Advances in Microsoft Threat Protection, Azure Sentinel, Autopilot white glove deployments, and Teams
Microsoft Ignite – Day 3:
After 16,409 steps and 1 Nappuccino, Microsoft Ignite Day 3 comes to an end. I attended more sessions on Microsoft Threat Protection, Autopilot and Microsoft Information Protection. I also took some time to visit many of the vendors we work with like BitTitan, Yealink, F5, Poly, Logitech and AudioCodes. It was another enlightening and exciting day with the Enabling Team, and I am here to share some key takeaways from today's sessions.
Microsoft Threat Protection
I attended more sessions today on Microsoft Threat Protection. Perhaps the most informative was hearing from the different Microsoft experts on top tips and tricks for pre and post deployment tasks of the following services to get the most out of Microsoft Threat Protection:
- Microsoft Defender Advanced Threat Protection
- Office 365 Advanced Threat Protection
- Microsoft Cloud App Security
- Azure Advanced Threat Protection
Autopilot White Glove deployments
In a packed breakout session, I watched how easy it is for Laptop/PC Vendors, OEMs or Help Desk personnel to use Autopilot’s White Glove option to pre-stage machines with software and configuration settings before being repackaged and handed off to the end user. I came away with the following things to look out for when choosing to use this deployment option:
- White Glove will not work on Virtual Machines. This may make it challenging to demo to clients.
- Windows 10 version 1903 or later is required
- Only works with physical devices that support TPM 2.0 and device attestation
- Physical devices must have ethernet connectivity - Wi-Fi will not work
After seeing the presentation by our very own Mark Brezicky on Azure Sentinel a few weeks ago at Enabling's Executive Summit, I had to sit in on a session to learn more about Microsoft's SIEM solution. It has been a common recommendation in my Security Planning and Design Sessions for clients to implement a security information event management (SIEM) system to collect security data from their many hardware and software solutions deployed. Now there is a cloud-native solution provided by Microsoft that we can leverage and it has out-of-the-box integration with Microsoft's services such as:
- Office 365
- Azure AD audit logs and sign-ins
- Azure Activity
- Azure AD Identity Protection
- Azure Security Center
- Azure Information Protection
- Azure Advanced Threat Protection
- Cloud App Security
- Windows security events
- Windows firewall
Tomorrow looks to be heavy on Teams sessions but today I constantly heard how excited everyone is about the ability to choose a custom background when doing video calls. We have had the ability to blur the background on video calls and meetings in Teams, but that functionality has been extended to include replacing the background of my messy office with a custom background of my choosing. I look forward to having a lot of fun with this feature as well as seeing what my creative clients come up with as well.
What will you be using as your custom background on your next video call or meeting in Teams?
Stay tuned for more updates from days 4 and 5. I will also provide more in depth information on things I learned at Ignite next week once the dust settles and my shoes stop setting off the smoke detectors.For a quick recap of all the major announcements from Ignite attend our 30 minute Ignite Debrief Webinar next Thursday: November 14th at 2pm ET. Ask any question of the Enablers that were on the floor - literally for their Nappucino!