On Monday, Microsoft announced that it has moved its Microsoft Account (MSA) signature service to Azure Confidential Virtual Machines (VMS) and that it is also in the process of migrating its Entra ID signature service.
This disclosure comes about seven months after the tech giant said it has completed Microsoft Entra ID and MS updates for Microsoft Entra ID and MS to generate, store, and automatically rotate access token signing keys using the Azure Managed Hardware Security Module (HSM) service.
“Each of these improvements will help reduce the attack vectors used by the actors used in the 2023 Storm-0558 attacks at Microsoft,” said Charlie Bell, executive vice president of Microsoft Security, in a post she shared with pre-published hacker news.
Microsoft also notes that 90% of Microsoft Entra ID tokens in Microsoft Apps are verified with an enhanced ID Software Development Kit (SDK), and 92% of employee productivity accounts use phishing-resistant multifactor authentication (MFA) to mitigate risk from advanced cyberattacks.
In addition to implementing a two-year retention policy for production systems isolation and security logs, the company also said it uses MFA through a Proof-of-Presence check to protect 81% of its production code branches.
“We are piloting projects that move customer support workflows and scenarios to dedicated tenants to reduce the risk of lateral movement.” “Security baselines are enforced in all types of Microsoft tenants, and new tenant provisioning systems automatically register new tenants with security emergency response systems.”
The change is part of the Secure Future Initiative (SFI), which the company characterized as “the largest cybersecurity engineering project in history and the broadest efforts at Microsoft.”
SFI gained traction last year in response to reports from the US Cyber Safety Review Board (CSRB). This criticized the tech giant in 2023 by a China-based nation-state group called Storm-0558 for a series of avoidable errors that led to violations of almost two companies in Europe and the US.
Microsoft revealed in July 2023 that source code validation errors could cause Azure Active Directory (Azure AD) or Entra ID tokens to be forged by Storm-0558.
Late last year, the company launched a Windows Resiliency initiative to improve security and reliability and avoid causing system destruction like the one that occurred in the infamous July 2024 Cloud Strike Update.
This includes a feature called Quick Machine Recovery. This allows IT administrators to perform certain fixes on their Windows PCs, even if the machine cannot boot. Built into Windows Recovery Environment (Winre).
“Unlike traditional repair options that rely on user intervention, they automatically become active when the system detects a failure,” said PC Rudy Ooms later last month.
“The whole cloud remediation process is very simple. Check if cloud remediation, automation, and optionally flags/settings such as headless mode are set. If your environment meets conditions (such as available networks and required plugins), Windows will quietly begin the recovery.”
Source link
