Microsoft Copilot for Security and NIST 800-171: Access Control

Microsoft Copilot for Security and NIST 800-171: Access Control

This article is contributed. See the original author and article here.

Microsoft Security Copilot and NIST 800-171 - Part 2 Access Control.png


 


Microsoft Copilot for Security and NIST 800-171: Access Control


Microsoft Copilot for Security in Microsoft’s US Gov cloud offerings (Microsoft 365 GCC/GCC High and Azure Government) is currently unavailable and does not have an ETA for availability. Future updates will be published to the public roadmap here.



 


As of this writing we’ve received the Proposed Rule of the Cybersecurity Maturity Model Certification (CMMC) 2.0, and the public comment period ended on February 26. The National Institute of Standards and Technology (NIST) just released their analysis of public comments on the final draft of NIST Special Publication 800-171 Revision 3 (NIST 800-171r3) and initial draft of NIST 800-171Ar3. NIST plans to publish final versions sometime in Spring 2024. These publications are important because one of the primary requirements for CMMC is that organizations will need to implement most, if not all, of NIST 800-171r3’s controls for Level 2 certification.


 


In the first blog of this series, we looked at the System and Information Integrity family of requirements (3.14) in the draft of NIST 800-171r3, which covers flaw remediation, malicious code protection, security alerts via advisories and directives, and system monitoring. Also, the blog discussed how Microsoft Copilot for Security (Security Copilot) can help DIB organizations meet these requirements by identifying, reporting, and correcting system flaws more efficiently and effectively. The second blog in this series will dive into the very first requirement family – Access Control (3.1)


 


Early reports indicate organizations are reducing time and resource constraints by deploying Security Copilot in private preview and the early access program. Despite no public timeline on the availability of Security Copilot in Microsoft’s US-sovereign cloud offerings (Microsoft 365 GCC/GCC High and Azure Government), it’s worthwhile exploring how companies in the Defense Industrial Base (DIB) may use these AI-powered capabilities to meet NIST 800-171r3 security requirements, and ultimately defend against identity threats with finite or limited resources.


 


NOTE: Some requirements, such as 3.1.1 contain seven bullets (a-g) or more, and an entire blog could be written on that one requirement alone. Each section is not exhaustive of the requirement nor the applications of certain technologies. The suggested applications of Microsoft solutions do not guarantee compliance with any regulation nor prevention of an attack or compromise. All images and references are based upon preview experiences and do not guarantee identical experiences in general availability or within the U.S. Sovereign Cloud offerings. 


 


Access Control (3.1.)


One might ask why Access Control holds the prominent first spot in the NIST 800-171 publication. It’s relatively simple – Access Control is alphabetically first. However, this requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects or teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.


 


shawnrosco_0-1709574676290.png


 


 


3.1.1. Account Management


It is obviously a great starting point to “a. Define the types of system accounts allowed and prohibited” to access systems that hold Controlled Unclassified Information (CUI) or other sensitive information. Many organizations or their Managed Security Service Provider (MSSP) develop a mapping of privileged accounts and non-privileged accounts within their environment and develop policy based on principles of Least Privilege – which is a requirement to discuss later in this blog. Yet, the power of Microsoft Entra ID and Security Copilot shines most brightly after the security team “define(s)” or “c. Specify(ies) authorized users of the system(s), group(s) and role membership(s), and access authorization(s).”


 


Microsoft Entra provides rich information for Microsoft Defender for Identity (MDI) and Microsoft Sentinel for “e. Monitor(ing) the use of system accounts.” Yet, Security Copilot increases the utility of this trove of incidents and events further by easily summarizing details about the totality of a user’s authentications, associations, and privileged access as shown in the figure below.


 


shawnrosco_1-1709574676306.png


 


Furthermore, SOC and Identity administrators alike can quickly surface every user in the environment with expired, risky, or dormant accounts. They can also take the next steps to “f. Disable system accounts” when they meet those criteria or modify the identities and/or privileges. Much of this investigation and troubleshooting is done without the need of policy and configuration surfing, nor does the SOC or Identity administrator need to craft a KQL query or PowerShell script from scratch. Security Copilot allows these two roles to do all of this using natural language prompts.


