Companies concerned about cybersecurity have a fleet of new Microsoft tools coming their way. The company announced a host of new security capabilities Friday morning as part of the run-up to the massive RSA security conference next week in San Francisco.
On the Windows front, the company announced that it's adding the ability to use on-premises Active Directory with Windows Hello, its system for allowing biometric-based logins with Windows 10. Microsoft also launched new tools to help organizations get more use out of mobile device management products by giving them tools to migrate group policy settings to cloud-managed devices.
What's more, Microsoft has launched a new tool that’s designed to help customers configure the Surface hardware under their administration, doing things like disabling the tablets' cameras.
Office 365 customers get a new security assessment tool and the private beta of a service aimed at showing them information about security threats.
Microsoft has been pushing advanced security capabilities like the ones announced Friday as a key part of its pitch to enterprises concerned about securing their data from a growing threat landscape. Here’s the rundown.
New Windows Capabilities
Windows Hello, Microsoft's biometric-based authentication system, is getting two new enhancements with the forthcoming Windows 10 Creators Update. First off, Microsoft is making it possible to use its biometric Windows Hello login system solely with on-premises Active Directory servers, rather than requiring Azure Active Directory.
Microsoft is also trying to address the problem of users forgetting to lock their computers by using a new Dynamic Lock feature in Windows Hello. That will connect a user’s smartphone with their Windows 10 device, and automatically lock the device when the phone's Bluetooth signal drifts far away.
Using it requires customers have the Microsoft Authenticator app installed on their smartphones. Once the app is connected to a PC, it uses the Windows Hello Companion Device Framework to automatically lock the computer when its user walks away.
The Surface Enterprise Management Mode (SEMM) allows enterprise customers to apply additional hardware restrictions to Microsoft’s Surface Pro 4 tablet, Surface Book laptop, and Surface Studio desktop in order to comply with security needs. That way, it's possible for them to do things like disabling the device’s microphone.
Administrators can set policies that only kick in under a particular set of conditions, like when a Surface is connected to a specific network. Applying the policies requires that administrators have physical access to the Surfaces in question but does not require they erase them.
SEMM works at the Unified Extensible Firmware Interface level, "so a lot of the attacks you would expect attackers to use in order to just re-enable the camera without the user knowing, won’t even work, because the device is disabled at a fundamental, hardware level," said Rob Lefferts, the director of program management for Windows Enterprise and Security.
Sign up for CIO Asia eNewsletters.