22–24 September 2020, fully digital. Microsoft Ignite 2020 was supposed to fill a convention centre in New Orleans. Instead it ran as Microsoft's first fully digital flagship event: free to attend, a 48-hour core programme, and most of the interaction pushed into Microsoft Teams — hub-and-spoke chats per track, the kind of plumbing the company was about to spend the whole conference selling everyone else. We watched it from Ibbenbüren, where ThreeB IT was barely three months old. A brand-new company, a brand-new format, and — as it turned out — a brand-new way to talk about security.
A conference that had to practise what it preached
There's an easy joke to make about a company that sells remote-collaboration tools holding its biggest event of the year over those same tools during a pandemic. But Ignite 2020 mostly earned it. Satya Nadella's keynote was pre-recorded, the breakouts were on-demand, and the connective tissue between sessions was the product Microsoft most wanted to talk about that year — Teams. Eating your own cooking in front of a few hundred thousand people is a risk; doing it smoothly is a decent advertisement.
The framing for the whole event was digital resilience: the idea that the scramble of 2020 — everyone suddenly remote, every process suddenly needing a cloud equivalent — wasn't a temporary detour but a forcing function. Nadella tied it back to the stack Microsoft was selling. As he put it in the keynote, "This tech stack contains your building blocks to drive digital resilience and transformation for your organisation." It's marketing language, but for a year defined by improvisation it landed differently than usual. Our customers weren't asking whether to modernise any more. They were asking how fast they could, and what it would cost them if they didn't.
For a three-month-old shop, that was the backdrop against which we read every announcement: not "what's shiny" but "what helps a German Mittelstand company keep running when half the team is at the kitchen table."
The headline for us: the Defender rebrand
The announcement that reshaped how we work wasn't a new product at all. It was a rename. On day one Microsoft pulled its sprawling enterprise security portfolio under a single brand — Microsoft Defender — split into two clearly addressed halves.
The endpoint, identity, email and app side became Microsoft 365 Defender. The cloud and hybrid infrastructure side became Azure Defender. Under those two umbrellas, a pile of products people could never quite keep straight got renamed in a way that finally said what they did:
- Microsoft Threat Protection → Microsoft 365 Defender
- Microsoft Defender Advanced Threat Protection → Microsoft Defender for Endpoint
- Office 365 Advanced Threat Protection → Microsoft Defender for Office 365
- Azure Advanced Threat Protection → Microsoft Defender for Identity
- Azure Security Center Standard tier → Azure Defender (for servers, SQL, IoT and more)
Microsoft framed the whole move around a then-fashionable analyst term: XDR, extended detection and response. Rob Lefferts, the corporate VP then running Microsoft Threat Protection, made the pitch about being able to buy "integrated SIEM and XDR tools from a single vendor so you get the best of both worlds" — the SIEM half being Azure Sentinel, the XDR half being the freshly named Defender family.
We'll be honest about the cynical reading first, because we had it too: a rebrand is the cheapest feature a vendor can ship. No new detections, no new coverage, just a fresh coat of paint and a press release. And there was some of that. "Advanced Threat Protection" being scattered across three different products with three different meanings was always going to get cleaned up eventually.
But the cynical reading misses why this particular rename mattered, and it mattered a lot — to us specifically.
Why it mattered for us
Before Ignite 2020, the single hardest sentence in our security pitch to a Mittelstand customer was this: you already own most of an XDR platform, you just don't know it, because it's hiding behind four product names that don't obviously belong together.
Picture the conversation. A Steuerberater or a mid-sized electrical contractor has an Microsoft 365 E5 licence — bought, usually, for Teams and the Office apps and maybe the compliance features. Inside that licence sits a genuinely strong security stack. But to explain it we had to walk the customer through "Microsoft Defender ATP, which is for your laptops; and Office 365 ATP, which is for email; and Azure ATP, which despite the name is about your on-prem Active Directory; and Microsoft Threat Protection, which is the thing that ties them together." Four names. Three of them containing the letters "ATP" with three different scopes. The decision-maker's eyes glazed over somewhere around the second "Azure" that wasn't actually about Azure.
After Ignite 2020, that same pitch became one diagram. Microsoft 365 Defender protects your people and their stuff — endpoints, identities, email, apps. Azure Defender protects your servers and cloud workloads. Both feed signals to Sentinel if you want a SIEM on top. One brand, two obvious halves, a story a non-technical owner could repeat to a colleague after the meeting. We went from explaining four products to explaining one idea.
That is not a cosmetic change when your customers are the German Mittelstand. These are companies without a security operations centre, often without a dedicated IT lead, who buy on trust and clarity and are rightly suspicious of anything that sounds like a buzzword. "You're already paying for this; here's the one switch we turn on" is a vastly easier conversation than a tour through a decade of Microsoft's naming decisions. The Microsoft 365 tenants we'd go on to run for clients like Steuerberater Keller and HP Elektrotechnik are configured on exactly this framework — Defender across the board, Sentinel where it earns its keep.
