Microsoft picks security for the enterprise win

The company has revamped its routine for supplying security patches and has unveiled data and system protections

Microsoft is betting that good security support will be key to keeping its enterprise customers from straying to rivals.

At the kickoff of the company's Ignite conference for IT professionals, Microsoft executives unveiled a number of advanced security services, and took jabs at competitor Google for not being as mindful of security.

"Google takes no responsibility to update their customers' devices, leaving end-users and businesses increasingly exposed every day they use their Android devices," said Terry Myerson, Microsoft's executive vice president of operating systems. "Google just ships a big pile of code, and then leaves you exposed with no commitments."

Microsoft is refining how it distributes security updates, starting with the upcoming releases of Windows 10 and Office 2016, Myerson said.

Right now, Microsoft sends out updates for Windows on the second Tuesday of each month, a routine called Patch Tuesday that touches over 858 million computers. Many consumer machines are configured to download and apply the patches automatically, and many enterprises control the update process using software such as Microsoft's System Center Configuration Manager.

With Windows 10, consumers can now get security updates as they are released from Microsoft, along with other updates and new features, resulting in a "steady stream of innovation every month," Myerson said.

Businesses will get a number of new options for handling security patches. They can opt into one of a set of "distribution rings." Some can choose to get their updates as soon as they arrive, or they can wait to see if any additional issues pop up with the patches, which has been a recurring problem with Microsoft patches of late.

Microsoft will also start offering the option to get only security updates, and not new feature updates, which can be handy for those mission-critical machines that organizations need to keep precisely configured.

Administrators can now specify when they want patches to be applied, so the patches aren't deployed during a busy time, or at night when some computers may be shut off. For those organizations with limited bandwidth, Windows 10 computers can share the updates with one another in a peer-to-peer network, rather than downloading patches for each machine.

In addition to updating the patching process, Microsoft also unveiled a number of new services to help better secure systems against data leakage and compromised identities.

A feature in Windows 10, Device Guard, limits the computer to running only those applications that have already been approved to run on that machine. This safeguard could prevent the user from unwittingly installing malware, thinking it came from an approved source.

Windows 10 is being outfitted with software to control the unauthorized copying of organizational data. A user can cut and paste information from an e-mail in the Outlook mail client into another organization-approved application, such as Word. But the user can not paste the data into an unapproved application, such as into a Twitter account.

Users can override the block, but only after they click through a dialog box; Windows 10 will log all these unapproved copying actions.

A service called Azure Rights Management Services which can further guard against corporate data leakage, was also made generally available. This service provides the ability to protect access to files even after they leave the individual computer.

It introduces a concept called self-protecting files, or files that retain information about how they can be accessed. Before sending a file to someone, a user can specify what permissions that recipient has with that file. The sender can specify, for instance, if that file can be forwarded to additional parties. The sender can revoke access to the document even after it is sent out. "The file becomes self-protecting," said Brad Anderson, Microsoft corporate vice president for enterprise client and mobility.

The administrator can also get statistics on the usage of the file, such as how many people read the document, how many of those were authorized, and the names of those who tried to open the document but who weren't authorized to do so.

Those using the company's Azure-based Active Directory service can take advantage of a new service, now in preview mode, that can identify anomalous sign-ins, or those attempted log-ins to the organization's system that probably don't originate from the employee.

If an employee signs into the network from Chicago at noon, and then again at 12:30 from North Korea, it is probably a safe bet that the second sign-in is not a legitimate one, explained Anderson. The service uses machine learning to correlate the immense number of log files in order to find these matches.

Another machine-learning-based service, called Microsoft Advanced Threat Analytics, can provide organizations with an easy way to identify network intruders. The offering, available as a preview starting Monday, is based on technology developed by Israeli startup Aorato, which Microsoft acquired in November.

Microsoft Advanced Threat Analytics can provide a timeline view of a series of activities that make up a single attack as they unfold across different system resources. It can show, for instance, someone using a brute-force attack to compromise a user account, and when that account is breached, the service can then follow subsequent actions on different machines, such as accessing content.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Microsoftsecuritydata breachencryptiondata protectionmalware

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?