Microsoft Build 2023: Announcing new identity, compliance, and security features from Microsoft Security

At Microsoft Build 2023—an event for developers by developers—we’re going to announce exciting new features and technologies, share ideas, and help everyone boost their skills so we can all build a more secure future together. This year’s Microsoft Build offers a full program, both online and in-person, to suit every attendee, whether you’re a professional developer, data pro, or a brand-new coder. Not only is Microsoft Build a great opportunity to gain new knowledge and skills, but it’s also the place to meet and learn from other developers. If you haven’t registered yet, I invite you to visit the Microsoft Build event page.

Microsoft Build 2023

Browse virtual and in-person security sessions at Microsoft Build.

logo

Below is a quick tour of a few security-related sessions and the new features and technologies they highlight.

New identity and access features in Microsoft Entra

Graphic showing how Microsoft Entra External ID helps personalize and secure access to any application for customers and partners with a complete customer identity and access management solution.

Welcome to modern identity and access management with Microsoft Entra

Developers are in the business of building app features and capabilities. Most developers are not—and don’t want to be—identity security experts.

At Microsoft Build, we’re announcing the next generation customer identity access management platform: Microsoft Entra External ID, now in preview. Microsoft Entra External ID was purpose-built to personalize and secure access to applications while protecting any external identity and effectively controlling which resources they can access. It delivers a flexible, unified identity platform, personalized customer experiences, adaptive access policies, and built-in identity governance. In the session “Explore CIAM capabilities with External Identities in Microsoft Entra,” Yoel Horvitz, Senior Program Manager, Microsoft Azure Active Directory (Azure AD), and Namita Singh, Senior Software Engineer at Cloud Data Center Cybersecurity, Microsoft, will explore how easily you can create branded sign-up and sign-in app experiences. No more trade-offs between great security and great customer experiences. You’ll see how quickly you can add a strong sign-up or sign-in experience plus comprehensive onboarding flows that capture and validate customer information.

Partner identity scenarios (B2B Collaboration) remain in the same location on the Microsoft Entra admin portal within the Workforce tenant. Please note that there is no action for our current Azure AD business-to-consumer (B2C) customers required at this time as the next generation platform is currently in early preview only. We remain fully committed to support the current Azure AD B2C solution, and there are no requirements for B2C customers to migrate at this time and no plans to discontinue the current B2C service.

This next-generation expanded solution for customer and partner identities marks the next chapter in our customer identity solution, addressing critical customer feedback and building on top of our existing capabilities.

External ID now combines familiar B2B collaboration functionality in Microsoft Entra (generally available) with evolved and unified customer identity (CIAM) capabilities, targeting customer-facing applications, now in preview. Help us shape the future of this new platform with your participation in our preview.

Microsoft Entra Verified ID digital wallet SDK

Microsoft Entra Verified ID is an open standards-based verifiable credentials service that customers can use to automate the identity validation process while enabling privacy-protected interactions between organizations and users. You can integrate the upcoming release of the Verified ID Wallet Library into your mobile apps to store and share digital Verified ID cards. This allows you to issue verifiable credentials for dozens of use cases, such as reducing the risk for fraud and account takeovers, streamlining app sign-ins, creating self-service account recovery and helpdesk flows, and enabling rich partner rewards ecosystems. Be sure to check out the “Reduce fraud and improve engagement using Digital Wallets” session by Christer Ljung, Principal Program Manager, Microsoft, and Sydney Morton, Software Engineer, Microsoft, to learn more about Verified ID’s open source digital wallet SDK.

New capabilities for compliance and data automation in Microsoft Purview

General availability of machine learning-enabled source code classifier

Microsoft Purview Information Protection helps organizations automate data classification, labeling, and protection across multiple platforms. More than 35 pre-trained classifiers help quickly identify and protect some of the most sensitive data, such as intellectual property and trade secrets, material non-public information, sensitive health and medical files, business sensitive financial information, and personally identifiable information for General Data Protection Regulation (GDPR) compliance. Plus, an improved ready-to-use source code classifier that supports more than 70 file extensions and 23 programming languages can detect embedded and partial source code.  

New APIs available to help automate compliance workflows

You can take advantage of new Microsoft Graph APIs built specifically for Microsoft Purview eDiscovery and compliance scenarios to help organizations automate their litigation and investigation workflows. Join us for “Streamline eDiscovery with new innovations, including Microsoft Graph APIs,” a sequel to Microsoft Senior Product Marketing Manager Caitlin Fitzgerald’s Microsoft Build 2022 session, which will share recent examples of using APIs to ensure repeatable and predictable management of time-sensitive compliance processes.

Explore built-in security features in these Microsoft Build sessions

Unlocking the Power of Azure Security: Conversations with Experts, Q&A

In this Q&A session, Richard Diver, Technical Story Design Lead, Microsoft, will moderate a panel of experts who help secure the software supply chain within Microsoft Azure and other platforms. The session is based on a four-part blog series that includes Microsoft Azure’s defense-in-depth approach to cloud vulnerabilities and Cloud Variant Hunting. The panel will share Microsoft security best practices and how we’re enhancing our response process, extending our internal security research, and continually improving how we secure multitenant services.

Next-Level DevSecOps: Secure Supply Chain Consumption Framework, Q&A

The Secure Software Supply Chain Framework (S2C2F) is designed from the ground up to protect developers from accidentally consuming malicious and compromised packages. In this Q&A session, Mia Reyes, Director, Foundational Security—Cybersecurity, Microsoft, will moderate a panel of leads from our Secure Software Supply Chain team, including Adrian Diglio, Principal Product Marketing Manager, Microsoft, and Jasmine Wang, Product Manager, Microsoft, as they share the Secure Supply Chain Consumption Framework S2C2F. Learn how to patch your vulnerable components faster to prevent consumption of malicious or compromised packages. Download the Secure Supply Chain Consumption Framework Simplified Requirements guide to learn how you can improve your open source software (OSS) consumption practices.

According to Sonatype’s 2022 State of the Software Supply Chain report, supply chain attacks targeting OSS have increased by an average of 742 percent each year for the past three years.1

Microsoft Build 2023

Join us in Seattle for Microsoft Build from May 23 to 25, 2023. We’ll stream online sessions May 23 and 24, 2023 during Pacific Time hours. Register now to reserve your spot and visit the Microsoft Build 2023 website to explore the session catalog and plan your experience. We look forward to connecting with you!

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.


18th Annual State of the Software Supply Chain Report, Sonatype.

READ MORE HERE