That’s where the promise of AI transformation comes in.

We at Microsoft Digital, the company’s IT organization, have developed and implemented a diverse portfolio of agentic, AI-driven capabilities that are now embedded directly in our day-to-day IT operations. These agentic systems—AI solutions that can reason across data, recommend actions, and, in some cases, execute workflows with human oversight—turn telemetry and insights into action, making our IT infrastructure and processes more resilient, auditable, and proactive.

“We’ve crossed an important threshold in the evolution of AI for IT. We’re now using the capabilities these technologies provide to transform all our core IT services, making everything we do on that side more efficient and secure.”

Brian Fielder, vice president, Microsoft Digital

While your organization’s IT infrastructure may not match our size or complexity, we believe any company can benefit from the AI-driven innovations that we’ve implemented in recent years.

We focus our AI investments across three core areas:

• Network management and infrastructure
• Tenant and device management
• Employee and engineering productivity

We’re also using AI across our IT systems to increase security, both as a standalone initiative and an integrated priority. This principle is baked into all our compliance, vulnerability response, and governance scenarios.

“We’ve crossed an important threshold in the evolution of AI for IT,” says Brian Fielder, vice president of Microsoft Digital. “We’re now using the capabilities these technologies provide to transform all our core IT services, making everything we do on that side more efficient and secure.”

Enterprise IT maturity

This article is part of series on Enterprise IT maturity in the era of agents. We recommend reading all four of these articles to gain a comprehensive view of how your organization can transform with the help of AI and become a Frontier Firm.

1. Becoming a Frontier Firm: Our IT playbook for the AI era
2. Enterprise AI maturity in five steps: Our guide for IT leaders
3. The agentic future: How we’re becoming an AI-first Frontier Firm at Microsoft
4. AI at scale: How we’re transforming our enterprise IT operations at Microsoft (this story)

Pillar One: AI in network management and infrastructure

We have applied AI throughout our global network and IT infrastructure, enabling us to keep up with the ever-increasing demands for capacity and services while reducing disruptions and incidents.

The different innovations we’ve made that fall under this pillar demonstrate the breadth of the opportunity to reimagine IT services with AI.

Supporting enterprise IT at Microsoft: Our three pillars

Network management with AI

• AIOps
• Network infrastructure Copilot (NiC)
• Vuln.AI
• MyWorkspace AI Assistant

Tenant and device management with AI

• Digital Asset Management Copilot
• Works councils and tenant trust review
• Enterprise vulnerability management
• IntelLicense
• myDevice AI Agent

Employee and engineering productivity with AI

• ADO Copilot
• ADO Work Item Assistant
• Automation Hub/Automation Catalog

The impact of AI technologies on enterprise IT operations at Microsoft can be divided into three main areas: network management, tenant and device management, and employee and engineering productivity.

AIOps: Transforming network management with operational excellence

AIOps, or Artificial Intelligence for IT Operations, involves the application of machine learning, big data analytics, and automation to streamline and improve IT operations processes. In Microsoft Digital, we use AIOps to help us to manage our complex global IT infrastructure.

Our AIOps solution leverages sophisticated data insights to detect and remediate network issues before they become impactful. We use our internally developed AIOps tools to turn raw signals and institutional know-how into guided actions that have led to major time and cost savings.

AIOps benefits include:

• Enhanced productivity: AIOps reduces cognitive load by automating routine tasks, allowing teams to focus on more strategic activities.
• Proactive issue resolution: AIOps executes automatic troubleshooting and remediation, minimizing downtime and reducing incident impact.
• Improved decision-making: AIOps leverages advanced analytics and machine learning to provide actionable insights, which enhances our decision-making capabilities.

The impact of our AIOps work is huge: thousands of hours of engineering time saved and a significant reduction in total disruption time for employees across the company’s global workforce.

Related products:

Microsoft 365 Copilot and Azure AI Services

NiC: A network engineer’s companion

Our Network Infrastructure Copilot (NiC) serves as an everyday companion for our network engineers and field IT professionals. With NiC, our IT pros can use natural-language queries to gain quick, accurate insights into network health, configuration states, documentation, troubleshooting resources, and live device data—all in one place.

Some of the typical use cases for NiC include:

• Summarizing syslogs for specific devices
• Recommending circuit upgrades
• Checking deployment status
• Listing devices missing required controls (such as AuditD)

In aggregate, NiC streamlines network device lifecycle management and operation, delivering significant time savings while improving the consistency of operational decisions.

Related products:

Microsoft 365 Copilot, Microsoft Foundry, Azure OpenAI, Azure Data Explorer

Vuln.AI: Proactively keeping our systems safe

Leaving just a single connected device unpatched could put our entire enterprise at risk. That’s why we developed Vuln.AI (Vulnerability Management Copilot), our intelligent agentic system that has transformed the way we identify, prioritize, and resolve these vulnerabilities across our enterprise network.

Vuln.AI coordinates two agents that enable our network engineers to gather, analyze, and respond to vulnerabilities proactively using AI insights. The research agent maps the vulnerability to the Microsoft infrastructure, significantly increasing accuracy and reducing manual effort and time involved. It then feeds this information to an interactive AI agent, which becomes a gateway for a security engineer or device owner to interface with the data, ask detailed questions, and gather the required information.

Thanks to Vuln.AI, we’ve been able to accelerate infrastructure compliance, reduce exposure windows, streamline security operations, improve endpoint hygiene, and lower operational risk. Our data show thousands of hours of engineering time saved and meaningful improvement in the accuracy of impacted-device identification.

Related products:

Microsoft 365 Copilot, Microsoft Foundry, Azure OpenAI, Azure Data Explorer

MyWorkspace AI Assistant: Scaling support to meet demand

Engineering disciplines across Microsoft rely on production-like Azure lab environments for testing Windows updates, investigating incidents, and building customer demos. We created the MyWorkspace AI Assistant to enable the rapid creation and management of these lab environments in the face of increasing user demands across our operations. This tool uses AI to help speed tasks such as the development and testing of Windows updates, investigating security incidents, and creating prototypes for customer demos.

Time is a critical component for all lab scenarios, whether it be resolving a customer support issue or testing a Windows Update ahead of a patch release. Our goal is to reduce “Customer Pain Time” (CPT), which measures the amount of time it takes to solve a customer’s problem. Every hour saved in the support process represents a multi-hour reduction in customer pain.

Our most recent data shows that My Workspace AI Assistant reduced tickets submitted to our Tier 1 teams by 50% and saved 500 hours by leveraging support chats, configuration guides, and other artifacts In addition, new user onboarding training tickets were reduced by 90%, and individual support interaction time was reduced from an average of 20 minutes to 30 seconds.

Related products:

Azure OpenAI, Azure Cognitive Search, Azure Bot Framework, Azure Adaptive Cards

Pillar Two: Tenant and device management

One of the most complicated dimensions of managing IT services at Microsoft is our tenant. This refers to the internal instance of all our cloud services, including Teams channels, SharePoint sites, Power BI workspaces, apps, and email accounts, as well as the millions of devices used by our global workforce.

In Microsoft Digital, we’ve developed a number of AI-powered tools and solutions to help us manage this gigantic management challenge.

Digital asset management with AI: Governing the tenant

Microsoft empowers our employees to create assets—apps, groups, sites, Power Platform environments, Power BI workspaces—at self-service speed, and our governance must match that pace. Our Digital Asset Management Copilot is a multi-agent solution that surfaces risk and policy violations, recommends fixes, and enables self-service remediation.

Our employees can access a Copilot-like experience to self-manage their assets and ensure app compliance accountability. The agent surfaces insights and recommendations related to asset compliance like oversharing of sensitive documents, highlights tenant assets that pose a security risk, offers remediation mechanisms, and can execute compliance tasks with end-user or admin validation.

The benefits include a more secure enterprise tenant and an embedded culture of compliance: Simplify compliance responsibilities, making them intuitive and seamless for our employees. Success is gauged through end user NSAT scores from our compliance solutions.

The scope of this tool spans more than 1.5 million digital assets in the tenant. The benefits include a more secure enterprise tenant and an embedded culture of compliance. With the help of the Digital Asset Management Copilot, we aim to reach our overall goal of 90% compliance with policies covering ownership, labeling, oversharing, and periodic attestation across the tenant.

Related products:

Microsoft 365 Copilot, Dynamics 365 Copilot, Azure AI Service, Power BI Copilot

Works councils and tenant trust reviews: Optimizing tenant onboarding

In the past, fragmented and manual processes around works councils and tenant trust reviews consultations in the European Economic Area  could result in delays to our product launches by as much as four to six months. Our AI-driven optimization program streamlines the end-to-end process, improving submission quality and routing and providing other efficiency recommendations.

The result of these efforts is significant: We’ve managed to reduce the average works councils and tenant trust review cycle times from 133 days to 40—about a 70% improvement—while strengthening trust and transparency across roughly 17 European Economic Area countries.

Related products:

Microsoft 365 Copilot, Azure AI Service, Power BI

Enterprise Vulnerability Management: Reducing risk to our device fleet

Our extensive companywide Windows device fleet is exposed to vulnerabilities for extended periods after remediations (patches) are applied, increasing the risk of security breaches and operational inefficiencies. Relying on manual processes can lead to slow response times.

Enterprise Vulnerability Management (EVM) is a multi-phase strategy that uses AI technology in combination with Microsoft first-party vulnerability management solutions to proactively secure and maintain the fleet. While Vuln.AI helps us keep our enterprise infrastructure safe and secure, EVM does the same for our fleet of Windows devices.

EVM minimizes risk and reduces manual effort by integrating advanced detection, automated remediation, and compliance acceleration, minimizing risk and manual effort. This holistic approach ensures our devices stay secure and compliant with minimal IT intervention, delivering resilient, self-healing endpoints across the enterprise.

AI-driven EVM delivers measurable impact across our security, compliance, and IT efficiency. Our goal is to reach 95% compliance within a week of a major patching event while reducing operational overhead and enhancing enterprise resilience.

Related products:

Windows Autopatch, Intune, Windows Update

IntelLicense: Our AI-driven license optimization and audit readiness

Managing a software estate the size of ours—including 28 disconnected systems, 400,000 software assets, and more than 800 suppliers—requires license intelligence. IntelLicense is a set of advanced, AI-driven solutions we’ve developed to help us revolutionize our software discovery and acquisition processes.

These solutions optimize our software asset management throughout the enterprise software lifecycle, reducing fragmented data, lowering audit risk, and accelerating decision-making. These changes have delivered substantial cost savings and efficiency improvements. One standout example: Our external vendor audits that previously took an average of 154 days are targeted to drop to about 15 minutes, thanks to IntelLicense changes.

Related products:

Microsoft 365 Copilot, Microsoft Fabric, Power BI Copilot, Microsoft Foundry, Azure AI Service

myDevice AI: Transforming our IT asset management

Ensuring the security of our physical assets requires a unified and accurate inventory. Fragmented IT asset data leads to inconsistent policies and exposes vulnerabilities, making it difficult for security teams to quickly isolate threats and limit potential impact.

The myDevice AI Agent advances an AI-native approach to IT asset management across our IT tenant. The agent automates our high-volume employee requests, clarifies inventory, and streamlines our procurement. While this is occurring, the agent’s recommendation engine matches devices to our users’ needs to improve satisfaction and security.

Early results from myDevice AI include an approximately 50% reduction in time and costs in asset management (eliminating thousands of hours in manual processes annually), as well as improved security and a more personalized device-procurement experience for employees. In time, we will broaden this impact as agentic workflows expand to include labs, printers, conference rooms, and Internet of Things devices.

Related products:

Microsoft 365 Copilot, Azure AI Service

Pillar Three: Our employee and engineering productivity

Building the software and systems needed to power Information Technology at Microsoft is a time-intensive job. Our engineers have been hard at work building AI-powered solutions that make building and maintaining those systems more efficient and streamlined, answering the question, “How can we apply AI to make this more efficient?”

Here are a few of the solutions we’ve found to help cut down the time and effort involved in some of the routine, day-to-day IT procedures that help keep our systems running smoothly.

ADO Copilot: AI with Azure DevOps

ADO Copilot empowers all our developers and product managers by providing instant, AI-driven insights and automation within Azure DevOps (ADO). This AI-driven assistant seamlessly integrates into ADO and acts as a “trusted copilot” with natural-language capabilities that automate workflows; enhance productivity, compliance, and velocity; and amplify decision-making across the planning, building, and deployment phases.

This agentic solution reduces the time we spend searching for information, managing permissions, planning sprints, summarizing KPIs, and resolving engineering friction points. It enables our engineering teams to move from planning to execution faster and with greater quality and consistency.

The early results from our use of this tool show extensive time savings, which projected over a full year would mean 73,000 fewer hours of engineering time required for the same output.  We’ve also seen greater developer satisfaction and faster movement from planning to execution.

Related products:

Azure DevOps, Azure AI Service

ADO Work Item Assistant: Automating our ADO processes

Building consistent, high-quality ADO work items manually can be time-consuming and prone to errors. Our ADO Work Item Assistant is a generative AI-powered tool that streamlines the creation and understanding of Azure DevOps work items, including features, user stories, tasks, bugs, and custom item types.

The benefits of our assistant include:

• Greater efficiency: The potential to cut the amount of time it takes to craft an ADO feature or user story in half (50%).
• Project delivery enhancement: A streamlined approach mitigates errors and inconsistencies.

By leveraging the power of AI within Azure DevOps, we can significantly simplify and accelerate the work-item authoring process for our product management and engineering teams, improving quality and reducing workload.

Related products:

Azure DevOps, Copilot Studio, ES Chat

Automation hub and catalog: Solving task fragmentation

Large enterprises face major productivity challenges stemming from scattered information, fragmented systems, and reliance on numerous disconnected apps. This fragmentation leads to increased meetings, duplicative effort, and significant time spent on lower-level tasks.

Automation Hub/Automation Catalog is our customizable Teams app—built on Power Platform and Power Catalog—that addresses this challenge by applying AI-powered automation solutions that integrate seamlessly with your existing systems. Common automations include a daily consolidated task list, cancelled-meeting alerts, flags for important emails, and nudges on unanswered messages. The app streamlines workflows and jump-starts productivity gains, enabling you to enhance operational efficiency while maximizing your ROI.

Related products:

Microsoft 365 Copilot, Microsoft Teams, Power Platform

The future of AI in IT

As enthusiastic as we are about our progress so far, we’re even more excited about the great potential that AI agents show in terms of lowered costs, time saved, and boosted productivity across our IT operations.

“The advent of AI agents is the next big step in AI-powered innovation. We are actively working towards our vision of deploying, governing, and managing a fleet of agents across our IT organization, pushing Microsoft to the boundaries of the AI Frontier.”

Monika Gupta, partner group engineering manager, Microsoft Digital

We’re anticipating that these solutions will continue to scale up as we further optimize and standardize large language models and agent patterns in our engineering organizations. Multi-agent orchestration will make an impact on governance and vulnerability response, and autonomous actions will become more common in everyday IT workflows. Measurement rigor will continue to sharpen, ensuring that value is tracked and amplified as AI tools and technologies proliferate across the enterprise.

