What you need to know from Microsoft Ignite 2022 – Part 1

Azure Active Directory, Defender for Endpoint, Microsoft 365, Microsoft Azure, Microsoft Azure, Microsoft Endpoint Management, Microsoft Ignite, Microsoft Intune, Microsoft Intune, Teams

I’m writing this up on my flight home from Ignite 2022 hosted in Seattle, Washington. Overall, it was a good conference with many new announcements and innovations to both new and existing solutions from Microsoft. There are plenty of great blog posts highlighting all the new announcements, including Microsoft’s own “book of news“, which I’d suggest reviewing if you’re looking for a full recap. I’m going to focus on the highlights that were of particular interest to me and share my personal notes from sessions I attended. The thoughts and feedback provided are my own.  I’ll go ahead and steal a moniker a coworker once suggested and call these notes “Berger Bites” as they are brief in nature and only contain what I would consider the most important takeaways.

As I attempt to translate and make sense of my OneNote notes on my Surface Pro 8, I’m realizing this is going to take me quite some time to so I will be publishing this in multiple parts to the microsoftblogs.com website. I hope you find the information valuable!

Part 1 – Day 1 Keynote Highlights

I attended the main keynote from the “hub” in 800 pike place with several coworkers. Being in-person with teammates and watching the pre-recorded stream together on a big screen felt like a better experience considering we were in-person and in the same place.

The stat presented that organizations could save up to 60% by bundling security solutions with Microsoft than parting out to multiple vendor solutions, really resonated with me. That’s purely cost savings – now consider the seamless integration between products with no vendor finger pointing and Microsoft becomes the best, holistic security vendor in the industry, in my opinion. Microsoft Entra Identity Governance was announced as a new offering, but in reality, this is just a marketing/bundling effort to add onto the already robust identity governance capabilities found in Azure Active Directory Premium Plan 2. Existing capabilities already include:

  • Access Reviews
  • Access Certification
  • Entitlement Management
  • Privileged Identity Management

New features either already in public preview, or becoming GA in the very near future include:

  • Microsoft Entra Workload Identities (GA in November)  – Lifecycle workflows promise to automate repetitive identity tasks and extend the solutions reach into on-premises Active Directory ensuring consistent policies are in place in the cloud and on-premises.
  • A new separation of duties feature for entitlements management and compliance safeguarding will ensure that users cannot escalate privileges without proper approval and authorization.
  • New enhancements to conditional access were also announced, including authentication context allowing for more granular access policies within applications. (Think specific actions within an application requiring step-up authentication.) Very cool!
  • Also in public preview, certificate-based authentication (CBA) which will offer “phish-proof” access to resources.

Security at the data level continues to be a top priority for organizations around the world. “Companies reported an average of 20 data security incidents a year, with 40 percent of those companies reporting a financial impact of USD500,000 or more per incident” according to Microsoft. This is huge. To tackle the challenge, Microsoft showed off their continuous efforts  being made to the Microsoft Purview lineup. The biggest take away from this, for me, were the addition of capabilities to Microsoft Purview Data Loss Prevention policies and the addition of Adobe Acrobat cloud integration with Purview Information Protection. Granular policy management and contextual evidence for policy matches is now possible with Purview Data Loss Protection policies.

Continuing on with the security theme, Microsoft Defender added some pretty substantial improvements. Defender for Cloud, Defender for DevOps, Defender for Cloud Security Posture Management (CSPM), Defender External Attack Surface Management (EASM) were all mentioned as either new solutions or improvements to existing solutions. These are great solutions, but honestly not my focus or area of expertise so I’ll leave it to someone else to provide a more in-depth explanation as to what all of these new capabilities bring to the table.

What is in my wheelhouse, and of particular interest to me, was the announcement of automatic attack disruption in Microsoft 365 Defender. If you have a Microsoft 365 E5 license, you will soon have this solution which promises to “correlate trillions of signals across identities, endpoints, email, documents, cloud apps, and more to detect in-progress attacks like ransomware and financial fraud” and stop the attacks by automatically isolating compromised endpoints and identities. At first, I’ll admit, the question of “could an organization replace their MSSP provider with this technology?” crossed my mind. The answer is absolutely not. While this capability, along with a solution like Microsoft Threat Experts could go a long way for reducing many of the actions an MSSP may provide, there is still remediation, investigation and ensure resources are healthy once an attack has been disrupted successfully. Not to mention all of the other capabilities an MSSP may provide such as threat hunting, penetration testing, etc. Still, this is an awesome value add to the product, especially for those with limited security staff and/or resources.

