Last week ~30,000 people flocked to Orlando for the 4th annual Microsoft Ignite conference for “IT implementers and influencers, enterprise developers, and data professionals”. Although the largest contingent are customers and partners I heard several teams call out that this year they have brought the largest group of PMs and engineers to any single event to date; I heard that SharePoint and OneDrive at >100 people was one of the largest groups. But, Ignite is not just a single event anymore. Microsoft also run a parallel event called Microsoft Envision for “decision makers who want to know what’s next, and who want insights on key technology trends in the industry”. It’s run over 2.5 days so, not the full week but, it provides a thought-provoking agenda and an opportunity to connect with other C-level professionals across a variety of business areas. So, if that wasn’t enough they also run a handful of vertical gatherings during the week including an Office 365 CAB. So, this year not wanting to miss out on anything I attended all three! Well, that is to say I moved between all three to ensure I got the best out of my week at Microsoft Ignite.
As for location – well, it’s Orlando so, it’s hot and humid but, joking aside I think the location and facilities are perfect for this event. The Orange County Convention Center (OCCC) is massive and even with ~30,000 people you can move about without too much delay or difficulty whether it be to make your next session or to grab a bite to eat – I think it worked very well.
In this first post I will talk to the Keynote, my thoughts on Microsoft Envision and kick-off my thoughts on the announcements from Ignite but, this will run over into a second post. Let me begin with the Keynote.
As with most years, Satya Nadella kicked things off., However, unlike previous years’ opening keynotes, it was less focused on a specific product announcement and demo’ing it to all. Instead more about a vision for digital transformation across all industries and almost a call to action. There were examples of companies who had already started their journey’s and an inspirational package that described an effort for AI for Humanitarian Action. This new initiative will focus on using AI technologies to assist in the areas of disaster recovery, protecting refugees and displaced children, and human rights. This is part of Microsoft’s “AI for good” initiative.
The keynote closed on a new initiative that was in partnership with SAP and Adobe – the Open Data Initiative. Tackling one of the biggest issues facing many customers today is the persistent siloing of data. We use or in some cases partner with numerous service providers and amongst many of the issues associated with this approach is the siloing of data; data that is specific to the service you acquire or subscribe to but, is local and not able to be aggregated or blended work other data from other services. Well, the Open Data Initiative is set to change this predicament. The three companies are joining forces to help customers gain control but also gain insights from bringing this data and signals together. Satya talked about a common or consistent architectural pattern that had emerged where companies where bringing together date from multiple sources – suggesting that this was a no brainer really and almost like something we have to do for customers. He concluded by saying that this is available today and not something that we need to wait for a date down the road. Start talking to your account teams and partners today.
Reflecting on the message and what was touched on during the Keynote – this is probably one of the weakest to date in terms of connecting with IT Pros and being tangible for them. In fact I spoke to several people who questioned their attendance at the keynote. I know that it’s important to be a little aspirational but, it needs to be balanced with being tangible too. That being said, for the group I was sitting with at Envision most did take something away including myself but, again this is a different audience. As for how to improve this – I was listening to Windows Weekly over the weekend and Paul Thurrott offered up a reply to a question from the audience on this topic and felt that it would be good for Satya to come in at the end of the week, be it Thursday or Friday and bring everything together. Talk to the vision and how the sessions we had seen through out the week come together in to this much larger story. I believe this has some merit and definitely should be kicked around some more as they plan for the 2019 event.
The Microsoft Envision conference is held over 2.5 days beginning immediately following the Vision Keynote. It’s Microsoft’s premier conference for Business leaders from all industries and although the schedule is extremely busy there are lengthy gaps to promote greater networking with peers and an opportunity to talk to partners too.
The over-arching theme is not necessarily new for many of us – its Digital Transformation but, the message that is coming through strongly is that companies who do Digital Transformation successfully are those who blend Business innovation with the technology that empowers the same. Which, is why Microsoft runs the two conferences at the same time. So, that your technology peers can be learning about the latest and greatest technology enhancements and capabilities while as business leaders we can can be attending Envision and understand and learn about new business innovations. Of course that only works when you have multiple people from your company attending so that you can tackle this effectively.
For me personally, I was flying solo last week so, I moved between Envision and Ignite to ensure I maximized my learning and opportunities to connect. I focused on sessions that touched on the industry vertical I am in and complemented this with sessions that talked to the changing world of work and talent acquisition in the new era. Unfortunately, these sessions do not appear to be made public at least for now anyway.