“As exciting as it’s been to see the many practical applications of AI across our IT portfolio the last two years, 2026 is shaping up to be even more exciting,” says Monika Gupta, partner group engineering manager in Microsoft Digital. “The advent of AI agents is the next big step in AI-powered innovation. We are actively working towards our vision of deploying, governing, and managing a fleet of agents across our IT organization, pushing Microsoft to the boundaries of the AI Frontier.”

Key takeaways

Here are some important factors to consider as you contemplate adding AI tools and innovations to your IT operations and workflows:

• Think holistically: Evaluate the major categories of your IT organization where AI can drive transformation—network management, tenant and device governance, and employee productivity.
• Leverage AIOps for resilience: Use AI-driven operational tools to automate troubleshooting, reduce downtime, and improve decision-making across your network infrastructure.
• Embed compliance into workflows: Implement AI-fueled governance solutions that make compliance intuitive and self-service, reducing risk while fostering a culture of accountability.
• Accelerate vulnerability response: Adopt multi-agent AI systems to proactively identify, prioritize, and remediate security vulnerabilities, minimizing exposure windows and operational risk.
• Boost productivity with AI assistants: Deploy AI Copilots and automation hubs to streamline engineering tasks, reduce cognitive load, and eliminate inefficiencies caused by fragmented systems.
• Plan for scale and autonomy: Prepare for the next wave of AI in IT—multi-agent orchestration, autonomous workflows, and rigorous measurement frameworks to amplify value across the enterprise.

Try it out

Learn more and sign up for a free trial of Microsoft Azure AI apps.

Related links

• Learn how we’re enhancing our network reliability with AIOps and Network Infrastructure Copilot.
• Find out more about our AI-powered leap into vulnerability management at Microsoft.
• Check out our playbook for becoming a Frontier Firm in the AI era.
• Explore our 5-step guide to enterprise AI maturity.
• Discover how we’re transforming the employee experience at Microsoft with AI.
• Read about how we’re using AI to reinvent our network security practices.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post AI at scale: How we’re transforming our enterprise IT operations at Microsoft appeared first on Inside Track Blog.

We’re taking this challenge head-on today, working to build trust between leaders and employees using all the communications strategies at our disposal. One of the most effective tools we employ to meet this goal is Microsoft Viva Engage, a powerful platform that facilitates two-way communication on the front end and provides rich analytics and insights on the back end.

Viva Engage is integrated with Microsoft Teams, Outlook, and SharePoint, which allows us to better connect with our employees in the flow of their work.

Another key internal communications channel is Ask Me Anything (AMA) events, which give our senior leaders the opportunity to have an authentic dialogue with employees. These events take full advantage of the combined power of Viva Engage and Teams to produce outstanding results.

“When we look at our most effective channels for informing and connecting with Microsoft employees, Viva Engage and AMAs are among the top,” says John Cirone, senior director of global employee and executive communications. “Those channels didn’t really exist three years ago, so that’s a sign of how our internal comms practices continue to evolve as we lean more into a social-first, two-way dialogue approach to our communications.”

As the company embraces its role as an AI-first Frontier Firm, we are connecting with our employees more deeply than ever before, keeping them tightly engaged with our mission and overall goals.

“Trust has proven to be this magical, key ingredient in driving change and strengthening engagement between employees and leaders. Viva Engage and Ask Me Anything events are extremely valuable in helping us foster trust, encourage authenticity, and listen to our employees at scale.”

John Cirone, senior director of global employee and executive communications

Building trust to change our culture

When Satya Nadella took over as Microsoft CEO in 2014, he shifted our company culture from being siloed and internally competitive to more open, agile, and collaborative. This has led to a lot of change over the last decade, a shift that has been compounded by the AI revolution.

That’s why Cirone and other senior leaders have identified building trust and facilitating two-way communication at Microsoft as linchpin goals of our internal comms strategy.

“Trust has proven to be this magical, key ingredient in driving change and strengthening engagement between employees and leaders,” Cirone says. “This dynamic has only increased in recent years, as studies show that trust is declining across the board in society and within companies worldwide. Viva Engage and Ask Me Anything events are extremely valuable in helping us foster trust, encourage authenticity, and listen to our employees at scale.”

That’s why we’ve diversified our internal comms strategy, going from an approach centered on one-way communication channels (like email) to one that incorporates two-way tools like Viva Engage, a platform that allows employees to express themselves, connect with others, and build community across the company. It also enables our leaders to communicate at the scale of the enterprise with incredible reach.

Nadella himself uses Viva Engage to communicate regularly with the entire organization, posting about twice a month and covering everything from major company news and strategic shifts to more fun, practical content. A recent post by Nadella with ideas for prompts to use in Microsoft 365 Copilot generated more than 2,200 employee reactions. (Viva Engage also allows communicators to easily access detailed analytics, which make it simple to track messaging impact.)

Similarly, holding regular AMAs and Town Hall events with Microsoft leadership in recent years has been a big part of building trust and keeping the company informed and engaged.

“An AMA event is all about trying to address the questions that are most on our employees’ minds,” Cirone says. “It’s a chance for our leaders to demonstrate listening and responding at scale, by tackling key topics in a timely manner. I see it as part of our overall company belief in the importance of listening and commitment to two-way dialogue.”

“One of the most important shifts in our strategy for Viva Engage is the deep integration of the community experience into Teams. It’s not just a technical integration—it’s a fundamental change in how leaders and employees connect, collaborate, share knowledge, and build trust in the flow of work.”

Jason Mayans, vice president of product management and analytics, Viva Engage

Reaching employees in the flow of work

Another powerful aspect of Viva Engage is that it works seamlessly with Microsoft Outlook and Microsoft Teams, allowing communicators and admins to reach employees where they spend most of their time working.  

“One of the most important shifts in our strategy for Viva Engage is the deep integration of the community experience into Teams,” says Jason Mayans, vice president of product management and analytics for the Viva Engage product group. “It’s not just a technical integration—it’s a fundamental change in how leaders and employees connect, collaborate, share knowledge, and build trust in the flow of work.”

Evolving communication with Viva Engage

This is a huge step, because so many of our employees use Teams as their main communications hub. Viva Engage community content and conversations can now be brought directly into their daily work experience, side by side with their other chats and channels.

For communicators, this means they can create one announcement and send it out across Outlook, Teams, and Viva Engage (or whichever subset of channels they prefer). Then, they can use the AI-powered analytics provided by the software to monitor engagement at different levels.

“In the analytics tool you can see the types of engagements that your people are having, and through what interface—Viva Engage for the web, Teams, and Outlook,” Mayans says. “You can see how they’re interacting. You can monitor sentiment and theming to give you deeper insight into what people are talking about. You can see a summary view, or you can drill down to see analytics on individual conversations. It’s incredibly powerful.”

Engaging employees through major campaigns

This year marked Microsoft’s 50^th anniversary, and our internal communications team wanted to honor the occasion by building both awareness and engagement across the company. So, they developed a “50 Change-Making Moments” countdown campaign to highlight major company milestones over the years.

Viva Engage was an integral part of this effort, providing a central platform for storytelling across the company, allowing both leaders and employees to share their reflections.

The results spoke for themselves.

“Over the course of several months, the campaign ended up reaching almost the entire company and had an 89% net positivity rating,” Cirone says. “The leaders’ posts sparked employees to share their own memories, which generated super-strong engagement and a great lead-up to the all-company anniversary celebration.”

Another major campaign we do every year at Microsoft centers around our Employee Giving Program, which began more than four decades ago and has been a long, sustained success story. Over the history of the program, Microsoft and its employees have contributed more than $3.4 billion to support charitable causes.

“We leveraged Viva Engage to help promote the Giving Campaign across the company, which produced a ton of enthusiasm. Leaders and employees could post about their favorite nonprofit causes, and we were able to highlight some great stories about how the campaign is making a difference in the world.”

Amy Morris, director of global employee and executive communications and employer brand

As part of this campaign, Microsoft matches every dollar our employees give to eligible nonprofits. When employees volunteer their time for an approved cause, the company also donates $25 per volunteer hour to the nonprofit.

Since giving is such a significant part of our company culture, we’ve used Viva Engage extensively for the past two years to help employees rally around the annual campaign.

“We leveraged Viva Engage to help promote the Giving Campaign across the company, which produced a ton of enthusiasm,” says Amy Morris, director of global employee and executive communications and employer brand. “Leaders and employees could post about their favorite nonprofit causes, and we were able to highlight some great stories about how the campaign is making a difference in the world.”

Balancing dialogue with respect and accountability

The growth of two-way internal employee communications in Viva Engage has built trust and increased engagement, but it’s also driven the need for more robust communications governance. We’ve had to implement comprehensive safeguards that ensure digital safety, respect, and accountability on Viva Engage.

Our employees have strong opinions on topics ranging from cafeteria menus to the latest political news. Our goal is to ensure that sensitive conversations stay in places where those who wish to participate can opt into them, rather than spilling out into the company at large.

“You have to balance the risks and rewards of creating this open, transparent space for employees to communicate,” Morris says. “We’ve learned quite a bit in the last couple years, and we’ve developed systems for monitoring employee sentiment on different hot-button issues and moderating content on Viva Engage.”

Making sure the right governance protocols are in place allows us to listen to our employees while protecting their colleagues and the company as a whole.

“We want a corporate communication space that is vibrant, yet remains respectful and safe. The goal is balance. That’s why we’ve partnered across IT and other teams at Microsoft to establish the right protocols and tools that help us maintain digital safety companywide.” 

Ife Kolawole, senior product manager, Microsoft Digital

Ife Kolawole is a senior product manager for Microsoft Digital, the company’s IT organization. One aspect of his work centers around driving the development and improvement of content moderation tools for Viva Engage, which are a crucial part of creating a safe and supportive environment at Microsoft.

“We want a corporate communication space that is vibrant, yet remains respectful and safe,” Kolawole says. “The goal is balance. That’s why we’ve partnered across IT and other teams at Microsoft to establish the right protocols and tools that help us maintain digital safety companywide.” 

With nearly 5,000 different Viva Engage communities across the company, moderators need help identifying sensitive posts in a timely way. Kolawole, who also serves as a moderator for the platform, appreciates the power of AI in helping him do that work proactively at scale.

“Viva Engage features an AI-powered moderation tool that intelligently detects sensitive themes and keywords before a potentially problematic post can gain traction,” he says. “It helps us preserve respectful, productive dialogue at scale and fosters a trusted collaboration and communication space.”

Communicating for meaningful change

Internal communications is a huge part of what we do at Microsoft—and it’s not something masterminded by just a few people at our corporate headquarters. That’s why Cirone and Morris lead Global Employee & Executive Communications (GEEC), a community of more than 1,000 communications professionals scattered throughout our global operations.

The GEEC organization works collaboratively to align messaging, elevate executive voices, and build trust across the company. Its members are constantly deploying new tools—like Viva Engage and Microsoft 365 Copilot—and strategies that increase engagement and strengthen Microsoft’s company culture through communications.

“Our goal is never to just adopt a new IT tool—our goal is to change the company,” Cirone says. “We don’t do internal comms for the heck of it. We do it to create dialogue, to listen, to inform, and to drive cultural change for the entire organization, so that our employees can to do their best work.”

Key takeaways

Here are a few principles to be aware of as you consider your own internal communications strategy:

• Prioritize building trust between company leaders and employees, which can pay big dividends in the long run. We’ve made this the cornerstone of our internal comms philosophy.
• Two-way communication channels are becoming the best way to connect with employees internally. Tools like Viva Engage and Ask Me Anything events promote dialogue, encourage authenticity, and help employees feel heard.
• Measure your internal comms impact. Viva Engage allows you to capture detailed analytics around reach, engagement, and sentiment so you can understand what topics and types of content are resonating with your employees.
• Leverage integrated tools to communicate across multiple channels. We use the Viva Engage integration with Teams and Outlook to reach employees in the flow of their work, so they don’t have to launch a dedicated outreach tool to stay informed.
• Companywide campaigns are great opportunities to build engagement. Having leaders share their thoughts about company milestones and community-focused initiatives are feel-good moments that encourage employees to share their own experiences.
• Balance openness with safety and respect. Take advantage of built-in moderation tools—including AI-driven features—to flag potentially sensitive posts and limit negative fallout on your comms platforms.

Try it out

• Check out how your organization can benefit from Viva Engage.
• Read our guide for deploying and driving adoption of Viva Engage.

Related links

• Learn more about our Global Employee & Executive Communications (GEEC) community at Microsoft.
• Find out how we’re accelerating a cultural transformation at Microsoft through Viva and AI.
• Discover how we’re deploying Microsoft 365 Copilot in Viva Engage.
• Read about how Microsoft Viva became a business transformation engine at Microsoft.
• See how we’re driving Microsoft 365 Copilot adoption with help from Viva Engage.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Supercharging our internal communications at Microsoft with Viva Engage appeared first on Inside Track Blog.

They dubbed it the “Scream Test.”

“We didn’t have a great server inventory and tracking system, and we didn’t always know who owned a server,” says Brent Burtness, a principal software engineer in Commerce Financial Platforms, who was one of the leaders for the effort in his group. “So, we essentially just turned them off. If someone screamed—‘Hey, why’d you turn off my server?’—then we’d know it was still being used.”

Today, the basic idea behind the Scream Test is being used across the company, but in a more holistic way. Importantly, it’s been incorporated into the overall lifecycle management of our computing infrastructure. And, through the automation tools provided by Microsoft Azure, we have a much more efficient process for making sure that we’re saving time and money by reducing the number of underused machines we operate, monitor, and maintain.

“We thought we were going to get rid of a small number of machines that weren’t being used. But we found the actual share was about 15% of all machines, which saved us a lot of effort of moving those unused machines to the cloud. In other words, we downsized on the way to the cloud, rather than after the fact.”

Pete Apple, cloud network engineering architect, Microsoft Digital

Uncovering more than expected

The Scream Test was part of the huge effort to evaluate our on-premises compute resources before we began moving to the Azure cloud. After all, why spend resources moving something that isn’t needed?

Pete Apple, who helped develop the concept of the Scream Test, is a cloud network engineering architect in Microsoft Digital, the company’s IT organization. Looking back, he remembers the surprising results that emerged when they began shutting down specific servers to see who noticed.

“We thought we were going to get rid of a small number of machines that weren’t being used,” Apple says. “But we found the actual share was about 15% of all machines, which saved us a lot of effort of moving those unused machines to the cloud. In other words, we downsized on the way to the cloud, rather than after the fact.”

As part of this process, Apple explains, our engineers looked at two related factors to reduce inefficiencies in our usage of computing resources.