Now for the announcements and innovations that are most near and dear to my heart…. Modern endpoint management with Microsoft Intune and Windows 11! Let’s start with re-branding. Prior to Tuesday, the overall endpoint solution toolsets from Microsoft were referred to as Microsoft Endpoint Manager (MEM). The MEM brand encompassed Microsoft Intune for cloud-based, modern device management that is cross-platform and Microsoft Endpoint Configuration Manager (MECM) for a more traditional, robust PC lifecycle management (PCLM) tool. MECM was formerly known as System Center Configuration Manager and focuses primarily on on-premises Windows device management. While the MECM solution can extend beyond on-premises and cover additional platforms, it was never really intended to be great at that which is why most organizations look to Intune for modern management and leave more complicated, legacy, on-premises requirements to MECM. It took the industry awhile to adjust to these new names (not Intune, that’s been around for a bit), Microsoft has decided to switch things up once again. MECM will be referred to as Microsoft Configuration Manager (MCM), Intune will stay Microsoft Intune and the MEM namesake will ride off into the sunset. MCM will be considered a sub-product under the Microsoft Intune brand.

A new “Advanced Management Suite premium endpoint management plan” will be targeted for release in March of 2023. The new plan will include many premium enhancements to the already robust endpoint management platform. Capabilities targeted for public preview and release in the coming months include:

  • Microsoft Tunnel for MAM – provide the Microsoft Tunnel experience currently only available to enrolled iOS and Android devices, to these same platforms on devices not managed by Intune.
  • Endpoint Privilege Manager – Allow trusted users to escalate privileges to perform administrative tasks or “allow list” certain applications to be run in administrative context. Will this solve for the ever problematic remote worker scenario where personal printer drivers/software must be installed but requires administrative credentials? Stay tuned!!
  • Improvements to the Remote Help solution already in market as an add-on.
  • Automated third-party application patching – I did a little quiet dance and applause when this was announced as I’ve been chiding Microsoft since Intune came out that this functionality was sorely missing from Intune but offered in Endpoint Configuration Manager on-premises.
  • Advanced Endpoint Analytics Capabilities – more on this coming up in a future post…
  • More Advanced Management Capabilities – more on this coming up in a future post…

This plan is an attempt to provide a more holistic endpoint management solution through Microsoft where organizations needed to source solutions from other vendors in the past to address these short falls. Third-party application patch management is a great example of this. Running an addition client agent software on endpoints just to manage application updates is costly and adds overhead to the overall management of endpoints in an environment. We will soon have an option to choose Microsoft for services such as this. To make it fair to current partners who are already providing these solutions and to pay for the additional development of the product, Microsoft will charge a fee per user for these premium functions. It will be up to organizations to decide whether the capabilities Microsoft is providing are on par or better than their current solutions and whether there is enough cost savings to justify a transition. Much more on this suite and the subcomponents will be forthcoming when I get to my day two notes.

Okay, now onto some collaboration highlights. Several enhancements and additions were made to the Microsoft 365 platform. I found the following announcements particularly interesting and noteworthy:

