About Microsoft Security
As a leading technology provider, Microsoft is at the forefront of security solutions to provide consumers, businesses, governments and beyond with all the protections they need to secure their sensitive data. Microsoft is also a leader in five different Gartner Magic Quadrants.
This guide will explore the diversity of Microsoft’s security products, and explain some of the more technical elements in-depth so you have all the information you need to make the right decision on security.
What is Microsoft security?
Microsoft is a market leader in the technology space, so it stands to reason they have the capabilities to provide high-quality cyber security solutions to their customers. This is particularly vital in the current age of cyberattacks, with malicious actors from around the world seeking new and intricate ways to infiltrate systems.
Ensuring the robustness of your organisation’s cyber security protections at all times is essential – failure to invest in the best solutions or maintain the integrity of your systems can result in not just stolen data, but financial losses and potentially reputational damage.
The good news is that Microsoft understands the cyber challenges that organisations face, which is why they have developed myriad comprehensive solutions, all built to work in tandem with each other. They also invest heavily in product research, threat indicators, threat intelligence, integration and much more. This means choosing Microsoft security solutions will result in you always having the right tools, the best applications and the most robust software to manage your security needs.
Microsoft’s security offerings are generally focused on four main categories: identity and access management, threat protection, information protection, and cloud security. We will explore these in more detail further down. (See ‘Exploring the four essentials of Microsoft’s security solutions’)
Zero Trust Security
Every organisation is different. They market to different audiences, work within different sectors and face different challenges. So, it stands to reason that every journey will be unique. That’s why the Zero Trust Security model is most effective when integrated across the entire digital estate.
What is Zero Trust Security?
Zero Trust Security – also referred to as Conditional Access by Microsoft – is an efficient form of control from a risk perspective. Consider the fact that we can all access our email from anywhere in the world. The capability makes it extremely difficult from a security perspective because as a business, you are unable to filter everyone through a central point. With Zero Trust you don’t have to create a policy for every single possible scenario, location or device – you simply evaluate users when they connect. That user will go through a set of checks before being given access to any data.
Most organisations will need to take a phased approach that targets specific areas for change based on their Zero Trust maturity, available resources and priorities. Microsoft provides solutions for businesses with high, medium and low risk profiles.
Quorum have developed a framework that provides clear and actionable insights that enable a customer who wants to drive towards a Zero Trust Architecture. The framework includes artifacts supplemented by deep expertise (Quorum is a Microsoft Gold certified partner) needed for effective planning, readiness and the deployment of a production-ready roll-out.
This approach quickly enables changes that will improve protection across areas that are mandatory for Zero Trust effectiveness. The production-ready roll-out sets the foundation for enterprise deployment, design refinement and organisation-specific optimisation.
What is Managed Security?
Managed security is simply a set of computing services that are outsourced to an external provider, such as Cloud Collective. It means reducing your own workload and outsourcing your requirement to manage risks to a team of experts.
Cloud Collective’s Managed Security Service delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting and threat response.
By choosing Cloud Collective, we can act as your complete Managed Security Services Provider, or bolster your current team. This allows your internal IT team to focus on delivering value to your business rather than monitoring the company’s security posture and alerts.
Secure Remote Work is imperative, but do you have all the other pieces in place?
Find out what you need to know to cover all your bases in the evolving landscape.
Getting a Managed Security Service is critical in the hyper-connected digital world – it allows you to see and stop threats before they cause your business harm. Obtain a bird’s-eye view of cybersecurity across the entire enterprise with data insights, monitoring and visualisations.
Why you need a Managed Security Service
The Cloud Collective team puts the cloud and large-scale intelligence to work by leveraging decades of Microsoft security experience. Here’s what we can help you with:
- Make your threat detection and response smarter and faster with artificial intelligence (AI).
- Eliminate security infrastructure setup and maintenance.
- Elastically scale to meet your security needs – while reducing IT costs.
Cyber One: Your security portal with Cloud Collective
Cyber One is our purpose-built Managed Security Services platform that provides you with visualisation and insights into your security posture, vulnerabilities within your environment, and security alerts.
Using the strength of Microsoft Power BI, Cyber One visualises your security data so you can see everything. It’s a persona-aware service, which means you can log in as a customer and see alerts that are specific to your environment.