The first was to identify systems that were used infrequently, at a very low level of CPU (sometimes called “cold” servers). From that, we could determine which systems in our on-premises environments were oversized—meaning someone had purchased physical machines according to what they thought the load would be, but either that estimate was incorrect or the load diminished over time. We took this data and created a set of recommended Microsoft Azure Virtual Machine (VM) sizes for every on-premises system to be migrated.

“We learned that there’s a lot of orphaned, or underutilized, resources out there,” Burtness says. “These were cases where the workload was so small on a server—like under 5% CPU—that it didn’t make sense to host it on its own machine. We could then move the task or application and get it down to just one or two CPUs on a virtual machine.”

At the time, we did much of this work manually, because we were early adopters. The company now has a number of products available to assist with this review of your on-premises environment, led by Azure Migrate.

Another part of the process was determining which systems were being used for only a few days a month or at certain busy times of the year. These development machines, test/QA machines, and user acceptance testing machines (reserved for final verification before moving code to production) were running continuously in the datacenter but were really only needed during limited windows. For these situations, we applied the tools available in Azure Resource Manager Templates and Azure Automation to ensure the machines would only run when needed.

Automating with Azure

Today, we don’t have to rely on anything as crude as the Scream Test to find unused and underused computing resources. With 98% of our IT resources operating in the Azure cloud, we have much greater insight into how efficient our network is, so much of the process can be automated.

“We’ve found this effort much easier to manage in the cloud, because all our computing resources are integrated with the Azure portal,” Apple says. “They have an API system and offer various tools within Azure Update Manager and Azure Advisor to help with cost efficiency. It’s kind of like a modern version of Clippy—’Hey, it looks like your VM isn’t being used much. Do you want to downsize that or turn it off?'”

(For the uninitiated, Clippy was the Microsoft Office animated paperclip assistant introduced in the late 1990s. It offered tips and help with tasks, like writing and formatting documents. Clippy became iconic for its quirky suggestions, including recommending that you remove things from your desktop that you weren’t using.)

“With everything being in the Azure portal or in Azure Resource Graph, it’s much more streamlined, and makes it easier to get that data out to the teams. They can then go into the portal and clean up the resource.”

Brent Burtness, principal software engineer, Commerce Financial Platforms

And simply taking the step of turning off stuff that we weren’t using turned out to be very effective. Thanks, Clippy!

Today, we approach this challenge in a more efficient and sophisticated way, taking advantage of Azure tools like Update Manager and Advisor.

“With everything being in the Azure portal or in Azure Resource Graph, it’s much more streamlined, and makes it easier to get that data out to the teams,” Burtness says. “We can run automated queries with Azure Resource Graph. Then we bring that information into our internal Service 360 tool, which we use to give action items to our developers. Each item gives them a link to Azure portal, and they can then go into the portal and clean up the resource.”

Managing for the lifecycle

One of the most important things we learned by using the Scream Test to identify inefficiencies and moving our systems from on-premises servers to the cloud was that it’s an ongoing process, not a fixed-end project.

“We had this idea that it was going to be a one-time event, that we’ll move to the cloud and then we’ll be done,” Apple says. “A better understanding is that it’s a lifecycle. We have integrated this concept of continual evaluation into our processes around everything that’s still on-premises, because we still have labs, we still have physical infrastructure.”

We continue to do this evaluation on a regular basis with both physical and virtual computing resources, because needs and usage are constantly changing.

Cutting our cloud costs

“Now we have a basic process around a six-month cycle,” Apple says. “So, every six months we ask, does this still need to be on-premises or should we start moving it to the cloud? And we do the same thing with our cloud resources. Who’s still using these VMs? And we still go through the same review process to see if it’s needed, or if we can shut it down or move it.”

This has resulted in significant cost savings for the company. “We’re up to about 15% to 20% less compute cost, depending on the organization, because of this much better understanding of our business needs,” Apple says.

Better governance, increased security

Another major benefit of this process was establishing much stronger governance of compute resources across the entire organization.

“When we first did the Scream Test, we weren’t always really sure who owned what, in some cases,” Apple says. “We’ve fixed that as part of this process. This governance aspect is a key part of being more efficient with our resources.”

Burtness explains why this is so important.

“It’s critical to know exactly who to contact when there’s something wrong with the server,” Burtness says. “Now, with clearer ownership, clearer accountability, and better inventory, it’s a much better experience.”

Better governance also means tighter security, according to both Apple and Burtness.

“This is really important when it comes to threat-actor response,” Apple says. “Unused servers can often be an entry point for hackers. Or, say we discover that a machine or server is getting hacked; you need to talk to who owns it. If you don’t know, it takes you longer to track them down and combat the hack. That’s not great. Improving our governance has definitely made securing our environment easier.”

Key takeaways

Here are some things to keep in mind when managing your own enterprise compute resources for greater efficiency:

• It’s not a one-time exercise. For the best results, you should be evaluating your computing resources on a regular schedule to identify ”cold” servers and unused infrastructure.
• Adjust for variable usage patterns. It’s not just about unused servers. Some machines may only be needed for a business function during certain busy times of the year. Consider turning the machines on just to handle the load during those periods and turning them off the rest of the year.
• Use Azure tools for greater insight. If you’re operating your infrastructure in the Azure cloud, you can much more easily monitor and address orphaned resources using automated tools such as Azure Advisor, Azure Resource Graph, and the Azure portal.
• Apply your savings to other priorities. “The more efficient you are, the more savings can be applied to other projects or given back to your manager—who is going to be very happy with you,” Apple says.
• Saving money is not the only benefit. You’ll not only save operating costs, you’ll have a reduced maintenance and monitoring load, better governance, and fewer security vulnerabilities.

Try it out

• Get started on your own cloud journey with the Cloud Adoption Framework for Microsoft Azure.
• Learn about Azure process automation and sign up for a free trial.

Related links

• Read about our IT journey to becoming a cloud-first organization with Microsoft Azure.
• Discover the five principles that guided our move from on-premises infrastructure to the cloud at Microsoft.
• Explore the benefits of Azure Advisor.
• Get more details about the Azure portal.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Moving from a ‘Scream Test’ to holistic lifecycle management: How we manage our Azure services at Microsoft appeared first on Inside Track Blog.

Previously, when our employees had a question or a problem—whether it be a technical issue, an HR query, or just wanting to know what’s for lunch—they had to navigate through a variety of different apps, tools, and SharePoint sites to find the answer or get help with their task.

It was a time-consuming and frustrating experience. But the advent of generative AI has given us a new opportunity.

Microsoft 365 Copilot and the power of agentic AI have created a world where people simply type in questions or requests to get prompt and helpful assistance. Now we’re applying the capabilities of Copilot and agentic technology to the ongoing challenge of employee assistance.

“At Microsoft, our mission is to transform the employee experience with AI solutions that provide personalized and seamless interactions for our employees throughout the workday. What we’ve created with the Employee Self-Service Agent is a powerful example of a solution doing just that.”

Nathalie D’Hers, corporate vice president, Employee Experience

The result is the new Employee Self-Service Agent, a “one-stop shop” providing vetted and personalized solutions to our workers across a range of high-demand topics and tasks, including human resources (HR), IT support, and facilities and real estate.

The agent combines the help functions for human resources, IT support, and facilities and real estate into one tool, allowing our employees to handle a range of tasks, such as requesting parental leave, resolving a problem with their device, or getting something fixed in their office. The Employee Self-Service Agent is available to all Microsoft employees worldwide and is also now available to customers.

“At Microsoft, our mission is to transform the employee experience with AI solutions that provide personalized and seamless interactions for our employees throughout the workday,” says Nathalie D’Hers, corporate vice president of Employee Experience. “What we’ve created with the Employee Self-Service Agent is a powerful example of a solution doing just that.”

The power of a ‘single pane of glass’

The essential premise of the Employee Self-Service Agent is that it serves as the one place for Microsoft employees to go when they need assistance. This means that they don’t have to remember what tool or website offers the best way to handle their question or task—it’s all available in one seamless, AI-powered interface.

“With this agent, we wanted a ‘single pane of glass’ for our employees and managers,” says Rajamma Krishnamurthy, principal PM architect manager for Employee Experience in Microsoft HR. “The idea is that they can come in and get all their questions answered, rather than have to go to multiple tools or URLs in different areas.”

Employee-Self Service screenshot

The workflow is simple—launch Microsoft 365 Copilot, select “Employee Self-Service,” and type in your query. The agent then orchestrates an authoritative response and/or offers a form that can be used to carry out the desired action (auto-populating the form with details from the chat where possible).

“Many support tools that could benefit employees go unused because of limited awareness and the friction involved in completing tasks. This tool gives employees a new way to access that helpful information.”

Prerna Ajmera, general manager, HR digital strategy and innovation

If the question or task can’t be resolved by the agent, it hands the employee off to the appropriate tool, subagent, or support person.

The Employee Self-Service Agent is driving usage of support tools that our employees often overlook.

“Many support tools that could benefit employees go unused because of limited awareness and the friction involved in completing tasks,” says Prerna Ajmera, general manager for HR digital strategy and innovation. “This tool gives employees a new way to access that helpful information.”

An early focus on HR and IT Support

In developing the Employee Self-Service Agent, we initially identified two main categories of employee assistance to focus on: HR and technical support. These are areas that generate millions of internal queries and support cases (help tickets) from our employees every year, which means the potential for a significant return on investment (ROI). (We subsequently added real estate and facilities later in the process.)

In the case of human resources, this meant looking at all the HR experiences that employees need help with and figuring out what could be handled with AI. Whether it was a question or task related to personal time off (PTO), performance, compensation, learning, internal job listings, well-being, or something else, we needed to make sure that the information the agent returned was relevant and helpful to that employee.

This is what distinguishes the Employee Self-Service Agent from Microsoft 365 Copilot Chat, which provides a more general answer that may not apply to that particular worker’s situation, and can’t access all relevant information about that employee.

“When it comes to HR, you need to make sure the answers are coming from authoritative sources, because HR is a very sensitive and vital part of how a company runs.”

Rajamma Krishnamurthy, principal PM architect manager, Employee Experience, Microsoft HR

With Copilot, you might ask for an overview of everything to do with a given project. But when it comes to employee-assistance topics, casting a wide net is not the desired outcome. An employee doesn’t want to hear about HR policies in India when they work in the U.S., or to get Mac-focused tech help when they use a PC. The needs of each of our employees are different, and so we built the agent to reflect that.

A major task in developing the agent was making sure that all the content that it draws from is accurate and up to date. This was especially important for HR-related responses, which sometimes deal with sensitive topics. We’ve carefully thought through privacy and security issues, are following our company Responsible AI principles, and making sure the agent adheres to regulations for each country or region.

“When it comes to HR, you need to make sure the answers are coming from authoritative sources, because HR is a very sensitive and vital part of how a company runs,” Krishnamurthy says. “Our new agent was built so that only vetted sources are responding to these questions.”

One advantage of the Employee Self-Service Agent is its ability to provide real-time assistance. Rather than having to file a ticket and then wait 24 to 48 hours for a response, the employee can get on-demand help and hopefully resolve their problem without waiting. 

“Previously, resolving an HR help request could take a couple of days,” Ajmera says. “These delays often came from the back-and-forth of traditional support channels—‘OK, you told me this; now, what’s the policy for that? What’s next?’ With the agent, employees can get answers in minutes. That’s the beauty of it.”

“The agent’s content is specifically grounded in our authoritative IT service sources, and it also knows relevant details about you as a user. All of this context makes it better at guiding employees to solve their own support issues.”

Trent Berghofer, general manager, Microsoft Digital Modern Support

Agentic assistance to accomplish more

Another differentiator from previous employee assistance tools is that the Employee Self-Service Agent enables task completion, not just information retrieval.

For example, consider technical support (such as dealing with an audio issue on an employee’s device). Our workers are now able to get detailed, contextual, and specific help with their technical issues, helping them solve the issue without having to engage with assisted support and get a ticket created.

An agentic solution for employee assistance

Retrieve

The agent retrieves information from authoritative sources and delivers responses based on contextual data about the employee.

Take action

The agent helps the employee take action right from the chat and avoid having to navigate multiple tools and workspaces.

Extend

The agent is designed to be flexible and customizable, based on the organization’s existing software workflows and third-party solutions.

The Employee Self-Service Agent retrieves authoritative information with natural-language queries and enables users to take action from within the chat.

“The agent’s content is specifically grounded in our authoritative IT service sources, and it also knows about you as a user—that you have this particular device, and the compliance state of that device, and what country you’re located in,” says Trent Berghofer, general manager of the Microsoft Digital Modern Support team. “All of this context makes it better at guiding the employee to solve their own problem, versus doing a generic search on the issue.”

If the employee does have to connect to live support via phone or chat, the technician will have access to their conversation with the agent. This way, the support professional can view details the user has already provided and the solutions that have already been tried. This saves time and decreases frustration.

Task completion is a primary gauge of return on investment (ROI) for the Employee Self-Service Agent. The overall goal across all help categories is for the agent to result in at least 40% fewer support tickets.

Each ticket represents a significant cost to any organization, and those costs add up, especially at large companies. With more than 2 million IT support interactions (via Virtual Agent, chat, and phone) across Microsoft annually, we project that the Self-Service Agent will produce substantial savings in tech support alone.

HR is another area where we hope to generate impact, as employees meet their needs with the Employee Self-Service Agent. Our specific goals include:

• Reduce monthly HR tickets by 44% by mid-2026 through expanded self-service capabilities
• Save employee time with rapid, frictionless fulfillment of requests 
• Boost overall discovery and use of HR programs to deliver increased ROI
• Increase business agility and reduce end-to-end process time

“Once it’s fully adopted, we’re expecting the agent to manage somewhere between 400,000 and 600,000 employee interactions a year that used to result in an HR support ticket,” Ajmera says. “That’s a significant shift and learning curve for our organization, in terms of how employees get help. Scaling the agent up to have this major business impact has been one of the biggest challenges for us.”

Saving time with AI support

Employee time savings is another significant driver of ROI. This is a key part of the third vertical we’ve targeted with the Employee Self-Service Agent—real estate and facilities.

“Before we had the Employee Self-Service Agent, the employee-assistance experience was kind of fragmented across mobile, websites, and physical kiosks. The new agent unifies all of these experiences and puts them in the same place.”

Becky West, principal group product manager, Microsoft Digital

With hundreds of office buildings around the world, including dozens of cafés and other specialized sites, Microsoft must handle a constant stream of employee inquiries and activities related to real estate and facilities. These include things like:

• Transportation – calling a shuttle for a ride between buildings
• Dining – learning where your favorite dish is being served (and ordering it to go)
• Booking a room – locating a space to relax or connect with colleagues
• Lobby and visitor services – registering a campus guest
• Facilities tickets – getting help with a repair or other building issue
• Parking registration – recording where your car is parked
• Maps – finding your way around a building or a campus

“Before we had the Employee Self-Service Agent, the employee-assistance experience was kind of fragmented across mobile, websites, and physical kiosks,” says Becky West, principal group product manager in Microsoft Digital. “The new agent unifies all of these experiences and puts them in the same place. Now our employees can ask questions in natural language, and it guides them through whatever campus experience they need to do—invite a guest, find dining options, create a ticket, etc.”