If an invitation comes your way – it’s a great conference for your CIO and CTO to attend.
After attending three previous Ignite’s I was well prepared for what to expect. Having said that, Microsoft does continue to raise the bar each year. With 700+ deep-dive and workshop style sessions – they have you going from morning to dusk and beyond. But, I wouldn’t have it any other way.
While there is so, much content to consume during and post Ignite I’ll focus on sharing some thoughts on some specific areas. For me, Ignite fell into three main buckets:
- Microsoft 365
- Azure and AI (arguably could be considered two)
- Dynamics 365
For the remainder of this post I’m going to focus in on Microsoft 365 and come back to the other two in a follow-up post. While there were hundreds of deep-dive sessions, the technical keynotes were the best source to get the over-archiving vision that each team is currently targeting and how these plans are coming together for the immediate future.
In mid-2017, Microsoft announced Microsoft 365 – a collection of products that includes Office, Windows 10 and Enterprise Mobility + Security. At the time it felt just like a re-branding of Secure Productive Enterprise, which was a licensing bundle available only to enterprise customers . However, a year on it has become so much more. They are really putting the end-user at the center and underpinning this with richer integration and more intelligent security capabilities. Here is the four promises Microsoft is making for Microsoft 365:
As you will note, there is no mention of the products that make up Microsoft 365 here rather there is a focus on delivering greater experiences for users and IT to ensure we can focus on what really matters – our work and collaboration with others while ensuring we are secure and compliant in our modern workplace. For a long time now we have been hearing about greater cross team collaboration at Microsoft and in every presentation I saw last week, and in every side meeting I had this was very evident but, let’s dig in to these promises in more detail.
When I think of unlock creativity I can’t help but, feel that there is an equal partnership here between organizations and the technology that thing bring or introduce into the workplace. With business transformation we have already seen a lot of automation introduced in to the workplace and in doing so, we are unlocking all this time for our people to focus on value add opportunities. But, what studies are showing is that our people’s engagement levels are actually at an all time low if you track it historically overtime. However, we live in this time with an abundance of ideas and connections but, how do we get them to care and live up to their real potential. So, I believe that companies have an equal role to play here in removing barriers and creating a more engaged and motivated work environment. With that achieved we can also turn to our technology partners and drive them to create tools and experiences that removes friction or seems and also provide consistency across the different services so, that we don’t lose the creativity in order to better understand how to operate or interact.
For Microsoft’s part in this equation – they are certainly making good progress.
We know as employees “not all creativity comes from 100% brand new ideas”. More often we are taking an existing idea or piece of work and taking a different approach or perhaps building on it using new technology that was previously unavailable to us. For this to work we need to be able to find information and people and that’s where Microsoft Search comes in to play. I can’t recall now where I heard this but, the phrase at least stuck with me all the same – “Search is easy but, finding is harder” and this is so, true in my workplace as I am sure it is with yours too. Some of you may recall that a year ago Microsoft launched a private preview called Bing for Business that at the time talked about this idea of bringing intelligent search to the workplace that would be powered by Bing. A year on, and having worked with a select group of customers I feel they are coming back with a more compelling story this year. With Microsoft Search they are building on this work but expanding it to encompass search for both inside and outside of Microsoft 365. Microsoft say that “By applying artificial intelligence (AI) technology from Bing to the deep personalized insights surfaced by the Microsoft Graph, we are able to make search in your organization even more effective”. Furthermore they will create a consistent search experience across the entire estate – search in Office 365 (rolling out to target release today), search in the SharePoint mobile app (available today), search in Outlook mobile app (available today), and search in Office apps across all experiences (H1, 2019). By also blending the search experience with Graph they can also provide both context and relevant information from the moment you place your cursor in the search box. I’m really looking forward to seeing this roll out.
Working in large organizations that span the globe you often need to rely on expertise that maybe somewhere else in the world. Last week, Microsoft did show off the working prototypes of the new Surface Hub 2; I didn’t personally see a demo but, the media did get some time with the Surface Hub 2 models as shared by Paul Thurrott and May Jo Foley during last week’s Windows Weekly. Providing a canvas to collaborate effectively when you need to have people connecting remotely has been a huge challenge in the past and this is the space that Surface Hub has been targeting in both the v1 and now even more so in the v2 models. We understand that the first of the two Surface Hub 2 models will be release in 2019 with the larger multi-screen model shipping only in 2020. This shows real promise and I am eager to go hands-on when it ships.
