This Week in IT, get ready to navigate the cutting-edge of security and AI with Microsoft’s latest innovations! From the robust Secure Future Initiative, safeguarding against cyberthreats, to the seamless new Teams web client enhancing online collaboration, and the buzz around Windows 11’s Copilot possibly joining Windows 10—this is your look into the fast-moving pace of development at Microsoft.
Links and resources
Transcript
This Week in IT, get ready to navigate the cutting edge of security and AI with Microsoft’s latest innovations. From the secure future initiative guarding against cyber threats, to the seamless new Teams client enhancing online collaboration, and the buzz about Windows 11’s Copilot possibly joining Windows 10. This is your look at the fast moving pace of development at Microsoft, so stay tuned for all of this and the rest of the week’s IT news.
Welcome to the show where I cover all the latest news on Microsoft 365, Windows and Azure. But before I get started, I’ve got a favour to ask you. About 70% of the people who watched last week’s video weren’t subscribed to the channel. Today as we go live with this episode, we’re on about 1,340 subscribers. I’d really love it if we could get that up to 1,400 this week. So if you’d like to help us reach our goal, then please hit the subscribe button and don’t forget to check the bell notification to make sure you don’t miss out on the latest uploads. I think there’s one thing that we can all agree on, and that is that Microsoft’s software is probably more secure today than it was 20 years ago. Now of course Microsoft has a reputation, probably a fair reputation, at least in the past of creating software that is functional but not very secure potentially, because function was really the most important thing for Microsoft. But then of course as things gradually started to change in the 1990s with the advent of widespread access to the internet and things started to change rapidly, Microsoft needed to rebalance that focus. I think today we can say that Microsoft is even quite respected in certain parts of the security product map.
Things like Microsoft Defender for Endpoint and Sentinel, especially Sentinel I think, it’s a really great product. Now this week Microsoft announced the Secure Future Initiative. This might sound a little bit similar to something Microsoft has talked about in the past. So if you remember back to the early 2000s we had the Trustworthy Computer Initiative, Trustworthy Computing, and out of that came the Software Development Lifestyle, which was basically a set of standards that Microsoft implemented internally for all its software to help improve security. Now I think we can also say that’s probably been semi-successful, of course there’s no such thing as 100% secure, so that’s just an impossible task.
But it’s been relatively successful and Microsoft is now essentially facing a different future with the rapid development of artificial intelligence. And rather than just waiting until things start to get out of control, of course they’re learning from their past mistakes and getting in there quickly to make sure that AI and all of the developments that might affect the security of all of the services and products that Microsoft has are not negatively affected by it. So there are three pillars as part of this new initiative. So the first one is connected to artificial intelligence and security, the second one to software development and the third to promoting AI standards across the globe really and trying to get governments and organisations to adopt them. So let’s start with the first pillar. So this is really Microsoft saying look we’re developing AI technologies to help combat what attackers might be able to do with that technology as well. So the first thing is Microsoft Security Copilot and that’s something I think that went into general availability in the last couple of weeks. And essentially what this allows security professionals to do is to more quickly analyse all of the data at their disposal and help them to identify threats faster.
And then when they have identified a threat to be able to summarise that in a report that they can either send to their client or that maybe a colleague can look back on in the future so they don’t have to go back through all of the steps that maybe need to be taken and the important and relevant information to that particular alert. So that should help save security professionals a lot of time. If I remember correctly Microsoft was saying this could help security professionals really close a security incident from start to finish 40% faster than they could before they were using this new Copilot.
Microsoft also said as part of this that they’re using AI in Microsoft Defender for Endpoint to help better protect laptops, desktops and enterprise servers. As part of this announcement Microsoft reminded us that ransomware has increased 200% since 2022 and that 80% of successful ransomware attacks come from unmanaged devices. Of course protecting the endpoint is really important. Now the second pillar is to do with the way that Microsoft develops its own software and there are quite a lot of points here to cover so I’ll go through them quickly. The first thing is that all of the services and products are going to be mandatory multi-factor authentication and Microsoft says that it’s learned a lot this year because now all new customers onboard into Microsoft 365 have MFA enabled by default. So that’s an important pillar to protect identities. Another part of the identity piece is that identity signing keys are going to be stored by default in dedicated Azure HSM so hardware security modules which obviously helps to protect those keys better. Also Microsoft is going to be promoting more the use of memory safe languages.
Of course we’ve talked about Rust on this channel before but it also includes things like Java, Python and C sharp. Microsoft is going to be using more continuous integration and continuous development along with AI to help speed up the software development process and to of course make the software actually more secure in the process. Microsoft is also saying that they’re going to increase the processing of cloud vulnerabilities by 50% so I don’t know whether they mean 50% faster or whether they’re going to plug 50% more vulnerabilities but whichever way it’s got to be a good thing.