The number of working hours currently spent by our employees trying to find the answer to their facilities-related question or filling out a form to complete a task is difficult to quantify precisely across such a large organization. But consider just one common exercise: registering a visitor at a Microsoft building.

According to Digital Workplace Services data, in 2024 there were 2 million registered visitors at Microsoft buildings worldwide, with roughly 1.2 million of these considered business-related.

Previously, employees had to email or talk to lobby hosts (front-desk staff) to invite guests to Microsoft; the host would then enter the guest details into the Guest Management System.

Now, the Employee Self-Service Agent provides a simple form within the chat, asking for details like guest name, email, purpose (business or personal), building number, and date. Once the form is submitted, the system generates a confirmation and sends a QR code directly to the guest via email. That alone has the potential to save us 50,000 hours of employee time per year.

“One benefit of this is that anything you can do with Copilot Studio in terms of a custom engine agent, you can do in the Employee Self-Service Agent. Our product documentation goes into detail on how to configure it based on your particular needs.”

Kyle von Haden, principal group product manager, Microsoft 365 Copilot product group

Another great example is a common facilities request, like replacing a light bulb, reporting broken furniture, or workspaces that require cleaning. Instead of having to figure out which tool to use to report the issue and then filling out a request, the individual can go straight to the Employee Self-Service Agent and upload a photo.

“The agent detects the problem based on the image, fills in details, and enables the user to file their service request right from the chat,” West says.

Customizable and extensible

The Employee Self-Service Agent was built with Microsoft Copilot Studio, a tool that enables users to create and extend AI agents. The product is intentionally designed so that our customers can customize it to fit their own business needs using preconfigured workflows and accelerator packs that come with the agent.

“One benefit of this is that anything you can do with Copilot Studio in terms of a custom engine agent, you can do in the Employee Self-Service Agent,” says Kyle von Haden, a principal group product manager for the Microsoft 365 Copilot product group. “Our product documentation goes into detail on how to configure it based on your particular needs. We’re even including code samples that show you how to extend the agent further than what you get right out of the box.”

For instance, many of our customers rely on third-party solution providers such as Workday, SAP, or ServiceNow. So, our development process included producing connectors for some of these third-party offerings, making it easier for customers to integrate the Employee Self-Service Agent into their existing workflows.

This extensibility is an advantage of adopting the Employee Self-Service Agent, according to von Haden.

“The beauty of this product is that it comes with all these accelerators that help customers jumpstart their ability to deliver AI-driven employee assistance, because there’s no inherent limitations,” he says. “They have all the same flexibility they’d get by building a solution from scratch, but they get to build on this Copilot Studio foundation that offers powerful capabilities and will continue to grow as we invest more in it.”

The role of Customer Zero

With a new product like the Employee Self-Service Agent, having Microsoft employees use it as part of their everyday work and then provide detailed feedback was a valuable aspect of the development process. This is the essence of the company’s commitment as Customer Zero.

“For the Employee Self-Service Agent, the role of our internal users as Customer Zero has been incredibly important—in this case, doubly so,” says Kirk Gregersen, corporate vice president of product for Microsoft Viva and Microsoft 365 Copilot Experiences. “Because not only are we learning how to deploy the product in a real, complex environment, but we’re doing it in a world that’s completely new, given all of the changing variables around AI.”

To that end, we began rolling the agent out to employees more than a year ago in a geographically phased approach—first to the United Kingdom and Canada, then India, then to the United States and the rest of the world. Regular communications to employees—via email, Microsoft Viva, and other channels—raised awareness and encouraged use of the agent. And a sophisticated plan for listening and gathering product telemetry was implemented, so that all feedback could be captured and routed back to the product team.

This process was particularly important for building stakeholder trust in the tool. For example, our HR professionals worked closely with the product group to make sure the answers produced by the Employee Self-Service Agent met their high bar for accuracy and reliability.

“Engaging our stakeholders early was key,” Ajmera says. “We iterated with them as they went through the various prompts and responses manually and rated them for accuracy. We learned a lot. It’s still a work in progress, but we’ve gotten to the point where the agent is able to automatically generate responses that meet stakeholder expectations.”

“This product is very significant for us, both from the user perspective and the cost-savings angle. We can get the right answers to and solve issues for our employees faster, which increases their satisfaction and helps them be more effective.”

Kirk Gregersen, corporate vice president, Microsoft Viva and Microsoft 365 Copilot Experiences

This “virtuous flywheel” development process played a role in making the Employee Self-Service Agent better and preparing it for general release, as a feature available to all Microsoft 365 enterprise customers with a Copilot license. That release is expected soon.

Because the agent is built on Microsoft Copilot Studio, it gives us flexibility to adapt and grow as needed. We plan to eventually expand the Employee Self-Service Agent to other key areas across the company, like finance, legal, and more—to become a true single-pane-of-glass portal for all our employees’ needs.

In the end, the agent offers the potential to deliver the kind of impact that only truly breakthrough business software can: delighted users and major ROI.

“This product is very significant for us, both from the user perspective and the cost-savings angle,” Gregersen says. “We can get the right answers to and solve issues for our employees faster, which increases their satisfaction and helps them be more effective. And the solution scales up to real cost savings for the organization.”

Key takeaways

Here are some things to consider when tackling employee assistance at your organization:

• Approach it from the user perspective. Offering a “single pane of glass” portal from which an employee can access help on a wide variety of topics may present some technical challenges, but it meets users where they are and resolves their pain points.
• Start with high-demand categories. We launched our Employee Self-Service Agent journey with two core verticals that offer potential for ROI: HR and IT support. We then added facilities and real estate, in part because the high usage rates (such as for dining and transportation) would drive greater employee awareness and boost user-session numbers.
• Think about task completion. Employees need to not only access authoritative information, they also want the ability to accomplish their goal right from the agent interface. If their issue can’t be handled by the agent, it should be able to make a smooth handoff to the tool that can.
• Spend time up front on data governance. An employee-assistance agent must supply clear, current, and accurate information that is highly relevant to that user. Vague, inaccurate, or irrelevant answers can damage product credibility with your employees.
• Customizable rather than a turnkey solution. It’s important to note that the Employee Self-Service Agent is a flexible template built on top of Copilot Studio; it requires customization by your organization in terms of implementation, categorization, data selection, third-party integration, privacy, legal considerations, and other factors.
• Make sure to collect feedback and iterate. Generative AI tools are still new, and your help solutions can be improved by listening to your employees and acting on what they tell you about their experience.

Try it out

Learn more about the Employee Self-Service Agent.

Related links

• Learn more about our strategic approach to agentic AI internally at Microsoft.
• Find out how we’re transforming the way our employees get help on campus with the Employee Self-Service Agent.
• Read how the Employee Self-Service Agent is helping Puget Sound-based Microsoft employees with their transportation needs.
• Explore how Microsoft HR is using Viva and Copilot to empower our employees.
• Learn how we’re enabling modern support at Microsoft with AI.
• Discover our five-step guide that helps IT leaders get to enterprise AI maturity.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Accelerating employee services at Microsoft with the Employee Self-Service Agent appeared first on Inside Track Blog.

In the past, Julie might have interacted with different apps and websites to get help with each of those tasks. Today, thanks to the power of agentic AI and Microsoft Copilot Studio, Julie can turn to a single portal to handle all of it: the Employee Self-Service Agent.

This agentic tool, which will soon be released publicly as a free add-on for the Microsoft 365 Copilot license, has already made a big impact on the lives of our employees, saving them time, effort, and frustration. We call it the “one-stop shop” experience of employee self-service.

“Before we had the Employee Self-Service Agent, the employee-assistance experience was fragmented across mobile, websites, and physical kiosks,” says Becky West, a principal group product manager in Microsoft Digital, the company’s IT organization. “The new agent unifies all of these experiences and puts them in the same place.” Now our employees can ask questions in natural language, and it guides them through whatever campus experience they need to do—invite a guest, find dining options, create a help ticket, etc.

“Our employees rely on AI tools like Copilot to help get their work done. And the same is now true for resolving an issue related to facilities.”

Becky West, principal group product manager, Microsoft Digital

Of course, employees like Julie also need assistance with other common job-related tasks, like getting their human resources (HR) questions answered or fixing a technical issue with their device.

Those are also important categories included in the Employee Self-Service Agent, something the flexibility and extensibility of Copilot Studio makes possible.

“Our employees rely on AI tools like Copilot to help get their work done,” West says. “And the same is now true for resolving an issue related to facilities, HR, or IT support. We live in an AI-powered world, and this agent meets the moment for our people.”

In this story we share how we’re using the Employee Self-Service Agent in the real estate and facilities space, but it does much more than that. Our employees also use it to get help with IT problems and answers to their HR queries, and we expect to add other key areas soon, such as finance and legal. Available to all Microsoft employees worldwide, the full agent is already delivering a significant boost in productivity, cost savings, and user satisfaction across the company.

Everyday use cases for agentic assistance

Julie might not need IT support or help with an HR issue every day. But she’s always on the hunt for her favorite foods for lunch.

In our existing dining app, employees could look up that day’s menu for a specific building cafeteria, but they couldn’t just ask, “Hey, where can I get some good teriyaki on campus today?”

With the Employee Self-Service Agent, now they can.

“Searching on type of cuisine or dish is one of the top requests we were getting,” says Balaji Radhakrishnan, principal software engineering manager for the dining team. “It was an important feature missing from our existing apps, and we solved that with the employee-assistance agent.”

Employee Self-Service Agent screenshot

Not only can the agent help Julie locate the perfect lunch, it also connects her to the tool where she can order and pay for it. This streamlines the process for her—she doesn’t have to remember which website or app to call up to procure her teriyaki treat. (In the future, we plan to extend the functionality so the agent remembers your previous food choices, and you can order right from the agent.)

Dining is just one of the facilities-related experiences we targeted when developing the Employee Self-Service Agent. Other tasks include:  

• Lobby and visitor services – registering a campus guest
• Parking – registering a car to park on campus
• Maps – navigating around a building or a campus
• Facilities tickets – getting help with office furniture, lighting, HVAC, or other building issue
• Transportation – calling a shuttle for a ride between buildings or finding commuting help
• Finding a space – locating a place to relax, work, or connect with colleagues

“We started out by looking at the services we already offered,” West says. “We thought about what tasks would be in highest demand, where that information or transaction lived now, and how best to surface it. The more we explored the power of the agent, the wider the variety of experiences we were able to incorporate.”

Saving time and reducing frustration

Resolving employee pain points and saving time are two of the key advantages inherent to this area of agentic employee assistance. Consider the common employee task of registering a business-related campus guest (such as an interview candidate or a prospective customer).

“If we can handle 50%—600,000—of these business-related visitor registrations through the Employee Self-Service Agent, that adds up to 50,000 hours of employee time each year.”

Bhavani Paruchuri, senior product manager, Microsoft Digital

According to Bhavani Paruchuri, a senior product manager in Microsoft Digital, in 2024 Microsoft saw more than 2 million registered visitors at our buildings worldwide. Roughly 1.2 million of these were business-related guests.

Previously, employees had to email or talk to lobby hosts (front-desk staff) when they wanted to register a guest; the host would then enter visitor details into the Guest Management System. Now, the Employee Self-Service Agent provides a simple form within the chat, asking for details like guest name, email, purpose, building number, and date. Once the form is submitted, the system confirms it and sends a QR code directly to the guest via email.

“We calculated that this new process could save at least five minutes for each guest registration,” Bhavani says. “If we can handle 50%—600,000—of these business-related visitor registrations through the Employee Self-Service Agent, that adds up to 50,000 hours of employee time each year. So, just in this one area alone, the agent can have a big impact on overall productivity.”

Those savings add up, and quickly.

“Once you start using the agent for dining, you use it daily. As we added in cuisine and price filtering and other functionality that wasn’t available before, you could see it was a big differentiator from what the previous tools could do.”

Erik Downing, principal product manager, Microsoft Digital

One of the reasons we decided to include facilities-related help early on in the development of the Employee Self-Service Agent is that these common tasks would help increase usage of the new portal—building a habit with our workers that would have long-term benefits.

We have already seen employees used to finding a meal with the agent also using it to solve other challenges, including in the HR and Support spaces.

“Once you start using the agent for dining, you use it daily,” says Erik Downing, a principal product manager with Microsoft Digital. “As we added in cuisine and price filtering and other functionality that wasn’t available before, you could see it was a big differentiator from what the previous tools could do.”

West explains how this can have an outsized effect on promoting product adoption.

“If people get in the daily habit of using the agent for these routine tasks, they’ll be more comfortable going to it for other things,” West says. “Then you can really start to scale the agent up and see the larger impact across more areas.”

Filing a service request with the help of AI

Julie gets to work one morning and is dismayed to discover that her adjustable desk will no longer rise to a standing position. She needs to open a facilities ticket for help.

“The AI automatically picks out the problem class and the problem type; presents a form with the details; asks for confirmation; then kicks off the ticket right from there. It’s all in one place, AI-driven, and truly agentic in terms of task completion—and it will only get better.”

Sonaly Choudary, senior product manager, Microsoft Digital

In the past, this would have required Julie to send Facilities an email with a description of the problem, or she would have had to track down the right app or web form for the same purpose.

Now, she can simply snap a photo of the broken desk and upload it to the Employee Self-Service Agent.

The agent will open a form and use information from the photo to create the help ticket right there. This image-based technology, like natural-language chat, is something that our previous apps couldn’t do, which reflects the power of AI. 

“Whether you upload a photo or just describe your issue using natural language, we’ve really pushed this tool to be as agentic as possible,” says Sonaly Choudary, a senior product manager who works on facilities technology products for Microsoft Digital. “The AI automatically picks out the problem class and the problem type; presents a form with the details; asks for confirmation; then kicks off the ticket right from there. And then you can query the agent to get status updates on it. It’s all in one place, AI-driven, and truly agentic in terms of task completion—and it will only get better.”

How Customer Zero makes our products better

Because Microsoft employees are the first ones to use our newest products and features, we have the opportunity to roll them out gradually and test them under actual enterprise-work conditions, which enables us to gather valuable feedback and telemetry. This data is then fed back into the product development process to make key improvements. We call this our Customer Zero philosophy.

“We were pioneers as Customer Zero in showing the need for these services in an employee-assistance portal, and the product group saw that need.”

Michelle Schaefer, principal product manager in Microsoft Digital

In the case of the Employee Self-Service Agent, we began product development by tackling HR and IT support, which were key areas to capture cost savings.

But how could we get even wider usage of the product? We turned to our real estate and facilities functions.

