy at Microsoft, many of you had embraced the idea of a boundaryless environment, but relatively few had implemented it in practice. A global pandemic made remote access essential and forced many of you to accelerate your digital transformation plans.

The new reality requires not only supporting secure remote productivity and collaboration, but also other remote operations, such as onboarding, offboarding, and training employees. And this reality will continue for the near future. According to our most recent Work Life Index, 71 percent of employees and managers (Information Workers) reported a desire to continue working from home at least part-time post-pandemic.

Your experiences and insights have helped shape the investments we’re making in our identity services for the coming year and beyond. Today, I’m sharing with you the updated set of guiding principles we’re following to deliver a secure and scalable identity solution that’s seamless for your end-users.

Secure adaptive access

An identity system that is secure from the ground up continues to drive our product investments. In a recent survey of over 500 security executives, achieving a high level of protection without impeding user productivity was rated the number one challenge. Using risk-based Conditional Access policies in Azure AD, you can protect sensitive data with minimal friction to your end-users. This combines the power of Identity Protection with Conditional Access to only prompt users when the sign-in is considered risky. 

To enhance identity security, we’re investing in compromise prevention technologies such as security defaults, attack blocking, and password protection, as well as reputation and anti-abuse systems. Security mechanisms like end-user notifications and in-line interrupts can help everyone defend themselves from malicious actors. Every day, our data scientists and investigators evaluate the threat and log data to gather real-world insights, so they can adjust our machine learning algorithms to recognize and protect our customers from the latest threats.   

Our product and ecosystem investments are guided by embracing Zero Trust security strategy as our worldview. We build Azure AD on the principles of Zero Trust to make implementing this model across your entire digital estate achievable at scale. 

Seamless user experiences

When your employees need to get things done, delivering a great user experience is essential. Employees who interact directly with customers, patients, and citizens need tools that are simple to learn and use. Because an easy, fast sign-in experience can make all the difference for your users—and your Help Desk—we’re continuing our investments in Firstline Worker scenarios to address the challenges they face, for example, by providing seamless handoffs of shared mobile devices and enhancing tools and workflows for managers. 

We’ve seen more interest than ever in minimizing the use of passwords and eliminating them completely. We continue our commitment to identity standards that help scale the technology and make it more useful and accessible for everyone. We’re also developing easy-to-use self-service options for end-users, such as managing security information, requesting access to apps and groups, and getting automatic recommendations for approved applications based on what peers are using most.  

Your customers, business partners, and suppliers also deserve a great, consumer-grade sign-in and collaboration experience. With the External Identities feature in Azure AD, we are investing in making it easier for organizations and developers to secure, manage, and build apps that connect with different users outside your organization.  

We’re also looking ahead to technologies that respect everyone’s privacy, such as decentralized identity systems and verifiable credentials, that can verify information about an individual without requiring another username and password. Verifiable credentials are based on open standards from W3C and leverage the OIDC protocol, so you will be able to incorporate them into your existing systems. 

Unified identity management

It’s hard to scale and manage security when you have overlapping products from multiple vendors that need to work together. You have a portfolio of on-premises and cloud-based applications that you need to manage and provide secure access to your users. We are simplifying these experiences in Azure AD, making it easier to manage all your applications for all your users in a single place. We’re also consolidating our APIs into Microsoft Graph to unify programmatic access to and management of data across workloads in Microsoft 365, including Azure AD. 

By embracing open standards, we can help you more easily manage and secure your hybrid environment. We’re working with partners like Box and Workday to further deepen our product integrations and streamline identity processes. Azure AD is pre-integrated with thousands of SaaS applications, and more to come, so you can provide users one set of credentials for secure access to any applicationWe are continuing to extend capabilities in Azure AD so that you can migrate access for all your applications to be managed the cloud. 

Simplified identity governance

While having the ability to control access requests, approvals, and privileges in a timely and efficient manner is key, traditional identity governance and privileged access management solutions can be cumbersome and inflexible. This is true particularly now that these workflows are more often done remotely than in person. Providing every user access to the apps and files they need should be as simple as defining access packages and group assignments upfront. Onboarding and offboarding employees then become easy with an automated solution connected to your HR system. 

We want to help more companies adopt these scenarios and incorporate our machine learning technology in Azure AD to provide better recommendations and alerts in response to unusual behavior or too many unnecessary privileges. Our goal is for these capabilities to span both employee and external identity scenarios, built in the cloud for maximum benefit. This will help strengthen your overall security, efficiency, and compliance.  

The last several months have been a whirlwind for all of us. We’re in it with you, committed to helping you on your digital transformation journey. Whatever happens, you can be sure that we’ll continue to listen to your feedback and input, so we can evolve our engineering priorities and principles to help you stay ahead and prepare for what comes next. Thank you for your continued trust!   

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Guiding principles of our identity strategy: staying ahead of evolving customer needs appeared first on Microsoft Security.

Announcing the Microsoft Identity Research Project Grant

January 9th, 2020 No comments

We are excited to announce the Microsoft Identity Research Project Grant a new opportunity in partnership with the security community to help protect Microsoft customers. This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory).

The post Announcing the Microsoft Identity Research Project Grant appeared first on Microsoft Security Response Center.

BlueHat Seattle videos are online!

November 13th, 2019 No comments

Were you unable to attend BlueHat Seattle, or wanted to see a session again? We have good news. If you have been waiting for the videos from BlueHat Seattle last month, the wait is over. All videos which the presenter authorized to be recorded are now online and available to anyone. We are also happy …

BlueHat Seattle videos are online! Read More »

The post BlueHat Seattle videos are online! appeared first on Microsoft Security Response Center.

Time for day 2 of briefings at BlueHat Seattle!

October 25th, 2019 No comments

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent (complete with toasted marshmallows). Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising correlations between vuln severity, age, and time to …

Time for day 2 of briefings at BlueHat Seattle! Read More »

The post Time for day 2 of briefings at BlueHat Seattle! appeared first on Microsoft Security Response Center.

Microsoft Identity Bounty Improvements

October 23rd, 2019 No comments