Microsoft unveils a bonanza of security capabilities

New features for Windows and Office 365 aim to help businesses with cybersecurity

Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way.

The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.

On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10.

Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.

What's more, Microsoft has launched a new tool that’s designed to help customers configure the Surface hardware under their administration, doing things like disabling the tablets' cameras.

Office 365 customers get a new security assessment tool and the private beta of a service aimed at showing them information about security threats.

Microsoft has been pushing advanced security capabilities like the ones announced Friday as a key part of its pitch to enterprises concerned about securing their data from a growing threat landscape. Here’s the rundown.

New Windows Capabilities

Windows Hello, Microsoft's biometric-based authentication system, is getting two new enhancements with the forthcoming Windows 10 Creators Update.

First off, Microsoft is making it possible to use its biometric Windows Hello login system solely with on-premises Active Directory servers, rather than requiring Azure Active Directory.

Microsoft is also trying to address the problem of users forgetting to lock their computers by using a new Dynamic Lock feature in Windows Hello. That will connect a user’s smartphone with their Windows 10 device, and automatically lock the device when the phone's Bluetooth signal drifts far away.

Using it requires customers have the Microsoft Authenticator app installed on their smartphones. Once the app is connected to a PC, it uses the Windows Hello Companion Device Framework to automatically lock the computer when its user walks away.

The Surface Enterprise Management Mode (SEMM) allows enterprise customers to apply additional hardware restrictions to Microsoft’s Surface Pro 4 tablet, Surface Book laptop, and Surface Studio desktop in order to comply with security needs.

That way, it's possible for them to do things like disabling the device’s microphone.

Administrators can set policies that only kick in under a particular set of conditions, like when a Surface is connected to a specific network. Applying the policies requires that administrators have physical access to the Surfaces in question but does not require they erase them.

SEMM works at the Unified Extensible Firmware Interface level, "so a lot of the attacks you would expect attackers to use in order to just re-enable the camera without the user knowing, won’t even work, because the device is disabled at a fundamental, hardware level," said Rob Lefferts, the director of program management for Windows Enterprise and Security.

Microsoft is also allowing mobile device management (MDM) software to apply settings and configurations from the Security Baseline Policies list. Previously, those settings were only available through Group Policy. It's a move that's designed to make it possible for administrators to have the same policies on devices managed using Group Policy and MDM.

The company also released a new MDM Migration Analytics Tool designed to help customers figure out migrating from Group Policy to MDM. It scans a system for all of the policies applied to it, tries to map those policies to their MDM equivalents, and spits out a report of the results.

There's one hitch to MMAT when it comes to international users: The tool only works on the English names of Group Policy settings, which means that the system it runs on needs an English language pack. At this point, Microsoft recommends that users install English on a non-English system to work around that issue.

Windows Defender Advanced Threat Protection, which is designed to help find and contain security threats, is gaining support for custom security rules to protect against particular threats.

o365 secure score Microsoft

The Office 365 Secure Score tool provides users a graphical representation of how fully they've deployed the security tools at their disposal.

Office 365

Organizations using Office 365 can use a new Secure Score tool to benchmark their security. It analyzes an organization's configuration, then provides them with a score based on the security controls they have fully or partially deployed.

The feature also provides guidance on what Office 365 security features administrators could use that would improve the security of the organizations they work for. By default, the Score Analyzer first shows users features that provide the most security benefit with the least impact to users and then lets people drill down further from there.

While the score is a useful tool for giving organizations an at-a-glance view of their security practices, it will also have some practical considerations. The Hartford plans to use the Secure Score in evaluating customers that it's considering for cybersecurity insurance, Microsoft CISO Bret Arsenault said in a blog post.

Microsoft also announced the private beta of its previously-announced Office 365 Threat Intelligence service. That allows administrators to see information about the cybersecurity threats both inside and outside an organization.

For example, admins can see who in their organization is the most targeted for attack, along with general information about security threats, like how much bitcoin attackers usually request from a ransomware attack.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Office 365MicrosoftWindows 10

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Blair Hanley Frank

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?