Microsoft announced a host of new security measures at its annual Ignite conference, with the goal of strengthening its existing data protection, endpoint security, and extended threat detection and response capabilities.

Notable improvements include the introduction of a dedicated exposure management tool, an upgrade to insider risk management (IRM) tailored to GenAI usage, new data loss prevention (DLP) features, and integration of genAI into Security Operations Center (SOC) processes.

It also announced a new AI and cloud security bug bounty program, Zero Day Quest, at the event. (See more Microsoft Ignite 2024 news.)

The new bug bounty program

“Last year Microsoft awarded $16.6 million as part of our bug bounty programs to security researchers who reported vulnerabilities under coordinated vulnerability disclosure,” said Tom Gallagher, VP of Engineering at Microsoft Security Response Centre. “This is more than anyone else in the industry. It is also important to note that Microsoft awards payments for vulnerability research, while many other companies require a working exploit to receive payment, which may involve multiple vulnerabilities and can require significantly more work.”

Zero Day Quest adds $4 million to that budget for research into AI and cloud flaws.

That money may not go far with some bug bounty programs, like those from Apple and Zerodium, offering as much as $2 million for a single exploit. Researchers’ submissions could also win them a place at an onsite hacking event in Redmond in 2025, Gallagher added.

Moving from lists to graph protection

The company is also looking for ways to help enterprises secure their own systems with tools such as Microsoft Security Exposure Management, which is now generally available.

This aims to transform security through graph-based posture management rather than list-based protection, mapping the changing relationships between underlying assets such as identities, credentials, permissions, files, devices, and other connections in enterprises.

“Traditional vulnerability management is no longer sufficient,” said Brjann Brekkan, Microsoft’s director of product marketing  for security posture and exposure management, in a statement shared with CSOonline. “While patching every potential weakness might seem like a solution, it’s neither practical nor effective. Instead, modern security strategies must focus on the exposures that are easiest for attackers to exploit, prioritizing vulnerabilities that present the greatest risk.”

Microsoft released a public preview of Security Exposure Management earlier this year and it has since been tried out by more than 70,000 Microsoft customers for protecting critical entities, according to Vasu Jakkal, the company’s corporate vice president of Security.

The key offerings of the suite include attack surface management, attack path analysis, and unified exposure insights. “Exposure Management helps security teams understand the true topography of their attack surface, enabling them to prevent or minimise threats more effectively,” Jakkal added.

Bringing genAI into the fold

Microsoft also revealed a number of advances in securing its customers’ use of AI, most of them in Microsoft Security Copilot.

New Copilot skills have been unlocked for IT admins in Microsoft Entra, an identity and access management (IAM) offering, and Microsoft Intune, an endpoint management solution.

Security Copilot began life in April with a preview release for Intune alone, and has now been expanded to power Intune, the Intune Suite, and Windows Autopatch, where it offers IT workers AI-guided insights to help them respond to incidents.

Now, the company said, it will also be embedded in Microsoft Entra portal, with new capabilities available directly inidentity admin workflows.

Additionally, Microsoft unveiled new Copilot skills for data security and compliance teams in Microsoft Purview, and for security operations teams in Microsoft Defender.

Microsoft Purview Insider Risk Management (IRM) will introduce usage indicators and policy templates designed to detect both intentional and unintentional insider risk activities involving generative AI applications that could pose potential risks to organizational security.

Also available for public preview now, new capabilities in Purview include Data Loss Prevention (DLP) for Microsoft 365 Copilot for preventing oversharing of data in AI apps and detecting risky AI use.

Lastly, Security Operations Centre (SOC) analysts are now provided with a Security Copilot integration for identifying and resolving potential security issues with insights on identity behavior and misconfigurations.