My Top 2 Identity features from Ignite 2024
Welcome to my new blog post!
The MS Ignite is over, and Microsoft once again used the opportunity to present numerous innovations in its technologies. My focus is on the area of Identity, and here, alongside other updates, there were two developments that I would like to particularly highlight, as I believe they are of special significance
Security Copilot
Extension of the public preview of the Embedded Experience of Security Copilot, as well as its full integration into the Entra Admin Center.
This is my personal favorite, which takes problem analysis and generative work in the Entra Admin Center to a new level. An SME like me still reaches for scripts when it comes to analysis, and that won’t change. But now, Security Copilot can assist by allowing you to ask questions in natural language. This makes it easier to identify topics and aspects, generate ideas, or narrow down a problem—complementing the usual activities.
Figure 1: Security Pilot Dahsboard in Entra Admin Center
Questions could look like this:
What are the top 5 users who have a ‘high’ risk level?
or
Which enterprise applications have not been used in the last two weeks?
How cool is that? 😀 … yes, I am an old school admin, but this really impressed me to see how it greatly simplifies certain tasks
➔ Tipp: But a bit frustrating is that the Secure Compute Units (SCU), which are used to calculate the computing power, cost $4 per hour, and these costs are incurred even when Security Copilot is not actively used. This also applies if the resource is just deployed in Azure. This results in monthly costs of over $2,800 – a real challenge, especially in test environments with a limited free MSDN Azure budget. It would be desirable to have the option to temporarily disable the capacity when not in use, as it is not constantly needed. Unfortunately, this is not currently possible. However, in test environments or when experimenting with this great technology, you can delete the capacity as needed and recreate it if desired. While queries and similar work data are lost, analyzed information such as sign-in or audit logs remains intact and is always part of the AI. This way, you can get started immediately once the capacity is created and assigned
Exposure Management
After a few months in public preview, Exposure Management is now generally available (GA) and can be found in your Defender portal (security.microsoft.com)
The solution offers an integrated approach to assessing and enhancing an organization’s security posture. It identifies vulnerabilities, maps potential attack paths (e.g., ransomware attacks), and evaluates risks in real time. By seamlessly integrating with Microsoft Defender and other security tools, it provides actionable insights to improve threat detection and mitigation efforts.
That is an awesome technology in a very volatile IT world to help reduce the attack surface.
Figure 2: Exposure Management Dashboard in The Defender Portal
Have fun trying it out 😀
Continue reading:
➔ Security Copilot is now embedded in Microsoft Entra
➔ What is Microsoft Security Exposure Management?
