Microsoft Ignite 2024: The Biggest News In Devices, Security

Windows 365 Link, Security Exposure Management and a new post-CrowdStrike faulty update initiative are among the big announcements.

Microsoft’s Windows 365 Link devices. Security Exposure Management becoming generally available. And a new initiative to make improvements following the faulty CrowdStrike update in July.

These are among the biggest news in devices and security coming out of Microsoft’s Ignite 2024 event.

Ignite runs through Friday, with programming in person in Chicago and online. Microsoft had 200,000-plus people register for the event and expected 14,000-plus in-person attendees.

Microsoft Ignite 2024

The Redmond, Wash.-based tech giant revealed 80 new products and features across its product portfolio.

Windows 11 has seen a threefold reported reduction in firmware attacks and almost three times fewer credential theft instances compared with Windows 10, according to Microsoft.

During Ignite, Microsoft said the controversial Recall feature for Copilot+ PCs will be disabled by default. IT will enable the feature through new policies before employees can opt in.

Microsoft Chairmand and CEO Satya Nadella shared his enthusiasm for the vendor’s devices and security portfolio during the vendor’s most recent quarterly earnings call.

On Microsoft’s Copilot+ PCs, Nadella said, “It’s about having hybrid AI where the rebirth of the PC as the edge of AI is going to be one of the most exciting things for developers.”

Customers have used Defender to discover and secure more than 750,000 GenAI app instances, Nadella said. They’ve used Purview to audit more than 1 billion Copilot interactions to meet compliance obligations.

Here’s more of what you need to know in security and devices news from Ignite 2024.

Windows 365 Link

In device news, Microsoft has a preview for Windows 365 Link devices built for its Windows 365 cloud-based virtual machine service, with Link set to become generally available in April with a manufacturer's suggested retail price of $349.

Interested organizations in the U.S., U.K., New Zealand, Japan, Germany, Canada and Australia can apply for the preview program, according to Microsoft.

Users can place Link on their desks, boot it in seconds and have local processing for Teams meetings, Webex by Cisco and other high-fidelity experiences, according to Microsoft.

Link supports dual 4K monitors, four USB ports, an audio port, an Ethernet port, Wi-Fi 6E and Bluetooth 5.3.

The devices have no local data, apps or admin-less users. Corporate data is protected in the Microsoft Cloud. Security baseline policies are on by default. Users can’t turn security features off.

Users can leverage Microsoft Entra ID, the Microsoft Authenticator app or USB security keys for passwordless login.

Microsoft Intune users can manage Link devices with other PCs. Links configure within minutes when first turned on and update automatically. They factory-reset in minutes for reusability.

Improved Windows Search

Early next year, Windows Insider Program members with Snapdragon-powered Copilot+ PCs will have the ability to leverage their neural processing units (NPUs) for improved searching with File Explorer, Windows Search and Settings.

Users can find documents, photos and other files without file names or searching for exact file content. They can describe content with synonyms, even text that might appear in an image. This feature will also work without an internet connection.

The improved search will come to Windows 365 Cloud PCs in the spring.

Microsoft Security Exposure Management Goes General Availability

Microsoft made its Security Exposure Management experience generally availabile for practitioners assessing cyberthreats.

Exposure Management unifies disparate data silos for better attack surface visibility, assesses attack paths to assets and gives context-based recommendations to improve security posture in devices, identity, apps, data, on-premises, hybrid and multi-cloud infrastructures.

The tool has an attack path analysis capability with modeling and blast radius assessing plus unified insight that bring in posture data from other vendors, according to Microsoft.

Microsoft Purview Updates

Microsoft updated its Purview data governance and compliance platform to include general availability of Customer Lockbox, which provides data protection for Windows 365 with users in the approval workflow process, and Data Security Posture Management, plus DSPM for AI.

DSPM for AI should help IT administrators and data admins find risks and prevent data oversharing, data leakage and other incidents, according to Microsoft. The tool works on copilots, custom apps built on Copilot Studio and third-party apps such as ChatGPT Enterprise by Microsoft-backed OpenAI.

New Purview previews range from data loss prevention (DLP) for Microsoft 365 Copilot—which aims to ensure sensitive documents’ content isn’t summarized by AI—and the ability for admins to extend Azure Microsoft Rights Management-defined sensitivity labels to Office files and PDFs at rest in a SharePoint document library.

By the end of the year, Purview will have previews of embedded Security Copilot capabilities, including DSPM with AI-powered data estate risk insight in natural language and suggested prompts to guide users through investigations.

Other Security Copilot capabilities entering preview in Purview are DLP policy understanding, eDiscovery case summaries and a Copilot-powered knowledge hub.

Post-CrowdStrike Event Features

During Ignite 2024, Microsoft introduced its Windows Resiliency Initiative, which is based on learnings from the global outage caused by CrowdStrike’s faulty update in July.