There are 100s of millions of Office users across the globe many of them using it as part of their work tool set everyday. While some may be professional designers and data analysts not everyone using Microsoft Word, Excel and PowerPoint are going to be supreme wizards. A new experience, Ideas is coming to Office that will provide “one-click assistance with grammar, designs, data insights, rich imagery, and more”. With Ideas, you will be able to “work faster and look like a pro while doing so”. You can focus on capturing your creativity idea, while leaving to, Ideas to give you that professional look in PowerPoint or a chart displaying a set of insights in Excel. Continuing with the Office experiences, another new feature I know I will use a lot is the ability “to create a reminder or @mention someone who can help” right inside the document. If you simply type “todo” it will allow you to set this action. While co-authoring is a feature I use a lot, there are times that I am creating a document myself but, I need input from a colleague. When you @Mention someone and they don’t have access you will be prompted to grant them sharing rights and they will in-turn receive the notification. Again, this really re-enforces the approach to remove friction and allow users to create and collaborate with complete freedom. It’s important to note that this functionality will only becoming to Office 365 ProPlus – so, make sure to read-on and see my thoughts on the Modern Desktop below.
These are just a sample of the work Microsoft is doing to help unlock creativity in Microsoft 365. The work the product teams are doing is leaning in more and more on AI but, also following the principles of human-centered design. This is a really exciting juncture of IT and I think we are only just starting to see what is possible.
Built for teamwork
Microsoft Teams arrived for Office 365 almost 2 years ago and I was an immediate fan. It made sense to me straight away – combining conversations, content, apps, calling and meetings into a single user interface (UI); it’s often referred to as a digital hub for team work by both Microsoft and others too. But, as with every v1.0 product it leaves you wanting more and in some cases expecting more. To that point, Microsoft in the past 12 months has taken huge steps to address these and in some case gone even further.
By starting with Teams I’m not suggesting that nothing else in Office 365 matters anymore – quite the contrary. I believe that Office 365 with Teams is making this a more compelling story for the full suite. Without SharePoint you don’t get that rich file and document library experience for managing your content, without Planner you don’t get that light-weight task management solution when working with your team, and so on. Teams is that digital work space we have been looking for to liberate us from the inbox of email and channel conversations into to a space where you can add context through content, history through persistent chat and immediate calling functionality all inside a single experience – I know this is how I want to work! But, let’s look at some of the announcements that Microsoft made at Ignite for assisting in the area of built for teamwork.
A year ago right before Ignite Microsoft announced that Skype for Business (SfB) functionality would be ported to Microsoft Teams. If you are already a SfB online customer today you will be pleased to know that this work is complete and if you have not started work to transition your users to Microsoft Teams, I encourage you to do so today. If you are a SfB on-premises customer you may need to dig into this in a little more detail. The calling and meeting functionality is there but, if you are running enterprise voice then you may be waiting on some functionality that is still in preview right now. So, why make the move? From a technology roadmap – SfB in the cloud will go away and Teams will be that new destination. But, beyond that you really want to do this for your users. Microsoft Teams is a rich digital workspace that will help your people get work done for efficiently and effectively by providing an integrated experience of Apps and tools they are already using but, in a single UI. Here are some of the great feature announcements and enhancements shared last week for Teams:
- (Coming soon) Common files view across SharePoint Online, OneDrive and no Teams. You can now see those custom content types you normally had to jump out to SharePoint for and as well you can now select Sync right from within Teams if this is a library you would like to have access to on your device.
- SharePoint News connector for posting your news articles right into a Teams channel. They also have added a News article archive tab feature to look back at previously published News too. News is a great feature to update your team.
- (Coming soon) Share your screen without needing to start a meeting. This was a major pain put for me and many others. Before now you had to launch a meeting before you could share your screen for private chat. Now you can share your screen without the additional friction in the process.
- (Coming soon) Yammer tab for Microsoft Teams. Your immediate work group or team is very focused in Teams but, sometimes you are looking for feedback or input from across your organization. With the new Yammer tab you can now bring that outer loop conversation right into Teams so, you never miss that opportunity to connect or get feedback from outside your inner loop.
