Microsoft Ignite Announcements

So it is that time of year again, where we all wait anxiously for the *new* feature updates and announcements. Some updates are amazing, others are not. For me I have selected a few that I think are important. This information is originally taken from the Book of News provided by Microsoft. You can view these and more here: https://aka.ms/ignite-book-of-news

Microsoft teams mesh

As Microsoft Teams meetings evolved, features like grid view, Together mode and Presenter mode marked the beginning of 2D immersive meeting experiences. With the introduction of Mesh for Microsoft Teams, the next leap for 2D and 3D experiences is on the horizon.

Mesh for Microsoft Teams will enable new experiences with personalized avatars and immersive spaces where users can connect with presence and have shared immersive experiences. With personalized avatars, users can maintain their presence in meetings without turning on cameras. Users can connect with eye contact and express emotions using live reactions that will be represented through avatars. Organizations now can create immersive spaces that resemble physical spaces, such as conference rooms, design centers and networking lounges to enhance camaraderie, spark creativity and foster water-cooler connections.
Mesh for Microsoft Teams bridges the gap between physical and digital, empowering users to connect across devices wherever they choose to live and work from. These experiences will be available as part of Teams on PC, mobile and through mixed-reality headsets.

Teams users will be able to access these Microsoft Mesh-enabled capabilities, in preview, in the first half of 2022.

Collaboration across organizational boundaries with Microsoft Teams

Workgroups often extend beyond organizational boundaries. Employees may connect with multiple external stakeholders, such as customers and vendors, during work, leading to utilizing different collaboration or even personal apps. This makes it harder to keep track of the latest updates and requires constant context switching, which creates security risks. Microsoft Teams Connect, coupled with the secure access capabilities of Azure Active Directory (Azure AD), a flexible identity platform, makes cross organizational collaboration easier with two updates:

• Shared channels can be shared with individuals and teams across multiple organizations. To enable easy access, shared channels appear within each member’s Teams tenant, alongside other teams and channels. Users will be able to schedule a shared channel meeting, use Microsoft apps and share each channel with up to 50 teams and as many organizations as needed. With cross-tenant access settings in Azure AD, admins can also configure granular and differentiated trust relationships for external collaboration with different organizations. This feature will be available in preview in early 2022.
• Chat with Teams personal account users extends collaboration support by enabling Teams users to chat with team members outside their work network with a Teams personal account. Customers can invite any a Teams user to chat using an email address or phone number and remain within the security and compliance policies of boundaries of their organization. This feature will be available by the end of 2021.

Microsoft Teams webinar enhancements and additional broadcasting capabilities enable more engaging external events

Virtual events are here to stay, and attendee engagement and retention depend upon being able to deliver interactive, personalized experiences. New webinar and broadcasting capabilities in Microsoft Teams make it easy to set up and deliver professional, engaging experiences to internal and external audiences. These new capabilities include:

• Virtual green room enables organizers and presenters to socialize, monitor the chat and Q&A, manage attendee settings and share content before the event starts. This feature will be available in preview in early 2022.
• Enhanced controls for managing what attendees see to minimize distractions and keep the audience engaged during an event. This ensures that attendees will only see shared content and presenters that are brought on screen. This feature will be available in preview in early 2022.
• Co-organizer is the ability to assign multiple organizers for webinars and meetings. There can be up to 10 different co-organizers assigned, and the co-organizer will have the same capabilities and permissions as the organizer, enabling them to do multiple tasks such as manage webinar and meeting options, create polls and control audio settings. This feature will be generally available by the end of the year.
• The new Q&A in Teams feature enables a more structured question and answer experience. Organizers and presenters can mark best answers, filter responses, moderate and dismiss questions and pin posts, such as a welcome message. Q&A in Teams will be available in preview this month.
• Isolated audio feed enables producers to create an audio mix using isolated feeds from each individual. As broadcasters use NDI or hardware-out, they will be able to get the ISO audio feed along with the ISO video feed from any Teams meeting. This capability is enabled within the meeting settings and will be available in preview this month.
• Cvent, the leading events and hospitality management platform, is now integrated with Teams, enabling customers to use Cvent to manage event lifecycle, including registration and agenda management, and deliver the virtual meeting and event experience via Teams. This feature is now generally available.

New Microsoft Teams chat features

New features in Microsoft Teams chat support asynchronous collaboration so teams can keep conversations and work projects moving forward.

