The question is no longer if AI fits into legal work, but how to deploy it responsibly and effectively.  

For instance, ContractPodAi has been collaborating closely with Microsoft to develop the next generation of agentic automation using Microsoft’s Azure OpenAI in Foundry Models. This collaboration highlights how AI is rapidly becoming integral to legal workflows, automating routine tasks and placing software development companies (SDCs) at the forefront of the sector’s digital evolution.  

In short, LegalTech is at a pivotal moment, offering huge opportunities to those who get it right. For software development companies (SDCs) building solutions for the legal sector, this wave of innovation presents a unique opportunity and new responsibilities, as reflected in real-world deployments.  

Leveraging Microsoft’s AI and Cloud platform 

For SDCs building these solutions, choosing a secure, AI-ready cloud platform is critical. Microsoft Azure, for example, offers one of the most secure and scalable environments for LegalTech. It meets rigorous standards, such as UK GDPR and the Data Protection Act 2018; ISO 27001, 27017 and 27018 for information security and cloud privacy; SOC 1, 2 and 3 reports; and Cyber Essentials Plus (a UK government-backed schedule) – all essential for handling sensitive legal data.  

Many top law firms and legal SDCs already leverage Azure OpenAI and the Microsoft cloud ecosystem to drive innovation. By integrating Azure’s large language models into legal workflows, they can automate document review, speed up legal research, generate high-quality content and enable intelligent contract analysis.

They can also pair Azure OpenAI with Microsoft 365 tools to jump-start solutions in contract lifecycle management, process automation and legal data insights. In short, building on a trusted cloud with ready-made AI services helps SDCs deliver value faster – without compromising on security or compliance. 

Agentic AI – revolutionising the legal landscape 

AI-powered agents are systems capable of autonomous decision-making and task execution, and they are already helping transform the legal industry. From the perspective of an SDC building solutions, there are several high-impact use cases, as shown in the graphic below:

From startup to scale: how ISV Success empowers software innovators 

If you’re further along in your journey as an SDC, you can leverage our ISV Success programme to expand your solution and accelerate growth. Check out some key benefits in the following graphic:

ISV Success is free to join and the benefits include: 

• Technology access: Over $125,000 in free benefits relating to Azure, GitHub, Visual Studio, Azure OpenAI and more. 
• AI enablement: Access to Azure AI Foundry, GitHub Copilot credits and AI certification vouchers. 
• Marketing support: Co-branding, social promotion, listing optimisation and seller webinars.  
• Training and support: One-to-one technical consultations, community support and 24/7 Azure support. 
• Marketplace Rewards: Performance-based incentives, including Azure grants up to $400,000. 

View all ISV Success programme benefits

Accelerate your go-to-market strategy with the Microsoft Commercial Marketplace 

The Microsoft Commercial Marketplace is a partner-focused platform that helps you grow your reach, simplify your sales process and unlock new opportunities. It’s designed to shorten sales cycles by streamlining procurement, giving you direct access to customers, and enabling customisable deals — through Private Plans or tailored pricing and terms with Private Offers.  

Once your solution is published in our marketplace, customers can: 

• Streamline procurement and speed up onboarding of thousands of SDC and SaaS vendors
• Maximise MACC value with 100% of licence costs counting towards their commitment 
• Stay in control of purchase governance through RBAC, permissions and policies

Join the Microsoft AI Cloud Partner Programme 

Start accelerating success today by joining the Microsoft AI Cloud Partner Programme. Meanwhile, you can use our links below to explore the latest ISV Success programme benefits and learn how developers can create intelligent apps that help elevate user experiences.  

Find out more 

Join the Microsoft AI Cloud Partner Programme 

Explore the Microsoft Commercial Marketplace 

Watch the webinar: What is New in ISV Success – AI Benefits and More 

Get the e-book: Transform ISV Applications with Intelligent AI Personalisation 

About the author 

With a focus on driving partner success, Riz plays a pivotal role in fostering strategic partnerships within professional services. His expertise lies in collaborating with software development companies (SDCs) and other businesses with substantial growth potential, particularly those interested in AI and disruptive market strategies. 

The post AI and cloud innovation: shaping the future of LegalTech for software development companies  appeared first on Microsoft Industry Blogs - United Kingdom.

If you’re a software development company (SDC) in this sector, the Microsoft AI Cloud Partner Programme provides the tools and resources you need to drive innovation and growth. It can support you whether you’re developing AI-powered applications for the first time, migrating from another cloud provider or simply looking to expand your reach.

In this blog, we’ll explore how maximising your Microsoft partnership as a healthcare SDC enables you to build, scale and sell AI-powered healthcare solutions that make a real impact.

Build AI solutions with Microsoft for Startups

Microsoft for Startups helps early-stage healthcare companies overcome barriers in launching and scaling AI-powered applications. Founders can access:

• Azure cloud credits to build AI-powered, HIPAA-compliant applications with security and scalability.
• 24/7 Azure Standard Support, ensuring AI-powered healthcare applications run smoothly and efficiently.
• GitHub Enterprise for secure, collaborative development of AI health-tech solutions.
• Azure OpenAI Service, enabling SDCs to integrate advanced AI models into healthcare applications.
• LinkedIn business tools to better connect with healthcare professionals and institutions.
• Microsoft 365 Business Standard for productivity and seamless communication with healthcare clients and stakeholders.
• Mentorship and technical advisory hours with AI and industry experts.

These benefits allow healthcare SDCs to focus on building transformative AI solutions that will help patients and care providers without worrying about infrastructure limitations.

Figure 1. Four key business stages supported by the Microsoft for Startups programme.

Develop, extend and sell AI-powered solutions through ISV Success

For established SDCs aiming to scale their AI-powered healthcare applications, ISV Success (now in public preview) provides resources to enhance software capabilities, improve cloud efficiency and reach new markets. Benefits include:

• Developer sandbox with Microsoft Cloud credits for building secure and compliant AI-powered healthcare applications.
• Best-in-class AI development tools, including Azure Machine Learning, GitHub Copilot and Visual Studio.
• Technical advisory hours and AI architecture reviews to ensure robust and scalable solutions.
• Consultations on publishing AI-powered healthcare apps in the Microsoft commercial marketplace.
• Opportunities to qualify for additional cloud credits and up to 50 hours of business and technical AI consultations.

As an ISV Success member, you’ll also gain access to Marketplace Rewards, which provides go-to-market benefits that help increase your visibility and reach, and accelerate growth.

Figure 2. The ISV Success Programme can support you as you build, publish and grow.

Go to market with the Microsoft commercial marketplace

Reaching healthcare organisations, hospitals and clinics can be challenging. The Microsoft commercial marketplace simplifies this process by offering a trusted, scalable platform to showcase your AI-powered solutions. Healthcare software development companies can:

• List, trial, consult or transact their AI-powered applications through Microsoft AppSource and Azure Marketplace.
• Sell directly to healthcare providers, payers and life sciences organisations.
• Benefit from Microsoft’s co-sell programmes, increasing visibility and adoption.
• Enable customers with Azure consumption commitments to apply their existing credits towards buying AI-powered solutions.

Healthcare SDCs using Marketplace Rewards see five times more sales than those without it, making it a powerful tool for expanding your market reach.

