With more than 270 million monthly active users, Microsoft Teams offers developers an unmatched opportunity to build collaborative apps. Since the beginning of 2020, monthly active users of custom-built or third-party apps in Teams have grown more than tenfold. There are more than 1,400 Teams apps, with more and more independent software vendors (ISVs) generating millions in annual revenue from customers using their apps built on Teams and Microsoft 365 services. Looking ahead, we expect emerging technologies that bring the digital and physical worlds together, like Microsoft Mesh for Teams, to open new engaging possibilities for collaborative experiences on Teams. 

This year at Build 2022, we are sharing several enhancements and new capabilities for developers building collaborative apps for Teams and Microsoft 365. Watch my keynote with Charles Lamanna, Innovate with collaborative apps and low code, to view the highlights. Read on to get a full recap of our Build announcements, which are organized here in three sections: new ways to help you delight your users with rich collaborative experiences, scale your productivity and grow user engagement, and monetize your apps. We can’t wait to see what you will build with these innovations!

Delight users with rich collaborative experiences

Introducing Live Share: Interactive app experiences in Teams meetings

We are introducing Live Share, a capability for your apps to go beyond passive screen sharing and enable participants to co-watch, co-edit, co-create, and more in Teams meetings. Developers can use new preview extensions to the Teams SDK to easily extend existing Teams apps and create Live Share experiences in meetings. Live Share is backed by the power of Fluid Framework, which supports sophisticated synchronization of state, media, and control actions with only front-end development. This synchronization will run on Teams hosted and managed Microsoft Azure Fluid Relay service instance—at no cost to you. Our early partners building Live Share experiences include Frame.io, Hexagon, Skillsoft, MakeCode, Accenture, Parabol, and Breakthru. Watch our Live Share on-demand session and try out the new Teams SDK extensions.

Figure 1. Hexagon Live Share prototype enables engineers to annotate and edit 3D models and simulations, while they brainstorm together in Teams meetings.

Fluid Framework and Azure Fluid Relay general availability

Fluid Framework is a collection of open-source, client-side JavaScript libraries that underpin the Live Share real-time collaboration capabilities. Azure Fluid Relay is a fully managed cloud service that supports Fluid Framework Clients. Developers are using Fluid Framework and Azure Fluid Relay to enable real-time interactivity on their apps beyond Microsoft Teams meetings. Fluid Framework, the Azure Fluid Relay service, and the corresponding Azure Fluid client-side SDK will be ready for production scenarios and available in mid-2022. Subscribe to Microsoft Developer Blogs for updates. Watch the on-demand session to learn more about building collaborative web apps with Fluid Framework and Azure Fluid Relay.

Create Loop components by updating Adaptive Cards

Microsoft Loop components are live, actionable units of productivity that stay in sync and move freely across Microsoft 365 apps starting with Teams chat and Microsoft Outlook. Today, we are announcing the ability for developers to create Loop components. Now you can easily evolve an existing Adaptive Card into a Loop component or create a new Adaptive Card-based Loop component. Additionally, Adaptive Card-based Loop components can be surfaced with Editor using Context IQ, our set of intelligent capabilities working in the background of Microsoft apps and services, to stay directly in the flow of composing an email. Zoho Projects is using these Adaptive Card-based Loop components to help its customers improve incident response times, reduce outage durations, and improve overall performance against service-level agreements (SLAs), by enabling users to complete these tasks across Teams and Outlook. Zoho Projects and ServiceDesk Plus Cloud are among the first products integrated with Microsoft 365 apps to implement Microsoft Loop. Developer private preview for this capability starts in June 2022. Subscribe to Microsoft Developer Blogs or follow us on Twitter @Microsoft365Dev for updates.

Figure 2. Zoho Projects is extending adaptive cards to be live, actionable Loop components that work across Teams and Outlook.

Introducing Microsoft Azure Communication Services sample app builder

Microsoft Azure Communication Services interoperability with Teams enables you to create experiences that support seamless communications between customers on any custom app or website and employees working in Teams. For example, Teladoc Health built the first-of-its-kind custom fully integrated clinical and administrative virtual healthcare solution that allows care team collaboration and access to relevant clinical data directly within Teams, and the ability to seamlessly deliver virtual care to patients who join from a custom app.

Figure 3. Teladoc Health is enabling care providers to work and connect from Teams while patients join from a custom app built using Azure Communication Services.

Today, we are introducing the Azure Communication Services sample app builder, enabling developers to easily build and deploy a sample application for virtual appointments in just a few minutes, with no coding needed. Through the sample app, customers can book appointments powered by Microsoft Bookings and join a Teams meeting through a custom web app with a company-branded experience, while staff use Teams to join scheduled appointments. The sample app is fully open source and developers can tap into the code for more customization. Visit Github to learn more.

Microsoft Graph API enhancements to embed chats and channel messages into your apps

Microsoft Graph chat APIs enable developers to embed Teams chats into their applications, enabling their users to collaborate seamlessly without having to switch back and forth across apps. We are introducing several new APIs in preview with capabilities such as enabling chats with federated users (like users outside your tenant), identifying which messages are read and unread by the current user, and subscribing to user chats and membership changes. These new APIs will be generally available in mid-2022. Visit our chat message resource type docs page and view the on-demand session to learn more.

SharePoint Framework and Microsoft Viva Connections

SharePoint is the most flexible content collaboration platform powering experiences across Microsoft 365. SharePoint Framework now lets you create parts and pages in SharePoint sites, Teams apps, and more. It is at the center of our extensibility capabilities for the new Microsoft Viva Connections employee experience platform. Check out the how-to session on building tailored employee experiences for Viva Connections that directly integrate with Teams apps.

Figure 4. A sample Microsoft Viva Connections app running in both Teams and on a mobile device.

Approvals extensibility

Approvals in Microsoft Teams help everyone—from frontline workers to office workers—to easily create, manage, and share approvals directly in the flow of work. We are introducing create, read, update, and delete (CRUD) APIs for Approvals. Developers can use the Approvals APIs to enable approvals within line of business apps and use webhooks to track changes and drive workflows with Approvals in Teams. The Approvals APIs will be available for preview in mid-2022. Subscribe to Microsoft Developer Blogs for updates. View the on-demand session to learn more.

Scale developer productivity

Build once and deploy anywhere across Teams and Microsoft 365

Today, we are announcing the general availability of the new Teams SDK that enables you to build apps for Teams, Outlook, and Office using a single application and deployment model and build collaborative apps that make use of the capabilities relevant to each product. Developers can now upgrade to the latest Teams JS SDK v2 and App manifest v1.13 to build production Teams apps, and run full-scale pilots with users on the preview channels of Outlook and Office. This will enable developers to get feedback and prepare for the distribution of their apps on Outlook and Office later this calendar year.

These updates are backward compatible so all your existing Teams apps will continue to work as-is in Teams with production-level support. Our Teams developer experience including our Microsoft Teams Developer Documentation, tooling, support, and code repository has been updated to support extended apps. You will be able to distribute both single-tenant and multi-tenant apps using existing Teams experiences. To learn more, check out our on-demand session about extending Teams apps across Microsoft 365.

Figure 5. MURAL is extending its Teams app’s personal tabs and search-based message extensions to other Microsoft host apps.

MURAL is among the early partners bringing the connected experience across Teams, Outlook, and Office to life with their apps, like the example above showing a search-based message extension inserting a MURAL directly into the Outlook message as an interactive Adaptive Card. In addition to MURAL, several other partners, including Adobe, eCare Vault, go1, monday.com, Polly, ServiceNow, SurveyMonkey, and Zoho have helped us get these new tools ready and we are excited to make them generally available to everyone at Microsoft Build.

Teams Toolkit for Visual Studio Code and CLI now generally available

Teams Toolkit for Visual Studio, Visual Studio Code, and command-line interface (CLI) are tools for building Teams and Microsoft 365 apps, fast. Whether you’re new to Teams platform or a seasoned developer, Teams Toolkit is the best way to create, build, debug, test, and deploy apps. Today we are excited to announce the Teams Toolkit for Visual Studio Code and CLI is now generally available (GA). Developers can start with scenario-based code scaffolds for notification and command-and-response bots, automate upgrades to the latest Teams SDK version, and debug apps directly to Outlook and Office. Get started building apps with Teams Toolkit today.

Figure 6. Building a notification app for Microsoft Teams using the Teams Toolkit for Visual Studio Code.

Collaboration Controls in Power Apps

We are announcing Collaboration Controls in Power Apps to let developers drag and drop Microsoft 365 collaboration features like Teams chats, meetings, files, Tasks by Planner, and more right inside custom apps built with Power Apps. Collaboration Controls will be available in preview in mid-2022. View the on-demand session to learn more. Subscribe to the Power Apps blog for updates.

Grow user engagement and monetize your apps

App Compliance Automation Tool for Microsoft 365

Microsoft 365 App Compliance Program is designed to evaluate and showcase the trustworthiness of application-based industry standards, such as SOC 2, PCI DSS, and ISO 27001 for security, privacy, and data handling practices. We are announcing the preview of the App Compliance Automation Tool for Microsoft 365 for applications built on Azure to help them accelerate the compliance journey of their apps. With this tool, developers can automate a significant number of tasks to achieve the certification faster and easier. This tool also produces reports that can be easily shared by developers to help IT gain visibility of app security and compliance. Learn more from our App Compliance Automation Tool for Microsoft 365 docs page.

Improved app management and discoverability

The Teams Store helps users find the right apps through updated app categories, curated app collections, featured top apps, and intelligent recommendations based on what colleagues and peers are using. This Microsoft Build, we are making available a central experience within the Teams Store to help users track the apps they are using across various Teams and group chats, and see what permissions are required by these apps. We are also making the discovery of apps through tabs, message extensions, and connectors more contextual to help users find the right apps and grow usage of the ISV apps in Teams. For example, in the context of composing messages, the message extension suggestions will be organized by tasks and actions users can take with it. Lastly, users on mobile devices can now add your apps right from the mobile device, such as from a link or QR code.

In-app purchasing for Teams apps

A top request from partners and developers is to provide the ability to include a paywall experience directly from within your Teams app. This gives you the ability to turn a free app into a freemium version, where you can choose when to prompt your users when to subscribe to your app. The new in-app purchase functionality is available today and can be invoked with a few lines of code. Learn more from our in-app purchases docs page.

Figure 7. Developers can enable freemium upgrades directly within Teams with a few lines of code.

Teams app license management

Another area we are making advancements in is enabling users to manage and assign purchased licenses. It’s previously been up to developers to build the license management component into their solution, whether on their landing page or directly within the app. To help streamline the license management experience, we will soon be offering the ability for you to offload the license management capabilities to Microsoft where users can manage and assign licenses—directly in Teams. License management in Teams will be available in preview in mid-2022.

New collaborative apps coming to Teams

We are excited to see ISVs bringing innovative collaborative apps to Teams across a broad range of scenarios. Here are just a few examples of the new apps available now or coming soon:

• MURAL app for Teams gives teams everywhere the ability to bring a shared collaboration space directly into Microsoft Teams. Users can improve teamwork with asynchronous visual collaboration, and transform disengaged conversations into productive, engaging meetings and workshops using hundreds of templates and proven, guided methods that empower teams to deliver breakthrough results. MURAL is a Microsoft preview partner, and the MURAL app now works across Teams, Outlook, and Office for a single, connected experience.
• Observable app for Teams allows companies to bring their data, context, and logic together in one place to uncover insights collaboratively and accelerate data-driven decision-making across the organization. New updates coming to the Observable app in June 2022 will offer Microsoft Teams notifications when collaborating through comments in Observable.
• SAP S/4HANA operational purchaser chatbot provides collaborative capabilities of Microsoft Teams to SAP S/4HANA users within a conversational user experience. It uses Microsoft Azure Active Directory (Azure AD) authentication and leverages Microsoft Graph APIs to allow users to call other parties or schedule Teams meetings with business partners directly from the bot in the context of the authenticated business user. This provides tight integration of the Teams collaboration experience in a standalone app in SAP, bringing connectivity and collaboration where users need them.
• ServiceDesk Plus Cloud app from ManageEngine, Zoho’s enterprise IT management division, leverages Microsoft Teams to streamline business and IT service delivery, manage and accelerate IT incident resolutions, and improve service experience across the enterprise. Coming soon, the ServiceDesk Plus Cloud app will enhance its existing static Adaptive Cards with Loop components, which will allow everyone working on the ticket to get the latest updates and trigger service desk tasks without switching tabs.
• Figma, the collaborative design platform, is introducing a new app that will enable teams to share, present, and collaborate in real-time on Figma and FigJam files within a Teams meeting. The app also leverages the new Adaptive Card functionality so when a user shares a link to a Figma or FigJam file in a Teams chat, the card unfurls, allowing users to open the file from within Teams. Users can also view and respond to file notifications directly from Teams. The Figma app will be available later in 2022 in the Teams app store.

Learn more

Here’s a recap of the key resources to learn more about developing collaborative apps on Microsoft Teams and Microsoft 365:

• Catch up on all the collaborative apps keynotes, breakouts, and into-focus sessions at Microsoft Build.
• Deep dive into the announcements with the Build on-demand sessions.
• Visit the Microsoft Teams Developer Center to start building collaborative apps with Teams.
• Visit the Microsoft Graph Developer Center to connect your apps with the data and AI in Microsoft 365.
• Read our Live Share blog to learn more about the technology and what you can do with it.
• Read more about how Power Platform is redefining low-code with new products and features from Charles Lamanna.
• Join our Microsoft 365 ISV program to get one-on-one support and other benefits.

The post Build collaborative apps with Microsoft Teams appeared first on Microsoft 365 Blog.

With 145 million daily active users (and growing) Microsoft Teams is where people start their day and stay in the flow of work. Over the past 18 months, people have come to rely on Teams to meet, chat, call, collaborate, and—increasingly—automate business processes. In a very real way, Teams has become the new front end for a new world of work. But empowering people for flexible work isn’t easy. Every organization will need to build a new operating model across people, places, and processes.

This year at Inspire, we shared three ways that we are innovating to create new categories for a new world of hybrid work with the Microsoft Cloud:

• A new Dynamics 365 + Microsoft Teams experience demonstrates the power of collaborative apps and enables organizations to activate this capability at no additional licensing cost.
• Windows 365, which takes the PC to the cloud, gives people the ability to connect to their content, applications, data, and settings without limiting them to any single device.
• New partner integrations with Microsoft Viva enhance the employee experience.

We’re also announcing additional innovations across Microsoft 365—including new security capabilities, new app monetization capabilities in the marketplace, and Microsoft 365 Lighthouse. In a changing world of work, these announcements bring opportunities for our partners and customers. Let’s take a look.

Collaborative apps: Activate the flow of work with Dynamics 365 in Teams

Hybrid work requires a new class of apps that surface in rich ways across all the places people work – within chat, channels, and meetings. These apps are a fusion of people and business process, and we call them simply “collaborative apps.” They also present an incredible opportunity for our partners to connect with the 145 million daily active users in Teams and expand their total addressable market.

Together, Dynamics 365 and Teams offer powerful new ways for everyone across an organization to seamlessly exchange and capture ideas right in the flow of work. Today we announced a new collaborative app that brings together the best of Dynamics 365 and Teams. We’re also eliminating the licensing tax that has historically held organizations back from this kind of integration, making these experiences available within Teams to any user, at no additional cost.

No other technology vendor offers this kind of integration and accessibility across the organization without the need to pay for multiple underlying software licenses.

View and edit Dynamics 365 records right within your Teams workflow

Dynamics 365 users can now invite anyone in the organization to view and collaborate on customer records right within the flow of a Teams chat or channel, ensuring the right individuals can take the next best action—faster and more efficiently without needing to switch context across multiple apps and data sources. For sellers, this includes sharing information like details on the sales opportunity, customer history, health of the customer relationship, key contacts, and more. For customer service representatives, this could include sharing the customer case record, sourcing troubleshooting steps, and tracking follow-up tasks.

Add a Teams meeting to appointments and capture notes

Dynamics 365 users can now add a Teams meeting when creating an appointment, enabling access to key customer information during a Teams call. Users can also capture notes directly with the Teams call, which is automatically saved in the timeline of the Dynamics 365 record. Only users with appropriate permissions can access the data, helping to ensure the most appropriate employees are viewing, interacting with, and sharing customer records. 

Stay up to date on records with automated notifications and connected workflows

With more employees collaborating on records, it’s critical for stakeholders to know when colleagues make key changes as they happen. Automatic notifications keep stakeholders alerted to updates. Users can select specific chats and channels through which notifications are sent, as well as the frequency of notifications. In addition, specific adaptive cards can be sent based on the notification type, enabling more connected workflows.  

Break down barriers with collaborative apps from our partners

Our new integrated experiences between Teams and Dynamics 365 represent just one example of a collaborative app. Today, we also announced a host of new and enhanced collaborative apps from market-leading independent software vendor (ISV) partners including Atlassian Confluence, SAP Sales Cloud, Salesforce, ServiceNow, and Workday. All these integrations bring structured business processes and data together into the context of collaborative work.

Manage your Teams app purchasing across the enterprise more easily

ISVs will also soon be able to sell their apps directly within Teams, offering new economic opportunities and providing a simplified experience for Teams IT admins to purchase apps and subscriptions directly from the Teams admin center on behalf of their organization.

Windows 365 Cloud PC: Hybrid Windows for a hybrid world

The past year has shown us the PC’s central role in keeping people connected, productive, and secure while they work, create, and learn. Last month, we introduced Windows 11, which reimages everything from the operating system to the store to provide real choice to users.

Today, we introduced Windows 365—a cloud service that offers a new way to experience Windows 10 or Windows 11 (when it becomes available later this year). From interns and contractors to software developers and industrial designers, Windows 365 gives users agency to connect to their apps, data, and settings from any device and any endpoint. It creates a new category called Cloud PC, which uses both the power of the cloud and the capabilities of the device to provide a full, personalized Windows experience, anywhere.

Log on to your Cloud PC from any device

With an instant-on boot experience, users can stream all their personalized applications, tools, data, and settings from the cloud across any device. The Windows experience—whether you’re using Windows 10 or the upcoming Windows 11 available later this year—is consistent, no matter the device. You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices.

Provision Cloud PCs in minutes with no virtualization experience

A Cloud PC can be provisioned from the Microsoft Endpoint Manager dashboard. With provisioning policies, a group of Cloud PCs can be provisioned within minutes—including defining which version of Windows, assigning specific users or groups, and more.

Windows 365 is not just for enterprises; it has been designed to be approachable for businesses of all sizes. In fact, for small to medium-sized businesses, there are simple to use tools for helping citizen admins choose and configure their own cloud environments, ensuring everyone gets the opportunity to pick the right PC and bring the power of the cloud to their users.

Stay protected wherever you access your Cloud PC

Windows 365 is built on the principles of Zero Trust and is secure by design, helping solve today’s critical security challenges. Information is stored and secured in the cloud, not on the device. Windows 365 utilizes multifactor authentication (MFA) to explicitly verify any login or access attempt to a Cloud PC through integration with Microsoft Azure Active Directory (Azure AD). And within Microsoft Endpoint Manager, you can pair MFA with dedicated Windows 365 conditional access policies to assess login risk instantly for each session.

With Windows 365, you can bring collaborative apps, Microsoft Teams, Dynamics 365, and Power Platform—plus your security and identity credentials—with you anywhere, anytime. Access your Cloud PC no matter where you are—at home, the office, worksite, or on the go. Windows 365 will be generally available on August 2, 2021, and you can learn more in the Microsoft 365 blog from Wangui McKelvey.

Microsoft Viva: Employee experience in the flow of work

Microsoft Viva puts people at the center, connecting them to company information, communications, workplace insights, knowledge, and learning to help them achieve their very best. Powered by Microsoft 365, Viva is an employee experience platform designed to work with your existing solutions and can be easily customized and extended to be part of any company’s portfolio to help drive its culture transformation. Today, we shared new partnerships, development tools, research on employee experiences, and more. Read more about the news across the Microsoft Viva modules—Viva Learning, Viva Connections, and Viva Topics.  

Enrich your employee experience with new Viva partner integrations

Earlier this year, we announced a number of Viva partner integrations, ranging from content providers to learning management systems to wellbeing tools that make it easy for customers to connect employees with the solutions they use every day. Today, we announced 21 new partner integrations including Workday, Qualtrics, and ServiceNow. These partner integrations, in addition to the ones we announced earlier this year, will be available later this year.

Bring your solutions into Viva

We also introduced new tools to help our partners and developers integrate with, build on, and extend their solutions into Viva. Available later this year, Viva Connections APIs enable partners to integrate with the Viva Connections dashboard enhancing the discoverability and engagement of their tools directly within the Viva experience. Viva Learning APIs, available later this year as a preview, can be used to integrate content from learning providers, as well as due dates and assigned content from learning management systems where they can be accessed in Teams, Office.com, SharePoint, and Microsoft Search in Bing.

We are excited by the momentum we are seeing from our customers in their adoption of Viva. Customers like Old Mutual in collaboration with PwC are using Viva to empower managers to better understand employee behavior so they can foster a more inclusive and connected experience.

To help our partners build and market apps for Teams and Viva, we are also introducing a new set of benefits to build Microsoft 365 apps. These benefits include access to Microsoft technology, one-to-one consults with Microsoft experts to help our partners design, and build collaborative applications and employee experience solutions—marketing resources to scale to new customers, and support to achieve co-sell status to increase visibility with our 15,000 plus Microsoft field sellers.

As hybrid work becomes our new normal, ensuring your people feel engaged, achieve balance, and are empowered to be their best from anywhere is critical to success. In a recent study, we found that companies with best-in-class Employee Experience programs were 2.2 times more likely than peers to exceed financial targets and 5.1 times more likely to engage and retain employees. Read an executive summary of the report we commissioned with the Josh Bersin Academy for more information.

Secure your digital transformation

We are also empowering our partners to build trust with customers through new security offerings that prioritize inclusion, accessibility, and sustainability. Highlights are below—read our colleague Vasu Jakkal’s blog for full details.

Manage customers’ security posture at scale

We announced today that Microsoft 365 Lighthouse is entering preview. It provides managed service providers with one central location and standard security configuration templates to secure devices, data, and users for small and medium business customers that are using Microsoft 365 Business Premium. Specifically, Microsoft 365 Lighthouse empowers partners to quickly identify and act on threats, anomalous sign-in, and device compliance alerts. Reducing management complexity as our partners scale, and driving standardization across customers will allow partners to proactively manage risks and improve the security posture for the customers. You can learn more about Microsoft 365 Lighthouse in today’s Tech Community blog post.

Protect end customers against fraud

For partners who already help Azure AD business-to-consumer (B2C) customers manage identity and access for their customer apps, we are extending the scope of protection to include fraudulent activities by integrating Dynamics 365 Fraud Protection with Azure AD B2C.

Get visibility across more applications

We have built the app governance add-on feature to Microsoft Cloud App Security, entering preview today. Partners, who already manage Microsoft Cloud App Security for customers, can use app governance to monitor, protect, and govern Microsoft 365 apps and quickly identify, alert, and prevent risky behaviors.

Identify risky activities for users with critical positions

We extended the priority user group capability in Insider Risk Management to include fine-grained role-based access control (RBAC), now also in preview. It adds permissions to priority user groups to further limit alerts and cases to specific individuals instead of the whole group.

Customize regulatory assessments to fit unique requirements

New universal regulatory templates for non-Microsoft cloud in Compliance Manager enable partners to utilize the more than 300 templates available to manage customers’ compliance posture across different clouds and apps.

The future of work

As we emerge from this time of incredible challenges, we are optimistic that together we can empower people across the world for the flexible work of the future. We see an era ahead where people can have breakfast with the kids and quickly catch up on any missed meetings. Where organizations of all sizes—from a locally owned bike shop to a massive multinational corporate—can harness the full power of the cloud, from anywhere. And where every employee feels included and engaged, whether they’re working onsite, remotely, or some combination of the two.

The post From collaborative apps in Microsoft Teams to Windows 365—here’s what’s new in Microsoft 365 at Inspire appeared first on Microsoft 365 Blog.

As some regions begin to make their way out of the challenges and disruption of the past 18 months, we’re seeing a new world of work emerge. Organizations everywhere have transformed themselves through virtual processes and remote collaboration. And as people embrace hybrid work—with people returning to the office, continuing to work from home, or some mix of the two—things will be different all over again.

The ability to work whenever, however, and wherever it’s needed has become the new normal. All employees want technology that’s familiar, easy to use, and available across devices. And in the most complex cybersecurity environment we’ve ever seen, businesses need a solution that helps their employees collaborate, share, and create while also keeping their data safe and secure. 

We have an opportunity to design the tools that will empower this new world of hybrid work with a new perspective—and the power and security of the cloud.  

Today we’re excited to announce Windows 365, a cloud service that introduces a new way to experience Windows 10 or Windows 11 (when it’s generally available later this calendar year) for workers from interns and contractors to software developers and industrial designers. Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience—including all your apps, data, and settings—to your personal or corporate devices. This approach creates a fully new personal computing category, specifically for the hybrid world: the Cloud PC.

Today I’d like to share with you why we think bringing the cloud revolution to personal computing will be such a milestone for how customers work in the future and the opportunities this will create for our partners.

A powerful, personalized, full Windows experience in the cloud on any device

Our recent Work Trend Index found that 73 percent of workers want flexible remote work options to stay, but at the same time, 67 percent say they also want more in-person collaboration, post-pandemic. This creates the hybrid work paradox, leaving organizations around the world to grapple with how to connect in a hybrid world and provide workers access to organizational resources at home, in the office, and at all points between.

Much like how we’ve embraced the cloud for other products, our vision for a Windows 365 Cloud PC is to deliver a new way to experience Windows through the power of the cloud—while solving both novel and traditional challenges for organizations. This new paradigm isn’t just about allowing and securing remote access. The user experience is more important than ever for attracting and retaining talent, improving productivity, and ensuring security.

The Cloud PC draws on the power of the cloud and the capabilities of the device to provide a powerful, simple, and secure full Windows 10 or Windows 11 experience that you can use to empower your workforce, regardless of location or device. Windows 365 provides an instant-on boot experience that enables users to stream all their personalized applications, tools, data, and settings from the cloud across any device including your Mac, iPad, Linux device, and Android. The Windows experience is consistent, no matter the device. You can pick up right where you left off, because the state of your Cloud PC remains the same, even when you switch devices. You can get the same work done on a laptop in a hotel room, a tablet from their car between appointments, or your desktop while you’re in the office. Seasonal workers also can ramp on and off according to the needs of the business, allowing the organization to scale for busy periods without the complicated logistical and security challenges of issuing new hardware. Further, companies can be more targeted in how they outfit specialized workers in creative, analytics, engineering, or scientific roles who need greater compute power and access to critical applications.  

Windows 365 supports your business apps—Microsoft 365, Microsoft Dynamics 365, Microsoft Power Platform—line of business apps, and more. With Windows 365, we also stand by our promise of app compatibility with App Assure, a service that helps customers with 150 or more users fix any app issues they might run into at no additional cost.

Greater simplicity with familiar tools

One of the most important design principles of Windows 365 is simplicity. You can choose the size of the Cloud PC that best meets your needs with per user per month pricing. Organizations have two edition options that include a complete cloud-based offering with multiple Cloud PC configurations based on performance needs: Windows 365 Business and Windows 365 Enterprise.

For IT, we built Windows 365 to be consistent with how you manage your physical devices now. Your Cloud PCs show up right alongside your physical devices in Microsoft Endpoint Manager, and you can apply management and security policies to them just as you do to all your other devices.

Windows 365 is built on Azure Virtual Desktop, but it simplifies the virtualization experience—handling all the details for you. You can scale processing power and monitor the performance of the Cloud PC to make sure your users are getting the best experience. We’ve also built analytics into the service to look at connection health across networks to make sure your Cloud PC users can reach everything they need on your network to be productive. From the Endpoint Analytics dashboard, you can easily identify the Cloud PC environments that are not delivering the performance needs of a given user, and not only can you get recommendations, but you can also upgrade them at the touch of a button, which is immediately applied without missing a beat. Our new Watchdog Service also continually runs diagnostics to help to keep connections up-and-running at all times. If a diagnostic check fails, we’ll alert you and even give suggestions for how to correct the issue. 