• Chat with self enables users to send themselves a message, such as quick ideas or reminders.
• Chat density feature lets users customize the number of chat messages they see on the screen with different modes. Compact mode lets users minimize the need to scroll up and down by fitting 50% more messages on the screen. Comfortable mode keeps the chat display as it is in Teams today.
• The variety of reactions users can add to a chat message has been extended, enabling users to choose from more than 800 3D emojis, up from six that are currently available, to find more ways express themselves.
• Delay delivery of messages enables users to select a specific time to send a message. Like delay delivery in Outlook, users will be able to send a chat message at a time convenient to them, and the message will arrive to its destination at the scheduled time.
• The new search results UI in Teams chat helps users stay on top of information using. Users can filter results and toggle between tabs to find the needed information

These new features will roll out between now and early 2022.

Protect people and data with Communication Compliance and updates in Microsoft Teams

Organizations around the world rely on Microsoft Teams for critical collaboration and communication. Protecting both people and data within Teams is more important than ever. To protect data and address regulations, laws and organizations policies, Microsoft Records Management has new capabilities integrated into Teams and include:

• Adaptive policy scopes allow organizations to configure a retention/deletion policy for a group within Teams, such as a department or location-based group, and maintain the membership of these groups as users create or delete new teams. This update is in preview.
• Organizations can now configure a separate retention/deletion policy for attached files stored in OneDrive and SharePoint with a message. Organizations who wish to save the version of the file attachment sent with the message can now do so. This update is currently in preview.
• Retention/deletion policies for private Teams channels are now generally available.

Now users can analyze content in modern attachments like content shared within links to OneDrive and SharePoint sent over Teams. Additionally, Communication Compliance is integrated with Teams shared channels, providing the ability to detect offensive language or sensitive content shared with users outside the host team.

Also, the service now offers integration with Data Loss Prevention (DLP) with recommendations to configure relevant policies in Communication Compliance at the end of DLP policy configuration workflow. Enhancements to the investigation flow allow investigators to un-resolve a message that may have been remediated incorrectly. A policy post-review activity report will provide policy review activity so that organizations can better track the status and progress for unresolved policy violations.

Microsoft Defender for Cloud now natively protects multi-cloud environments

Microsoft aims to provide the same experience and level of security customers are familiar with from Azure workloads to other cloud environments. Now, native support for multi-cloud environments is available through the extension of Cloud Security Posture Management (CSPM) and Cloud Workload Protection capabilities to Amazon Web Services (AWS). Microsoft Defender for Cloud now has a seamless onboarding experience when customers connect their AWS environments. Having removed dependencies on AWS Security hub, Microsoft is the leading cloud provider that enables customers to onboard, monitor and secure their multi-cloud environments from a single place.

This cohesive cloud security offering, formerly named Azure Security Center and Azure Defender, is now called Microsoft Defender for Cloud. The change reflects our commitment to an integrated approach across Microsoft’s security solutions.

Microsoft Defender for Endpoint Plan 1 offers foundational set of endpoint security capabilities

The endpoint remains one of the most targeted surfaces for malware and ransomware. Microsoft Defender for Endpoint Plan 1 offers foundational endpoint security capabilities at a lower price. This can be purchased as a standalone, and customers who own Microsoft 365 E3 now have these capabilities included as of today. Microsoft Defender for Endpoint Plan 1 includes protection for Windows, macOS, Android and iOS.

This new product offering is focused on prevention and includes a robust set of features, including next-generation anti-malware, host firewall, device control and host intrusion protection to provide, multi-platform and multi-cloud security for organizations around the globe.

For the most complete set of endpoint security capabilities, including endpoint detection and response, customers should consider Microsoft Defender for Endpoint Plan 2, which remains a component of Microsoft 365 ES, ES security and can be licensed separately.

Vulnerability management for Android and iOS devices

Added support for vulnerability management for Android and iOS devices in Microsoft Defender for Endpoint is currently in preview. For Android, the new capabilities will support OS vulnerabilities as well as Android-based, in-app vulnerabilities. OS-based vulnerabilities will be supported for iOS devices.

The newly added support for Android and iOS strengthens cross-platform support and offers customers a single vulnerability management solution across Windows, Linux, Mac, iOS and Android endpoints.