Maximise value with a Microsoft Azure Consumption Commitment agreement

A Microsoft Azure Consumption Commitment (MACC) agreement offers additional benefits that can significantly enhance the value proposition for healthcare SDCs. By entering into a MACC agreement, partners can:

• Optimise cloud spend: Commit to a specific level of Azure consumption for cost savings and more predictable cloud expenses.
• Access additional resources: Gain access to exclusive resources and support to help maximise the value of your Azure investment.
• Enhanced co-sell opportunities: Leverage Microsoft’s extensive sales network to co-sell your AI-powered healthcare solutions, increasing market visibility and adoption.
• Flexible payment options: Benefit from flexible payment terms that align with your business needs and growth trajectory.
• Priority support: Receive priority support to ensure your AI-powered applications run smoothly and efficiently.

By leveraging a MACC agreement, you can unlock even greater potential for innovation, scalability and market reach, helping make a significant impact in the healthcare industry.

Pangaea Data: innovating AI-powered apps with Azure

As a Microsoft partner, Pangaea Data leveraged the Microsoft AI Cloud Partner Programme to drive innovation and growth. Its AI-powered healthcare applications foster collaboration and improve patient outcomes while saving the NHS £1 billion.

Read the customer story: Pangaea Data built novel AI with Azure

Pangaea Data’s success illustrates the transformative power of partnering with Microsoft. It shows how SDCs can leverage our robust cloud platform and resources to drive innovation and achieve remarkable business outcomes.

Join the Microsoft AI Cloud Partner Programme

Start accelerating success today by joining the Microsoft AI Cloud Partner Programme. In the meantime, check out two key Microsoft SDC resources below – an e-book explaining how developers can create intelligent, personalised apps that elevate user experiences; and a webinar outlining new resources and financial incentives in our ISV Success Programme.

Get the e-book: Transform ISV Applications with Intelligent AI Personalisation

Watch the webinar: What is New in ISV Success – AI Benefits and More

Find out more

Join the Microsoft AI Cloud Partner Programme

Microsoft AI Cloud Partner Programme

Microsoft commercial marketplace

About the author

Ruth Bickerton is a Senior Partner Development Manager at Microsoft. With a focus on driving partner success, Ruth plays a pivotal role in fostering strategic partnerships within the healthcare sector. Her expertise lies in collaborating with software development companies (SDCs) and other businesses with substantial growth potential, particularly those interested in AI and disruptive market strategies.

The post Software development companies in healthcare: grow your business with Microsoft AI appeared first on Microsoft Industry Blogs - United Kingdom.

People say that the last part in a trilogy is the perfect way to close out a movie series. But what happens when the last movie was actually the prequel?

Microsoft has remastered existing guidance in “Entra ID vision” as a series of documents under the banner “Microsoft 365 guidance for UK Government”.  Following the release of the Information Protection guidance and the update to External Collaboration guidance, we have also remastered the one that kicked it off: Secure Configuration Blueprint.

Microsoft 365 Guidance for UK Government

The three-piece collection provides a common baseline which UK Government departments, and their partners, can use to enable secure use of Microsoft 365.

The goal of the Secure Configuration Blueprint is to create a secure foundation for a Microsoft 365 tenancy. It provides guidance using the “Good, Better, Best” approach targeted on feature availability by licence, offering policies and settings that protect your Microsoft 365 tenancy from the most common attacks.  It includes:

• Securing identities that access services, including privileged users.
• Protecting devices that your users use to access services.
• Configuration of services to require use of the above when accessing data.

The updated Secure Configuration Blueprint guidance is the base upon which the other pieces of guidance are built. But how have we got to where we are today?

Securing user devices

It all started as a result of understanding that device trust was key to protecting the data stored locally and in datacentres.

In 2004, on the back of some high-profile worm viruses, SQL Slammer (January 2003) and Blaster (August 2003), Microsoft worked closely with Communications-Electronics Security Group (CESG), now a part of the NCSC. This joint effort developed a set of security controls to take advantage of the security improvements in SP2 for Windows XP, including Windows Firewall on by default, Software Restriction Policies, and Automatic Updates enabled by default.

The outcome of this work was known as the “Government Assurance Pack” or GAP for short. GAP was revised and updated for Vista and Windows 7 and added BitLocker device encryption and AppLocker when those features were released.

Moving forward to 2014, and CESG moved to a model that evaluated all end-user devices, PC and mobile, against a common set of principles, the End User Device Security Principles. Windows 8 (8.1), Windows 10 and Windows 11 have all had End User Device (EUD) security guidance developed with CESG initially and then the NCSC when that was formed in October 2016.

By following the latest guidance provided by NCSC, organisations (including Government departments) can be confident that the devices used by their users to access and handle data are secure against common attacks.

Figure 1. Timeline leading to the updated Secure Configuration Blueprint guidance.

Securing cloud services

The UK Government introduced a “Cloud First” policy in 2013 for all technology decisions with the NCSC, publishing 14 Cloud Security Principles (originally in December 2013) to support Government as it started to adopt cloud services.

Historically, the focus of the guidance was on securing devices but, with the UK Government adopting a Cloud First policy, data was no longer being stored in on-premises datacentres and networks. Instead, it would increasingly be stored in Public Cloud services like Microsoft 365.

To address this, Microsoft worked with the NCSC to produce guidance for Microsoft Azure in October 2017, and in July 2019 we released the initial version of Office 365 Blueprint and a supporting document detailing how Office 365 met the NCSC 14 Cloud Security Principles.

As a result, in parallel to releasing Office 365 guidance, we also worked with NCSC to produce the first MDM (Mobile Device Management) End User Device (EUD) guidance for cloud-managed Windows 10 EUDs using Microsoft Intune. This guidance formed the base for Microsoft’s first cloud-based Privileged Access Workstation (PAW), allowing organisations to manage their risk in Microsoft 365 management. Microsoft recommends using a PAW for administrative access and managed EUDs for standard user access, both using Entra ID to secure access to cloud services – please refer to Protect Microsoft 365 and Securing Privileged Access.

Once the foundational guidance was released, and on the back of the challenges that the COVID-19 pandemic brought to UK Government departments, we worked with NCSC and Government Security Group and released the first iteration of our BYOD guidance in June 2020.

The rest is history, as they say. Working with Central Digital & Data Office (CDDO) and NCSC, the Cross-Government Collaboration guidance was released in 2021 and updated in 2023, along with the release of the Purview Information Protection guidance.

With that, UK Government departments have at their disposal guidance for how to securely configure their Entra ID and Microsoft 365 tenant, classify and protect their data, and use it to securely collaborate with not only other government departments but also industry partners.

But remember, if you don’t pay attention to the film, the sequels might be confusing. So, ensure that you implement the guidance in the Secure Configuration Blueprint before looking to adopt the External Collaboration or External Collaboration guidance.

Find out more

Read the Secure Configuration Blueprint

Guidance on protecting government data using Microsoft Purview

About the author

James has spent his entire IT career of 27 years specialising in the security arena, the last 22 of which have been for Microsoft. Based in the UK, he works in the key areas of security and identity in the public sector as a Security Technical Specialist. He is a regular contributor to Microsoft docs for Securing Privileged Access and was the lead architect for the Microsoft 365, External Collaboration, Information Protection, and BYOD guidance produced for Cabinet Office and NCSC.

The post Updated Microsoft 365 security and compliance guidance for the UK public sector appeared first on Microsoft Industry Blogs - United Kingdom.

Transacting through our marketplace connects you to thousands of pre-vetted Microsoft partner solutions, enabling you to rapidly accelerate your AI transformation and drive business outcomes. Whether that’s helping to enrich employee experiences, reinvent customer engagement or reshape business processes.  

It also represents smart spend. To move at the speed of business today, many companies prefer buying to building cloud apps, handing off the associated costs and management to SaaS partners while provisioning end-to-end solutions quickly and reliably. 