Cyber One Modules
Cyber one leverages a module design strategy whereby individual modules have been designed, architected, and developed to meet specific requirements and support the deep technical capability of each connected platform.
Microsoft Defender for Endpoint is a holistic, cloud delivered endpoint security solution that includes risk-based vulnerability management and assessment, attack surface reduction, behavioural based and cloud-powered next generation protection, endpoint detection and response (EDR), automatic investigation and remediation, managed hunting services, rich APIs, and unified security management with integration into Cyber One.
Defender for M365 protects all of Office 365 against advanced threats like business email compromise and credential phishing. Automatically investigate and remediate attacks with deep integration into Cyber One.
Azure Defender, integrated with Azure Security Center and Cyber One, for Azure and hybrid cloud workload protection and security. With extended detection and response (XDR) capabilities, stand up against threats like remote desktop protocol (RDP) brute-force attacks, and SQL injections. Streamline security with AI and automation.
The Azure module is designed to surface security event information related to Azure workloads across IaaS, PaaS, and Hybrid (on-premises). The roll-up of information strategy is adopted to leverage the ability of data visualisation to enable quick decision making and confirm or re-enforce the need for further action quickly and accurately through the use of supporting information from the source as well as supplemental information (baselining as an example).
Four Essentials of Security
Microsoft’s security offering can be categorised into four different departments: identity and access management, threat protection, information protection and cloud security. Here, we investigate the technicalities in more detail.
Let’s explore the four essentials of Microsoft’s security solutions.
1. What is Identity and access management (IAM)?
Identity and access management (IAM) is an umbrella term for the framework, policies and security solutions that help organisations manage who and what can access their corporate resources. Everything from two-factor authentication right up to biometrics is used for IAM, and it’s one of the best ways to secure your organisation against external threats.
With Microsoft security, you’ll never have to worry about identity being compromised. Microsoft 365 solutions are able to manage identities as the very first step to providing access to corporate resources. They can also easily flag and restrict users who are high-risk, which takes the pressure away from you – so you can focus on running the business while Microsoft protects it.
Tools like single sign-on (SSO), multi-factor authentication (MFA) and Windows 10 Hello for Business are all utilised to your advantage so you can rest easy knowing your organisation, your systems and your sensitive data are in safe hands.
Azure Active Directory
Azure Active Directory (Azure AD) is a component of Microsoft Enterprise Mobility + Security that delivers identity and access management (IAM) to Microsoft 365 and other cloud-based and on-premises services.
The ability to create a single identity that can be used across all devices means both your security and your control over it are increased. This single identity is used as your single sign-on (SSO) for multiple devices and applications – you could log into your company’s CRM, emails and intranet all with one set of credentials, for example.
This also means employees can sign into almost any service, regardless of their device, location or user identity, including both cloud and on-premises software. With one password, users can access anything they have permissions for
So how does this improve your security? When each user has a single and unique identity, it allows for conditional access. That means you can block or grant permission for users to log into certain devices, services or apps based on various factors.
A key feature in Azure AD is what’s known as ‘Conditional Access’. This includes multi-factor authentication (MFA) to verify the user’s identity, ensuring the actual login is secured. Having secure identities also allows for reporting on logins and visibility of any data associated with access requests.
As we move into a digital world, it is essential to provide your employees with the tools to access what they need, when they need it, with the ease and security of SSO. And that’s exactly what Azure AD provides.
Single sign-on (SSO) is a user-authentication technology that enables a user – e.g. your employees – to log into multiple applications with a single account.
Essentially, it frees up users to get fast and easy access to what they need from wherever they are and no matter what device they are using – all while heightening security and allowing administrators to grant or deny access based on a variety of factors.
Microsoft Intune is a management solution that lives in the cloud and is used for unified endpoint management. Endpoint devices may include your laptop, smartphone, desktops and more, and Intune allows you to securely link employee devices to your sensitive company data.
Imagine an employee who used multiple devices for work – not just a laptop and smartphone, but a desktop and several tablet devices as well. Now imagine the challenges that creates for the IT department when that employees wants to use those various devices to access secure work channels and programs. Trying to manage everything on those devices through traditional methods requires a lot of on-premises infrastructure.