- (Coming soon) Driving mode for Teams mobile to ensure you can still take that call but, not be distracted by video and content that is being shared. When switching to this mode on your mobile it will immediately stop the video feed and as well any content being shared to ensure you can remain focused on driving and not looking down to see what the group may be referring to as part of the meeting. There is a lot of debate as to whether people should join meetings while driving but, for those who do this feature is certainly the safest way to join those calls.
- Meeting recording is that must need feature when you have people who are unable to join or if you would like to ensure you can go back later and review what was discussed. In addition to subtitles one of the other great features is the ability to search inside the video too. Let’s say you missed the meeting and you would like to know what actions may have been pushed your way – well why not search for your name? With this feature you can get both the text of what was said as well the time stamp so you can roll back or forward to get more context on the topic. Available today this is a feature I know I am going to get some mileage from in my workplace.
- (Coming soon) Live event from inside Microsoft Teams. In preview today, you can now schedule those one to many (1:n) events for up to 10,000 participants. You can control who will present as well produce the event. You can also enable Q&A all from within the event management feature. I feel that 10,000 is a little small a number for the larger organizations out there but, I would like to hope that this will be increased in time too.
- (Coming soon) Teams for Firstline works will replace Staffhub. Staffhub was announced two years ago and launched at the beginning of 2017. It was built on Office 365 Groups but, provided a more tailored experience for shift workers who needed to know when their shifts were and as well a way for them to connect with their colleagues. Microsoft announced last week that Teams will replace Staffhub (Oct. 1, 2019) and provide vertical solutions for different industries to ensure they can meet the varying needs that are out there. This Teams experience will see additional tabs added like Home and Shift to support the experiences needed here. Remember factory workers will have different needs to Doctors and Nurses to retail employees – one size does not fit all. I like this for many reasons but, most of all that Teams is again providing that common digital hub for work groups. I look forward to seeing this in action. (Coming soon)
- Translate conversations in Microsoft Teams. Working in a multi-national company I often see posts written in other languages. Assisted by AI, Microsoft Teams now provides an in-line translate feature so, that you never miss out on the conversation composed in a different language. I definitely going to be using this feature.
- (Coming soon) Proximity based joining to meetings will allow you to quickly join a meeting that you are invited to by leveraging Bluetooth beacon-ing technology. With this feature and the placement of Bluetooth beacons in your workplace you are able to locate that near by meeting and from your mobile you will see a banner surfacing that meeting and giving you a quick-join capability without needing to search for it in your schedule.
So, Microsoft Teams really is that one solution for all types of meetings – “spontaneous connections, recurring team meetings, executive reviews, large 1:n” but does so, by bringing in other artifacts that is both intelligent and easy to use and ultimately, providing that modern experience for your modern teams. Not using Microsoft Teams today – I suggest you get started.
Beyond Microsoft Teams, there was a lot of great announcements from the other Office 365 product groups too and the SharePoint, OneDrive and Office team really smashed it out of the park again – no surprise here 🙂 As I mentioned above, the other Office 365 services are pivotal to providing a modern teamwork experience and foundational to this is to provide a powerful and flexible content collaboration solution – one that can meet the needs of the different work groups that exist across industries but, also within industries too. So, the roll of SharePoint is one that is very important in meeting the built for teamwork promise. Here’s how the SharePoint product team look at this as they attempt to address the different scenarios that are out there today:
Let’s dig into some of the big announcements from SharePoint, OneDrive and Office:
- (Coming early 2019) Custom page designs for SharePoint News (pages) so, you can control the design and layout of your pages across your estate. These can be built by organizations and re-used across your company. Providing a consistent branding and look and feel can be really important to ensure people can easily navigate and consume content really fast. This can be particularly true for mobile where the glance time is considerably less than from traditional desktop devices.
- (Coming early 2019) Central asset library provides an approved list of images for use across your organization. You can create this library and populate it with approved set of images covering your brands, logos and any other images that are important to you branding across the organization. This has two major benefits – firstly, getting your people to the images they need when creating pages but, secondly provides a complaint way to ensuring that only up to date media is used. This can be particularity important when your company logo or a brand goes through a change.
- (Coming early 2019) Targeted news using Groups inside your organization. Ensuring people see content is an increasingly challenging dilemma facing us all and being able to target News articles to members of an Azure AD group or dynamic group is a great means to close this gap.
- (Coming early 2019) Organizational News is another feature that will also help organizations manage the dissemination of important News. With this feature you can designate any site as a source for organizational news and post from that site and it will be badge-d to get people’s focus. This experience will carry to mobile to so, that you can ensure your people are seeing it irrespective the device they are using.
