An early access program for Security Copilot. New bring-your-own-detections capabilities for Purview Insider Risk Management. And general availability for Mobile Threat Defense for stand-alone Defender for Business users.
These are some of the biggest security announcements to come out of Microsoft Inspire 2023, the Redmond, Wash.-based vendor’s annual partner-focused event.
Inspire runs online from Tuesday to Wednesday.
Microsoft is recruiting more managed extended detection and response (MXDR) partners alongside first-party offerings to meet increased demand for remote threat disruption and containment capabilities, according to the vendor. Microsoft expects that by 2025, 60 percent of organizations will use that technology, up from 30 percent currently.
The vendor even has a Microsoft Engineering Verified MXDR Solution status that started last year.
Security partners of Microsoft have seen “a significant increase in their business,” according to the vendor. Partners have seen 14 percent growth year over year while partners focused on SMBs have seen “even more dramatic demand”—37 percent market expansion this last year.
And Microsoft will increase overall investments for security partners by about 50 percent this coming year, according to the vendor.
That growth is unsurprising when 82 percent of ransomware attacks target small businesses, according to Microsoft. SMBs typically lack internal security specialists, hence the importance of solution providers. The number of Microsoft-detected password attacks has more than tripled in the past 12 months, from 1,287 per second to more than 4,000 per second. Total losses grew almost 50 percent from 2021 to 2022, from $6.9 billion to more than $10.2 billion last year.
Other security news out of Microsoft Inspire 2023 include:
*A new integration with Blackpoint Cyber
*Graph APIs for Defender Threat Intelligence should allow for easier exporting and data ingestion
*The Microsoft Graph eDiscovery Export API Is now generally available (GA)
Read on for the biggest security announcements out of Inspire 2023.
Security Copilot Updates
In the fall, Microsoft will open an early access program for Security Copilot, which leverages generative AI from GPT-4, the latest version of the OpenAI Large Language Model that is available in applications such as the massively popular ChatGPT chatbot.
Partners and customers who use the Microsoft Defender for Endpoint enterprise networks security platform will get the invitation to join early access, according to the vendor.
Security Copilot works with first- and third-party tools, according to the vendor. Microsoft plans to expand the program as time goes on.
Microsoft also launched a Security Copilot design advisory council for MSSPs and ISVs to work with the vendor on building related products and services.
The group is separate from the Microsoft Intelligent Security Association (MISA), which is also made up of MSSPs and ISVs who receive co-marketing resources and additional access to product teams for integration, among other benefits, according to the vendor.
The design advisory council has a limited number of spots. Partners waiting for Security Copilot—now in preview—to become GA can help customers deploy the Microsoft Sentinel cloud-native security information and event management (SIEM) platform in the meantime.
Microsoft unveiled Security Copilot in March.
New Defender for Business Features
Defender for Business gained a new feature for streaming APIs.
The feature is in preview for stand-alone Defender for Business and part of the Microsoft 365 Business Premium plan.
Streaming APIs can help partners with advanced hunting and attack detection, according to the vendor. The feature should help partners who want to build their own Security Operations Center (SOC) or managed detection and response (MDR) service.
Microsoft also made Mobile Threat Defense for standalone Defender for Business users GA. The feature extends mobile protection to smaller users.
Defender for Business users gained a monthly summary report feature that helps security solution providers show their value to customers with threats prevented, current Microsoft Secure Score status and recommendations, according to the vendor.
Microsoft Purview Innovations
Microsoft unveiled a series of updates for tools under the Microsoft Purview banner.
Purview Insider Risk Management has new bring-your-own-detection capabilities for partners to help customers with custom indicators, according to the vendor. Partners can bring in detections from non-Microsoft sources, such as Salesforce and other CRM platforms plus developer tool platforms.
The Microsoft Graph eDiscovery Export API is now GA, according to the vendor. The API should help with scripting-enabled eDiscovery exports for external applications and partners.
Confidential and highly sensitive Excel files labeled and protected with Purview Information Protection keep protections even after imported into Power BI datasets and reports.
Microsoft also extended labeled and encrypted documents with user-defined permissions to SharePoint and OneDrive. And owners of Word, Excel and PowerPoint documents can define permissions for people with access to shared, encrypted sensitive documents through the co-authoring feature.
And Purview Data Loss Prevention now has the ability for security teams to prevent users from pasting sensitive data to specific websites or web applications through policies.