Microsoft’s annual development and IT conference, Microsoft Ignite, kicked off this morning, with announcements ranging from the general availability of Microsoft Security Exposure Management to the Windows Resiliency Initiative.
Here is a list of some of the highlights from the event:
Microsoft Security Exposure Management
This new solution — now generally available — provides dynamic mapping of relationships between critical assets, including devices, data, and identities.
It is built on top of Microsoft’s security graph and also benefits from third-party connections, such as Rapid 7, ServiceNow, Qualys, and Tenable.
“Exposure Management provides customers with a comprehensive, dynamic view of their IT assets and potential cyberattack paths. This empowers security teams to be more proactive with an end-to-end exposure management solution. In the constantly evolving cyberthreat landscape, defenders need tools that can quickly identify signal from noise and help prioritize critical tasks,” Microsoft wrote in a blog post.
Windows Resiliency Initiative
The company also announced the Windows Resiliency Initiative, which covers four main areas:
- Strengthening the reliability of Windows based on what was learned from the CrowdStrike incident in July
- Enabling more apps and users to run without admin privileges
- Providing greater control over what apps and drivers are allowed to run
- Improving identity protection to prevent phishing attacks
One of the new features from this initiative is Quick Machine Recovery (available to the Windows Insider Program in early 2025), which allows IT admins to perform fixes from Windows Update without needing physical access to the device, even if the computer can’t boot.
The company also met with endpoint security partners in its Microsoft Virus Initiative (MVI) to discuss new protocols to put in place following the CrowdStrike incident. Vendors will be subject to increased testing and incident response requirements, such as controlled gradual rollouts and adherence to monitoring and recovery procedures recently shared by CISA.
Other endpoint security improvements include:
- New hardware security baselines for Windows 11 PCs
- New Smart App Control and App Control for Business policies that ensure only verified apps run on a device
- Administrator Protection, a new feature where employees have standard user permissions, but can still make Windows system changes if needed by authorizing the change using Windows Hello.
Windows 365 Link
The company also announced Windows 365 Link, which is a new cloud-based Windows computer. It will be available next April and starts at a price point of $365.
Windows 365 Link supports dual 4K monitors and has four USB ports, an audio port, an Ethernet port, Wi-Fi 6E, and Bluetooth 5.3.
For security purposes, no local data is stored on the device, and users don’t have admin privileges. Additionally, security baseline policies are enabled by default and users can’t disable security features.
“Windows is dedicated to delivering choice and flexibility for our customers. Critical to that effort is our OEM and silicon ecosystem. Just like we did with 2:1s, we’re starting with first party devices and doing the work to get the product experience right. As we continue to expand the Cloud PC category, we look forward to expanding offerings as well, scaling with our OEM partners in 2025,” Microsoft wrote in a blog post.
Windows Subsystem for Linux updates
WSL is being updated with an interface for IT administrators to control its distribution and version usage across their organization. Additionally, a new integration with Microsoft Entra ID will provide a way for Linux processes to use Windows’ underlying authentication.
“We are excited to offer developers more choices for Linux distribution on WSL. With a new WSL distribution architecture, we are providing additional extensibility to IT professionals and enterprise developers to have more Linux distributions including Red Hat to choose from,” Microsoft said.
Security Copilot
New capabilities have been added to the data governance solution Copilot in Purview, such as Data Loss Prevention for Microsoft 365 Copilot, which prevents data oversharing in AI apps and detects risky AI uses, like malicious intent, prompt injections, and misuse of protected materials. Another new feature is Data Security Posture Management, which allows security teams to discover data risks and get recommendations on how to fix them.
Microsoft Purview also now provides controls for agents built in Copilot Studio to enable better data protection and security.
Additionally, to help customers prepare for new AI regulations, the company also added four new AI compliance assessments for the EU AI Act, NIST AI RMF, ISO 42001, and ISO 23894.
Finally, Microsoft announced the general availability of AI security posture management in Microsoft Defender for Cloud, which allows companies to inventory their AI stack, assess vulnerabilities, and run remediation workflows. With this GA release, the platform provides expanded Amazon Bedrock support and new AI grounding data insights.
“With the new capabilities we’ve announced to support your secure AI transformation, Microsoft stands as the only security provider offering comprehensive AI security solutions, including data security and compliance, security posture management, threat protection, safety system and governance for AI workloads,” the company wrote in a blog post.
