Microsoft’s Ignite 2021 conference featured a host of announcements, from the new employee experience platform Microsoft Viva to the impressive, forward-looking Microsoft Mesh. Aside from the dazzling innovations, leaders at the conference also announced strengthened security protections in Azure Defender and Azure Sentinel. We covered some of our favorite overall announcements from this year’s Ignite in our last blog post. Now let’s look specifically at those made in regard to Azure Defender & Sentinel.
Azure Defender Improvements
The conference announcements on Azure Defender centered on new detection capabilities, the additional tool of workbooks, and improvements in Security Center alerts.
New Threat Detection Capabilities
Azure Defender for Servers now features additional capabilities in threat detection for Windows Server 2019 as well as the new Windows 10 Virtual Desktop (WVD), which is in preview. This extra detection is possible through integration with EDR technology in Microsoft Defender for Endpoint (MDE). Azure Firewall Manager has also been integrated into the Azure Security Center dashboard, to allow for more centralized and streamlined threat management.
The Security Center has a new area for workbooks. There you can find pre-made workbooks to help with things like system upgrades, vulnerabilities, or Secure Score. You can also create your own custom workbooks, with the aid of templates if needed. Leaders can then share these workbooks across the organization to communicate security status and insights.
Security Center Alerts
Managing alerts in the Security Center should be easier now, with the ability to preview alerts directly in the list and correlate them with MITRE ATT&CK tactics. There are also new capabilities to test configurations with sample alerts. And all alerts are integrated into the Azure Resource Graph, which queries at scale. Moreover, security Center alerts are now connected to Azure Sentinel’s incident tracking—which brings us to the additional Ignite announcements for Sentinel.
Azure Sentinel Announcements
With cyberattacks only becoming more advanced, Microsoft is responding with AI as well as the stronger integration between security tools. The pairing of Azure Sentinel with Defender allows for “the breadth of SIEM alongside the depth of XDR.” The two link together seamlessly now, so you can manage and update with just one login.
Here are some other new features in Azure Sentinel:
Over 30 new connectors have been released, making more than 100 when combined with previously available built-in connectors. Some of these were requested by customers, such as Cisco Umbrella and Salesforce Cloud. Here’s a complete list of the new connectors. There are also new Azure connectors in public preview, like Azure SQL, Kubernetes Service, and Key Vault.
Faster Incidence Response & Automation
Built-in Logic Apps connectors are expanding too, and so are automated playbooks. For example, newly released playbooks could enable automatic workflows that isolate endpoint devices with MDE or block suspicious IP addresses with Azure Firewall. These are some other things you can now do with enhanced automation rules:
- Specify conditions for when rules are applied
- Make pre-set actions run in sequence with Logic Apps playbooks
- Run multiple automation rules in sequence
Generally Available Notebooks
Last year’s Ignite conference brought a preview of Sentinel notebooks that were powered by Azure Machine Learning. Now these are generally available. Jupyter notebooks can be used and customized within the secure Azure environment of Sentinel. And Azure Machine Learning makes it easier to do this, with a new template that allows for machine learning among those with little experience.
Defender & Sentinel
Both Azure Sentinel and Defender (with Azure Security Center) have been in Forrester TEI studies and were found to bring more than 200% return on investment over three years. Now, with the two of them deeply integrated, they strengthen one another even more.
See other exciting news presented at Ignite 2021, like the innovative technology of Microsoft Mesh.