Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products
Microsoft this week described a few security products that have reached “general availability” (GA) or commercial-release status, while also touting its overall security-market position.
Reaching GA are some Azure Security Center capabilities, Azure Defender for IoT and Application Guard for Office. These releases were announced on Wednesday. On Tuesday, Microsoft’s security-business prowess was highlighted in the company’s fiscal-year 2021 Q2 earning report given by Satya Nadella, Microsoft’s CEO. He noted that Microsoft’s security solutions revenue recently surpassed $10 billion.
A transcript was needed since a near-eight-minute gap occurred during the Tuesday presentation.
Microsoft’s $10 billion security revenue figure was enough for researchers at analyst and consulting firm Forrester to declare that “Microsoft is now a cybersecurity behemoth.”
Microsoft security stats were touted in a Wednesday announcement by Vasu Jakkal, Microsoft’s corporate vice president for security, compliance and identity. She offered the following security highlights:
Microsoft Defender blocked “almost six billion malware threats” in 2020.
Microsoft Defender for Office 365 blocked “more than 30 billion email threats” in 2020.
Azure Active Directory processes “more than 30 billion authentications” per day.
Azure Sentinel “analyzes over 4 petabytes of data each month.”
Microsoft solutions are protecting “more than 400,000 customers across 120 countries.”
Jakkal suggested that no other software company was handing “security, compliance, identity, and management as an interdependent whole.”
“Microsoft’s security organization is an intense, massive collaboration that drives services, intelligence, technologies, and people — all coming together as one humming machine with a singular mission,” she added.
Application Guard for Office GA
Application Guard for Office is Microsoft’s more improved approach for dealing with malicious files found on Web sites and in e-mail attachments. The product reached GA status, Microsoft announced on Wednesday. It had been at the preview stage back in August.
Microsoft has long had a Protected View security mechanism that mainly just acts as a precaution when users attempt to open documents attached in e-mails. Protected View permits end users to turn on editing in the documents, which can also enable attacks. With Application Guard for Office, these files get opened in a virtual machine “sandbox” environment, namely a “Hyper-V-enabled container,” which is isolated and prevents any malware from spreading into systems.
Despite the product’s name, Application Guard for Office is just for subscribers to the Office 365 service. Additionally, organizations can only get Application Guard for Office when they subscribe to E5-type plans, a top pricing option. Microsoft’s announcement also noted that “Application Guard works in conjunction with Microsoft Defender for Office 365,” a security solution that’s part of the newly renamed Microsoft Defender product line. Other security components in Microsoft Defender for Office 365 include “Safe Attachments, Safe Links, and Safe Documents,” the announcement explained.
Microsoft’s announcement affirmed that Application Guard for Office won’t be turned on by default for licensees:
Azure Security Center Enhancements
The Azure Security Center portal now has multicloud management capabilities, with the ability to work with Amazon Web Services (AWS) and Google Cloud Platform (GCP) reaching GA status, Microsoft announced on Wednesday.
It seems that just some capabilities are at GA in Azure Security Center, though. Microsoft specifically pointed to the ability to show AWS and GCP misconfigurations in its “Secure Score Model and Regulatory Compliance” features as being available.
Microsoft additionally turned on “Azure Security Benchmark as the default security policy for Azure Security Center,” which is conceived as bolstering its recommended policy settings.
Also at GA is the ability to use Azure Defender for Servers with Microsoft’s Azure Arc product to “simplify the on-boarding and security of virtual machines running in AWS, GCP and hybrid clouds.” Azure Arc is Microsoft’s multicloud management portal that also supports on-premises implementations, per a Microsoft “Overview” document. Azure Defender for Servers appears to be a component of the Microsoft Defender for Endpoint security solution. It’s tersely described in this Microsoft document as adding “threat detection and advanced defenses for your Windows and Linux machines.”
In response to customer feedback, Microsoft now lets organizations “exempt resources” from Secure Score “at a subscription level and now at a management group level.” Secure Score is Microsoft’s security assessment service. Some organizations apparently requested this exemption because they are using “third-party technology” (non-Microsoft solutions) for their security-posture assessments.
Azure Defender for IoT GA
Microsoft also announced on Wednesday that Azure Defender for IoT, its agentless security solution for unmanaged “Internet of things” devices and so-called “operational technology endpoints,” has reached GA status. It had been at the public preview stage back in October. The solution is designed to work with devices that use “specialized industrial protocols such as Modbus, DNP3, and BACnet.”
Azure Defender for IoT works with Microsoft recently acquired CyberX technologies to discover devices, find vulnerabilities and perform continuous device monitoring. Governance details are handled, too, when the service is used with a security information and event management solution, such as Microsoft’s Azure Sentinel. It also works with “Splunk, IBM QRadar and ServiceNow” solutions.
Azure Defender for IoT can be used on a customer’s site, or it can be tapped as an Azure service. The latter approach lets organizations connect Azure Defender for IoT with Microsoft’s Azure Defender security services. Alternatively, there’s a “hybrid” deployment possibility, “where security monitoring is performed on-premises but selected alerts are forwarded to a cloud-based SIEM like Azure Sentinel,” the announcement explained.