Blog Posts, Personal Posts November 22, 2024 0

My Top 5 Microsoft Security Announcements from Microsoft Ignite 2024

Microsoft’s annual tech event, Microsoft Ignite 2024, was held in Chicago last week. The on-site event includes informative sessions, product demos, hands-on labs, and valuable networking opportunities. Still, people worldwide can also join in on (most) of the fun remotely. 

I couldn’t attend in person or remotely this year, but that doesn’t mean I won’t dive into all the new product announcements once Microsoft reveals them. If you want to dive into all the new announcements, read Microsoft Ignite’s Book of News; it has most of the information.

In this blog post, I’m sharing my thoughts on my top 5 Microsoft Security announcements from Microsoft Ignite 2024. The post will include the following sections;

Administrator protection on Windows 11

With all the investments in recent years in features such as LAPS (Local Admin Password Solution) and EPM (Enterprise Privilege Management), the announcement of the new “Administrator protection” feature came as a surprise to me. Like LAPS and EPM, this feature’s primary function is to protect administrative privileges on Windows devices, but it does this a little bit differently.

With the Administrator Protection feature enabled, a user signs in as a regular user but is granted just-in-time elevation rights for the duration of an administrative task.

The user will need to verify their identity with Windows Hello before an admin task is authorized to make changes to the device, such as installing software, changing system settings, or executing a script.

If all works as expected, this feature will be a must for any company still deciding whether to remove device administrative permissions for regular users. It looks to be a very accessible way to protect against unauthorized access and malicious software while still allowing users to perform administrative tasks.

The feature is already available to Windows Insiders, so we can try it out right now! You can enable the feature from the local device settings, or as an admin, you can configure an Intune or GPO policy.

Data Loss Prevention (DLP) for Microsoft 365 Copilot

Because of this new AI and Copilot era, Data Security is getting a lot more attention, and that’s why you see a lot of Microsoft Purview announcements this year on Microsoft Ignite 2024.

Data Loss Prevention policies are not one of the new kids on the block because it has been around for more than 10 years now, but now we have DLP for Microsoft 365 Copilot, which is, in theory, nothing more than a new location included in the policies, but in practice it should be a really important tool moving forward to prevent data oversharing and leakage.

Within a Data Loss Prevention policy, we’ll be able to configure which content is allowed to be processed by Microsoft 365 Copilot, which should help organizations trust and, therefore, adopt Copilot more easily. Not much is known yet about this new product’s capabilities, but we’ll know soon enough, as I’m expecting it to arrive in preview very soon!

Microsoft Defender for Identity sensor for Entra Connect

Up until now, Microsoft has had four types of Microsoft Defender for Identity sensors available to install;

  • one for Active Directory Domain Services (AD DS) servers
  • one for Active Directory Federation Services (AD FS) servers
  • one for Active Directory Certificate Services (AD CS) servers
  • and lastly, there was the Standalone Sensor meant for dedicated servers

Now, Microsoft has introduced a new type of sensor specifically designed for Entra Connect (previously known as Azure AD Connect) servers. Since Entra Connect is the service responsible for the synchronization of identities between cloud and on-premises and Single Sign On, this is a really important place to monitor for unusual activities in any hybrid environment.

A few new detection examples are suspicious interactive logins to the Entra Connect server, user password resets by Entra Connect Accounts, and suspicious writebacks by Entra Connect on sensitive users.

Extend protection on unencrypted files

This neat little feature was buried in a larger sum of upgrades to Microsoft Purview, but it is a very welcome one. SharePoint Site owners were always able to set a default sensitivity label for newly created documents in a document library, but this still left a risk for any previously created documents. If users download, copy, or move any of these unencrypted documents, they will leave the library unprotected.

Enabling this new feature allows site owners to protect all of the library’s files by automatically placing an encryption label on a file that is being moved out.

I really like this update, but sadly, there is a catch. This new feature is only available for companies with the Microsoft 365 E5 and SharePoint Advanced Management licenses.

Hotpatch for Windows 11 Enterprise

For two years, this feature was already available for Windows Server, but now the public preview has been announced for Windows 11 Enterprise, version 24H2. As the name suggests, Hot Patch updates will ensure quick security patching while minimizing user disruptions. Instead of having to restart their device, users will be able to keep being productive while hot patch updates take effect immediately—great stuff!

Microsoft will introduce a new yearly cycle that will work as follows: At the start of each quarter (January, April, July, and October), the device will install the cumulative security and feature updates and restart. In the other two months of the quarter, the device will hot patch the security updates without a reboot.

During the preview, you’ll need the following to be eligible for hot patching:

  • a Microsoft subscription that includes Windows Enterprise E3 or E5 or a Windows 365 Enterprise subscription.
  • Devices running Windows Windows 11 Enterprise, version 24H2 (build 26100.2033 or later)
  • Microsoft Intune

When available, we should be able to configure a Windows quality update policy in Intune and Windows Autopatch to enable the new hot patch feature for Windows 11 Enterprise.

My Top 5 Microsoft Security Announcements from Microsoft Ignite 2024

About the author

Myron Helgering:

0 Comments

Would you like to share your thoughts?

Your email address will not be published. Required fields are marked *

Leave a Reply