This article is contributed. See the original author and article here.
Many security announcements were shared this week including Azure Key Vault Managed Hardware Security Module was made generally available, general data scientist roles added to RBAC capabilities in Azure Machine Learning, eliminating data silos with large-scale NFS workloads in Azure Blog Storage, Microsoft Defender unmanaged device protection capabilities and a security focused Microsoft Learn Module of the week.
Azure Key Vault Managed Hardware Security Module (HSM) reaches general availablity
Managed HSM offers a fully managed, highly available, single-tenant, high-throughput, standards-compliant cloud service to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs.
Key features and benefits:
- Fully managed, highly available, single-tenant, high-throughput HSM as a service: No need to provision, configure, patch, and maintain HSMs for key management. Each HSM cluster uses a separate customer-specific security domain that cryptographically isolates your HSM cluster.
- Access control, enhanced data protection, and compliance: Centralize key management and set permissions at key level granularity. Managed HSM uses FIPS 140-2 Level 3 validated HSMs to help you meet compliance requirements. Use private endpoints to connect securely and privately from your applications.
- Integrated with Azure services: Encrypt data at rest with a customer managed key in Managed HSM for Azure Storage, Azure SQL, and Azure Information Protection. Get complete logs of all activity via Azure Monitor and use Log Analytics for analytics and alerts. Some third party solutions are also integrated with Managed HSM.
- Uses the same API as Key Vault: Managed HSM allows you to store and manage HSM-keys for your cloud applications using the same Key Vault APIs, which means migrating from vaults to managed HSM pools is very simple.
Azure Key Vault Managed HSM is another service that is built on Azure’s confidential computing platform. Azure confidential computing protects the confidentiality and integrity of your data and code while it’s processed in the public cloud.
Azure Machine Learning public preview announcements for June 2021
The RBAC capabilities in Azure Machine Learning now offers a new pre-built role defined for the general data scientist user. When assigned, this role will allow a user to perform all actions within a workspace, except for creating/deleting the compute and any workspace level operations.
Text Classification labeling capability in Azure Machine Learning studio allows our users to create text labeling projects and assign labels to their text documents. It supports text classification either multi-label or multi-class project types.
Environments in the Azure Machine Learning studio allows you to create and edit environments through the UI. You can also view both custom and curated environments in your workspace as well as details around properties, dependencies, and image build logs.
Modernize large-scale NFS workloads and eliminate data silos with Azure Blob Storage
Azure Blob Storage, Microsoft’s object storage platform for storing large-scale data, recieves Network File System (NFS) 3.0 protocol support for Azure Blob Storage now generally available. Many organizations from various industries such as manufacturing, media, life science, financial services, and automotive have embraced this feature during our preview and are deploying their workloads in production and have been using NFS 3.0 for a wide array of workloads such as high-performance computing (HPC), analytics, and backup.
To get started, check out this video on introducing NFS 3.0 support for Azure Blob Storage and read more about the NFS 3.0 protocol support in Azure Blob Storage.
Microsoft Defender for Endpoint Unmanaged device protection capabilities are now generally available
Microsoft recently announced the general availablilty of a new set of capabilities that gives Microsoft Defender for Endpoint customers visibility over unmanaged devices running on their networks addressing some of the greatest risks to an organization’s cybersecurity posture. This release delivers the following set of new capabilities:
- Discovery of unmanaged workstations, servers, and mobile endpoints (Windows, Linux, macOS, iOS, and Android) that haven’t been onboarded and secured. Additionally, network devices (e.g.: switches, routers, firewalls, WLAN controllers, VPN gateways and others) can be discovered and added to the device inventory using periodic authenticated scans of preconfigured network devices.
- Onboard discovered, unmanaged endpoint and network devices connected to your networks to Defender for Endpoint. Integrated new workflows and new security recommendations in the threat and vulnerability management experience make it easy to onboard and secure these devices.
- Review assessments and address threats and vulnerabilities on newly discovered devices to create security recommendations that can be used to address issues on devices helping to reduce an organization’s threat and risk exposure.
To read more about our new device discovery and assessment capabilities, check out:
- Secure your unmanaged devices
- Endpoint Discovery – Navigating your way through unmanaged devices
- Network device discovery and vulnerability assessments
- Patch and Switch – It has been a fortnight and Patch and Switch are back to share the stories they have amassed over the past two weeks.
MS Learn Module of the Week
Protect against threats with Microsoft Defender for Endpoint
Learn how Microsoft Defender for Endpoint can help your organization stay secure.
In this module, you will learn how to:
- Define the capabilities of Microsoft Defender for Endpoint.
- Understand how to hunt threats within your network.
- Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
Learn more here: Protect against threats with Microsoft Defender for Endpoint
Let us know in the comments below if there are any news items you would like to see covered in the next show. Be sure to catch the next AzUpdate episode and join us in the live chat.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.