Securing Your IT Estate with Tanium & Microsoft

This post originally appeared at CIO.com under the title, “Bulletproofing your threat surface with the Microsoft security ecosystem.”

Since Satya Nadella took the helm in 2014, Microsoft has doubled down on its support for non-Microsoft technologies. Its commitment to Linux turned what might have been a Windows Server-based cloud computing backwater into the Microsoft Azure powerhouse, the only public cloud to give the AWS juggernaut a serious run for its money.

This “plays well with others” strategy has proved wildly successful for Microsoft across its entire product line, even though it has always been strongest when delivering Microsoft software for Microsoft customers.

The key to balancing these two strengths is a comprehensive partner strategy. Partnerships are especially important in the cybersecurity realm, as Microsoft’s core strengths in its own technologies reinforce long-standing “Microsoft shop” silos. And if there’s one weakness that bad actors love to exploit, it’s technology silos.
Modern enterprise threat surfaces are diverse, extensive, and dynamic—and most certainly extend well beyond any single vendor’s offerings. Microsoft understands this sobering reality, even though establishing vendor dominance within its enterprise customer base has long been its bread and butter.

Hence the critical importance of partnerships with cybersecurity vendors that address joint customers’ dynamic threat surfaces, while simultaneously empowering them to leverage Microsoft’s market-leading cybersecurity offerings.

Better endpoint protection with Microsoft Defender

Microsoft Defender is a suite of products for integrated threat protection across many different types of endpoints for many different types of businesses and individuals.

The most familiar Defender products include Microsoft 365 Defender, Microsoft Defender for Cloud, Microsoft Defender for Business, and Microsoft Defender for individuals.

In addition, the company offers Microsoft Defender for Endpoint (MDE) – a version of Defender that Microsoft has targeted specifically at endpoint devices across multi-platform enterprises.

Offering managed services for MDE are service providers like BlueVoyant, which leverages its 24×7 team of experts to enrich MDE behavioral data with threat intelligence and security expertise.

Tanium’s Converged Endpoint Management (XEM) offering ensures that organizations have properly deployed MDE across every endpoint, including endpoints not included in Microsoft Entra ID (MEI), formerly Azure Active Directory.

Zero trust with Microsoft Entra ID

MEI extends the market-leading Active Directory identity and access management solution to multiple clouds via an as-a-Service offering. It consists of an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access across hybrid enterprise resources.

Tanium enhances the capabilities of MEI by denying access to non-compliant and otherwise high-risk devices. Admins can then use Tanium’s real-time remediation capabilities to bring such devices into compliance, thus minimizing their adverse impact on end users.

Netskope also offers two applications that integrate with MEI. Netskope User Authentication supports the enrollment and provisioning of users into their Netskope installations in support of complex security policies. The second product is the Netskope Administrator Console for facilitating granular role-based access to the Netskope administrative interface.

A leading managed services Microsoft partner is Wipro, which offers various digital identity and access management managed services offerings including end-to-end support, migration planning and execution, and accelerators that speed up application onboarding processes for MEI.

Providing more complete data to Microsoft Sentinel

Microsoft Sentinel combines two important capabilities: Security information and event management (SIEM) and security orchestration, automation, and response (SOAR).

Sentinel is a data-centric application that provides security analytics and threat intelligence across the enterprise for detecting attacks and gaining visibility into threats both before and after a compromise.

The more data Sentinel has available to work with, the better, and many vendors across the Microsoft ecosystems integrate with Sentinel for this purpose. In particular, Tanium’s XEM offering gathers diverse and detailed endpoint data across diverse endpoints and provides those data to Sentinel.

As a result, both security and ops teams can leverage Sentinel as a single platform for investigating, managing, and remediating alerts and their associated events across the hybrid landscape.

Extending Microsoft Intune across the entire enterprise threat surface

Microsoft Intune is a cloud-based endpoint management solution that manages user access while simplifying app and device management across devices.

Intune has compliance and reporting features that support Zero-Trust strategies. Tanium extends these features across multiple operating systems, container environments, and other parts of the enterprise infrastructure to support more complete configuration management, patching, and policy enforcement.

Complementing Microsoft Intune are vendors like Appdome, which offers Intune integration to Android or iOS apps via Appdome’s no-code implementation of the Intune SDK.

Another notable Microsoft partner is Lookout, which offers Mobile Threat Defense for Microsoft 365. This product integrates with MEI, MDE, and Intune to protect the broad mobile threat surface, including phishing threats via email, SMS, and social media; malicious applications, OS, and configuration threats; and man-in-the-middle and other network attacks.

The Intellyx take

Sentinel, MEI, Defender, and Intune are all effective security products – but for enterprises with diverse and expanding threat surfaces, these products may not be effective enough.

Microsoft’s broad security ecosystem complements Microsoft’s security products by extending their protections to all corners of the threat surface, while responding in real-time to threats at any endpoint.

Enterprise security professionals must always consider how many security products they need and how well they work together as a unit to address the threats facing their organizations.

When those professionals count on Microsoft for security, they should also consider working with Microsoft’s ecosystem of security partners. In particular, Tanium provides visibility, control, and remediation across the entire Microsoft estate.

Adversaries will always seek to target the weak points in any organization’s protections. Combining Microsoft with ecosystem partners like Tanium strengthens those weak points while giving organizations the power to respond to threats in real time.

---

Learn more about how Tanium and Microsoft are better together.

Microsoft recently announced their Partner of the Year Award winners. Check out the list and see how you can enhance your security with partners Microsoft selected based on their commitment to customers, the impact of their solutions, and their exemplary use of Microsoft technologies.