“The facilities and real estate aspect of Microsoft Digital is unique, in that it focuses on the employee experience at the company, literally in the buildings,” says Michelle Schaefer, a principal product manager in Microsoft Digital. “All those tasks—getting lunch, parking, filing a facilities ticket, moving around the campus, inviting a guest—are universal for all our employees. We were pioneers as Customer Zero in showing the need for these services in an employee-assistance portal, and the product group saw that need. And we’re constantly gathering telemetry to learn how our workers can more easily discover the agent and have a better experience with it each time.”

Adding the facilities and real estate category to the Employee Self-Service Agent also helped our engineers learn more about building an agent that presents a “single pane of glass” to the user on the front end but incorporates so many different functions on the back end.

“Our strategy with this new natural-language agent is to augment our existing tools, which brings AI to the experience and gets the user to the right place.”

Thomas Po, senior product manager, Microsoft Digital

Each team has its own tools that compete for our employees’ attention.

“The challenge was to turn all those into a common experience for the user,” says Erik Orum Hansen, a principal engineering manager for Microsoft Digital. “That’s been a learning journey for us, as the organization pivoted to developing a single agent incorporating all these different functions.”

This single-portal approach makes it so much easier for users to explore their options and figure out the best way to accomplish the task, even as the underlying tools are still available.

We still have as many as 15 different tools that employees use today for campus related tasks, but we’re managing them more effectively—now our employees only need to use them when their use case is more challenging or detailed in nature.

“Our strategy with this new natural-language agent is to augment our existing tools, which brings AI to the experience and gets the user to the right place,” says Thomas Po, a senior product manager for Microsoft Digital. “The user may not have the specific facilities app they need on their phone, but everyone has Copilot, right? It’s about giving our employees access to information in more places and connecting them to the right tool or function.”

Employee Self-Service Agent screenshot

The Employee Self-Service Agent can also see when an employee took prior action, recognize that they might want to take the same action again, and suggest that action—for example, suggesting that they may want to reserve a shuttle ride to the same location they’ve visited previously.

“This allows users to have a more contextual, conversational experience,” says Ram Kuppaswamy, a principal software engineering manager in Microsoft Digital. “For example, for transportation needs they can just type, ‘Help me book a campus shuttle,’ and the agent can suggest options based on their previous ride history. Then it can call up a form to help complete the booking. Users really love it.”

Built on the power of Copilot Studio

We built the Employee Self-Service Agent with Microsoft Copilot Studio, a powerful platform that allows you to create and extend AI agents. The agent is designed so that our customers can customize it to fit their own business needs and integrate it with their existing technologies.

“We didn’t want a custom connector; we wanted to go with an out-of-the-box connector that worked with Dynamics,” he says. “There were some product iterations to deal with while we made sure it met Microsoft’s data-compliance standards, but ultimately it made it easier to show customers how simple it is to implement the agent—it’s a very low-code/no-code solution.”

Erik Orum Hansen, principal engineering manager, Microsoft Digital

When we built the part of the Employee Self-Service Agent that handled HR and IT Support needs, we were able to create connectors for major third-party service providers in those areas, such as Workday, SAP, and ServiceNow. (These connectors are now “out-of-the-box capabilities” that are included in the product.)

In the facilities and real estate space, we have numerous vendors that we work with to provide various campus services. Since we already used various existing internal applications to connect employee requests with these vendors, we were able to create connectors for the agent easily using Copilot Studio. More importantly, we were also able to use the out-of-the-box Dataverse connector that worked with our Dynamics 365 data, which cut down on development time.

“The agent functions as a single entry point, which then connects with the Microsoft Dynamics data,” Schaefer says. “We have numerous different facilities vendors in different parts of the world, but we didn’t have to build multiple connectors to those vendors because of the common Dynamics back end.”

Orum Hansen says this caused a small delay in the internal deployment of the product, but that it was worth it in the end.

“We didn’t want a custom connector; we wanted to go with an out-of-the-box connector that worked with Dynamics,” he says. “There were some product iterations to deal with while we made sure it met Microsoft’s data-compliance standards, but ultimately it made it easier to show customers how simple it is to implement the agent—it’s a very low-code/no-code solution.”

“We’re also previewing more multi-agent capabilities that are coming from Copilot Studio, which our customers will be able to incorporate into their own solutions. The product is just going to get richer and richer over time, as it extends into other lines of business.”

Kirk Gregersen, corporate vice president, Microsoft Viva and Microsoft 365 Copilot Experiences

The future of workplace AI

In many ways, we’re still in the early stages of the revolution that AI agents are going to bring to the workplace.

But the Employee Self-Service Agent is a significant early marker on that path.

“The first step is to develop this agent that’s optimized for the HR, IT, and facilities verticals,” says Kirk Gregersen, corporate vice president of product for Microsoft Viva and Microsoft 365 Copilot Experiences. “We’re also previewing more multi-agent capabilities that are coming from Copilot Studio, which our customers will be able to incorporate into their own solutions. The product is just going to get richer and richer over time as it extends into other lines of business.”

As employees like Julie are already finding out, this new era of agentic AI is going to be a major improvement over what came before.

“Most companies already have some kind of employee-assistance portal solution,” Orum Hansen says. “With this new agent, there’s an opportunity to really reimagine the entire experience—to shed some of the old baggage and figure out how to do things differently. It’s going to lead to a more efficient workplace, along with more satisfied employees.”

Key takeaways

Here are a few factors to remember when implementing an AI-powered employee-assistance solution at your company:

• Pick high-value targets. Consider employee needs and the most commonly used assistance functions (using data where available), then develop a solution that addresses those areas. This will drive adoption and daily use of the agent.
• Customize the solution. Take advantage of the extensibility of Copilot Studio to develop an agent that fits your organization’s specific needs.
• Augment existing tools. Your employee-assistance agent can be the front door through which users find the tool they need. Over time, you can retire legacy tools and portals as the agent is able to complete the same functions on its own.
• Go beyond information retrieval. Employees want to be able to carry out tasks right from the agent, so incorporate forms and other technologies that allow them to accomplish their goal as quickly and easily as possible.
• Think outside the box. The image-driven feature we developed for filing a facilities ticket is a great example of applying the revolutionary abilities of AI to solve problems in new and innovative ways.    

Try it out

Learn more about the Employee Self-Service Agent.

Related links

• Read about the full scope of the impact the Employee Self-Service Agent is having on our organization.
• Learn about our strategic approach to agentic AI internally at Microsoft. 
• Explore how the Employee Self-Service Agent is helping Puget Sound-based Microsoft employees with their transportation needs.
• Explore how Microsoft HR is using Viva and Copilot to empower our employees.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Reimagining campus support at Microsoft with the Employee Self-Service Agent appeared first on Inside Track Blog.

Five years ago, as a global pandemic shut down offices and commuting ground to a halt, Microsoft took the opportunity to overhaul the technology underpinning its transportation services. The result was a more modernized and integrated system that employees enjoyed as they resumed work at our Puget Sound-based global headquarters.

“Figuring out their commute should not be a pain point for employees. We’re harnessing our advanced technology and the power of AI to do the heavy lifting, so they don’t have to struggle to figure out how they’ll get to work.”

Garima Gaurav, senior product manager, Microsoft Digital

Today, with flexible work schedules the norm, the investment in these technologies—including improved UIs for employee-facing tools, better data handling and collection on the backend, and a more seamless experience—has paid dividends in terms of flexibility and efficiency.

As rates of in-office attendance creep up, our Commute Services group can quickly adjust and stay on top of demand, leaving us better positioned to meet our company’s ambitious sustainability goals.

And now, we’re embracing the Microsoft vision of an AI-powered future by adding agentic, predictive capabilities to our commuting tools, which makes booking a shuttle, Connector bus, or other transportation option fast and easy for our workers.

“Figuring out their commute should not be a pain point for employees,” says Garima Gaurav, a senior product manager in Microsoft Digital, the company’s IT organization. “We’re harnessing our advanced technology and the power of AI to do the heavy lifting, so they don’t have to struggle to figure out how they’ll get to work or to a meeting in a different building.”

Upgrading the transportation experience

We’ve always had clear goals for the type of transportation program we wanted to bring to our employees.

“The first thing we think about is the rider experience,” says Esther Christoffersen, a senior manager with Puget Sound Commute Operations. “We want to deliver an experience that is centered around ease, flexibility, and choice. We start with the physical world, the environment that we live and work in, and then we think about the digital world that employees interface with.”

But our technology systems didn’t always make it easy to accomplish those goals. So we undertook the overhaul of our commute tools, implementing a modern UI that was more consistent with other Microsoft workplace applications. At the same time, this work allowed our engineers to transform the back-end management of our transportation system, using Microsoft Azure to give them better visibility and clearer ownership of operating data.

Better data and tools meant empowering riders with mobility features like a trip-planning function, push notifications, real-time ETAs, and live vehicle map tracking for our shuttle and Connector bus services.

“We had to think about what really matters,” Gaurav says. “That meant building something modern, real-time, and fast for riders. But we also wanted operational agility for the Commute Services team.”

Getting there with the help of an AI agent

With the right technology in place, these tools are ready for agentic AI—and it’s here. While they can still use our internal desktop or mobile platforms to book a ride to work or a different campus location, employees can now also opt for the Employee Self-Service (ESS) agent we’ve developed.

Jessie Go, a technical program manager in the Real Estate and Facilities group, emphasizes the fluid, end-to-end experience that this AI agent can provide to commuters.

“If I’m a new employee, I want to know my commute options,” Go says. “I go into ESS and ask, ‘What are my options to get to campus?’ The agent gives me a list of commuter choices, and one is the Connector bus. I then ask it to help me book a Connector; the agent pulls up a booking tool and I schedule my Connector ride. It’s so much simpler.”

“The ESS tool is kind of a one-stop-shop Copilot agent, aimed at helping our people with all of their work tasks.”

Becky West, principal group product manager, Microsoft Digital

ESS not only offers a user-friendly Copilot Chat interface, but also the potential to understand the rider’s transportation history and preferences.

“It allows users to have a more contextual, conversational experience,” says Ram Kuppaswamy, a principal software engineering manager in Microsoft Digital. “They can just say, ‘Book me a connector,’ and the agent can suggest options based on their previous ride history. It also offers one-click booking, which is used in 40% of all bookings today. It saves users a ton of time, and they really love it.”

It’s all part of making routine tasks frictionless and more efficient for Microsoft employees.

“We’re bringing the experience right to where the employees live, in the AI chat interface,” Gaurav says. “This way they can get all the information they need in one place, rather than 10 different places.”

Of course, ESS can do more than just help with transportation needs—it’s been rolled out company-wide, with the ability to answer employee questions and solve problems relating to anything from their benefits to IT issues to dining options.

“The ESS tool is kind of a one-stop-shop Copilot agent, aimed at helping our people with all of their work tasks,” says Becky West, a principal group product manager in Microsoft Digital. “In the Real Estate space, that might be help with booking a shuttle or seeing what’s for lunch in the cafeteria. In other areas, it might be getting assistance with questions about vacation policy, or what’s wrong with their computer.”

Keeping sustainable transportation top-of-mind

At Microsoft, we take sustainability seriously. Our transportation program is a key component of that effort.

“We offer shared transportation to employees to reduce single-occupancy vehicles on the road, and we’re transitioning our fleet to electric vehicles,” Christoffersen says. “It’s part of our corporate commitment to be carbon negative by 2030.”

“Our global headquarters in Redmond is the size of a small city, with transportation services that help employees get to, from, and around our campus. We continuously look at the data so that we balance the rider experience with running an efficient operation.”

Esther Christoffersen, senior manager, Puget Sound Commute Operations

Microsoft provides electric vehicle (EV) charging stations at many Puget Sound campus locations for employee use. We also offer transit passes, guaranteed rides home, and other rideshare options, giving commuters maximum flexibility.

The easier it is to access these services, the more single-occupancy vehicles we can remove from the region’s roads, which means less air pollution and traffic congestion for everyone.

Because Microsoft is one of the largest employers in the state of Washington, these efforts can make a real difference.

“Our global headquarters in Redmond is the size of a small city, with transportation services that help employees get to, from, and around our campus,” Christoffersen says. “We continuously look at the data so that we balance the rider experience with running an efficient operation.”

Looking toward the future

As AI-powered tools like the Employee Self-Service agent get even better and more broadly used across the company, our transportation services will continue to improve. We hope these services will eventually be available in other regions as well.

“The overall goal is to expand the discoverability of commute information to our workers around the globe,” Gaurav says. “So, whether an employee is in Silicon Valley, India, or somewhere else, they will be able to ask the AI tool for transportation options where they are located and get assistance. It’s a work in progress for us.”

Key takeaways

If you are looking to improve the transportation experience for employees at your organization, here are some important things to remember:

• Keep your overarching goals front and center. Ease, flexibility, and choice are the three main principles we focus on when aiming to give our employees a first-class transportation experience, and those principles apply to any employee experience we build in Microsoft Digital.
• Think both physically and digitally. Digitally transforming a real-world service starts with the physical experience; finding the intersection between the physical and the digital creates better outcomes for users.
• Meet riders where they are. At Microsoft, this includes offering mobile, desktop, and agentic interfaces, letting our employees choose what works best for them.
• The better the data, the better your service. Gathering relevant data about demand, usage, and satisfaction allows you to produce insights that lead to improved services.
• Use AI to increase personalization. We’re developing an AI agent that knows more about our employees, which allows for easy customization and seamless, pain-free experiences with commute services.

Try it out

• Learn more about the Employee Self-Service agent.
• Explore Microsoft Azure and sign up for a free account.

Related links

• Learn how we’re enhancing flexible work with AI and Microsoft Places.
• Read about our company commitment to sustainability and the role that AI can play in helping meet our goals.
• Discover how Microsoft is transforming the employee experience in the age of AI.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Making transportation seamless and efficient with the power of data and AI at Microsoft appeared first on Inside Track Blog.

Engage with our experts!

Customers or Microsoft account team representatives from Fortune 500 companies are welcome to request a virtual engagement on this topic with experts from our Microsoft Digital team.

At Microsoft, we are proudly a cloud-first organization: Today, 98% of our IT infrastructure—which serves more than 200,000 employees and incorporates over 750,000 managed devices—runs on the Microsoft Azure cloud.

The company’s massive transition from traditional datacenters to a cloud-native infrastructure on Azure has fundamentally reshaped our IT operations. By adopting a cloud-first, DevOps-driven model, we’ve realized significant gains in agility, scalability, reliability, operational efficiency, and cost savings.

“We’ve created a customer-focused, self-serve management environment centered around Azure DevOps and modern engineering principles,” says Pete Apple, a technical program manager and cloud architect in Microsoft Digital, the company’s IT organization. “It has really transformed how we do IT at Microsoft.”

“Our service teams don’t have to worry about the operating system. They just go to a website, fill in their info, add their data, and away they go. That’s a big advantage in terms of flexibility.”

Pete Apple, technical program manager and cloud architect, Microsoft Digital

What it means to move from the datacenter to the cloud

Historically, our IT environment was anchored in centralized, on-premises datacenters. The initial phase of our cloud transition involved a lift-and-shift approach, migrating workloads to Azure’s infrastructure as a service (IaaS) offerings. Over time, the company evolved toward more of a decentralized, platform as a service (PaaS) DevOps model.

