Microsoft touts new security capabilities with Enterprise Mobility Suite

Microsoft is targeting the enterprise with its new security capabilities in its Enterprise Mobility Suite, which it touted at Microsoft Ignite on the Gold Coast today.

The vendor's corporate VP of enterprise client and mobility, Brad Anderson, gave a run down of its telemetry, data loss prevention policies, and machine learning and threat detection.

Microsoft has introduced telemetry data as part of its Mobility Suite, where enterprises can see where, when, who and on what device a document was accessed. It also shows if someone has failed to access a rights management sharing (RMS) protected document.

“Interestingly, there was nine times that this individual tried to open up a document and didn't have rights to open a document. Now of course the document wasn't opened, it was protected, but I find it super interesting where I can see the telemetry [data] now on how [many times] the document has been used,” Anderson said when demonstrating the capability.

“I can also get a map that will show me where in the world people are viewing this particular document. Green is a successful open and orange is an unsuccessful open,” he added.

Azure Active Directory, as part of the Mobility Suite, also delivers telemetry data to customers and reports users' access to and activities with corporate data.

“It's showing me a report where a user logged in at two different physical locations with timestamps that are impossible. Jenifer logged in at New York, and then 4.5 hours later logged in at Bangkok. Unless she has figured out some kind of time travel, that's impossible.

“Also, we are seeing that Jenifer's device is communicating with an addresses that is known to be affected so we believe Jenifer's device is also affected. And Jenifer signed on from a hidden IP address and there's no reason why a user would sign on from a hidden address,” Anderson said.

Data loss prevention policies have also been introduced to prevent users from saving documents in non-approved locations such as their personal Drop Box, and to apply different rules on data accessed from personal drives or accounts and corporate accounts.

“What we are trying to do here is help users who use our applications for personal life and business life be able to manage and protect corporate data.”

Microsoft has also built in a capability to its Mobility Suite that stops the contents of a corporate document being copied and pasted into an email that does not contain a corporate email address.

“It understands what is personal content and what is corporate content and it guides the user to only share the corporate content in the corporate [environment].”

However, this won't stop a user from first copying and pasting into their corporate email and then forwarding onto someone outside of their organisation or their personal email.

It also won't prevent a user from taking a photo of the contents of a document on screen and then leaking it to outsiders. Anderson said the capability is more about safeguarding workers who have good intentions but make security mistakes.

Another new capability that's part of the Mobility Suite is Advanced Threat Analytics, which uses machine learning to detect unusual user behaviour and potential threats.

“If it sees anything that deviates from the norm, it'll flag it or bring it to your attention. We see that the user account is accessing resources, servers and others people's devices he doesn't normally access. The machine learning capability is saying it is seeing something unusual going on here.”

Microsoft is also allowing Mobility Suite customers to open RMS protected documents on their iOS or Android device.

“For the first time, the principle and the foundation for the way organisations protect their corporate data using RMS is now supported on various platforms.”