It’s a well-documented fact: Microsoft is all-in on cybersecurity.
Last year, the company pledged to invest $20B into cybersecurity initiatives over the next five years — a significant increase from the $1B in annual security spending that has been the norm for years.
There’s the Microsoft Compromise Recovery Security Practice (CRSP) – a collaborative effort between Microsoft and its customers to investigate an attack and incorporate key findings into the recovery process (and later, the MS ecosystem).
Internal experts are working on an ongoing investigation into ransomware attacks on Ukraine. They have a dedicated Digital Crimes Unit.
Below, we’ll break down Microsoft’s overall approach to fighting ransomware — then we’ll get more specific and explain how those efforts show up throughout its expansive product ecosystem.
How Microsoft Protects Against Ransomware
Per this interactive cloud security piece, Microsoft detects, on average, around 1.5M attempted attacks on its system every single day. Each recorded attempt, plus billions of data points related to phishing scams, cyber crime rings, ransomware attacks, and threat actor tactics are compiled and studied as part of an ongoing learning process – helping Microsoft get ahead of emerging threats and better protect its customers.
All data is fed into Microsoft’s intelligent security graph — where it can be analyzed in context with high-profile attacks, emerging threats, and the evolving global threat landscape. Key findings are then applied to Microsoft products like D365, Azure, Microsoft 365, and the rest – and as a result, the whole ecosystem benefits from this sort of “group immunity.”
Additionally, Microsoft’s fight against ransomware extends beyond the product ecosystem – with experts working to disrupt the growing ransomware economy on four main fronts:
- Holistic ransomware prevention. Microsoft uses AI/ML and automation to analyze ransomware signals across all clouds, apps, and endpoints. Solutions include Microsoft 365 Defender, Sentinel, and Defender for Cloud – which now comes with adaptive AI protection to defend against human-operated ransomware attacks.
- Detection & response. Microsoft offers unified Security Information and Event Management (SIEM) and extended detection response (XDR) solutions that provide integrated threat protection across apps, devices, identities, and data and cloud workloads.
- Disrupting the ransomware economy. Microsoft’s Digital Crimes Unit (DCU) is a team of experts that works with law enforcement to disrupt cybercrime, support ransomware victims, and advise on legislative matters.
- Threat intelligence & ongoing research. Finally, Microsoft’s team of dedicated experts study ransomware tactics and develop threat intelligence solutions that, eventually, become embedded into its core product offerings.
Before we move on, it’s important to note that while Microsoft’s products are loaded with strong security protections, tech alone won’t safeguard your data from ransomware. It’s on you to develop a strong security culture (think – Zero Trust), put together a recovery plan, and continuously monitor and improve your security posture.
The Ransomware Protections Embedded Across the Microsoft Ecosystem
So, we’ve gone over how Microsoft protects the overall ecosystem against ransomware attacks and other security threats.
Now, let’s quickly run through some of the ways that Microsoft’s cybersecurity efforts show up in individual product offerings. (Note: if you’re looking for a deeper dive into any particular product, there’s a dedicated post for each solution on our list).
- Azure. Azure spans something like 200 products across a wide range of use cases – data analytics, IoT, compute, cloud storage, AI & machine learning, and more. Some solutions are explicitly designed to support cybersecurity initiatives – DDoS protection, data governance, anomaly detection, a key vault for cloud apps. Other solutions focus on other areas like building chatbots or ML models, cloud storage, or DevOps. Either way, all Azure products are embedded with security protections – as well as reporting tools that make it easy to monitor, detect, and act on potential threats. Read more about Azure’s baked-in security protections.
- Dynamics 365. Dynamics 365 includes several built-in capabilities that protect your data from ransomware attacks, fraud, and regulatory non-compliance. Users can automate core processes, define rules and controls, and access and act on real-time insights when the system detects a threat. Learn more about D365’s security protections, and more specifically how Dynamics 365 protects your business from ransomware.
- Microsoft 365. Microsoft 365 apps include several baked-in protections against ransomware attacks, data corruption, and other threats. This includes tenant-level controls (Exchange Online) – as well as a service infrastructure designed to prevent, detect, and act on incoming threats. Here’s a look at the security features you’ll find inside Microsoft 365 apps and services.
- OneDrive. OneDrive makes it easy for users to access files from anywhere, add files from Teams or SharePoint, and collaborate on shared files in real-time. OneDrive also includes security controls that make it easy to recover from ransomware attacks, grant access permissions for shareable links, and enforce pre-configured policies. It even includes reporting tools for monitoring user activity and special protections for sensitive information. Read more about how OneDrive protects your files from ransomware attacks and other threats.
- Microsoft Entra. Microsoft Entra is a new product family that includes all identity and access management capabilities – Azure AD, plus new CIEM and decentralized identity protections. Together, Entra apps help businesses build a comprehensive environment for managing credentials, verifying user identities, and making access decisions based on real-time threat assessments. Learn more about Entra and its role in securing your entire organization in this blog post.
- SharePoint. SharePoint simplifies collaboration and knowledge sharing among internal and external stakeholders – offering a secure environment for building custom websites, apps, portals, even your own “modern intranet.” Built-in security protections make it easy for users to manage access permissions and devices, secure sensitive customer data, and block incoming ransomware attacks. Check out the full article to learn more about SharePoint’s security features.
- Power Platform. The Power Platform is Microsoft’s suite of low-code/no-code tools, designed to make it easy for anyone to work with big data and build custom solutions. That means, you can create dashboards, apps, and automations that actively protect against ransomware – whether that means data streams that surface anomalies and threats in real-time, workflow automations that enforce compliance, or extra security features for custom builds. In this article, we’ll look at how Power Platform can keep your business safe from attacks.
As you can see, all of the products and services in the Microsoft ecosystem are embedded with cutting edge ransomware protections. At the same time, it’s important to remember that you can’t rely on built-in protections alone.
You’ll also need to make cybersecurity part of your culture — and prioritize training and development initiatives outside of the IT department. Beyond that, cybersecurity hinges on good data and end-to-end visibility. After all, you can’t control what you can’t measure.
Velosio is a certified Gold Microsoft Partner that offers a range of services from consulting and managed security services to ERP implementations and proprietary solutions that build on Microsoft’s out-of-the-box products and services. Whatever you’re looking for, our experts will ensure that security is baked into all products and processes from the very beginning.
We can help your company protect against ransomware attacks, data breaches, and other cyberthreats.