Microsoft announced new Identity and Azure apps at this week’s Create virtual event designed to improve security for both application developers and business customers.
New Identity capabilities to help foster a secure and trustworthy app ecosystem for developers, admins, and end-users alike include Publisher Verification, App Consent Policy, and Microsoft Authentication Libraries (MSAL) general availability for Angular.
Developers will demonstrate to consumers with Publisher Verification that their application comes from a reliable and credible source. Applications will be labelled when the publisher verifies their identity with the Microsoft Partner Network (MPN) and connects the account to the registration of the application.
Administrators will also be able to configure policies and decide the applications that users can agree to, such as Publisher Validated applications.
In addition to making MSAL generally available, Microsoft announced that there is a public preview of a web library identity.web for ASP.NET Core. With MSAL, devs can implement Microsoft identity authentication patterns, security features, and integration points (from Azure Active Directory accounts to Microsoft accounts).
Azure AD External Identities was also revealed by the tech company to help companies and developers create and manage applications that communicate with users outside an organization.
Microsoft announced two new additions to Azure Security Center this week: the availability of Azure Secure Score API to customers, and the public availability of suppression rules for Azure Security Center alerts, which are intended to reduce fatigue alerts.
The company also reported that consumers are now able to monitor encryption keys on 50 additional Azure services to ensure enforcement or regulatory requirements are met. The capacity now forms part of the Azure Security Benchmark.
Azure Disk Encryption can now be used to secure Red Hat Enterprise Linux BYOS Gold Images (Azure Disk Encryption may only be allowed after registration).
Azure Key Vault, the unified password, certificate and encryption key management service, now provides increased security with Private Connection, an option that provides access to Azure Key Vault via a private endpoint in a virtual network (traffic flows over the backbone network of Microsoft).
In addition, Microsoft now allows customers to use SafeNet Luna HSMs or Fortanix SDKMS to generate encryption keys outside of Azure, and then import them into Azure Key Vault (formerly only nCipher nShield HSMs were supported).
To make it easier for customers to rotate secrets, Microsoft also released a public preview of notifications for keys, secrets and certificates.
Microsoft recently announced that Azure Confidential Computing is generally available, which leverages the latest Intel SGX CPU hardware for a new class of VMs that can protect the confidentiality and integrity of customer data while in memory.
Customers can approve or reject requests for data access through Microsoft Azure ‘s Customer Lockbox, which now offers enhanced service coverage, and is now available to Azure Government cloud customers in preview.