This post has been republished via RSS; it originally appeared at: Microsoft Security Blog.
It has certainly been another intense year. From the ongoing pandemic to the Great Reshuffle to economic uncertainty, it’s truly felt like the only constant is change.1 In this economy, many organizations are looking for efficiencies. This is putting pressure on security teams, along with everyone else. For many, this means fewer resources to work with, even though cyberattacks continue to escalate. So, what do you do? You find ways to do more with less.
Contrary to conventional wisdom, doing more with less doesn’t have to mean hardship, not if you change your mindset. Challenges can be an opportunity to go on the offensive and improve the performance of your organization without applying more resources.
At Microsoft Ignite last week, we shared our latest innovations to help you do more with less. In identity we introduced three new capabilities—a complete identity governance solution, certificate-based authentication (CBA), and workload identities. All of these are part of Microsoft Entra, the new identity and access product family we launched in early 2022. With the latest innovations, the Microsoft Entra product family includes:
- Microsoft Azure Active Directory (Azure AD), our flagship cloud identity product.
- Microsoft Entra Permissions Management, our Cloud Infrastructure Entitlement Management product.
- Microsoft Entra Verified ID, our Decentralized Identity product.
- Microsoft Entra Identity Governance, our complete Identity Governance product.
- Microsoft Entra Workload Identities, our product that brings advanced security and governance to non-human identities.
We also explored three strategies that Microsoft Entra solutions can help you employ to strengthen security, improve efficiencies, and lower overall costs:
- Consolidate point solutions and vendors to eliminate whatever’s unnecessary.
- Make the most of what you already own to maximize your return on investment (ROI).
- Adopt the latest security innovations to protect against evolving threats.
Consolidate point solutions and vendors
Consolidation requires evaluating the tools you’re using and the value you’re getting from them. It starts with asking yourself some basic questions: Do your current tools protect your entire infrastructure? Can you retire redundant tools in your environment?
We often hear from customers that traditional identity governance point solutions don’t scale to complex cloud and hybrid environments and require integration with access management tools. We know that having an identity governance solution that meets the needs of modern environments and hybrid work is critical.
At Ignite, we announced that Microsoft Entra Identity Governance—a complete identity governance solution—is now in preview. This cloud-delivered service includes capabilities that were already available in Azure AD, plus more advanced tools that simplify identity management and governance. New capabilities in Microsoft Entra Identity Governance include:
- Lifecycle Workflows, which is entering preview. You can use this feature to customize workflows and automate repetitive tasks, such as onboarding new employees and cleaning up when employees leave.
- Separation of duties, which is now generally available as part of the entitlement management feature. This capability automates checks and other controls to ensure that identities don’t get excessive access. For example, requiring more than one person to be involved in a transaction reduces the risk of fraud.
- Connection back to on-premises. Microsoft Entra Identity Governance also supports provisioning to your on-premises applications. You can migrate easily from Microsoft Identity Manager by reusing your existing connector configuration.
Make the most of what you already own
Another crucial strategy for cutting costs and creating efficiencies is to extract more value out of the solutions you already own. This is an easy path to quick wins, especially if you reduce your legacy on-premises footprint in the process.
Hundreds of thousands of organizations worldwide already own Azure AD. But we often find that customers don’t recognize its full potential and therefore maintain unnecessary on-premises identity infrastructure.
We continue to expand Azure AD capabilities with last week’s announcement that certificate-based authentication (CBA) is generally available in Microsoft Entra. Adding CBA to Microsoft Entra removes the last major blocker for those of you who want to move authentication to the cloud.
In addition to CBA, we announced several capabilities that will help make phishing-resistant multifactor authentication (MFA) a reality. With the upcoming Conditional Access authentication strength preview, you’ll be able to require the use of phishing-resistant MFA. For example, your policy can require phishing-resistant MFA, and, for accessing very sensitive apps or data, require additional authentication with a FIPS FIDO2 security key. This will work for any user account, including business-to-business (B2B) guests, in any tenant and across all Microsoft clouds. The upcoming authentication method policy enhancements will help you turn off phishable methods, such as text messages, at your own pace.
These new phishing-resistant MFA capabilities are critical for all customers, but especially those in regulated industries, such as United States federal agencies that must deploy phishing-resistant MFA to comply with the White House Executive Order on cybersecurity. Find more information on these and other recently released features for Azure Government.
You can also make the most of your solutions by modernizing your identity infrastructure and moving all application authentication from Active Directory Federation Server (AD FS) to Azure AD in Microsoft Entra. This will give your users all the benefits of Microsoft Entra, including single sign-on, Conditional Access, and Identity Protection.
We know that moving off AD FS is not as simple as flipping a switch, but it’s become a primary attack vector, so the time to modernize is now. To simplify migration off AD FS, we’ve delivered a robust set of self-serve and partner-led assessment and planning tools. In the past year, we’ve also added more than 20 capabilities to ensure that anything you can do with AD FS, you can do with Azure AD.
Adopt the latest security innovations
Consolidating your identity solutions and making the most of your tools will certainly help you do more with less in the near term. But cyberattacks are always evolving, so how will you stay ready? As the saying by Benjamin Franklin goes, “An ounce of prevention is worth a pound of cure.” In the security realm, this means investing in systems that will stay ahead of evolving attack vectors.
One evolving area is workload identities. Identity systems were designed to manage human identities, but workloads also need to be authenticated and authorized. To access cloud resources and communicate with other workloads, they need identities that must be secured and managed.
A study conducted by CyberArk this year found that 68 percent of workloads have access to sensitive data and assets.2 This is a huge problem. In the past three years, the number of workload identities in Microsoft Entra has more than tripled. Non-human identities now outnumber human identities 5 to 1 and will outnumber them 20 to 1 within five years.
At Ignite, we announced that Microsoft Entra Workload Identities will be generally available in November 2022. This solution will help secure your workloads by extending advanced capabilities such as Conditional Access and Identity Protection to non-human identities.
This new addition to the Microsoft Entra family helps you control access, detect risks, and simplify the access lifecycle for workloads with less predictable behavior patterns using the same familiar system, user interface (UI), and framework.
Now you can strengthen your defenses by applying Zero Trust principles to workloads.
Now do more, with less
Although doing more with less can be a challenge, it has become our new normal. On every step of our shared journey, we’re committed to giving you the tools and resources you need to secure your organizations. In the meantime, I encourage you to consider the strategies described in this blog to strengthen your defenses while improving efficiencies.
Even in this tough environment with so many challenges, I’m confident you’ll achieve amazing results. And I hope that the innovations in Microsoft Entra will help you to secure access to everything for everyone.
To learn more about our recent announcements, watch my Ignite session.
Learn more about Microsoft Entra.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Streamlining employee onboarding: Microsoft’s response to the Great Reshuffle, Joy Chik. May 31, 2022.
2CyberArk 2022 Identity Security Threat Landscape Report, CyberArk. 2022.
The post Do more with less—Discover the latest Microsoft Entra innovations appeared first on Microsoft Security Blog.