Microsoft Ignite: A $4m zero-day reward plus $349 thin client

During the opening session of Microsoft’s annual Ignite conference, Microsoft CEO Satya Nadella reaffirmed the company’s ongoing commitment to improving the security of the its products.

The focus on security includes the principles of secure by design, secure by default, and what Nadella refers to as “secure by operations”. Describing the company’s commitment to the continuous improvement of IT security, he said: “This is not just a destination. It will never be done. We’re only as good as our ability to defend against the next novel attack.”

He also announced a $4m Zero-Day Quest – a new hacking event focused on securing cloud and artificial intelligence (AI).

Also revealed at Ignite was the $349 Windows 365 Link, a secure purpose built device for Windows 365. The company introduced the Cloud PC, which streams the Windows desktop to any device, three years ago, and Nadella said the Windows 365 Link builds on this, adding: “It’s adminless and passwordless, and security configurations are enabled by default and cannot be turned off.”

Nadella said that Windows 365 Link Cloud PCs will enable users to connect directly to their productivity tools in the cloud, with no data or information left on the client device. It also supports dual 4K monitors, and is equipped with four USB ports, an Ethernet port, Wi-Fi 6E, and Bluetooth 5.3. 

In a blog post discussing Link, Microsoft product marketing manager Anthony Smith wrote that the device was aimed at shared workspace scenarios: “It’s compact, lightweight and designed to maximise productivity with its highly responsive performance. It takes seconds to boot and instantly wakes from sleep, allowing users to quickly get started or pick up where they left off on their Cloud PC.”

Smith said that the device uses a locked-down operating system with no local data or apps and no local admin users: “By eliminating local data and apps, as well as admin rights, Windows 365 Link significantly reduces the attack surface, making it more difficult for malicious actors to compromise the device.”

Passwordless authentication is provided using Microsoft Entra ID, which supports multifactor authentication using either the Microsoft Authenticator app or a cross-device passkey using a QR code, or a FIDO USB security key.

According to Nadella, in the age of AI, even the devices are fundamentally getting transformed right in the cloud, with both AI and cloud. “Think of all of this as one continuous distributed computing fabric,” he said.

The Windows 365 Link device is one part of this heterogenous device mix, which include Copilot+ devices that are optimised for artificial intelligence (AI), regular PCs and Cloud PC devices.

Looking at the security involved in AI governance, Nadella said: “We’re introducing updates to prevent oversharing and risky use of AI, such as malicious intent detection, prompt injections and misuse of protected materials.”

While it will be available with Windows 365 Enterprise, Windows 365 Frontline, and Windows 365 Business, Microsoft said that Windows 365 Government is not currently supported. The company plans to work with manufacturers to bring more devices to market that can run as Windows 365 Link Cloud PC devices.