A caution we still repeat, though: a clean brand is not the same as a configured tenant. The licence containing Defender and Defender being switched on, tuned, and actually watched are three different things. The rebrand made the sale easier. It did not make the work disappear, and any partner who implies otherwise is selling the box, not the security.
Azure Communication Services: the quiet big one
The announcement we underrated on the day and have respected more every year since was Azure Communication Services, launched into public preview at Ignite. It's a managed platform for dropping voice, video, chat and SMS into your own applications — built on the same real-time infrastructure that runs Teams.
The reason this matters: before ACS, if a customer wanted a video call or an SMS notification inside their own line-of-business app, the default answer was a third-party service like Twilio, with its own account, its own billing, its own data-residency conversation. ACS put that capability natively in Azure, on the same backbone Microsoft had hardened running Teams through a global lockdown. For a Microsoft-stack shop building apps for German customers — for whom "where does the data live" is the first question, not the last — having a first-party, EU-region-deployable communications layer was a genuinely useful new building block. We didn't reach for it that week. We've reached for it plenty since.
The rest of the firehose
Ignite is always a firehose, and 2020's was unusually relevant because so much of it was about keeping distributed organisations running. The pieces we flagged at the time:
- Microsoft Teams got the updates that defined the lockdown era of work: breakout rooms (genuinely requested by every customer we had), Together mode scenes, and a steady push to make Teams the place work happened rather than just where meetings landed.
- Power Automate Desktop arrived in public preview, bringing robotic process automation (RPA) for desktop and web apps within reach of people who aren't developers — a small but real lever for the kind of repetitive back-office work our Mittelstand customers drown in.
- Microsoft Productivity Score was heading to general availability with new categories around teamwork and meetings. We'll note the controversy honestly: it drew a sharp privacy backlash shortly after, and Microsoft walked back the per-user identifiable view by the end of the year. The instinct to measure "digital resilience" was real; the first implementation overreached.
- Azure Stack HCI picked up AKS on Azure Stack HCI in preview — Kubernetes on hyperconverged on-prem hardware, for the workloads that legally or practically can't leave the building.
- Azure Orbital, a managed ground-station service for satellite operators, went to private preview. Not something we'll ever deploy for a tax advisor, but a good marker of how wide Azure's ambitions had become.
What we took home
Three months into running a company, you don't get to attend events for inspiration; you attend them to find the next thing you'll actually sell. Ignite 2020 delivered exactly one of those, and it wasn't a product — it was a vocabulary.
The Defender rebrand handed us a clean, honest way to tell Mittelstand customers something that was already true: the security they need is largely sitting inside a licence they already own, and turning it on is a conversation about one platform, not four acronyms. That clarity, plus the digital-resilience framing that the whole strange remote year made impossible to argue with, is the through-line from this conference to how we run client tenants today.
Not bad for a free event we watched from a desk in Ibbenbüren.
Sources & further reading
- Microsoft Security blog — Microsoft unified SIEM and XDR to modernize security operations: https://www.microsoft.com/en-us/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/
- Microsoft — Ignite 2020 Book of News: https://news.microsoft.com/ignite-2020-book-of-news/
- Redmondmag — Microsoft Rebrands Enterprise Security Solutions as 'Microsoft Defender': https://redmondmag.com/articles/2020/09/28/microsoft-rebrands-enterprise-security-solutions.aspx
- CRN Australia — Satya Nadella's 5 biggest statements at Microsoft Ignite 2020: https://www.crn.com.au/news/satya-nadellas-5-biggest-statements-at-microsoft-ignite-2020-553725
- Microsoft Teams blog — What's New in Microsoft Teams | Microsoft Ignite 2020: https://techcommunity.microsoft.com/blog/microsoftteamsblog/whats-new-in-microsoft-teams--microsoft-ignite-2020/1665600
Where availability mattered we've used the Book of News status (public preview, private preview, or GA); the Productivity Score privacy walk-back is noted as it played out in late 2020.
Image credits
All photos are used under their respective Creative Commons licences; we are grateful to the photographers.
- man_doing_video_call_from_home_stock_photo_authentic__f6b4e6ce-2cb0-4821-964a-03f96e5d0f6c — © digitalcreators.ch, CC BY 2.0, via Flickr (source).
- Computer Security - Padlock — © perspec_photo88, CC BY-SA 2.0, via Flickr (source).
- Turned on macbook zoom - Credit to https://homegets.com/ — © homegets.com, CC BY 2.0, via Flickr (source).