Applications using Azure Active Directory (AD) to authenticate—a category that includes Office 365, among other things—will soon be able to stop using passwords entirely.

Azure AD accounts can already use the Microsoft Authenticator app for two factor authentication, combining a password with a one-time code. With the new passwordless support, authentication is handled entirely by the app; the app itself represents "something you have," and this is combined with either biometric authentication or a PIN. Passwords have a long, problematic history; while they can be very strong, if suitably long and suitably random, human passwords are often short, non-random, and reused across multiple sites. App-based authentication avoids this long-standing weakness.

Enabling two-factor authentication is just one of the things that organizations can do to improve their security. To that end, Microsoft has extended "Microsoft Security Score," a tool used to assess organizational policy and provide guidance on measures that can be taken to harden an organization against attack. Secure Score already spans Office 365 and Windows security features; to these, Microsoft has added Azure AD, Azure Security Center, and Enterprise Mobility + Security, covering a wider range of settings and options.

When breaches have occurred, the new Microsoft Threat Protection provides detection and remediation of a wide range of threat protection systems, from email to identity to infrastructure. This should make it easier to catch suspicious behavior—strange login attempts, unusual file modifications, unexpected program crashes, atypical network activity—and lock accounts, isolate systems from the network, or whatever else is appropriate for the threat being faced.

Finally, Azure Confidential Computing is now available in preview. Confidential Computing is a platform for Azure virtual machines that use processors supporting Intel's SGX technology. Using the Confidential Computing platform, developers can create cloud applications that process sensitive data in secure, isolated, encrypted enclaves such that even Microsoft cannot see what's going on. The intent is that it should enable applications with strict privacy concerns to be safely run in the cloud.