Looking Back at Microsoft Ignite 2019 - Tech Intensity, End to End Security and AI

Written by

Microsoft hosted their annual flagship Ignite conference in Orlando Florida in early November. The event attracted over 30,000 attendees and consists of over 1800 sessions across a wide range of topics such as DevOps, coding, identity, security and many product deep dives. Among the headlines, the main trends and talking points were on technical advancements, security additions and company strategies.

Tech Intensity

The theme of “Tech Intensity” consists of the Microsoft formula of Tech Adoption x Tech Capability ^ Trust. As their driver is “to make every company a tech company” this means an organization must be able to adopt technology quickly – either using off the shelf products or by creating your own.

You also need to have the capability to handle that technology adoption – whether that is through internal development teams who can utilize the latest features, or by being able to support and operationalizing it, all with the context that your business/organization trusts in your ability to deliver.

Being a technology company, their focus is naturally on technology to drive change. I do wonder if the drive is to help change businesses, then maybe we should widen the definition and amend the formula slightly: Tech intensity = ((Tech Adoption x Tech Capability) + (Business Change Capability)) ^ Trust

I doubt Satya will copy this, but if he does you saw it first here.

Security Announcements

Security was a huge topic all week, after Microsoft spent over $1 Billion on security last year. In recent years they have been investing heavily in this area and this is evident in their end-to-end security architecture across their eco-system of products (Identity, Device Management, Digital Rights Management, Data, Applications).

A number of their products are industry leading in Gartner top right quadrant:

  • Microsoft Cloud App Security their Cloud Access Security Broker (CASB) product
  • Windows Defender ATP in Endpoint Protection
  • Identity Access Management Solution (Active Directory, Azure Active Directory)
  • Meeting Solutions (Skype & MS Teams)
  • Information Archiving 

Among the products to watch, I was impressed by the announcement of Azure Sentinel, the Microsoft cloud native SIEM and SOAR. The SIEM function is fully integrated with a wide number of Microsoft products and they offer free Office 365 data ingestion (it is not quite free, as you do need to pay for log storage and probably other costs).

They also allow a number of third party connectors to well-known vendors like Cisco, Palo Alto, AWS, F5 Networks so you can get data from other products. This looks like a direct competitor to the companies such as Splunk, ArcSight and Log Rhythm.

It also acts as a SOAR (Security Orchestration, Automation and Response) and this is where things get interesting. In one of the workshops I attended they used products like Power Automate (previously Flow) to automatically block IP address and domain names on the Palo Alto Firewall. They also showed the integrations between Windows Defender ATP and Azure Sentinel. This is not new in the industry with McAfee’s Open DXL platform, and Splunk's Phantom product to name others.

This does have some great potential and definitely one to watch going forward, because of its high integrated nature across the Microsoft product stack.

Also worth mentioning is the Microsoft Intelligent Security Graph, the API service allows you to access the data in your environment and build your own custom reports/dashboards on any security events in the environment. Especially how they are integrating it with their reporting tool PowerBI.

Another notable product was Azure Arc. This is designed to extend management and security from the Azure cloud management console across servers (Windows and Linux), multiple clouds, containers, databases and other resources all in a consistent manner.

One of the current challenges for staff is the management across multiple clouds. The key aim of this is to simplify that management by controlling it all from the Azure console. Giving the ability to define role-based access to resources in the Azure Portal and assign that to devices/infrastructure running in other clouds or on premise. This could potentially be a big win for operations teams struggling with security and compliance.

Democratizing AI and Empowering Users

One of the key themes was the concept of making Artificial Intelligence (AI) simple and accessible to all users and empowering them to create products. There were a number of sessions that gave examples of using AI with the cognitive services like form recognition and using their Power Platform, which allows users to create custom applications and then perform triggers between them – empowering the business user to create their own workflows and products applying AI to them.

This is great, but also creates a shadow IT support headache: if a user has created a solution that becomes key to the business and support are unaware – in the event that it breaks whilst they are on holiday, or the user leaves and the call comes into the helpdesk - both sides will be stuck. This is a difficult one to manage because you do not want to stifle innovation, but equally need the support structure in place hence their concept of Tech Intensity.

Project Cortex

If you are an Office 365 user, Microsoft are automatically applying AI to enhance your experience. You may have seen services like MyAnalytics sending you reports. The aim is to help your organization work smarter.

The immediate question that sprang to mind for many was around privacy of company data. During the presentation they repeatedly promised that your data stays your data, and they do not use it for anything else. One of the examples given was where Bing searches both your internal data and then external results: if there is an acronym or project name used in an email it can automatically build a knowledgebase of those, provide the names of the individuals who are most likely to know about that term and suggest documents to read.

Care and attention will be needed here as this is rolled out. Sensitive internal projects, keywords or team members could be easily searched for if the correct permissions have not been applied.

For those of us who previously viewed Microsoft’s security products with caution, there is a definite concerted effort to reverse that and increase their brand reputation and product capabilities. Their strategy to integrate all of their products looks like it is having definite commercial and end user advantages.

Centralized logging and monitoring, ease of automation, integration of AI - all with a security backdrop shows how the individual project teams seem to be coming together. It is clear that security is a major focus and that can only be good for us as consumers.

What’s hot on Infosecurity Magazine?