For greater customization and flexibility, especially if your organization has virtualization expertise, we recommend Azure Virtual Desktop, which continues to see significant adoption as organizations modernize VDI in the cloud. You can read more about our increased investments in Azure Virtual Desktop in today’s Tech Community blog.

For more information about the management experience, check out the Tech Community blog from Scott Manchester.

Cloud security powered by Zero Trust

With a focus on a Zero Trust architecture, Windows 365 also helps solve for today’s critical security challenges by design, storing and securing information in the cloud, not on the device. Multifactor authentication (MFA) works to explicitly verify any login or access attempt to a Cloud PC through integration with Microsoft Azure Active Directory (Azure AD). And within Microsoft Endpoint Manager, you can pair MFA with dedicated Windows 365 conditional access policies to assess login risk instantly for each session. We’ve also designed the user and admin experiences around the principle of least privileged access. For example, you can delegate specific permissions, like licensing, device management, and Cloud PC management using specific roles, so you don’t need to be a global administrator. You can use the security baselines for Windows 10, Microsoft Defender for Endpoint, and Microsoft Edge, just like you would for your physical devices now, and we’ve built a cloud PC-specific security baseline to help you get started quickly. 

If you use Microsoft Defender for Endpoint to protect your devices, it also works seamlessly with your Cloud PCs. You can use Microsoft Endpoint Manager to quickly onboard your Cloud PCs just like your other devices with Defender for Endpoint. It not only protects your Cloud PCs, but also gives you security recommendations to lower risks, and helps you quickly discover and investigate any security incidents.

Finally, encryption is used across the board. All managed disks running Cloud PCs are encrypted, all stored data is encrypted at rest, and all network traffic to and from your Cloud PCs is also encrypted.

Windows 365 means new opportunities for partners

Windows 365 creates new opportunities for partners of all types across the Microsoft ecosystem to deliver new Windows experiences from the cloud.

Independent software vendors can continue to build Windows apps, and now, deliver them in the cloud to reach a broader audience. Windows 365 also presents new development opportunities, leveraging APIs available to partners, enabling them to bring their own innovations to market. In fact, check out the Tech Community blog that highlights the solutions ISVs like Nerdio, UKG, Service Now, and Net App are announcing today in support of different user scenarios with Windows 365.

Our customers will look to system integrators and managed service providers to help them get the most out of their entire Windows estate, using the additional services that our partners like Accenture/Avanade, Atos, Crayon, Content and Cloud, Convergent, Coretek, DXC, Glueck & Kanja GAB, Insight, and Netrix continue to bring to market. For small and midsize businesses, partners like Iconic IT LLC, MachineLogic LLC, and Nitec Solutions already support Windows 365 and can assist with additional services. Original equipment manufacturers (OEMs) gain an opportunity to integrate Windows 365 into their broad portfolio of services alongside their devices’ robust features and secure hardware.

Cloud PC represents the next big step in cloud computing that connects the Microsoft Cloud and personal devices in a powerful new way. With the announcement of Windows 365, we’re inviting organizations, employees, and partners to reimagine experiences with Windows and their devices and look forward to creating new scenarios for users everywhere.

Hybrid Windows for a hybrid world

We are so excited to share this new way to experience Windows 10 or Windows 11 (when available) through the power of the cloud across all your devices. We believe this will give organizations of all sizes the power, simplicity, and security you need to address the changing needs of your workforce as you embrace hybrid work.

Windows 365 will be available on August 2, 2021, to organizations of all sizes. In the meantime, you can learn more about Windows 365 now.

We are excited to be on this journey together, and we can’t wait to learn about all the new ways you will get work done using Windows 365.

The post Introducing a new era of hybrid personal computing: the Windows 365 Cloud PC appeared first on Microsoft 365 Blog.

Developers are at the heart of this transformation, and at Microsoft, we’ve seen evidence of this in the apps you’ve built on top of the Microsoft Cloud. Today, we’re sharing new capabilities and tooling for Microsoft 365 and Microsoft Teams that will empower developers to build solutions for the new way of work.

A new class of apps designed for hybrid work: collaborative apps

Hybrid, global work requires structural changes to how we build and interact with apps. We need a new class of apps that are centered around collaboration versus individual productivity. Apps that enable synchronous and asynchronous modes of collaboration with real-time meetings, ad hoc messaging, document collaboration, and the business processes automation—all in a single organizing layer.

Microsoft Teams was built with the very purpose of enabling collaboration. With over 145 million people using Teams every day, Teams has become the digital platform for work and learning. This creates a net new creative and economic opportunity for developers to build the next generation of apps where collaboration is at the core. We call this new class of applications collaborative apps.

With collaborative apps, end users can easily work with others to complete their projects at any time, from anywhere, and stay in the flow of work without needing to switch across multiple apps and data. And with Fluid components, end-users can create live, collaborative experiences that can be edited in real-time and shared across Teams and Office apps.

For developers, we want to make building collaborative apps easy: 

• Use your existing skills: Easily integrate your existing apps solutions with Teams and use standard web technologies, JavaScript, and just a few Teams APIs to integrate into Teams messages, channels, and meetings quickly and easily. Hundreds of independent software vendors (ISVs) like Service Now, Workday, Adobe, SAP, and more are doing this on our platform today.
• Simplify development: When you build an app for Teams, it works across many platforms—Windows, macOS, Web, iOS, Android, and Linux. Our goal is to significantly reduce the learning and work for developers to create the next wave of apps. Build once, deploy anywhere.
• Support developer choice: Microsoft Cloud offers a full stack of technologies to build collaborative apps. For developers building a new app, you can pick and choose technologies across Power Platform, Azure, Graph, and more based on your needs. 

Learn more about our vision of collaborative apps built on the Microsoft Cloud at our technical keynote session led by Jeff Teper and at the Into Focus session with Rajesh Jha.

Build collaborative apps with Microsoft Teams

To further help you build collaborative apps, we are sharing new integration opportunities and enhanced developer tools for the organizing layer, Teams.

Create apps for meetings enabling richer experiences

Providing a first-rate experience to every meeting participant, whether remote or in person, is important. We’re announcing new features that will enable you to build richer meeting experiences into your apps for Teams meetings.

• Shared stage integration: Available in preview, shared stage integration provides developers access to the main stage in a Teams meeting through a simple configuration in their app manifest. This provides a new surface to enable real-time, multi-user collaboration experiences for your meetings apps, such as whiteboarding, design, project boards, and more. 

• New meeting event APIs: Available in preview, enable the automation of meeting-related workflows through events such as meeting start and meeting end—with many more event APIs planned to come out later this year.

• Together mode extensibility: Coming this summer, Together mode extensibility lets you create and share your own custom scenes for Teams meetings. This provides an easy design experience, within the Developer Portal for Teams, so developers can craft custom scenes to make meetings more engaging and personalized for your organization. Here’s a custom scene built by our very own team that you can try out today!

Media APIs with resource-specific consent: Coming this summer, get real-time access to audio and video streams to build scenarios like transcription, translation, note taking, insights gathering, and more. These APIs will have resource specific consent enabled, so IT admins can view these permissions from the Teams Admin Center and validate that such apps have access to just the meetings they have been added to.

With the recently released Azure Communication Services interoperability with Teams, enable Teams users to easily interact with customers, partners, and other key people outside of your organization. When you build custom applications using Azure Communication Services such as voice, video, and chat, take advantage of built-in interoperability with Teams. This will enable Teams users to join meetings and interact with customers and partners using your custom application. Even better, with Azure Communication Services on the back-end connecting to Microsoft Teams, developers enjoy free VoIP and Chat usage for Teams app users.¹

Get started with Azure Communication Services with Teams interoperability available in preview.

Enabling cross-platform collaborative experiences

We built Teams to enable collaboration—so we’re sharing new features and capabilities that will allow users to collaborate together within Teams and across some of our other platforms.

Fluid components in Microsoft Teams is now available in private preview and will expand to more customers in the coming months. Fluid components in Teams chat allow end users to send a message with a table, action items, or a list that can be co-authored and edited by everyone in line and that is shareable across Office applications like Outlook. Quickly align across teams and get work done efficiently, by copy and pasting components across Teams chats. With Fluid components users can ideate, create, and decide together, while holding fewer meetings and minimizing the need for long chat threads.

Message extensions will soon be supported in Outlook: Providing a unified development experience for message extensions that work with Microsoft Teams and Outlook on the web. When users compose a message, they will be able to select a new menu of search-based message extensions to choose from. For example, a user may be able to compose an email and then select a message extension that surfaces tasks from their Teams app to send to teammates.

In addition to making it easier to build low-code apps, bots, and flows in and for Teams, we are making it easier to distribute low-code solutions to end-users. Soon you will be able to share bots built with Microsoft Power Virtual Agents broadly with security groups just like you already can for apps built with Power Apps. We also recently made it easier to take your apps, bots, flows, tables, and associated resources from one Microsoft Dataverse for Teams environment to another, ensuring that you can leverage these assets for new scenarios. We also continue to release more sample apps for Power Apps to help developers and customers get started with Power Apps.

Developer toolkits and resources to build and manage Teams apps

As developers are building the next generation of collaborative apps to support hybrid work, we are investing in tools and resources to help you be more productive.

With the enhanced Microsoft Teams Toolkit for Visual Studio and Visual Studio Code, available in preview, we’re making it easier for any developer to build Teams apps that interoperate with the Microsoft stack and across desktop and mobile. Whether you use React, SharePoint Framework (SPFx), or .NET—the toolkit is meant to meet developers where you are with the frameworks you already know and use. Some of the key updates include: single-line authentication, Azure Functions integration, SPFx integration, single-line Microsoft Graph client, and streamlined hosting to an IDE and CLI.

Learn more about the Teams Toolkit and install it today from the Visual Studio Marketplace.

Writing code is the first step, but developers also need to manage and configure your apps—and so we’re happy to announce the preview of the Developer Portal for Microsoft Teams. With the Developer Portal (formerly App Studio), developers receive a dedicated app management console available via web or within Teams, which can be used to register and configure their apps within a single, central location. New features include:

• Access through any web browser and device for easy navigation.
• Manage environment configurations, removing the need to manage multiple manifests in different environments.
• Collaborate with peers by giving read/write access to apps to others to collaborate and update apps.
• Ability for ISVs to link software as a service (SaaS) offers to their apps for new in-Teams purchase experience.
• Gather helpful insights on usage of apps (in preview).

Get started with the Developer Portal today.

As a platform, our success is tied to your success. We thank our partners who have built innovative apps on Teams. We’re committed to enabling our partners to be successful by helping users easily discover, deploy, and adopt apps. And we’re happy to share that coming soon, users will be able to purchase subscriptions of partner apps directly from the Teams Store and the Teams Admin Center (via invoice billing or credit card)—making it even simpler for users to acquire and adopt apps while providing our partners more monetization opportunities for your solutions.

Deliver experiences built around data, insights, and security with Microsoft Graph

While Teams is the organizing layer for collaborative apps, a key aspect of those app experiences is the rich sets of data from Microsoft Graph. Microsoft Graph manages the data generated from trillions of connections across communications, content, and people—with privacy, security, compliance, and search—powered by advanced machine learning.

Here are some of the exciting new features on Microsoft Graph that we’re happy to share with you today.

Earlier this year we introduced Microsoft Viva, to help organizations around the world optimize workforce experience, and help employees thrive in the new way of work. Viva was built to be a platform, so we’re announcing the first of many planned extensibility points—Viva Connection cards are now available in preview with SharePoint Framework (SPFx) for developers who sign up for early access. With this release you can now use out-of-the-box or custom web parts to build Viva Community dashboards, news feeds, and employee-focused resources, optimized for any platform or device.

Sign up to get early access to the next release of SPFx for building native mobile experiences for Viva Connections.

When it comes to who can access your organization’s data, authentication and security are always top of mind—which is why many developers utilize the Microsoft Graph. It’s built with Azure Active Directory’s (Azure AD) enterprise-grade security and authentication capabilities at its core. New features we are sharing today:

• Continuous Access Evaluation: Available for preview, it allows Azure AD to continuously monitor resources for security threats and revoke access tokens based on critical events or policy evaluation, rather than simply relying on a short token lifetime. 
• New authentication methods API so you can manage access to the data and resources in your app, using primary, two-step, or step-up authentication, and invoke a self-service password reset process (SSPR).
• General availability of the external identities APIs so your apps can establish secure business-to-consumer (B2C) user interactions using predefined, configurable policies while your users can use their everyday accounts to register with your solution.

One of the most common requests we’ve heard from customers and partners is how to bring their data into Microsoft Graph to surface it across Microsoft 365. That’s why created Microsoft Graph connectors, which allow developers to onboard, index, and surface metadata to enrich existing data sets within Microsoft 365—unlocking participation in core experiences like Microsoft Search and eDiscovery. We’re excited to announce several updates coming soon to Microsoft Graph connectors including:

• Support for enrichment of people profile from non-AAD sources that will enable admins to map properties from Microsoft Graph connectors to Microsoft 365 people cards in your organization.
• New Jira and Confluence connectors built by Microsoft, available later this year.
• Expansion of Search results to Microsoft Teams mobile and desktop clients and the Windows Search Box.
• eDiscovery support for Graph connectors developer preview will be available in Summer 2021.

We’re also announcing that Microsoft Graph Data Connect is available in preview on Azure. Microsoft Graph data connect is a secure, high-throughput connector designed to copy select Microsoft 365 productivity datasets into your Azure tenant. It’s an ideal tool for developers and data scientists seeking to create organizational analytics, or training AI and machine learning models. While most Microsoft 365 products are offered on a per-user/per-month basis, we’re offering Microsoft Graph data connect as a metered service so that developers only need pay for the data consumed in your solutions.

Learn more about Microsoft Graph Data Connect in our technical docs.

Lastly, we want developers to build people-centric experiences that span across our entire Microsoft 365 platform, but we understand that writing separate code to work across our different products is not optimal. That’s why we’re happy to share the availability of Universal Actions for Adaptive Cards. Now, using Azure Bot Framework, you can build and implement a single adaptive card that is seamlessly synchronized across Teams and Outlook mobile and desktop clients.

Read the full Microsoft Graph blog to learn more.

Build modern Windows apps that work seamlessly on any endpoint

With the shift to remote work and now hybrid work—the PC has never been more essential. With over 1.3 billion devices running Windows 10, modern apps built on Windows have become critical to enabling users to stay productive. Windows is essential to keeping workers connected and productive and the opportunity for developers to push the boundaries and find new innovative ways to help people is now.

If you’re a Windows developer, then you already know the importance of Project Reunion. With Project Reunion, you get access to modern Windows technologies and new features, plus the best of existing desktop (Win32) features. You get coherent, modern interactions and UX with WinUI 3—and great system performance and battery life for your apps. That’s why we’re excited to announce the Project Reunion 0.8 preview so you can create and modernize your Windows apps seamlessly for both client and cloud endpoints. You can build experiences optimized for device hardware with hassle-free app discovery and management and future-proofed for Arm64. Some of the key updates include:

• Down–level support to Windows 10 version 1809 provides a large addressable market in the Windows ecosystem and is a long-term servicing branch.
• .NET 5 support helps meet developers where they are, including WPF and WinForms.
• WinUI 3 and WebView 2 support modern, compatible UI development using the same technologies Windows is built around.

Learn more and start modernizing your Windows apps with the Project Reunion 0.8 preview.

We know that many developers use command-line tools and shells like Command Prompt, PowerShell, and Windows Subsystem for Linux (WSL). With Windows Terminal, developers receive a beautiful, sleek, modern command-line experience in Windows—and this year, we’re excited to share that it can now be set as the default terminal emulator, enabling all command-line apps to launch via Windows Terminal. We also released a new feature called Quake mode that allows you to open a new terminal window with a simple keyboard shortcut from anywhere in Windows.

Get started with new features in Windows Terminal.

You can also receive GUI app support on Windows Subsystem for Linux (WSL) so that all the tools and workflows are seamlessly at your fingertips. Windows allows you to work your way with seamless integrations with any workflow with GUI apps, Linux, and GPU accelerated machine learning training.

Learn more about our updates on WSL.

More and more organizations are turning to robotic process automation (RPA) to streamline business processes—from simple repetitive tasks to complex workflows. In the month after Ignite, where we announced Power Automate Desktop was available at no additional cost for Windows 10 users, we saw a six times month-over-month increase in downloads. Which is a testament to the untapped opportunity no-code RPA offers to help customers automate repetitive tasks and workflows. Today, we are making it even easier to prioritize the processes best suited for automation. Process advisor, now generally available, is a process mining capability that provides insights into how people work and takes the guesswork out of automation. You can now map workflow tasks, discover organizational bottlenecks, and identify which time-consuming tasks are best suited for automation—all from within Microsoft Power Automate.

Learn more about Power Automate Desktop and process advisor.

Learn. Connect. Code.

We hope you have a wonderful time at Microsoft Build this week. We have a great set of sessions we’ve produced just for you that spans across the entire Microsoft 365 platform.

Happy coding!

Additional resources

Check out these additional resources to learn more about developing on Microsoft 365:

• Watch the Build the next generation of collaborative apps for hybrid work digital Microsoft Build session.
• Take a look at our Microsoft Teams announcements for Microsoft Build blog to see a summary of the new Teams features.
• Take a look at our Microsoft 365 Developer announcements for Microsoft Build blog to see a summary of the new features across Microsoft 365.
• Microsoft Teams Developer Center to access docs, blogs, tools, and more to start building Teams apps.
• Microsoft Graph Developer Center to access docs, blogs, tools, and more to start building Microsoft Graph apps.
• Windows Developer Center to access docs, blogs, tools, and more to start building Windows apps.

¹VoIP and chat usage for Microsoft Teams endpoints are included with Microsoft 365 licenses.

The post Build the next generation of collaborative apps for hybrid work appeared first on Microsoft 365 Blog.

Before I get to this month’s product news, I want to point out some new resources that support this effort. Recently, we published a webpage called Resilience at work to help demonstrate how Microsoft solutions can help you strengthen resilience in people, teams, and your broader organization. We also published a Remote teamwork guide to share how you can enable your people to be productive and secure from anywhere with Microsoft 365 and Microsoft Teams. And earlier this week, we launched WorkLab, a digital publication devoted to illuminating the future of work, grounded in research and the lessons of the pandemic a year in. Be sure to check all three resources out and let us know what you think.

Okay, on to the news!

Breakout rooms, Tasks publishing, Approvals, and more in Microsoft Teams

New announcements in Microsoft Teams make it easy for everyone to engage in large meetings, help connect organizations, empower frontline retail workers, and more.

Help people to connect meaningfully in large virtual meetings—We’re excited to announce that one of our most requested Microsoft Teams features is now generally available! Breakout rooms make it easy to divide your meetings into smaller groups to facilitate discussions, brainstorming sessions, and learning groups. Organizers can easily jump in between breakout rooms, deliver announcements to all breakout rooms at once, and bring everyone back to the main meeting at any time. All meeting assets, including meeting files, whiteboards, recordings, and transcripts are available for the organizer to review and use.

Connect your organization from the corporate office to the frontlines with Tasks publishing—With the new publishing feature for Tasks in Teams, customers can now drive consistent execution of tasks at scale across all of an organization’s locations. Corporate and regional leadership can create and send tasks to configurable relevant locations—including specific retail stores—and track their progress through automatic real-time reports. Managers have tools to easily direct activities within their stores, and frontline workers have a simple prioritized list showing them exactly what to do next. Tasks targeting, publishing, and reporting are now generally available. To set Tasks up in your organization, visit our documentation page for setting up your team targeting hierarchy.

Unify workforce management in Microsoft Teams through our new partnerships—We are excited to announce new workforce management capabilities with our partners, Blue Yonder and Reflexis. With this new integration, Microsoft Teams can now provide a richer, more unified workforce management experience, enabling employees to see and swap shifts, review their schedules, make changes, and more, without ever having to leave Teams.

Track and manage approvals right within Microsoft Teams to get faster results—Now generally available, Approvals lets you easily create, manage, and share approvals right in Teams. Quickly start an approval flow from the same place you send a chat, in a channel conversation, or from the Approvals app itself. Just select an approval type, add details, attach files, and choose approvers. Once submitted, approvals can be reviewed and responded to as needed. Install the Approvals app today to get started.

Simplify tasks, lists, and functions

New capabilities help make it easier to prioritize and organize tasks, access lists on the go, and use custom functions in Microsoft Excel workbooks.

Take your lists anywhere with the Lists mobile app for iOS—A new Lists mobile app for iOS now provides you access to your lists with full functionality from your iPhone. This new experience makes it easier than ever to open an existing list for quick reference, add or edit list items as you think of them, or create a new list from scratch or a ready-made template. Download the app now from the Apple App Store.

Manage your tasks more easily with intelligence—Available to To Do web English users, Microsoft To Do will use AI to help you plan your day better and focus on tasks that matter to you. AI in To Do will help identify tasks that seem important based on keywords and deadlines and suggest them in My Day to ensure that you stay on top of your key tasks and get more done each day. Get started with Microsoft To Do today. 

Turn Excel formulas into custom functions: Our new LAMBDA function makes it easy to convert your formulas into re-usable functions. Turn formulas into custom functions with unique names that can be easily re-used throughout your spreadsheet. Join the Office Insider Program and choose the Beta Channel to get early access to LAMBDA in Excel.

Create beautiful diagrams

Visio capabilities bring new and familiar icons to your diagrams.

Insert icons into your Visio files and more—This month, we’re announcing a couple of updates you’ve been asking for! First, you can now access a rich content library of icons and images that you can easily insert directly into your Visio diagrams. Rotate, recolor, and resize the selected content with no loss of image quality. This feature is available in both Visio for the web and the Visio desktop app. Second, you can now easily adjust the size of a page to fit your Visio drawing. The Fit to Drawing feature is now available in Visio for the web.

Visually represent your Azure architectural diagram using the latest shapes in Visio—Representing your infrastructure architecture through a diagram can be invaluable to your team during redesigns, implementations, documentation, and more. Two years ago, we added Azure shapes in Visio, making it easy to build diagrams for network topologies, virtual machine configurations, operations, and more. We are excited to announce that we have now released more than 250 of the latest Azure shapes. These refreshed icons are better aligned with the Microsoft Fluent design and let you create IT diagrams that accurately represent modern cloud services, tools, and frameworks from Azure. To get started, go to the Visio web app homepage and select your preferred diagram template to quickly start visualizing your Azure infrastructure. In the desktop app, select File > New > Templates > Network > Azure Diagrams.

Also new this month

Application Guard, which helps desktop users stay safer and more productive by opening Microsoft Word, Excel, or PowerPoint files in a virtualized container, is now generally available for everyone with Microsoft E5 or E5 Security subscriptions.

From helping everyone engage in larger virtual Teams meetings with breakout rooms to enabling a more unified workforce management experience with a new partnership to helping you stay focused and in the flow with AI in To Do, all of these experiences were designed to help empower your people for the new world of work. And stay tuned—we’ve got all sorts of exciting announcements coming your way in the next few weeks.

The post From breakout rooms in Microsoft Teams to AI in To Do—here’s what’s new to Microsoft 365 in January appeared first on Microsoft 365 Blog.

A note to developers before we begin: Whether building your own apps or solutions that are designed to be used in Microsoft Teams or Outlook, we have a whole host of new innovations for you. At Build this week, we’re announcing many new capabilities that you can use to make your apps more integrated, powerful, and intuitive. We’re also introducing new developer and management tools that make creating and discoverability even easier. Find out more about all of the new opportunities for developers using the Microsoft 365 platform announced at Build. Let’s get to it!

News from Build 2020

Microsoft Teams

Teams is the hub for teamwork combining meetings, calls, chat, and collaboration into a single tool that preserves context and keeps everyone up to speed.

Productivity

From customized templates to new tasking capabilities, we’re introducing fresh ways to stay productive in Teams.

Create teams quickly with customizable templates—When creating a new team, you’ll soon be able to pick from a variety of customizable templates. Choose from common business scenarios, like event management and crisis response, as well as industry-specific templates, like a hospital ward or bank branch. Each template comes with pre-defined channels, apps, and guidance. Admins will also be able to create new custom templates and templatize existing teams in their organization, allowing them to standardize team structures, surface relevant apps, and scale best practices. Templates in Teams will roll out in the next few months and appear automatically.

Automation

We’re excited to announce enhancements to the Power Platform that make it easier to integrate and scale with Teams.

Easily create and manage chatbots in Teams—Integrating with Teams is also easier than ever: Just select the bot you want to use and then click Add to Teams. For additional convenience, Power Virtual Agents now supports single sign-on (SSO), so users will no longer have to reauthenticate when using Teams for the first time.

Quickly add custom apps and automated workflows to Teams—Developers and admins will soon be able to add their custom applications from Power Apps to Teams with a single click of the Add to Teams button. To get started, open make.powerapps.com, click “…“ next to the canvas app you’d like to publish, and select Add to Teams.

Meanwhile, new Power Automate business process templates for Teams will allow creators to streamline workflows using pre-built templates, or as a base to customize their own. Finally, new Teams-specific triggers and actions will enable you to create custom message extensions, automate @mentioning and message posting to channels, and customize bot names. These features are coming soon.

Share Power BI reports in Teams—Power BI users can now share reports, or specific charts in reports, to Teams with the new Share to Teams button. Senders can also direct the recipient’s attention to a specific chart in a report or share to an entire team. To get started, select Send to Teams from the Power BI portal and type in the team name you’d like to share with.

Meetings and events

Across time zones and social-distancing scenarios, organizations need to connect and collaborate in gatherings large and small. New Teams capabilities help you design the best experience for every occasion.

Schedule virtual appointments via Bookings in Teams—Organizations will now be able to schedule, manage, and conduct business-to-consumer virtual appointments through the new Bookings app integration in Microsoft Teams. With a single scheduling experience, you can manage multiple departments or locations and securely host everything from candidate interviews and student office hours to financial consultations and medical visits. Teams support HIPAA compliance and is HITRUST certified. In healthcare alone, there were more than 34 million Teams meetings in the past month, including virtual visits. Today, you can learn how Microsoft Cloud for Healthcare will make it easier for healthcare organizations to remain agile and focus on what they do best – delivering better experiences, insights, and care.

Broadcast events and create studio productions from a virtual stage in Teams—With so many organizations working remotely, and travel at a record low, how do you recreate the magic of an in-person presentation or interview for an all-remote audience? Introducing new Network Device Interface (NDI) support and Skype TX interoperability for Teams. It offers a more advanced set of production options for both public and private, customized, high-scale broadcasts.

Coming soon, NDI for Microsoft Teams will transform a Teams meeting into a virtual stage by converting each participant’s video into a discrete video source that can be used in the production tool of your choice: OBS, Wirecast, Xsplit, StreamLabs, and many more. This functionality enables you to use Teams meetings in other ways, including hosting a professional broadcast.

Secure and remote scheduling

Shifts lets Firstline Workers and their managers use mobile devices to manage schedules and keep in touch.

Extend the Shifts app in Teams—New capabilities in the Shifts app extends functionality and enables integration with existing systems. First, the Graph APIs for Shifts are now generally available, so can you integrate them with any other external workforce management tool, including custom workforce management systems. Plus, new Power Automate actions enable developers to take information from Shifts and create customized workflows with other apps or perform operations at scale. Finally, new triggers and templates will help support a variety of timesaving and process-optimization scenarios, like enabling auto-approvals for shift requests in scenarios where a manager’s approval is not needed.

Fluid Framework

At Ignite 2019, we announced the public preview of Microsoft Fluid Framework, our new technology and set of experiences designed to make collaboration seamless by breaking down barriers between apps.

Collaborate with Fluid components and workspaces in Outlook and Office.com—The Fluid Framework is on a journey to make work more adaptable and focused. The first Fluid Framework integrations in Microsoft 365, coming to Outlook and Office.com, will enable you to collaborate on dynamic content and create connected components that can be shared simultaneously and seamlessly across apps. Tables, charts, and task lists can be easily inserted in Outlook for the web, so your sales numbers, project tasks, and research reports are always up to date. Within Office.com, Fluid workspaces can be created and managed, including within your document activity feed, Recommended list, and @mentions—or search for them across Office.com. And, because Fluid Framework components are lightweight, edits are instantaneous, empowering work to be fast and flexible. These experiences will be available to those with a Microsoft 365 enterprise license in the next few months.