 


Alex Weinert, VP of Identity Security at Microsoft, recently spoke of the narrowing gap between these two types of administrators, skillsets, and their teams in Episode 2 of The Defender’s Watch. Alex explains, “it’s more nuanced than… relying on your SOC team to catch things that are happening in Identity. Not all Identities are the same. Not all your servers are the same. We want to be making sure the two teams are working together to build a map of what are those critical resources and that there’s a feedback loop… listening to the SOC on the other side understanding what’s happening in the organization and what are we going to do as administrators [given investigation to remediation of an incident can take time]”. Security Copilot can be the accelerant for incidents and intelligence to drive Account Management and identity policy change.


 


shawnrosco_2-1709574676349.png


 


Alex also quipped “if you’re an Identity Architect go buy your SOC team a pizza and get to know them” as he expressed the need for collaboration across Identity and SOC teams for access control. Ironically Dominoes just rolled out unified identity with Microsoft Entra ID.


 


3.1.2. Access Enforcement


Security Copilot may help organizations day-to-day enforce Microsoft Entra ID access control policies and modify configurations to increase the identity score shown below. An Identity administrator or member of the SOC can also quickly create an audit log, for example, to detect when a new credential is added to an application registration by simply asking Security Copilot for the applicable KQL code. Also, individuals interviewed for CMMC assessments can leverage Security Copilot to quickly surface a summary of activities completed by your Entra ID (active directory) privileged users, identify when changes to Conditional Access policies were made, and more.


 


When going through a CMMC assessment, an assessor will be looking to determine if approved authorizations for “logical access” to CUI and system resources are enforced. Taking a step away from Security Copilot, it’s important to note the new MDI Identity Threat Detection and Response (ITDR) dashboard is one of the most elegant ways to show where and how enforcement is taking place or where your organization may not be. In a single plane, administrators can see their identity score from Microsoft Secure Score updated daily with a quick link to see access control policies and “system configuration settings”, new instances where users have exhibited risky lateral movement, and a summary of privileged identities with a quick link to view the full “list of approved authorizations”.


 


shawnrosco_3-1709574676366.png


 


 


3.1.3. Information Flow Enforcement


Organizations meet this requirement by managing “information flow control policies and enforcement mechanisms to control the flow of CUI between designated sources and destinations (e.g., networks, individuals, and devices) within systems and between interconnected systems.” Microsoft Purview’s Information Protection label policies along with proper configuration of Data Loss Prevention (DLP) policies can prevent the flow of sensitive information between internal and external users via email, Teams, on-premises repositories and other applications. Security Copilot can share with users the top DLP alerts shown below, give a summary or explanation of an alert, and assist in adjusting policy based upon the alert scenario.


 


shawnrosco_4-1709574676377.png


 


3.1.5 Least Privilege


Applying least privilege to accounts can often be combined with managing the functions they can perform, such as executing code or granting elevated access. Once an organization turns on Microsoft Defender for Cloud and Microsoft Entra ID Privileged Identity Management (PIM) for its resources in Azure or other infrastructure, users can be granted just-in-time access to virtual machines and other resources. Conversely, those same users can lose access based upon suspicious behavior like clearing event logs or disabling antimalware capabilities. Security Copilot can be used in the Microsoft Entra admin portal to guide the administrator on creating notification policies or conduct access reviews for activities like the aforementioned.


 


Security Copilot may also be used to identify where users have more than ‘just enough access’, or help the administrator create lifecycle workflows where a user’s privileges need modification based on changes in their role or group. On a final note, the draft of NIST 800-171Ar3 specifies that an assessor would possibly need to examine a list of access authorizations and validate where privileges were removed or reassigned during a given period – all of which can be generated in reports aided by Security Copilot.


 


3.1.11 Session Termination


This requirement has some art along with science. An organization can define “conditions or trigger events that require automatic session termination” by periods of inactivity, time of day, risky behavior, and more. Microsoft Entra ID defaults reauthentication requests to a rolling 90 days but that may be too infrequent for some users whom daily access sensitive data sets, such as an Azure subscription with Windows servers holding CUI. Security Copilot can aid administrators to develop Conditional Access policies based on sign-in frequency, session type (from a managed or non-managed device), or sign-in risk. Also, Security Copilot can be prompted to help a SOC analyst reason over permission analytics to determine the impact of a user who’s exhibiting risky behavior and take subsequent action to terminate a session outside of the normal ‘conditions’.