In this series of four blogs, we’ll dive into some exciting new AI-powered software solutions and how they can benefit your business. Here’s a taste of what follows.

Decision intelligence for service operations 

Imagine if every decision that service operations teams make were consistently more accurate, timely and planned for. That’s countless micro-gains every minute of the day – at your fingertips. Delivering “decision intelligence” for service operations in banks, insurance companies and healthcare providers,

ActiveOps’ blend of AI and human intelligence delivers the most complete and useful set of predictive and prescriptive insight to help make better decisions at the right time – resulting in over 20% more capacity, over 30% boost in productivity, and significant business impact, quickly. 

Guarding against cyber disruption, 24/7 

Darktrace offers global leadership in cybersecurity AI. Rather than study attacks, Darktrace DETECT’s “Self-Learning AI” technology continuously learns about your organisation, inside and out, and applies that understanding to optimise your state of cybersecurity. Darktrace is fuelling a continuous end-to-end security capability that can autonomously spot and respond to novel in-progress threats within seconds.

Read Blog 2: Safeguard your business with AI-powered security solutions 

Harness emerging Causal AI to go beyond prediction 

Causal AI is a new class of machine intelligence that overcomes many of the issues seen with traditional machine learning and AI. Using Causal AI models, organisations can now go beyond making predictions to answer “what-if?” questions.  

causaLens is the only company to have productised Causal AI through its decisionOS solution – enabling customers to optimise pricing and promotions strategies, fine-tune the marketing mix, anticipate and pre-empt customer churn, and much more. decisionOS is available via the Microsoft marketplace.

Read Blog 3: Optimise business operations through AI-powered solutions 

Delivering outstanding people processes 

Zellis is the largest provider of payroll and HR software, and managed services, to companies in the UK & Ireland. Built on Microsoft Azure, Zellis HCM Cloud connects into PowerBI for analytics, and Power Automate to create integrated solutions for payroll, HR, benefits, and recognition – driving efficiencies and staff satisfaction across your entire organisation.

Read Blog 4: Deliver transformational employee experiences through AI-empowering solutions

Empowering smooth operations from start to finish 

Innovation is thriving across sectors such as banking, finance and insurance, with support from the Microsoft cloud. Enate helps large enterprises to better manage end-to-end workflow smoothly, harnessing the power of automation and AI.

Powered by the Microsoft Azure OpenAI Service, EnateAI saves Operations teams from having to buy, train and test costly AI MLops solutions from third-party vendors. Instead, just “switch on” EnateAI to extract data from documents, categorise and automate email processing, and understand your customers’ sentiments, driving efficiency and cost savings straightaway.

Making smarter decisions, faster 

Imagine building your own AI-powered data extraction models with no data scientists required. That’s AI with real ROI, a solution offered by Eigen that reduces the amount of time your organisation spends on manual processes by up to 90%.  

Eigen’s no-code AI platform automates the extraction, classification, and understanding of data from any kind of document, so customers can make faster, smarter decisions. Leveraging Microsoft capabilities, Eigen’s software integrates multiple AI technologies, including natural language processing, machine learning, and computer vision.  Building a model requires only a small number of training documents, which means business users can start automating their document workflows quickly. 

Using AI to make working capital more accessible 

Trade Ledger’s mission is helping every business get the capital they need to thrive, through enabling banks and alternative lenders to simplify complex business lending. Using Large Language Models, finance professionals can query their business systems using natural language and get rich analysis and insights into their working-capital needs. AI matches their funding needs with appropriate lending products; once a product is selected, it performs the loan application process.  

By integrating AI, Trade Ledger bridges the gap between what businesses need and what lenders have on offer. It also speeds the application and decision-making process, contributing to a more accessible and transparent working-capital market. 

Reimagining trade transactions 

Meanwhile, Traydstream – a trade finance document-checking automation and digitisation platform – has partnered with Microsoft Azure to reimagine the paper-based processes that support trade finance. Available on the Microsoft marketplace, Traydstream uses a machine learning-based engine, slashing the time to complete checks on the dozens of documents and over 400,000 rules-permutations generated by a single transaction. Traydstream is now collaborating with Citi to provide their clients with access to this cutting-edge and automated trade-document processing capability. 

Start your AI transformation journey today  

Whether it’s safeguarding your organisation and data, amplifying human ingenuity or delivering transformational customer experiences, buying cloud-driven AI software solutions through the global marketplace allows your business to be more innovative, agile and resilient, with less complexity, time and cost. 

That’s because the Microsoft marketplace offers the most comprehensive catalogue of certified cloud solutions anywhere. We’ve made procurement simple, enabling you to complete your entire journey in one place, with straightforward invoicing.

Your organisation’s existing Azure cloud commitment means you can benefit from faster time-to-value, integrating solutions that work with your current technology. In addition, software/IP costs incurred by buying solutions contribute 100% off your Azure Marketplace invoice. You can also rest assured that you’re buying and running solutions on a trusted cloud that boasts industry-leading security. 

We hope you enjoy the other blogs in our series. Meanwhile, why not check out more solutions on the Azure Marketplace? For more information and partner introductions, contact our ISV team.

Other blogs in this series

Blog 2: Safeguarding your business with AI-powered security solutions 

Blog 3: Optimising business operations through AI-powered solutions 

Blog 4: Deliver transformational employee experiences through AI-empowering solutions

About the author

James joined Microsoft 15 years ago and has held leadership positions across the Consumer, Enterprise, and the Partner teams at Microsoft. James is currently the ISV Ecosystem Lead and has a passion for people and technology coming together to drive customer success. James has been at the forefront of Cloud & Digital transformation for the last 10 years launching new business models and driving transformation through the Microsoft Partner ecosystem resulting in and contributing to exciting new revenue streams and significantly accelerated growth for Microsoft and Partners.

The post Driving AI transformation with the Microsoft commercial marketplace  appeared first on Microsoft Industry Blogs - United Kingdom.

Today, the pressures are different. The global workforce is shrinking as the population ages. Labour productivity is in the doldrums. And, with a more connected global population, security threats emerge and evolve faster than ever. While human ingenuity and expertise will always be needed to defend against these threats, 87% of leaders see AI as a market advantage.  

Whether you’re looking to improve agility and security in your SAP workloads, wanting to innovate without disrupting core business processes or looking for more control over your SAP migration, the cloud and AI offer a unique opportunity.

Here are five ways the Microsoft Cloud can help you harness the power of AI and extend your SAP capabilities. 

1. Create faster with AI-powered data insights

In a world of deadlines and labour-intensive tasks, innovation and creativity can suffer. By integrating Azure AI services to your SAP data, you can optimise your workflow and empower your employees to create ideas and content faster. Our AI-powered data platforms also help you complete time-consuming tasks with ease, offering instant and intelligent insights that propel your work forward. 

An example is the Microsoft Fabric platform. It delivers data analytics in a software-as-a-service model, with an open, lake-centric data architecture and deep integration with Microsoft 365. Its built-in AI Copilot helps you find out what you need to know using natural language. In addition, it’s built to work across clouds, so you can easily migrate elsewhere in the future. 

Part of the Microsoft Intelligent Data Platform is Power BI, relied on by the vast majority of Fortune 500 companies. With easy-to-use AI analysis capabilities and AI-powered data summarisation, it helps you find insights, make decisions and take appropriate action with ease.  

2. Improve collaboration and productivity

To get the most from your employees, they need to be freed from siloed technology, software and business processes. You can enhance employee productivity by integrating and giving access to SAP data in Microsoft 365. 