Use key infrastructure from Fluid Framework—now open source—in your applications—The web-based framework of Fluid can be used to instantly make your apps collaborative. It includes data structures that perform low-latency synchronization and a relay service to connect endpoints. If you replace your static data structures with Fluid data structures, your app instantly supports real-time collaboration.

Discovering the full potential of the Fluid Framework can only be accomplished through creating a diverse, open, and vibrant developer community. For this reason, Microsoft will be making the Fluid Framework open source, allowing developers and creators to use key infrastructure from Fluid Framework in their own applications. Along with the release of additional developer documentation and tooling, this is an invitation for developers to work alongside Microsoft as Fluid Framework is built and released.

Project Cortex

We introduced Project Cortex at Ignite 2019 and are happy to announce it will be generally available in early summer 2020. This powerful new service applies artificial intelligence (AI) and the Microsoft Graph to create a knowledge network that connects your content in Microsoft 365, along with external sources, to organize content and expertise across systems and teams. You can then manage your information and streamline processes with advanced security and compliance controls, along with automated workflows.

Work with new developer tools now in private preview—Today, we are introducing new developer APIs for Project Cortex and Managed Metadata Services (MMS) in Microsoft Graph, along with new integration with Language Understanding services in Azure. Currently, our private preview program has expanded to include more than 75 organizations delivering knowledge from millions of documents and videos, including Unilever, Arla Foods, and Siemens Healthineers. We will keep you all informed as new milestones are achieved.

Outlook

Around the world, our customers rely on Outlook to help organize their days and stay in touch. New capabilities let them do more within the app to be more productive.

Save keystrokes in Outlook—Now, Outlook on the web can help compose email messages with text predictions. Using intelligent technology to infer meaning and intention, Outlook can help you compose faster, avoid typos, and craft polished email messages.

Keep up with Yammer in Outlook—Outlook for Windows, Outlook for Mac, and Outlook mobile users can now view and reply to Yammer conversations, polls, questions, and praise without leaving their inbox. This feature will automatically become available for users who have email notifications from Yammer turned on.

Microsoft Edge

This year at Build, we’re announcing several new capabilities in Microsoft Edge that add customization options and improved tooling for web developers.

Quickly explore relevant Pinterest collections—Pinterest can now deliver suggestions at the bottom of your collection, making it easier to find additional similar content. Clicking on a suggestion will open a board of similar, trending Pins so you can quickly find and add ideas relevant to you. Collections will also soon support “Send to OneNote,” making it easy to export collections to OneNote pages.

Save time while searching—We’re also introducing sidebar search so you can search for things without opening a new window or tab. And for those who use Microsoft Edge for both work and personal use, we’re excited to introduce Automatic Profile Switching, which will detect that the link you’re trying to open needs work credentials, and then switch you to your authenticated work profile.

Check out expanded developer options during preview—Because we love developers, we’re expanding the preview with new options for .NET and UWP (WinUI 3.0) development, enabling you to embed a Chromium-based Edge WebView in WinForms, WPF, and UWP/Win UI 3.0 applications. We’ve also added a 3D View in DevTools. Check out our documentation and Getting Started guide, or simply open Visual Studio and download the WebView2 package to get started.

Microsoft Lists

Microsoft Lists is your smart information tracking app across Microsoft 365. With Lists, you can easily track data and information to stay updated on the latest status.

Track information with Microsoft Lists—Now, you can create, share, and track data and information—like issue tracking and status reporting—directly within Microsoft Teams, SharePoint, and the soon-to-be-released Lists mobile app. Lists are easy for anyone to create and customize with templates, color coding, If/Then workflows, and more. Learn more about Microsoft Lists.

At a time of unprecedented change, we are all rapidly adjusting to a new era of work. From software developers to healthcare workers, government first responders to multinational c-suites, everyone is finding new ways to stay productive and connected, whether they are working together or apart. The features and enhancements we announced today are all designed to support the incredible achievements of our customers around the world. We are committed to continuing to build the tools that keep the world’s work moving, through this crisis and beyond.

The post From Microsoft Teams to Fluid Framework—here’s what’s new and coming soon to Microsoft 365 appeared first on Microsoft 365 Blog.

Productivity

Microsoft 365’s productivity tools use AI to help people create, collaborate, analyze, write, present, organize, and manage their work. Our innovations in core productivity are focused on two opportunities: creating entirely new experiences that take advantage of the latest innovations and breathing new life into familiar apps and experiences with powerful cloud services.

Microsoft Teams

Microsoft Teams is the hub for teamwork. In response to requests from Teams customers, we’re pleased to announce Private channels, Multiwindow chats, meetings and calls, pinned channels, and task integration with To Do and Planner. We’re improving collaboration capabilities between Outlook and Teams, making it easy to send an email thread to a Teams channel for further discussion.

And we’re bringing the Yammer app into Teams, adding the ability for users to pin the app to the left-hand rail and making Teams the hub for both focused team collaboration and broad, open communities. We are also delivering new industry-tailored innovations and experiences including tools for Healthcare and Firstline workers. Healthcare providers can now schedule and conduct B2C virtual consultations through Teams with new Virtual Consults capabilities, and new features like SMS Sign-In and Global Sign-Out make it quick and easy for Firstline workers to securely access Teams from their mobile devices.

The New Microsoft Edge

Microsoft Edge and Microsoft Bing are the web browser and search engine for business. We are pleased to announce that the general availability of the all-new Chromium-based Microsoft Edge browser is targeted for January 15, 2020. You can download the release candidate today.

The all-new Microsoft Edge offers the enterprise new tab page, where you’ll have direct access to your Microsoft 365 files, sites, and intranet search, making every tab you open a portal to productivity. And with the new Microsoft Search in Bing integration, searching for information at work is as easy as searching the web. You can now access files, people, office floorplans, acronym definitions, and more company information from across your Microsoft 365 ecosystem right from the search bar.

Finally, Microsoft Edge is now available across all your devices—including Windows 10, Windows 8x, Windows 7, macOS, iOS, and Android. Your passwords and favorites will roam seamlessly across all your devices—and with native Azure Active Directory (Azure AD) sign-in, you can search for work files right from your phone.

The Office mobile app

We all want to be able to work on the go from mobile devices and we’re always looking to simplify and improve the experience. Today, we’re announcing a new mobile experience for Office that combines three of the suite’s most popular apps—Word, Excel, and PowerPoint—into a single go-to app for mobile productivity. Now you no longer need to download each app separately and will have everything you need to be productive on the go. And with the new Actions pane, you can intuitively complete a variety of common on-the-go tasks, such as creating and signing PDFs and sharing files between devices.

The new Office app uses the unique advantages of mobile devices to make content creation easier. You can snap a picture of a document and turn it into an editable word file, for instance, or transform tables from a printed page into an Excel spreadsheet. Launched today as a public preview, the Office app is available to Android users through the Google Play Store and to iOS users through Apple’s TestFlight program.

Fluid Framework

At Build 2019, we announced Fluid Framework, a new technology and set of experiences that will make collaboration seamless by breaking down the barriers between apps. It offers three key capabilities. First, experiences powered by the Fluid Framework will support multi-person coauthoring on web and document content at industry-leading speed and scale. Second, it provides a componentized document model that allows authors to deconstruct content into collaborative building blocks, use them across applications, and combine them in a new, more flexible kind of document. Third, the Fluid Framework makes room for intelligent agents to work alongside humans to translate text, fetch content, suggest edits, perform compliance checks, and more.

Today, we are announcing a public preview of the Fluid Framework end user experience and a private preview for developers. Over time, we expect these capabilities to light up in experiences across Microsoft 365, including within chat in Teams, mail in Outlook, portals in SharePoint, notes in OneNote, and documents in Office.

Cortana

We’re using AI to bring you personalized experiences in Outlook and making Cortana your personal productivity assistant. Today, we announced Play My Emails in Outlook for iOS to help you catch up and act on emails hands-free. With new natural voice and language recognition, Cortana can intelligently read out your new emails and share changes to your day. A masculine voice option is also now available with Play My Emails, further customizing your personal productivity assistant experience. We’re also announcing that Scheduler in Outlook is shipping in preview; you can use it to hand off scheduling meetings and coordinating participants to Cortana.

Beginning next month, Cortana can also help you prepare for your day by sending you a briefing email that includes a summary of your meetings, relevant documents for your day, and reminders to follow up on commitments you’ve made in email.

AI in Office

You’re busy and have a lot on your mind—and even more on your to-do list. We get it, and over the past year, we brought the magic of AI to Office to help you get more done. With innovations that include entering data into Excel with a digital pen, audio transcription in Word—which converts a new or existing audio file into a written transcription—and Presenter Coach in PowerPoint (in public preview for the web), which helps business professionals, teachers, and students become more effective presenters, we committed to enlightening Office with AI to help you be more productive.

Today our journey continues. Now Excel supports natural language queries, so users can now ask a question of their data, just like they would if they were talking to a person, and get quick answers—all without having to write a formula. Available to Office Insiders, this new natural language ability is another step towards making data insights and visualization more approachable and accessible to users with various levels of Excel experience.

We’re also making it easier for you to plan time away from work and continue to improve your work best practices. For example, MyAnalytics can help you prepare for time off by automating out of office notification setup, informing collaborators of your time away, resolving meetings you’ll miss, and more. Integrated into the Insights pane in Outlook, MyAnalytics is now able to encourage best practices like booking meetings promptly, adding an agenda, and meeting follow ups, and adding new AI-powered suggestions in Outlook that allow you to delay email delivery when working outside the recipient’s working hours.

Microsoft Project

Last week, we announced a major step toward achieving our new vision for project management with the general availability of the new Microsoft Project. The new Project offers a redesigned user experience that is simple and intuitive. Teams can quickly add new members and set up tasks, and then easily switch between grids, boards, or timeline (Gantt) charts to track progress. And because Project is part of the Microsoft 365 family, project teams can save time and do more with built-in connections to familiar apps like Teams and Office. In addition, the new service provides greater visibility into your projects and powerful tools to help you anticipate future needs. Create stunning interactive reports in Power BI, so you can visualize every aspect of each project at a glance. And get the big picture view of all your projects across your organization with visual, interactive cards.

Over the next year, we’ll release more exciting capabilities in the new Project, including resource management, budget analysis, and time and expense tracking. These powerful features will enable you to streamline more complex initiatives and help your business maximize ROI.

Knowledge

We’re excited to announce a brand-new investment area for Microsoft 365—knowledge. Moving your productivity infrastructure to the cloud has many benefits, including cost savings and streamlined operations. But it also unlocks new scenarios. Using AI, Microsoft 365 will now be able to identify, organize, and deliver knowledge across your organization—providing just the right information at just the right time. Productivity isn’t just about being more efficient. It’s also about aggregating and applying the collective knowledge of your organization so that together you can achieve more.

Project Cortex

Today, we’re announcing Project Cortex, the first new service in Microsoft 365 since the launch of Teams. Project Cortex uses AI to create a knowledge network that reasons over your organization’s data and automatically organizes it into shared topics like projects and customers. It also delivers relevant knowledge to people across your organization through topic cards and topic pages in the apps they use every day.

In addition, Project Cortex enables business process efficiency by turning your content into an interactive knowledge repository—with innovations in smart content ingestion—to analyze documents and extract metadata to create sophisticated content models; machine teaching, to allow subject matter experts to teach the system how to understand semi-structured content; and knowledge retrieval, to make it easy for people to access the valuable knowledge that’s so often locked away in documents, conversations, meetings, and videos. Building on the content you already have in SharePoint, Project Cortex connects content across Microsoft 365 and external systems and enables you to manage information and streamline processes with built-in security, compliance, and workflow.

The new Yammer

Yammer has been completely redesigned, with dozens of new capabilities that empower people to connect, build communities, and share knowledge across the organization. The new Yammer delivers a beautiful, intelligent experience across devices and introduces new integrations with Teams, SharePoint, and Outlook. You can now use Yammer to broadcast live and on-demand events with a streamlined production option that uses webcams and desktop sharing. And you can also share video shorts directly from the Yammer mobile app. In addition, we’ve now centralized e-Discovery, data governance, and Yammer administration in the Microsoft 365 admin center.

Microsoft Search

Today, we announced new innovations for Microsoft Search to enhance productivity; empower greater discovery of information, insights, and people; develop search driven applications; and extend the benefits of Microsoft Search to content outside of Microsoft 365. We recognize search works best when it brings together information from across your organization. Now with over 100 new Microsoft Search connectors from Microsoft and our partners, you can consolidate information from disparate system into a single search experience in Microsoft 365.

In addition, you can use our new Graph APIs to develop custom applications on top of Microsoft Search to tailor search to your organizations’ needs. We’re also bringing more powerful search experiences to Microsoft 365, including advanced people search using attributes and skills, video search, acronym search, and semantic search.

Microsoft Stream

Video is an increasingly powerful medium for capturing and sharing knowledge and learning. Microsoft Stream applies AI to unlock the content in video—including meeting recordings—with automatic transcription. AI also powers the new voice enhance feature, allowing you to focus on the spoken word by reducing background noise. And now people can create short videos from mobile devices and share in Yammer, Teams, and PowerApps, mainstreaming video as the new content type for communications and learning.

Workplace Analytics

Workplace Analytics is making it even easier to gain knowledge about the way people work and its impact on business and organizational outcomes. Business leaders will get at-a-glance insights to quickly understand and improve meeting culture, manager practices, organizational networks, and customer relationships. Industry benchmarks help contextualize common patterns that influence productivity, such as focus time and the ability to unplug outside of working hours. We also enriched the analyst toolset. AI-driven process analysis uses key words like “quarterly business review” to shed light on time and resources invested in specific business activities, enabling improvement over time.

Workflow

Workflow innovations empower you to streamline and improve business processes with little or no code. This approach not only saves time and money, it also ensures process automation is done by the people who are closest to the way things actually work.

Power Platform integration with Teams

With Power Platform, users can automate routine tasks, create custom apps, and easily engage with data. Power Platform integration with Teams makes these tools more discoverable and accessible to users and unlocks a conversational approach to streamlining productivity scenarios—from managing approvals directly in chat to pinning a custom app where a team needs it.

Today, we announced new features to enhance these capabilities. Power Apps creators can now publish their apps as Teams apps, and users will be able to pin those apps to their left rail in Teams. We’re also adding new Power Automate triggers and actions, allowing users to streamline the completion of common team and personal tasks, such as setting custom message actions and sending notifications. And coming soon, rich Power BI previews in Teams chat and an enhanced Power BI tab will allow users to see all their data in Teams and effortlessly discuss data, to speed data-driven decision making.

Office Scripts

Office Scripts simplifies clunky processes and automates repetitive tasks so you can work less while doing more. Today, we introduced scripting in Excel, a new process automation feature that allows you to record your actions inside a workbook and save it to a script. The saved script can then be integrated with Power Automate and scheduled to run automatically or integrate with a larger flow. Office Scripts will be available as a public preview by the end of the year.

Security

New AI-powered features make it easy for you to secure your organization’s valuable assets while empowering employees to collaborate freely.

Microsoft Authenticator

Any customer with any Azure AD plan, including a free plan, can now use the Microsoft Authenticator app for secure, passwordless access to both Microsoft and non-Microsoft apps. Passwords continue to be the weakest link in cybersecurity. With Azure AD and Microsoft Authenticator, enterprises can go passwordless for a great user experience and lower support costs while also implementing two-factor or multi-factor authentication (MFA) for greater security. Deploying MFA reduces the risk of phishing and other identity-based attacks by 99.9 percent and is the best thing you can do to improve your security. Customers with more than 150 seats can also now contact Microsoft to set up the capability via FastTrack.

New value in Azure AD

Azure AD Cloud Provisioning now makes it easier to move identities to the cloud by eliminating the need for an on-premises sync server though a lightweight on-premises agent. This enables provisioning from multiple, disconnected on-premises Active Directory (AD) forests and harnesses the power of the cloud to tackle common directory challenges like sync complexity and data transformation logic. This capability addresses one of the top needs for large enterprise customers that manage complex organizations or mergers and acquisitions and enables greater availability and decreases implementation and operation costs.

Microsoft Defender Advanced Threat Protection (ATP)

Microsoft Defender ATP endpoint detection and response (EDR) capabilities are now available in preview for Mac OS devices. We’ll be adding support for Linux servers next. This is part of our commitment to extending multi-platform coverage in our threat protection solutions. Our customers depend on Microsoft for world-class endpoint protection and EDR capabilities for Windows, and most large organizations manage a complex mix of technology platforms, including several operating systems. They need coverage for the full breadth of their environment. This ongoing investment gives them the breadth of coverage they need, with a single unified view for administrators and security operations professionals, enabling enterprise-wide investigation and response to security incidents.

Application Guard for Office

Now available in private preview, Application Guard for Office provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It utilizes Microsoft Defender ATP to establish whether a document is either malicious or trusted.

Compliance

Simplify and automate risk management with new innovations that use AI as a force multiplier to keep you one step ahead of the increasingly complex compliance requirements and ever-evolving insider threats.

Insider Risk Management

A staggering 53 percent of organizations have experienced an insider attack in the last 12 months. The effort required to identify these risks and violations is not trivial, and it requires effective collaboration across security, human resources (HR), and legal—as well as a balanced approach across privacy and risk management. Today, we announced Insider Risk Management in Microsoft 365 to help organizations quickly identify and remediate insider threats, risks, and code of conduct policy violations across Office, Windows, Azure and third-party apps such as HR systems. Insider Risk Management leverages the Microsoft Graph and other services to intelligently correlate multiple signals to identify hidden patterns and potential risks, and provide real-time insight into file activity, communications sentiment, and abnormal user behaviors. Insider Risk Management includes a set of configurable playbooks tailored specifically for risks—such as digital IP theft and confidentiality breach—to help you effectively identify threats and take action. We also designed for privacy, so display names for risky users can be anonymized by default at early stages of investigation.

Compliance Score

It’s more important than ever to have the knowledge and tools you need to work across compliance and risk management teams to effectively assess and monitor risks. To help you implement more effective data protection controls, we’re announcing the public preview of Microsoft Compliance Score, which enables you to simplify and automate risk assessments. With Microsoft Compliance Score, you can now continuously assess and monitor data protection controls, get clear guidance on how to improve the score, and leverage the built-in control mapping to scale your compliance efforts across regulations and standards.

Even if you’re not an expert in complex regulations like General Data Protection Regulation (GDPR) or ISO 27001, you can still quickly learn the actions needed for compliance and contribute towards progress. We also introduced new assessments for California Consumer Privacy Act (CCPA), and for other GDPR-style regulations. Compliance Score is available now in public preview for all Microsoft 365 enterprise plans in the Microsoft 365 compliance center.

Management

With new management innovations, Microsoft 365 puts the cloud and AI to work to help you set-up, secure, monitor, and manage all your devices.

Microsoft Endpoint Manager

Microsoft Endpoint Manager is an integrated solution to centrally and securely manage all the endpoints in your technology estate. Bringing together Microsoft Intune and System Center Configuration Manager functionality and data—plus new intelligent actions and analytics—Endpoint Manager delivers seamless, end-to-end management for Windows, Android and Apple devices, apps, and policies without the complexity of a migration or disruption to productivity. Look for Microsoft Endpoint Manager features and experiences to appear in the product over the coming months. And, to help ensure that all our customers are able to take advantage of Microsoft Endpoint Manager, we’re making Intune available to our existing SCCM customers for Windows PC management. Starting December 1, 2019, you can co-manage these devices in Microsoft Endpoint Manager, and start using cloud-powered features like Autopilot and Desktop Analytics.

Microsoft Productivity Score

Microsoft Productivity Score focuses on two areas: the Employee experience and the Technology experience. Both provide visibility into how your organization works, insights to identify where you can enable improved experiences, and actions you can take to update skills and systems—so everyone can do their best work.

The Employee experience shows you how Microsoft 365 is helping to create a productive and engaged workforce. By quantifying how people are collaborating on content, working from anywhere, developing a meeting culture, and communicating with each other, you can see the different ways that work gets done. Meanwhile, the Technology experience provides insights by assessing policies, device settings, and hardware and application performance within the organizational environment and recommends actions in Microsoft Endpoint Manager.

Managed Meeting Rooms

Productive meetings are essential to success in the modern workplace. Coupled with the rise in remote collaboration, business leaders increasingly associate more effective meetings with having the right meeting room technology and environment. Today, we’re announcing a private preview of Managed Meeting Rooms from Microsoft, a new offer for managing meeting rooms. This cloud-based IT management and security monitoring service ensures that Teams meeting rooms are secured, up to date, and proactively monitored for a great in-room experience. To date, we’ve been working with more than 100 customers to manage more than 1,500 meeting rooms. Now, a private preview is opening this experience to more of you! If you’re interested in participating, let us know.

Global reader

You told us you want to improve your security posture by scoping admin permissions to only those needed to do their jobs. In fact, this is one of our top customer requests. We’re announcing new admin roles in Azure AD and the Microsoft 365 admin center to help you reduce the number of Global admins in your organization. For example, the Global reader role lets an admin view information across Microsoft 365, but does not allow the admin to change any settings or data. Now you can assign the Global reader role to admins in your organization to support reporting, planning, audits, and investigations, without having to grant a higher level of privileges than is necessary. The Global reader role can also be combined with other administrative roles (for example, Exchange admin) to more granularly control and scope the assignment of admin privileges in your organization.

Onboarding Hub

You also told us that you want guidance from Microsoft for improving security and increasing admin efficiency. The Onboarding Hub, in the Microsoft 365 admin center’s setup area, includes new experiences to help you discover, learn about, and use features across Microsoft 365, including Azure AD and other admin portals such as the Security and Compliance Center. We provide intelligent recommendations—based on your current configuration and admin activities—to help you improve your security posture, maintain compliance with data regulations, keep apps up to date, and reduce costs.

New recommendations in the Microsoft 365 admin center (admin.microsoft.com).

Using the Global reader role to access the Onboarding Hub is a powerful and safe way to perform planning and auditing activities for Microsoft 365, as a Global reader can view and assess the recommendations, learn about implementation steps and user impact, and see current administrative assignments without making any tenant or configuration changes.

Office 365 Groups

Office 365 Groups is the membership service that powers collaboration and drives teamwork across Microsoft 365. It’s a core underpinning of more than 20 applications, including Teams, SharePoint, Outlook, Yammer, Microsoft Stream, and more. We’re pleased to announce a number of improvements to the Groups admin experience with new lifecycle management and compliance capabilities, including the ability to quickly create teams for a group, browse and restore deleted groups, edit the group email alias, and use sensitivity labels. You can also enable self-service group creation and management, which empowers users to create teams and Yammer channels that are controlled with guardrails and policies set by IT.

Send us your feedback

Every innovation we make with Microsoft 365, the world’s productivity cloud, is designed to help you and your organization unlock new forms of productivity to achieve more. We’re excited to share these new features with you, and look forward to your feedback and insights.

The post From new Microsoft Teams experiences to the all-new Project Cortex—here’s what’s coming soon to Microsoft 365 appeared first on Microsoft 365 Blog.

Since we announced Windows Virtual Desktop last September, and through the public preview announced in March, thousands of customers have piloted the service and taken advantage of the Windows 10 multi-session capability—validating the importance of this feature as a core part of the service. Customers also represented, all major industries and geographies, helping us get feedback from different customer types and locations. As a result, as of today the service is now available in all geographies. In addition, the Windows Virtual Desktop client is available across Windows, Android, Mac, iOS, and HTML 5.

“Windows Virtual Desktop allows our employees to work in a secure manner wherever they are. Windows Virtual Desktop provides the Windows 10 desktop experience that our employees are familiar with across a variety of devices or web browsers.”
—Jake Hovermale, Chief Technical Officer, BEI Networks

With the end of extended support for Windows 7 coming in January 2020, we also understand some customers need to continue to support Windows 7 legacy applications as they migrate to Windows 10. To support this need, you can use Windows Virtual Desktop to virtualize Windows 7 desktops with free Extended Security Updates (ESU) until January 2023. If you’re in the process of migrating to Windows 10 and need app compatibility assistance, read more about how we can help with the Desktop App Assure program.

To help increase productivity, we invested heavily in the Office experience in a virtualized environment with native improvements, as well as through the acquisition of FSLogix. In July, we made the FSLogix technology available to Microsoft 365, Windows 10 Enterprise, and RDS customers. Today, all FSLogix tools are fully integrated into Windows Virtual Desktop, enabling you to have the smoothest, most performant Office virtualization experience available today.

In addition to the significant architectural improvements for deployment and management, we’re also simplifying app delivery by supporting MSIX packaged apps to be dynamically “attached” to a virtual machine instead of installing it permanently. This is important because it significantly decreases storage and makes it easier for the admin to manage and update the apps, while creating a seamless experience for the user.

Check out the new video from Scott Manchester, Principal Engineering Lead for Windows Virtual Desktop, where he does a great job of walking you through the app “attach” experience.

Extending Windows Virtual Desktop

We also worked closely with our partner ecosystem to help our customers extend Windows Virtual Desktop and get the most out of existing virtualization investments.

• Starting today, Citrix can extend Windows Virtual Desktop worldwide, including support for Windows 10 multi-session, Windows 7 with free Extended Security Updates for up to three years, and support for Windows Server 2008 R2 with free Extended Security Updates on Azure.
• Later this year, VMware Horizon Cloud on Microsoft Azure will extend Windows Virtual Desktop and its benefits, such as Windows 10 Enterprise multi-session and support for Windows 7 with free Extended Security Updates for up to three years. Preview will be available by the end of the calendar year.
• We also engaged with hardware partners, system integrators (SI), who provide turnkey desktop-as-a-service (DaaS) offerings, and value-added solution providers, who add capabilities such as printing, application layering, assessment, and monitoring on Azure Marketplace. Learn more about Windows Virtual Desktop partners on the documentation page.

General availability of Windows Virtual Desktop is just the beginning. We’ll continue to rapidly innovate and invest in desktop and app virtualization. We look forward to sharing more with you in the coming months. In the meantime, learn more on our product page and get started with Windows Virtual Desktop today.

If you’re a partner and want to learn more about Windows Virtual Desktop, visit the Azure Partner Zone page for Windows Virtual Desktop.

The post Windows Virtual Desktop is now generally available worldwide appeared first on Microsoft 365 Blog.

Savvy financial institutions are now moving beyond this paradigm and employing a modern approach to cybersecurity—the Zero Trust model. The central tenet of a Zero Trust model is to trust no one—internal or external—by default and require strict verification of every person or device before granting access.

The castle’s perimeters continue to be important, but instead of just pouring more and more investment into stronger walls and wider moats, a Zero Trust model takes a more nuanced approach of managing access to the identities, data, and devices within the proverbial castle. So, whether an insider acts maliciously or carelessly, or veiled attackers make it through the castle walls, automatic access to data is not a given.

Limitations of a castle-and-moat approach

When it comes to safeguarding today’s enterprise digital estate, the castle-and-moat approach has critical limitations because the advent of cyberthreats has changed what it means to ward and protect. Large organizations, including banks, deal with dispersed networks of data and applications accessed by employees, customers, and partners onsite or online. This makes protecting the castle’s perimeters more difficult. And even if the moat is effective in keeping enemies out, it doesn’t do much for users with compromised identities or other insider threats that lurk within the castle walls.

The practices below are all sources of exposure and are common in banks that rely on a castle-and-moat approach to security:

• A single annual review of staff access rights to applications.
• Ambiguous and inconsistent access rights policies dependent on manager discretion and insufficient governance when staff moves occur.
• Overuse of administrative privileged accounts by IT.
• Customer data stored in multiple file shares and little idea who has access to it.
• Overreliance on passwords to authenticate users.
• Lack of data classification and reporting to understand what data is where.
• Frequent use of USB flash drives to transfer files that include highly sensitive data.

How a Zero Trust model empowers bankers and customers

The benefits of a Zero Trust approach have been well documented, and a growing number of real-world examples show that this approach could have prevented sophisticated cyberattacks. However, many banks today still adhere to practices that diverge from Zero Trust principles.

Adopting a Zero Trust model can help banks strengthen their security posture, so they can confidently support initiatives that give employees and customers more flexibility. For example, bank executives would like to untether their customer-facing employees—such as relationship managers and financial advisors—from their desks and meet clients outside bank premises. Today, many financial institutions support this geographic agility with analog tools like paper printouts or static views of their counsel. However, both bank employees and customers have come to expect a more dynamic experience using real-time data.

