Microsoft has launched a host of new security features to its Azure cloud services, including the Microsoft Entra External ID and open access to GitHub Advanced Security for Azure DevOps.
The announcement was made at the Microsoft Build 2023 event.
By integrating directly into Azure Repos and Azure Pipelines, GitHub Advanced Security for Azure DevOps offers the same powerful developer security features found in GitHub Advanced Security.
These include secret scanning, dependency scanning, and CodeQL code scanning capabilities, which are already offered within GitHub Enterprise—a version specifically tailored for large-scale software development and collaboration in enterprise environments.
The Microsoft Netra External ID is customizable and filled with options to control access to resources from external identities.
“With Microsoft Entra External ID, customers are better able to define the right level of access for any external users, govern identity lifecycles and establish effective access controls for customers and partners,” Microsoft Security Team told The Cyber Express in an email interview.
“The product helps users to prevent threats as it makes it easy for any app development teams to embed identity security to any application or any customer experience.”
Compliance and security with Microsoft Security
Microsoft Entra
The Microsoft Entra External ID will feature strong authentication and a granular access policy to protect customers and partners from unauthorized access.
With control access options for external users, Microsoft Entra would help govern the identity lifecycle and assign effective access controls. It will be easy, and intuitive for a good user experience, the Microsoft blog read.
Developers will have better features to embed identity security on any application.
“Please note that there is no action for our current Azure AD business-to-consumer (B2C) customers required at this time as the next generation platform is currently in early preview only,” wrote Joy Chik, President, Identity & Network Access at Microsoft.
Besides access management, Microsoft Entra will bolster security with the following features –
- Verified ID Digital Wallet SDK to help verify credentials and automate the identity validation process. Users will be able to integrate this feature into their mobile devices.
- Microsoft Purview Information Protection will help automate data classification, labelling, and protection on multiple platforms. Sensitive data including trade secrets, material non-public information, and sensitive health and medical files will find refined security. With over 35 pre-trained classifiers, it will be faster to identify and protect personally identifiable information among other data for GDPR compliance.
- Microsoft Graph APIs for Microsoft Purview eDiscovery will enable the automation of litigation and investigation workflows for compliance.
Microsoft sessions, as part of the Microsoft Build 2023, are in progress at the time of writing this report.
Customization between the new and old features
In a explainer video, Senior Product Manager Namita Singh and Senior Program Manager Yoel Horvitz at Microsoft addressed the customer identity (CIAM) capabilities in Microsoft Entra.
“External Identities in Microsoft Entra supports CIAM and B2B applications so you can leverage beloved B2C features like customization, security, and extensibility in a familiar but new platform,” he said.
B2B collaboration will not be affected by the new Microsoft Entra admin portal. Users will be able to collaborate for partner identity scenarios as usual and no action would be required from the current Azure AD business-to-consumer customers.
Microsoft sessions, as part of the Microsoft Build 2023, are in progress at the time of writing this report.
Announcements made during the Microsoft Build 2023
The announcement of the integration of ChatGPT with Bing hogged the limelight at the event.
“ChatGPT will now have a world-class search engine built-in to provide timelier and more up-to-date answers with access from the web,” Satya Nadella said in his keynote speech at the event.
Copilot will be on Windows, which will make it the first PC platform with centralized AI assistance. This feature will offer help with content management including rewriting and explaining passages.
Microsoft Fabric with its end-to-end data analytics will provide integrated and modern analytics solutions. To fetch natural language, Microsoft integrated Copilot into Microsoft Fabric.
Developers will have options to use a single platform to build plugins that are compatible with ChatGPT, Bing, Microsoft 365 Copilot, and more. This will make work easier for collaboration between consumers and businesses.
The Azure AI Studio will allow companies to create individual ChatGPT-like platforms with user-defined texts, images, and information.
The upgrades will focus on Secure Software Supply Chain Framework (S2C2F) to provide safety from malicious content. The session about patching vulnerabilities will cover details about faster patching of vulnerable components and improving one’s open-source software consumption practice.
“According to Sonatype’s 2022 State of the Software Supply Chain report, supply chain attacks targeting OSS have increased by an average of 742 percent each year for the past three years,” wrote Microsoft’s Joy Chik.
