Welcome to my first roundup of the latest Microsoft security news.
In this roundup, we will cover the Entra ID, Copilot for Security, Intune, Defender, Windows and Microsoft Partner news. Yes, it’s been a busy month!
First, you will get a breakdown of the new Entra Suite offering including phishing resistant MFA and Face Check capabilities. You will then learn about the Copilot for Security adoption among enterprises in Australia including a bank and a telco.
After that, you will get all other top stories of the month including new features in Intune and Defender as well as latest Windows updates and Microsoft Partner news.
Microsoft Entra ID
Microsoft Entra Suite Now Generally Available
Microsoft has officially launched the Microsoft Entra Suite, a comprehensive, secure access solution tailored for today’s digital workforce.
The suite integrates identity management with network access, focusing on a cloud-based approach that enhances security, simplifies user experience, and reduces operational complexities.
Microsoft Entra Suite is currently priced at $12 per user per month (18 AUD). Microsoft Entra P1 is a licensing and technical prerequisite.
The Microsoft Entra Suite delivers the most comprehensive Zero Trust user access solution and enables organizations to converge access policy engine across identities, endpoints, and private and public networks.
Entra Suite Components:
- Microsoft Entra Private Access – an identity-centric Zero Trust Network Access that secures access to private apps and resources and reduces operational complexity and cost by replacing legacy VPNs.Â
- Microsoft Entra Internet Access – an identity-centric Secure Web Gateway (SWG) for SaaS apps and internet traffic that protects against malicious internet traffic, unsafe or non-compliant content, and other threats from the open internet.Â
- Microsoft Entra ID Governance – a complete identity governance and administration solution that automates identity and access lifecycle to ensure that the right people have the right access to the right apps and services at the right time.Â
- Microsoft Entra ID Protection – an advanced identity solution that blocks identity compromise in real time using high-assurance authentication methods, automated risk and threat assessment, and adaptive access policies powered by advanced machine learning (also included in Microsoft Entra ID P2). Â
- Microsoft Entra Verified ID – a managed verifiable credentials service based on open standards that enables real-time identity verification in a secure and privacy respecting way. Included in the Microsoft Entra Suite are premium Verified ID capabilities, starting with Face Check.
Microsoft Introduces FIDO2 Phishing-Resistant MFA for Entra ID
Microsoft has announced a significant enhancement to its Entra ID platform, introducing FIDO2-standard provisioning application programming interfaces that strengthen phishing-resistant security measures through mandated multi-factor authentication (MFA) for Azure users.
This allows organisations to create or use alternative administrator-led provisioning clients for setting up hardware security keys, such as YubiKeys.
Microsoft Releases Face Check for Enterprise Users
Microsoft has announced the general availability of Face Check with Microsoft Entra Verified ID, a new security feature designed to enhance identity verification through facial recognition technology. Initially introduced in preview mode in February 2024, this tool is now available as a standalone product and as part of the Microsoft Entra Suite.
Face Check utilises real-time facial recognition to compare a user’s selfie with a photo from a trusted source, such as a passport or driving licence, ensuring the authenticity of the identity being confirmed. As the first premium capability within the Microsoft Entra Verified ID framework, it facilitates the validation of a wide range of credentials using open standards.
The system operates in conjunction with various verification partners across 192 countries. Microsoft Entra Verified ID, also based on open standards, enables organisations to authenticate a variety of identity attributes, including driving licences and liveness matches.
Copilot for Security
NAB Adopts Copilot for Security Within Intune
https://www.itnews.com.au/news/nab-taps-copilot-for-security-within-intune-610184
NAB has emerged as an adopter of Microsoft’s Copilot for Security, using it within Intune as part of its oversight of “over 60,000 endpoints”.
While NAB has been using Intune for some time, the bank said it took on more security tooling from Microsoft several years ago, coinciding with its adoption of the Windows 11 operating system.
Telstra Claims Australia’s Largest Copilot for M365 Deployment
https://www.itnews.com.au/news/telstra-claims-australias-largest-copilot-for-m365-deployment-610568
Telstra is laying claim to having Australia’s largest deployment of Copilot for Microsoft 365, with the AI assistant to be made available to 21,000 staff.
The telco said it work with both staff and unions on a phased rollout of Copilot, following a 12-month trial that involved use of the tool by 300 staff.
Microsoft Defender
Detect Compromised RDP Sessions With Microsoft Defender for Endpoint
Microsoft Defender for Endpoint is enhancing the RDP data by adding a detailed layer of session information, so you can more easily identify potentially compromised devices in your organization.