Banks that rely on a castle-and-moat approach to security are hesitant to disperse data outside the physical network. As such, their bankers and financial advisors can only tap the dynamic models of proven and disciplined investment strategies if their client meetings take place on bank premises.

Historically, it’s been cumbersome for bankers or financial advisors on the go to share real-time model updates or actively collaborate with other bankers or traders, at least not without VPNs. Yet, this agility is an important driver of sound investment decisions and customer satisfaction. A Zero Trust model enables a relationship manager or an analyst to harness insights from market data providers, synthesize with their own models, and dynamically work through different client scenarios whenever and wherever.

The good news is this is a new era of intelligent security—powered by the cloud and Zero Trust architecture—that can streamline and modernize security and compliance for banks.

Microsoft 365 helps transform bank security

With Microsoft 365, banks can make immediate steps towards a Zero Trust security by deploying three key strategies:

• Identity and authentication—First and foremost, banks need to ensure that users are who they say they are and give access according to their roles. With Azure Active Directory (Azure AD), banks can use single sign-on (SSO) to enable authenticated users to connect to apps from anywhere, enabling mobile employees to access resources securely without compromising their productivity.

Banks can also deploy strong authentication methods such as two-factor or passwordless Multi-Factor Authentication (MFA), which can reduce the risk of a breach by 99.9 percent. Microsoft Authenticator supports push notifications, one-time passcodes, and biometrics for any Azure AD connected app.

For Windows devices, bank employees can use Windows Hello, a secure and convenient facial recognition feature to sign in to devices. Finally, banks can use Azure AD Conditional Access to protect resources from suspicious requests by applying the appropriate access policies. Microsoft Intune and Azure AD work together to help make sure only managed and compliant devices can access Office 365 services including email and on-premises apps. Through Intune, you can also evaluate the compliance status of devices. The conditional access policy is enforced depending on the compliance status of the device at the time that the user tries to access data.

Conditional access illustration.

• Threat protection—With Microsoft 365, banks can also bolster their ability to protect, detect, and respond to attacks with Microsoft Threat Protection’s integrated and automated security. It leverages one of the world’s largest threat signals available from the Microsoft Intelligent Security Graph and advanced automation powered by artificial intelligence (AI) to enhance incident identification and response, enabling security teams to resolve threats accurately, efficiently, and promptly. The Microsoft 365 security center provides a centralized hub and specialized workspace to manage and take full advantage of Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management.

The Microsoft 365 security center.

• Information protection—While identity and devices are the primary vectors of vulnerability for cyberattacks, data is what cybercriminals ultimately want. With Microsoft Information Protection, banks can improve their protection of sensitive information—wherever it lives or travels. Microsoft 365 enables customers to 1) identify and classify their sensitive data; 2) apply flexible protection policies; and 3) monitor and remediate sensitive data at risk.

Example of a classification and protection scenario.

Simplify security management with Zero Trust

Microsoft 365 helps simplify the management of security in a modern Zero Trust architecture, leveraging the visibility, scale, and intelligence necessary to combat cybercrime.

As you consider how to safeguard your modern “castle,” a Zero Trust environment is optimal for modern cybersecurity threats. A Zero Trust environment requires up-to-the-minute oversight of who is accessing what, where, and when—and whether they should even have access.

Microsoft 365 security and compliance capabilities help organizations verify before they trust a user or device. Microsoft 365 also offers a complete teamwork and productivity solution. Altogether, Microsoft 365 provides a comprehensive solution to help bank executives focus on customers and innovation.

The post Why banks are adopting a modern approach to cybersecurity—the Zero Trust model appeared first on Microsoft 365 Blog.

Here’s a look at what’s new in July.

Strengthen security while simplifying processes

New capabilities help you protect against, discover, and remediate cybersecurity threats.

Go passwordless to reduce risk and improve account security—This month, we announced the public preview of FIDO2 security keys support in Azure AD. Now, with FIDO2 technologies, you can provide users with seamless, secure, and passwordless access to all Azure AD-connected apps and services. Additionally, administrators can assign passwordless credentials to users and groups and allow self-service sign-up. To get started, check out our step-by-step documentation on enabling passwordless sign-in for Azure AD.

Discover, prioritize, and remediate vulnerabilities in real-time—Last month, we announced the general availability of Microsoft Threat & Vulnerability Management (TVM). TVM delivers a new set of advanced, agentless, cloud-powered capabilities that provide continuous, real-time, risk-based vulnerability management. If you already have Microsoft Defender ATP, the TVM solution is now available within your Microsoft Defender ATP portal. If you don’t have a subscription, you can sign up for a trial of Microsoft Defender ATP including TVM.

Improve productivity and collaboration

New capabilities in Microsoft 365 help you collaborate easily with others, organize tasks, and quickly find answers.

Communicate and collaborate more easily with new capabilities in Microsoft Teams—This month, we added new capabilities to Teams including Read receipts and Priority notifications to help ensure time-sensitive messages are received and prioritized. We also announced the new Announcements feature to highlight important news and now post a single message across multiple channels.

Finally, the new time clock feature in Teams for Firstline Workers brings clock in/out capabilities to the Team Shifts module. And the targeted communication feature enables messages to be sent to everyone within a specific role—such as sending a message to all cashiers in a store or all nurses in a hospital.

These updates for Teams will be rolling out over the next couple of months.

Add polls to your Outlook emails and book meeting rooms with Outlook on the web—This month, we’re announcing two new generally available features in Outlook on the web. With Microsoft Quick Poll, you can now add polls directly to your Outlook emails, so recipients can vote directly in the email or click the provided link and vote in a browser window. To get started, download the Quick Poll add-in for Outlook.

Additionally, you can now easily book meeting rooms in Outlook on the web. When creating a meeting, you can quickly see which rooms are available, search by city or room, and view rooms that are available during recurring events.

Make answers in Yammer more discoverable—Now, questions in Yammer will stand out from general discussions with new, unique styling. Post authors and group admins can also mark the best response to questions as a “Best Answer,” making it easier for users to find answers. These changes are currently in private preview and will roll out to all Office 365 subscribers later this summer.

Work together on tasks in Microsoft To-Do—Now, you can assign a task to someone on a shared To-Do list and work together to knock out tasks more quickly. To get started, just @mention someone to assign them a task, and everyone on the shared list will be able to see it.

Streamline IT management

Data-driven tools help you deliver seamless software deployments and improvements for Office in virtualized environments.

Improve the quality and reliability of software deployments—This month, we announced the public preview of Desktop Analytics, a cloud-based service that provides intelligence for you to make more informed decisions about the update readiness of your Windows clients ahead of new Windows 10 deployments. In combination with System Center Configuration Manager, Desktop Analytics is designed to create an inventory of the Windows apps running in the organization and assess app compatibility with the latest feature updates of Windows 10. Desktop Analytics is currently offered as an Office 365 service and requires an Office 365 subscription in your Azure AD tenant. To get started, enable Desktop Analytics in the Configuration Manager console.

Improve the Office app experience in virtual environments—This month, we announced new capabilities to help improve the user experience in virtualized environments. First, FSLogix technology, which improves the performance of Office 365 ProPlus in multi-user virtual environments, is now available at no additional cost for Microsoft 365 customers. Second, Windows Server 2019 will now support Office 365 ProPlus and OneDrive Files On-Demand in the coming months. Lastly, Outlook, OneDrive, and Teams are getting new capabilities to improve the user experience in a virtualized environment.

Drive digital transformation with new Microsoft cloud regions—Microsoft Office 365 services are now available from our new cloud regions located in South Africa and the United Arab Emirates (UAE). These local datacenters open the door for more organizations to embrace the benefits of the cloud with resilient cloud services that can help meet data residency, security, and compliance needs.

Other updates

• Teams is now included in the monthly Office 365 updates for existing customers and will begin rolling out to existing installations over several weeks.
• We retired the “Online” branding for the Office apps on the web. You’ll see this change reflected in the product experience in places such as the app headers, platform-specific commands, and help menus. This change reinforces that Office is a cloud-connected experience, which you can use through apps on the desktop, web, or mobile devices.
• We recently announced OneDrive Personal Vault, a protected area in OneDrive that you can only access with a strong authentication method or second step of identity verification.
• These five Outlook mobile tips and tricks can help small business owners save time and get more done quickly.

The post New to Microsoft 365 in July—updates to Azure AD, Microsoft Teams, Outlook, and more appeared first on Microsoft 365 Blog.

Office 365, delivered from local datacenters in South Africa, helps our customers enable the modern workplace and empower their employees with real-time collaboration and cloud-powered intelligence while maintaining security, compliance, and in-country customer data residency. The addition of South Africa as a new geography for Office 365 increases the options for secure, cloud productivity services combined with customer data residency in 16 geographies across the globe along with three additional geographies also announced.

In-country data residency for core customer data helps Office 365 customers meet regulatory requirements, which is particularly important and relevant in industries such as healthcare, financial services, and government—where organizations need to keep specific data in-country to comply with local requirements. Customer data residency provides additional assurances regarding data privacy and reliability for organizations and enterprises. Core customer data is stored only in their datacenter geography (Geo)—in this case, the cloud datacenters within South Africa.

Customers like Altron and the Gauteng Provincial Government have used Office 365 to transform their workplaces. This latest development will enable them—and other organizations and enterprises adopting Office 365—to ramp up their digital transformation journey.

“Altron is committed to improving our infrastructure and embracing a strategy to become a cloud-first company to better serve our customers and empower our employees through modern collaboration. We’ve noticed a tangible difference since making the move to Office 365.”
—Debra Marais, Lead, IT Shared Services at Altron

“Office 365 is driving our modernization journey of Government ICT infrastructure and services by allowing us to develop pioneering solutions at manageable costs and create overall improvements in operations management, all while improving transparency and accountability.”
—David Kramer, Deputy Director General, ICT at Gauteng Provincial Government

Microsoft recently became the first global provider to deliver cloud services from the African continent with the opening of our new cloud datacenter regions. Office 365 joins Azure to expand the intelligent cloud service available from Africa. Dynamics 365 and Power Platform, the next generation of intelligent business applications, are anticipated to be available in the fourth quarter of 2019.

By delivering the comprehensive Microsoft cloud—which includes Azure, Office 365, and Dynamics 365—from datacenters in a given geography, we offer scalable, available, and resilient cloud services to companies and organizations while meeting customer data residency, security, and compliance needs. We have deep expertise in protecting data and empowering customers around the globe to meet extensive security and privacy requirements, including offering the broadest set of compliance certifications and attestations in the industry.

The new cloud regions in South Africa are connected to Microsoft’s other regions via our global network, one of the largest and most innovative on the planet—spanning more than 100,000 miles (161,000 kilometers) of terrestrial fiber and subsea cable systems to deliver services to customers. Microsoft is bringing the global cloud closer to home for African organizations and citizens through our trans-Arabian paths between India and Europe, as well as our trans-Atlantic systems, including Marea, the highest capacity cable to ever cross the Atlantic.

We’re committed to accelerating digital transformation across the continent through numerous initiatives and also recently announced Microsoft’s first Africa Development Centre (ADC), with two initial sites in Nairobi, Kenya and Lagos, Nigeria. The ADC will serve as a premier center of engineering for Microsoft, where world-class African talent can create solutions for local and global impact. With our new cloud datacenter regions, the ADC, and programs like 4Afrika, we believe Africa is poised to develop locally and scale for global impact better than ever before.

Learn more about Office 365 and Microsoft in the Middle East and Africa.

The post Microsoft Office 365 now available from new South Africa cloud datacenters appeared first on Microsoft 365 Blog.

Here’s a look at what’s new in June.

Secure your organization

New capabilities help you protect your company’s data, monitor access, and improve your security posture.

Discover Shadow IT with Cloud App Security—Discover the apps and services that are running on top of your IaaS and PaaS subscriptions, whether they are running on Microsoft Azure, Amazon Web Services, or Google Cloud Platform. Gain visibility into those apps and services, including which users are accessing them, transactions, IP addresses, and how much traffic is being transmitted. To get started, click the Discovered resources tab in the Cloud App Security portal or start a free trial today.

Manage how company resources are accessed—This month, we announced the availability of Azure AD Conditional Access policies for Microsoft 365 Business, designed for small and medium-sized business subscribers. These policies help you maintain control over your Office 365 environment and how your company resources are accessed. For example, you can define a conditional access policy that evaluates sign-in connections from mobile devices to Exchange Online, and requires employees use Outlook for iOS or Android to successfully access their work email and calendar. Microsoft 365 Business customers can enable Conditional Access policies via Azure AD.

Improve your organization’s identity security with tailored recommendations—Identity Secure Score, now generally available, helps you discover opportunities to improve your organization’s identity security. Recommendations are coupled with the guidance and workflows necessary to help security administrators implement the recommendations. Navigate to Identity Secure Score in the Azure portal to get started.

Tackle tough compliance obligations with powerful new capabilities

New features in Microsoft 365 help you meet compliance requirements.

Avoid conflicts of interest with information barriers in Teams—You can now limit the disclosure of information by restricting communications between groups of users in Teams with information barriers. This is particularly helpful for organizations that need to adhere to ethical wall requirements and other related industry standards and regulations, such as preventing the sales department from talking with research teams. Check out the documentation on how to define policies for information barriers to get started today.

Meet data residency requirements with Yammer—Yammer now offers local data residency to help organizations in the EU meet data residency requirements. This feature is available to all new Office 365 customers associated with a tenant in the EU. In the coming months, Yammer content will also show up in eDiscovery searches, bringing advanced security and compliance capabilities to Yammer groups connected to Office 365 Groups.

Address data residency needs with Office 365 Multi-Geo Capabilities—Starting this month, the minimum seat requirement for Multi-Geo Capabilities in Office 365 will be reduced from 2,500 seats to 500 seats. This licensing update brings Multi-Geo Capabilities to a wider range of organizations looking to address their regional, industry-specific, or organizational data residency requirements.

Improve your workflow

New features across Microsoft 365 help you streamline collaboration and document creation so you can save time.

Create professional presentations using your company’s branded templates with Designer in PowerPoint—Earlier this month, we announced several new updates to PowerPoint. Designer now works with company-branded templates, helping people create on-brand presentations with ease. Additionally, just by adding text on a slide, Designer now recommends high-quality photo backgrounds that are fully licensed for commercial use, along with theme styles and complementary colors for your presentation. Support for branded templates is available to Office 365 Insiders on Windows 10 and Mac, and the theme updates are rolling out to all Office 365 subscribers.

Quickly find documents and view previous versions seamlessly across your devices—This month, we announced that our Microsoft Office desktop apps now support Recommended Documents, which provides you with a curated set of documents to help you find files and get back to work quickly. Recommended Documents is available now on iOS and Mac with Win32 rolling out now. We also announced that we’re bringing Version History to Office for the web, enabling you to see what changes have occurred and revert to an earlier version if necessary. Version History is rolling out now, starting with PowerPoint on the web.

Stay in the creative flow with inking in Outlook—We are bringing the inking capability from Word, Excel, PowerPoint, and OneNote to Outlook for Windows. Inking in Outlook enables you to use your digital pen or finger to annotate and make notes. You can also easily mark up photos and images directly in your emails. To get started, select the Draw tab on the ribbon to see all your new pens and start inking.

Share your most recently used files in Outlook for iOS—You can now share your most recently used files in Outlook for iOS, creating a coherent experience with files in your Office 365 apps and services, your most recently used files from SharePoint and iCloud, and local files on your iOS device. You can continue to share files through email from OneDrive for Business, OneDrive, Google Drive, Box, and Dropbox cloud storage. Additionally, if you choose to add a link in your email rather than attach a file, the permissions to access it will align automatically with those set by your company. This feature is rolling out to iOS users now.

Other updates

• The Microsoft To-Do app is now available in the Mac app store—download to get started.
• Now you can give collaborators a “thumbs up” in Microsoft Whiteboard to show you like others’ content. This feature will be available in Microsoft Whiteboard for Windows 10 and iOS in the next few weeks.
• Excel now pulls Nasdaq and Refinitiv data, including current financial information for the full range of U.S. exchange-listed equities—like stocks on the Nasdaq Stock Market—right into the Excel Stocks Data Type.
• Azure AD now supports a maximum password length of 256 characters, which can help you improve the security of your organization by making your passwords harder to hack.

The post New to Microsoft 365 in June—updates to Microsoft Cloud App Security, PowerPoint, Outlook, and more appeared first on Microsoft 365 Blog.

Here’s a look at what’s new in April.

Assess and reduce risk and protect sensitive data

We’re releasing new solutions designed to help you assess your compliance risk and manage policies to protect sensitive data both inside and outside of your organization.

Manage sensitive and high-risk data—Today, we announced the availability of several new compliance capabilities to give you more control over data privacy across your organization. Compliance Manager now allows you to create custom risk assessments of any application used by your organization. Office 365 Advanced Message Encryption enables admins to revoke and expire encrypted emails. Additionally, the new data investigation capability in the Office 365 Security and Compliance Center enables you to search for high-risk content, such as phishing emails and leaked sensitive data, and take actions to remediate risks.

Address data residency needs with Multi-Geo Capabilities in Office 365—Multi-Geo Capabilities now enables customers to control where SharePoint Team sites and Office 365 Groups content are stored at rest, in addition to Exchange and OneDrive data. Multi-Geo Capabilities helps multinational companies address their regional, industry-specific, or organizational data residency requirements in Office 365 by enabling them to control where each employee’s Office 365 content is stored at rest. Contact your Microsoft representative for more information.

Deploy security policies tailored to your organization’s security needs—Security Policy Advisor is a new service that uses behavior-based analysis to help IT admins quantify the risks and benefits of applying a tailored policy and then monitor policy health over time. Admins can also deploy policies with one click and easily update or even roll back policies. Together, these capabilities help IT admins streamline their workflow and manage across their policies. This service is now available as a preview for all organizations with Office 365 ProPlus. To get started, administrators can visit the Office client management portal.

Improve your security posture with Azure AD Password Protection—Earlier this month, we announced that Azure AD Password Protection is now generally available. Azure AD Password Protection proactively helps users avoid choosing weak and vulnerable passwords, lowering the risk of being compromised by a password spray attack. To get started, sign in to the Azure Portal with a global administrator account.

Reach and engage more people

New capabilities help you connect with more people and create more engaging content across multiple languages.

Connect and engage both inside and outside of your organization with Microsoft Kaizala—Earlier this month, we announced that Microsoft Kaizala, a simple and secure work management and messaging app, is rolling out to Office 365 customers globally and will become part of Microsoft Teams over the next 12–18 months. Kaizala enables you to securely connect and engage with large groups outside your organization’s directory—including contract workers, vendors, partners, and customers—using a phone number-based identity for easy onboarding and a simple mobile user experience. You can download Microsoft Kaizala today from the iOS and Android stores.

Break down language barriers with multi-language support for Editor in PowerPoint—Receive suggestions on grammar, word choice, and conciseness regardless of which languages are included on your slides. Editor in PowerPoint even supports multiple languages on the same slide—perfect for all-hands, global presentations, lesson plans, and inclusive learning. Multi-language support for Editor in PowerPoint will begin rolling out to Office Insiders this month.

Other updates

• IT administrators can now determine the level of diagnostic and related data that Office sends to Microsoft to help ensure your Office apps are up to date, secure, and performing as expected.
• A new Mini toolbar in OneNote now appears above text when content is highlighted with contextual formatting tools for faster editing.
• There are now nearly 350 new icons to choose from when you insert an icon throughout Office 365, including new categories like accessibility, holidays, and process.
• We released new 3D guidelines in Office 365 to help designers and professionals create custom 3D objects that are compatible with the Office ecosystem.

The post New to Microsoft 365 in April—new tools to streamline compliance and make collaboration inclusive and engaging appeared first on Microsoft 365 Blog.

Today, we move to the next phase and announce the public preview of Microsoft Windows Virtual Desktop. Now, all customers can access this service—the only service that delivers simplified management, a multi-session Windows 10 experience, optimizations for Office 365 ProPlus, and support for Windows Server Remote Desktop Services (RDS) desktops and apps. With Windows Virtual Desktop, you can deploy and scale your Windows desktops and apps on Azure in minutes and enjoy built-in security.

Through our private preview, we had the chance to work closely with customers and partners to help shape this new service. It has been rewarding to see the results so far—a great example being at X5 Music Group, a Warner Music Group company.

“Within the music industry, we have to access, manage, and store large volumes of complex metadata securely. Windows Virtual Desktop is a great way of bringing data-heavy applications into our cloud platform without the need to rewrite the application. Windows Virtual Desktop also provides several additional benefits, such as making it really easy to scale the number of users while minimizing the attack surface of our applications.”
—Klas Broman, CTO and Developer Lead, X5 Music Group

As we start public preview, we’ll continue listening and taking feedback, to ensure we’re meeting your needs as we head toward general availability in the second half of calendar year 2019.

With the end of extended support for Windows 7 coming up in January 2020, we also understand some customers need to continue to support Windows 7 legacy applications as they migrate to Windows 10. To support this need, you’ll soon be able to use Windows Virtual Desktop to virtualize Windows 7 desktops with free Extended Security Updates (ESU) until January 2023. This support provides a comprehensive virtualization solution for Windows 7 alongside your Windows 10 and Windows Server desktops and apps.

Solutions to extend Windows Virtual Desktop

In November 2018, we acquired FSLogix, a next-generation app-provisioning platform that reduces the resources, time, and labor required to support desktop and app virtualization. FSLogix technologies enable faster load times for non-persistent users accessing Outlook or OneDrive. FSLogix technology will support both client and server RDS deployments—helping on-premises customers more easily migrate to Windows Virtual Desktop and providing a great solution for customers in hybrid scenarios.

Windows Virtual Desktop will also be extended and enriched by leading partners in the following ways:

• Citrix can extend Windows Virtual Desktop capabilities with their Citrix Cloud services.
• Through our partnership with Samsung, Windows Virtual Desktop will provide highly mobile Firstline Workers access to a full Windows 10 and Office 365 ProPlus experience with Samsung DeX.
• Software and service providers will extend Windows Virtual Desktop to offer targeted solutions in the Azure marketplace.
• Microsoft Cloud Solution Providers (CSPs) will deliver end-to-end desktop-as-a-service (DaaS) offerings and value-added services to their customers.

Access to Windows Virtual Desktop

To deploy and manage your virtualization environment, you just need to set up an Azure subscription. You can choose the type of virtual machines (VMs) and storage you want to suit your environment. You can optimize costs by taking advantage of Reserved Instances (up to 72 percent discount) and by using multi-session Windows 10.

For users accessing the Windows 10 and Windows 7 desktops and apps, there’s no additional cost if you’re an existing Microsoft 365 F1/E3/E5, Windows 10 Enterprise E3/E5, or Windows VDA customer. For Windows Server desktops and apps, there’s no additional cost if you’re an existing Microsoft RDS Client Access License (CAL) customer.

Get started with the public preview of Windows Virtual Desktop

Windows Virtual Desktop is comprised of the Windows desktops and apps you’re delivering to users and the management solution hosted as a service on Azure by Microsoft. During public preview, desktops and apps can be deployed on VMs in any Azure region, and the management solution and data for these VMs will reside in the United States (US East 2 region). This may result in data transfer to the United States while you test the service in public preview.

We’ll start to scale out the management solution and data localization to all Azure regions starting at general availability. For more information on getting started, considerations for optimal deployment guidance, and to provide feedback as you preview the service, please visit the Windows Virtual Desktop preview page.

The post Announcing the public preview of Windows Virtual Desktop appeared first on Microsoft 365 Blog.

Here’s a look at what’s new in February.

Stay ahead of threats and collaborate securely

New features and services help you better manage a complex threat landscape and communicate and collaborate securely.

Extend your security team’s capability with Microsoft Threat Experts—Our new managed threat-hunting service, called Microsoft Threat Experts, helps you proactively hunt and prioritize threats to get the most out of Windows Defender Advanced Threat Protection (ATP). The service provides access to world-class experts who can help you work through tough investigation challenges with the new Ask a Threat Expert button. Go to your Windows Defender ATP settings to apply for the public preview.

Empower healthcare professionals to securely communicate and collaborate—This month, we announced new capabilities in Microsoft Teams that enable secure messaging and collaboration workflows for healthcare organizations. Priority notifications enable clinicians to focus on urgent messages to manage patient care. In addition, the ability to integrate FHIR-enabled electronic health records (EHR) data with Teams enables clinicians to securely access patient records, chat with other team members, and even start a video meeting—all in one hub for teamwork. These capabilities are now in private preview; visit the Microsoft 365 and health page and partner site to learn more about how Teams and Microsoft 365 can empower your healthcare teams.

Move confidently to the modern desktop and cloud with Desktop App Assure and Microsoft FastTrack—Our new service from Microsoft FastTrack, Desktop App Assure, provides app compatibility services for Windows 10 and Office 365 ProPlus. FastTrack also now offers guidance on how to configure Exchange Online Protection, Office 365 Advanced Threat Protection, Office 365 Message Encryption, and Data Loss Prevention policies. These services are now globally available to eligible customers with more than 150 seats at no additional cost. Sign in to Microsoft FastTrack and complete a Request for Assistance form to get started.

Get security alerts for your Microsoft account on your phone—Receive security notifications for important events on your personal Microsoft account now via the Microsoft Authenticator app. When you receive a push notification, you can quickly view your account activity and take actions to protect your account if needed. Microsoft Authenticator can also be used to add two-step verification to your account for added security. To get started, download the Microsoft Authenticator app and add your personal account.

Manage tasks and capture data with ease

New features expand capabilities to easily access all your apps and files, capture and convert data, and add context to your tasks.

Jump into your work quickly with the new Office app for Windows 10—The new, free Office app provides a simple experience to get started with and get the most out of Office. Anyone who signs in with a work, school, or personal Microsoft Account can use it to quickly access all the apps available to them and their most relevant files and documents. Organizations can also take advantage of the ability to integrate third-party apps, enable users to search for documents and people across the organization, and customize the experience with their own branding. The Office app can be downloaded from the Microsoft Store, requires a current version of Windows 10, and works with any Office 365 subscription, Office 2019, Office 2016, and Office.

Add data to Excel directly from a photo—Using the Excel app, you can take a picture of a printed data table on your Android device and automatically convert the picture into a fully editable table in Excel. This new image recognition functionality eliminates the need for you to manually enter hardcopy data. This capability is starting to roll out for the Excel Android app with iOS support coming soon.

Quickly add photos and files to tasks in Microsoft To-Do—Attach files and photos to help make tasks more actionable with added context. This highly requested feature is now available on all platforms and syncs across your devices, so you can take your new file-attached tasks on the go.

Other updates

• New one-time passcodes (OTP) from Azure Active Directory (Azure AD) make sharing and collaboration seamless for any user with any account.
• Azure AD now supports automated user provisioning from Workday, enabling fast and efficient identity creation, so employees can access their Microsoft 365 apps and all other critical resources on day one.
• Starting this month, the Teams desktop app will be installed along with the rest of the Office 365 ProPlus apps for all new installs.
• Updates to the SharePoint Migration Tool make it even easier to bring your information to the cloud, with improvements like the ability to migrate web parts, pages, and site navigation.

The post New to Microsoft 365 in February—advancing security and empowering a modern workplace appeared first on Microsoft 365 Blog.

A big driver of customer adoption of Microsoft 365 is the need for security and compliance solutions in an age of increasingly sophisticated cybersecurity threats, as well as complex information protection needs due to regulations like the General Data Protection Regulation (GDPR). To help address these needs, we are introducing two new Microsoft 365 security and compliance offerings that will be available for purchase on February 1, 2019.

• Identity & Threat Protection—This new package brings together security value across Office 365, Windows 10, and EMS in a single offering. It includes best of breed for advanced threat protection services including Microsoft Threat Protection (Azure Advanced Threat Protection (ATP), Windows Defender ATP, and Office 365 ATP including Threat Intelligence), as well as Microsoft Cloud App Security and Azure Active Directory. This offer will be available for $12 per user per month.*
• Information Protection & Compliance—This new package combines Office 365 Advanced Compliance and Azure Information Protection. It’s designed to help compliance and IT teams perform ongoing risk assessments across Microsoft Cloud services, automatically protect and govern sensitive data throughout its lifecycle, and efficiently respond to regulatory requests leveraging intelligence. This offer will be available for $10 per user per month.*

All the value in these new offers remains available as part of the full Microsoft 365 E5 suite, which also includes business analytics and our enterprise grade phone system and audio conferencing. The full Microsoft 365 E5 suite includes not only security and compliance capabilities, but also offerings in business analytics featuring Power BI, and communications with audio conferencing and advanced phone system value. Additionally, customers can continue to purchase security and compliance components on a standalone basis.