With Microsoft 365 Copilot, your AI assistant can help you keep work organised and your employees productive. It combines the power of large language models (LLMs) with your data in the Microsoft Graph – your calendar, emails, chats, documents, meetings, and more – and the Microsoft 365 apps to turn your words into the most powerful productivity tool on the planet. 

Copilot for Microsoft 365 works alongside your favourite day-to-day office apps. Just a few examples:

• You can be more creative in Microsoft Word, as Copilot writes, edits, summarises and creates alongside you. Rapidly find key information or get a head start by generating (and then re-generating) a full client brief.

• Copilot helps put all the rich capabilities of Microsoft Excel at your fingertips. It will review and edit data with simple prompts, make sheet-wide updates in seconds, and visualise key insights from large data-sets. 

• In Microsoft PowerPoint, you can now quickly summarise an entire presentation deck, or organise your deck into sections. Copilot also makes it easy to transform existing written documents into full decks, complete with speaker notes and sources – all with a few simple, spoken prompts. 

• With Microsoft Outlook and Teams, Copilot lightens the load and provides the gift of clarity. Summarising long email or message threads (with bullet points and all), pulling out different opinions expressed in meetings, and quickly drafting suggested replies and action items, all in real time. So you can unlock the magic of efficient and effective meetings. ​ 

Combining Microsoft Generative AI with SAP’s SuccessFactors and Joule enables new experiences for HR leaders, recruiters, hiring managers and employees. They can now create tailored job descriptions based on SAP SuccessFactors data and external data. Or rapidly generate interview questions based on an applicant’s CV. Using Microsoft Viva Copilot, employees will be able to curate their own learning paths. 

3. Simplify with automation and innovation

When great ideas or highly productive employees are held back by repetitive or labour-intensive business processes, it can stifle progress and creativity. Simplify your business process with AI-powered development and automation, using your SAP data. 

For over a decade, we’ve been progressively unifying the Microsoft Power Platform into a unique, fully integrated and cloud-powered suite. With solutions such as Power Apps, Power Automate, Power Virtual Agents and AI Builder, we’ve reinvented how all makers develop software, further democratising access to innovative business solutions.

Today, all employees have access to the tools they need to create applications, solve problems, automate workflows and analyse data more effectively. With Copilot working as your AI assistant in Power Apps, the development process is more accessible and less repetitive, so your development cycles don’t get slowed down.

Just describe your goal verbally, and Power Apps will use integrated AI to generate code, and even build complete apps. Check out the latest AI and other advances built into Power Apps.

You can also auto-generate working apps and data within seconds from images and design files. Save time, build more complex solutions, and reimagine business applications. Empower anyone across the business to create apps quickly and easily. 

4. Improve developer productivity with Copilot

Working faster and smarter can be crucial when it comes to business competitiveness and innovation. One of the most exciting new capabilities we’ve recently launched with GitHub is a new service we call GitHub Copilot. It can empower developers to save time and energy with AI-generated code, and helps easily integrate AI capabilities into SAP ABAP applications. 

GitHub Copilot provides an AI-pair programmer that works with all of the popular programming languages. This dramatically accelerates developer productivity. Up to 46% of all new code written by developers using Copilot is now fully AI-generated, with developers reporting a 55% productivity boost by using Copilot. 60% to 75% of developers who use GitHub Copilot also say it helps them focus on more satisfying work and enjoy their jobs more. 

5. Stay ahead with AI-powered security

Keeping protected against cyberthreats in today’s security landscape means being able to respond quickly and effectively. With Microsoft Security Copilot, you can do just that. 

Security Copilot combines the most advanced GPT4 model from OpenAI with a Microsoft-developed, security-specific model. It’s powered by Microsoft Security’s unique expertise and scale, sifting through 65 trillion signals daily. So whether you need to detect hidden patterns, harden defences or respond to incidents in your SAP systems, it’ll help you do it better and faster. 

As the first and only generative AI security product to help defend organisations at machine speed and scale, Security Copilot helps you be more effective and efficient while also supporting your teams to solve security challenges. It runs on our security and privacy-compliant hyperscale infrastructure, which is unique to Microsoft and brings the full benefit of being on the Azure cloud platform. And over time, it will work with a growing ecosystem of products from third-party vendors. 

With this comprehensive approach, and all your security capabilities in one place, you’ll benefit from unparalleled simplicity, visibility, automation, and intelligence.  

Extend SAP and innovate on Microsoft Cloud

Redefine what’s possible by integrating AI and Microsoft into your SAP data. It can help empower your employees, accelerate savings in your business, optimise your workload and enhance your productivity.  

To learn how AI can benefit your organisation and how we’ll support you through the change, please contact the authors, Sean Pilkington and Tom Payne, or your Microsoft representatives. 

Find out more

Microsoft Discovery Day: SAP on the Microsoft Cloud

Maximize SAP Investments by Migrating to the Microsoft Cloud: On-demand webinar

Innovate on Your SAP Data with Power Platform Integration: On-demand webinar

About the authors

Sean Pilkington

As the SAP on Azure UK Lead at Microsoft, Sean draws on over 20 years of experience in SAP design and solutioning to help clients visualise how their SAP solutions can be deployed into the Azure cloud. He thrives on demonstrating innovative technology that seamlessly blends with SAP to give customers the best experience, while enabling their business to drive down costs, increase ROI on technology and accelerate their digital transformation.

Tom Payne

As the SAP on Azure Sales Lead at Microsoft, Tom brings a wealth of experience to empowering SAP customers as they embrace cloud transformation with Microsoft Azure. He is adept at simplifying complex technology applications while optimising the customer journey.

The post Embrace the art of the possible: 5 ways Microsoft AI can enhance your SAP workload  appeared first on Microsoft Industry Blogs - United Kingdom.

The use of automated detection and response systems can help tip the scale in favour of defenders by using risk-based algorithms and anomalous activity detection to flag events that require human expertise to investigate further. This helps security analysts detect patterns and behaviours that are not obvious to the human eye, with more precision and speed than human defenders alone.

The background to “cognitive cyber”

As advances in dynamic and adaptive cyber defence systems become reality, what do organisations need to do to become ready for cognitive cyber, and what exactly is it?

Cognition refers to the mental processes involved in gaining knowledge and comprehension. Cognitive cyber attempts to simulate that process with the application of self-learning algorithms, natural language processing, and big-data mining techniques as applied to the cybersecurity domain. It uses cognitive system overlays to traditional artificial intelligence (AI)/machine learning (ML) models to achieve something greater than the sum of the parts. 

To recap:

• Classic/traditional AI and ML​ detects and classifies, and can work on vast amounts of data for use in real-time applications and automation of capabilities. ​Traditional AI is strong when it comes to looking at a large field of data and finding patterns or continuations (like making recommendations).
• Generative AI (GAI), often powered by generative pre-trained transformers (GPT), effectively understands and creates content. It works on relatively small chunks of data – text, images, sounds, videos. Large language models (LLMs) are a kind of GAI that work on text.​ LLMs are good at understanding language, summarising, and translating concepts, for example from language to code or vice-versa. ​

Clearly, linking these models makes for a much more powerful narrative. And, by using the compute power, scalability, and richness of the cloud, we can build entire systems of intelligence that can reason over vast amounts of information – structured and unstructured.​

Our name for this intelligence-based cognitive capability? Microsoft Copilots. These are experiences that use generative AI to help humans with complex cognitive tasks.

Introducing Microsoft Security Copilot

Built specifically to augment human security expertise, Microsoft Security Copilot is a combination of the most advanced GPT4 model from OpenAI, with a Microsoft expert-driven, security-specific LLM model.