  • Microsoft Loop – Via workspaces, pages and components built into Microsoft Teams, this solution will extend the creativity and collaboration efforts for project-based and team-based work. Initially, this solutions comes off as “yet another tool” for users to leverage that may cause confusion on when to use what tools, but my guess is that this solution will primarily be used to extend existing Microsoft 365 apps functionality in the future. A really cool feature is the ability for the solution to keep Loop components synchronized across Microsoft 365. So the same changes I make to a Loop component in Teams, will show up in the Loop component as part of a Word document, for example.
  • An updated Microsoft 365 app coming in November, 2022 – Check out the new icon! Microsoft bills the enhancements as “a secure, integrated, experience built on the Microsoft Graph that brings together all your documents, files, contacts, meetings, and more—with intelligent, Graph-powered recommendations personalized for you.” Third-party content now being surfaced in the app is something we haven’t seen before. The new app will also show third-party apps integrated with Azure Active Directory.
  • Microsoft Designer – This new app is powered by AI and was demo’d as a solution to assist users in creating image content where existing image search results just aren’t what the user is looking for. I’ll be curious to check this one out in the future but it’s certainly not a game changer for me based on what I’ve seen so far. Nice value add, though.
  • Microsoft Create – For those of us that have zero design skills or creativity when it comes to presentations and content, this solution seems to offer help in the form of templates, more appealing graphics and suggestions for making the most of a PowerPoint deck or LinkedIn post. If I’m understanding this correctly, Create is the main platform while tools like Designer, ClipChamp, Powerpoint, etc are our editing tools. This solution is in public preview and being as I’m often asked to give presentations, I’ll be checking this out to hopefully make my content more engaging moving forward.
  • Clipchamp – Is now making its debut in Microsoft 365! This application was introduced with Windows 11 22H2 and offers a streamlined video editing solution for those of us that need basic tools with storyline editing functionality. Based on my use of Clipchamp so far, I won’t be renewing my Camtasia subscription (only because my needs are very basic. I do enjoy Camtasia, I just don’t need all of its capabilities).
  • Viva Amplify – While many new additions and enhancements were added to the Viva platform, the most notable for me was Viva Amplify. This solution seems to solve for the challenge of getting a communication out to users using multiple tools and tracking overall impact via reporting. Larger organizations may struggle with figuring out whether to send that all company message via email, Teams, Viva or SharePoint Online. This solution appears to help get the message out across all platforms and offer guidance for the sender on what communications platforms are offering the best impact.
  • Microsoft Places – I love this concept of this new solution. In a hybrid working world, it becomes increasingly difficult to figure out office logistics such as who will be attending a meeting in-person versus virtual, where a coworker is currently, physically located in the office, and how to book meeting space based on the number of individuals in the office. Places seems to address all of these issues while also offering insight on real estate usage for organizations trying to determine if expanding or contracting real estate is necessary. Places won’t officially be out until March 2023, so stay tuned on this one.
  • Microsoft Teams Premium – It’s interesting to me that we are starting to see these additional “add-on” packages for premium features. It’s understandable that Microsoft needs to charge a bit more for these enhancements as it takes money to invest in developing all of these net new features, but it does make for an overly complex license model when it comes time to determine how much you owe the piper. If you decide to go premium, here’s everything you will get:
    • Virtual meetings with custom backgrounds and other company branding options
    • Meeting guides to help provide structure and clarity on what the purpose of the gathering will be
    • Intelligent recap, which uses AI to assign tasks post-meeting, using Microsoft To do
    • Automatic recording and transcription with call-out’s such as name mentions and better transcription search
    • Ability to add sensitivity labels to meetings for customer with Microsoft 365 E5 licensing. This will better protect meeting content from getting into the wrong hands.
    • Watermarks on shared content and video feeds to help deter data theft
    • Ability to designate who can record meetings and the ability to enable end-to-end encryption for highly confidential meetings
    • An improved customer experience when joining a scheduled Teams call. Pre-appointment SMS reminders, a branded lobby room, and rich meeting experiences are all included as options.
    • Improved meeting analytics such as no-shows and average wait times
    • A browser-based Teams client for mobile devices to allow users to join calls without the Teams native app
    • A better webinar experience with features such as pre-meeting green room for presenters to prep, managing what attendees see during the webinar, and automatic email reminders before the webinar begins

A few other interesting notes where the inclusion of Cisco as a new Teams certified device partner. This is really interesting to me since WebEx is a direct competitor to Teams in a lot of ways. Any way you slice it, it is a benefit for organizations in my eyes. With interoperability comes flexibility and less vendor lock in. As a Cisco WebEx customer, I can now attend a Microsoft Teams meeting scheduled by an external party with my existing investment in meeting room technology from Cisco. I’ll just be curious to see how all of this plays out with both vendors competing for communication/collaboration platform market share.

Yealink got a really cool shoutout for their new Smartvision intelligent 360-degree, all-in-one camera conference room solution. The meeting room camera solution will include capabilities for four in-room active speakers who will be shown to participants via individual video feeds stitched together to show a panoramic view of the room. A 20-foot audio pickup radius from multi-functional microphones and automatic speech-to-text live transcription, with speakers identified by their names are touted as features built into the solution.

The last feature I highlighted in my notes as being very valuable is the new Windows 365 app for accessing Windows 365 desktops. The concept of an app purpose built for end-users to access their work from any endpoint is much improved from the current model of downloading the remote desktop app (make sure it’s the “new” one and oh by the way there are two versions, a modern app from the store and a Win32 version downloadable from Microsoft direct with different features for each). End users and help desk alike will appreciate the simplicity of gaining access to Windows 365 VM’s using this new app. FYI the new app is available in the Microsoft app store now and it is recommended to uninstall the original remote desktop app, if you already have it installed.

That concludes part one of my Ignite 2022 highlights. In the next segment I will publish my notes/thoughts from attending sessions related to modern endpoint, identity and endpoint security. Thanks for reading along!