There are no price increases or service impacts associated with any of these changes. The new Identity & Threat Protection and Information Protection & Compliance offerings are designed to provide customers with simpler purchase, deployment, and adoption of these security and compliance workloads.

As we speak to customers about the future of work, we know security and compliance are some of the highest organizational priorities and we hope these new offerings will help them achieve their security and compliance goals.

*Pricing for Microsoft 365 E3 customers before volume discounts.

The post Introducing new advanced security and compliance offerings for Microsoft 365 appeared first on Microsoft 365 Blog.

Every day, everyone in the Microsoft Identity Division comes to work focused on helping you, our customers, make your employees, partners, and customers more productive and to make it easier for you to securely manage access to your enterprise resources.

So, I was pretty excited to learn that Microsoft was recently recognized as a 2018 Gartner Peer Insights Customers’ Choice for Access Management, Worldwide.

In the announcement, Gartner explained, “The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate.

Receiving this recognition is incredibly energizing. It’s a strong validation that we’re making a positive impact for our customers and that they value the innovations we added to Azure Active Directory (Azure AD) this year.

To receive this recognition, a vendor must have a minimum of 50 published reviews with an average overall rating of 4.2 stars or higher.

Here are few quotes from the reviews our customers wrote for us:

“Azure AD is fast becoming the single solution to most of our identity and access problems.”
—Enterprise Security Architect in the Transportation Industry. Read full review.

“Azure Active Directory is making great strides to become a highly available and ubiquitous directory service.”
—Chief Technology Officer in the Services Industry. Read full review.

“[Microsoft] has been a great partner in our implementing an identity solution [that] met the needs of our multiple agencies and provided us with a roadmap to continue to move forward with SSO and integration of our legacy and newly developed application. We were also able to set a standard for our SaaS application authentication and access.”
—Director of Technology in the Government Industry. Read full review.

Read more reviews for Microsoft.

Today, more than 90,000 organizations in 89 countries use Azure AD Premium and we manage over eight billion authentications per day. Our engineering team works around the clock to deliver high reliability, scalability, and satisfaction with our service, so being recognized as a Customers’ Choice is pretty motivating for us. It’s been exciting to see the amazing things many of our customers are doing with our identity services.

On behalf of everyone working on Azure AD, I want to say thank you to our customers for this recognition! We look forward to building on the experience and trust that led to us being named a Customers’ Choice!

The Gartner Peer Insights Customers’ Choice logo is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice distinctions are determined by the subjective opinions of individual end-user customers based on their own experiences, the number of published reviews on Gartner Peer Insights, and overall ratings for a given vendor in the market, as further described here, and are not intended in any way to represent the views of Gartner or its affiliates.

Best Regards,

Alex Simons (@Twitter: @Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division

The post Microsoft named a 2018 Gartner Peer Insights Customers’ Choice for Access Management appeared first on Microsoft 365 Blog.

Microsoft 365 is growing quickly, built on the strength of more than 135 million commercial monthly Office 365 users. Windows 10 has approximately 200 million commercial devices in use, and there is an install base of over 82 million for Enterprise Mobility + Security (EMS). Today, at the Microsoft Ignite Conference in Orlando, Florida, we are introducing new capabilities in Microsoft 365 that make it possible for every person to do their best work.

1. Microsoft Teams is the fastest growing business app in Microsoft history

After less than two years in market, more than 329,000 organizations worldwide use Microsoft Teams, including 87 of the Fortune 100 companies. In fact, 54 customers now have more than 10,000 active users of Teams, and Accenture just crossed the 100,000 active-user mark in Teams. Further growth has been spurred by the recently announced free version of Teams.

We continue to add powerful new capabilities to foster teamwork and collaboration. New artificial intelligence (AI) powered meeting features are now generally available—including background blur and meeting recording. Background blur uses facial detection to blur your background during video meetings, and meeting recording allows you to playback recorded meeting content at any time with captions and a searchable, timecoded transcript.

General availability of new live event capabilities will begin to roll out worldwide in Microsoft 365 later this year. These new tools allow customers to create and stream live and on-demand events in Teams, Yammer and Microsoft Stream to inform and engage customers and employees, wherever they are. Beginning in October, employees can watch videos on the go with the Stream mobile app for iOS and Android, with support for offline viewing. And we’re working with our ecosystem of device partners to deliver new devices optimized for Teams meetings and calling, including the new Surface Hub 2. Surface Hub 2 is perfect for dynamic teamwork and features a light, sleek, and intelligent design that’s easy to move around and fit in any workspace. The first phase of Surface Hub 2, Surface Hub 2 S, will start shipping in the second quarter of 2019.

Blur your background during meetings.

2. Extend the power of Teams to empower workers in all roles and across industries

As an example of how Teams can enable secure workflows for regulated industries, we’re delivering a new care coordination solution, now available in private preview, that gives healthcare teams a secure hub for coordinating care across multiple patients. It provides for integration with electronic health records (EHR) systems and enables care providers to communicate about patient care in real-time within Teams’ secure platform. We are also releasing two new secure messaging features with particular relevance in healthcare settings—image annotation, now generally available, and priority notifications, which will roll out by the end of this year to all Teams commercial customers. These capabilities support HIPAA compliance and enable doctors, nurses, and other clinicians to communicate about patients while avoiding the privacy risks that arise when healthcare professionals use consumer chat apps.

Easily swap shifts, request time off, and see who else is working.

3. Find what you need faster with Microsoft Search

Microsoft Search, a new cohesive search capability, makes it easier for you to find what you need without leaving the flow of your work. We’re putting the search box in a consistent, prominent place across Edge, Bing, Windows, and Office apps, so that search is always one click away. We’re also supercharging the search box so you can not only quickly find people and related content, but you can also access commands for apps and navigate to other content wherever you need to get work done—even before you start typing in the search box. Recognizing that you work in an ecosystem of information, we’re extending Microsoft Search to connect across your organization’s data, inside and outside of Microsoft 365. Learning from your everyday work patterns and acting as a brain for your organization, the Microsoft Graph personalizes your experiences everywhere. We’re pulling together the power of the Microsoft Graph and AI technology from Bing to deliver future experiences that are more relevant to what you are working on. This will include automatically answering questions such as “Can I bring my wife and kids on a work trip?” by using machine reading comprehension that takes knowledge of the world and pairs it with understanding of your organization’s documents. Preview the Microsoft Search capability it as it rolls out to Office.com, Bing.com, and in the SharePoint mobile app today, with many more experiences to come in Edge, Windows, and Office.

Find what you need faster with Microsoft Search.

4. Create content that stands out with Microsoft 365

Three new features in Microsoft 365 use the power of AI to help you create content that shines. Ideas is a new feature that follows along as you create a document and makes intelligent suggestions. In PowerPoint, Ideas recommends designs, layouts, and images. In Excel, Ideas recognizes trends, suggests charts, and identifies outliers in your data. Ideas is generally available in Excel today and will begin rolling out in preview to the other apps starting with PowerPoint Online. Additionally, new data types in Excel turn references to stocks and geographies into rich entities that can be used to build powerful, interactive spreadsheets. The Stocks and Geography data types are generally available today and make it easy to get updated stock prices, company information, population, area, and more. Finally, new image recognition capabilities in Excel take a picture of a hand-drawn or printed data table and turn it into an Excel spreadsheet, making data entry as easy as taking a picture.

In PowerPoint, Ideas recommends designs, layouts, and images for your presentation.

5. Office loves the Mac

Office empowers everyone to achieve more on any device. And Office loves the Mac. We’re committed to the Mac as a first-class endpoint and have made significant investments in the platform over the past year—including moving the Mac and Windows versions of the apps onto a single code base and releasing new features for the Mac every month. We also tailored new experiences for the Mac, like the new Touch Bar integration.

Today, we’re announcing OneDrive Files On-Demand for Mac, a way to access all your personal and work files from the cloud in Finder without using storage space and only download them when you need them. Files On-Demand gives the Mac an intelligent connection to the cloud and is just one more example of the power of Office on the Mac platform. Preview it before it rolls out to all Mac users.

OneDrive Files On-Demand for Mac displays all your OneDrive files in Finder but only downloads them when you need them.

6. Work together with your entire network with LinkedIn in Outlook and Office web apps

We’re announcing two new ways to use the power of the LinkedIn network within your daily workflow. Soon, when you connect your LinkedIn account to Office 365, you’ll be able to coauthor documents with people in your LinkedIn network in Word, Excel, and PowerPoint and send emails to them directly from Outlook. This brings your corporate directory and your LinkedIn network together, so you never lose touch with the contacts who can help you succeed, inside or outside your organization. You’ll also see LinkedIn highlights about the people in your meeting invites, providing you with insights about attendees, so you can prep for important meetings quickly and easily. These features help you focus on what’s important by providing information and connections directly in your flow of work and will be coming soon in a staged rollout.

7. Deliver a modern desktop with Azure

For many companies, the specific needs of their business demand a virtualized desktop experience. Today, we are introducing Windows Virtual Desktop, the only cloud-based service that delivers a multi-user Windows 10 experience, which is optimized for Office 365 ProPlus and includes free Windows 7 Extended Security Updates. With Windows Virtual Desktop, you can deploy and scale Windows and Office on Azure in minutes with built-in security and compliance. Sign up to be notified of the preview availability.

8. Manage your environment with the Microsoft 365 admin center

Following our recent release of the new Microsoft 365 admin center, we’re announcing new features to help you to monitor and manage applications, services, data, devices, and users across your Microsoft 365 subscriptions, including Office 365, Windows 10, and EMS. The Microsoft 365 admin center has several new capabilities to help you better manage your environment, including insight-based recommendations, a more consistent UI, and customized views for each of your admins. The public preview of these features is rolling out now to targeted release admins and soon to all admins. To get started, visit admin.microsoft.com.

Manage your environment more easily with the Microsoft 365 admin center.

9. Achieve modern compliance easily for the General Data Protection Regulation (GDPR) and more

In the world of complex regulations and evolving privacy standards, customers consistently tell us they need the built-in, intelligent capabilities of Microsoft 365 to proactively achieve compliance in their organizations. We’ve expanded Compliance Manager to now include 12 assessments across different industries. The unified labeling experience is also now available in the Security & Compliance Center as a single destination where you can create, configure, and automatically apply policies to ensure protection and governance of sensitive data.

Compliance Manager now includes 12 assessments across different industries.

10. Advancing security for IT professionals

The work we do in security at Microsoft gives us the broadest perspective on the challenges and a unique ability to help. We focus on three areas: running security operations that work for you, building enterprise-class technology, and driving partnerships for a heterogeneous world. Today, we’re announcing several new enterprise-class capabilities that leverage the Microsoft intelligent cloud and operational learnings to help organizations secure their people, devices, and data.

New support for passwordless sign-in via the Microsoft Authenticator app is now available for the hundreds of thousands of Azure Active Directory connected apps that businesses use every day. Nearly all data loss starts with compromised passwords. Today, we are declaring an end to the era of passwords. No company lets enterprises eliminate more passwords than Microsoft.

Microsoft Secure Score is the only enterprise-class dynamic report card for cybersecurity. By using it, organizations get assessments and recommendations that typically reduce their chance of a breach by 30-fold. It guides you to take steps like securing admin accounts with Multi-Factor Authentication (MFA), securing users accounts with MFA, and turning off client-side email forwarding rules. Starting today, we’re expanding Secure Score to cover all of Microsoft 365. We are also introducing Secure Score for your hybrid cloud workloads in the Azure Security Center, so you have full visibility across your estate.

Finally, we are announcing Microsoft Threat Protection, an integrated experience for detection, investigation, and remediation across endpoints, email, documents, identity, and infrastructure in the Microsoft 365 admin console. This will save analysts thousands of hours as they automate the more mundane security tasks.

Microsoft Secure Score is expanding to cover all of Microsoft 365.

We look forward to bringing you these new ways to achieve more from unlocking creativity to advancing security. You can learn more about our announcements, see all of our Microsoft Ignite sessions live streaming or on-demand, and connect with experts on the Microsoft Tech Community.

The post 10 new ways for everyone to achieve more in the modern workplace appeared first on Microsoft 365 Blog.

Today, we are announcing upcoming capabilities that, along with our recent investments, combine the power of artificial intelligence (AI) and machine learning with content stored in OneDrive for Business and SharePoint to help you be more productive, make more informed decisions, and keep more secure.

Be more productive

A key to being productive is leveraging existing content so you’re not reinventing the wheel. Historically this has been challenging due to the exponential growth of digital content, particularly with image, video, and audio files. Until now, these rich file types have been cumbersome to manage and painful to sift through to find what you need, when you need it.

Video and audio transcription—Beginning later this year, automated transcription services will be natively available for video and audio files in OneDrive and SharePoint using the same AI technology available in Microsoft Stream. While viewing a video or listening to an audio file, a full transcript (improving both accessibility and search) will show directly in our industry-leading viewer, which supports over 320 different file types. This will help you utilize your personal video and audio assets, as well as collaborate with others to produce your best work.

Once you’re ready to make a video broadly available across the organization, you can upload and publish to Microsoft Stream. You’ll continue to get transcription services plus other AI driven capabilities, including in-video face detection and automatic captions. Importantly, your audio and video content never leaves the Microsoft Cloud; it is not passed through potentially costly and insecure third-party services.

Searching audio, video, and images—Announced last September, we are unlocking the value of photos and images stored in OneDrive and SharePoint. Using native, secure AI, we determine where photos were taken, recognize objects, and extract text in photos. This recognition and text extraction allows you to search for images as easily as you search for documents. For example, you could search a folder of scanned receipts for the receipt that mentions “sushi.” Video and audio files also become fully searchable thanks to the transcription services described earlier.

Intelligent files recommendations—Later this year, we’ll introduce a new files view to OneDrive and the Office.com home page to recommend relevant files to you. Suggested files are based on the intelligence of the Microsoft Graph and its understanding of how you work, who you work with, and activity on content shared with you across Microsoft 365. This deep understanding of user behavior and relationships among coworkers is unique to Microsoft 365 and continues to be enriched as you collaborate on content in OneDrive and SharePoint.

AI also makes it easier to create new documents by reusing existing content. The Tap feature in Word 2016 and Outlook 2016 intelligently recommends content stored in OneDrive and SharePoint by understanding the context of what you are working on. This allows you to leverage and repurpose a paragraph, table, graphic, chart, or more from another file while working on a new document or email.

Make more informed decisions

OneDrive and SharePoint make your life easier thanks to innovative AI that helps you make more informed decisions while working with content.

File insights—Earlier this year, we rolled out an updated file card, providing access statistics for any file stored in OneDrive and SharePoint. This allows you to see who has looked at the file and what they have been doing, and it helps you decide your next action. Later this year, we’ll bring these valuable file statistics directly into the native Office application experience.

Additionally, we’ll introduce additional insights to the file card with “Inside look,” giving you important information at a glance—including time to read and key points from the document, so you can choose to dive in deeper or save it for later.

Intelligent sharing—Later this year, you’ll have the option to easily share relevant content with meeting attendees. For instance, if you just presented a PowerPoint presentation, you’ll be prompted to share it with the other attendees once the meeting is over. In the OneDrive mobile app, we’ll automatically prompt you to share photos taken during the same meeting, perhaps of a whiteboard where you brainstormed new ideas with your colleagues—all based on your Outlook calendar. This type of real-world intelligence allows you to quickly keep everyone informed and move on to your next task and is exclusively available when you store your content in OneDrive and SharePoint.

Data insights—Earlier this year at the SharePoint Virtual Summit, we showed you how you could immediately enrich your OneDrive and SharePoint content with intelligence by leveraging the flexibility of Microsoft Flow and the power of Azure Cognitive Services. Since these services are powered by Microsoft Azure, you can get sentiment analysis, key word extraction, and even custom image recognition—all while keeping your content secure in the Microsoft Cloud and away from potentially costly and insecure third-party services. Additionally, you can use information provided by these cognitive services to set up custom workflows to organize images, trigger notifications, or invoke more extensive business processes directly in OneDrive and SharePoint with deep integration to Microsoft Flow.

Keep more secure

When your files are stored in OneDrive and SharePoint, AI also helps to protect your content, keep you compliant, and thwart malicious attacks.

OneDrive files restore—Earlier this year, we released OneDrive files restore including integration with Windows Defender Antivirus for business and personal users to protect you from ransomware attacks by identifying breaches and guiding you through remediation and file recovery. With a full 30 days of file history and sophisticated machine learning to help us spot potential attacks early, OneDrive gives you peace of mind for every file you store. Best of all, moving your files to OneDrive has never been easier thanks to Known Folder Move.

Intelligent compliance—In addition to being able to apply native data loss prevention (DLP) policies and conduct native eDiscovery searches on textual content stored in OneDrive and SharePoint, with the innovations discussed above, we’re making it even easier to use these key compliance capabilities with audio, video, and images later this year. Soon you’ll be able to leverage the text extracted from photos and audio/video transcriptions to automatically apply these policies and protect this content.

Get started

As you can see, by leveraging Microsoft’s industry-leading investments in AI we believe we have made OneDrive and SharePoint in Microsoft 365 the smartest place to store your content. In fact, Microsoft is recognized as a Leader by Gartner in both their Magic Quadrant for Content Collaboration Platforms and Magic Quadrant for Content Services Platforms reports. It was also recognized by Forrester in both their cloud and hybrid Forrester Wave™: Enterprise File Sync and Share Platforms Q4 2017 reports.

You can start realizing these benefits and more by moving your content to OneDrive and SharePoint today, just as Fortune 500 customers MGM Resorts International, Walmart, Johnson Controls International, and Textron are doing. You’ll automatically get more value as we continue to invest in these and other new AI capabilities to help you achieve more.

Microsoft has a bold vision to transform content collaboration for the modern workplace inclusive of files, dynamic web sites and portals, streaming video, AI, and mixed reality, while reducing costs and improving compliance and security. Be sure to join us at Microsoft Ignite from September 24–28, 2018 in Orlando, Florida, or on-demand, where we’ll continue to unveil how AI will accelerate content collaboration in the modern workplace.

Gartner, Inc., Magic Quadrant for Content Collaboration Platforms, Monica Basso, Michael Woodbridge, Karen Hobert, July 3, 2018.
Gartner, Inc., Magic Quadrant for Content Services Platforms, Karen Hobert, Michael Woodbridge, Joe Mariano, and Gavin Tay, October 5, 2017.

Gartner Disclaimer:
Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Microsoft 365 is the smartest place to store your content appeared first on Microsoft 365 Blog.

The last few months have been some VERY exciting times in the world of identity and security standards. Due to the efforts of a broad set of experts across the industry, we’ve made incredible progress in finalizing a broad set of new and improved standards that will improve both the security and user experiences of a generation of cloud services and devices.

One of the most important of these improvements is the Token Binding family of specifications which is now well on its way towards final ratification at the Internet Engineering Task Force (IETF). (If you want to learn more about token binding, watch this great presentation by Brian Campbell.)

At Microsoft, we believe that the Token Binding can greatly improve the security of both enterprise and consumer scenarios by making high identity and authentication assurance broadly and simply accessible to developers around the world.

Given how positive we believe this impact can be, we have been and continue to be deeply committed to working with the community for creation and adoption of the token binding family of specifications.

Now that the specifications are close to ratification, I’d like to issue two calls to action:

1. Begin experimenting with token binding and planning your deployments.
2. Contact your browser and software vendors, asking them to ship token binding implementations soon if they aren’t already.

And I’m happy to report that Microsoft is just one of many industry voices saying that token binding is an important solution whose time has come.

For more on why token binding matters, I’ll turn things over to Pamela Dingle – a leading industry voice who many of you already know – who is now Microsoft’s Director of Identity Standards on the Azure AD team.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

—————————————————————————————————————————–

Thanks Alex and hi everybody,

I share Alex’s excitement! Years of time and effort have been put into the specifications you will see celebrated as new RFC standards in a very short time. The time is right for architects to dig in to the specific identity and security advantages that Token Binding represents.

What is so great about token binding, you might ask? Token binding makes cookies, OAuth access tokens and refresh tokens, and OpenID Connect ID Tokens unusable outside of the client-specific TLS context in which they were issued. Normally such tokens are “bearer” tokens, meaning that whoever possesses the token can exchange the token for resources, but token binding improves on this pattern, by layering in a confirmation mechanism to test cryptographic material collected at time of token issuance against cryptographic material collected at the time of token use. Only the right client, using the right TLS channel, will pass the test. This process of forcing the entity presenting the token to prove itself, is called “proof of possession”.

It turns out that cookies and tokens can be used outside of the original TLS context in all sorts of malicious ways. It could be hijacked session cookies or leaked access tokens, or sophisticated MiTM. This is why the IETF OAuth 2 Security Best Current Practice draft recommends token binding, and why we just recently doubled the rewards on our identity bounty program. By requiring proof of possession, we turn the opportunistic or pre-meditated use of cookies or tokens in ways they were not intended into something difficult and expensive for an attacker to attempt.

Like any proof of possession mechanism, token binding grants us the ability to build defense in depth. We can work hard to never lose a token, but we can also verify just to be safe. Unlike other proof of possession mechanisms such as client certificates, token binding is self-contained and transparent to the user, with most of the heavy lifting done by the infrastructure. We hope that this eventually means anyone can choose to operate at a high level of identity assurance, but we expect to see strong demand from the government and financial verticals at the beginning, as they have immediate regulatory requirements to do proof of possession. As one example, anyone who requires NIST 800-63C AAL3 categorization requires this kind of technology.

Token binding represents a long road. We are three years in, and while the ratification of the specifications is an exciting milestone, as an ecosystem we still have a lot to build, and this specification needs to work across vendors and platforms to be successful. We are very excited over the coming months to start sharing in depth the security benefits and best practices that have come from our embrace of this functionality, and we hope you will join us in advocating for this technology wherever you need it.

Cheers,

— Pam

The post It’s time for token binding appeared first on Microsoft 365 Blog.

Streamlining the way you work

Updates to the Office 365 user experience—We announced updates for Word, Excel, PowerPoint, OneNote, and Outlook that are designed to embrace the breadth and depth of Office 365 features, while simplifying the user interface and improving accessibility. These updates include a simplified ribbon to encourage focus and collaboration, modern colors and icons to improve rendering and accessibility, and AI-powered search to quickly surface relevant information. These changes will start to roll out to Microsoft 365 and Office 365 subscribers over the next few months.

Connect Office 365 Groups to SharePoint sites—Office 365 Groups can now connect to existing SharePoint sites, allowing newly created Office 365 groups to integrate with your existing SharePoint infrastructure. Connecting a group to a site provides a single starting point to find content, team news, and communications with modern pages, libraries, and lists—without losing any previous content or permissions.

Reduce distractions with Outlook for Android—We introduced “Do Not Disturb” in Outlook for Android to help you reduce distractions and get more done. Now, subscribers can set timed or scheduled periods when email and calendar notifications will be paused. For those with multiple Outlook accounts, Do Not Disturb settings can be customized for each email address—enabling granular control over how you spend your focus-hours.

Manage progress in Microsoft To-Do—This month, we introduced “Steps” in Microsoft To-Do—a new feature that allows you to break down tasks into smaller, incremental steps—making large projects more manageable. Now, when a you create a To-Do item, you can add a range of detailed steps that are tracked through to completion. We also introduced the ability to share your To-Do lists, enabling you to work together on tasks and complete projects with colleagues and friends.

Dictation in OneNote—Office 365 subscribers with Windows 10 can now take advantage of hands-free dictation using nine languages in OneNote. Dictation provides a simple, yet transformational, way to express ideas and capture notes using only your voice. You can also make edits using your keyboard without having to pause the recording. Simply click or tap the Dictate icon and start speaking.

Adobe PDF integration in Office 365—Last September, we expanded our strategic partnership with Adobe to focus on integrations between Adobe Sign and Office 365 products, like Microsoft Teams, SharePoint, and Outlook. This month, the Adobe Document Cloud team announced new capabilities for OneDrive and SharePoint that provide improved fidelity when working with PDF documents. Once integrated by your administrator, PDF services provide rich previews of PDF documents in OneDrive and your SharePoint sites, and allow you to combine several files into a single PDF in your document library.

Securing the modern workplace

We introduced several new important capabilities that strengthen your organization’s identity-driven security, and ensure important data is kept safe.

Secure your organization with baseline security policy in Azure Active Directory—We introduced the preview of a baseline security policy in Azure AD that enforces multi-factor authentication for privileged accounts. This new policy will apply to all organizations that have Azure Active Directory and help secure the most important accounts in your tenant. Customers can opt in to the baseline protection policy in preview, and at general availability will be opted in by default with the ability to opt out at any time.

Block legacy authentication using Azure Active Directory conditional access—This month, we introduced the preview of conditional access support for blocking legacy authentication, which enables organizations to stop users from authenticating to legacy apps. Identity attacks such as password spray almost exclusively target these older client apps. This feature improves the overall security of your IT environment by getting users to move to more modern clients that support modern authentication mechanisms.

Enhance data classification across your organization—The new Label Activity Explorer in Office 365 provides a quick overview of how the data in your organization has been labeled—allowing you to investigate risky or abnormal activity. To help you manage labeling across the lifecycle of your organization’s content, we enhanced the Data Governance dashboard with new features like the Data Governance toolbox, added links and tools for common data governance tasks, and provided a single resource for guidance.

Other updates

• Microsoft Teams has reached FedRAMP Moderate Compliance and will start rolling out to U.S. Government Community Cloud (GCC) customers on July 17, 2018.
• Visio Online is now available in Microsoft Teams. Coworkers can now collaborate on Visio Online diagrams from within their team or channel without toggling between apps.
• SharePoint Swoop—our new enterprise reality show—features a team of MVP experts with just three days to help a Microsoft 365 customer modernize their intranet.
• At Computex 2018, we outlined our vision for how partners can build intelligent edge devices and solutions.

The post New to Microsoft 365 in June—streamlining teamwork and security appeared first on Microsoft 365 Blog.

Some great news to share with you today! For the second year in a row, Gartner has positioned Microsoft in the Leaders Quadrant in the 2018 Magic Quadrant for Access Management, Worldwide, based on our completeness of vision and ability to execute in the access management market. Find out why in a complimentary copy of the report here.

According to Gartner, Leaders show evidence of strong execution for anticipated requirements related to technology, methodology, or means of delivery. Leaders also show evidence of how access management plays a role in a collection of related or adjacent product offerings.

Furthest in Vision in Leaders Quadrant

Microsoft is positioned the furthest in completeness of Vision in the Leaders Quadrant, for the second straight year. We believe our jump up in Execution also illustrates how important it is for us to execute on a strategy that can help organizations where they are at today and prepare them for the identity needs of tomorrow.

At Microsoft, we champion conditional access policies and threat protection for identities as critical capabilities for a world-class identity and access management solution. As part of a rich ecosystem with Windows 10, Office 365 and EMS, we’ve worked hard to integrate security policies across products to give you visibility and control over the full user experience. We’ve also taken in the insights and feedback from our customers this year to improve the experience and make it even easier to get all your identities in one place. We are committed to providing innovative and comprehensive identity and access management solutions for your employees, partners, and customers.

We could not have continued to be a leader in this space without the input and support from our customers and partners – thank you!

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

Important note:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Vision + Execution: Microsoft named a leader again in Gartner MQ for Access Management appeared first on Microsoft 365 Blog.

Here’s a look at what we brought to Microsoft 365 in May.

Empowering creative teamwork

Create accessible content in Office 365—We enhanced the Accessibility Checker to streamline the process of creating quality content that is accessible to people with disabilities. Now, the Accessibility Checker identifies an expanded range of issues within a document, including low-contrast text that is difficult to read because the font color is too similar to the background color. The checker also includes a recommended action menu and utilizes AI to make intelligent suggestions for improvements—like suggesting a description for an image—making it easier to fix flagged issues from within your workflow.

Accessibility Checker alerts you in real-time of issues that make your content difficult for people with disabilities to access.