With its excellence in cloud management, Intune allows IT teams to seamlessly deploy applications, apply security policies and more – with no traditional on-premises infrastructure. Even if users are actively working while on the road, at home, in the office or anywhere around the world, the IT team can track how both the hardware and software is being used and then deploy security policies to suit. This is especially convenient when onboarding a new employee, as deploying a new device is quick and easy, and it can install apps remotely.
Microsoft Intune integrates with Azure Active Directory Conditional Access and enables IT departments to block access from certain devices unless specific security policies are met. Additionally, some companies allow bring-your-own-device (BYOD) by enabling Intune Application Protection (formerly Intune Mobile Application Management).
2. What is Azure Advanced Threat Protection?
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that uses the signals from an on-premises Active Directory to seek out and ultimately neutralise serious threats to your operation – these may include compromised identities and malicious insider actions.
ATP oversees all user activities and any information that is passed to and from your network (permissions and group membership). With this data in its hands, it develops a unique behavioural baseline for every user. It is then able to recognise and locate anomalies thanks to its adaptive built-in intelligence.
With ATP by your side, you will receive fast insights into any and all suspicious activities against your organisation – meaning you can stop it in its tracks before it’s had a chance to do serious damage.
Azure ATP is an EMS E5 workload, however Advanced Threat Analytics is available as part of EMS E3.
- Office 365 ATP: This protects against common threats to SharePoint teams and OneDrive, for example. Threats typically include malware and phishing scams, and Office 365 ATP is a focused tool to support the solution stack.
- Azure ATP: Microsoft developed the capability to look deep into Azure Active Directory, which concerns all things identity education and authorisation. Azure ATP manages the complex and technical threats associated with both the on-premise and cloud versions of Active Directory – for example, malicious actors trying to steal identities.
- Defender ATP: This focuses on the physical endpoint – your laptop, workstation and even your mobile. Microsoft has specifically tailored a security solution for the four main pillars to protect: identity, apps, data and endpoints. Defender ATP has support across Android, Mac and Linux.
The main differences between E3 and E5 licensing
There are two main versions of E3 and E5.
You can think of E3 as the original version of EMS. It contains the ‘base’ versions of products like Azure Active Directory Premium, Intune, AIP and ATA. These are referred to as the ‘P1’ versions of the individual components.
E5 has some upgraded features that are mainly focused on automation, as well as additional security capabilities. The ‘P2’ version of Azure Active Directory has features such as new Identity Protection and Privileged Identity Management. The ‘P2’ version of Information Protection allows documents to be automatically encrypted, rather than manually like in E3’s ‘P1’ version.
EMS E5 also offers an entirely new product: Cloud App Security. This tool is a Cloud App Security Broker and integrates tightly with the entire Microsoft Cloud ecosystem (and other cloud vendors). It provides Advanced DLP, visibility and other functionality not available in the E3 products.
3. What is Azure Information Protection?
Essentially document-level security, Azure Information Protection (AIP) is another component of Microsoft Enterprise Mobility + Security. It enables organisations to protect and classify their documents based on labels, which can be added either automatically through a set of rules, manually or a combination of both.
For example, an administrator may want to automatically classify company documents that contain credit card numbers. Every time this protected data is viewed, a ‘check’ is done to see whether the person viewing the file has permission to do so, and the IT administrator or document creator may be alerted.
This document-level security is so strong that it even works outside of the organisation and always remains with the document. If someone without permissions tries to view the file, they can be blocked based on company permissions, employment status or the date. Because the permissions remain with the file, you don’t have to worry about whether the document is stored on Office 365, a desktop or even a portable USB storage device.
Most companies are now taking data security very seriously, and AIP is a key part of heightening that security and achieving compliance.
4. What is Microsoft Cloud Security?
With more and more organisations and industries shifting their operations to the cloud – whether partially or in full – it’s incredibly important to protect yourself against cyber threats. This is not just for the safety of your company data and systems, but also to give your clients and providers peace of mind that they are in safe hands when interacting with your business.
Microsoft allows you to bolster the security of your cloud workloads with built-in services through Azure. Apps, data and your business infrastructure are all protected with security intelligence that flags threats in their early stages – which means you have plenty of time to get on top of the problem and respond as required.
