Top Announcements in Microsoft Hybrid Cloud and Security
Microsoft Ignite is a showcase of the best of what’s next for Microsoft and its partners. At this year’s annual conference, Microsoft welcomed more than 200,000 people virtually and 7,500 from satellite locations globally. Attendees gained world-class training skills and were introduced to the latest products and services designed to help customers, partners and developers get the full value of Microsoft’s technologies. And as always, there are some significant developments arriving soon. These are the ones we think will be most useful to our clients in Microsoft hybrid cloud and security.
Microsoft Hybrid Top Announcements
Azure Automanage now available for Azure Arc-Enabled Servers and Azure Virtual Machines
Azure Automanage saves time by automating configuration and management of servers throughout a customer’s entire life cycle at scale, whether they are in Azure or in hybrid environments enabled by Azure Arc.
With the general availability for Azure virtual machines (VMs) and Arc-enabled servers, Microsoft adds new capabilities to further automate configuration and management of any server, including:
- Applying enhanced backup settings and different auditing modes for the Compute Server Baselines.
- Specifying custom Log Analytics Workspace and Azure tags to identify resources based on settings relevant to an organization.
- Support for Windows 10 VMs.
- Support for enabling Microsoft Antimalware.
Why it matters: Azure Automanage provides unique capabilities for Windows Server VMs in Azure that simplify management and improve workload uptime to further increase efficiency and cost savings. One of these capabilities is Hotpatch, which allows patching without the need to reboot every installation, reducing downtime of Windows Server Azure edition VMs in Azure.
Related read: Azure Automanage - Effortless automation of cloud and on-premises infrastructure
New Feature Release for Azure Stack HCI
Azure Stack HCI offers subscription-based management for customers who need hybrid infrastructure in their own datacentres. Enabled by Azure Arc, Azure Stack HCI is introducing a new release with many new features to increase security, versatility, and performance. They include:
- Enhanced Azure remote support: Users can grant consent on an as-required basis for Microsoft personnel to remotely gather logs and commands, greatly simplifying support. This feature is in preview.
- Azure Marketplace for VM self-service: Access to VM images, including Windows 10 Enterprise multi-session and Windows 11 Enterprise multi-session, directly from the Azure Marketplace. This feature is in preview.
- Intent-based network automation with Network ATC is generally available.
Why it matters: Azure Arc and Azure Stack HCI can help you operate hybrid seamlessly, including a new hybrid benefit for Software Assurance customers.
Related read: What's new for Azure Stack HCI at Microsoft Ignite 2022
Cloud-Like Capabilities available for Azure Arc-Enabled SQL Server
Azure Arc-enabled SQL Server has several new features, now generally available, which allow customers to take advantage of a cloud-like experience, including:
- A single sign-on experience that integrates with Azure Active Directory (Azure AD). Customers can sign in and manage all Azure resources and their SQL environments through the same portal in one integrated step.
- Improved security and monitoring with Microsoft Defender that allows customers to assess and secure SQL Server estates across multi-cloud, hybrid environments
Why it matters: Azure Arc-enabled SQL Server extends Azure services to SQL Server instances hosted outside of Azure; in your datacentre, on the edge, or in a multi-cloud environment.
Related read: Azure Arc-enabled SQL Server
Microsoft Security Top Announcements
Microsoft Defender for Cloud adds new protections for comprehensive Security
New capabilities for Microsoft Defender for Cloud will help organisations strengthen their cloud security posture, extend threat protection across workloads, and integrate DevOps security across hybrid and multi-cloud environments. These updates are Microsoft’s latest steps to make Defender for Cloud a comprehensive cloud-native app protection platform.
New capabilities in Defender for Cloud include:
- Microsoft Defender for DevOps: A new solution that will provide visibility across multiple DevOps environments to centrally manage DevOps security, strengthen cloud resource configurations in code and help prioritise remediation of critical issues in code across multi-pipeline and multi-cloud environments. With this preview, leading platforms like GitHub and Azure DevOps are supported and other major DevOps platforms will be supported shortly.