Work in mixed reality with SharePoint—This month, we unveiled SharePoint spaces—immersive, mixed reality experiences built on SharePoint—which enable you to interact with and explore content in new ways. Now, Microsoft 365 subscribers can work with 3D models, 360-degree videos, panoramic images, organizational charts, visualizations, and any information on your intranet to create immersive mixed reality experiences. SharePoint spaces make it easy to create virtual environments with point-and-click simplicity to help viewers digest information that might be too numerous or too complex to experience in the real world or in a two-dimensional environment.

Create immersive virtual environments in seconds with SharePoint spaces.

Find relevant content faster in SharePoint—The new Find tab in the SharePoint mobile app makes it easier to access the information you need when looking for expertise, content, apps, or resources on the go. The Find tab uses AI to automatically surface sites, files, news, and people relevant to you without having to search—including documents and sites that you were recently working on from across your devices. The Find tab also refines search results as you type, and leverages AI to provide instant answers to questions you ask based on information from across your intranet.

By learning from your existing content and organizational knowledge, AI provides instant answers, transforming search into action.

Run efficient meetings with Microsoft Teams—This month at Build, we demonstrated a range of future capabilities in Microsoft Teams that utilize AI to make meetings smarter and more intuitive over time—including real-time transcription, Cortana voice interactions for Teams-enabled devices, and automatic notetaking. Today, we’re announcing new capabilities for mobile users that make it easier to participate in meetings on the go. Now, you can quickly share your screen with others in the meeting directly from your mobile device, or upload images and video from your library. These improvements make everyone a first-class meeting participant—regardless of location or device.

Source video.

Extend meeting capabilities with Surface Hub 2—Earlier this month, we introduced Surface Hub 2, a device built from the ground up to be used by teams in any organization. Surface Hub 2 integrates Teams, Microsoft Whiteboard, Office 365, Windows 10, and the intelligent cloud into a seamless collaboration experience, which extends the capabilities of any meeting space and allows users to create—whether in the same room or separated by thousands of miles.

Creating a secure and compliant workplace

Achieve GDPR compliance with the Microsoft Cloud—This month marked a major milestone for individual privacy rights with the General Data Protection Regulation (GDPR) that took effect on May 25, 2018. Over the last few months, we introduced new capabilities across the Microsoft Cloud to help you effectively demonstrate that your organization has taken appropriate steps to protect the privacy rights of individuals. To learn more about these capabilities, read our summary of Microsoft’s investment to support GDPR and the privacy rights of individuals.

Microsoft 365 customer INAIL leverages Azure Information Protection to classify, label, and protect their most sensitive data.

Work securely with external partners in Microsoft 365—We introduced several new capabilities in Azure Active Directory Business-to-Business (B2B) collaboration that make it easier to work safely and securely with people outside of your Microsoft 365 tenant. B2B collaboration allows administrators to share access to internal resources and applications with external partners while maintaining complete control over their own corporate data. Starting this month, first-time external users are welcomed to your tenant with a modernized experience and improved consent flow, making it easier for users to accept the terms of use agreements set by your organization.

We also improved Business-to-Consumer (B2C) collaboration, making it easier to invite external partners who use consumer email accounts like Outlook and Gmail while protecting your organization’s data and improving the process of setting access policies.

Track terms of use agreements in Azure Active Directory B2B by tracking when users consent.

Other updates

As companies seek to empower people to do their best work, a cultural transformation isn’t just inevitable—it’s essential. This month, we released a white paper outlining how Microsoft is partnering with customers to foster a modern workplace that is productive, responsive, creative, and secure. To learn more, read the New Culture of Work white paper.

Check out these other updates from across Microsoft 365:

• Resume Assistant in Word is rolling out for free in Word Online.
• Risky IP Reports for Active Directory Federation Services help you monitor and audit your infrastructure to defend against extranet attacks.
• Office Lens now includes support for inking on top of images.

The post New to Microsoft 365 in May—empowering and securing users appeared first on Microsoft 365 Blog.

Complexity is the absolute enemy of security and productivity. The simpler you can make your productivity and security solutions, the easier it will be for IT to manage and secure—making the user experience that much more elegant and useful. We’ve learned from building and running over 200 global cloud services that a truly modern and truly secure service is a simple one.

Microsoft 365 is built to help you solve this problem of complexity so that you can simplify. But let me be clear, simpler doesn’t mean less robust or less capable.

From thousands of conversations with customers, we heard clearly how important it is for IT to simplify the way it enables users across PCs, mobile devices, cloud services, and on-premises apps. Microsoft 365 provides that all with an integrated solution that’s simpler, yet also more powerful and intelligent.

Because the way you work and do business is so important to us, our work will never be done—we will constantly innovate, improve, and discover new and better ways to help your organization do more. Today, I am excited to announce some new capabilities and updates coming soon to Microsoft 365, including:

• A modern desktop.
• Solutions for Firstline Workers.
• Streamlined device management with lower costs.
• Integrated administration experience.
• Built-in compliance.

Each of these new capabilities will allow you to simplify your modern workplace, which means delighting and empowering your users, while enabling IT to protect and secure the corporate assets.

Time for a modern desktop

What do I mean by a “modern desktop?”

A modern desktop is powered by Windows 10 and Office 365 ProPlus and is always up to date with insights and security powered by the cloud. After years of refinements, we believe this is the most productive and secure computing experience for businesses. Not only does it provide the richest user experience, it also helps IT better manage devices and data, with lower costs.

Today, we are making two announcements about enhancements we’ve delivered for managing modern desktops:

First, Delivery Optimization enhancements are coming in the Windows 10 April 2018 Update (which you can learn more about in Yusuf’s blog today as well).

Delivery Optimization allows for one device to download an update and then use the local network to deliver that update to peers. This significantly reduces bandwidth (by as much as 90 percent) and that results in a much better experience for everyone on the network.

With the Windows 10 April 2018 Update, you will be able to monitor Delivery Optimization Status using Windows Analytics—including how many devices are enabled and the bandwidth savings you’ve achieved.

Delivery Optimization Status using Windows Analytics.

Second, recently we announced the Readiness Toolkit for Office (RTO), which helps with your Office VBA, Macro, and add-in compatibility. The Application Health Analyzer (AHA) tool, which can assess the dependencies of your internally developed apps and help you ensure they remain compatible with Windows 10 updates, will be available in public preview in the coming months.

ConfigMgr also plays an important part in how so many of you manage the servicing process. In fact, I am excited to share that this week we hit a new milestone of 115 million devices under management by ConfigMgr! The recent 1802 release of ConfigMgr will add the ability for you to execute phased deployment rings. This will further automate the servicing of Windows 10 and Office 365 ProPlus by updating IT-defined groups one at a time, and automatically initiating the next group once the health of the first deployment is confirmed.

We recognize, however, that organizations are in various stages of transition to the cloud. To support customers who are not fully ready to move to the cloud in the near future, we will release Office 2019 in the second half of 2018. Commercial previews of the Office 2019 applications on Windows 10 are available starting today.

Finally, in February we shared there are just two years before the end of extended support for Windows 7 and Office 2010 (January and October 2020, respectively). There has never been a better time than now to plan and accelerate your transition and upgrade to a modern desktop experience with Microsoft 365.

Solutions for Firstline Workers and kiosks

Whether for customers in your lobby or for your Firstline Workers, Windows kiosk devices often are the first representation of your organization’s brands, products, or services. IT needs a simpler process to configure and manage these devices for both Firstline Workers and customer-facing kiosks.

Today, we are extending the assigned access capabilities for Windows 10, so you can easily deploy and manage kiosk devices with Microsoft Intune for your single or multiple app scenarios. This includes the new Kiosk Browser that will be available from the Microsoft Store. Kiosk Browser is great for delivering a reliable and custom-tailored browsing experience for scenarios such as retail and signage.

Kiosk Browser available from the Microsoft Store.

Over the next year, we will add additional capabilities to help you streamline kiosk deployment and keep them in a pristine state for a reliable Firstline Worker experience. You can learn more about these investments in the Windows IT Pro blog.

Kiosks and Firstline Worker devices are most secure, resilient, and performant when deployed with Windows 10 in S mode. With the Windows 10 April 2018 Update, Windows 10 Enterprise can be configured in S mode, so organizations can deploy both Credential Guard and Application Guard, and benefit from centralized management of the Microsoft Store, Cortana, and more. All of this is available with a Microsoft 365 subscription.

In addition, we are also simplifying our licensing to add the Office mobile apps for iOS and Android to Office 365 E1, F1, and Business Essential licenses. With this change, all users licensed for Microsoft 365 and Office 365, including Firstline Workers, will be able to use the Office mobile apps and be productive on the go. Outlook for iOS and Android is available to users now. Word, PowerPoint, Excel, and OneNote mobile apps will be available over the next few months.

Streamline device management at lower costs

Modern management promises to dramatically reduce and simplify the process of managing desktop images, saving valuable time and money.

Windows AutoPilot is a key part of the flexible device management approach needed in a modern workplace. It’s as simple as taking a new device from the box, powering it on, entering your credentials, and sitting back while it is configured and managed from the cloud with minimal user or IT effort. With no management of images!

Starting with the Windows 10 April 2018 Update, Windows AutoPilot now includes an enrollment status page. This page enables you to ensure policies, settings, and apps can be provisioned on the device during that out-of-box experience before the user gets to the desktop and begins interacting with the device. Now IT can ensure every device is compliant and secure before it is used.

Windows AutoPilot enrollment status page.

Lenovo announced that they are the first Microsoft OEM PC partner to have direct integration with the Windows AutoPilot deployment service. They are ramping up to worldwide availability and working with early pilot customers. Dell is also now shipping PCs with Windows AutoPilot to customers in the U.S. and select countries and can enroll devices on behalf of customers in the factory for provisioning. HP, Toshiba, Panasonic, and Fujitsu remain committed to bringing seamless deployments of Windows 10 to customers through Windows AutoPilot on their respective PCs in the fall.

Windows AutoPilot is an absolute gamechanger. I urge you to spend some time learning more about how it can simplify your deployments, reduce the massive amount of time and money you spend provisioning hardware, and, of course, your users are going to love the simplicity.

An integrated administration experience

Our vision for the cloud services we build is to help simplify your work with a unified and intuitive management experience that spans your users, devices, apps, and services.

Back in March, we took a major step in this direction by announcing the Microsoft 365 admin center as the common management entry point for your entire Microsoft 365 implementation. Today, we are expanding this integrated and intuitive admin experience to Office 365 users.

The Microsoft 365 admin center.

Users of both Office 365 and Microsoft 365 will now have access to the same admin center with the same capabilities. For Office 365 users, this means a simpler admin experience that easily integrates with your other Microsoft services—all without giving up any capabilities or control.

If you want to manage Microsoft 365, you can now simply go to admin.microsoft.com. Previously, IT pros who were managing Microsoft 365 had to go to multiple consoles. Not any longer!

Compliance that’s built-in

The complexity and difficulty of managing compliance can be overwhelming, especially for larger organizations. We updated Microsoft 365 to include built-in and continuously updated capabilities that help with regulations that govern archiving, retention, disposition, classification, and discovery of data. These new features will really help reduce the complexity of executing compliance workflows.

The Microsoft 365 Security & Compliance Center is the central place that’s integrated with Azure Active Directory, Microsoft Exchange, SharePoint, and Teams—and it allows you to import data for retention and content discovery, as well as across cloud services.

The Microsoft 365 Security & Compliance Center.

We’ve recently added several new capabilities to the Security & Compliance Center, including:

• A new Data Privacy tab that gives you the ability to execute Data Subject Requests as part of the fulfillment requirements for the General Data Protection Regulation (GDPR).
• Privileged Access Management that allows you to prevent standing admin privilege by providing just-in-time access for admin roles and tasks in Microsoft 365.
• Multi-Geo Capabilities in Microsoft 365 that give you control over where your data resides at a per-user level based on your global data location and compliance needs.
• New Advanced Data Governance controls for event-based retention and disposition.

In addition to the Security & Compliance Center, each of the apps in Microsoft 365 supports the compliance levels you need. The latest application to join this list is Microsoft Forms, a simple app for creating surveys, quizzes, and polls. Used by more than three million users in education, thanks to customer demand, Forms was brought to commercial preview last year. Now, having received SOC compliance, and after feedback from 50,000+ companies during the preview, Forms is enterprise ready and generally available to all commercial customers. To learn more, visit the Forms Tech Community.

Simplifying your IT

I am really excited about the capabilities we are delivering today. These updates are going to positively impact the way you use Microsoft 365 across desktops, devices, services, and compliance—and you will tangibly see those benefits across the countless things your IT organization manages.

Here are a handful of things you can do right now to begin to simplify your IT management:

• Plan for Windows 7 and Office 2010 EOL (January and October 2020, respectively) and upgrade to a modern desktop.
• Enroll in Windows Analytics, activate Upgrade Readiness, onboard your devices, and upgrade to the latest version of Windows.
• Plan and execute your first Windows AutoPilot deployment.
• Get familiar with the new Microsoft 365 admin center experience.
• Start using the Security & Compliance Center and the Compliance Manager to track regulatory compliance and controls.

And don’t forget, Microsoft FastTrack is available to help guide you on your path to IT management simplification with Microsoft 365.

There is a real elegance in simplifying; it means having fewer things to manage, configure, integrate, secure, and (simply put) break down. This means fewer things that can go wrong and there are fewer places where a misconfiguration can create an entry point for an attacker. Now you have both a better user experience and improved IT control.

Simplified IT means better security at a lower cost, and more productivity with less risk.

The post Making IT simpler with a modern workplace appeared first on Microsoft 365 Blog.

Many of you probably already use Azure Active Directory (Azure AD) B2B collaboration to work closely with your external partners. Since we launched Azure AD B2B capabilities a year ago, more than 800,000 organizations have used Azure AD B2B to collaborate with their partners, adding 8 million guest user accounts. Pretty amazing right?!

One of the most frequent pieces of feedback we’ve received is that you need B2B collaboration to work for all your apps, even if you have a hybrid configuration where you have apps on-premises and apps in the cloud. For example, you might already use B2B collaboration to invite your partners to access apps in Azure or Office 365, using their external credentials. But, you have high-value on-premises apps that your organization is not ready to move to the cloud just yet.

Today, I’m excited to let you know that we’re releasing a public preview that lets you give Azure AD B2B users access to on-premises apps, without needing to manually create on-prem accounts for them!

These on-premises apps can use SAML-based authentication or Integrated Windows Authentication (IWA) with Kerberos constrained delegation (KCD). This means employees in companies you partner with can use the same work accounts and credentials they use every day and now they can easily and securely access all the cloud and on-premises apps you make available to them. And to top it off, you can use conditional access policies and lifecycle management policies in Azure AD to protect your resources just like you can for employees.

To get start, I’d recommend taking a look at the docs. It’s not hard to enable your employees and partners to collaborate seamlessly even in a hybrid configuration! 

And as always, connect with us for any feedback, discussions, and suggestions. You know we’re listening! 

Best Regards,
Alex Simons (@Twitter: @Alex_A_Simons)
Director of Program Management
Microsoft Identity Division 

The post Azure AD B2B collaboration for hybrid organizations appeared first on Microsoft 365 Blog.

Today I want to tell you about some exciting new features we’ve been working on that I think you’ll be pretty excited about. Specifically, today we are announcing that:

1. A limited-preview of Password-less sign-in using a FIDO2 security key will available in the next update to Windows 10 (coming this spring).
2. Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection.
3. Azure AD access reviews, Privileged Identity Management and Terms of Use features are all now Generally Available.
4. With the addition of domain allow and deny lists, Azure AD B2B Collaboration now gives you the ability to control which partner organizations you work with.

For more details, keep scrolling!

A limited-preview of Password-less sign-in using a FIDO2 security key will available in the next update to Windows 10 (coming this spring).

If you want to significantly improve your security posture, cut the risk of phishing attacks and cut your password management costs, then you are going to love the work we are doing to add FIDO2 support to Windows 10.

With the next Windows 10 update, we’re adding a limited preview of our FIDO2 security key support. This new capability will give your employees the ability to sign in to an Azure Active Directory-joined Windows 10 PC without a username or password. All they will need to do is insert FIDO2 compliant security key into their USB port and tab. They’ll be automatically signed in to the device and they’ll get single-sign-on access to all your Azure AD protected cloud resources, as well.

See how it works in this video:

We’ve got lots more work to do here of course, including adding support for delegated key creation, and support for hybrid environments. But this is going to be a HUGE step in our drive to eliminate passwords for good and we’re really excited about it.

Azure AD Conditional Access policies can now check device health as reported by Windows Defender Advanced Threat Protection.

We’re also announcing some major improvements to Azure AD Conditional Access based on a new integration with Intune and Windows Defender Advanced Threat Protection. You can now create access policies based on the risk level detected at Windows 10 endpoints, which helps you ensure that only trusted users on trusted devices can access your corporate data. With this new integration, Azure AD Conditional Access can now receive intelligence about suspicious activity in domain-joined devices and automatically block those devices from accessing corporate resources.

We have a video you can watch to learn more about how this integration works.

More updates!

We’ve got a few more updates to share that we think you’ll be happy to hear about, too.

At Ignite 2017, we announced the public preview of Azure AD access reviews, Privileged Identity Management (PIM) for Azure and Terms of Use and are now happy to announce the general availability of these three features in Azure AD Premium!

• Access reviews: We created access reviews to help you manage the drift in access rights over time. With GA, you can schedule access reviews to run on a regular basis. And review results can be automatically applied to help ensure clean compliance reviews.
  
• Azure AD PIM for Azure Resources: You can now use Azure AD PIM’s time-bound access and assignment capabilities to secure access to Azure Resources. For example, you can enforce Multi-Factor Authentication or an approval workflow whenever a user requests elevation into the Virtual Machine Contributor role. 
  
• Terms of Use: Many customers have told us they need a way to let their employees and partners how they should be using the data they are about to access, especially with the May 25^th 2018 GDPR deadline looming. Azure AD Terms of Use is now GA. We’ve recently added support for configuring terms with multiple languages and new detailed reports showing when specific users consented to which set of terms of use.
  

With the addition of domain allow and deny lists, Azure AD B2B Collaboration now gives you the ability to control which partner organizations you work with.

Last but not least you can now specify which partner organizations you want to share and collaborate with in Azure AD B2B Collaboration. To do this, you can choose to create list of specific allow or deny domains. When a domain is blocked using these capabilities, employees can no longer send invitations to people in that domain.

This helps you control access to your resources, while enabling a smooth experience for approved users.

This B2B Collaboration feature is available for all Azure Active Directory customers and can be used in conjunction with Azure AD Premium features like conditional access and identity protection for more granular control of when and how external business users sign in and gain access.

Go here to learn more.

Wrapping up

We’re excited to be able to bring you new ways to manage passwords, protect identities, and mitigate threats. Password-less sign-in in to Windows with Azure AD feature will soon be in limited preview, so let us know if you’d like to get on the waitlist to try it out.

And as always, if you have any feedback or suggestions, please tell us! We’re looking forward to hearing from you.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity DivisionVirtual Machine Contributor

The post Password-less sign-in to Windows 10 and Azure AD using FIDO2 is coming soon (plus other cool news)! appeared first on Microsoft 365 Blog.

At Microsoft we’ve been working hard to eliminate passwords since the very earliest stages of Windows 10. We’ve made great progress with Windows Hello and our mobile Authenticator app that’s available on iOS and Android. But to date we have not had an interoperable solution that works across all industry platforms and browsers.

That’s why I’m so excited about the this weeks news from the FIDO Alliance and the World Wide Web Consortium (W3C).  On Tuesday the W3C advanced the Web Authentication spec (WebAuthn) to Candidate Recommendation status.  WebAuthn defines a web API that enables browsers and sites to use external authenticator keys based on the FIDO standard. This means we now have a cross-platform option for providing strong authentication without passwords!  And with support from Google, Microsoft and Mozilla browsers, we’re optimistic that WebAuthn will rapidly become widely adopted.  WebAuthn works together with the Client Authentication Protocol (CTAP), another FIDO standard.  CTAP defines the protocol for an external security key and talk to a client device.  With CTAP in place, we’re excitedly awaiting the wide variety of cost-effective security key options and form factors that innovative companies like Yubico, HID, Infineon, and Feitan are already working on.

Overview of FIDO2 architectural components

Microsoft has been working with the FIDO alliance for 4+ years now. We’ve made major contributions to the development of the FIDO2 set of standards and we are committed to adding full support of CTAP on Windows 10 and WebAuthn in the Edge browser. Microsoft’s identity products and services will also support FIDO.  This will allow Microsoft customers to use any Microsoft identity – both personal Microsoft accounts and organizational identities based on Azure Active Directory – to signin using a FIDO device instead of a password on any FIDO2 compatible device or browser.

The Password-less future is rapidly approaching and we’re excited for it to arrive!

For more information on the big announcement check out: https://fidoalliance.org/fido-alliance-and-w3c-achieve-major-standards-milestone-in-global-effort-towards-simpler-stronger-authentication-on-the-web/

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post Big news in our drive to eliminate passwords: FIDO2 / WebAuthn reaches candidate recommendation status! appeared first on Microsoft 365 Blog.

If you follow the blog, you know that Azure AD Conditional Access (CA) lets you easily secure access to Office 365 and all the other apps you use with Azure AD. It is our fastest growing feature ever and more than 23M users are now protected by conditional access policies! As it’s taken off, we’ve listened closely to your feedback about how we could improve Conditional Access and what you’d like to see next.

One of the features customers like you have requested the most is integration with the Intune Managed Browser. So today I am excited to announce two enhancements that are now in public preview:

• Intune Managed Browser SSO: Your employees can enjoy Single Sign-on across native clients (like Microsoft Outlook) and the Intune Managed Browser for all Azure AD-connected apps.
• Intune Managed Browser Conditional Access Support: You can now require employees to use the Intune Managed browser using application-based Conditional Access policies.

Read on for more details.

Single Sign-on to Azure AD-connected apps in the Intune Managed Browser

The Intune Managed Browser application on iOS and Android can now take advantage of SSO to all web apps (SaaS and on-premises) that are Azure AD-connected. When the Microsoft Authenticator app is present on iOS or the Intune Company Portal app on Android, users of the Intune Managed Browser will be able to access Azure AD-connected web apps without having to re-enter their credentials.

Let’s see how simple this is to have a better sign-in experience on iOS devices!

• Install the latest Intune Managed Browser. When using the app for the first time, you can take advantage of Single Sign-on by installing the Microsoft Authenticator app. Complete this step.

• Sign-in, and navigate to any of your Azure AD-connected applications with Single Sign-on. You will be prompted to register your device to provide Single Sign-on to all applications. That’s it!

  This capability expands on our previously announced integration between Azure AD Application Proxy and the Intune Managed Browser.

Pretty cool right?

Secure mobile browser access using Conditional Access and the Intune Managed Browser

You can also now restrict mobile browser access to Azure AD-connected web apps to the Intune Managed Browser only, blocking access from any other unprotected browsers like Safari or Chrome.

This allows you to secure access and prevent data leakage via unprotected browser applications. This protection can be applied to Office 365 services like Exchange Online and SharePoint Online, the Office portal, and even on-premises sites that you have exposed via the Azure AD Application Proxy.

To secure access, configure application-based Conditional Access policy in Azure AD and an App Protection policy for the Managed Browser in Intune.

Here’s how you do that:

Azure AD

It’s simple to create an Azure AD Conditional Access policy to lock down browser access to Intune Managed Browser. Learn how to setup an app-based conditional access policy on Azure AD. Here’s a screenshot of a policy targeting browser access.

Intune

Only a few more steps now! Create an Intune App Protection policy and target all users with for the Managed Browser application. Learn more on how to setup Intune App Protection policies here. A screenshot here shows how to target the managed browser application.

Your configuration is now ready! Users attempting to use unmanaged browsers such as Safari and Chrome will be prompted to use the Intune Managed Browser. If this is the first time, users will be prompted to install the Microsoft Authenticator on iOS or the Intune Company Portal on Android. Here is a screenshot of a blocked access when using Safari on iOS.

I hope you’ll give these new enhancements are try today. Here’s a set of quick links to get you started:

Quick Links

• How to use Azure AD Application Proxy
• Authoring conditional access policy
• App-based conditional access technical documentation
• App protection policies in Intune
• Configure Managed Browser policies in Intune

As always, we’d love to hear any feedback or suggestions you have. Just go here and let us know what you think!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Directory of Program Management

Microsoft Identity Division

The post The Intune Managed Browser now supports Azure AD SSO and Conditional Access! appeared first on Microsoft 365 Blog.

As long as we’ve had passwords, people have tried to guess them. In this blog, we’re going to talk about a common attack which has become MUCH more frequent recently and some best practices for defending against it. This attack is commonly called password spray.

In a password spray attack, the bad guys try the most common passwords across many different accounts and services to gain access to any password protected assets they can find. Usually these span many different organizations and identity providers. For example, an attacker will use a commonly available toolkit like Mailsniper to enumerate all of the users in several organizations and then try “P@$$w0rd” and “Password1” against all of those accounts. To give you the idea, an attack might look like:

This attack pattern evades most detection techniques because from the vantage point of an individual user or company, the attack just looks like an isolated failed login.

For attackers, it’s a numbers game: they know that there are some passwords out there that are very common. Even though these most common passwords account for only 0.5-1.0% of accounts, the attacker will get a few successes for every thousand accounts attacked, and that’s enough to be effective.

They use the accounts to get data from emails, harvest contact info, and send phishing links or just expand the password spray target group. The attackers don’t care much about who those initial targets are—just that they have some success that they can leverage.

The good news is that Microsoft has many tools already implemented and available to blunt these attacks, and more are coming soon. Read on to see what you can do now and in the coming months to stop password spray attacks.

Four easy steps to disrupt password spray attacks

Step 1: Use cloud authentication

In the cloud, we see billions of sign-ins to Microsoft systems every day. Our security detection algorithms allow us to detect and block attacks as they’re happening. Because these are real time detection and protection systems driven from the cloud, they are available only when doing Azure AD authentication in the cloud (including Pass-Through Authentication).

Smart Lockout

In the cloud, we use Smart Lockout to differentiate between sign-in attempts that look like they’re from the valid user and sign-ins from what may be an attacker. We can lock out the attacker while letting the valid user continue using the account. This prevents denial-of-service on the user and stops overzealous password spray attacks. This applies to all Azure AD sign-ins regardless of license level and to all Microsoft account sign-ins.

Tenants using Active Directory Federation Services (ADFS) will be able to use Smart Lockout natively in ADFS in Windows Server 2016 starting in March 2018—look for this ability to come via Windows Update.

IP Lockout

IP lockout works by analyzing those billions of sign-ins to assess the quality of traffic from each IP address hitting Microsoft’s systems. With that analysis, IP lockout finds IP addresses acting maliciously and blocks those sign-ins in real-time.

Attack Simulations

Now available in public preview, Attack Simulator as part of Office 365 Threat Intelligence enables customers to launch simulated attacks on their own end users, determine how their users behave in the event of an attack, and update policies and ensure that appropriate security tools are in place to protect your organization from threats like password spray attacks.

Things we recommend you do ASAP:

1. If you’re using cloud authentication, you’re covered
2. If you’re using ADFS or another hybrid scenario, look for an ADFS upgrade in March 2018 for Smart Lockout
3. Use Attack Simulator to proactively evaluate your security posture and make adjustments

Step 2: Use multi-factor authentication

A password is the key to accessing an account, but in a successful password spray attack, the attacker has guessed the correct password. To stop them, we need to use something more than just a password to distinguish between the account owner and the attacker. The three ways to do this are below.

Risk-based multi-factor authentication

Azure AD Identity Protection uses the sign-in data mentioned above and adds on advanced machine learning and algorithmic detection to risk score every sign-in that comes in to the system. This enables enterprise customers to create policies in Identity Protection that prompt a user to authenticate with a second factor if and only if there’s risk detected for the user or for the session. This lessens the burden on your users and puts blocks in the way of the bad guys. Learn more about Azure AD Identity Protection here.

Always-on multi-factor authentication

For even more security, you can use Azure MFA to require multi-factor authentication for your users all the time, both in cloud authentication and ADFS. While this requires end users to always have their devices and to more frequently perform multi-factor authentication, it provides the most security for your enterprise. This should be enabled for every admin in an organization. Learn more about Azure Multi-Factor Authentication here, and how to configure Azure MFA for ADFS.

