Microsoft Inspire 2023: The Biggest Security News

Microsoft Inspire 2023 news included updates for Security Copilot, Microsoft Defender, Purview and Sentinel.

An early access program for Security Copilot. New bring-your-own-detections capabilities for Purview Insider Risk Management. And general availability for Mobile Threat Defense for stand-alone Defender for Business users.

These are some of the biggest security announcements to come out of Microsoft Inspire 2023, the Redmond, Wash.-based vendor’s annual partner-focused event.

Inspire runs online from Tuesday to Wednesday.

Microsoft Inspire 2023 Security News

Microsoft is recruiting more managed extended detection and response (MXDR) partners alongside first-party offerings to meet increased demand for remote threat disruption and containment capabilities, according to the vendor. Microsoft expects that by 2025, 60 percent of organizations will use that technology, up from 30 percent currently.

The vendor even has a Microsoft Engineering Verified MXDR Solution status that started last year.

Security partners of Microsoft have seen “a significant increase in their business,” according to the vendor. Partners have seen 14 percent growth year over year while partners focused on SMBs have seen “even more dramatic demand”—37 percent market expansion this last year.

And Microsoft will increase overall investments for security partners by about 50 percent this coming year, according to the vendor.

That growth is unsurprising when 82 percent of ransomware attacks target small businesses, according to Microsoft. SMBs typically lack internal security specialists, hence the importance of solution providers. The number of Microsoft-detected password attacks has more than tripled in the past 12 months, from 1,287 per second to more than 4,000 per second. Total losses grew almost 50 percent from 2021 to 2022, from $6.9 billion to more than $10.2 billion last year.

Other security news out of Microsoft Inspire 2023 include:

*A new integration with Blackpoint Cyber

*Graph APIs for Defender Threat Intelligence should allow for easier exporting and data ingestion

*The Microsoft Graph eDiscovery Export API Is now generally available (GA)

Read on for the biggest security announcements out of Inspire 2023.

Security Copilot Updates

In the fall, Microsoft will open an early access program for Security Copilot, which leverages generative AI from GPT-4, the latest version of the OpenAI Large Language Model that is available in applications such as the massively popular ChatGPT chatbot.

Partners and customers who use the Microsoft Defender for Endpoint enterprise networks security platform will get the invitation to join early access, according to the vendor.

Security Copilot works with first- and third-party tools, according to the vendor. Microsoft plans to expand the program as time goes on.

Microsoft also launched a Security Copilot design advisory council for MSSPs and ISVs to work with the vendor on building related products and services.

The group is separate from the Microsoft Intelligent Security Association (MISA), which is also made up of MSSPs and ISVs who receive co-marketing resources and additional access to product teams for integration, among other benefits, according to the vendor.

The design advisory council has a limited number of spots. Partners waiting for Security Copilot—now in preview—to become GA can help customers deploy the Microsoft Sentinel cloud-native security information and event management (SIEM) platform in the meantime.

Microsoft unveiled Security Copilot in March.

New Defender for Business Features

Defender for Business gained a new feature for streaming APIs.

The feature is in preview for stand-alone Defender for Business and part of the Microsoft 365 Business Premium plan.

Streaming APIs can help partners with advanced hunting and attack detection, according to the vendor. The feature should help partners who want to build their own Security Operations Center (SOC) or managed detection and response (MDR) service.

Microsoft also made Mobile Threat Defense for standalone Defender for Business users GA. The feature extends mobile protection to smaller users.

Defender for Business users gained a monthly summary report feature that helps security solution providers show their value to customers with threats prevented, current Microsoft Secure Score status and recommendations, according to the vendor.

Microsoft Purview Innovations

Microsoft unveiled a series of updates for tools under the Microsoft Purview banner.

Purview Insider Risk Management has new bring-your-own-detection capabilities for partners to help customers with custom indicators, according to the vendor. Partners can bring in detections from non-Microsoft sources, such as Salesforce and other CRM platforms plus developer tool platforms.

The Microsoft Graph eDiscovery Export API is now GA, according to the vendor. The API should help with scripting-enabled eDiscovery exports for external applications and partners.

Confidential and highly sensitive Excel files labeled and protected with Purview Information Protection keep protections even after imported into Power BI datasets and reports.

Microsoft also extended labeled and encrypted documents with user-defined permissions to SharePoint and OneDrive. And owners of Word, Excel and PowerPoint documents can define permissions for people with access to shared, encrypted sensitive documents through the co-authoring feature.

And Purview Data Loss Prevention now has the ability for security teams to prevent users from pasting sensitive data to specific websites or web applications through policies.

Microsoft Defender News

News for tools and services within the Microsoft Defender umbrella include the new managed service Microsoft Defender Experts for XDR.

Microsoft Defender Experts for XDR promises customers step-by-step guidance to respond to incidents, according to the vendor. Customers can also receive expertise when needed and stay up to date on emerging threats.

A new Open App Connector Platform for Microsoft Defender for Cloud Apps aims to make plug-ins easier for partners. New API connectors include the public preview of Asana and Miro. GA posture management capabilities for DocuSign, Citrix, Okta and GitHub are also part of the update.

Microsoft has now made the settings management feature a native embed in Microsoft Defender for Endpoint for Windows, Linux and macOS. The vendor promises that this removes dependencies on Microsoft Intune, with users no longer needing to switch portals.

Graph APIs for Defender Threat Intelligence should allow for easier exporting and data ingestion to Defender, Sentinel and third-party applications, according to Microsoft.

And Microsoft Defender External Attack Surface Management’s data connector aims to allow for standard live dashboard development and longer-term reporting through Power BI, according to the vendor.

Microsoft Sentinel Budgeting

For partners in conversation with customers around Microsoft Sentinel adoption, the vendor has changed the SIEM’s price to include the Azure Monitor Log Analytics price.

The price now ranges from a pay-as-you-go $4.30 per GB ingested to $11,550 a day for 5,000 GB a day.

The pricing rolls out to all regions this month. New Microsoft Sentinel workspaces are automatically on simplified pricing. Existing workspaces are unchanged until users move to the simplified price plan in the portal.

A 31-day free trial offer for new and existing workspaces that enable Microsoft Sentinel is also running. The offer is for free ingestion of up to 10 GB a day of Sentinel and Log Analytics, according to the vendor.

Blackpoint Cyber Integration

Microsoft unveiled a new integration with Blackpoint Cyber for a 24-hour cloud response MDR service for Microsoft 365 environments, including Microsoft 365 Business Premium.

The two vendors also have a managed EDR service for Defender for Business customers, according to Microsoft. Both integrations should help partners without the resources for an in-house SOC.

Like Microsoft, Blackpoint has MSPs in its go-to-market strategy.

Microsoft Entra

Although unveiled just before Inspire, recent previews for Microsoft Entra bear repeating for partners interested in network security and security service edge (SSE).

Microsoft expanded Entra into SSE with the launch of Internet Access and Private Access features. Internet Access protects against malicious traffic and threats from the open internet. Private Access applies to private applications and resources from any device or network.

Microsoft also rebranded its Azure Active Directory offering into Microsoft Entra ID as an effort “to unify our product family,” according to the vendor.