With the right multi-layer defence strategy in place, everything in the cloud is taken care of – from identity to data, networks and beyond.
Benefits of Microsoft Security
From Windows Security to Advanced Threat Protection and everything in between, there are many benefits to Microsoft’s diverse security offering – here are just a few:
- Free, built-in services like Windows Security and free editions of other security solutions makes it easier to balance the corporate budget with a Microsoft suite.
- Microsoft security’s easy-to-use systems allow you to manage multiple security solutions from a single app, ensuring faster uptake and more streamlined productivity.
- Any external threats or malicious activity is stopped in its tracks before it becomes a problem.
- Identity and access management saves IT headaches while giving your employees the freedom to work from anywhere, anytime and on any device – according to the permissions you set for them.
Read more about ways to secure your remote workforce.
How to integrate Microsoft security into your organisation
Often the most challenging part of finding and deploying the right security suite for your organisation is deciding exactly what you need. Even the most tech-savvy business owner may not be able to see the vulnerabilities in their own systems because they are too close to the operation.
That’s where getting support from Microsoft security experts like Cloud Collective becomes the best option. We will work directly with you to understand your security needs, find out what risks are posed to your organisation and how Microsoft security solutions can help. We will then help you protect your company systems with a security strategy that matches your needs and fits into your budget.
Call Cloud Collective today on +61 (0)2 8966 1496 to protect your organisation with Microsoft security products.
Cost will depend on which solution – or suite of solutions – you are looking at. For example, an individual who doesn’t require business-grade protection may be comfortable with just using Windows Security, which is already built into Windows 10 systems at no additional cost.
- Premium P1: $8.238/user per month
- Premium P2: $12.357/user per month
There is also a basic edition which is free, and an Office 365 apps package which will vary in cost according to your needs.
There’s a free version which offers limited services, as well as a standard tier that offers different prices according to the services rendered – for example:
- Virtual machine: $0.028/server per hour, up to 500MB per day included
- App services: $0.028/app service per hour
- SQL database: $0.029/server per hour
- IoT devices (by device): $0.0014/month
- IoT devices (by messages): $0.275 per 25,000 transactions
Azure Information Protection can be purchased as a standalone service or as part of another licensing suite, such as a Microsoft 365 Enterprise plan or Microsoft 365 Business, which includes the Azure Information Protection ‘P1’.
It’s offered as a user subscription licence, so the best way to purchase it is through a Microsoft partner like Cloud Collective.
Blogs and articles on Security
Cyberwarfare: The weaponisation of IT and why you must suit up
When our forefathers went to war on battlefields in the 1900s, it’s safe to assume no one could have anticipated that those fields would one day be virtual. Read on.
IoT/OT Security Challenge: Do not assume you are safe. It is not if, it is when.
I do find myself laughing and in a moment of self-reflection pondering how I ended up in this state when I am getting annoyed with having to manually turn on the lights when the automated schedule for “all things IoT” in my house have failed (or glitched). Read On.
A Security Evangelist’s Thoughts from Inspire 2020
As Satya said “We have seen two years’ worth of digital transformation in two months.” Read On.
While a helpful protection measure against cyber threats for its time, Microsoft Security Essentials has since been discontinued, along with Windows 7, and can no longer be downloaded. Thankfully, there are many other Microsoft security products on the market which offer a more modern and highly secure service.
No. Microsoft Security Essentials is an outdated product and cannot be downloaded on any operating system. Support for Windows 7 machines ended on 14 January 2020.
Both are essentially the same thing – they simply worked on different Windows operating systems over the years. The most current built-in security software for Windows 10 systems is now called Windows Security, and it is the best Microsoft security offering to date.
For users running the latest Windows OS, which is Windows 10, the best antivirus and overall security solution is Microsoft’s very own Windows Security.
If you are looking for a security provider, the best course of action is to contact a Microsoft partner who understands your security needs and provides high-quality security services. Cloud Collective was one of the first Microsoft Gold partners to receive the gold certification for security in Australia, which is the highest competency in this area. You can reach out to us by calling +61 (0)2 8966 1400 or emailing Cloud Collective on email@example.com.