Hot Microsoft Cloud technology 2024

by Niklas Tinner 3 months ago 8 min read

Introduction

Microsoft Cloud technology is a hot topic and receiving major investments by Microsoft. Organizations are heavily adapting the latest technology. And for us (the community), we have endless new technologies, features and services to play around with.

This post is a personal outlook on Microsoft Cloud tech in 2024. I share with you what I am looking forward to, and of course this blog Oceanleaf.ch will feature in upcoming posts.

First of all, I am focusing on Microsoft Cloud Security because I think it will be one of the most important topics this year and in the future. I am also in the bubble of this area, but I am convinced and know that there is also a lot more interesting technology out there. A good read is the Microsoft Digital Defense Report to recognize how present cybersecurity is. The Microsoft Securiy Portfolio features:

🔒 Security: with XDR, SIEM and SOAR services Microsoft Defender and Sentinel
🆔 Identity & Management: with identity and access management service Microsoft Entra and mobile device management (MDM) solution Microsoft Intune
🔎 Compliance & Privacy: with data security and information discovery and protection services like Microsoft Purview and Priva

Intune: Suite

The Intune Suite will be one of the highlights in the Enterprise Mobility and Security suite around Microsoft Cloud. The Intune Suite brings additional feature products to Microsoft Intune for fortified security and simplification. The suite will bring great advantages to orgs that already use Intune and are looking for an expanded feature set. Some of the most requested gaps in Intune will be filled by the suite. It contains the following products:

Remote Help - remote assistance tool, natively integrated into Intune
Specialty device management - manage AR/VR headsets and meeting/conference room devices
Tunnel for Mobile App Management - application based tunnel
Endpoint Privilege Management - Windows elevation management for least-privilege and just-in-time access
Advanced Analytics - AI powered data collection and correlation to optimize your endpoint infrastructure
Enterprise Application Management - Microsoft catalog of common apps to deploy with Intune
Microsoft Cloud PKI - cloud-based certification authority with integrated SCEP endpoint for certificate deployment to endpoint

Source: Fortified security and simplicity come together with Microsoft Intune

Microsoft Intune Suite is available as an additional license or per feature add-on license. Learn more about pricing

💡

Of course we will also see a lot of development in Intune outside the Suite. To stay up to date, follow: Intune what's new and Intune in development

Everything on Intune on my blog:

Windows 365 Cloud PC

Cloud PCs powered by Windows 365 introduces a new era in End-User-Computing. Windows 365 is a SaaS (Software-as-a-Service), meaning that you can deliver Windows desktops as a service to your end users. But when it comes to management and integration, Windows 365 offers some major benefits:

Seamless management with Intune - now you can manage all your endpoints, regardless of the platform and whether they are phyiscal or virtual as Windows 365 from one single console.
Native integrations to Windows - Windows 365 is an evolution of Windows, available fully from the cloud. Additionally, features like Windows 365 Boot and Switch introduce smooth & functional integrations to your familiar Windows experience.
New Windows App - Windows is now an app! Get it now from the Microsoft Store - with this app you can now connect to all Windows cloud experiences such as Windows 365, Azure Virtual Desktop and Dev Box.
Windows 365 streaming from every device - Microsoft runs a partnership with Motorola smartphones to provide a capability to instantly access your Cloud PC. Read more
GPU support - the latest specs on Cloud PCs introduce powerful GPUs for graphics intense workloads. Read more

Everything on Windows 365 on my blog:

MacOS management

Intune is a cloud-based cross-platform endpoint product. With that, Microsoft is heavily pushing the macOS management story, providing day-zero support, expanding features and developing features to empower the end-user as well as IT admins for the Mac platform.

MacOS management with Intune will be one of the hottest topics this year and I also plan to release posts to it, because I love Mac 🖤 and together with Intune, this is a perfect match.

Stay tuned for my Mac blog posts!

Global Secure Access

Global Secure Access integrates network security in the existing security stack of Microsoft Cloud. With Global Secure Access and Microsoft Security Service Edge, familiar network security technologies are revamped and added into the Microsoft ecosystem.