 


3.1.16 Wireless Access and 3.1.18 Access Control for Mobile Devices


Rather an endpoint such as a laptop or various types of mobile devices, Security Copilot can aid users within the Microsoft Intune admin center to create policies for “usage restrictions, configuration requirements, and connection requirements” when wirelessly accessing systems of record. Below is an example of the embedded Security Copilot experience where we want to create a policy for Windows laptops in our environment.


 


Example of Security Copilot assisting with Endpoint Management PoliciesExample of Security Copilot assisting with Endpoint Management Policies


 


 


Users can also ask Security Copilot to summarize an existing policy for devices in the environment, as well as generate or explore Microsoft Entra ID conditional access policies.


 


“Authoriz[ing] each type of wireless access” or “connection of mobile devices” will require policies that span multiple technologies. In many cases, administrators tasked with creating or managing these policies may not have the combined domain knowledge, yet Security Copilot bolsters individuals where they may possess certain skill gaps.  


 


Meeting NIST 800-171 with Limited Resources


Joy Chik wrote in her blog, 5 ways to secure identity and access for 2024, “Identity teams can use natural language prompts in Copilot to reduce time spent on common tasks, such as troubleshooting sign-ins and minimizing gaps in identity lifecycle workflows. It can also strengthen and uplevel expertise in the team with more advanced capabilities like investigating users and sign-ins associated with security incidents while taking immediate corrective action.”  


 


Microsoft Security Copilot is an advanced security solution that helps companies protect CUI access and prepare for CMMC assessment by elevating the skillset of almost every cybersecurity tool and professional in the organization. It’s also bringing the identity team and the SOC team closer together than ever before. DIB companies working with limited resources or MSSPs struggling to keep up with demand will, both, likely look to creatively deploy AI solutions such as Security Copilot in the near future.


Additional Resources



 


 

Pre-Export Step Required setting in Deployment Pipeline | Power Platform Pipelines

Pre-Export Step Required setting in Deployment Pipeline | Power Platform Pipelines

Now that you must’ve already setup your basic Power Platform Pipeline as yet and are looking to explore how to extend the Power Platform Pipeline to do more advanced operations, this post is for you!In case you are still looking to first setup your Power Platform Pipeline, you can check this Blog Series which this … Continue reading Pre-Export Step Required setting in Deployment Pipeline | Power Platform Pipelines

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Pre-Export Step Required setting in Deployment Pipeline | Power Platform Pipelines

Power Platform Pipelines | Blog Series

Here’s a blog series to get you up to speed on Power Platform Pipelines! Setting up and Running Power Platform Pipelines Here is what you need to get done in order to setup Power Platform Pipelines – Advanced Settings Scenario Blog Once request for deployment is submitted. Pre-Export Step Required setting in Deployment Pipeline | … Continue reading Power Platform Pipelines | Blog Series

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Pre-Export Step Required setting in Deployment Pipeline | Power Platform Pipelines

Run a Power Platform Pipeline

In case you setup your first Power Platform Pipeline and looking to test it out? This post is for you. Or if you haven’t yet configured your Power Platform Pipelines first, refer this post – Setup Power Platform Pipelines Now that you have your basic Power Platform Pipeline set in place, let’s run a created Pipeline! … Continue reading Run a Power Platform Pipeline

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

AI in CRM and ERP systems: 2024 trends, innovations, and best practices

AI in CRM and ERP systems: 2024 trends, innovations, and best practices

This article is contributed. See the original author and article here.

