MESSAGE US
Microsoft Ignite 2021 | Key Updates for Endpoint Management and Security
By Gabriel Taylor
Published December 2, 2021
Estimated Reading Time: 4 minutes

Microsoft Ignite 2021

Microsoft held their annual Ignite conference at the beginning of November, announcing a slew of new features, functionality, and technology coming to the Microsoft 365 ecosystem. These changes run the gamut from new user collaboration capabilities through new security services and everything in between.

In this post, we want to highlight some specific announcements relating to endpoint management and security. We think these are big opportunities for anyone leveraging Microsoft 365 services, specifically with a focus on security + management of the Microsoft 365 cloud services and the endpoints which connect to it.

Microsoft Endpoint Manager Updates

Microsoft Endpoint Manager is the centralized endpoint management platform for Microsoft 365, combining Intune, Configuration Manager, Autopilot, and more into a powerful tool for managing endpoints. Among the collection of announcements at Ignite relating to MEM, two stood out as big wins: 

Intune Management of Linux Desktops

Intune has long had the capacity to manage Windows, macOS, Android, and iOS/iPadOS devices, but Linux-based endpoints were unable to be managed. That changes soon as Intune will gain this capability. Administrators will be able to use Intune to push Wi-Fi profiles, certificates, password policies, and more. This ensures that, no matter what types of endpoints you have in your organization, you’ll be able to manage them via Microsoft Endpoint Manager.

Intune gains Script-based Compliance Policies

Intune’s compliance policies have always exposed an extensive collection of settings to measure, but if a setting wasn’t exposed, it was unavailable for usage in determining an endpoint’s compliance state. That will no longer be an issue, however, as Intune is gaining the ability to leverage custom scripts to measure compliance on both Windows and Linux endpoints. If your desired configuration can be measured via script, then it can be used by Intune to determine endpoint compliance. This will open a great deal of flexibility for managing endpoint compliance in your organization.

Find out more about these two items at Microsoft’s announcement blog, here. 

Windows Update for Business Updates

Windows Update for Business is a service providing a streamlined experience for managing Windows Updates on Windows endpoints. It is the backbone of managing updates in a Modern Management process.

Here are two big announcements from Ignite that will provide immediate value:

Windows Update for Business Deployment Service will be exposed in Intune

Windows Update for Business’s deployment service already provided the ability to automatically optimize the scheduling and rollout of feature updates across an organization, helping improve the user experience and rollout success through automated analysis of logs and success rates. However, this capability previously required configuration via Microsoft Graph or the PowerShell SDK, raising the bar to entry for most organizations. 

Intune will be updated to provide a UI for managing these capabilities, exposing the deployment services’ scheduling-over-time functions to all administrators using Microsoft Endpoint Manager. This will provide a huge boon to update management administrators, further reducing their workload while ensuring increased success and improved user experiences.

Find out more in Microsoft’s announcement blog post, here. 

Connected Cache provides an on-network cache for Windows Update for Business

For those companies that want to gain the simplicity of managing updates with Windows Update for Business but need extra care for sites’ WAN links, Connected Cache is the answer. Configuration Manager Distribution Points can be enabled as Connected Cache servers, allowing them to cache data locally from Windows Update for Business. Combined with the Delivery Optimization technology in Windows, this will reduce the WAN impact from clients downloading updates by having a local resource from which to pull the data. 

This allows organizations to get the best of both worlds – Connected Cache functions as a streamlined Distribution Point, gaining the caching features while still reducing the administrative overhead as the cache’s contents are managed automatically by the Windows Update for Business service. 

More information on Connected Cache and instructions for setting it up can be found here. 

Microsoft 365 Defender Updates

Microsoft 365 Defender is the unified security platform included with Microsoft 365, providing advanced protection and analysis capabilities for endpoints, identity, data, access, and more. Ignite featured a host of Defender announcements. However, the ones we think are the most valuable are:

Defender for Endpoint gains discrete licensing

Microsoft Defender for Endpoint is a subset of the Microsoft 365 Defender platform that provides preventative protection, post-breach detection, automated investigation, and response for Microsoft 365 endpoints. We strongly recommend it and are big fans of its capabilities. However, the biggest barrier to entry we’ve seen with our clients has been the cost – historically, it has only been included in pricier Microsoft 365 licensing, preventing clients from just purchasing the feature set they want and avoiding buying into the full Defender stack before they are ready. 

That barrier to entry is being removed, however, as Microsoft has announced new, dedicated licensing in the form of the Microsoft Defender for Endpoint Plan 1 license. This license provides access to the most immediately valuable subset of Defender for Endpoint’s features at a reduced cost, enabling broad adoption of the feature set. Microsoft Defender for Endpoint Plan 1 helps provide next-generation anti-malware and ransomware protection, as well as attack surface reduction for Windows, macOS, Android, and iOS/iPadOS devices, with configuration and administration centralized in the Microsoft 365 Defender web portal.

More information about this update can be found here. 

Defender for Business provides enterprise-grade security for SMBs

Microsoft also announced a new Defender offering at Ignite – Microsoft Defender for Business. This service provides enterprise-grade security controls and protection for small to medium businesses (300 seats or less) at a more-affordable price point.  

Some of the features included in Defender for Business include attack surface reduction, next-generation anti-malware protection, threat and vulnerability management, endpoint detection and response, and automated investigation and remediation. Defender for Business will be a powerful tool to help protect businesses from the growing threat landscape without breaking the bank, so they can stay safe and operational.

Find out more about this update here.

Conclusion 

Microsoft Ignite 2021 conference had a wealth of big news for Microsoft 365 customers, especially in the endpoint and security spaces. We’re excited to work with the new technologies announced at the conference and to help our clients gain the benefits of those new technologies to improve their businesses. If you are interested in any of the announcements listed above and are looking for more information, don’t hesitate to contact us! We’re happy to assist, wherever you are on your endpoint management and security journey. 

If you’re looking for a more in-depth coverage of all the updates and news released at Ignite, I’d recommend the Microsoft Ignite Book of News.

Post Tags:
Article By Gabriel Taylor
With over 12 years of experience in the IT industry, Gabriel brings a focus on repeatable processes, solution design, and quality execution to Model’s Project Services practice. He believes the true value of technology is how it enables businesses to gain efficiencies, increase productivity, and achieve their goals. He is proud to work with Model’s team of experts to bring those benefits to Model’s clients.

Related Posts