New SMB security innovations from Microsoft Inspire 2023

Running a small or medium-sized business (SMB) poses unique challenges, particularly in safeguarding against increasing cyber threats, given limited IT resources. With over 82% of ransomware attacks targeted at small businesses [1], SMB customers are looking for comprehensive yet affordable cybersecurity solutions, and many rely on IT partners to secure their environments. Infact, 90% of SMB customers say they would switch IT partners for the right security solution[2].

Microsoft 365 Business Premium and Microsoft Defender for Business bring enterprise-grade security to SMB customers and partners in tailored solutions that are affordable and easy to use.  We’re pleased to introduce new SMB security product innovations, partner integrations, and resources designed to help you stay secure easily:

1. New security product innovations to help you stay secure.
2. Making it easier for IT partners to deliver security services.
3. IT partner resources to help build security services and drive customer conversations.

New Product innovations to help you stay secure.

Introducing three product updates to help you stay secure with Microsoft Defender for Business and Microsoft 365 Business Premium:

• Mobile Threat Defense
• Automatic Attack Disruption
• Security Summary Reports

Mobile Threat Defense protects your business from threats on mobile devices, Automatic Attack Disruption defends against sophisticated attacks, and Security Summary Reports provide visibility into security health. Now it's easier than ever to help secure your business and take your security to the next level. Let's look at each of these.

Mobile Threat Defense

The use of mobile devices has become an integral part of business operations, but securing these devices from cyber threats has been a challenge. This is where mobile threat defense comes in, offering three powerful capabilities that protect both iOS and Android devices without requiring device management or costly add-ons. With operating system-level threat and vulnerability management, web protection, app security, this comprehensive device security for mobile devices, help ensure that your sensitive data is safe and secure.

Mobile threat defense in Defender for Business

Business Premium customers have had the ability to protect mobile devices with Defender for Business, using Intune to onboard mobile devices. Today, we’re happy to make mobile threat defense capabilities generally available to Defender for Business standalone customers. So, customers and partners can onboard mobile devices to Defender for Business without needing any mobile device management solutions or add-ons.  Learn more.

Automatic Attack Disruption

Microsoft 365 Defender, through its powerful correlation of 65 trillion threat signals, proactively detects active ransomware campaigns and sophisticated attacks with a high level of confidence. We are now bringing many of the same E5 to capabilities Defender for Business.

During an ongoing attack, Defender for Business acts automatically to contain compromised devices that the attacker is utilizing through its advanced automatic attack disruption capabilities. By swiftly containing compromised devices, automatic attack disruption effectively helps to stop lateral movement within the network, thereby minimizing the overall impact of the attack. This results in significant reductions in associated costs and helps to prevent loss of productivity. Importantly, admins or security professionals retain control, allowing you to thoroughly investigate the incident, remediate any issues, and safely bring affected assets back online. Automatic attack disruption empowers you to swiftly respond to attacks, limit their impact, and regain control over your systems, so you can effectively manage and resolve security incidents. This capability is available in Microsoft Defender for Business, both as a standalone and within M365 Business Premium. Learn more.

Security Summary Reports

Security partners are in an especially important position when it comes to helping customers understand the value of the security solutions they offer. That’s why we’re thrilled to announce the general availability of monthly security summary reports in both Defender for Business standalone and Business Premium. These reports allow partners to easily demonstrate the value of their security investments by highlighting the threats prevented by Defender for Business, the status from Microsoft Secure Score, and recommendations for improving security.

The streamlined security summaries help you better understand the security status of your identity, devices, data, and applications. With improved insights, partners can showcase the value of their security investments and give customers the confidence they need to trust their security solutions. Learn more.

Security summary reports

Making it easier for partners to deliver security services.

With increasing cyberattacks, it is critical for you as a partner to stay ahead of the game. With Microsoft Defender for Business, you now can offer their customers comprehensive and reliable security services. Whether you are an established security solutions provider building your own Security Operations Center (SOC) or want to resell security services, our suite of tools and integrations provides the perfect starting point. We’re excited to introduce new ways for you to deliver security services, including:

Streaming API

For partners or customers looking to build their own security operations center, we are announcing the public preview of streaming API that supports streaming of device file, registry, network, logon events and more to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. If you are using the Streaming API for the first time, you can find step-by-step instructions in the Microsoft 365 Streaming API Guide on configuring the Microsoft 365 Streaming API to stream events to your Azure Event Hubs or to your Azure Storage Account.

Streaming APIs in Defender for Business

If you are familiar with the Microsoft Defender for Endpoint Raw data export API, you can simply go to the Microsoft 365 Defender Portal (https://security.microsoft.com) > Settings > Microsoft 365 Defender > Streaming API, enter your Azure Event Hub or Azure Storage Account information and select the event types you want to export (see below).

New Managed Detection and Response Integration

The Global cybersecurity talent shortage is a real issue and SMB partners also face a scarcity of cybersecurity professionals. For those IT Partners who want to resell security services to customers but don’t have the resources to invest in an in-house security operations center, we are integrating with leading Managed Detection and Response providers that MSPs can resell. 

Blackpoint Cyber now offers a managed  Defender for Business EDR (Endpoint Detection and Response) service. They also offer an exclusive 24x7 cloud response for Microsoft 365 environments, including Microsoft 365 Business Premium, that covers, Exchange, Azure AD environments. These services will help augment a partners’ IT team with security experts to investigate, triage, and remediate the alerts generated by Defender for Business and Business Premium. These are available today for partners. Learn More.

Microsoft 365 Lighthouse Innovations - security baselines and configuration drift reports

Microsoft 365 Lighthouse is our multi-customer management tool for MSPs in the Cloud Solution Provider program. One of the most loved capabilities in M365 Lighthouse is default baselines, which makes it easy for partners to deploy a standardized set of configurations to your customers’ tenants. 

However, a “one-size-fits all” approach may not be right for you – or all your customers – so Lighthouse now lets you customize baselines based on your unique expertise and tailor them to your customers’ unique needs. By creating your own baselines, you’re able to define your own standards for security, compliance, and productivity and leverage the power of Lighthouse to deploy those standards across your customers’ tenants – and enforce them with persistent configuration detection and deployment status reporting to monitor your customers' tenants—even when you're offline—and identify any changes that result in the regression of the deployment status for any of the assigned tasks. Microsoft 365 Lighthouse also provides who, where, and when details about user activity that caused the detected drift so that you can efficiently and effectively restore the tenant to the desired state and mitigate future risks. This functionality is available to our partners in preview and will be rolled out to more partners as the capability matures.

IT partner resources to help build security services.

To get started on your managed services journey, our partner playbooks– Microsoft 365 Business Premium Partner Playbook and Microsoft Defender for Business Partner kit provide you with sales and technical trainings as well as customer ready assets. New resources include a Security Managed services kit and 3-part digital training series, to provide step-by-step guidance for partners on how to build services based on the CIS critical cybersecurity controls.

Learn more at Inspire 2023

To get more details, check out the Inspire Security sessions.

• Springboard customers into the era of AI with end-to-end security keynote with Vasu Jakkal and Alym Rayani.
• Build your security practice with David Bjurman-Birr, Emmy Jaeger, and Neha Bhaskar.
• Take advantage of the expanding opportunity with end-to-end security with Ayse Altay, Shilpa Bothra, Melanie Myers, and Scott Woodgate.

References:

1. The Devastating Impact of Ransomware Attacks on Small Businesses, Quinn Cleary. April 4, 2023.
2. Microsoft commissioned research, 2019, US SMBs 1-300 employees