- (Coming initially to Android only) News linking helps you share outside content with your working group. We all come across articles we read from the Internet every day and would love to be able share it with our working group(s) internally. With this feature you can now do this through a News link. When you do so, you will be able to add some additional comments or context to the post and publish right into your working group News feed.
- Stream Mobile app for Android is available today and iOS will be available in October. Video is an ever-increasing way to both communicate and collaborate inside our organizations. Enabling this content to be consumed on mobile makes it easier to have “all your training, company announcements or meeting recordings at your finger tips.”. For those of you interested in the enterprise features of this App you will be pleased to know it ships with App Protection capabilities today.
- (Coming soon) Browse document libraries from Share Point mobile app will now mean you no longer need to switch out to OneDrive in order to find files for a site you are navigating. This has been a pain point for many and it’s great to see the feedback has been heard. To be fair here, the SharePoint and OneDrive team really listen to UserVoice and this is another example.
- (Coming soon) Browse document libraries from Outlook mobile app so, you can easily attach them to an email. This really speeds up the experience to share content
There are MANY features I have not covered here including new admin capabilities. I tried to focus on features that will enrich and empower working groups to work more efficiently and effectively especially on the communication front. When I think of build for teamwork I immediately think of Teams + SharePoint (and all that it encompasses in its ever-expanding portfolio i.e. Streams is also part of this group now). That is why I chose to focus in on these two mighty towers of products and feature sets at Microsoft to demonstrate how they are delivering on this promise for Microsoft 365.
Integrated for simplicity
For a great framing of Microsoft 365 I recommend watching Brad Anderson’s session from Microsoft Ignite 2018 and also goes in to a how Windows fits in to the broader strategy at Microsoft . Brad Anderson (Corporate Vice President Enterprise & Mobile Client) is the engineering lead for Integrated for simplicity and so, he focused heavily on this promise too. His message is both clear and simple – it’s all about simplifying your IT with Microsoft 365. It starts with cloud-connect and how you extend your identity tot he cloud. For those already using Office 365 this may already be in place. The next one however is more interesting – co-management. If you have been around long enough in the management space there has been this debate – do I go hybrid? do I go standalone? Well, it’s much clearer now and it’s not an either or decision – you need to enable co-management in your environments today. Co-management is connecting your on-premises Config Management (ConfigMgr) implementation up to Intune in the cloud. By having this in place you gain the benefits of a cloud service – an always on, always up to date and always connected service. It was interesting watching a few people around me as Brad demonstrated the out-of-the-box capabilities when you turn on co-management – definitely a light-bulb moment for some. Do check it out. But, it didn’t end there and to demonstrate some of the collaboration across the Microsoft product teams he introduced a new policy you can now drive through ConfigMgr for the OneDrive Known Folder Move (KFM). A great end-user and IT solution for ensuring a users data is always in the cloud and protected in case of ransomware attacks and enabling simplified device replacement scenarios too. To wrap-up the cloud-connect piece he announced a long requested feature that is rolling out today for Intune – Win32 app deployment support. This is really a big deal. If you are looking to truly manage your Windows estate from Intune you need a channel to deploy your existing app estate and this is now possible. We are in a transition and it’s not about selecting one or the other but, rather embracing co-management today and as you consider full modern management including Autopilot you will of course favor the cloud based solution of Intune to help realize your vision. Are you ready for co-management in your workplace?
Continuing on the admin theme let’s dive into unlock superior visibility and control. One of the things that has bugged me and many others is the number of admin consoles – one for every tool almost. We learned last week that after Ignite 2017, having heard this from many of us they got a team together to look at this particular pain point. It turns out there were 24. So, they set themselves a goal to have a better integrated experience by the time Ignite 2018 rolled around. With that, Brad announced last week that a new M365 Admin Center will be moving into preview – providing a single entry point for any IT professional who is working on M365 – Windows, Office, Management, Security and Identity all in one place. But, if you are just interested in seeking out one of the specialist areas they have also added friendly URLs to make this easy to i.e. if you are interested in the Security area than you are going to want to type https://security.microsoft.com (I like that!) So, here is the admin center approach for M365:
This new admin center experience will allow you to gain greater visibility and insights across your estate but without needing to go out through the individual admin channels of the past. There is also some much-needed aggregation of services and details for individual users and groups so, you can see easily what a user is consuming and also the devices they have connected to your Office 365 service. This is rolling out now and so, you may not see it immediately but, sit tight it’s on its way.