Microsoft Endpoint Data Loss Protection and Insider Risk Management for MacOS in preview

Microsoft Endpoint Data Loss Protection (DLP) and Microsoft Insider Risk Management are now available on the MacOS platform in preview. With DLP customers can identify sensitive content like credit cards, medical documents, intellectual property and other defined content in files and documents and enforce a DLP policy to prevent inappropriate sharing transfer or use that can pose risk to the organization. With Insider Risk Management, organizations can define policies to identify and mitigate risky user behavior indicators and inappropriate or malicious user activity with data.

Multiple enhancements added to Microsoft Information Protection to protect Microsoft 365 data

Automatic labeling of files is now more robust within Microsoft Information Protection (MIP) via machine learning-based trainable classifiers. In addition, exact data match support for named entities is now available as a condition. Limits on the number of Microsoft OneDrive and SharePoint locations that can be selected during automatic labeling have been removed.

When Microsoft Word, Excel and PowerPoint files that are encrypted and labeled with MIP are exported to PDF, the label and encryption will persist, giving users another layer of classification and protection even if the file type is changed.

Microsoft Endpoint Manager now provides cross-platform endpoint management and security

Microsoft is expanding the breadth of its endpoint management solution with new features and capabilities in Microsoft Endpoint Manager. Updates, now in preview, include:

• Linux desktop management to give the ability to configure conditional access from Azure Active Directory (Azure AD), and apply and manage security policies from Microsoft Defender for Endpoint.
• Endpoint Manager to manage macOS devices beyond package (PKG) files. This means that organizations can now deploy and manage non-PKG apps with Microsoft lntune, enabling them to increase security with app protection policies consistently across apps.
• Added improvements to Office security baselines for Windows and Windows Update security baselines to help administrators simplify device and app compliance workloads.
• Microsoft Connected Cache to transparently and dynamically cache Microsoft content (updates, drivers and apps) on Configuration Manager servers to help save bandwidth and complement the existing peer-to-peer caching capabilities.

Microsoft extends Zero Trust capabilities with new identity security features

Microsoft continues to strengthen its identity security capabilities across the cloud and on-premises to ensure that all identities, including apps and workload identities, are under improved protection. Several security enhancements have been made to help customers bolster their security posture and adopt a Zero Trust approach and include:

• Conditional Access device filters: These allow customers to apply different Conditional Access policies on specific devices and exclude or target individual devices or device groups when creating Conditional Access policies (generally available).
• Conditional Access app filters: IT admins can tag applications with custom security attributes and apply Conditional Access policies based on those tags, rather than individually selecting apps (in preview).
• Conditional Access overview dashboard and templates: IT admins will now have a comprehensive and integrated view of Conditional Access policy gaps and coverage, empowering them to easily manage organizational policies. They can also leverage pre-built templates for recommended Conditional Access policies (in preview).
• Anomalous token and token issuer detections: These updates will flag suspicious activities related to token-based authentication (generally available).
• Continuous Access Evaluation (CAE): CAE provides more robust security by continuous monitoring of each access session and security policy enforcement in real-time if a critical security event is detected (generally available by the end of 2021 ).
• One-click enablement for risk data extensibility: This allows enablement of riskDetections, RiskyUsers and RiskySPs data to be exported to third-party SIEMs, allowing security teams to track trends, identify compromises and easily query risk data for detection and troubleshooting purposes (generally available).
• Conditional Access for workload identities: This capability will enable IT admins to enforce organizational security policies for workload identities and apps, for example, block access to sensitive resources from non-trusted locations (in preview).
• Additional authentication method policies for apps and workload identities (in preview): Now, IT admins can configure policies for application authentication methods like certificates and password secrets. New authentication method policies include blocking custom passwords and symmetric keys and enforcing max lifetime on key credentials.

New capabilities to secure, manage and migrate more application types in Azure Active Directory

Azure Active Directory (Azure AD) is making it easier for IT admins to modernize identity and access management for a wider range of application types, from on­-premises to the cloud. The ability to migrate more apps from Active Directory. Federation Services (AD FS) is now in preview.

Customers can accelerate migration of apps on AD FS to Azure AD. These AD FS capabilities now available in Azure AD include support for additional user attribute claims, use of regular expression (regex) to transform claims configuration, use of name substring match to filter groups included in tokens and support for additional Security Assertion Markup Language (SAML) configuration settings.