This layer provides you with more details into the RDP session within the context of the activity initiated, simplifying correlation and increasing the accuracy of threat detection and proactive hunting.
Microsoft Intune
Intune Is Getting Processor and RAM Reporting Data
Intune is getting resource performance reporting within Intune Advanced Analytics that will provide data about processor performance and RAM on physical Windows devices.
Jamf Becomes Microsoft Partner After Signing Five-Year Agreement to Accelerate Growth Through Microsoft Azure
https://www.jamf.com/resources/press-releases/jamf-becomes-microsoft-partner
Jamf, a leader in managing and securing Apple at work, announced it is entering the Microsoft ISV Partner Program, and has signed a five-year agreement to expand its existing collaboration with new and innovative Microsoft Cloud and AI-powered solutions for our joint customers.
This collaboration marks a significant milestone in Jamf’s mission to deliver robust, scalable endpoint management and security solutions to help organizations succeed with Apple.
Jamf offerings will be hosted on Microsoft Azure and available for purchase on the Azure Marketplace starting in late 2024.
Windows 11
Windows 11 22H2 Reaches End of Support
Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing on October 8, 2024.
The announcement applies to Windows 11 22H2 Home, Pro, Pro Education, Pro for Workstations, and SE editions released on September 20, 2022. On the same day, Windows 11 21H2 Enterprise, Education, and IoT Enterprise editions will also reach the end of service, one year after the Home and Pro editions.
“The upcoming October 2024 security update, to be released on October 8, 2024, will be the last update available for these editions. After this date, devices running these editions will no longer receive monthly security and preview updates containing protections from the latest security threats,” Microsoft said.
Windows 11 Crosses 30% Market Share
https://www.neowin.net/news/windows-11-crosses-30-market-share-for-the-first-time-since-launch
In July 2024, Windows 11 hit an important milestone: for the first time since its launch in October 2021, the operating system crossed the 30% market share mark. According to Statcounter’s latest findings, last month, Windows 11 reached a new all-time high of 30.83%, gaining 1.08 points in just one month or 7.17 points year-over-year (it was at 23.66% in July 2023).
Just as Windows 11 climbs, Windows 10 loses its market share. It is now below 65%, or 64.99%, to be precise, or -1.06 points in one month. Year-over-year change is 11.15 points (it was at 71.14% in July 2023). The operating system will reach its end of life in about a year, so expect its market share to start dropping faster in a few months.
Windows Zero-day Flaw Let Hackers Downgrade Fully Updated Systems to Old Vulnerabilities
https://cybersecuritynews.com/windows-zero-day-downgrade-attack/
Every software and operating system vendor has been implementing security measures to protect their products. This is because threat actors require a lot of time to find a zero-day but less time to find a readily available exploit for vulnerable software. This led them to the thought that they should Downgrade the latest versions to vulnerable versions.
An example of this is the BlackLotus UEFI BootKit malware, which downgraded the Windows Boot Manager to a vulnerable version that CVE-2022-21894 can exploit.
This vulnerability allows threat actors to bypass Secure Boot. The threat actors were also able to disable OS security mechanisms and maintain persistent access to the affected systems.
Bitlocker Encryption Becomes the Default in Windows 11 24H2
https://www.theverge.com/2024/8/14/24220138/microsoft-bitlocker-device-encryption-windows-11-default
Microsoft is making BitLocker device encryption a default feature in its next major update to Windows 11. If you clean install the 24H2 version that’s rolling out in the coming months, device encryption will be enabled by default when you first sign in or set up a device with a Microsoft account or work / school account.
In Windows 11 version 24H2, Microsoft is reducing the hardware requirements for automatic device encryption, opening it up to many more devices — including ones running the Home version of Windows 11. Device encryption no longer requires Hardware Security Test Interface (HSTI) or Modern Standby, and encryption will also be enabled even if untrusted direct memory access (DMA) buses / interfaces are detected.
Microsoft Partners
Microsoft To Add Copilot, Defender for Endpoint Licenses To Certain Partner Benefit Packages
Along with Microsoft’s announced end to selling Action Pack, Learning Action Pack or legacy silver and gold benefits starting Jan. 22, the tech giant shared more details on products getting added to its newer benefits packages, including Partner Success Core Benefits and Partner Success Expanded Benefits.
“We are adding over 20 in-demand product licenses to our benefits packages,” Julie Sanford, Redmond, Wash.-based Microsoft’s vice president of partner go-to-market (GTM), programs and operations, said in a blog post. “This includes game-changing Microsoft Copilot products, Microsoft Defender for Endpoint, and Microsoft GitHub.”