Secure web gateway (SWG) - network perimeter protection that inspects and controls traffic for particular networks
Firewall as a service (FWaaS) - cloud-based security solution that delivers firewall functionality, such as traffic filtering and network protection and policies
Zero Trust Network Access (ZTNA) - security framework that requires zero trust, least privileged, all identities must be authenticated, authorized, and continuously validated before being granted access to company private applications and data

Internet Access

Protect access to any public app/SaaS. The Internet traffic can be managed through security traffic profiles and web content filtering policies. Enabling to:

Monitor and control 🕵️‍♂️ http & https traffic from devices with GSA client installed
Secure access 🔒 to SaaS apps in the Internet with web content filtering policies (categories or FQDN)

Private Access

Establish and secure access to any on-premises hosted app. (This is a comparable feature to Entra ID Application Proxy)

Enable access ✅ to internal apps and protocols when connected with the Global Secure Access client
Protect internal apps 🔒 with Conditional Access

Conclusion

With Global Secure Access networking, network security technologies such as VPN, Proxy, SWG, FWaaS, ZTNA, CASB and SD-WAN all are incorporated and brought into the Microsoft ecosystem. Let's see how orgs are rethinking network security and adapt GSA 🚀

Read my blog post on Microsoft Security Service Edge:

Defender XDR

Microsoft Defender extended detection and response is the unified defender security suite that covers detection, prevention, investigation, and response across endpoints, identities, email, and applications. Defender XDR in combination with Microsoft Sentinel takes over the SecOps by unifying signals and correlation of data.

The full attack chain is backed by Microsoft Defender products to defend in each step and correlate data across lateral silos.

Defender Suite

The heart of every Microsoft 365 orientated organization is the Microsoft Defender Suite to fight against cyberthreats. Resulting in a Defender product for:

Product name	Use	Reference on Oceanleaf.ch
Endpoint	Extended detection and response on Endpoints (XDR)	Microsoft Defender: a review
Identity	Connect on-premises identity events	Defender for Identity fundamentals
Office 365	Leverage email & collaboration security	Defender for Office 365 fundamentals
Cloud Apps	Cloud access security broker (CASB)	A tour through Defender for Cloud Apps

showcase_defender_suite

Everything on Microsoft Defender on my blog:

Entra

Microsoft Entra is the product family for all cloud identity and network access solutions from Microsoft. Identity and access management is the backbone of all technology. Entra houses more that just classic directory services. Governance, External identities, Verified ID, Permissions Management and now with Global Secure Access the feature set is more diverse then ever.

Protection

One of the core part of Microsoft Entra is its Protection solutions. Cybersecurity is key for any organization that has digital resources. Protecting identities and securing access in Microsoft Entra are therefore important countermeasures. The Microsoft Digital Defense Report mentions fundamental security hygiene practices that would protect against 99% of attacks - most important parts of these security standards are achieved with Microsoft Entra:

Enable multifactor authentication (MFA) - protect credentials and provide extra resilience for identities
Apply Zero Trust principles - explicitly verify | use least privilege access | assume breach

These two points should be established for every Microsoft Entra customer. The following products help you to achieve this:

Authentication methods - configure authentication methods for your tenant > Passwordless and phishing-restiant MFA should be the goal
Conditional Access - control access to apps and data based on conditions
Identity Protection - user and sign-in risk policies
Identity Secure Score - representation of the organizations security posture and opportunity to improve it

Copilot

2024 will be the year of artificial intelligence and Microsoft's answer to this is Copilot. We can assume that every product will have its own Copilot integrated and so does Microsoft Security with Security Copilot. Generative AI integrated to industry-leading technology can provide a major benefit in the usage and overall return on investment for customers. AI empowers with:

⏩ Machine-speed data processing
🔎 Detect anomalies automatically
🧠 Improve and expand knowledge
🔁 Automate repetitive tasks️

Leading to the following benefits:

Cost savings by reducing the amount of effort and time for humans
Increased efficency
Alltime availability
Reducing human error
Improve customer experience
Solving complex problems

powered by