Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

05:50 PM
Connect Directly

Microsoft Ups Security of Azure AD, Identity

A roundup of Microsoft's recent security news and updates that focus on protecting identity.

Microsoft's latest security announcements have focused on securing Azure AD and Identity. Updates include stronger compromise prevention for Azure AD, a zero-trust business plan, and some changes to managing user authentication in Azure Portal.

Since it's a lot of news to work through, below is a recap of the highlights:

Related Content:

XDR 101: What's the Big Deal About Extended Detection & Response?

Building an Effective Cybersecurity Incident Response Team

New From The Edge: 5 Email Threat Predictions for 2021

The updated Azure AD compromise prevention system, released last week, still uses supervised machine learning but expands the features and process used to train the model. This model, Microsoft says, aims to provide more accurate risk assessments by flagging more suspicious activity while reducing the number of false alarms.

Its system pulls data from several sources including user behavior, threat intelligence, network intelligence, and device intelligence. Known good or bad sign-ins, called "labels," aim to help teach the algorithm how to differentiate between the two. All of this intelligence is used train new machine learning models, which are deployed to the Azure AD authentication service and used to evaluate 30 billion authentications daily, Microsoft reports. 

News of the Azure AD update arrived shortly after news of the SolarWinds breach began to make headlines. Reports indicate intruders used multiple attack vectors, one of which was distributing malware hidden in SolarWinds Orion network management software. The other, CISA reports, may have involved a multifactor authentication bypass, done by accessing a secret key from the Outlook Web App server. Late last week, Microsoft confirmed its network was breached. 

Earlier this month, Microsoft released a zero-trust business plan to provide guidance for organizations starting the zero-trust implementation process. The document, which includes lessons learned from leaders who oversaw zero trust adoption in their own environments, lays out the process of planning, implementing, and measuring success of a zero trust deployment.

Some of the new features we saw come from Microsoft in recent weeks include updates to managing user authentication methods in Azure Portal. The new UX design lets admins add, edit, and delete users' authentication phone numbers and email addresses. As authentication methods are released in coming months, they'll appear and be managed in the same interface. 

As part of usability improvements, Microsoft is simplifying how phone numbers are managed in Azure AD. Users now have two sets of phone numbers: a public number that is managed in the user profile and never used for authentication, and an authentication number managed under authentication methods and kept private. This will be available to all Directory-synced tenants by 2021.

Microsoft is also releasing new APIs to beta in Microsoft Graph. New authentication method APIs can be used to read and remove a user's FIDO2 security keys; read and remove a user's Passwordless Phone Sign-In capability with Microsoft Authenticator; and read, add, update, and remove a user's email address for Self-Service Password Reset.

Microsoft Authenticator will be updated with password management and autofill capabilities, which were made available for public preview last week. Authenticator will autofill passwords, which can be synced across mobile and desktop devices. Microsoft notes this is currently limited to Microsoft accounts and not for Azure AD-based work or school accounts. 

Azure AD Application Proxy, which provides secure remote access to on-premise applications, will now support more applications, including those that use headers for authentication such as Peoplesoft, NetWeaver Portal, and WebCenter, Microsoft announced earlier this month. The new support started in public preview on Dec. 1.

To connect a header-based authentication application to Application Proxy, users will need Application Proxy enabled in their tenant and have at least one connector installed, Microsoft says. Its full blog post on the announcement has additional steps. 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.