The initiative also focused on allowing more apps and users to run without admin privileges, stronger controls for what apps and drivers can run and better identity protection, according to Microsoft.

Quick Machine Recovery is a feature coming to Windows Insider Program in early 2025 thanks to the initiative. With this feature, IT admins can target Windows update fixes to PCs even when machines can’t boot and without physical access to the PC.

Coming as a private preview for the security product ecosystem in July are ways to build security products outside kernel mode. Antivirus and other security products will have the ability to run in user mode, just like apps, according to Microsoft. This should allow for better resiliency for Windows in case of a crash or mistake.

Windows Security Improvements

Microsoft said it is addressing long-standing complaints about Windows security—overprivileged users and applications, unverified apps and drivers, and insecure credentials and authentications.

In preview is admin protection, a tool having standard user permissions security by default. If a system change requires admin rights, users are prompted to authorize the change using Windows Hello. Windows creates a temporary isolated admin token that is destroyed once the job is complete.

New AI capabilities for smart app control and app control for business try to make the tools easier to deploy, according to Microsoft. A signed and reputable policy template should allow millions of verified apps to run no matter the deployment location.

And the now generally available personal data encryption (PDE) layer for Windows Enterprise should add more protection to individual user files on laptops that are now only readable with Windows Hello sign in. PDE integrates with OneDrive and SharePoint as well and is manageable with Intune.

Windows Copilot Runtime, Windows Subsystem for Linux

Microsoft added new AI APIs and improved frameworks and tools in Windows Copilot Runtime to aid developers in scaling AI across devices.

Coming in January are APIs for image description, image super resolution, object erase and optical character recognition.

Windows Subsystem for Linux (WSL) added integrations with Intune, now generally available, and Entra ID, now in private preview, according to Microsoft.

In the coming months, Microsoft will put into preview a new distribution architecture for WSL to better manage and customize it with enterprise security policies.

A new preview for Hotpach for Windows gives users a way to download updates in the background and become effective upon installation without a device restart.

A preview coming before 2026 for Windows Autopatch AI integration with Copilot in Intune means IT administrators can only access data in their permissions and Windows users can prepare for feature updates, ready devices and get payload details, among other use cases.

Now generally available is a configuration refresh feature to enforce mobile device management (MDM) security policies by returning PCs to preferred configurations, avoiding configuration drift when users change system registries. Refresh works locally with device self-management even offline.

Windows In Mixed Reality, Modern Environments

Microsoft has a preview coming in December for Windows in 11 in Meta Quest headsets, allowing users to leverage Windows for virtual meetings and high-resolution monitors.

Windows 11 mixed reality access will start with Quest 3 and Quest 3S headsets.

A preview now available allows for a shared mode for provisioning Windows 365 Frontline. This mode is meant for users who need brief access for ad-hoc tasks in a non-personalized Windows desktop environment. User data is deleted upon signoff.

Another preview is for Windows App mobile application management (MAM) support for iOS and Android for defining device security criteria and customized access.

Azure Chips, Infrastructure

At Ignite, Microsoft introduced its Azure Integrated Hardware Security Module (HSM) in-house cloud security chip.

Next year, Microsoft will start installing the HSM into every new server in its data centers for confidential and general-purpose workloads.

The vendor also showcased its Azure Boost DPU, its first in-house data processing unit silicon. The DPU is meant to work across storage, networking, acceleration and more, according to Microsoft. Future DPU-equipped servers should run cloud storage workloads at threefold less power and four times the performance as existing servers.

A liquid cooling heat exchanger unit rack by Microsoft should support large-scale AI systems on Azure, including Microsoft's Azure Maia. Microsoft can retrofit the unit into Azure data centers.

Microsoft and Meta have collaborated on a disaggregated power rack design with 400-volt DC power for 35 percent more AI accelerators per server rack. The vendors are open-sourcing the specifications through the Open Compute Project.

Microsoft launched a preview of Nvidia Blackwell GB200-powered Azure AI systems. Azure ND GB200 V6 is the new AI-optimized virtual machine series powered by Nvidia GB200 Superchips.

More Infrastructure News

Microsoft has made the Azure Local cloud-controlled, hybrid infrastructure platform and Windows Server 2025 generally available.

Local extends Azure services to distributed locations for mission-critical workloads and cloud-native applications and AI. Local runs containers, servers and Azure Virtual Desktop (AVD) on Microsoft-validated hardware from Hewlett Packard Enterprise, Lenovo, Dell Technologies and others for custom latency, near-real-time data processing and compliance.

Windows Server 2025 has easier upgrades, better security, and a preview for a hot-patching subscription for update installation with fewer restarts.

Microsoft also moved SQL Server 2025 into private preview. This database platform should simplify AI app development and RAG patterns, according to Microsoft.