Azure MFA as primary authentication

In ADFS 2016, you have the ability use Azure MFA as primary authentication for passwordless authentication. This is a great tool to guard against password spray and password theft attacks: if there’s no password, it can’t be guessed. This works great for all types of devices with various form factors. Additionally, you can now use password as the second factor only after your OTP has been validated with Azure MFA. Learn more about using password as the second factor here.

Things we recommend you do ASAP:

1. We strongly recommend enabling always-on multi-factor authentication for all admins in your organization, especially subscription owners and tenant admins. Seriously, go do this right now.
2. For the best experience for the rest of your users, we recommend risk-based multi-factor authentication, which is available with Azure AD Premium P2 licenses.
3. Otherwise, use Azure MFA for cloud authentication and ADFS.
4. In ADFS, upgrade to ADFS on Windows Server 2016 to use Azure MFA as primary authentication, especially for all your extranet access.

Step 3: Better passwords for everyone

Even with all the above, a key component of password spray defense is for all users to have passwords that are hard to guess. It’s often difficult for users to know how to create hard-to-guess passwords. Microsoft helps you make this happen with these tools.

Banned passwords

In Azure AD, every password change and reset runs through a banned password checker. When a new password is submitted, it’s fuzzy-matched against a list of words that no one, ever, should have in their password (and l33t-sp3@k spelling doesn’t help). If it matches, it’s rejected, and the user is asked to choose a password that’s harder to guess. We build the list of the most commonly attacked passwords and update it frequently.

Custom banned passwords

To make banned passwords even better, we’re going to allow tenants to customize their banned password lists. Admins can choose words common to their organization—famous employees and founders, products, locations, regional icons, etc.—and prevent them from being used in their users’ passwords. This list will be enforced in addition to the global list, so you don’t have to choose one or the other. It’s in limited preview now and will be rolling out this year.

Banned passwords for on-premises changes

This spring, we’re launching a tool to let enterprise admins ban passwords in hybrid Azure AD-Active Directory environments. Banned password lists will be synchronized from the cloud to your on-premises environments and enforced on every domain controller with the agent. This helps admins ensure users’ passwords are harder to guess no matter where—cloud or on-premises—the user changes her password. This launched to limited private preview in February 2018 and will go to GA this year.

Change how you think about passwords

A lot of common conceptions about what makes a good password are wrong. Usually something that should help mathematically actually results in predictable user behavior: for example, requiring certain character types and periodic password changes both result in specific password patterns. Read our password guidance whitepaper for way more detail. If you’re using Active Directory with PTA or ADFS, update your password policies. If you’re using cloud managed accounts, consider setting your passwords to never expire.

Things we recommend you do ASAP:

1. When it’s released, install the Microsoft banned password tool on-premises to help your users create better passwords.
2. Review your password policies and consider setting them to never expire so your users don’t use seasonal patterns to create their passwords.

Step 4: More awesome features in ADFS and Active Directory

If you’re using hybrid authentication with ADFS and Active Directory, there are more steps you can take to secure your environment against password spray attacks.

The first step: for organizations running ADFS 2.0 or Windows Server 2012, plan to move to ADFS in Windows Server 2016 as soon as possible. The latest version will be updated more quickly with a richer set of capabilities such as extranet lockout. And remember: we’ve made it really easy to upgrade from Windows Server 2012R2 to 2016.

Block legacy authentication from the Extranet

Legacy authentication protocols don’t have the ability to enforce MFA, so the best approach is to block them from the extranet. This will prevent password spray attackers from exploiting the lack of MFA on those protocols.

Enable ADFS Web Application Proxy Extranet Lockout

If you do not have extranet lockout in place at the ADFS Web Application proxy, you should enable it as soon as possible to protect your users from potential password brute force compromise.

Deploy Azure AD Connect Health for ADFS

Azure AD Connect Health captures IP addresses recorded in the ADFS logs for bad username/password requests, gives you additional reporting on an array of scenarios, and provides additional insight to support engineers when opening assisted support cases.

To deploy, download the latest version of the Azure AD Connect Health Agent for ADFS on all ADFS Servers (2.6.491.0). ADFS servers must run Windows Server 2012 R2 with KB 3134222 installed or Windows Server 2016.

Use non-password-based access methods

Without a password, a password can’t be guessed. These non-password-based authentication methods are available for ADFS and the Web Application Proxy:

1. Certificate based authentication allows username/password endpoints to be blocked completely at the firewall. Learn more about certificate based authentication in ADFS
2. Azure MFA, as mentioned above, can be used to as a second factor in cloud authentication and ADFS 2012 R2 and 2016. But, it also can be used as a primary factor in ADFS 2016 to completely stop the possibility of password spray. Learn how to configure Azure MFA with ADFS here
3. Windows Hello for Business, available in Windows 10 and supported by ADFS in Windows Server 2016, enables completely password-free access, including from the extranet, based on strong cryptographic keys tied to both the user and the device. This is available for corporate-managed devices that are Azure AD joined or Hybrid Azure AD joined as well as personal devices via “Add Work or School Account” from the Settings app. Get more information about Hello for Business.

Things we recommend you do ASAP:

1. Upgrade to ADFS 2016 for faster updates
2. Block legacy authentication from the extranet.
3. Deploy Azure AD Connect Health agents for ADFS on all your ADFS servers.
4. Consider using a password-less primary authentication method such as Azure MFA, certificates, or Windows Hello for Business.

Bonus: Protecting your Microsoft accounts

If you’re a Microsoft account user:

• Great news, you’re protected already! Microsoft accounts also have Smart Lockout, IP lockout, risk-based two-step verification, banned passwords, and more.
• But, take two minutes to go to the Microsoft account Security page and choose “Update your security info” to review your security info used for risk-based two-step verification
• Consider turning on always-on two-step verification here to give your account the most security possible.

The best defense is… following the recommendations in this blog

Password spray is a serious threat to every service on the Internet that uses passwords but taking the steps in this blog will give you maximum protection against this attack vector. And, because many kinds of attacks share similar traits, these are just good protection suggestions, period. Your security is always our utmost priority, and we’re continually working hard to develop new, advanced protections against password spray and every other type of attack out there. Use the ones above today and check back frequently for new tools to defend against the bad guys out there on the Internet.

I hope you’ll find this information useful. As always, we’d love to hear any feedback or suggestions you have.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post Azure AD and ADFS best practices: Defending against password spray attacks appeared first on Microsoft 365 Blog.

I hope you’ll find today’s post as interesting as I do. It’s a bit of brain candy and outlines an exciting vision for the future of digital identities.

Over the last 12 months we’ve invested in incubating a set of ideas for using Blockchain (and other distributed ledger technologies) to create new types of digital identities, identities designed from the ground up to enhance personal privacy, security and control. We’re pretty excited by what we’ve learned and by the new partnerships we’ve formed in the process. Today we’re taking the opportunity to share our thinking and direction with you. This blog is part of a series and follows on Peggy Johnson’s blog post announcing that Microsoft has joined the ID2020 initiative. If you haven’t already Peggy’s post, I would recommend reading it first.

I’ve asked Ankur Patel, the PM on my team leading these incubations to kick our discussion on Decentralized Digital Identities off for us. His post focuses on sharing some of the core things we’ve learned and some of the resulting principles we’re using to drive our investments in this area going forward.

And as always, we’d love to hear your thoughts and feedback.

Best Regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

———-

Greetings everyone, I’m Ankur Patel from Microsoft’s Identity Division. It is an awesome privilege to have this opportunity to share some of our learnings and future directions based on our efforts to incubate Blockchain/distributed ledger based Decentralized Identities.

What we see

As many of you experience every day, the world is undergoing a global digital transformation where digital and physical reality are blurring into a single integrated modern way of living. This new world needs a new model for digital identity, one that enhances individual privacy and security across the physical and digital world.

Microsoft’s cloud identity systems already empower thousands of developers, organizations and billions of people to work, play, and achieve more. And yet there is so much more we can do to empower everyone. We aspire to a world where the billions of people living today with no reliable ID can finally realize the dreams we all share like educating our children, improving our quality of life, or starting a business.

To achieve this vision, we believe it is essential for individuals to own and control all elements of their digital identity. Rather than grant broad consent to countless apps and services, and have their identity data spread across numerous providers, individuals need a secure encrypted digital hub where they can store their identity data and easily control access to it.

Each of us needs a digital identity we own, one which securely and privately stores all elements of our digital identity.  This self-owned identity must be easy to use and give us complete control over how our identity data is accessed and used.

We know that enabling this kind of self-sovereign digital identity is bigger than any one company or organization. We’re committed to working closely with our customers, partners and the community to unlock the next generation of digital identity-based experiences and we’re excited to partner with so many people in the industry who are making incredible contributions to this space.

What we’ve learned

To that end today we are sharing our best thinking based on what we’ve learned from our decentralized identity incubation, an effort which is aimed at enabling richer experiences, enhancing trust, and reducing friction, while empowering every person to own and control their Digital Identity.

1. Own and control your Identity. Today, users grant broad consent to countless apps and services for collection, use and retention beyond their control. With data breaches and identity theft becoming more sophisticated and frequent, users need a way to take ownership of their identity. After examining decentralized storage systems, consensus protocols, blockchains, and a variety of emerging standards we believe blockchain technology and protocols are well suited for enabling Decentralized IDs (DID).
2. Privacy by design, built in from the ground up.
   Today, apps, services, and organizations deliver convenient, predictable, tailored experiences that depend on control of identity-bound data. We need a secure encrypted digital hub (ID Hubs) that can interact with user’s data while honoring user privacy and control.
3. Trust is earned by individuals, built by the community.
   Traditional identity systems are mostly geared toward authentication and access management. A self-owned identity system adds a focus on authenticity and how community can establish trust. In a decentralized system trust is based on attestations: claims that other entities endorse – which helps prove facets of one’s identity.
4. Apps and services built with the user at the center.
   Some of the most engaging apps and services today are ones that offer experiences personalized for their users by gaining access to their user’s Personally Identifiable Information (PII). DIDs and ID Hubs can enable developers to gain access to a more precise set of attestations while reducing legal and compliance risks by processing such information, instead of controlling it on behalf of the user.
5. Open, interoperable foundation.
   To create a robust decentralized identity ecosystem that is accessible to all, it must be built on standard, open source technologies, protocols, and reference implementations. For the past year we have been participating in the Decentralized Identity Foundation (DIF) with individuals and organizations who are similarly motivated to take on this challenge. We are collaboratively developing the following key components:
   

• Decentralized Identifiers (DIDs) – a W3C spec that defines a common document format for describing the state of a Decentralized Identifier
  
• Identity Hubs – an encrypted identity datastore that features message/intent relay, attestation handling, and identity-specific compute endpoints. 
  
• Universal DID Resolver – a server that resolves DIDs across blockchains 
  
• Verifiable Credentials – a W3C spec that defines a document format for encoding DID-based attestations.   
  

6. Ready for world scale:
   To support a vast world of users, organizations, and devices, the underlying technology must be capable of scale and performance on par with traditional systems. Some public blockchains (Bitcoin [BTC], Ethereum, Litecoin, to name a select few) provide a solid foundation for rooting DIDs, recording DPKI operations, and anchoring attestations. While some blockchain communities have increased on-chain transaction capacity (e.g. blocksize increases), this approach generally degrades the decentralized state of the network and cannot reach the millions of transactions per second the system would generate at world-scale. To overcome these technical barriers, we are collaborating on decentralized Layer 2 protocols that run atop these public blockchains to achieve global scale, while preserving the attributes of a world class DID system.
   
7. Accessible to everyone:
   The blockchain ecosystem today is still mostly early adopters who are willing to spend time, effort, and energy managing keys and securing devices. This is not something we can expect mainstream people to deal with. We need to make key management challenges, such as recovery, rotation, and secure access, intuitive and fool-proof.
   

Our next steps

New systems and big ideas, often make sense on a whiteboard. All the lines connect, and assumptions seem solid. However, product and engineering teams learn the most by shipping.

Today, the Microsoft Authenticator app is already used by millions of people to prove their identity every day. As a next step we will experiment with Decentralized Identities by adding support for them into to Microsoft Authenticator. With consent, Microsoft Authenticator will be able to act as your User Agent to manage identity data and cryptographic keys. In this design, only the ID is rooted on chain. Identity data is stored in an off-chain ID Hub (that Microsoft can’t see) encrypted using these cryptographic keys.

Once we have added this capability, apps and services will be able to interact with user’s data using a common messaging conduit by requesting granular consent. Initially we will support a select group of DID implementations across blockchains and we will likely add more in the future.

Looking ahead

We are humbled and excited to take on such a massive challenge, but also know it can’t be accomplished alone. We are counting on the support and input of our alliance partners, members of the Decentralized Identity Foundation, and the diverse Microsoft ecosystem of designers, policy makers, business partners, hardware and software builders. Most importantly we will need you, our customers to provide feedback as we start testing these first set of scenarios.

This is our first post about our work on Decentralized Identity. In upcoming posts we will share information about our proofs of concept as well as technical details for key areas outlined above.

We look forward to you joining us on this venture!

Key resources:

• Follow-us at @AzureAD on Twitter
  
• Get involved with Decentralized Identity Foundation (DIF)
  
• Participate in W3C Credentials Community Group
  

Regards,

Ankur Patel (@_AnkurPatel)

Principal Program Manager

Microsoft Identity Division

The post Decentralized digital identities and blockchain: The future as we see it appeared first on Microsoft 365 Blog.

Azure AD Conditional Access (CA) has really taken off. Organizations around the world are using it to ensure secure, compliant access to applications. Every month, Conditional Access is now used to protect over 10K organizations and over 10M active users! It’s amazing to see how quickly our customers have put it to work!

We’ve received lot of feedback about the user impact of Conditional Access. Specifically, with this much power at your fingertips, you need a way to see how CA policies will impact a user under various sign-in conditions.

We heard you, and today I am happy to announce the public preview of the “What If” tool for Conditional Access. The What If tool helps you understand the impact of the policies on a user sign-in, under conditions you specify. Rather than waiting to hear from your user about what happened, you can simply use the What If tool.

Get started

Ready to start playing with the tool? You can simply follow these steps:

• Go to Azure AD Conditional access
• Click on What If

• Select the user you want to test

• [Optional] Select app, IP address, device platforms, client app, sign-in risk as needed
• Click on “What If” and view the policies that will impact the user sign-in

Sometimes the question that you’re trying to answer is not “What policies will apply” but “Why is a policy not applying?” The tool can help you with that too! Switch to the “Policies that will not apply” tab and you can view the policy name and, more importantly, the reason why a policy didn’t apply. Isn’t that cool?

Want to learn more about the What If tool?

Tell us what you think

This is just a start. We’re already working to deliver more innovation in this area. As always, we’d love to hear any feedback or suggestions you have on this preview, or anything about Azure AD Conditional Access. We’ve even created a short survey on the What If tool for you to participate in.

We look forward to hearing from you!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post Public preview: “What If” tool for Azure AD conditional access policies appeared first on Microsoft 365 Blog.

The evolution of technology and cloud innovation are democratizing data and in turn fueling digital transformation. Embracing every facet of this digital transformation offers organizations an opportunity to better engage with customers, empower employees, and optimize the creation and delivery of products and services. However, with the increased use of personal data to customize user experiences, new compliance laws—such as the General Data Protection Regulation (GDPR)—are a logical policy component of our technology landscape. Microsoft 365 offers a complete cloud solution to help you with GDPR compliance, while Compliance Manager helps you assess and manage your compliance risk.

Compliance promotes innovation by building customer trust in technology

At its core, the GDPR strengthens personal privacy rights for individuals in the EU and requires organizations to provide individuals control over their personal data. To build and maintain the trust needed to manage customer relationships through technology, organizations need tighter controls over what personal data they hold and how they manage and protect this data. Systems and processes need to be modernized to prevent the unlawful use of data, accommodate personal data requests by individuals, and provide notifications of breaches in a timely manner.

Businesses are looking to the cloud for added value

Our research suggests that companies not only see the long-term value of building trust by protecting customer data, but in fact believe their investments in compliance will positively impact other areas of their business—like productivity and collaboration.* When IT decision makers in Europe and the U.S. were asked to identify their top concern in achieving GDPR compliance, “protecting customer data” was the #1 response while avoiding fines ranked #8. More than half of respondents said the GDPR brings added benefits like collaboration, productivity, and security. Cloud solutions like Microsoft 365 are a big reason that businesses see opportunity in compliance. Of those surveyed, 41 percent said they are likely to move more of their company’s infrastructure to the cloud to become compliant. And among leading cloud vendors, Microsoft was identified as most trusted by a wide margin (28 percent), followed by IBM (16 percent), Google (11 percent), and Amazon (10 percent). All told, 92 percent of IT decision makers in companies that store data primarily in the cloud identified as being confident in their GDPR readiness, compared with just 65 percent of those who prefer to store data on-premises.

Microsoft 365 is a complete cloud solution for GDPR compliance

The Microsoft Cloud is uniquely positioned to help you meet your GDPR compliance obligations, with the largest certified compliance portfolio, services architected to be secure by design, and the most extensive global datacenter footprint in the industry.

Our cloud solution is built for power, scale, and flexibility. Microsoft 365 brings together Office 365, Windows 10, and Enterprise Mobility + Security—offering a rich set of integrated solutions that leverage AI to help you assess and manage your compliance risk, protect your most important data, and streamline your processes.

Assess and manage your compliance risk with Compliance Manager Preview

Because achieving organizational compliance can be very challenging, understanding your compliance risk should be your first priority. Today, we’re making that easier with the preview of Compliance Manager.

Compliance Manager is a cross–Microsoft Cloud services solution designed to help organizations meet complex compliance obligations like the GDPR. It performs a real-time risk assessment that reflects your compliance posture against data protection regulations when using Microsoft Cloud services, along with recommended actions and step-by-step guidance. Learn more about Compliance Manager and how to access the preview.

Protect your most sensitive data

Beyond understanding your compliance risk, protecting both personal data and other sensitive content is key.

Microsoft information protection solutions provide an integrated classification, labeling, and protection experience, enabling more persistent governance and protection of sensitive data wherever it is—across devices, apps, cloud services, and on-premises.

For example, Office 365 Advanced Data Governance leverages machine assisted insights to help you automatically classify, set policies, and protect the data in Office 365 that is most important to your organization.

Azure Information Protection scanner addresses hybrid and on-premises scenarios by allowing you to configure policies to automatically label and protect documents on a Windows Server file share. Read “Azure Information Protection scanner in public preview” to learn more about the scanner.

Microsoft also provides external threat protection solutions to prevent and detect cyber-attacks across workloads—whether on devices using Windows 10, on-premises and Azure-based infrastructure, or with our cloud services like Office 365.

One of these solutions, Windows Defender Advanced Threat Protection, is built into Windows 10 and helps spot most advanced targeted attacks by giving visibility into threats on your device, insights into the scope of the threat, and one-click response capabilities to isolate the threat immediately.

Streamline your processes

The GDPR requires organizations to be able to identify and locate personal data. Having a scalable investigation and audit-ready processes in place to meet requirements is paramount.

Content Search, a feature of Office 365 eDiscovery, makes it easy to search Office 365 for data related to individuals. Since the results of this search could result in large quantities of data or data that is confidential to the organization, machine learning in Advanced eDiscovery can be used to minimize the data so that you are only providing the relevant data in accordance with the GDPR.

Finally, Customer Lockbox provides an audit trail showing when personal data is accessed during service operations.

Get started today on your GDPR journey with Microsoft

No matter where you are in your GDPR efforts, the Microsoft Cloud and our intelligent compliance solutions in Microsoft 365 can help you on your journey to GDPR compliance.

—Ron Markezich

*Online survey conducted by YouGov PLC between 10/31/2017 and 11/8/2017. Sample size: 1,542 IT decision makers.

The post Microsoft 365 helps businesses increase trust and innovation through compliance with Compliance Manager Preview appeared first on Microsoft 365 Blog.

If you follow the blog, you know that we support a wide array of options for connecting an on-premises directory or IAM solution to Azure AD. In fact no one in the industry gives customers as many options as we do.

So it’s not surprising that one of the questions customers ask me the most is which one I would recommend. I’m always a bit hesitant to give an answer. Over the last 6+ years working in the identity industry, I’ve learned that every organization is different and has different goals and requirements in terms of speed of deployment, security posture, ability to invest, network architecture, corporate culture, compliance requirements and work environment. That’s one of the reasons why we’ve invested in giving you options, so you can choose the one that best suits your needs. (That doesn’t mean I don’t have an opinion of course – if it was my organization, I’d definitely want to use our new Pass Through Authentication capabilities and Azure AD Connect Sync.  They are both fast to deploy and low cost to maintain. But hey, that’s just one person’s opinion!)

Rather than spend a bunch of time worrying about what I or anyone else would recommend, how about we just look at what customers are actually using? That strikes me as the best place to start.

Azure AD Momentum

I want to start by sharing some numbers about the overall use of Azure AD so you have the context for the deeper numbers below. For Azure AD overall, we continue to see strong growth in organizations using our basic cloud-based identity services and accelerating growth of Azure AD Premium.

The trend I’m the most excited about is the incredible growth in the use of Azure AD with third-party applications. With over 300k third-party applications in use every month, we’re seeing tons of organizations turn to Azure AD as their preferred cloud identity platform.

Synching users to Azure AD

Most Azure AD tenants are small organizations that don’t synchronize an on-premises AD to Azure AD. Larger organizations almost always sync, and those that do represent >50% of the 950M user accounts in Azure AD.

Here’s the latest data on how organizations synchronize users to Azure AD:

• >180K tenants sync their on-premises Windows Server Active Directory to Azure AD .
• >170K tenants use Azure AD Connect to do so.
• A small number of customers use other solutions:
  • 7% use our legacy DirSync or Azure AD Sync tools.
  • 1.9% use Microsoft Identity Manager or Forefront Identity Manager.
  • <1% use a custom or third-party solution.

Authenticating with Azure AD

The last time I blogged about authentications, the data I shared was based on authentication volumes. Your feedback to me was that this made the numbers difficult to put in context and that you were more interested in active user numbers. So, for this update I’ll share numbers based on Monthly Active Users (MAU).

As of Oct 31, there were just over 152M Monthly Active Users of Azure AD. Of those active users:

• 55% authenticated using a federation product or service.
• 24% authenticate with Password Hash Sync.
• 21% are cloud only users.
• Azure AD Pass-Through Authentication, which went GA only one month ago, already has over half a million Monthly Active Users and that number is growing at 50% per month!

Diving deeper, here’s some more interesting data:

• 46% of all active users are authenticating with AD Federation Services.
• Just over 2% of all active users are authenticating using Ping Federate. Ping is the fastest growing and most popular third-party option.
• 2% of all active users are authenticating using a third-party IDaaS service like Centrify, Okta or OneAuth.
• 1% of all active users are authenticating using a third-party Federation Server other than Ping Federate.

Key Conclusions

This is some pretty interesting data and highlights a few trends:

1. Azure AD Connect has become the standard way to synchronize between Windows Server AD and Azure AD. Over 90 percent of synching tenants now use it.
2. Azure AD Password Hash Sync has become a very popular option for our customers with tens of millions of monthly active users.
3. As larger and larger enterprises have started using Azure AD, Ping Federate has become an increasingly popular option. Our partnership with Ping has really paid off for these large customers.
4. Despite all the press coverage and market hype, other IDaaS vendors remain a very small part of the Azure AD/Office365 business.
5. Our new Pass Through Authentication option, which only GA’d a month ago is off to a good start with >500,000 MAU already! If current trends hold, sometime in the next six months to a year, it will be used by more unique users than all the other IDaaS vendors combined.

Summary

Just like last time, these numbers tell a pretty clear story. We’ve designed Azure AD to be open and standards-based so our customers can use a wide variety of third-party options. However, the majority of customers find that our “off the shelf” identity solutions meet their needs. And this number continues to grow.

Additionally, the data also shows that the level of simplicity we’ve delivered with Azure AD Connect is having a big impact. The solution is being widely adopted and is far and away the fastest growing option for connecting Windows Server AD and Azure AD/Office 365.

Hopefully you found this blog post interesting and useful! As always, we’d love to receive any feedback or suggestions you have.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post How organizations are connecting their on-premises identities to Azure AD appeared first on Microsoft 365 Blog.

Next, the ConfigMgr announcement:

And with this present-day milestone in mind, here’s a story you may not have heard before:

How It All Began

Late last week, I took the opportunity to re-read the original vision document or “spec” for Project Hermes. I hadn’t seen this doc in several years, and it was amazing to see how true ConfigMgr has stayed to that original vision. The fundamental building blocks outlined in that doc are still used today and are still part of its foundation.

In 1992, the original mission of Microsoft (aka, a PC in every home and on every desktop) was just hitting critical mass. Organizations were aggressively moving from terminal emulation to the x86 distributed computing model, and there was no solution to manage the PCs at scale. The team knew that Project Hermes had to be impactful.

The original SMS team was two full time developers and an intern named Ken Pan.  When I joined the team in 2003, Ken the Intern was leading the entire dev team of about 150 engineers. Ken has led the engineering efforts on SCCM and Intune for me ever since!

Fun fact:  The very first build of Systems Management Server (SMS) was 245. Why not 1? Well… Windows was on build 300 at that time and the team didn’t want to seem too far behind – but they knew that picking something too close to 300 would raise suspicion. So they picked 245!

SMS officially launched on November 7, 1994. That first release took a little over two years – today we release new insiders builds every month!

A big moment from that launch was an e-mail sent by Bill Gates to every Microsoft employee explaining that SMS was being deployed across the company. Ever the engineer, Bill pointed out in that e-mail how to remove SMS software from your machine if you were so inclined. (:

If you want to read that e-mail, I’ve included it at the bottom of this post.

Pushing the Architecture Forward

SMS 1.0, 1.1 and 1.2 were all released pretty quickly, and a new market was subsequently born. Without delay, the team then started working on SMS 2.0.

That’s when things got… complicated.

And, honestly, we made some poor decisions. A big part of the growth mindset is the ability to learn rapidly – this has been core in the SMS team from the beginning.

So much had changed in the architecture of how client-server applications were built since 1992 that the team essentially re-wrote the SMS server infrastructure in 1997 and 1998 to bring the scale and performance of SMS forward, and they also integrated with the upcoming capabilities of Windows Server 2000. This was the first time that the SMS architecture was rewritten to ensure it was the state-of-the-art for that time.

SMS 2.0 was released in January 1999, and the adoption and usage accelerated. At the time, I was working at SMS’s largest competitor, Novell, leading the Novell ZENworks team. I couldn’t possibly count the number of hours I spent meeting with SMS customers talking about the differentiators of ZENworks that were based in focusing on users (identities) with deep Directory integration!

While writing this post I was reminded that SMS 2.0 had an Easter egg in it. The Easter egg was a video showing the names and pictures of people who worked on the product, and, when I look another look at it this week, one name stood out:

Yup, Terry Myerson – my boss and the Executive Vice President of Microsoft. I guess all the greats really have passed through SMS at one point in their career.  (:

I joined the SMS team just as efforts were ramping up for what would become SMS 2003.

In SMS 2003, there were significant portions of the product that were, again, re-written. A big milestone at the time was getting SMS aligned on WSUS for patching. This aligned the Microsoft patching from cloud (Windows Update) to consumers and the Enterprise. WSUS is essentially the same bits that are used for Windows Update – except running in your datacenter.

Windows Update is one of the world’s largest Cloud services – updating more than 1B devices every month. Think about this for a minute:  One of Microsoft’s key differentiators in the public cloud today are our hybrid capabilities and the ability for you to essentially run our public cloud in your datacenter. Running Windows Update in your data center (WSUS) was really a pioneer and perhaps the earliest example of being cloud connected and hybrid. This was also the point in time when laptop usage had really accelerated, and we needed to build a new client that functioned in a disconnected or loosely connected model.

As we neared the release of SMS 2003, we would meet each Friday morning with a group from across the company to evaluate the status of the project. One of the key groups invited to that meeting was the Microsoft IT department (MSIT). In a move that had no precedent in the company, I granted the IT team veto authority over the decision to ship SMS 2003 if they did not feel it was ready. Ever since then, MSIT has been our first and best customer – as well as one of our best sources of feedback on early builds.

