The last full day of Microsoft Ignite 2019 is upon us but the content hasn’t let up and doesn’t show any sight of doing so with another half day tomorrow with lots of key topics still to be discussed. Today was another day packed primarily of more content on security and vulnerability management along with some development sessions which we find crucial for being able to create solutions where one does not already exist.
The day started with a session on new capabilities in threat and vulnerability management which has been a common topic through the week as cyber security is seen as one of the biggest threats to businesses looking to adopt or grow their cloud strategy. The session highlighted this further with summarising that the spend on cyber security and particularly threat and vulnerability management is growing and is a sizeable expense in many organisations but most are still vulnerable.
It was also noted that vulnerability management can often be driven by what is given the most hype in the media or the vulnerabilities that carry the highest severity without much assessment of the vulnerability within the context of the organisation. This context is important in understanding whether there are other mitigating factors to the vulnerability or whether the systems that are vulnerable are of low value to the organisation. In assessing vulnerabilities within the context of the organisation we can end up with priorities that are very different and Microsoft are aiming to address this with their TLV scoring approach of which the factors are shown below and will produce a score out of 100 for the priority to address the threat within the context.
Next up for the day was a great session on changes in the Windows 10 and Office 365 update deployment including how and why to stay current. The session started by making the point on why you should stay current which put security forward as the biggest reason however also cited that a lot of work goes into increasing stability and performance so by installing the latest updates you can improve your end-user experience.
It’s quite well known that end-users and administrators dread Windows updates because of the history of compatibility issues, long downtime first thing in the morning and issues with even installing the updates. Microsoft recognise the history of updates has not been good and has been putting a lot of time into solving these issues.
Microsoft were reporting recent changes to the way updates are delivered having reduced the mean install time from 82 minutes to 28 minutes partially by decreasing the payload sizes but also but optimising to do what’s possible with the system online and reducing the number of reboots. They have also made updates install on the shutdown rather than boot so that when you turn your PC off it installs the updates then rather than having a 20-30 minute wait first thing in the morning as many people have grown to dread.
Microsoft also introduce their app assure program to address compatibility issues with the upgrade from Windows 7 to Windows 10 and for updates during Windows 10. The app assure program means that Microsoft guarantee that an application that previously worked will continue to work and if it doesn’t you can call them and they will fix it for you or fix Windows. This program has resulted in a 99.8% compatibility figure which is quite impressive to those that have been through numerous updates in the past and suffered from compatibility issues.
Lastly on updates, Microsoft have also put work into extra tools to report on why an update installation has failed and introduced cloud based recovery which is able to repair the installation using files from the Microsoft cloud. All of these improvements to the update experience may take some time before users start to trust it with how much of a negative experience users have had in the past however it certainly seems like significant steps forward have been taken.
The last session of note for the day was on Office 365 advanced threat protection or ATP for short. Office 365 ATP builds on the previous iterations of ATP for Exchange online but extends it to wider support for the Office 365 suite and offers a range of new features including best practices analysis and automated recommendations on how to configure ATP for the best results. What we found the most impressive from this session was the statistics on the sheer volume of data that Microsoft processes to prevent attacks and just how many they are preventing especially in the zero-day area. You can view these stats below which go to show why Microsoft’s threat and vulnerability programs are succeeding with the amount of data that they are able to build a picture from.**AWAITING SLIDE DECKS**
That’s it for day 4 of Microsoft Ignite but we’ll be back for the final morning of coverage from Day 5 tomorrow including a summary and round-up of the entire week so please be sure to check back tomorrow.