“In the last six or seven years we’ve seen a lot more focus on PaaS and serverless offerings,” says Faisal Nasir, a principal architect in Microsoft Digital. “The evolution is also marked by extensibility—the ability to create enterprise-grade applications in the cloud—and how we can design well-architected end-to-end services.”

Because we’ve moved nearly all our systems to the cloud, we have a very high level of visibility into our network operations, according to Nasir. We can now leverage Azure’s native observability platforms, extending them to enable end-to-end monitoring, debugging, and data collection on service usage and performance. This capability supports high-quality operations and continuous improvement of cloud services.

“Observability means having complete oversight in terms of monitoring, assessments, compliance, and actionability,” Nasir says. “It’s about being able to see across all aspects of our systems and our environments, and even from a customer lens.”

Decentralizing our IT services with Azure

As Microsoft was becoming a cloud-first organization, the nature of the cloud and how we use it changed. As Microsoft Azure matured and more of our infrastructure and services moved to the cloud, we began to move away from IT-owned applications and services.

The strengths of the Azure self-service and management features means that individual business groups can handle many of the duties that Microsoft Digital formerly offered as an IT service provider—which enables each group to build agile solutions to match their specific needs.

“Our goal with our modern cloud infrastructure continues to be a solution that transforms IT tasks into self-service, native cloud solutions for monitoring, management, backup, and security across our entire environment,” Apple says. “This way, our business groups and service lines have reliable, standardized management tools, and we can still maintain control over and visibility into security and compliance for our entire organization.”

The benefits to our businesses of this decentralized model of IT services include:

• Empowered, flexible DevOps teams
• A native cloud experience: subscription owners can use features as soon as they’re available
• Freedom to choose from marketplace solutions
• Minimal subscription limit issues
• Greater control over groups and permissions
• Better insights into Microsoft Azure provisioning and subscriptions
• Business group ownership of billing and capacity management

“With the PaaS model, and SaaS (software as a service), it’s more DIY,” Apple says. “Our service teams don’t have to worry about the operating system. They just go to a website, fill in their info, add their data, and away they go. That’s a big advantage in terms of flexibility.”

“The idea of centralized monitoring is gone. The new approach is that service teams monitor their own applications, and they know best how to do that.”

Cory Delamarter, principal software engineering manager, Microsoft Digital

Leveraging the power of Azure Monitor

Microsoft Azure Monitor is a comprehensive monitoring solution for collecting, analyzing, and responding to monitoring data from cloud and on-premises environments. Across Microsoft, we use Azure Monitor to ensure the highest level of reliability for our services and applications.

Specifically, we rely on Azure Monitor to:

Create visibility. There’s instant access to fundamental metrics, alerts, and notifications across core Azure services for all business units. Azure Monitor also covers production and non-production environments as well as native monitoring support across Microsoft Azure DevOps.

Provide insight. Business groups and service lines can view rich analytics and diagnostics across applications and their compute, storage, and network resources, including anomaly detection and proactive alerting.

Enable optimization. Monitoring results help our business groups and service lines understand how users are engaging with their applications, identify sticking points, develop cohorts, and optimize the business impact of their solutions.

Deliver extensibility. Azure Monitor is designed for extensibility to enable support for custom event ingestion and broader analytics scenarios.

Because we’ve moved to a decentralized IT model, much of the monitoring work has moved to the service team level as well.

“The idea of centralized monitoring is gone,” says Cory Delamarter, a principal software engineering manager in Microsoft Digital. “The new approach is that service teams monitor their own applications, and they know best how to do that.”

Patching and updating, simplified

Moving our operations to the cloud also means a simpler and more automated approach to patching and updating. The shift to PaaS and serverless networking has allowed us to manage infrastructure patching centrally, which is much more scalable and efficient. The extensibility of our cloud platforms reduces integration complexity and accelerates deployment.

“It depends on the model you’re using,” Nasir says. “With the PaaS and serverless networks, the service teams don’t need to worry about patching. With hybrid infrastructure systems, being in the cloud helps with automation of patching and updating. There’s a lot of reusable automation layers that help us build end-to-end patching processes in a faster and more reliable manner.”

Apple stresses the flexibility that this offers across a large organization when it comes to allowing teams to choose how they do their patching and updating.

“In the datacenter days, we ran our own centralized patching service, and we picked the patching windows for the entire company,” Apple says. “By moving to more automated self-service, we provide the tools and the teams can pick their own patching windows. That also allowed us to have better conversations, asking the teams if they want to keep doing the patching or if they want to move up the stack and hand it off to us. So, we continue to empower the service teams to do more and give them that flexibility.”

Securing our infrastructure in a cloud-first environment

As security has become an absolute priority for Microsoft, it’s also been a foundational element of our cloud strategy.

Being a cloud-first company has made it easier to be a security-first organization as well.

“The cloud enables us to embed security by design into everything we build,” Nasir says. “At enterprise scale, adopting Zero Trust and strong governance becomes seamless, with controls engineered in from the start, not retrofitted later. That same foundation also prepares us for an AI-first future, where resilience, compliance, and automation are built into every system.”

Cloud-native security features combined with integrated observability allow for better compliance and risk management. Delamarter agrees that the cloud has had huge benefits when it comes to enhancing network security.

“Our code lives in repositories now, and so there’s a tremendous amount of security governance that we’ve shifted upstream, which is huge,” Delamarter says. “There are studies that show that the earlier you can find defects and address them, the less expensive they are to deal with. We’re able to catch security issues much earlier than before.”

“There are less and less manual actions required, and we’re automating a lot of business processes. It basically gives us a huge scale of automation on top of the cloud.”

Faisal Nasir, principal architect, Microsoft Digital

We use Azure Policy, which helps enforce organizational standards and assess compliance at scale using dashboards and other monitoring tools.

“Azure Policy was a key part of our security approach, because it essentially offers guardrails—a set of rules that says, ‘Here’s the defaults you must use,’” Apple says. “You have to use a strong password, for example, and it has to be tied to an Azure Active Directory ID. We can dictate really strong standards for everything and mandate that all our service teams follow these rules.”

AI-driven operations in the cloud

Just like its impact on the rest of the technology world, AI is in the process of transforming infrastructure management at Microsoft. Tasks that used to be manual and laborious are being automated in many areas of the company, including network operations.

“AI is creating a new interface of agents that allow users to interact with large ecosystems of applications, and there’s much easier and more scalable integration,” says Nasir. “There are less and less manual actions required, and we’re automating a lot of business processes. Microsoft 365 Copilot, Security Copilot, and other AI tools are giving us shared compute and extensibility to produce different agents. It basically gives us a huge scale of automation on top of the cloud.”

Apple notes that powerful AI tools can be combined with the incredible amount of data that the Microsoft IT infrastructure generates to gain insights that simply weren’t possible before.

“We can integrate AI with our infrastructure data lakes and use tools like Network Copilot to query the data using natural language,” Apple says. “I can ask questions like, ‘How many of our virtual machines need to be patched?’ and get an answer. It’s early, and we’re still experimenting, but the potential to interact with this data in a more automated fashion is exciting.”

Ultimately, Microsoft has become a cloud-first company, and that has allowed us to work toward an AI-first mentality in everything we do.

“Having a complete observability strategy across our infrastructure modernization helps us to make sure that whatever changes we’re making, we have a design-first approach and a cloud-first mindset,” Nasir says. “And now that focus is shifting towards an AI-first mindset as well.”

Key takeaways

Here are some of the benefits we’ve accrued by becoming a cloud-first IT organization at Microsoft:

• Transformed operations: By moving from our legacy on-premises datacenters, through Azure’s infrastructure as a service (IaaS) offerings, and eventually to a platform as a service (PaaS) DevOps model, we’ve reaped great gains in reliability, efficiency, scalability, and cost savings.
• A clear view: With 98% of our organization’s IT infrastructure running in the Azure cloud, we have a huge level of observability into our systems—complete oversight into network assessment, monitoring, compliance, patching/updating, and many other aspects of operations.
• Empowered teams: Operating a cloud-first environment allows us to have a more decentralized approach to IT infrastructure. This means we can offer our business groups and service lines more self-service, cloud-native solutions for monitoring, management, patching, and backup while still maintaining control over and visibility into security and compliance for our entire organization.
• Seamless updates: The shift to PaaS and serverless networking has enabled a more planned and automated approach to patching and updating our infrastructure, which produces greater efficiency, integration, and speed of deployment.
• Dependable security: Our cloud environment has allowed us to implement security by design, including tighter control over code repositories and the use of standard security policies across the organization with Azure Policy.
• Future-proof infrastructure: As we shift to an AI-first mindset across Microsoft, we’re using AI-driven tools to enhance and maintain our native cloud infrastructure and adopt new workflows that will continue to reap dividends for our employees and our organization.  

Try it out

Get started on your own cloud journey with the Cloud Adoption Framework for Microsoft Azure.

Related links

• Discover the five principles that guided our network journey to the Microsoft Azure cloud.
• Read about how we’re using AI to reinvent our network security.
• Learn how we’re enhancing our network reliability with AIOps and Network Infrastructure Copilot.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Modernizing IT infrastructure at Microsoft: A cloud-native journey with Azure appeared first on Inside Track Blog.

Microsoft Teams has changed that with its AI-powered Intelligent Recap feature in Microsoft Teams Premium. And with the addition of powerful new features like Audio Recap, Interpreter agent, and Facilitator, Microsoft Teams continues to innovate and provide different ways for users to catch up on and review their meetings, whether they were able to attend live or not.

Employees across Microsoft are using these features to work asynchronously and be much more productive than ever before. They’re also taking advantage of the latest developments in AI agents to push the envelope and do even more with Teams and Microsoft 365 Copilot.

“We’re really solving for people’s time,” says Sara Bush, a principal PM manager in Microsoft Digital, the company’s IT organization. “We’re simplifying and democratizing communication, so our employees can get the information in the best way for them. This is showing the power of AI and Copilot.”

Intelligent Recap: A game changer

Microsoft Teams offers a meeting recap feature that generates a full meeting transcript. The technology behind Intelligent Recap in Teams Premium takes this feature even further.

In addition to producing a full transcript, Intelligent Recap uses AI to generate a detailed summary of a Teams meeting, identifying key discussion points and potential action items. It also has special organizational properties, breaking the meeting into chapters and allowing users to view the meeting recording in color-coded segments that can be sorted by speaker or topic.

“Intelligent Recap has been a game changer for our employees, in terms of being able to get the notes, catch up on what they missed, and work asynchronously. It’s one of the most highly used features in Microsoft Teams.”

Chanda Jensen, senior product manager, Microsoft Digital

That information, along with details about events that happened within the meeting, such as when participants shared their screen or when your name was mentioned, is made available to all meeting participants in your organization within a few minutes of the meeting’s conclusion. The recap can also be shared directly with anyone via email using the “Share to Outlook” functionality, which is helpful for external attendees.

“Intelligent Recap has been a game changer for our employees, in terms of being able to get the notes, catch up on what they missed, and w ork asynchronously,” says Chanda Jensen, a senior product manager in Microsoft Digital. “It’s one of the most highly used features in Microsoft Teams.”

Intelligent Recap is now also available for webinars, town halls, and calls for users that have the Teams Premium license, Jensen says. This gives these users more options for catching up on important information when they are not able to attend in real time.

Intelligent Recaps a hit with employees

The response to Intelligent Recaps has been enthusiastic here at Microsoft.

“This is one of the most impactful features I have seen introduced with hybrid work,” says Tyler Russell, a senior engineering architect on the Azure Databases SQL Customer Success Engineering team. “The Intelligent Recap functionality improves my productivity significantly, and I have started recording more meetings because of it.”

For those involved in long meetings or who have significant meeting conflicts, Intelligent Recap is proving especially useful.

“I was recently involved in a half-day, extensive leadership meeting,” says Mike Friday, a general manager for the Customer Experience team at Microsoft. “Having the Intelligent Recap feature enabled me to quickly catch up with my team through AI-generated notes.”

Overcoming language barriers with Interpreter agent and multilingual recaps

What if you are invited to attend a Teams meeting or event that is being presented in a different language? At Microsoft, our employees are now taking advantage of AI-derived features like the Interpreter agent to make meetings more inclusive.

Interpreter allows participants to speak and hear the meeting in their preferred language with the help of an AI-based interpreter. Using real-time speech-to-speech (STS) translation developed with Microsoft Azure AI services, the Interpreter agent enables Teams users to overcome language hurdles and be more comfortable participating in meetings that aren’t offered in their first language.

“The Interpreter agent is going to shape the way we communicate at Microsoft,” Jensen says. “It’s connecting colleagues, partners, and customers worldwide, so that everyone is able to speak in their preferred language. It’s a critical part of how we communicate as a global organization.”

Jensen adds that Intelligent Recaps are also now multilingual, making it a more versatile feature.

“Let’s say the meeting is in English, but you set the Interpreter to Spanish,” Jensen says. “Not only will Interpreter translate for you during the meeting, but because you’ve set your preferred language to Spanish, the Intelligent Recap will also be entirely in Spanish. It’s amazing.”

{Read more about how we’re using the Interpreter feature in Microsoft Teams.}

Catching up on the go with Audio Recaps

With our busy workdays and lives, we don’t always have time to sit and read documents and meeting summaries. When it comes to your meeting’s recap, Microsoft Teams can now generate an Audio Recap that provides a podcast-style summary that you can listen to wherever you go.

“Audio Recaps allow you to be mobile—you can take it with you,” says Lesley Montgomery, a principal product manager in Microsoft Digital. “It gives you flexibility to consume the recap information in the way you’d like. And if you’re traveling, you don’t have to worry about someone reading over your shoulder.”

The feature uses AI to generate a podcast-style presentation, making the recap more engaging. It can also combine multiple meetings in one recap, making it easier to catch up or review a day or even a week of meetings in one go.

“I just did an Audio Recap of some of my meetings this week. It was so good that I took the transcript and easily made it into a PowerPoint deck, all using AI.”

Sara Bush, principal PM manager, Microsoft Digital

“You can choose to recap a series of meetings or just one, and you can also indicate the style you like—an executive summary, a casual tone, or newscast-style,” Montgomery says. “You can also select one ‘host’ or multiple voices, to make it more engaging.”

Sara Bush explains how Audio Recaps can be “taken to the next level” when combined with the power of AI tools like Copilot.

“I just did an Audio Recap of some of my meetings this week,” she says. “It was so good that I took the transcript and easily made it into a PowerPoint deck, all using AI. That just shows you the brilliance of Audio Recap.”

Keeping your meetings on track with Facilitator

Gone are the days when you needed to appoint a notetaker for your meeting, or have someone keep an eye on the agenda and the time to make sure everything got covered. Our employees are now using Facilitator in Microsoft Teams Premium for those tasks, freeing them up to better focus on the actual meeting content.

