Microsoft Inspire 2020: How Azure should become Fort Knox

Nick Parker, corporate vice president of Global Partner Solutions at Microsoft, discussed a project by Accenture, Avanade, Microsoft and Rolls Royce in the UK at the beginning of the conference. Together, it was possible to set up a production line for respirators within a very short time. A supply chain comprising over 300 parts had to be set up for this. Given the complexity involved, the duration of such a project is normally around one year. “It worked in three weeks in this case,” Parker reported.

In the past few months, a real surge in digitization has gone through companies worldwide. One saw how important and system-critical secure cloud infrastructures are, said Parker. At Inspire, the software company presented a number of additional solutions and services in these two areas.

From the perspective of Microsoft managers, the basic structure of IT landscapes will remain hybrid for the foreseeable future. “Customers are increasingly moving their workloads to the cloud to save money, increase efficiency, and drive innovation,” said Talal Alqinawi, Microsoft’s senior director of Azure marketing. At the same time, however, certain workloads would have to continue to be operated locally in their own data center for compliance, latency or other business and technical reasons.

Microsoft brings its Azure Stack into play for such hybrid scenarios. User companies should be able to combine Microsoft’s cloud with their own data center and the servers and edge components of the branches under one umbrella. Microsoft’s Azure Stack consists of various components. The Azure Stack Hub is intended to help users operate hybrid applications, for example. At Inspire, Microsoft introduced a new generation of Azure Stack HCI (Hyperconverged Infrastructure).

According to the provider, the functions for security, performance and hybrid scenarios were expanded. The tool offers users an integrated management instance to control and manage Azure Stack HCI and resources from the Azure Cloud via a central portal. For the management and distribution of virtual machines, Azure Stack HCI also uses the management tool “Azure Arc”, which Microsoft presented last autumn. As a hybrid cross-cloud / cross-platform management tool, Azure Arc enables the management, provisioning and securing of different environments, it said in a message. This includes on-premises resources, multi-cloud environments – including clouds from other providers such as Amazon Web Services (AWS) and Google – as well as the edge area.

IDG Research plans hybrid IT study – read more about it:

A deployment wizard is designed to speed up the setup of Azure Stack HCI clusters including the cloud connection. Azure services such as Backup, the Security Center and the Azure Monitor are built in by default. Microsoft promises its customers tangible cost advantages with Azure Stack HCI. The subscription model, which is based on individual computing cores, is intended to allow customers to adapt the costs exactly to their requirements. In a branch scenario, for example with an 8-core server with fewer than 16 VMs, the upfront costs for Azure Stack HCI are 2.5 times lower than for other HCI solutions available on the market today, Alqinawi calculated .

In addition, the software manufacturer has expanded the functions for “Azure Migrate”. Microsoft positions the tool as a central hub for services and tools that help users identify and evaluate workloads that are eligible for migration to the Azure cloud. The tool also supports the migration itself. Analysis and evaluation functions for data centers, additional migration scenarios for servers and further modernizations for the containerization of applications have been added.

The software company has also expanded the “Azure Lighthouse” service, which was first presented at Inspire 2019 a year ago. It provides partners with a unified control level through which they can manage Microsoft Azure across customers. The partners should get a higher degree of automation, better scalability and more efficiency, which at the same time leads to more transparency and control. The cloud provider promises that Microsoft’s partners could serve more customers, larger workloads and even mission-critical applications more precisely. Azure Lighthouse now supports more sophisticated security features such as multi-factor authentication and privileged identity management.

In general, Microsoft now wants to take more care of security features. The transition to hybrid work models in the wake of the corona crisis has increased the need for organizations to realign their security and risk management, stated Alym Rayani, Senior Director for Microsoft 365. When employees access corporate data from their home computers or share and collaborate in new ways, the risk of data leaks and other cyber threats increases.

To counteract this, Microsoft showed a preview of the “Endpoint Data Loss Prevention” (DLP) solution at Inspire. Building on “Microsoft Information Protection”, Endpoint DLP extends the existing DLP functions of Microsoft 365 to a wide variety of devices and thus helps companies to meet compliance requirements with regard to the new home office realities and to better protect sensitive company information. Endpoint DLP is permanently integrated in the Windows 10 operating system, the Microsoft browser Edge and various office apps.

Read more about how the new world of work works in the home office:

The service is also included in Microsoft Teams, Exchange and SharePoint and is intended to support companies in complying with compliance regulations in all Microsoft 365 products. The tool works data-centered and does not require a special software agent that would have to be managed and controlled. For example, the tool could prevent users from copying or printing sensitive data on USB sticks. The “Microsoft 365 Compliance Center” serves as the control center for the DLP policies across various end devices.

Microsoft has also expanded its “Insider Risk Management”. According to the provider, the tool will in future be able to receive signals from more sources and analyze them more precisely with regard to the potential hazard. This includes additional options for monitoring activities in the Windows 10 operating system, such as how which data is copied or distributed in the network. There is also an integration with Microsoft Defender ATP to process signals from different endpoints and an extended integration in Microsoft 365, for example for Teams, Sharepoint and Exchange. Pre-configured templates are also intended to help users to implement additional security mechanisms faster and to capture a wider range of risk factors.

By linking Insider Risk Management with ServiceNow, tickets could also be created directly for the administrators responsible in the event of danger. Alarm notifications could also be sent through the Office 365 Activity Management API. It could also store and forward additional information such as the severity of the incident and the processing status.

These alerts could also be used by security incident event management (SIEM) systems, such as Azure Sentinel, to take further action, such as blocking user access or linking back to insider risk management for further investigation. To be able to collect and evaluate more information in Sentinel, Microsoft offers connectors, for example to solutions from Symantec, Qualys and Perimeter 81.