Most LLMs are trained on corpuses of written human language. Security Copilot is trained on security logs, attack telemetry and threat intelligence, the outcome of which is the first AI/ML model trained specifically for security.

But the capability is much more than just the large language model. Built into the product are specific cyber skills and promptbooks informed by our global threat intelligence, which runs on Azure’s hyperscale infrastructure. This means that the models inherit Microsoft’s comprehensive approach to security, compliance, and privacy. When it comes to the data Copilot is reasoning across, your data remains your data.

Security Copilot democratises defender skills by allowing natural language for querying rather than having to learn complex querying languages like Kusto Query Language (KQL). This lowers the barrier to entry for new analysts, which helps address the cybersecurity skills shortage. We’ve launched an Early Access program for qualified candidates to explore the capabilities of Security Copilot. Reach out to your sales representative to get more details.

Use cases for Microsoft Security Copilot

Human ingenuity and expertise will always be an irreplaceable component of defence, so we need technology that can augment these unique capabilities to improve the analyst experience all-up. For this reason, initially we are focusing on security operations centre (SOC) use cases.

The three primary use cases are security posture management, incident response, and security reporting.​

• Security posture management: Security Copilot delivers information on anything that might expose an organisation to a known threat. It then gives prescriptive guidance on how to protect against those potential vulnerabilities.​ A query such as: ‘How can I improve my security posture?’ will return evidence-based recommendations.

• Incident response: Security Copilot can quickly surface an incident, enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Again, it will support the analyst through the response and remediation steps with guided recommendations.

• Security reporting: Security Copilot can deliver customisable reports that are ready to share and easy to consume to keep managers and other stakeholders in the loop. What this means tactically is you can ask Security Copilot in natural language: ‘Summarise this incident in a single PowerPoint slide’, and it will do just that.

Preparing for cognitive cyber defence: 3 steps

In the future, our vision with Security Copilot is to support use cases across security, identity, management, compliance and more, leveraging skillsets across Microsoft and third-party products. In the meantime, and whilst Security Copilot is not yet publicly available, there are things organisations can do to prepare for these cognitive cyber defence capabilities:

Step 1: Secure your identities, especially privileged identities, and SOC members. Attackers will frequently target these individuals to gain access to critical information and systems to elevate the impact of a successful compromise.

Step 2: The age of AI is also referred to as the age of platforms. Integrating your security signals into an observability platform brings huge security gains in terms of visibility and automation. 

Step 3: Initially, Security Copilot is integrated with Microsoft Defender for Endpoint, and for an even better experience, deploy Microsoft Sentinel and Intune. Going forward, Security Copilot will integrate with third-party products.  

Finally, prepare for the risks. As with any new technology, there are both risks and rewards. To help organisations navigate the risk/reward balance, we’ve released guidance, frameworks, and tooling. 

More information, including links to the risk assessment framework, the Counterfit tool and the Adversarial Threat Matrix (MITRE ATLAS) can be found in our Security blog post Best practices for AI security risk management. 

For information on our commitment to build trustworthy and responsible AI, please read Responsible and trusted AI and Building AI responsibly from research to practice.

Cognitive and AIML technologies are here to stay. While they have the power to bring immense potential for improving our defenders’ experience, securing our organisations, and protecting society, we must also be mindful of potential vulnerabilities on an equally large scale and defend against that risk.

Find out more

Introducing Microsoft Security Copilot

Microsoft Security Copilot Early Access Program

News Center: Microsoft brings the power of AI to cyberdefense

Microsoft Security Copilot: Empowering defenders at the speed of AI

About the author

Previously lead investigator for Microsoft’s detection and response team (DART), Lesley Kipling has spent more than 17 years responding to our customers’ largest and most impactful cybersecurity incidents. As Chief Cybersecurity Advisor, she now provides customers, partners and agencies around the globe with deep insights into how and why security incidents happen, how to harden defences and more importantly, how to automate response and contain attacks with the power of the cloud and machine learning. She holds a Master of Science in Forensic Computing from Cranfield University in the United Kingdom.

The post Cyber defence in the age of AI appeared first on Microsoft Industry Blogs - United Kingdom.

Yet for many business decision-makers, the biggest question continues to be: “How do I start the journey?”

To help answer this question, I want to outline some practical applications of AI that can help your team achieve more today. I’ll then end with some high-level implementation tips.

First, a few words about preparing for the road ahead.

Nurturing (and protecting) your new “learning culture”

As your organisation implements AI, you’ll embark on a change-management journey in which departmental and data silos tend to disappear. In fact, you’ll get the best out of AI by nurturing:

• Organisation-wide participation, so all staff can contribute new solutions to business problems
• Two-way communication, right across a diverse and inclusive team
• Experimentation, including opportunities to learn from mistakes

Your new AI-powered“learning culture” will increasingly be powered by data, with richer insights and new analytical tools. To support this major shift, we’ve developed an end-to-end analytics solution, Microsoft Fabric, unveiled at Microsoft Build 2023. Infused with the Azure OpenAI Service at every layer, Fabric integrates the most advanced D&A tools – from Data Factory to Power BI and Synapse – in one place. Enabling you to surface business insights faster than ever.

Responsible AI by design

It will also be important to consider the ethical, cultural and compliance aspects of deploying AI technology. You can rest assured that, in designing AI solutions, Microsoft puts people and principle first. Our team of researchers, engineers and policy experts is guided by our AI principles and  Responsible AI Standard, along with decades of research on AI, grounding and privacy-preserving machine learning.

Our design process ensures Microsoft AI systems are scrutinised for potential harms and mitigations. We also make it clear how a system makes decisions by noting its limitations, linking to sources and prompting users to review and adjust content based on their subject-matter expertise.

5 ways to start implementing AI at work

The following scenarios highlight how Microsoft AI can help you work smarter and faster, using natural language to cut through the drudgery of search and manual compilation. Our solutions put technology, AI, data, cybersecurity and advanced usability through natural language at your disposal.

1. Transform workloads with an AI copilot

Imagine next-generation AI embedded into the Microsoft 365 apps you use at work each day – Word, Excel, PowerPoint, Outlook, Teams and more. That’s Copilot in Microsoft 365.

Using Copilot in Word, you can now quickly create a first draft to edit and develop using a language prompt. Want more help? Copilot will shorten, rewrite or give feedback on it.

You’re always in control. You can (and should) review, fact-check and fine-tune content yourself.

Creating a presentation? With Copilot in PowerPoint, you can easily bring in slide content from any previous deck. And Copilot in Excel will help you rapidly analyse trends and create data visualisations.

Create reports in seconds

With our Business Chat AI tool, you can use a natural language prompt (such as “Tell the CEO how we’ve updated the campaign strategy”) to instantly create a status update, based on your relevant meetings, documents, emails and chat threads.

2. Detect cybersecurity threats faster 

For security operations and response teams, constant vigilance against threats can drain resources and exhaust individuals.

Microsoft Security Copilot reduces the burden. It uses AI to integrate insights and data from security tools, detecting vulnerabilities earlier and shutting down cyberattacks.

Microsoft Security Copilot provides intelligent guidance informed by 65 trillion daily signals.

It also puts your people first by improving usability. To understand functions, users can simply ask for step-by-step guidance.

As with all our AI solutions, Security Copilot strictly follows our AI principles and Responsible AI Standard. It also runs on Azure’s hyperscale infrastructure for a fully privacy-compliant experience.

3. Reinvent search with an AI copilot for the web  

Our new AI-powered Bing search engine and Edge browser tools are like a copilot for the web. They give you more complete search answers, a new chat experience, and the ability to generate content.