A new chapter in business AI innovation 

As we begin a new year, large companies and corporations need practical solutions that rapidly drive value. Modern customer relationship management (CRM) and enterprise resource planning (ERP) systems fit perfectly into this category. These solutions build generative AI, automation, and other advanced AI capabilities into the tools that people use every day. Employees can experience new, more effective ways of working and customers can enjoy unprecedented levels of personalized service.  

a person sitting in a chair using their phone

Upgrade your customer experience

Harness the power of AI and boost your sales

If you’re a business leader who has already embraced—or plans to embrace—AI-powered CRM and ERP systems in 2024, you’ll help your organization drive business transformation, innovation, and efficiency in three key ways: 

  • Streamline operations: Transform CRM and ERP systems from siloed applications into a unified, automated ecosystem, enhancing team collaboration and data sharing. 
  • Empower insightful decisions: Provide all employees with AI-powered natural language analysis, allowing them to quickly generate insights needed to inform decisions and identify new market opportunities. 
  • Elevate customer and employee experiences: Personalize customer engagements using 360-degree customer profiles. Also, boost productivity with AI-powered chatbots and automated workflows that free employees to focus on more strategic, high-value work. 

The time has come to think about AI as something much more than a technological tool. It’s a strategic imperative for 2024 and beyond. In this new year, adopting CRM AI for marketing, sales, and service and ERP AI for finance, supply chain, and operations is crucial to competing and getting ahead. 

2023: A transformative year for AI in CRM and ERP systems 

Looking back, 2023 was a breakthrough year for CRM AI and ERP AI. Microsoft rolled out new AI-powered tools and features in its CRM and ERP applications, and other solution providers soon followed. Among other accomplishments, Microsoft launched—and continues to enhance—Microsoft Copilot for Dynamics 365, the world’s first copilot natively built for CRM and ERP systems

Evolving AI technologies to this point was years, even decades, in the making. However, as leaders watched AI in business gradually gain momentum, many took steps to prepare. Some applied new, innovative AI tools and features in isolated pilot projects to better understand the business case for AI, including return on investment (ROI) and time to value. Others forged ahead and broadly adopted it. All wrestled with the challenges associated with AI adoption, such as issues around security, privacy, and compliance.   

In one example, Avanade, a Microsoft solutions provider with more than 5,000 clients, accelerated sales productivity by empowering its consultants with Microsoft Copilot for Sales. Consultants used to manually update client records in their Microsoft Dynamics 365 CRM system and search across disconnected productivity apps for insights needed to qualify leads and better understand accounts. Now, with AI assistance at their fingertips, they can quickly update Dynamics 365 records, summarize emails and meetings, and prepare sales information for client outreach. 

In another example, Domino’s Pizza UK & Ireland Ltd. helped ensure exceptional customer experiences—and optimized inventory and deliveries—with AI-powered predictive analytics in Microsoft Dynamics 365 Supply Chain Management. Previously, planners at Domino’s relied on time-consuming, error-prone spreadsheets to forecast demand at more than 1,300 stores. By using intelligent demand-planning capabilities, they improved their forecasting accuracy by 72%. They can also now quickly generate the insights needed to ensure each store receives the right resources at the right times to fill customer orders.  

All signs indicate that in the years to come organizations will continue to find new, innovative ways to use CRM AI and ERP AI—and that their employees will embrace the shift. 

In recent research that looks at how AI is transforming work, Microsoft surveyed hundreds of early users of generative AI. Key findings showed that 70% of users said generative AI helped them to be more productive, and 68% said it improved the quality of their work. Also, 64% of salespeople surveyed said generative AI helped them to better personalize customer engagements and 67% said it freed them to spend more time with customers.1 

Looking forward, the momentum that AI in business built in 2023 is expected to only grow in 2024. In fact, IDC predicts that global spending on AI solutions will reach more than USD500 billion by 2027. 

Some of the specific AI trends to watch for in 2024 include: 

  • Expansion of data-driven strategies and tactics. User-friendly interfaces with copilot capabilities and customizable dashboards with data visualizations will allow employees in every department to access AI-generated insights and put them in context. With the information they need right at their fingertips, employees will make faster, smarter decisions.  
  • Prioritization of personalization and user experiences. Predictive sales and marketing strategies will mature with assistance from AI in forecasting customer behaviors and preferences and mapping customer journeys, helping marketers be more creative and sellers better engage with customers. Also, AI-powered CRM platforms will be increasingly enriched with social media and other data, providing deeper insights into brand perception and customer behavior.  
  • Greater efficiencies using AI and cloud technologies. Combining the capabilities of AI-powered CRM and ERP tools with scalable, flexible cloud platforms that can store huge amounts of data will drive new efficiencies. Organizations will also increasingly identify new use cases for automation, then quickly build and deploy them in a cloud environment. This will further boost workforce productivity and process accuracy. 
  • Increased scrutiny of AI ethics. Responsible innovation requires organizations to adhere to ethical AI principles, which may require adjustments to business operations and growth strategies. To guide ethical AI development and use, Microsoft has defined responsible AI principles. It also helps advance AI policy, research, and engineering. 