Today, we manage over 500,000 PCs and mobile devices here at Microsoft (this number is not included in the 100M MAD) through a single ConfigMgr deployment. We are constantly deploying new bits across Microsoft as we are building each monthly release. We definitely eat our own dogfood. Another fun cat:  My team actually oversees the internal deployment of ConfigMgr. There is no better way to learn than by than doing!

Between 2003 and 2007, we released two “Feature Packs.” We didn’t want to wait for an entire new product to deliver new functionality, so we innovated this new way to release capabilities. The first Feature Pack finished up the work of aligning on WSUS for our patching. The second Feature Pack was when we released OS Deployment.

One of my favorite memories of this time was a demo we set up at an event in Europe in November 2003 to show-off the new OS Deployment capabilities. Bill Gates was delivering the keynote, and, during his section of “What Is New with SMS,” we live upgraded 100 PCs on a wall behind Bill. We called this demo the “Wall of Fire.”

Here’s a picture we took of Bill when he turned around to watch the demo execute:

Here’s a picture of the brave SMS team members that staged the demo:

Making an Impact

In the fall of 2004, Bill and Steve hosted an offsite meeting with a few of the senior leaders from across the company – and the final session of the day was open Q&A with Bill and Steve.  Someone asked Bill what he thought was, “The most significant thing that has happened for Microsoft in the last year.” Bill responded: “We got SMS and Active Directory right – and they will be tremendous assets for us going forward.”

To this day, that is one of the best days of my professional career!

In 2007, we changed the name from “SMS” to “ConfigMgr,” in order to align it with the System Center brand. Desired State Configuration (DSC) was the newest innovative scenario that customers were requesting, so, once again, we evolved the architecture to really enable DSC to work the way it should. We also completely rewrote the administrative experience.

In Feb 2011, mid-way through the engineering of SCCM 2012, Satya took over the Server and Tools Business (STB), renamed it the Cloud and Enterprise (C+E), and became my boss. For our first 1:1 meeting, Satya came to my office and spent the bulk of the time really getting to know me better as a person. It was an incredible experience to work directly for Satya for several years and learn from his incredible, inquisitive nature, his growth mindset, and his humble-servant approach to leadership. Satya had a tremendous impact on the future and architecture of ConfigMgr during this release.

In ConfigMgr 2012 we essentially turned the architecture on its head by focusing the architecture and experience on users – not just devices.

Customers were telling us that mobility was going to be key in the future, and we understood that mobility was about the mobility of humans – not just devices.  In response to this information, we dramatically flattened the architecture to require less hardware, and we massively increased the scale limits. This is where our journey to the cloud really, really got serious; we connected ConfigMgr to Microsoft Intune, and Intune essentially became the edge of ConfigMgr.

This hybrid configuration became the model that allowed us to innovate in the cloud, and then deliver new value to on-prem ConfigMgr via that hybrid deployment. We believed that the cloud would enable scenarios that would have been impossible in the past, and Satya could see the potential impact of the cloud for device management – and he really pushed us to innovate and experiment here.

ConfigMgr Heads to the Cloud

The next architectural evolution was the most challenging by far.

When we learned that Windows 10 would be delivered as-a-service with multiple updates delivered each year, we knew that ConfigMgr needed to follow suit and move to the cloud.

The challenge here was daunting.

Historically, ConfigMgr had released on a 2-3 year cadence. I remember looking at the first all-up plan for SCCM 2007 and seeing 16 months of stabilization and beta between the time we declared code-complete and the release. 16 months!   It was clear we needed to “SaaS-ify” ConfigMgr so we could maintain a multiple-times-per-year release cadence.

With such a daunting task ahead, we set about hand-picking a small team of engineers and program managers who knew ConfigMgr deeply, had a growth mindset, and a shared a passion for this customer base.  Our belief was the only way we could pull this off was for a small and focused team to overhaul the entire architecture and create a cloud-delivered service from the ground cloud up.

When I looked at our timetable for this overhaul, I will admit to having a bit of skepticism mixed in with my normal abundance of optimism. Getting things done this quickly was an unbelievable undertaking.

The outcome, now, is obvious:  This hyper-focused engineering team exceeded every single benchmark and delivered a new cloud-based approach to PC management that allowed us to move to a monthly release cycle. To keep track of these updates, we did away with the traditional version numbers (e.g. 2003, 2007, 2012) and instead started naming them with a year/month convention; thus, the first release was versioned 1511 because we released it in the 11^th month of 2015.

Since then, we have released a new insider’s version of ConfigMgr every month, and major CurrentBranch releases every ~4 months.

This is – without question – one of the most incredible engineering efforts I have ever been a part of.

The customer response to this new cloud-delivered model has been incredible.

Check out this graphic:

Just over half of the ConfigMgr base has already upgraded to the new current branch model, and there are now more than 100M devices being actively managed and sending back telemetry.

Holy cow 100M!!!!

To my knowledge there are only 3 enterprise services in the world that have >100M monthly active users or devices under management and sending back telemetry:  Office 365, Azure Active Directory, and ConfigMgr. What do these three things have in common?  All are part of the integrated Microsoft 365 offer.

This chart shows the adoption of the major releases of ConfigMgr Current Branch since the 1511 release. We have a dashboard that shows us this data in real time, and we send out this chart to our entire team every Sunday morning at 8:30.

Believe me when I tell you that 8:30 on Sunday mornings is one of my favorite moments of every week.

This has been the fastest all-time upgrade for ConfigMgr, and you can see that with each release the rate of adoption (the slope of the line from left-to-right) gets faster and steeper. At first, we were a little nervous about how the ConfigMgr community would react to such fast releases – and we have been both amazed and grateful for your trust and confidence in us.

There has never been more interest in and passion for Project Hermes than there is right now.

What’s Next

We began the journey to the cloud with the 1511 release of ConfigMgr Current Branch in November 2015, and, at the time, it was clear to us that this was a major step towards where we needed to get. It was also clear to us that there was a lot more work to do.

The pace of innovation since 1511 has only accelerated. Organizations are rapidly moving to a world of cloud services connected to mobile devices, and, in order for us to deliver what you need in this accelerating environment, the ConfigMgr infrastructure has taken the big steps toward being a true cloud service. It is now a service that is continually updated with new capabilities, it utilizes the AI capabilities of the cloud to adjust to your needs and deliver the protection you require, and it is available to you as a cloud-based service that is able to scale to 100s of millions of devices around the globe.

All of this reminds me of the most common thing I hear from IT leaders all over the world:  They are frustrated with the complexity they and their teams have to deal with in order to get work done. Organizations are looking for ways to simplify what they have deployed and they want a unified way to enable their users on all devices – that also delivers the management and security they need. This is why we have built Microsoft 365.  M365 delivers the modern, secure workspace and integrated cloud services that enable users to achieve more. It has been engineered to enable IT to deliver that rich and empowering work environment that is Loved by User and Trusted by IT.

This is the next evolution of all of the products from Microsoft that you’ve been using for years – Windows, Office, Active Directory, ConfigMgr – and we’ve moved them all to the cloud with Microsoft 365.  Enterprise customers around the globe are migrating to the cloud (consuming Windows 10 as-a-Service, Office 365, and the EMS services) and this is the natural next evolution of the ConfigMgr architecture.

Just about every enterprise and commercial organization on the planet is starting from an on-premises model today where they are using Active Directory, Group Policy, and ConfigMgr as their management tools. The desire to move to a simpler and more modern model is high, but getting to that new modern model hasn’t been easy. An organization can’t just snap their fingers and move users/devices from AD/GP/ConfigMgr to AAD/Intune. What you’ve needed from us is a bridge that makes this move simpler, faster and removes risk. This is an area where we learned a lot by watching organizations move from on-prem Exchange to Exchange Online.

Today, we are excited to announce Co-management, a new set of capabilities and the bridge that will help accelerate the move to modern management from the cloud. With the Fall Creators Update, a Windows 10 device can be joined to on-premises Active Directory (AD) and Azure AD at the same time.

Co-management takes advantage of this improvement and enables the device to be managed by both ConfigMgr agent and Intune MDM. The move to modern management is no longer a cliff where you have to jump. With co-management you can take your own journey, step-by-step, to the cloud in a way and at a pace that makes sense for your organization.

We’ve made it simple to work within the ConfigMgr console to take the devices under management and enroll them for management with Intune. You can then select the first workload you want to move to the cloud (it is literally a slider bar that you move over from ConfigMgr to Intune) and that workload is moved to the cloud.

One of the unique capabilities of Microsoft 365 in this co-managed scenario is that ConfigMgr and Intune are in constant communication. As workloads are moved, we understand who the authoritative source (Intune or ConfigMgr) is for every attribute on users and devices – and this avoids conflicting policies from being applied.

This will dramatically accelerate the move to Windows 10 and modern management from the cloud.

* * * * *

Writing this has been an incredible walk down memory lane for me. SMS/ConfigMgr/Intune has had a profound impact on my life, the life of my family, the lives of 1,000’s of engineers that have worked on the projects, and the lives of millions of IT Pros who have used and continue to use it today. I love this product and I love this community.

I have also really enjoyed seeing today’s documentary about the history of ConfigMgr come together – but it is only Part 1. And Part 2 is much more important. That’s because Part 2 is going to be created by you.

If you’re at Ignite, stop by the management and security section of the Microsoft booth and tell your story. Simple directions are here.

If you’re not at Ignite, taking part is still very easy. Tell your story by uploading your memories and your stories about ConfigMgr here aka.ms/ConfigMgr25. Here are some basic instructions.

We’ll use these submissions to create Part 2 – a video we’d like to call:

“The People’s History of ConfigMgr”

I can’t wait to see it.

_______________________________________________

The post ConfigMgr at 25 appeared first on Microsoft 365 Blog.

Today, we’re announcing a redesigned web experience for Office.com, an easy-to-remember URL to help you sign in to Office 365 and get to all your apps, documents, sites, and people. We’ve also simplified the Office 365 app launcher to help you open and switch between your web apps easier. Finally, we’re introducing the new Office 365 gallery to provide Office 365 users with personalized information about the apps, tools, and services already in their subscription.

Get started faster with Office.com

Office.com is the fastest and easiest way to get started with Office 365—by getting to your favorite app quickly, opening your Office documents, starting a new project, or seeing the activity across your shared files. We are also improving the Office.com search experience to allow you to find Office 365 documents, apps, people, and sites directly from Office.com.

Office 365 app launcher

Updates to the Office 365 app launcher make opening and switching between your web apps easier than ever by highlighting the most used apps in Office 365. The simplified design provides smarter defaults that are relevant to the type of work you do and allows you to access recent online Office documents from anywhere in Office 365.

Explore your apps

You can now explore and learn about the full range of applications you already have access to with the new Office 365 gallery. Based on your subscription and usage patterns, the gallery provides suggestions on the right app to use for what you are trying to accomplish. You’ll see descriptions, resources, and quick access to install desktop or mobile versions. Click Explore all your apps from Office.com or the Office 365 app launcher to access the gallery.

Office 365 customers will see these changes roll out soon. Watch the Microsoft Mechanics session below to learn more. If you’re attending Microsoft Ignite this year, be sure to check out BRK1050—New web experiences in Office 365 that empower your users to get an inside look at these new experiences.

—The Office 365 team

The post New Office 365 app launcher and Office.com help you be more productive on the web appeared first on Microsoft 365 Blog.

Today I am excited to let you know that we’ve just enabled Guest Access in Microsoft Teams, built on the B2B collaboration features of Azure AD!

You can now enable partner collaboration in Teams for interactions across chat, apps, and file sharing, all with the ease of use and enterprise-grade protection Azure Active Directory has long enabled for your employees.

Now anyone with an Azure Active Directory account in any organization can be invited as a guest user in Microsoft Teams!

Customers have already created more than 8 million guest users using the B2B features of Azure AD and we’re only getting started. Adding support for Microsoft Teams has been a top customer request, so we’re excited to turn on this new capability to keep the momentum going. I hope you’ll give it a try today!

So, go ahead, log in to Teams today and invite your partners to work with you.

And as always, connect with us for any feedback, discussions, and suggestions. You know we’re listening!

Best Regards,

Alex Simons (@Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

P.S.: We are already working to add additional Azure AD capabilities in Teams, including support for external users with any corporate or consumer email account. Look for more news on that soon!

The post Azure AD B2B collaboration in Microsoft Teams appeared first on Microsoft 365 Blog.

With all the breaches of cloud identity services over the last few years, we get a lot of questions about how we secure customer data. So today’s blog is a dive into the details of how we protect customer data in Azure AD.

Datacenter and Service Security

Let’s start with our datacenters. First, all of Microsoft’s datacenter personnel must pass a background check. All access to our datacenters is strictly regulated and every entry and exit are monitored. Within these datacenters, the critical Azure AD services that store customer data are located in special locked racks—their physical access is highly restricted and camera-monitored 24 hours a day. Furthermore, if one of these servers is decommissioned, all disks are logically and physically destroyed to avoid data leakage.

Next, we limit the number of people who can access the Azure AD services, and even those who do have access permissions operate without these privileges day-to-day when they sign in. When they do need privileges to access the service, they need to pass a multi-factor authentication challenge using a smartcard to confirm their identity and submit a request. Once the request is approved, the users privileges are provisioned “just-in-time”. These privileges are also automatically removed after a fixed period of time and anyone needing more time must go through the request and approval process again.

Once these privileges are granted, all access is performed using a managed admin workstation (consistent with published Privileged Access Workstation guidance). This is required by policy, and compliance is closely monitored. These workstations use a fixed image and all software on the machine is fully managed. To minimize the surface area of risks, only selected activities are allowed, and users cannot accidentally circumvent the design of the admin workstation since they don’t have admin privileges on the box. To further protect the workstations, any access must be done with a smartcard and access to each one is limited to specific set of users.

Finally we maintain a small number (fewer than five) of “break glass” accounts. These accounts are reserved for emergencies only and secured by multi-step “break glass” procedures. Any use of those accounts is monitored, and triggers alerts.

Threat detection

There are several automatic checks we do regularly, every few minutes to ensure things are operating as we expect, even as we are adding new functionality required by our customers:

• Breach detection: We check for patterns that indicate breach. We keep adding to this set of detections regularly. We also use automated tests that trigger these patterns, so we are also checking if our breach detection logic is working correctly!
  
• Penetration tests: These tests run all the time. These tests try to do all sorts of things to compromise our service, and we expect these tests to fail all the time. If they succeed, we know there is something wrong and can correct it immediately.
  
• Audit: All administrative activity is logged. Any activity that is not anticipated (such as an admin creating accounts with privileges) causes alerts to be triggered that cause us to do deep inspection on that action to make sure it not abnormal.
  

And did we say we encrypt all your data in Azure AD? Yes, we do – we use BitLocker to encrypt all Azure AD identity data at rest. What about on the wire? We do that as well! All Azure AD APIs are web-based using SSL through HTTPS to encrypt the data. All Azure AD servers are configured to use TLS 1.2. We allow inbound connections over TLS 1.1 and 1.0 to support external clients. We explicitly deny any connection over all legacy versions of SSL including SSL 3.0 and 2.0. Access to information is restricted through token-based authorization and each tenant’s data is only accessible to accounts permitted in that tenant. In addition, our internal APIs have the added requirement to use SSL client/server authentication on trusted certificates and issuance chains.

A final note

Azure AD is delivered in two ways, and this post described security and encryption for the public service delivered and operated by Microsoft. For similar questions about our National Cloud instances operated by trusted partners, we welcome you to reach out to your account teams.

(Note: As a simple rule of thumb, if you manage or access your Microsoft Online services through URLs ending with .com, this post describes how we protect and encrypt your data.)

The security of your data is a top priority for us and we take it VERY seriously. I hope you found this overview of our data encryption and security protocol reassuring and useful.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

[updated 10/3/2017 to add specific version information about our use of TLS and SSL]

The post How we secure your data in Azure AD appeared first on Microsoft 365 Blog.

Conditional access is one of athe fastest growing services in EMS and we are constantly getting feedback from customers about new capabilities they would like us to add to it. One of the most frequently requested is support for macOS. Customers want to have one consistent system for securing user accessing to Office 365 on all the platforms their employees are using.

So I’m excited to share that Azure Active Directory and Intune now support macOS platform for device-based conditional access! Administrators can now restrict access to Intune-managed macOS devices using device-based conditional access according to their organization’s security guidelines.

With the public preview of macOS device-based conditional access, you’ll be able to:

• Enroll and manage macOS devices using Intune
• Ensure macOS devices adhere to your organization’s compliance policies
• Restrict access to applications in Azure AD to only compliant macOS devices

Get started with macOS conditional access public preview in two simple steps:

Configure compliance requirements for macOS devices in Intune

Use the Intune service in Azure Portal to create a device compliance policy for macOS devices in a few easy clicks:

Configure compliance requirements for device health, properties, and system security per your organization’s requirements.

For more details, go to https://aka.ms/macoscompliancepolicy.

(Important Note: for Conditional Access on macOS to work, the device will need to have the Intune Company Portal app installed).

Restrict access to Azure AD applications for macOS devices

Create a targeted conditional access policy for macOS to protect the Azure AD Applications. Go to conditional access under Azure AD service in Azure portal to create a new policy for macOS platform.

For more details on conditional access policies, go to Conditional Access in Azure Active Directory.

After you’ve taken these steps, macOS users covered in the policy will be able to access Azure AD connected applications only if their Mac conforms to your organization’s policies.

Supported OS versions, applications, and browsers

In the public preview, the following OS versions, applications, and browsers are supported on macOS:

Operating Systems

• macOS 10.11+

Applications

The following Office 2016 for macOS applications are supported:

• Outlook v15.34 and later
• Word v15.34 and later
• Excel v15.34 and later
• PowerPoint v15.34 and later
• OneNote v15.34 and later

Browsers

• Safari

Try it out today and let us know what you think! We look forward to hearing from you.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post Azure AD and Intune now support macOS in conditional access! appeared first on Microsoft 365 Blog.

Making room for a broader IT impact

As CIOs are playing an extended role in the business, the function of IT is also flexing to become more strategic and business focused. To make room for this expanded responsibility, IT organizations are undergoing efforts to optimize traditional IT operations and services—with a focus on increasing agility, reducing costs, and maintaining security. Organizations are also looking to empower employees with a more connected and holistic approach to managing access while protecting corporate resources. This focus on greater agility and better experience for employees, while maintaining security and holding down costs, is one of the key drivers of Enterprise Mobility + Security’s (EMS) market success.

EMS has rapidly become a leading choice because it delivers what customers tell us they need most to transform their businesses – a comprehensive yet flexible born in the cloud service that meets a broad set of mobility and security needs in an integrated way. EMS led on bringing identity and access management together with mobile device and application management. EMS has kept pace with industry shifts and customer feedback by incorporating new security solutions such as advanced threat analytics and cloud access security. EMS has also shown it can reduces overhead by addressing customer needs in one place; avoiding the pain of integrating point solutions from many different vendors.

A new EMS experience delivers increased IT Pro productivity

Over the last few months, we have turned the dial further and introduced new administrator experiences for Azure Active Directory, Microsoft Intune, conditional access, and Azure Information Protection in the new Azure portal. This collective move delivers a unified admin experience for these core EMS services that boosts IT Pro productivity and helps you get more out of EMS. The new console simplifies the configuration and management of powerful cross product workflows, such as conditional access, allowing you to define complex access management policies across Azure AD and Intune within a single interface. It also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organization’s on-premises Active Directory.

Identity is at the core of mobility strategies and we often find our customers first workload to deploy is Azure AD. This new environment makes it easy for you to scale your Azure AD groups and policies to protect at deeper levels using Intune and Azure Information Protection. Let’s say you defined a set of Azure AD and conditional access policies to protect your Office mobile apps, you can now easily find your way to Intune to set device and app protection policies to ensure your data remains protected even after it’s been accessed. From there, you click into Azure Information Protection to set encryption policies that protect your data no matter where it travels. You can even create a custom dashboard in Azure that allows you to monitor and control everything at a glance from any device.

Our goal with EMS has always been to empower IT with a holistic and innovative set of tools that protect at the user, device, app and data levels without compromising productivity – streamlining management of mobility and security workflows in the process. This is the driving force behind our move to a unified EMS admin experience, and we are sure that your IT organization will reap the benefits.

Moving forward, we’ll release all new features and enhancements for Azure AD, Intune and Azure Information Protection within the new experience on Azure. You can check out our new admin experience by logging into the Microsoft Azure portal today.

The post Enabling a more strategic role for IT with Microsoft Enterprise Mobility + Security appeared first on Microsoft 365 Blog.

I have great news to share with you today! Gartner released their 2017 Magic Quadrant for Access Management (AM MQ), which shows that Microsoft is placed in the leaders quadrant for our completeness of vision and ability to execute.

The AM MQ is a new MQ. It is a separate entity from the discontinued IDaaS MQ and this is the first time it has been published. Azure Active Directory is the product evaluated in the report.

Gartner 2017 Magic Quadrant for Access Management

We have worked with Gartner to make complimentary copies of the report available, which you can access here

Our opinion is that Microsoft’s amazing placement validates our vision of providing a complete identity and access management solution for employees, partners, and customers, all backed by world-class identity protection based on Microsoft’s Intelligent Security Graph. 

We believe that Gartner’s analysis says a lot about our commitment to the identity and access management space. More importantly, though, Microsoft believes it says a lot about our customers, implementation partners, and ISV partners who have worked with us, sharing their time and energy every day to ensure the products and services we build meet their needs and position them to thrive in a world increasingly driven by cloud technology.

We promise to continue delivering innovative capabilities to address your needs in the identity and access management space and to further improve our position in the leaders quadrant of the Gartner AM MQ.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

The post Azure AD makes the Leaders quadrant in Gartner’s 2017 Magic Quadrant for Access Management! appeared first on Microsoft 365 Blog.

The request I get in these meetings is very clear and consistent: We need efficient solutions that make it easier to manage and control growing complexity; can you help us reduce the complexity we are dealing with?

This is where we bring in the good news:  Managing Intune and Conditional Access together with Azure AD just got a lot easier for our rapidly growing community of IT Professionals. As of today, we have reached two important milestones for Microsoft Intune and for EMS Conditional Access capabilities:  Both new admin experiences are now Generally Available in the Azure portal!

Here’s how Intune’s redesign helps your organization

Intune’s move to the Azure portal is, in technical terms, a really big deal. Not only did the Intune console change, but all of the components of the EMS console experience have now come together. The process of migrating capabilities into the new portal was an incredible opportunity to reimagine the entire admin experience from the ground up – and what we are shipping today is an expression of our unique vision for mobility management shaped by needs of our over 45K unique paying customers.

I love the progress we’ve made here because Intune on Azure is great for our existing customers because they can now manage all Intune MAM and MDM capabilities in one consolidated admin experience, and they can leverage all of Azure AD seamlessly within one experience. Awesome.

There is actually a whole lot more going on “behind the scenes” of the new administrative experience. Not only have the administrative experiences converged, but we also converged Intune and Azure Active Directory onto a common architecture and platform. Converging the architectures dramatically simplifies the work we do to support it, the work you do to use it, and it enables some incredible end-to-end scenarios across Identity and Enterprise Mobility Management.

Here are the 3 things you need to know about Intune on Azure:

1. It’s built to leverage Azure’s hyper scale
   The Azure platform provides huge increases in elasticity and reliability for Intune, and it provides the foundation for nearly unlimited scale. The new admin experience will also run on any browser on any device form-factor. Now you can manage Intune from anywhere – even from your phone!
   The redesigned architecture and new console bring nearly unlimited scale to the service. We currently have customers that are rapidly growing to 100,000s of devices in a single tenant. No problem!  One customers has shared that they associated a sophisticated policy to ~200,000 users – and what took hours in the past was done in less than 3 minutes. Now, because this is built into the Azure console, you get all the rich role-based administration for delegation of authority.

2. It’s optimized for cross-EMS workflows
   With Intune’s move to Azure and the Azure Portal, we now share a console experience with other core EMS services like Azure Active Directory and Azure Information Protection. Having the collective power of these services living side-by-side makes them more effective and easier to manage across identity and access management, MDM and MAM, and information protection workloads.
   For example:  If you’ve just finished creating a set of conditional access policies to control access to data using Intune in the same portal environment, you’re now just a click away from adding additional app protection policies that ensure that your data is protected after it’s been accessed and is in use on mobile devices.
   The Intune transition to Azure also delivers deep integration with Azure Active Directory groups, which can represent both users and devices as native, dynamically targeted groups that are fully federated with an organization’s on-premises Active Directory.

3. You can simplify, automate, and integrate management with Microsoft Graph
   Built on the Microsoft Graph API, the new Intune experience also opens the door for broader systems integration and automation. This means that our customers can now simplify, automate and integrate workflows across Intune and the other services they are using however they see fit. For more information about what you can do with this, I really recommend this post. Microsoft Graph API capabilities are currently in preview; expect a GA announcement for this functionality in the coming quarter.

If you haven’t tried Intune on Azure, we invite you to jump into this new experience with us. To check it out for yourself, log into the Microsoft Azure portal right now.  We’re always listening and learning from your feedback, and we want to hear what you think!  Since we put this into preview in December there have been more than 100k paying and trial tenants provisioned!

Conditional Access – the new admin experience in the Azure portal

The new conditional access admin experience is also Generally Available today. Conditional access in Azure brings rich capabilities across Azure Active Directory and Intune together in one unified console. We built this functionality after getting requests for more integration across workloads and fewer consoles. The experience we’re delivering today does exactly that.

Organizations everywhere face the challenge of enabling users on an ever-expanding array of mobile devices, while the data they are tasked with protecting is moving outside of their network perimeter to cloud services – and all of this happens while the severity and sophistication of attacks are dramatically accelerating. IT teams need a way to quantify the risks around the identity, device, and app being used to access corporate data while also taking into consideration the physical location – and then grant or block access to corporate apps/data based upon a holistic view of risk across these four vectors. This is how you win.

Conditional access allows you to do this and ensure that only appropriately authenticated and validated users, from the compliant devices,  from approved apps, and under the right conditions have access to your company’s data. The functionality at work here is technologically incredible, but it’s not always obvious how granular and powerful these controls really are. The new conditional access experience on Azure now makes the power of this technology crystal clear by showcasing the deep controls you have at every level in one consolidated view:

Now you can easily step through a consolidated flow that allows you to set granular policies that define access at the user, device, app and location levels.  Over the last 6 months, as I have shown this integrated experience to 100s of customers, the most common comment has been:  “Now I completely see what Microsoft has been talking about how Identity management/protection has needed to work with Enterprise Mobility Management to protect our data.” Microsoft’s Intelligent Security Graph is also integrated here, delivering a dynamic risk based assessment into the conditional access decision.

You can also control access to resources based on a user’s sign-in risk via the vast data in. Once your policies are set, users operating under the right conditions are granted real-time access to apps and data – however, as conditions change, intelligent controls kick in to make sure that your data stays secure. These controls include:

• Challenging a user with MFA to prove that they are who they say they are.
• Prompting the user to enroll their device in Intune.
• Guiding the user to make adjustments to their device to meet your org’s security requirements
• Blocking access all together or even wiping a device.
• Granting different access privileges when using a native app (Word) vs. a web app (Word Online)

We believe Microsoft is uniquely positioned to deliver solutions that are this comprehensive and sophisticated yet remain simple to operate. With EMS, these types of functionalities are possible because we’re building them together, from the ground up, to deliver on our commitment for secure and mobile productivity.

You can access the new conditional access console in the menu within both the Intune and Azure AD blades. To see this functionality in action, check out this Endpoint Zone episode.

What’s Next

Our commitment to ongoing innovation means we never stop listening, shipping and reaching for what’s next. Looking ahead, we’ll continue to release new features and enhancements at a steady pace throughout the year.  From this point forward, all new Intune and conditional access features will be delivered in the new portal, so keep an eye out.

Also:  Don’t hesitate to let us know what you think; our dialog with customers is our most valuable development input.

One last note:  This is a really significant day for all of us. I am so pleased with the work that has been done here at Microsoft on the architecture and administrative experiences. I’m happy for the team and what has been accomplished. I am so pleased with the feedback that has come in from so many customers about the richness and vibrancy of the new admin experience as well as how performant the services are. And, at the risk of sounding redundant, I’m happy to hear how much this has simplified your work while delivering incredible new, unique value such as the integrated Conditional Access.

The post The new Intune and conditional access admin consoles are generally available appeared first on Microsoft 365 Blog.