Microsoft Entra serves as a comprehensive tool designed to protect organizations from cyber threats, provide secure access to all resources, and enable employees to work from anywhere. The recent unveiling of exciting new features and capabilities at Microsoft Ignite 2023 signifies Microsoft’s commitment to enhancing secure access in the era of artificial intelligence. Here are some of the highlights announced:
Announcements
- Security Copilot in Microsoft Entra
- Microsoft Entra Internet Access and Microsoft Entra Private Access
- Permissions Management integrations with Microsoft Defender for Cloud and MS Sentinel
- Baseline Conditional Access Policies Auto-roll out
Security Copilot in Microsoft Entra
Microsoft Entra’s Security Copilot is a new feature that leverages AI to help you investigate identity risks, get real-time insights, and troubleshoot sign-in issues. For example, you can ask AI “why is this user marked as high risk?” and get a detailed explanation of the risk factors and mitigation actions. In addition to assisting in analyzing security threats, Security Copilot will also help you optimize your conditional access policies by analyzing your entire environment and providing customized recommendations based on the evolving threat signals that Microsoft gathers. Security Copilot is currently in private preview.
Security Copilot in Microsoft Entra capabilities
- Investigate identity risks
- Get real time insights
- Troubleshoot sign ins
Microsoft Entra Internet Access and Private Access
Microsoft is expanding the capabilities for the preview of Identity-centric security edge solutions, Microsoft Entra Internet Access, and Private Access.These are two new solutions that are part of the Microsoft Entra portfolio and provide zero-trust network access for your users and applications. Internet Access allows you to apply universal conditional access policies for all internet, SaaS, and Microsoft 365 apps and resources. You can also restrict access based on compliance checks, such as device health or network location, and use web content filtering based on domain and web categories. Private Access is a zero-trust network access solution that supports more protocols, such as UDP (User Datagram Protocol) and DNS (Domain Name System), and enables multi-factor authentication for all apps, whether they are on-premises or in the cloud. This means you can soon retire your traditional VPN (Virtual Private Network) solution, which does not allow for granular access policies and does not scale to the cloud. Both Internet Access and Private Access share a universal conditional access policy engine with all other Microsoft products, meaning you can write a single policy to include access rules across identities, devices, endpoints, data, and network, and reduce complexity. Internet Access and Private Access are currently in public preview.
Both Entra Internet access and Entra Private access are part of the Microsoft Entra portfolio, and they share a universal Conditional access Policy engine with all other Microsoft products. This means that you can write a single policy to include access policy across Identities, devices, Endpoints, data, and network to reduce complexity.
Let’s say you want to enforce a policy that restricts access to a specific application for all users who are not on the corporate network and do not have a compliant device. With Microsoft Entra, you can write a single policy that includes access rules across Identities, devices, Endpoints, data, and network to achieve this goal. You can specify the conditions that must be met for the policy to apply, such as device health, network location, or user group membership, and you can define the actions that should be taken when the policy is triggered, such as blocking access, requiring multi-factor authentication, or granting access with limited functionality. You can also use the Security Copilot feature to investigate identity risks and get real-time insights into your conditional access policies. By using a universal Conditional access Policy engine, you can simplify your policy management, reduce your risk exposure, and improve your compliance posture.
Passkey support in Microsoft Authenticator
This is a new feature that enables passwordless authentication for Microsoft Entra Identity apps using a one-time code that is generated and displayed on your mobile device. Passkey support in Microsoft Authenticator enhances the security and convenience of your sign-in experience and reduces the risk of phishing and credential theft. Passkey support in Microsoft Authenticator is currently in public preview.
Token threat Protection for Entra ID apps
This feature integrates with the compliant network check in conditional access to protect your Microsoft Entra Identity apps from token theft and misuse. If a user’s device is compromised or lost, the token that is used to access the app will be revoked and the user will be prompted to sign in again using a compliant device. This feature helps you prevent unauthorized access to your sensitive data and applications. Token threat protection for Microsoft Entra Identity apps is currently in public preview.
On-Prem password changes to remediate user risk
This feature allows you to enforce password changes for your on-premises users who are marked as high risk in Microsoft Entra Identity Protection. This feature helps you reduce the exposure of compromised credentials and improve your security posture. On-premises password changes to remediate user risk is currently in public preview.
Permissions management
These are new integrations that allow you to monitor and audit the permissions and activities of your Microsoft Entra administrators and users. You can use Microsoft Defender for Cloud to detect and respond to identity-related threats, such as privilege escalation, credential theft, or malicious sign-ins. You can use Microsoft Sentinel to collect and analyze identity-related data, such as audit logs, sign-in logs, or risk events, and create custom alerts and workflows. These integrations help you improve your visibility and control over your identity environment and enhance your security operations. Permissions management integrations with Microsoft Defender for Cloud and Microsoft Sentinel are currently in public preview.
Conditional Access Policies Auto-roll out
Microsoft is stepping up to the plate by introducing a set of new Microsoft-managed Conditional Access policies designed to bolster your defense against potential cyber attacks. These policies are part of a broader initiative aimed at fortifying security and ensuring the protection of your user accounts. So, what exactly are these set of Conditional access policies, and how will they benefit your organization? Baseline Conditional Access Policies are currently Generally Available. Read more here.
For more about Securing Access in the AI era, go to Microsoft’s blog published by Joy Chik.
1 thought on “Microsoft Entra and Security Copilot”