At RSA Conference 2015 this morning, Scott Charney, Microsoft's Corporate Vice President, Trustworthy Computing, discussed several new security features that give Microsoft cloud customers’ greater transparency and control over their data in the Microsoft cloud.
Charney announced enhanced activity logs of user, admin and policy related actions, which Microsoft's customers and partners can tap into and use as Security and Compliance signals through the new Office 365 Management Activity API. The API can be built into solutions for monitoring, analysis and compliance assurance. The solutions built with this API will provide organizations with greater visibility into actions taken on their content, for example alerting them to potential security threats and compliance concerns.
The new API will be released this summer as part of a private preview program.
For the purpose of maximizing data security and privacy, Microsoft has also engineered the Office 365 service so that a majority of service operations are fully automated requiring no human interaction. By the end of this year, But for cases where a Microsoft engineer needs to help, Microsoft will enable a new Customer Lockbox for Office 365, which will bring the customer into the approval loop so that they can approve or reject a Microsoft engineer’s request to log into the Office 365 service.
In addition, Charney talked about the Windows 10 Device Guard, which will enable the Windows desktop to be locked down in a way that makes it incapable of running anything other than trusted apps. This protection is even resilient against an attacker or malware that has gained full system privilege.
Today, Office 365 encrypts customer content at rest and in transit. In 2014, Microsoft implemented content level encryption with per-file encryption in SharePoint Online and OneDrive for Business. In the coming months, Office 365 will implement content level encryption for email in addition to the BitLocker encryption we offer today. In addition, Microsoft is working on additional security features that build upon these content level encryption enhancements. In 2016, Charney said that expects that Microsoft's customers will be able to require Microsoft to use customer generated and controlled encryption keys to encrypt their content at rest. Should a customer choose to leave the Office 365 service, these encryption keys provide them the ability to fully revoke Microsoft’s access by leaving their content in an inaccessible state.
In addition, in the coming months, several Azure services and Microsoft's partner solutions will be announcing integration with Key Vault for encryption-at-rest, and securing passwords and other secrets. Charney also said that Barracuda, Check Point, Fortinet, Websense, Palo Alto Networks, F5 and Alert Logic plan to enable a variety of appliances such as load balancers, WAN optimizers and network security appliances in Azure.
Microsoft announced at WinHec two new identity related features that will be coming to Windows 10. Microsoft Passport, is a new two factor authentication designed to help consumers and businesses securely log-in to applications, enterprise content and online experiences without a password. In addition, the commpany announced Windows Hello, which provides instant access to your devices and your Microsoft Passport through biometric authentication – using your face, iris or fingerprint to unlock your devices – with technology that is much safer than traditional passwords.