#TechBlog: Microsoft Ignite 2024

Microsoft Ignite 2024

Microsoft Ignite 2024: A Paradise for Tech Enthusiasts

In this blog, we dive deep into the technical details to bring you the latest innovations, the most exciting use cases, and the best practices for your everyday IT needs. Ready to take your knowledge to the next level? Then read on!

Windows Hotpatch

The End of Restarts for Patches

In the IT world, reboots after patches have been an unavoidable evil for years. On average, companies have lost 88 days of productivity time – and that's just due to downtime during reboots. In addition, users are often hesitant to install updates promptly, which can result in security risks and compliance violations.

Windows Hotpatch makes this problem a thing of the past. The new technology downloads updates in the background and activates them immediately after installation, without the need for a restart.

The advantages of Windows Hotpatch:

No interruptions: Critical security updates are applied directly without disrupting users' work.
Continuous protection: Systems are always kept up to date without delays caused by pending restarts.
Higher productivity: The time lost due to restarts is completely eliminated, which is particularly advantageous in business-critical environments.

Hotpatch is a milestone in the patch management strategy that makes it possible to optimize the balance between security and productivity in the long term. For IT administrators in particular, this means a considerable simplification of their daily work and less stress due to unplanned outages.

Endpoint Management

New Features in the Area of Endpoint Management

In addition to Windows Hotpatch, Microsoft announced a variety of new endpoint management features at Ignite 2024. These innovations are designed to give IT admins even more control and efficiency.

Microsoft Endpoint Manager

Microsoft Endpoint Manager now supports the deployment of DMG applications to macOS devices. This enhancement simplifies not only deployment but also troubleshooting. IT admins can flexibly use various assignment types such as «required», «uninstall», or «available »at registration”.

Endpoint Privilege Management

Endpoint Privilege Management (EPM) now offers even more granular control options. Administrators can precisely define which commands may be executed with elevated privileges. This improves security by allowing potentially risky actions to be blocked.

Guided Application Upgrade

The new Guided Application Upgrade feature makes managing app updates much easier. Using Microsoft Graph, applications can be deployed and updated without manual intervention – a more efficient and error-free process.

Personal Data Encryption

Microsoft is introducing personal data encryption for Windows folders. This feature provides additional protection for sensitive files such as images or desktop folders. In combination with Intune, access to encrypted data remains secure even with elevated permissions.

AOSP devices

Support for AOSP devices has been expanded. Intune can now manage specialized devices such as those for frontline workers. This significantly extends the reach of Microsoft Endpoint Manager.

New Microsoft Entra ID features

Enhanced Security thanks to new Microsoft Entra ID Features

Microsoft has unveiled an impressive list of new Entra ID features that take the security of our identities to the next level. Here is an overview of the most important innovations:

Phishing-resistant authentication

With the general availability of Certificate-Based Authentication (CBA), Microsoft enables secure, password-free authentication that is optimized for both cloud and hybrid environments. New Conditional Access Policies also support phishing-resistant MFA methods such as FIDO2 security keys and Windows Hello – a crucial step in protecting sensitive resources.

Identity Governance

Lifecycle Workflows (Preview): Identity management tasks such as employee onboarding or offboarding can now be automated. Access Packages automatically assign or remove permissions, improving efficiency and compliance.
Separation of Duties (GA): This feature reduces risk by requiring approval from multiple people for high-risk actions, minimizing the potential for fraud.

Microsoft Entra Private Access: The new VPN solution

Quick Access Policies (GA): Facilitate the connection of private apps to Microsoft Entra.
App Discovery (preview): Simplifies the discovery of private apps.
Private DNS (preview): Enables access to resources via single-label names or hostnames.

Microsoft Entra Internet Access

Universal Continuous Access Evaluation (CAE, preview): CAE revokes access privileges in near real time as conditions change, whether or not apps or clients natively support CAE.
TLS Inspection (private preview): Enables inspection of encrypted traffic to improve threat detection for internet access.

Conditional Access Advances

Universal Conditional Access: Protects access to federated and non-federated apps, external websites and network destinations.
Compliant Network Check: Ensures compliance with network security policies when accessing critical cloud services.
Integration with Secure Web Gateway: Conditional access controls now work seamlessly with Microsoft Entra's Zero Trust solutions to protect internet- and app-related identities.

Enhanced identity protection

New token anomaly detection capabilities (e.g., unusual token lifetimes) trigger automatic countermeasures such as token or password resets. This ensures real-time protection against identity threats.

These updates show how Microsoft is using Entra ID to raise the bar on modern identity and access management security, providing organizations with a robust foundation for their zero-trust strategies.

Azure Networking

Improved Security and Performance for Azure Networking

Microsoft has introduced new features for Azure Networking that significantly improve security, performance and reliability. Here are the most important innovations:

Network Security Perimeter

Azure is introducing a network security perimeter that enables strict access controls across resources. This feature is a central component of the zero-trust framework, in which every request at the network level is authenticated and authorized – even for internal traffic. This helps to better protect platform services such as Platform as a Service (PaaS) and prevent unauthorized access through lateral movement in the network. In addition, centralized logging ensures better tracking of network activities and the implementation of security policies in complex environments.

Virtual Network Encryption

With Virtual Network Encryption, data traffic between virtual machines (VMs) within the same network is encrypted. Thanks to FPGA-based encryption, performance is virtually unaffected. This is crucial to meeting regulatory requirements and protecting sensitive data in transit and at rest within Azure.

Improved bastion access

The new Bastion Developer SKU enables secure, direct access to virtual machines via RDP or SSH without the need for a public IP address. This significantly reduces the attack surface, especially for development and test environments. This SKU provides a lower-cost, lightweight option for smaller scenarios requiring secure remote access.

ExpressRoute Metro SKU

The new ExpressRoute Metro SKU improves availability and redundancy by connecting multiple edge sites within the same metropolitan area. This ensures low latency and highly available connectivity between on-premises and Azure resources, even in the event of a link failure.

Azure Load Balancer Updates

The Azure Load Balancer has been updated to manage traffic more efficiently and to simplify deployments across subscriptions and hybrid environments.

DNSSEC (Domain Name System Security Extensions)

Now in public preview: DNSSEC adds an additional layer of security to DNS requests by ensuring that responses are authentic and unchanged during transmission. Attacks such as DNS cache poisoning or man-in-the-middle attacks are thus prevented, increasing the integrity of network communications.

Azure Virtual Network Manager

Updates to the Azure Virtual Network Manager improve IP Address Management (IPAM) through greater visibility, automation and integration:

Automatic assignment of IP addresses across multiple virtual networks.
Better integration with Azure Firewall to ensure network security.
Multi-region support for global enterprises.

These innovations make it easier for organizations to manage IP addresses at scale and ensure seamless coordination across distributed cloud environments.

With these updates, Microsoft is demonstrating that Azure Networking is not only becoming more secure, but also more performant and easier to use – ideal for modern, scalable IT infrastructures.