According to Microsoft, there are more than 400 million active users of its Windows 10 operating system worldwide. Estimates have the number of MS Office 365 users at 180 million. In addition to the productivity features that have led to this success, Microsoft Security has put a strong focus on cyber security technology as threats have increased exponentially in recent years. Frequent software updates fix vulnerabilities and issues as they’re discovered. But the company is also looking forward and outward in an effort to prevent cyberattacks and minimize cyber security risk. This post focuses on some of the initiatives the company is involved in beyond actual product development and touches on some product security improvements.
Building Global Policy Leadership
Taking the 50,000-foot view, Microsoft supports the efforts of nation states to local governments around the world to create policies necessary to eradicate – or at least minimize – cyber security risk. It established a Cybersecurity Policy Team to bring its technical expertise to policy makers and legal experts to help their efforts to create effective policy strategies.
Microsoft is also working with Fast IDentity Online Alliance (FIDO), a global organization developing open standards for authentication – that is, biometric and other password-free methods of user authentication. Through the Cybersecurity Tech Accord, which MS helped to establish, it is engaging in productive ‘digital sandboxing’ – an agreement among technology companies to share information in defense of all customers. Via Microsoft Philanthropies, it provides cyber security resources and guidance to non-profits.
To protect US elections, the company has created the Defending Democracy Program, which protects electoral integrity from cyber-attacks. It expanded the program in August 2018 with the launch of the Account Guard initiative. According to its blog post on this service:
“Microsoft AccountGuard is open to all current candidates for federal, state and local office in the United States and their campaigns; the campaign organizations of all sitting members of Congress; national and state party committees; technology vendors who primarily serve campaigns and committees; and certain nonprofit organizations and nongovernmental organizations. Microsoft AccountGuard is offered free of charge. Organizations must be using Office 365 to register.
AccountGuard will provide notification about cyberthreats, including attacks by known nation-state actors, in a unified way across both email systems run by organizations and the personal accounts of these organizations’ leaders and staff who opt in.”
At the Microsoft partner level, it has established its Intelligent Security Association to provide partners simpler security solutions and integrations for their customers.
Microsoft Product Security Highlights
Windows 10 and Microsoft Office 365 have numerous cyber security protections built-in. Following are some highlights.
- Windows Defender Antivirus – Real-time updates and ransomware alerts in addition to other threat notifications.
- Windows Firewall
- Windows Defender SmartScreen – Built into the Edge browser to help prevent cyber attacks.
- Find My Device – In case of los, can track your device before it falls into the wrong hands.
- Office 365 Advanced Threat Protection, Microsoft Cloud App Security, and Office 365 Threat Intelligence – Features that apply analytics and intelligence to prevent threats such as phishing and 0-day attacks.
- Azure Active Directory Identity Protection, Azure Advanced Threat Protection, and Microsoft Cloud App Security – Features that block malicious logins, detect and lock down threats.
- Microsoft Intune – Provides secure mobile device management (MDM).
- More depending upon version level.
If you follow this blog, you’ll know that user education is always top-of-mind here at Soundshore Technology Group. At the risk of repetition, it’s uneducated users at every level that are the greatest threat to cyber security, regardless of how robust your network protections are. In the interest of cyber security education, Microsoft’s middle name may be ‘Content’. In researching this post, we found Microsoft-produced ebooks for virtually every constituent mentioned herein - from nations to city governments to law enforcement to partners to end-users.
Much of the global, national and organizational level content is dedicated to issues identification and ideas for collaborative solutions. For businesses and end users, it’s important to remember that Microsoft is an enterprise with products to sell. Microsoft’s website is not that simple to navigate for the kind of educational material that will help you steer clear of cyber threats. For that reason, as an MS partner, we’ve made cyber security training an important offering to our clients.
Regardless of built-in cyber security features, you would do well to enlist a cyber security specialist team, whose business it is to assess and identify weaknesses in your environment, fix the problems and teach staff and management how to avoid them before they arise.
If you’d like to speak with Soundshore Technology Group’s cyber security experts send an email to firstname.lastname@example.org. We’ll be happy to help. While you’re here, please take a look at our full array of cyber security services.