The headline Ignite 2019 identity and security announcements - straight from Orlando.
Unless you’ve been hiding under a rock for the past week, you’ll probably have noticed a little event happen last week called Microsoft Ignite.
Held in Orlando, Florida from 4–8 November, Ignite saw over 25,000 delegates gather for all the latest news and announcements across all of Microsoft’s identity and security technologies.
We sent two valiant ThirdSpacers into the fray to soak up all the new updates and features from the hundreds of workshops and sessions.
Dave Guest, our resident Technological Evangelist, and Mat Richards, Head of Mobility and Security, have now returned to British soil. Here are their top takeaways:
I was privileged enough to attend Ignite 2019 in Orlando and picked up a lot of information on what is coming up; new ways of implementing technologies and some new partnerships, too.
The first thing I have learned is that my feet hurt. I have done nearly 120,000 steps going to the event and between sessions. That works out at around 75 miles over the 5 days! Both in terms of distance and content, there’s a lot of ground to cover, but here are my highlights from Ignite:
Whilst there was a plethora of announcements across Azure AD, AD (yes, it is still around), single sign-on, AIP and more, one of the biggest changes is that multi-factor authentication (MFA) is now free for all users of Azure AD.
This is provided via the authenticator app (not SMS or call) and is a big step forward, so now there’s no excuse not to have MFA enabled.
The ability to add sensitivity labels is now being made available to the Office apps (Word, PowerPoint, Outlook, etc.) across all platforms (Windows, iOS, Mac, Android and Web). These will use the new unified labelling rather than the old AIP labels and will automatically appear as the updates are rolled out across the world.
One of the more significant changes is Azure’s links with companies like F5, Zscaler, Akamai and Citrix to provide single sign-on to internal applications. This is possible through the Azure Application Proxy as it supports Claims and Kerberos, but this new partnership adds NTLM, WS-Fed, and header authentication into the mix. The only potential issue here is around applications that require a form-fill.
A passwordless future appears to be coming ever closer, particularly as Microsoft and other vendors cooperate to deliver secure authentication using FIDO2.
This can be with a USB device (Yubico, for example) or through Windows Hello for Business. Either way, the password is now not the only way to authenticate to the workstation. Support for this on-premises (accessing AD) is coming, too, so it may soon be a case of one key to authenticate them all.
So, my feet still hurt, but these are just a few of the key announcements to come out of the past few days. I’ll be covering these and a lot more in my last quarterly tech update of 2019.
Ignite has come and gone for another year, and there’s an awful lot to unpack, but I’ve picked out some of the key announcements that stood out as significant:
Before Ignite really got going, Microsoft held a cyber security summit as an early event.
The event was kicked off by Microsoft CISO, Bret Arsenault, and was followed by many other speakers, including Alex Stamos (former Chief of Security at Facebook and now Adjunct Professor at Stanford’s Freeman-Spogli Institute), Betsy Cooper (Aspen Tech Policy Hub), Keren Elazari (k3r3n3.com) and Jeremiah Grossman (Bit Discovery and CSS SentinelOne).
There were many topics being discussed, but the key areas for me were all about risk and being able to quantify what this means for different organisations. It’s not always just down to securing your digital assets, but should also focus on physical aspects, including control systems that manage things like power and facilities. There was also a key focus on the threat that insiders pose to our organisations – this was a common theme throughout the week.
The standout announcement for me was the introduction of Microsoft Endpoint Manager.
This is a new cloud-based platform/portal that is used to manage both Intune and Configuration Manager.
This new platform enables you to manage both systems from a single intuitive portal across your cloud managed devices and those managed on-premises through Configuration Manager. Both Intune and Configuration Manager come together to now form the new Microsoft Endpoint Manager (MEM) solution.
“Microsoft also announced that any customer that has Configuration Manager today are now fully licensed to use MEM (aka Intune) now!”
It’s a good move from Microsoft, as I think there were technical and architectural challenges that the two technologies presented. Bringing them both together underneath the Microsoft Endpoint Manager umbrella addresses both of these challenges. Microsoft also announced that any customer that has Configuration Manager today is fully licensed to use MEM (aka Intune) now!
In addition, there are new capabilities for mobile device management dealing with advancements with Apple iOS and iPadOS and Android.
For iOS/iPadOS, the ability to manage user enrolment comes to MEM; for Android, Microsoft will be introducing a migration for devices managed through Android Device Admin to Android Enterprise.
The latter also introduces the ability to trigger an e-mail to the end user to guide them through the migration, but will also be useful to help end users when their device drifts into a non-compliant state. Great for reducing the help desk burden that this would present.
Bitlocker is gaining better management from within MEM and now allows you to rotate keys.
MEM already has the ability to deploy GPO type controls through the deployment of administrative templates, but it will soon have the ability to import your on-premises Active Directory Group Policies and apply them directly into MEM.
Not all policies will be supported, but Microsoft will provide a nice report that highlights those that can’t be imported and and offers recommendations on how to address them. This is all handled in an intuitive and easy to use workflow from within the MEM portal.
Microsoft are also making strides in helping organisations deal with the many different security technology portals that are currently in use.
They will be introducing a Microsoft Threat Protection portal that will be your single point to consume and interact with alerts that are generated from the various ATP technologies.
This shouldn’t be confused with Azure Sentinel, though. Sentinel is the top-level consumer of all security related telemetry, not only from Microsoft security controls but also from 3rd party controls.
Sentinel is the overall security incident management layer that folds automation and orchestration into the solution. Sentinel was a huge focus at Ignite. From our perspective, none of this was new, as we’ve been working with Sentinel for many months.
Microsoft Cloud Application Security (MCAS) got some love, too, with the introduction of many new insights and protections against the current most common attack vectors.
One of the key detections was the ability to detect suspicious activities on user’s mailboxes, such as unusual forwarding rules and activities against ‘ghost’ folders such as RSS feeds or other un-commonly used folders.
“I think I’m safe in saying that the investment Microsoft is making in the field of security is not slowing down.”
There were further integrations with Azure Identity Protection announced with MCAS. MCAS will also allow you to block unsanctioned apps in your organisation which will leverage the integration with Microsoft Defender Advanced Threat Protection (MDATP). This means that when you discover and need to block an app, you can do this right from the MCAS console – it will immediately take effect on your Windows 10 end points.
There are a lot of new capabilities coming to Azure Identity Protection, including the ability to customise risk levels and to determine what things like high risk mean for you. The intelligence and AI being built into Azure Identity Protection is massive. This is a really good thing – identity is such an important area to protect.
To summarise, I think I’m safe in saying that the investment Microsoft is making in the field of security is not slowing down. The pace at which new security innovations are being introduced is fast – we need this as the bad guys aren’t going to slow down!
There were so many announcements being made that it’s impossible to cover them all. We’ll be busy in the coming months delivering webinars and blogs and sharing these developments with you all.
For more on what’s new to Microsoft 365, watch our tech update webinar where Dave Guest will be summing up all the key changes and improvements coming to Azure AD, AIP, MCAS and more.
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.