This post has been republished via RSS; it originally appeared at: Office 365 Blog articles.
Months into COVID-19, businesses are beginning to realize that there can’t be a trade-off between productivity and security. Productivity is a part of the security story, and security is central to productivity. Building on secure productivity, the latest innovations for Microsoft 365 Apps, such as Safe Documents* and Application Guard,** help organizations protect information and identities, detect threats earlier, and better adhere to compliance standards, enabling IT to focus on strategic initiatives rather than daily administration. Read on about these latest capabilities and join us at Microsoft Ignite 2020 to learn more.
Keeping users secure by default
We’re excited about the upcoming release of Antimalware Scan Interface (AMSI) integration for Excel 4.0 (XLM) macros. AMSI is an open interface available on Windows 10 for applications to request, at runtime, a synchronous scan of a memory buffer by an installed antivirus or security solution. Microsoft Defender for Endpoint leverages AMSI and machine learning to combat script-based and file-less threats. Now, Office and AMSI integration help protect against script-based malware. The new Excel integration with AMSI is made up of three parts: (1) logging macro behavior, (2) triggering a scan on suspicious behavior, and (3) stopping a malicious macro upon detection. When malicious activity is detected, the user is notified by Excel, and the application session is shut down to avoid any further damage. This can stop an attack in its tracks, protecting both the device and user.
Securing applications without affecting productivity
With remote work driving the disappearance of the enterprise perimeter, IT needs a way to secure applications without affecting user productivity. Security Policy Advisor analyzes how individuals use Microsoft 365 Apps for enterprise and then recommends specific policies to boost an organization’s security profile. These recommendations are based on Microsoft's best practices and information about an organization’s existing environment. Using Security Policy Advisor, IT admins can:
- View intelligent security policy recommendations based on Office app feature usage and understand before the policy is changed how groups and specific users will be impacted, giving them greater confidence in choosing policies that are right for their environment.
- Monitor policy health to evaluate the impact on user productivity, highlighting areas worth attention and changes that may be needed.
Enabling protected access to untrusted files
Although Protected View helps secure documents originating outside an organization, users often dismiss Protected View without considering if a document is safe, leaving them vulnerable to malware. Similarly, users may choose to remove Application Guard protection without properly considering if a document is safe. Safe Documents is a feature in Microsoft 365 E5 or Microsoft 365 E5 Security that uses Microsoft’s deep knowledge of threats and brings it to the desktop. When an IT admin enables Safe Documents for their tenant, untrusted files that open in Protected View or Application Guard go through an additional flow where the document is uploaded and scanned by Microsoft Defender for Endpoint.
Safe Documents detected that a user had opened a malicious file and prevents them from exiting the Protected View container
Safe Documents takes away the guesswork by automatically verifying those documents against the latest known risks and threat profiles before allowing users to leave a protected environment like the Protected View or Application Guard. Learn more about Application Guard for Office and Safe Documents.
Microsoft 365 Apps will let you know when an untrusted file is being opened with Application Guard.
Microsoft 365 Apps indicates the file is from an untrusted source, then you can edit the file in the secure container that's isolated from the rest of your data through hardware-based virtualization.
We’re excited to share the security capabilities we’ve been working on for Microsoft 365 Apps at this year’s Microsoft Ignite, watch the on-demand session to learn more. We look forward to hearing your feedback so we can make improvements that continue to keep users secure no matter where they are. Join our experts for the Ask Microsoft Anything session on October 14, 2020, at 9 am PT for any questions you have about security improvements, servicing, and deployment of Microsoft 365 Apps.
Safe Documents and Application Guard are available to participating organizations that have Microsoft 365 E5 or Microsoft 365 E5 Mobility + Security licenses.
*Safe Documents is generally available today.
**Application Guard is currently in Public Preview.