Microsoft Enhances Security Measures in Purview, Entra, and Cloud Services with AI Technology
Microsoft Purview: Enhancing Data Security with AI
Microsoft is reinforcing the importance of data security in businesses through its enterprise platform, Purview. Recently, the company introduced new AI capabilities into Purview to assist customers in investigating and addressing data security incidents more efficiently following a breach. The latest features from Purview Data Security Investigations are currently in public preview, marking a significant advancement in Microsoft’s security offerings.
Introduction to Purview Data Security Investigations
One of the key features showcased was the Purview Data Security Investigations. This tool uses AI to analyze large volumes of data quickly, enabling organizations to start investigations promptly when they suspect a data security issue. According to Rudra Mitra, Microsoft’s corporate vice president, investigations can be initiated with predefined parameters regarding impacted data, thus saving security administrators considerable time.
During a demonstration, Microsoft illustrated how over 50,000 events could be analyzed quickly, enabling administrators to focus on specific categories. For example, events related to credentials and access were categorized distinctly, allowing for easier identification of risks. The functionality is designed to compile a report summarizing the findings, associated risks, mitigation strategies, and the rationale behind the assessment.
Visualization and Proactive Investigations
Purview Data Security Investigations offers the capability to visualize connections between affected users and their activities, allowing security teams to identify additional users or content that may require further investigation. Moreover, it can proactively search Microsoft 365 and other data sources for incident-related information, assisting organizations in enhancing their security posture effectively.
Addressing Shadow AI Risks
Another significant focus for Microsoft is the rise of “Shadow AI,” where a large percentage of employees (78% according to recent statistics) use personal, non-sanctioned AI tools for their tasks. To tackle this issue, Microsoft is enhancing its Entra identity management and Purview to mitigate the risks associated with unauthorized AI access.
One notable improvement in Entra is a web filter that allows administrators to set policies based on the user’s identity and role. For instance, separate policies can be configured for finance and research departments. These Entra enhancements are already available for users to employ.
In addition, new data security controls are being introduced for the Microsoft Edge browser. These controls aim to prevent sensitive information from being inadvertently uploaded to unauthorized AI applications. By detecting and blocking risky submissions in real-time, organizations can safeguard against potential data leaks more effectively.
Safeguarding AI Services
Microsoft is not only focused on securing data but also aims to protect AI services hosted in cloud environments. New functionalities within Microsoft Defender have been added to strengthen these protective measures. These updates help security teams identify, prioritize, and mitigate risks associated with AI applications through near-real-time detection and responses.
Moreover, Microsoft is broadening its AI Security Posture Management capabilities beyond Azure offerings, as it is now extending support to Google Vertex AI models, among others. This unified approach facilitates comprehensive security management across diverse cloud and AI model environments.
Case Study: Benefits of Microsoft Security Copilot
To illustrate the practical benefits of Microsoft’s security solutions, St. Luke’s University Health Network shared their positive experiences with Microsoft Security Copilot. This tool streamlines the data collection from various dashboards, helping teams quickly identify and respond to critical data alerts.
Krista Arndt, Associate Chief Information Security Officer at St. Luke’s, noted that the Security Copilot integrates seamlessly with Microsoft Defender and Sentinel, significantly enhancing operational efficiency. David Finkelstein, the Chief Information Security Officer, remarked that Security Copilot acts almost like an additional team member, aiding in strategic planning and gap identification within their security framework.