AI innovations on the horizon for CRM and ERP systems

Keep an eye on technological and other innovations in the works across the larger AI ecosystem. For example, watch for continued advancements in low-code/no-code development platforms. With low-code/no-code tools, nontechnical and technical users alike can create AI-enhanced processes and apps that allow them to work with each other and engage with customers in fresh, new ways. 

Innovations in AI will also give rise to new professions, such as AI ethicists, AI integrators, AI trainers, and AI compliance managers. These emerging roles—and ongoing AI skills development—will become increasingly important as you transform your workforce and cultivate AI maturity.  

To learn more about the innovations that will drive—and be driven—by generative AI, read the Gartner® Hype Cycle™ for Artificial Intelligence, 2023.3  

Best practices for AI adoption in 2024 

To drive transformation with AI in CRM and ERP systems, you should carefully plan and implement an approach that works best for your organization. The following best practices for AI adoption, which continue to evolve, can help guide you: 

  • Strategic implementation: Formulate a long-term AI implementation strategy to empower employees and optimize business processes, emphasizing data-driven culture, relevant skills development, and scalable, user-friendly AI tools in CRM and ERP systems. 
  • Ethical adoption: Adhere to evolving ethical guidelines, starting with AI-enhanced process automation and progressing toward innovative value creation, while ensuring your organization is hyperconnected. 
  • Data quality and security: Maintain high data integrity and security standards, regularly auditing AI training data to avoid biases and ensure trustworthiness. 
  • Alignment with business goals: Align AI initiatives with strategic objectives, measuring their impact on business outcomes, and proactively managing any potential negative effects on stakeholders. 

As you and your organization learn more about AI and discover what you can do with it, don’t lose sight of the importance of human and AI collaboration. Strongly advocate for using AI to augment—rather than replace—human expertise and decision-making across your organization. Remember, although employees will appreciate automated workflows and AI-generated insights and recommendations, AI is not infallible. Successful business still depends on people making intelligent, strategic decisions.  

The importance of embracing AI in business 

Immense opportunities exist for organizations across industries to use AI-powered CRM and ERP systems to accelerate business transformation, innovation, and efficiency. According to Forrester Research, businesses that invest in enterprise AI initiatives will boost productivity and creative problem solving by 50% in 2024.Yet, without leaders who are fully engaged in AI planning and implementation, many organizations will struggle to realize AI’s full potential.  

Be a leader who prioritizes and champions AI in your business strategies for 2024. Your leadership must be visionary, calling for changes that span across roles and functions and even your entire industry. It must be practical, grounded in purposeful investments and actions. It must be adaptable, remaining open and flexible to shifting organizational strategies and tactics as AI technologies evolve.  

Team up with a leader in AI innovation 

Wherever your organization is in its AI adoption journey, take the next step by learning more about how AI works with Microsoft Dynamics 365, a comprehensive and customizable suite of intelligent CRM and ERP applications. 

With copilot and other AI-powered capabilities in Dynamics 365, your organization can create unified ecosystems, accelerate growth, and deliver exceptional customer experiences. It can also continually improve operational agility while realizing greater productivity and efficiency. Get started today to make 2024 a transformative year for your organization. 


End notes 

1 What Can Copilot’s Earliest Users Teach Us About Generative AI at Work? 

2 IDC Blog, Top 10 Worldwide IT Industry 2024 Predictions: Mastering AI Everywhere, 1 November 2023. 

3 Gartner, Hype Cycle for Artificial Intelligence, 2023, Afraz Jaffri, 19 July 2023.  

Gartner is a registered trademark and service mark, and Hype Cycle is a registered trademark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. 

4 Forrester 2024 Predictions: Exploration Generates Progress, Forrester Research, Inc., October 2023. 

The post AI in CRM and ERP systems: 2024 trends, innovations, and best practices appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.