Auditing Arrives in Preview to Power BI

Microsoft today announced the addition of new auditing capabilities within Power BI.  The new features are only available in preview to United States customers for now.

For regulated organizations, being able to audit and analyze who has viewed dashboards or reports is an important requirement.  The new auditing features record every user view, export or change to data within Power BI.  The auditing data is available to export or can be viewed within the Office 365 Security and Compliance Portal.

Image result for office 365 security and compliance portal

Read More

New Security Features Coming to Office 365

Microsoft has just announced a number of new security features coming to Office 365.

Advanced Security Alerts

Office 365 will now alert administrators based on unusual behavior such as logging in from a location they have not logged in before or if a user takes unusual administrative actions.

New security management and transparency capabilities 1b

Cloud App Discovery

Office 365 will now allow administrators to monitor use of third party cloud services such as DropBox or Box and to see how they are using these services to manage documents.

Revoke App Permissions

An “Add-In” in Office 365 is granted permissions to access data within the tenant based on the business user deploying the add-in.  Administrators will now see a dashboard that shows all the apps and provide a centralized management function so that access can be revoked by the administrator if the add-in is not sanctioned.

Read More

Admin Security Reviews Come to Azure AD Premium in Preview

Admin accounts have a significant risk exposure to enterprise organizations because they have access to potentially hundreds of services, accounts and settings that if compromised could wreak havoc on the organization’s overall security.  As part of an overall enterprise security program, validating these accounts to ensure they are still active and being used by the right people ensures that the threat to these accounts is minimized.

Microsoft has now introduced a new “Security review” process as part of Azure AD Premium (which is itself part of the Microsoft Enterprise Mobility Suite bundle) that allows the security administrator to validate administrator accounts through the following process:

  • Security administrator picks a privileged role, such as Global Administrator, where they believe administrators might still be holding that role who no longer need it.
  • Azure AD sends each user in that role a notification, and they respond in the Azure portal whether or not they need still need that role.
  • The security administrator reviews the results to decide who to remove from the role.

The security review process is in addition to the existing features of the Privileged Identity Management service which provides global administrators the ability to:

  • Discover and monitor privileged roles. The Azure AD PIM Dashboard gives you visibility into and tracking of users with privileged roles.
  • Automatically restrict the time that users have these privileged permissions through on-demand “just in time (JIT)” activation of permissions for pre-configured time windows.
  • Monitor and track privileged operations for audit purposes or security incident forensics.

Read More

Row Level Security and Data Masking Available in Azure SQL in Preview

Row Level Security

imageAt the end of January, Microsoft launched a new Row Level Security implementation in preview for Azure SQL.

Row Level Security in Azure SQL allows you to set policies using SQL statements which filter data based on the users identity.  This can be done based on the logged in user connected directly to the database or through an application. 

The basic idea of Row Level Security is the ability to filter queries based on user credentials either supplied directly when a user connects directly to the database or passed in by an application passing in a user identity.

The implementation details can be found in this article.

Data Masking

Another new feature available in Azure SQL in preview is Data Masking.  The concept of data masking is that based on policies, you can prescribe that when a user selects data from a table the data can be returned as masked data, e.g. XXXXXXX instead of the original value.  The policy you set allows you to specify:

  • Who receives masked data and who receives original data
  • Which tables and columns are masked
  • Whether to mask based on the source table name / column name or the alias provided in the query
  • Whether to restrict developers directly connected to the database
  • Format of masking based on a set of masking functions

The masking function allows you to mask common types of sensitive information.  For example:

  • Credit Card: XXXX-XXXX-XXXX-1234
  • Social Security Number: XXX-XX-XX12
  • Email Address: aXX@XXXX.com

You can also use your own masking patterns using the Custom Text function.

Unlike Row Level Security, Data Masking is set up either through the Azure Portal or through a REST API, not through SQL.

Navigation pane

Read More