“We’ve launched Bing and Edge powered by AI copilot and chat, to help people get more from search and the web.”

Satya Nadella, Chairman and CEO, Microsoft

With the chat experience, you can easily fine-tune your search by asking for more details and clarity. You’ll get relevant links to follow up, too.

Merging search, browser and chat opens up exciting possibilities. Need the highlights of a long annual report? Just ask for it using the Edge Sidebar. Want to compare it to a competitor and see them side-by-side in a table? Just use the chat function.

Even as AI transforms search, the privacy policies of Bing and Edge AI ensure your user identity and behaviour are safe and protected.

4. Improve services and solve problems with AI

Rapidly improve your customer service and data insights by tapping into the power of generative AI models, including GPT-4, Codex, and DALL-E 2. All are available through the Azure OpenAI Service, backed by built-in Microsoft Azure security, compliance and data privacy and the Responsible AI Standard.

Solve your business problem in seconds

Looking to speed up clinical communications or automate an accounting process? Any team member can now do it using AI and low-code. We’ve added Copilot to Microsoft Power Platform, so you can create apps, flows and bots in seconds through natural language. And whatever you build, you can easily query the data for instant, actionable insights.

You can develop Power Automate workflows in 50% less time with Copilot.

5. Unite teams, communicate and collaborate in one place

We’ve also improved usability. Instead of having to keep an eye on your chat while presenting in Teams, you can use Copilot to auto-answer any questions – and save time to collaborate.

Copilot finds Teams notifications, messages and information rapidly and helps you manage work with personalised suggestions. Asking Copilot for a summary can help reduce that Monday morning weekly-status stress by putting you one step ahead.

Implementing AI at scale: 4 practical steps

Scaling your AI journey can be confusing with so many technical, business, cultural and ethical considerations. To move smoothly from experimenting to implementing, follow these steps.  

1. Think business transformation

Approach AI as a business change programme, with tech as a key component. AI will transform your culture, so this might help you think big. It will also stop you seeing AI as belonging solely to IT. 

2. Get your people onboard

Take the time to explain to stakeholders the reasons for change. Highlight the benefits they can expect. No-one should feel they’re having AI “done to them”.   

3. Identify a problem to solve

Scope a business problem, then plan how AI can help solve it. That way, your solution can create measurable value. Don’t use a new business problem – start with one you know and understand.

4. Build an organisation-wide strategy

Create a strategy that allows AI to scale organically. Businesses that focus on scale do better than those hoping multiple, smaller projects will automatically lead to scale.

Over to you

Integrating AI into your business shouldn’t be a daunting process. We’ve designed our AI solutions to fit in with the way you work, not the other way round. This includes applying robust ethical AI principles at every step, and it’s why Copilot automatically adopts your organisation’s security, compliance, and privacy policies and processes. It also protects your tenant, group and individual data.

As Microsoft AI creates a new workplace interaction between humans and computers, I hope this blog has inspired you to take the first step. I look forward with excitement to seeing how AI helps you unleash innovation, unlock productivity and expand skills across the team.

Find out more

Visit the Microsoft AI hub

Accelerate competitive advantage with AI

Build an AI strategy with our Digital Transformation Playbook

Microsoft Responsible AI principles

About the author

As National Technology Officer, I lead Microsoft’s technology vision and model its culture of learning, while developing strategies to protect and extend Microsoft Cloud into complex regulated markets. My goal is to inspire leaders of state and enterprise, as well as regulators and customers, on how best to leverage innovation to drive digital transformation.

The post AI starter pack: 5 ways to implement AI into your business appeared first on Microsoft Industry Blogs - United Kingdom.

DevOps is a modern application development and delivery approach that helps organisations to release quality software more quickly into production with less defects! Though DevOps itself is not a product, implementing its practices requires services and tools. Microsoft offers two widely used platforms for implementing DevOps practices – the Azure DevOps platform and the GitHub platform.  

Adopting a DevOps approach does not yield benefits in isolation, but rather in conjunction with other concepts such as Agile planning and Cloud computing. By utilising platforms such as GitHub for implementing DevOps practices and Azure for cloud services, organisations can achieve a continuous “Code to Cloud” process. This process emphasizes the use of modern CICD platforms to streamline software development for applications running on cloud-based infrastructure and services, including cloud-managed container orchestration platforms and serverless computing services, instead of relying on traditional on-premises servers and infrastructure. 

Supply chain attacks 

As organisations embrace this approach, security teams are faced with new challenges due to the increased velocity, automation, and decentralisation of the development process. Attackers are increasingly targeting organisations through their software development processes. This is where software supply chain security becomes crucial! The software supply chain encompasses everything necessary to create and deliver software, including IDEs, source control systems, build systems, deployment systems, CICD platforms, runtime environments, and various artifacts such as application code, open-source dependencies, infrastructure code, and deployment artifacts. 

Securing the software supply chain is not an easy task and requires a comprehensive and thorough approach. Figure 1 divides the GitHub to Azure code-to-cloud pipeline into five stages.  

NOTE: GitHub offers multiple product options, but this article will centre on GitHub Enterprise which offers some capabilities that are not available in the other options. Specifically, I will emphasize security areas that I consider crucial but may be overlooked. 

Securing the DEVELOPMENT stage 

The development stage is where the code is created, and the first step towards securing this stage is to ensure that developers are using a secure environment for development. A significant concern is the possibility of a compromised development environment resulting from the use of unpatched IDEs or the installation of vulnerable or malicious extensions. IDEs, like any other application, can contain vulnerabilities and require regular updates to ensure their security. A recent example is CVE-2022-41034, a critical vulnerability disclosed for Visual Studio Code that allows for remote code execution on any system with the IDE installed.  

Using a managed development environment like GitHub Codespaces provides the advantage of quickly applying necessary patches to ensure the environment’s security. In addition to this, each Codespaces environment runs on its own freshly built isolated virtual machine and network with a firewall used to block incoming connections from the internet and internal networks.  

Codespaces also  

Securing the SOURCE CONTROL stage 

The source control stage is where the code is stored, discussed, and managed, and it is essential to ensure that the source code repository is secure. This starts with access controls and permissions. Only authorised individuals should have access to our repositories.  

To access GitHub enterprise services and resources, users need to be authenticated. There are three methods for adding users to our GitHub Enterprise organisation for access (Figure 2).  

The first option is to invite users with their personal GitHub account which enables them to authenticate through GitHub.com and access our organisation resources. With this option, the user maintains control of their identity (since it is their personal account), and can continue to contribute to other enterprises, organisations, and repositories outside of our organisation. 

The second option is to use an external identity provider that supports SAML single sign-on. With this option, users authenticate with an identity in the external SAML provider that is linked to a personal GitHub identity. This means that while users are still utilising a GitHub identity to access our organisation’s resources, the actual authentication takes place through the external identity provider. The identity can be used for contributions to other enterprises, organisations, and repositories outside of our organisation. 

The third option is to use “Enterprise Managed Users“ – EMU which is similar to other single sign-on solutions. With EMU, users will access GitHub organisation resources using a single identity created and managed in the external identity provider. They do not need to have a personal GitHub identity. This gives the most control for enterprise users. 

The recommendation, if you are an enterprise, is to use either the second option or the third option. 

To perform any actions on GitHub, such as creating a pull request in a repository, a person must have sufficient access to the relevant resource. This access is controlled by permissions. A permission is the ability to perform a specific action. For example, the ability to delete an issue is a permission. A role is a set of permissions you can assign to individuals or teams. 

