Join us this episode as we talk with Angela Brown. Continuing our Passion to Profession month.
Show Notes/Links
Angela’s LinkedIn profile: https://www.linkedin.com/in/angsec/
Partner training on CfS: Copilot for Security (microsoft.github.io)
Microsoft 365 Message Center Archive (merill.net) – M365 updates (including security updates)
https://merill.net
– Awesome site and blog for Entra and AD tools and news
Entra ID has announced a new User Risk detection focused on Attacker in the Middle (AiTM). Click Here to Learn More.
Microsoft Research Published a blog about AiTM, describing architecture patterns that step in to block this using defense in depth strategies. Here is the blog
The NIST Zero Trust Implementation Guide featuring Microsoft’s Security Capabilities. This is the first industry wide effort that provides customers with a guide on how to implement Zero Trust security from a trusted “neutral” source (NIST) that tries to showcase how to implement the user cases using the different security vendors out there. Microsoft’s Security products featured prominently and we now have this beautiful mapping that shows that our products across the division can truly cover almost all the required capabilities to satisfy NIST’s requirements. Microsoft security partnered with NIST to announce the publication on our own blogs:
Smoother Zero Trust with Microsoft and NIST | Microsoft Security Blog
And this is the full picture blessed by NIST:What is this effort?
Since early 2022, I have a lead a team of Zero Trust implementation experts across CXE, DSR and PG to collaborate with NIST’s NCCoE on this publication. After initial reception to their proposed Zero Trust reference architecture was mixed, NIST sought out this lab to make the architecture real by showing how it can be implemented. The lab featured over 20 of the most impactful security vendors in the industry. The lab organized the vendors into four “enterprises” each one showcasing a mix of different vendors and trying to implement the same use cases. We were able to both showcase our own capabilities for Microsoft Security as well as show that we play well with others as our “Enterprise 3” features Lookout, Forescout, Appgate and F5, for example.
Why is this important?
NIST’s Zero Trust Reference Architecture is likely to be the blueprint used by other organizations and regulatory bodies to guide enterprise customers in how to deploy Zero Trust Access and security end to end. Having Microsoft represented shows our thought leadership as well as our desire to play well with others.
Having all our capabilities on full display helps customers who decide to with the better together Microsoft story build the comfort that our suite of products covers all if not most of their needs.
We were also able to influence many of the use cases themselves and add to them to showcase capabilities unique to the Microsoft story or better with the Microsoft story. For example, authentication context, authentication strength, access revocation and data security use cases were all added based on our feedback.
Microsoft Security Insights Show Episode 222 - Angela Brown