The final piece to Brad’s message is companies need to shift to a modern desktop. To level set here – the Modern Desktop is Windows 10 + Office 365 ProPlus; this is sometimes referred to as the Office click-to-run (C2R) or cloud delivered version. Many companies out there are running Windows 10 and Office but, are not following the servicing model for Windows and therefore missing out on some improved features and capabilities and when it comes to Office we are running the perpetual edition or MSI release so, again we are getting security updates but our users are not getting the benefits of new features that Microsoft is developing. By not moving to Office 365 ProPlus your users are missing out on some fantastic features that make them more productive – from features like real-time co-authoring, to cloud based clipboard that will follow you or designer ideas in PowerPoint to quickly lift your decks to a more professional look and feel. So, if your company is still deploying the perpetual version of Office – definitely consider making the switch.
To support customers on their journey to Modern Desktop Microsoft has taken the Workstation Analytics tool, re-branded it to Desktop Analytics but, also added some richer insights and tools to help customers make the move to Widows 10 and the recently updated semi-annual servicing model. If you haven’t seen this, go check it out today. Now, if you find an app compatibility issue as part of your assessment of your estate Microsoft launched a new service this week (starting October 1.) called the Desktop App Assure program where you can go through Fasttrack to get help from the Windows engineering team – if it’s found to be a Windows issue they will fix it there, if it’s App problem they will do their best to work with you to fix the App. An interesting data point shared while building this tool was that they had a view of over 60,000 apps from the customers they were working with at the time and only 55 had compatibility issues. That’s an extraordinary number really, which means for most companies App compatibility is possibly not the big blocker here rather it’s the actual switch from Windows 7 to 10 – be it end-user readiness, or the mechanics.
The conclusion here is really simply – cloud-connect what you have to get the benefits of reach and control within the cloud. Gain superior visibility and control with the new admin center, through enabling conditional access and Intune security baselines. Finally, shift to a modern desktop this is Windows 10 + Office 365 ProPlus and use desktop analytics to help get you there through assessing your complete estate – hardware and applications.
Immediately following, Brad’s session Joy Chik (Corporate Vice President for the Identity Division) and Rob Lefferts (Corporate Vice President for M365 Security) launched into the fourth promise for M365 – Intelligent Security. There is a “war we are all fighting and a war we need to turn the tide” – and Microsoft is looking to provide the tools and insight to help customers overcome cyber crime and to deal with the many obstacles that they are facing today. But, of course the landscape has changed dramatically in recent years – the rise in the number of devices, the absence of a a single office to protect and the complexity of it all is making this almost humanly impossible. Therefore by wrapping this with a cloud service they can leverage AI and automation in order to make this promise possible. This promise is supported by the following four services:
- Identity & access management
- Threat protection
- Information protection
- Security management
As organizations embark on their Digital Transformations the rise of devices, the expansion of applications and the loss of physical walls is driving the need to put “identity is at the center of security” – after all, there is (or should) be only one of us. By using identity and access in the cloud, like you do with Office 365, Microsoft is able to globally monitor to these signals and analyze them through data models and advanced AI techniques and protect you against malicious attacks. Although your company may not be targeted at that point in time, Microsoft is able to quickly thwart these attacks for all customers.
In Joy’s message for identity and access management she shared that one of the most common attacks they see is from stolen passwords. Microsoft state that by enabling MFA in you organization for your end users you would reduce the risk of attack by 99.9%. So, there was again a BIG push this year to introduce MFA for end users. Sadly, Microsoft’s own telemetry shows a very low uptake for MFA today and I believe personally this needs to change. We cannot continue to operate with the old perimeter based model rather it needs to be a zero-trust approach “one where we treat as if everything is open to the Internet” and in that case you never trust and almost always verify. Joy, talks about the need for customers to have a robust strategy for achieving this approach one where you can consider users, devices, applications and data and is wrapped with policies and signals that will determine whether to allow, verify or block access. “Azure Active Directory Conditional Access is [Microsoft’s] policy toolkit to help you implement your zero trust strategy” and is highly enriched with 10s of GBs of signals to power this intelligent experience to manage access to your cloud assets. Conditional Access is not just for managing access at the gate but, is evolving to cover session based scenarios like when a device state changes. I am a huge fan of Conditional Access so, if you are not already using it in your workplace I suggest you immediately check it out and create your first policy to enforce MFA in your workplace; you can scope this per App and/or device. Check it out today!