GitHub supports roles at different levels depending on what we are looking to achieve: 

• Organisation-level roles which are sets of permissions that can be assigned to individuals or teams to manage the organisation settings, repositories, teams. 
• Repository-level roles which gives organisation members, outside collaborators and teams of people varying levels of access to repositories. 
• Team-level roles that give permissions to manage a team.  

The recommendation here is to carefully guard and audit assignment of roles like Organisation owners. It is also prudent to be mindful of the base permission set, which affects all members of an organisation who access any of its repositories (except outside collaborators). 

Securing the BUILD stage 

The build stage is where the code is compiled into an executable or deployable artifact, and it is essential to ensure that the build process is secure. Implementing security in this phase involves adding automated security tools like Static application security testing (SAST) tools, software composition analysis (SCA) and unit testing. It is important to test the build output artifacts. 

A key area of concern here is the heavy dependence on open-source libraries, indicating that development teams have transitioned from creating software to assembling it.

Using someone else’s code, however, can come with potential risks. By incorporating their code into your application, you’re essentially giving them access to your code repository. It’s important to consider whether you trust the author and contributors of the code you’re using, as well as whether the code could contain flaws or vulnerabilities that may impact your customers or users. This is especially true for transitive dependencies, which make up a significant portion of JavaScript dependencies. Even if the code you’re using appears to be secure, the transitive dependencies it relies on could contain vulnerabilities that you’re not aware of. 

GitHub Advanced Security includes features for supply chain security that enable you to scan software dependencies for potential vulnerabilities. Additionally, the GitHub Marketplace provides numerous actions that allow you to seamlessly integrate third-party security platforms, such as Prisma Cloud, into your GitHub workflows. This can help ensure that your code is protected and secure from potential threats. 

Securing the DEPLOY stage 

The deploy stage is where software that has been tested and approved (artifact) is sent to the production environment. This may happen without the need for manual intervention (automatically), and it makes it faster and more efficient to roll-out product changes. Implementing security in this phase involves making sure that the artifacts we are releasing and the environment we are releasing them to are verified, secure and compliant. This includes making sure that the artifacts are stored in a secure and trusted location and having processes in place to validate the integrity of the artifacts against tampering. 

GitHub Packages provides a hosting service for storing and managing software packages. Packages are stored in a secure registry, and access is controlled by the user’s authentication and authorisation credentials. 

Many companies also use infrastructure as code (IaC) to set up their environments prior to deploying new or updated artifacts. However, it’s crucial to ensure that these IaC templates adhere to security guidelines and compliance requirements, particularly with regards to encryption, logging, and secure access. 

According to a study by the Unit42 team, several open-source deployment artifacts were analysed, and the results were concerning. Specifically, the study found that 64% of Terraform modules had at least one high or critical insecure configuration, 99% of Kubernetes Helm charts had misconfigurations, and 91% of container images had at least one critical or high severity vulnerability. These findings highlight the importance of thoroughly assessing and validating IaC templates to ensure that they are secure and compliant before deploying them. The extensibility of GitHub with marketplace extensions makes it easy to integrate open-source tools like Chekov for this use case. 

Securing the RUNTIME stage 

In the runtime stage, the focus is on running and maintaining deployed software in the production environment. Implementing security in this phase involves regularly applying security patches and updates to keep the software and runtime environment up to date; Monitoring for security vulnerabilities or breaches; Implementing security controls such as firewalls and intrusion detection systems; Implementing processes for regularly reviewing and analysing security logs to identify potential threats; Establishing processes for responding to and mitigating security incidents. Azure has an excellent security baseline documentation that I recommend looking into.

The post ​​​Securing the Code to Cloud Pipeline with GitHub and Azure​ appeared first on Microsoft Industry Blogs - United Kingdom.

Sophisticated cyberattacks are on the rise

According to the Microsoft Digital Defense Report 2022, over 100 million attacks against remote management devices were observed in May 2022, up 500 percent on the past year. Human-operated ransomware remains the most prevalent cybercrime, however. One-third of targets are successfully compromised by criminals using these attacks, and 5 percent of them are ransomed.

Old perimeter-guarding strategies are no match for these increasingly sophisticated threats. An organisation needs to embrace a modern, data-driven and people-centred approach to managing security risk. This can help to identify and tackle existing threats more effectively while learning to anticipate new ones.

What is a security culture?

An organisation’s security culture is built on shared values, attitudes and ways of acting. It’s therefore hard to change, and it takes time. Creating a culture of security needs colleagues to understand the potential costs of a security lapse. They must also understand how bad actors tend to operate, and why existing security strategies are no longer adequate.

In the current climate, digital communications and cloud data management provide multiple ways to access organisations that previously didn’t exist. Once inside your network, cybercriminals can move laterally, seeking out value.

Zero Trust relies on strong identity verification

Adopting strong identity verification is key to Microsoft’s Zero Trust approach. Real-time data provides information on the user, the device, and the location – which is crucial in a hybrid world of work. Connecting both cloud and legacy systems to a single identity solution provides end-to-end visibility of an organisation’s digital presence. This helps to protect against internal threats that old-fashioned firewalls would miss. Where there is doubt, a Zero Trust approach applies conditional access. Where there is risk, it is assumed a breach.

A security strategy that enhances overall performance

Adopting a Zero Trust approach brings immediate improvements to an existing security posture, and builds a path that continuously improves risk management. It simplifies security processes to enhance customer experience, and potentially lowers costs by eliminating the need for external security providers.

Adopting a best-in-class security strategy can also make an organisation more forward-focused and risk-responsive in general. Nurturing a security culture brings long term benefits to a company as a brand and to its overall effectiveness in the marketplace. Security is not just a cost; it drives trust and therefore adds value.

Security culture starts small and collaboratively

When implementing a new security protocol, take a step-by-step approach beginning with a small, controlled group and a security risk that qualifies as low-hanging fruit. Once new protocols have been validated, and teams have given feedback, it can be expanded to another part of the business, such as identities, infrastructure, devices, data, networks or apps.

As for implementing organisation-wide security culture change, this will benefit from full and visible support from your senior leadership team. Aim to implement your new strategy collaboratively, and through a phased programme of activities. Taking a creative approach to security skilling and education helps stimulate staff engagement. Microsoft for example produces a successful video series that follows the security-themed adventures of its protagonist, Nelson, which gets promoted internally.

Understand and work with colleagues who may express resistance to change. While moving to new day-to-day practices – for example, new ways of working with different classes of data – openness and empathy will be crucial in empowering all teams to own, understand and learn from their inevitable mistakes.

Data-driven monitoring spots emerging risks

In time, your security strategy can become more sophisticated. AI can be deployed to detect abnormal behaviour and protect your organisation’s most sensitive information from accidental exfiltration as well as bad actors. Microsoft Azure, Azure Sentinel and Microsoft 365 apps can document your compliance with regulations, monitor access, and apply data analytics to predict where the next security risk might emerge.  Data metrics can guide security strategy on the principle of maximising costs to the attacker and prioritising your most valuable data. Many of Microsoft’s UK customers and partners have benefited from this security-first approach.

LGL money managers find security on the cloud

LGL Group are a financial services company who were frustrated by the cost and complexity of enterprise-grade cybersecurity. Microsoft worked collaboratively with LGL to design a roadmap that modernised their security controls, enhanced their security posture and reduced their reliance on third-party application subscriptions, driving down costs. By migrating to the latest Microsoft 365 and Azure security stack, LGL also benefited from a more streamlined and simplified hybrid security system.

