Microsoft launches Azure Security Center Advanced Threat Detection, third-party tools coming in a few weeks

Microsoft today announced the launch of multiple products that are meant to make companies more secure online.

Perhaps the most compelling new feature is a more intelligent way to spot threats that could affect applications and data that companies are running on Microsoft Azure. Today Microsoft is introducing a service called Advanced Threat Detection for the Azure Security Center that’s been available in public preview since December.

“After years of examining crash dumps that our customers opted to send to Microsoft from more than a billion PCs worldwide, Microsoft has developed the capability to analyze this data to effectively detect compromised systems because crashes are often the result of failed exploitation attempts and brittle malware,” Bret Arsenault, Microsoft’s chief information security officer, wrote in a blog post. Not surprisingly, Microsoft won’t be going it alone here. In the coming weeks Azure Security Center will make room for add-ons from third-party vendors, Arsenault wrote. (More detail on the Azure Security Center news is here.)

With many customers, Azure operates at scale. Now Microsoft is taking advantage of that scale. This is one way for Microsoft to try to stand out from cloud infrastructure rivals Amazon Web Services and Google Cloud Platform.

But cloud infrastructure isn’t the only layer in which Microsoft gets cloud business. The company also fields Office 365 and other software. Toward that end, last year Microsoft acquired cloud security startup Adallom, which monitored usage to discover irregularities that could turn out to be threatening.

Microsoft took the Adallom technology and used it to build something called Microsoft Cloud App Security. Now that tool will become available in April, Arsenault wrote. That service can give Office 365 admins alerts on suspicious activity and information about the cloud services that end users are using.

Microsoft also will be extending its Customer Lockbox technology for limiting what Microsoft employees can do with end users’ data. The tool will become available for SharePoint Online and OneDrive for Business early in the second quarter of 2016. (Last year Microsoft said SharePoint Online would get it in the first quarter. The feature currently works with Exchange Online.)

In addition, Microsoft is starting a public preview for a new service called Azure Active Directory Identity Protection. Here’s Arsenault’s explanation of it:

Azure Active Directory security capabilities are built on Microsoft’s experience protecting consumer identities, and gains tremendous accuracy by analyzing the signal from over 14 billion logins to help identify 300,000 potentially compromised user authentications per a day. Azure Active Directory Identity Protection builds on these results and detects suspicious activities for end users and privileged identities based on signals like brute force attacks, leaked credentials, sign ins from unfamiliar locations and infected devices. Based on these suspicious activities, a user risk severity is calculated and risk-based policies can be configured allowing the service to automatically protect the identities of your organization from future threats.

The preview begins next week, Arsenault wrote.