Finally, Joy introduced the public preview of the new Azure AD password-less login is now available. Following in the foot-steps of the consumer experience users will be prompted in their mobile Authenticator app to select the matching number they see on the authentication flow screen and then verify that they are the owner of the device by using Touch ID for iOS and fingerprint or PIN on Android. I’m working to see this turned on ASAP and I recommend you do too.
The Threat Protection product set has also gone through a major overhaul this past year. Linked to the work on unlock[ing] superior visibility and control and the new M365 admin center by the end of the year customers will begin seeing the new Microsoft 365 Security Center; bringing together Office 365 ATP, Windows Defender ATP and Azure ATP. Is a fully integrated experience pulling data for users, devices, emails and signals to give SecOps a platform for both analyzing and managing breach incidents across your landscape. Rob, talks about connected views or stories and how these are not just alerts. You can click into them and understand the full scope of the story – how did they break-in, how did they move around and what did Microsoft Threat Protection do automatically to contain this event. This is an extremely powerful platform for any SOC. However, we all run complex heterogeneous environments and so, this is not the only area that our SOC teams will need to look. To help tackle this problem, Microsoft is opening up the Microsoft Security Graph API for 3rd Parties and ISVs to leverage and create more aggregated views that can help SOC teams. This certainly sounds promising but, as with any of these tools it will take team. For a deeper look at how Microsoft Threat Protection the framework and the measures Microsoft is taking to help protect customers – I recommend you check-out the session: Leveraging the power of Microsoft threat protection to secure the modern workplace across data, endpoints, identities, and infrastructure
The next pillar of the intelligent security promise is Information protection. In the session, Rob spoke about how “at the end of the day most attacks are about data. Stealing, Ransoming. Or even just destroying your critical intellectual property – the lifeblood of your company”. Here the focus is on understanding your company’s “information estate” and how you can know where it is, how you can protect it and ensure that you can gain control of your data. This is where Microsoft Information Protection can help. You may know this as Azure Information Protection and before that Azure RMS. Let’s just say the product has been on a journey and together with a successful acquisition (Secure Islands) along the way it’s now a comprehensive set of technologies that can help you – discover where your content lives, classifying and protecting it anywhere it lives and “ultimately forms an anchor for both security” and compliance to ensure that you meet regulatory requirements too. Rob, rightfully points out that unless this is baked in to the end-user experience and is both effortless and easy to understand you will not be successful here. To that point, Microsoft has taken strides here to not only surface this technology in the different Office product entry points (Mobile, Desktop and Web) but, also pivot on the label to drive both Cloud App Security discovery and Azure AD conditional access rules too. The idea to classify, label and protect content is not new at an industry level and many have tried and created a huge mess for themselves. I recommend you start by understanding the content you have and defining the information standard or taxonomy for your company. From here you can begin to turn on the discovery capabilities and get some insight to your information estate. Only after this should you consider defining access and verification rules for your content.
The final pillar under intelligent security is security management. Earlier this year Microsoft announced Office 365 secure score, which reviews your activity and settings in your tenant and provides you score. You can improve your score by following the actions outlined by the tool. Well, last week announced that they are increasing the scope of secure score and under the name of Microsoft Secure Score it will now include both EM+S and Azure; the latter being an ever-expanding set of actions as new features and services are onboarded. I warn you now – the first action you will be asked to take is turn on MFA 🙂 Don’t be discouraged by that it’s a great initiative and one that all companies should consider enabling and defining an action plan to drive grater security in their environments. Of course, some controls may be in place but, are managed by a 3rd party platform – well, they have thought of that too and you can mark them accordingly. So, there is really no excuse. Get started today.
For now, that’s my review of Microsoft 365 at Ignite 2018. I have watched many of these products come to market, I have personally provided feedback that has led to certain developments to many but, for now I feel confident and comfortable that they are definitely heading in the right direction. So, if you are not already evaluating Microsoft 365 or perhaps you are not looking at all features – well, take another look. It’s constantly changing and improving too.
In part 2 of my week at Microsoft Ignite 2018
In my follow-up post I’ll go into some of the announcements and messages surrounding Azure and as well touch on some specifics in the Dynamics 365 space too. Be sure to check back soon.