- Microsoft Defender Cloud Security Posture Management (CSPM): This solution, available in preview, will build on existing capabilities to deliver integrated insights across cloud resources, including DevOps, runtime infrastructure and external attack surfaces, and will provide contextual risk-based information to security teams. Defender CSPM provides proactive attack path analysis, built on the new cloud security graph, to help identify the most exploitable resources across connected workloads to help reduce recommendation noise by 99%.
- Microsoft cloud security benchmark: A comprehensive multi-cloud security framework is now generally available with Microsoft Defender for Cloud as part of the free Cloud Security Posture Management experience. This built-in benchmark maps best practices across clouds and industry frameworks, enabling security teams to drive multi-cloud security compliance.
Expanded workload protection capabilities: Microsoft Defender for Servers will support agentless scanning, in addition to an agent-based approach to virtual machines (VMs) in Azure and AWS. Defender for Servers P2 will provide Microsoft Defender Vulnerability Management premium capabilities. Microsoft Defender for Containers will expand multi-cloud threat protection with agentless scanning in AWS Elastic Container Registry. These updates are in preview.
Why it matters: Organisations need a comprehensive approach toward cloud security and a centralised, integrated solution to mitigate risk from code to cloud to counter these threats. New innovations in Microsoft Defender for Cloud are the solution; helping to protect multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime.
Microsoft 365 Defender now disrupts Ransomware at Machine Speed
Microsoft 365 Defender now automatically disrupts ransomware attacks. This is possible because Microsoft 365 Defender collects and correlates signals across endpoints, identities, emails, documents, and cloud apps into unified incidents and uses the breadth of signal to identify attacks early with a high level of confidence.
Why it matters: Time is critical in ransomware attacks, and now Microsoft 365 Defender can automatically contain affected assets, such as endpoints or user identities. This helps stop ransomware from spreading laterally, which can substantially reduce the overall cost of an attack while improving a company’s resiliency to recover. The security operations team stays in full control of investigating, remediating, and bringing assets back online once they are returned to a healthy state.
Microsoft Entra Identity Governance (in Preview)
Microsoft Entra Identity Governance, now in preview, will help organisations ensure that the right people have the right access to the right resources at the right time. This release will deliver a comprehensive identity governance product for both on-premises and cloud-based user directories.
The newly released capabilities include life cycle workflows to automate repetitive tasks, connection to on-premises to enable consistent policies for all users and separation of duties in entitlements management to help safeguard against compliance issues. These complement existing Microsoft Entra Identity Governance features, including access reviews, access certification, entitlements management and privileged identity management.
Why it matters: Microsoft Entra Identity Governance will help organisations simplify operations, support regulatory compliance, and consolidate multiple identity point solutions.
Related read: 5 cybersecurity capabilities announced at Microsoft Ignite 2022 - Microsoft Security Blog
As always, the annual Microsoft Ignite conference has unveiled some exciting new developments that will better help Microsoft users to achieve their strategic goals. The focus on enabling and simplifying multi-cloud operations is of great interest, particularly on how Microsoft Cloud is helping customers do more with less. In today’s uncertain economic times, organisations are looking for new opportunities to change the way they work to get better results and maximise their existing IT investments.
If you’d like to learn more about any of these developments and how they will help your business, please get in touch. To view a guide of all the announcements Microsoft are making, including the ones in our article, please visit The Microsoft Ignite Book of News.
As a certified Microsoft Azure Expert MSP with multiple solution designations, we’ve helped organisations of all kinds maximise long-term value of their Microsoft investment, reduce risk and improve system reliability through specialist IT solutions and services. So, whether you need to discuss ransomware or multi-cloud management, our qualified team will draw from their broad expertise and in-depth knowledge of Microsoft technologies to provide advice that’s tailored to suit your needs and budget.