“It’s one of those rare features that comes along and immediately increases our productivity,” Jensen says. “Facilitator takes notes for everyone, which allows me to sit back, listen, and be more engaged.”

“Another enhanced feature we’re adding is the ability to do a ‘quorum check’ to remind you if any required attendees are not present, and ask if you want them to be nudged about it.”

Lesley Montgomery, principal product manager, Microsoft Digital

Once you invite Facilitator to your meeting, it can create an agenda (if needed), start a timer, and begin taking notes.

Coming enhancements include noting people who are at-mentioned multiple times and even suggesting and/or scheduling another meeting if not all the agenda items get covered.

“Another enhanced feature we’re adding is the ability to do a ‘quorum check’ to remind you if any required attendees are not present, and ask if you want them to be nudged about it,” Montgomery says. “Facilitator will also collect any questions that have not been answered and make sure they are noted for follow-up.”

{Learn more about how Facilitator keeps our meetings on track at Microsoft.}

Putting it all together with AI agents

As we move into the “agentic” future at Microsoft, our employees are discovering all kinds of ways that AI-driven tools can help them have a greater impact in their work. It’s amazing to see how much these technologies are changing how we work.

“We have Facilitator now in Teams, and there’s also a Project Manager Agent in Planner that allows you to take meeting content and automatically generate a board in Microsoft Planner,” Bush says. “So, it has a multiplier effect—it’s unbelievably powerful.”

Bush also describes the experience of moving seamlessly from Teams-generated content to Microsoft Outlook, with AI agents pitching in to help her inform her team in a fraction of the time it used to take.

“I needed to let my leadership team know about this agent that we’re building. My first thought was, ‘I need to talk to two people on my team and ask for a high-level summary.’ And then I realized I don’t have to,” Bush says. “I went to Copilot, and it immediately came up with the summary at the level I was looking for. It said, ‘Do you want me to turn this into an email?’ It created the email in about three minutes; I reviewed it to personalize it and make sure it was correct and then, boom! I sent it off to my leadership team. It just blows me away.”

Key takeaways

Here are some of the ways that we’re using the latest features in Microsoft Teams Premium to empower our employees in their day-to-day work:

• Simplify asynchronous communication: Intelligent Recap enables invitees who miss all or part of a Teams meeting to catch up quickly and seamlessly with detailed summaries and rich context.
• Overcome language barriers: Interpreter allows participants to both listen to and speak in a Teams meeting in their chosen language; Teams also will automatically provide a recap in that language after the meeting.
• Catch up on meetings with a podcast-style summary: Audio Recaps are an engaging way to review one or multiple meetings and take your summary with you on your commute or wherever you’re headed. You can even pick the style of summary you prefer for greater customization.  
• Ensure meetings run smoothly and efficiently: Facilitator can create an agenda, check for quorum, take notes, keep things on track, and assign tasks to the relevant team member, freeing attendees to focus on the meeting dialogue.
• Combine Teams content with other Microsoft apps using AI: Employees are now able to take meeting recap content and create insightful communications using apps like Outlook and PowerPoint with the help of Microsoft 365 Copilot and AI agents.

Try it out

Sign up for a Microsoft Teams Premium trial and try out features like Intelligent Recap, Audio Recap, Interpreter agent, and Facilitator.

Related links

• Discover five ways we’re getting more out of Microsoft Teams in the age of AI.
• Check out our four-chapter guide to deploying Microsoft 365 Copilot at Microsoft.
• Read how we’re upgrading our meeting rooms with Express Install for Microsoft Teams Rooms.
• Learn how we’re transforming the way we work in Microsoft Teams Premium with Microsoft 365 Copilot.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post How we’re recapping our meetings with AI and Microsoft Teams Premium at Microsoft appeared first on Inside Track Blog.

At Microsoft, we operate one of the world’s largest IT infrastructures. So, when we embarked on the journey nearly a decade ago to move from a primarily on-premises network of physical servers to one that now operates almost entirely in the Azure cloud, it was a mammoth undertaking.

And like all long and rewarding journeys, this one led to many important insights. We’d like to share five overarching principles that we learned along the way with our customers, most of whom are somewhere in the midst of their own organizational transformation into a cloud-first company, or who may be contemplating such a move.

By delineating our guiding principles and major takeaways from our own journey to the cloud, we at Microsoft Digital—the company’s IT organization—hope that other companies can learn from our experience and have a smoother and more efficient transition of their own, saving time, money, and effort.

“Our customers can learn from us having gone through it,” says Pete Apple, a technical program manager and cloud architect in Microsoft Digital. “Because we didn’t do it right the first time, at all. And so that learning process of, ‘This is what we did, this is how we did it, this is what you should think about’ can help them consider their own options.”

Stages in our journey to the cloud

• 10% migrated
• Retire unused workload
• Small apps
• IaaS—lift and shift

^{(IaaS = Infrastructure as a Service)}

• 28% migrated
• Reduce multiple environments
• Small and mid-sized apps
• IaaS and PaaS

^{(PaaS = Platform as a Service)}

• 74% migrated
• Large, more complex apps
• Focus on PaaS

• 90%+ migrated
• Largest, most complex apps
• Design cloud-native apps

Our journey to transform our on-premises IT infrastructure to a system based in the Microsoft Azure cloud took roughly four years, and we continue to innovate and refine our approach today.

Be vision-led and metric-driven

When setting off on a years-long journey, you don’t just walk out the door with a vague idea of where you’re going. As we embarked on this years-long project, our leadership laid out the overall vision that guided our project plans.

“Our leadership was critical; they gave us the vision of, ‘We’re going to migrate to the cloud, and we want to be first and best. We’re going to be an example for the rest of the industry,’” Apple says. “They made a big bet on it, and then they put the support behind it to hold the teams accountable, tracking against the goals and metrics. This directive went all the way to up to (Microsoft CEO) Satya Nadella; it was an absolute priority from his point of view.”

Martin O’Flaherty, a principal PM manager at Microsoft Digital, explained how important it was that senior leadership stuck to the vision and remained patient during the long journey to the cloud.

“Our executive vice president took the long view of this project, and he backed us as we took the time to work through all the issues and all the times when things failed,” O’Flaherty says. “We had to ‘embrace the red’ by talking about those failures rather than cover things up, in order to keep learning throughout the process. Leadership made it clear that doing the job right was the priority, and that trust gave us the confidence to stay focused and deliver.”

As far as metrics are concerned, consider the size of the Microsoft digital landscape: more than 220,000 employees in over 100 countries using more than 750,000 devices. Moving a supporting infrastructure of this size to the cloud required careful attention to specific metrics throughout the process, both to carefully measure progress and to understand the biggest challenges and potential obstacles along the way.

“We had something like 800-plus different services across the company that we had to deal with in our journey to the cloud, which I like to call the total footprint,” Apple says. “We had to track how many of them were in the cloud, how many were on-premises, and how many were hybrid. And we kept track of that quarter by quarter. We also had to monitor things like the spend for on-prem versus the cloud, and our quality metrics such as service-level agreements and customer satisfaction ratings. We had to keep an eye on all of it.”

Pay attention to people, processes, and technology

Moving a large IT infrastructure to the Azure cloud is a technology challenge, but it’s just as important to think about the people and the processes involved.

“It’s not just about getting everything moved from on-premises servers to a cloud solution,” Apple says. “Once you have it there, it’s about what your staff should look like, the different roles and skills you’ll need to run things in the cloud. Then, how do you plan for the day-to-day operation of it? What kind of processes and monitoring do you need?”

O’Flaherty notes that of these three considerations, transforming your people resources for the move to the cloud might be the biggest task.

“When we talk about ‘people change,’ we mean how people do their work—and frankly, that’s usually the hardest challenge,” O’Flaherty says. “Once we had good momentum in moving our technology to the cloud, we needed to change how people do their work. We needed to modernize.”

Apple says that transitioning the people skills of the organization was a deliberate process.

“We provided training, and we made it very clear that everyone needed to learn to work with infrastructure as code, rather than physical machines,” he says. “And whenever we had the ability to hire new people, we prioritized those DevOps skills. We invested in that, because that was the direction we were going.”

Sometimes, the technology decisions are also what enables the implementation of more effective processes. O’Flaherty explains how one specific decision during the cloud journey made it possible to implement best-practice processes that ensured quality standards were met.

“We decided to use one single instance of Azure DevOps. So, all of our teams—across more than 800 applications—and all our code repos were in one Azure DevOps account,” O’Flaherty says. “This setup allowed us to implement consistent engineering standards, like requiring every code change to be reviewed by two people. Because we could enforce these policies across the board, we achieved a new level of consistency, accountability, and confidence in our development process.”

Confront legacy applications and technical debt

When the time comes to make a major technological transformation, like moving an on-premises infrastructure to the cloud, it provides the perfect opportunity to deal with the challenge of aging legacy applications and technical debt that has accumulated within the organization.

Dealing with legacy applications up front means you can reduce the total load of what you end up moving to the cloud.

“The first thing we asked was, ‘What do we not need anymore?’” O’Flaherty says. “We were able to identify something like 30% of tools and services that could be retired or consolidated. We also looked at other SaaS solutions as replacements for things we were building ourselves, which removed about 15% more of the portfolio. So we had almost halved the total burden at that point.”

Strategic approach for moving our IT infrastructure to the cloud

Apple explained the benefits of starting with a clean slate when you move to the cloud.

“There’s always that backlog of work items and legacy things, and the idea is that you don’t want to bring your bad habits with you to the cloud,” Apple says. “So, if you’ve got a solution that is still using COBOL or Windows 2008, maybe it’s time to pull off the Band-Aid? That’s a good investment of your developer capacity.”

There were also the significant challenges that Microsoft faced with addressing years of technical debt—which O’Flaherty describes as technical issues resulting from past development decisions that weren’t as robust or maintainable as they could have been—during the early stages of the journey to the cloud.

“We knew the scale of the technical debt we had—it was kind of like an iceberg, with a huge amount of work below the surface. And we knew it was going to take several years to get through it all,” he says. “The key was understanding that we were going to have to invest a significant amount of engineering time to get there—that we needed to put 30% to 40% of our engineering resources behind this effort for well over a year just to get on top of the problem. We had to take that hit up front, or we’d still be in the same boat today.”

Transform your operations with end-to-end thinking

In the old world of on-premises network infrastructure, services were often siloed. Different departments ran their own systems and tools, and employees couldn’t always access data and technologies that were needed to gain a bigger picture or develop cross-disciplinary solutions.

Enter the cloud-based network, which opens up the ability for end-to-end thinking and working.

“In the old days, the interactions between applications were pretty monolithic,” Apple says. “With the move to the cloud and engineering modernization, you open up new kinds of compute and access to data. Developers can use APIs, containers, Power Apps and more to access the various data lakes we have across the company. There’s a lot more flexibility, and they can work much faster.”

Another area where having a cloud-based network allows us to take more of an end-to-end approach is security, which has become a major priority at Microsoft in recent years.

“End-to-end thinking means I can do a multi-layer defense and comprehensive security implementation in the cloud,” says Basma Basem, a senior program manager in Microsoft Security. “I can make sure that there’s a security implementation from an architecture and design standpoint on each layer of the services I’m building in the Azure cloud. And you have such a wide variety of security solutions in the cloud, it makes it much easier to find the right solution and ensure that you have good security posture management.”

Consistently prioritize your goals and metrics

When it comes to tackling such a tremendously huge project, it’s vital to understand your priorities and keep them front and center as you move through the process.

“We had a lot of priorities around financial considerations in moving away from the physical infrastructure model,” Apple says. “That was number one. Then we had priorities around efficiency and modernization. And we had to find ways to measure those priorities and ensure we were hitting our targets.”

Of course, prioritization also means that you can’t take on all your challenges at once. Your leads have to make sure that they communicate effectively so everyone understands the priorities, the pace of progress, and when different issues will be addressed.

“There’s a tendency to kind of try to boil the ocean and fix everything at once,” O’Flaherty says. “We really had to temper people’s expectations, even within our own leadership, and say that this is going to take a while. If there were 50 compliance problems, we couldn’t tackle all 50 at the same time—the leads would identify the top 3, and we’d do those 3, then move on to the next batch. We really had to set specific goals and follow our metrics along the way.”

And there’s one overall metric that Apple likes to keep top-of-mind when discussing what moving our network to the Azure cloud has meant for Microsoft—cost.

“We’re spending 20% less on our infrastructure costs than we did when we were operating on-premises,” Apple says. “When you look at what we were spending on physical infrastructure versus today, in the cloud, it’s a significant savings.”

Every cloud journey has its own path

Today, we operate roughly 98 percent of the Microsoft corporate infrastructure in the cloud, and we are continually looking for strategies to be more efficient, more automated, and less costly. Apple notes that the company decided to push hard to get to this level (“to the point of heartburn for some people”) and show what was possible, but that not every organization will need or want to go this far in their own cloud transition.

“We are the extreme in terms of pushing the bar,” Apple says. “We’ve been very innovative in this space, because we wanted to prove our point in terms of how much we could put on the cloud. We realize every business has to make tradeoffs, and some may want to keep a certain percentage of their infrastructure still on-premises. But the flexibility of the cloud and the cost savings are real, and we want our customers to understand that and take advantage of it.”

Here are some of the major insights we took from the process of moving our network into the Azure cloud:

• Confront your technical debt. Be prepared to do the upfront work of addressing your technical backlog and getting into a better state before you make the transition to the cloud. You’ll not only avoid major headaches—you’ll also reduce the total network footprint that you’ll be moving.
• Invest for the long term. Leadership has to be willing to devote significant resources over the course of the project, and to understand that the results might not be realized in the short term. But the overall payoff will be worth it once you’ve completed the work.
• Get employees on board. Make training and upskilling a priority as you transition your workforce to a cloud-first mindset. Incorporate the shift into individual reviews and goal-setting so that everyone is pointed in the right direction.
• Take the opportunity to instill a “secure by default” philosophy. As you move to the cloud, you can proactively create and deploy strong security architecture, keeping compliance requirements top of mind, continuously monitoring your organization’s security posture, and fostering a culture where everyone factors security risk into their work and decision making.
• Embrace “the red.” Create a culture where teams are comfortable with revealing when they are falling short on their metrics (being “in the red”). Being open about those issues will help others avoid the same pitfalls in their own areas and significantly increase overall quality.
• Keep your goals and metrics front and center. On a long and complicated journey, it’s vital to keep everyone focused on the destination—your goals, sometimes called objectives and key results (or OKRs). Defining and carefully tracking the right metrics (also known as key performance indicators, or KPIs) is another essential part of this process.

Get started on your own cloud journey with the Cloud Adoption Framework for Microsoft Azure.

• Read about the many benefits Microsoft has accrued by moving our network to the Azure cloud.
• Find out how AIOps and automation tools are enhancing network reliability at Microsoft.
• Learn how we’re using Azure monitoring, patching, and security tools to manage the health of our cloud network.
• Discover more stories about moving our network to the cloud.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Five principles that guided our network journey to Microsoft Azure and the cloud at Microsoft appeared first on Inside Track Blog.

