Microsoft Copilot for Security and NIST 800-171: Access Control
The second blog in this series will dive into the very first requirement family -Access Control (3.1) - and how organizations may deploy Microsoft Copilot for Security (Security Copilot) to meet the requirements entailed.This requirement family is arguably one of the most paramount because of the remarkable growth in identity-based attacks and the need for identity architects and teams to work more closely with the Security Operations Center (SOC). Microsoft Entra data noted in the Microsoft Digital Defense Report shows the number of “attempted attacks increased more than tenfold compared to the same period in 2022, from around 3 billion per month to over 30 billion. This translates to an average of 4,000 password attacks per second targeting Microsoft cloud identities [2023]”.Microsoft Reference Identity Architectures for the US Defense Industrial Base
The white paper “Microsoft Reference Identity Architectures for the US Defense Industrial Base” is the result of deep collaboration among the National Defense ISAC "MSCloud" Working Group. It provides the group’s consensus on common challenges coupled with guidance on potential ways to overcome those challenges.Microsoft Collaboration Framework for the US Defense Industrial Base
This article focuses on the candidate reference architectures for identity to accommodate Multi-Tenant Organizations (MTO), and specifically those that have a deployment in the US Sovereign Cloud with Microsoft 365 US Government (GCC High) and Azure Government. It also addresses external collaboration in highly regulated environments, inclusive of organizations that are homed in either Commercial or in the US Sovereign Cloud.