The third pillar to all of this as I said was helping to promote industry standards around AI to make sure that governments and organizations or mainly governments I think are not doing bad things with this technology and that we all agree about how it should be used. Well good luck with that Microsoft but well that’s the idea of the third pillar. So of course all of this is important right now. I’m glad to see Microsoft are ahead of the game because the development of this technology of course some of it’s been happening in the background, some of it’s come to the forefront this year. The scary pace of the development here is something I don’t think I’ve ever seen before in the 25 odd years that I’ve been involved in IT. So it’s important that Microsoft really addresses this stuff right now to make sure that we’re not negatively affected and that we can’t implement this technology because it’s too risky from a security point of view. Let me know in the comments below what you think about Microsoft’s new security developments that they’ve announced this week. Is it going to be enough?
Do you trust Microsoft’s platforms and technologies to secure your data and endpoints or are you using third-party solutions to do that? I’d love to know what you’re doing in your organization.
The new Microsoft Teams client of course has been available now for a couple of months for Windows and more recently for Mac OS and I think if you’ve been using it you’ll know that it’s you know just much better basically. I know there are a few bits and pieces missing that will assumably get put back in over the coming months but in general it’s much more reactive, it’s responsive, it’s more lightweight and you know a lot of the performance issues that many people had seen with it are now gone. This week Microsoft announced that the web version of that new client is coming to Edge and Chrome users so you again if your users are using Teams in the browser they should now have the option to toggle on the new client in the browser so they can switch to that if they want.
While we’re on the subject of Copilots I think it was Zack Bowden over at Windows Central, I read this on feroc.com but Windows 11 Copilot which came as part of 23h2 that is if you have your Windows interface region set to the US that went into preview last week. I’ve had a little bit of a look at it you know it’s basically Bing and Bing Enterprise chat in a window with a few extra things that are connected into the into the Windows interface if you like but that is potentially coming to Windows 10 and I think that’s you know likely to happen because there are still I think 1 billion devices or something you know running Windows 10 something like that so of course Microsoft wants to get this AI capabilities in front of as many people as possible so I expect either later this year or early next year we’re likely to see the Copilot for Windows come in preview form to Windows 10 as well.
The Trend Micro Zero Day Initiative that’s a great blog which updates I think you know kind of monthly on all the patches that come out on patch Tuesday they’ve recently published information about free zero days for Microsoft Exchange Server now Microsoft has already published a patch for one of those zero days but for the other two you need to be aware so Microsoft is saying well you need to make sure that you have multi-factor authentication and a keyboard and all the rest of it and your following best practice while they’re you know working to get patches for those two other zero days out so just be aware that that is an issue at the moment.
Microsoft Authenticator now suppresses notifications for risky logins so if Microsoft’s again kind of AI technology identified what it thought was a potentially risky login it would pop up in Microsoft authenticator and ask you to confirm it now of course that could be a bit risky because you might accidentally confirm something that isn’t actually you so Microsoft has decided to suppress those notifications so if it determines that it’s potentially risky login you don’t get a notification you’d actually have to open that authenticator app to you know to complete that authentication process so I think that’s got to be a good thing and Microsoft is seeing very positive results with that change as far as I understand.
If you’re an organization that is into the internet of things you have internet of things devices maybe running in your warehouses or factories Microsoft is bringing the security capabilities for that technology into the E3 and E5 security subscriptions so it’s no longer something that you have to pay for separately so it’s now an integrated feature of those subscriptions. Microsoft is simplifying the upgrade process to Windows 11 from Windows 10 if you’re using Intune so the way this worked in the past as I understand is that if you were you know in an environment of course where you are gradually updating from Windows 10 to the latest version of Windows there was no easy way to kind of determine the hardware readiness you know could you actually upgrade to Windows 11 and tie that all into Intune to determine you know is the upgrade going to be successful so you had to actually create a separate feature update deployments and exclude Windows 10 devices from the Windows 11 policy essentially to make sure you didn’t get a failed upgrade but starting from now you can bundle a Windows 11 upgrade and Windows 10 version 22 H2 feature update together in a single deployment so it’s just making that whole process a lot simpler for IT pros.
Microsoft 365 Copilot went into general availability for enterprise customers last week and as part of that release Microsoft has been detailing some of the compliance pieces of course you don’t want to just enable this and then realize it doesn’t fit in with the necessary compliance policies that you may have in place so Microsoft is saying that its Purview compliance solutions support Microsoft 365 Copilot and they’re going to be rolling out those features between now and mid-December this year so basically you can use sensitivity labels to stop your content being used inside Microsoft 365 Copilot if that’s what you want to do. And that’s how you would achieve that so much in the same way that Microsoft captures all the information that goes through Teams chat it’s doing the same with you know conversations that happen within Microsoft Copilot.
So, you’ll be able to set retention policies and do all of the things that you can do with the Teams chat exactly the same with Copilot and the audit log will also capture prompts that users put into Copilot and the responses and that will all be integrated into the Copilot category in the audit logs if you haven’t caught up with all the news about Windows 11 23 H2 I’m going to leave a video on the screen now that is all about the most important new features in that including the modern file explorer and passwordless security so do check that out thank you for watching if you like the video then please you know give it a thumbs up it helps us to get the video seen by more people on YouTube and grow the channel but that’s it for me for this week and I’ll see you next time