Meanwhile Microsoft continues to work with schools and colleges to close the cybersecurity skills gap, with targeted investments here in the UK. Salford City Council leveraged the skills and resources of the Microsoft Enterprise Skills Initiative to develop a cyber strategy and a security operations centre using Microsoft Sentinel. It now aims to share its best-in-class skills with other public sector organisations to proactively monitor, detect and respond across Greater Manchester.

Zero Trust is a journey

Zero Trust is a journey, not a destination. Visit the security hub at Microsoft Business Security Solutions and discover how Microsoft can help you implement an identity environment with cloud identity federation, strong authentication and conditional access at its core.

Find out more

Microsoft security blogs

Strong identity management provides Zero Trust security

Microsoft Sentinel strengthens Salford Council’s cybersecurity

The post What is a ‘security culture’? Best practices for implementing your security strategy appeared first on Microsoft Industry Blogs - United Kingdom.

The way forward for getting your P&L in line is to drive revenue. However, each business is unique, and its situation depends on the company’s leadership function, ownership structure, recent financial history, CapEx and OpEx exposure, and industry-specific concerns.

While digital transformation can often be mistaken as a ‘silver bullet’, it is, in fact, the cost of doing business in today’s environment. So how should finance leaders proceed? 

Balancing cost with ROI: the three biggest challenges for CFOs 

There can be a temptation to make immediate cost savings at every turn. Yet by investing in digital transformation programmes now, astute CFOs: 

• Can deliver a rapid return on investment with efficiency savings, thanks to automation and the cloud. 

• Will future-proof their company at a time of significant technological change. 

• Will make it easier to meet sustainability targets. 

While senior leaders recognise the need for digital investment, they want returns quickly. According to the Gartner Global CFO Poll 2022, 69 percent of CFOs are looking to increase spend around digital transformation initiatives – but their expectations for returns are one to two years. Agility, flexibility, and speed have become more pressing. 

To map out where savings can be made and how best to plan ahead, we advise considering the three most pressing, intersecting challenges faced by CFOs today – and crucially, where technology can win much-needed reprieve, helping organisations ultimately achieve more with less.  

These three challenges are:  

1. Cost optimisation

2. Supply chain

3. Energy

Let’s look at each factor in turn. 

1. Cost optimisation 

Following the global economic crisis of 2007-08, the world’s economy was fuelled by cheap money. With inflation making a return, this has become more difficult to find. Supply-side costs, including scarce affordable energy, have driven up inflation as never before. According to the UK’s Office for National Statistics, the annual rate of input inflation has lurched beyond 20 percent, while input cost inflation for manufacturers leapt 24 percent compared to the same time last year (end of 2022 data).  

How to balance growth aspirations with priorities around spend

This pain may not have hit every business yet. But when companies are forced to respond to it, many will go into survival mode, and some will fail. 

CFOs are having to evaluate their areas of investment to remain competitive when consumer expectations are high, but confidence is low. They also have to prioritise incremental investments designed to deliver efficiency gains. 

Organisations, in turn, are under pressure to ensure every part of their business is working as well as it can – and the digital imperative is key to resolving this. Businesses need more innovation, agility and resilience, with less complexity and at a lower cost, quickly. Put simply, they need to do more with less. 

Making the most of existing infrastructure and technology roadmaps 

We believe organisations should look to their existing infrastructure and technology roadmaps to drive further efficiencies with the assets they already own. They can reduce operational costs by digitising based on unified platforms. 

Rolls-Royce succeeded on both counts by leveraging benefits available in its existing Microsoft stack. The company trained staff to use our low-code Power Platform – including Power Automate, Power BI and Power Apps – which has since become its most popular upskilling solution. In a few months, Rolls-Royce saw a financial benefit of about 8M across the organisation, a figure that can grow organically as more staff and teams use the platform. 

Retaining talent by digitising 

At first, the COVID-19 crisis stalled attrition rates; later, it saw employees reassess their career priorities. Many left their roles in what was sensationally termed the ‘great resignation’. As a result, the war for talent heated up.  

Retaining talent is now more pressing than ever. With employee turnover forecast to be 50 to 75 percent higher than businesses have ever experienced, they need to ensure staff are both happy and productive, with enough investment in skills to keep top talent within the organisation.  

Digital investment is the only way to meet higher staff expectations. Employees want modern technology that works effortlessly, and are increasingly expecting hybrid or remote roles as a given, with all the associated technology support. 

What the pandemic demonstrated to CFOs is that every business must strive to be a technology business, or fail. Those unable to swiftly pivot to digital were punished harshly.  

2. Supply chain

The wider supply chain is the core of most businesses and must absolutely be on every CFO’s radar – but using history to make decisions for the future no longer works. Customer demand is constantly changing, whether it’s influenced by the economic climate or making environmentally conscious purchase decisions.  

To shore up customer confidence, organisations can take advantage of intelligent automation to reduce costs, maximise operating margins and recalibrate their supply chains from ‘just-in-time’ to ‘just-in-case’. 

Take the UK company Spy Alarms, for example. By switching to Microsoft Dynamics, the service team have reduced the time it takes to book a service interview from six minutes to a few seconds. Their sales operations have also benefited from a much simpler and faster quotation process for its 45,000 customers. With the seamless integration of Power BI and Microsoft Teams, all levels of the team have access to data insights – empowering data-driven decision making with incredible precision and foresight.  

3. Energy 

Energy is a hot topic and is central to the boardroom conversations CFOs are becoming involved in. Data centres and offices are an enormous cost factor; a more cost- and energy-efficient answer is to retire data centres and invest in the cloud.  

Investing in the cloud to reduce energy consumption 

At Microsoft, our customers want to use energy management tools to reduce complexities around staffing and save costs in the near to long term. Cloud-native organisations can deliver more core value, with fully managed, end-to-end Azure cloud solutions to boost developer productivity, optimise and allocate resources, and speed up the pace of innovation. 

The East London NHS Trust has been a shining example of this. By taking advantage of Microsoft’s Intelligent Data Platform such as Azure Synapse Analytics and BI, staff can sense-check, monitor metrics and look at trends to see what’s happening on the ward. These insights are accessible from any device and even off the network, building a truly efficient integrated data system. 

Three takeaways: simplify, unify, innovate 

Every business can use technology to become more efficient and effective, whether it’s driving more value from existing platforms and assets, consolidating to reduce cost and complexity, or introducing deployments with rapid payback. 

By leveraging data and AI, businesses are armed with the data and insight on how to increase agility and growth with the assets they already have. 

At Microsoft, we’re working with our customers to define how they will survive, and even thrive, in a continually changing environment. If you’d like to understand more, visit The Microsoft Cloud – Trusted Cloud Platform. 

Find out more

Read Microsoft Azure case studies and customer stories

Announcing Microsoft Azure Data Manager for Energy: Enable your data to do more in the cloud

Imagining more: How organizations are reinventing operations and finding opportunity in the face of volatility

Understanding Microsoft’s digital transformation

About the author

As CFO of Microsoft UK, Mark leads the Finance Organisation supporting Clare Barclay and the UK Senior Leadership team by delivering against the strategic priorities of the company, through influencing key decisions around people, business processes and performance.

Prior to this role, Mark held the position of International CFO at Adobe and Rackspace, where he was a key part of leadership teams driving growth across all markets outside the US. With a career spread across banking, the oil industry and technology, a breadth of finance experience contributes to his dynamic, objective approach as we pursue great customer outcomes with our product portfolio.

Mark returned to the UK recently after spending time in Zurich and Amsterdam in previous roles, is a trained accountant with the ACCA, studied Economics at the University of Leeds and is married with 3 children.

The post How to future-proof your business: a CFO’s-eye view   appeared first on Microsoft Industry Blogs - United Kingdom.