loading...
Microsoft Azure

My Top 5 Azure Security Announcements from Microsoft Ignite 2019

deanbryen profile image Dean Bryen ・5 min read

My Top 5 Azure Security Announcements from Microsoft Ignite 2019

I was lucky enough to be at Microsoft Ignite in Orlando last week! The number of announcements was pretty hard to keep up with, it was relentless! And so was the sunshine, so I just went and sat by the pool and sunbathed all week! ☀️

Orange County Convention CenterOrange County Convention Center

Oh how I wish that was true! I was busy meeting a whole bunch of people, recording some video content, and most importantly trying to keep on top of the security announcements so you don’t have to 😊

So I thought I’d summarize my top 5 Azure Security announcements for you right here! Here goes…..

Azure Security Center — Custom Policies (Preview)

Up until today, you’ve been able to leverage the recommendations, secure score and regulatory compliance checks that Security Center has built in. But lots of you probably have your own security policies and benchmarks too!

Good news! As of Ignite (in public preview) you can now create a custom initiative in Azure Policy that meets your own security requirements, and add that as a policy in Security Center. This means you can extend the coverage of Security Center to include your own assessments which will filter through to the Secure Score, Recommendations and Regulatory compliance dashboards you’re already familiar with today.

Find out more here.

Threat Protection for Azure Kubernetes Service (AKS)

Containers and Kubernetes is hot stuff right now. More and more people I speak to are looking to Kubernetes as the new standard for deploying and managing cloud native applications.

As of Ignite (In preview), you can now leverage Azure Security Center to understand the security posture and gain further insights into your Azure Kubernetes Service (AKS) clusters. This release includes three key things:

  • Continuous discovery of managed AKS instances

  • Actionable reccomendations on security best practices for AKS

  • Host and Cluster based threat detection analysis

Find out more here.

Azure Notebooks direct from Azure Sentinel

Azure Sentinel was announced earlier this year. It’s a cloud native Security Incident and Event Management (SIEM) service. It provides a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Threat hunting is one area that I am particularly interested in. The power of finding threats in your environment is trawling through the data. Now you can some threat hunting in the Azure Portal, but to gain richer insights, and leverage a number of widely used python and machine learning libraries, many hunters are looking to Jupyter notebooks and Python to perform their hunting analysis.

This has all been possible up until today by leveraging Jupyter and the kqlmagiclibrary. However it just got a lot simpler. Azure Notebooks, a hosted Jupyter notebook service is now directly integrated with Azure Sentinel, and there are also handful of pre-built notebooks already available for you to get started, as well a larger number of notebooks you can leverage from in the Sentinel Github Community.

Find out more here.

Azure Arc — Implement Azure Security Anywhere

Azure Arc was one of the hottest announcements at Ignite this year! Seriously, go and check it out! In a nutshell, it enables deployment of Azure services anywhere, on premises, at the edge, on other clouds and it extends Azure Management and Security to any the infrastructure in those places too!

But this blog post is about security. So what security benefits does Azure Arc bring to on premises/edge/multi-cloud environments?

  • Access unique Azure security capabilities such as Azure Threat Detection

  • Centrally manage access and security policies for resources with Role Based Access Control

  • Enforce compliance and simplify audit reporting

Find out more here.

Password-less Authentication for the masses

OK so this is one I’m super happy about. Until last week, only customers with a paid Azure Active Directory (AD) plan could use the Microsoft Authenticator app for password-less authentication (Preview).

But now customers with any Azure AD plan can use password-less authentication. Yippee!

Also, as of 1st Nov 2019, there will be no charges for using Multi-Factor Authentication or passwordless authentication. Double Yippee!

Find out more here.

Oh and something fun to share

I thought I’d share with you one awesome infosec thing I got a chance to do at Ignite.

Microsoft created 1nter5ec7ion, a VR based escape room for Cyber Defenders wanting to save the world! Sounds more serious than it was, honest! But it was super fun, four colleagues and I had to work as team to solve a number of challenges in a 15 minute period to defeat the infamous hacker 157. It was great fun,and we escaped with 04:03 to spare! #WorldsBestCyberDefenders

I’m not sure if they’ll be bringing this to other conferences, but if they are, and you see it, you should definitely check it out!

What was your top announcement?

So that’s it! My top 5 Azure Security announcements at Microsoft Ignite 2019!

What were your favorite announcements?
Did I miss anything huge!

Let me know in the comments.

Discussion

pic
Editor guide