Like most aspects of our IT services journey, our security and patch management story is deeply connected with cloud computing, automation, and, most recently, AI technology. It’s a story that embraces continuous improvement and innovations that are saving our IT admins and users time and hassle while deterring attacks and enhancing security across the organization.

With the development of services like Windows Update client policies (formerly known as Windows Update for Business), Azure Update Manager, and Intune Enterprise Application Management, we’re leading the way in offering best-of-breed security solutions that help organizations stay compliant and safe in an increasingly perilous digital world.

The growing threat landscape

As the developer and provider of Windows, Microsoft 365, Microsoft Azure cloud services, and other widely used software technologies, we’re in a unique position to influence and protect the computer systems used by billions of people around the world. And these systems have never been under greater threat by bad actors and cybercriminals than they are today.

“Our customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks,” states our 2024 Digital Defense Report. “Microsoft’s unique, expansive, and global vantage point gives us unprecedented insight into key trends in cybersecurity affecting everyone from individuals to nations.”

The report also notes that we’ve made digital security our top corporate priority, with more than 34,000 dedicated security engineers across the company.

“The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders,” Tom Burt, corporate vice president of customer security and trust, says in the report. “We all can, and must, do better, hardening our digital domains to protect our networks, data, and people at all levels.”

With such an unprecedented number of threats, one of our major priorities at Microsoft Digital, the company’s IT organization, is making sure our global network infrastructure and the more than 750,000 devices accessing our network are always up to date and compliant with the latest software patches. As Customer Zero for our software products, we strive to remain on the cutting edge of the latest cybersecurity innovations. That means taking advantage of the latest Microsoft tools and processes on server-side and client-side patching.

The world as it was: On-premises IT and manual updates

A decade or so ago, much of the world’s computer networks were still being run primarily via on-premises servers and other onsite hardware. Maintaining these systems mostly relied on manual updates by IT administrators, which was a huge drain on time and resources.

“Our patch-management systems back then included Microsoft System Center Configuration Manager (SCCM) and Windows Server Update Services,” says Senthil Selvaraj, a principal group project manager at Microsoft Digital. “We were doing everything on-premises, managed within the Microsoft tenant onsite.”

Patching product history at Microsoft

This meant that simply downloading and installing the routine security patches that were released each month was a major task for the company’s thousands of IT admins.

“The admins used to have to download the updates, validate them, approve them, and then push them out to devices,” says Harshitha Digumarthi, a senior product manager with Microsoft Digital. “It used to take a considerable amount of time each month for these processes. There was no proper automation in place.”

As the IT world shifted to cloud solutions and more modern software management approaches, the patching process needed to shift with it, Selveraj notes.

“As we moved everything to the cloud, we leveraged modern Microsoft tools such as Intune, OneDrive for Business, SharePoint, etc.,” he says. “And we were also helping our customers move through that process as well. This is in keeping with the overall Microsoft vision of continuous improvement.”

The journey to modern patch management on Windows

In 2018, we introduced Windows Update for Business (WUFB), a major milestone on the patch management migration journey. The service is now called Windows Update client policies.

“We have established programs to pre-validate updates, allowing us to deploy them automatically and simultaneously across all devices, significantly accelerating compliance.”

Harshitha Digumarthi, senior product manager, Microsoft Digital

Of course, like any story of technological progress, nothing happens overnight or in a straight line. As Digumarthi explains, we in Microsoft Digital went through a patch management transition phase, marked by a hybrid systems approach.

“We didn’t immediately shift everything from SCCM to Windows Update for Business and Microsoft Intune,” she says. “There is transitionary stage—known as hybrid AD—where the client devices still have SCCM on them, with Intune running parallel on those devices.”

WUFB ushered in a more efficient and modern approach to patch management.

“It’s an automated, intelligent service which can identify what updates the device needs, find the applicable updates, and automatically push those updates onto the devices,” Digumarthi says.  

She notes that IT admins at other organizations might push these updates out to their devices in phases, often called deployment rings. But at Microsoft, we do them all at once for the entire company, in a program popularly called Patch Tuesday.

“We have established programs to pre-validate updates, allowing us to deploy them automatically and simultaneously across all devices, significantly accelerating compliance,” Digumarthi says.

This control is enabled through Windows Update policies, which allow administrators to manage key actions such as reboot timing. As a result, vulnerabilities are addressed quickly, and all devices are brought into compliance with the latest secure Windows updates.

After establishing a more efficient approach to Windows security patching, we rolled out WUFB Deployment Services in 2021. This process, which brought similar gains in efficiency and automation, handles new Windows features, which are typically released on six-month cycles.

“When vulnerabilities are exploited by malicious actors, even a single compromised bug can cascade rapidly, potentially impacting millions of users. Anticipating and mitigating these risks early is essential to maintaining trust and security.”

Humberto Arias, senior product manager, Microsoft Digital

According to Digumarthi, a major challenge to patch management for Windows is the number of different versions, including the .Net Framework, .Net Core, Visual Studio, Visual Studio Code, SQL, and more. Over the last few years, we have developed a unified internal-to-Microsoft patching solution to handle all of these various updates.

“These are extremely different streams, so we’ve worked closely with these product groups to bring them all into one update, which we call the unified update,” Digumarthi says. “This way, the IT admin doesn’t need to deploy all these different updates individually. It’s also completely automated, so it’s much easier for both admins and users to stay up to date and compliant. It’s a huge achievement.”

Other important patch automation issues are firmware and driver updates. These updates used to be deployed manually by admins every month, but that changed in 2024.

“We now have a new feature, in partnership with Windows and the Intune team, called the Intune Driver and Firmware updates,” Digumarthi says. “It gives admins a portal where they can simply click a button and approve whatever the latest firmware and driver updates are; no need to manually download, package, and deploy the updates. It’s easier for them to understand, and we’ve seen great patch compliance improvement in this area.”

Patch management on the server side

While Windows Update client policies handles the client-side updates for the more than 750,000 devices on our corporate network, we also needed a modern solution for patch management on our roughly 50,000 network servers.

Keeping network servers compliant with the latest security updates is extremely important.

“We must proactively safeguard our development environments,” says Humberto Arias, senior product manager in Microsoft Digital. “When vulnerabilities are exploited by malicious actors, even a single compromised bug can cascade rapidly, potentially impacting millions of users. Anticipating and mitigating these risks early is essential to maintaining trust and security.”

The solution is Azure Update Manager (AUM), a product that enables network administrators to deploy and manage all their server security update packages in one stream. AUM also supports hybrid (on-premises and cloud) network environments, which is a competitive advantage.

 “A lot of customers like the flexibility and redundancy of multi-cloud environments,” Arias says. “AUM is our one-stop solution for patching all your servers, regardless of where they reside—on-premises, in the cloud, or in hybrid environments. It’s a great advantage of using AUM.”

Patching with Azure Update Manager

The challenge of patching non-Windows devices

Microsoft believes in empowering our employees to do their job on the device that works best for them (sometimes called Bring Your Own Device, or BYOD). But that policy opens up the challenge of making sure all those devices meet our security standards, including those running on the MacOS, iOS, and Android platforms.

“People do a lot more work on their mobile devices than they used to; we have about 80,000 Android devices and about 150,000 iOS devices that our employees connect to our network with,” says John Philpott, a senior product manager in Microsoft Digital. “We need to make sure that all these devices have the latest OS security patches, or it puts our network at risk.”

The tricky part is that because Microsoft doesn’t make the operating systems, we can’t consistently manage the device environment or the patches themselves. Instead, the common approach in this situation is to make sure that employees know about the latest patches for their device and enforce compliance by controlling their access to the Microsoft corporate network. Getting employees to voluntarily keep their devices up to date is critically important.

“We want to make sure all the Microsoft apps are up to date on mobile, but we’re also making a big push to enforce third-party app patching as well. If someone exploits an app like Adobe Acrobat that can be a threat to our security, so we want users running the latest versions of all the major apps.”

John Philpott, senior product manager, Microsoft Digital

The frequency and requirements for installing the updates depends on the platform.

“For Android, how often your phone is updated varies, depending on the manufacturer and model; this makes developing a consistent patching experience a challenge,” Philpott says. “It’s a balancing act, but we’ve gradually tightened our patch requirements and are educating employees on the best Android devices to choose to meet patching requirements.

Patch enforcement for Apple devices is much tighter, according to Philpott.

“If there’s a security threat, Apple will quickly make a patch available,” he says. “We have a standard process of enforcing compliance within 14 days. We tell our users that if they haven’t installed the update after 12 days, we’ll install the patch and enforce a reboot. If the device has not been patched after 14 days, we’ll remove their network access.”

The other area of mobile device patching that has received increased scrutiny in recent years is applications, both our first-party apps and third-party apps. We work closely with the Microsoft Intune product group to make sure that these apps are patched as frequently as possible.

“We do a lot of discussions with the Intune team about how we can enforce these updates,” Philpott says. “We want to make sure all the Microsoft apps are up to date on mobile, but we’re also making a big push to enforce third-party app patching as well. If someone exploits an app like Adobe Acrobat that can be a threat to our security, so we want users running the latest versions of all the major apps.”

Autopatch and hotpatching

Our patch management journey is one of helping develop solutions that automate security and feature updates as much as possible, reducing the strain on IT resources. As part of these efforts, we work closely with the Microsoft product groups as Customer Zero for their update offerings. One prominent step on this journey was the introduction of Windows Autopatch in 2022.

Windows Autopatch is a cloud service for enterprise customers that automates the updates to Windows, Microsoft 365, Microsoft Edge, and Microsoft Teams. It also offers greater control for patching different groups of devices on different schedules.

“Autopatch offers admins a single-pane view where they can manage the patches across their organization, from the same perspective,” says Katie Yao, a senior product manager on the Autopatch team. “And with Autopatch Groups, they can dynamically assign users to different groups, which gives them a lot of flexibility on how and when devices are updated.”

Another innovation that the Autopatch service offers is hotpatching. This feature helps IT teams keep devices secure without the usual disruption of monthly reboots. Security updates are applied immediately in the background. This means fewer interruptions for users and less coordination effort for admins—especially in environments where uptime is critical.

“Customers were telling us that rebooting all devices every month was too much in some cases. So, we’ve moved to a process where they get the updates every month, but they only need to reboot the machines once every three months. This way they get the latest security and feature updates, but they don’t need to reboot their devices as often.”

Katie Yao, senior product manager, Autopatch

For IT admins managing a large volume of devices, this is a big win. Hotpatching reduces the amount of time it takes to achieve security compliance across the whole environment, with no delays or deferrals.

“Customers were telling us that rebooting all devices every month was too much in some cases,” Yao explains. “So, we’ve moved to a process where they get the updates every month, but they only need to reboot the machines once every three months. This way they get the latest security and feature updates, but they don’t need to reboot their devices as often.”

The future of patch management

Our patch management story continues to evolve as we apply the latest tools and technologies to our processes at Microsoft Digital.

“AI tools are the next stage in our continuous improvement process for patch management. We’re currently working on a new solution called Device Care, which is a tool that leverages AI to monitor, predict, and resolve device and infrastructure issues for admins and employees.”

Senthil Selvaraj, principal group project manager, Microsoft Digital

We see great opportunities for industry-wide improvements, such as with application patching.

“The Intune Enterprise Application Management solution is a huge opportunity for us,” Selvaraj says. “Right now, there’s a gap in how applications are managed across large organizations—are they healthy? Are they vulnerable? Are they up to date? We hope that this solution will address these needs.”

Of course, just as with many aspects of today’s software development, the future of patching will be greatly impacted by AI innovations.

“AI tools are the next stage in our continuous improvement process for patch management,” Selvaraj notes. “We’re currently working on a new solution called Device Care, which is a tool that leverages AI to monitor, predict, and resolve device and infrastructure issues for admins and employees. Another AI tool in this space is Microsoft Security Copilot, which helps with daily security operations.”

And as the computer security landscape evolves, with more frequent and more sophisticated attacks coming every day, we’ll continue to refine and develop our patching tools and strategies. It’s the only way to ensure that our networks and devices—and those of our customers—remain as secure as possible.

Key takeaways

Here are some tips to help guide your own organization’s patch management approach:

• Stay alert to risk. The rapidly increasing size and scale of the cybersecurity threat landscape has intensified the need for more sophisticated patching solutions.
• Educate your employees. Making sure that everyone in your organization is aware of the importance of keeping devices up to date with the latest patches is a key part of your overall security strategy.
• Save time and resources with automated updates. Windows Update client policies (formerly WUFB) offers automated patching, which can greatly reduce the amount of time your IT admins must spend identifying, configuring, and deploying updates.
• Update your infrastructure where it lives. Azure Update Manager provides a powerful, flexible patching solution that works for on-cloud, on-premises, and hybrid network infrastructures.
• Adapt to a flexible device environment. Mobile-device patching can be a complex challenge, especially if your organization embraces a Bring Your Own Device philosophy. Services like Microsoft Intune can ensure that devices are well-managed and kept up to date on the latest security fixes.
• Maintain availability. If you have critical servers and devices that you don’t want to reboot every month, consider a hotpatching approach that keeps your devices updated without rebooting.
• Take advantage of intelligent patching solutions. AI advances promise even greater innovation to come in the patching space, including services like Microsoft Device Care, Security Copilot, and Enterprise Application Management.

Try it out

Sign up for a free trial of Azure Update Manager and explore Windows Update client policies.

Related links

• Check out our approach to changing security and compliance at Microsoft with Windows Hotpatch.
• Learn how we’re harnessing first-party patching technology at Microsoft.
• Read about our experience migrating from Microsoft Monitoring Agent to Microsoft Azure Arc and Azure Update Manager.
• Discover how we’re protecting Microsoft from ransomware attacks.
• Find out how we’re transitioning to modern access architecture with our Zero Trust principles.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Transforming our approach to patch management at Microsoft appeared first on Inside Track Blog.

Today, Teams has the highest daily usage of any Microsoft 365 app across the company, with roughly 80 percent of employees worldwide relying on Teams to help them work together and be more productive. And we in Microsoft Digital, the company’s IT organization, are regularly the first to try out the product’s latest innovative features, something we call being the company’s Customer Zero.

“Teams is essential to our collaborative work,” says Sara Bush, a principal PM manager in Microsoft Digital. “It’s the central location for much of our communication, whether that’s meetings, calls, or chat.”

Teams has become even more indispensable to employees in recent years with the addition of powerful new AI capabilities. Microsoft 365 Copilot, which was integrated into Teams at the company beginning in early 2024, has brought many valuable new features to the product, allowing us to accomplish more every day.

Here are five ways that we’re able to use Microsoft Teams to boost productivity, collaboration, and innovation, thanks to Copilot and its AI-driven capabilities.

1. Get instant help in Teams chat

Copilot enables our employees to communicate more effectively in apps like Outlook and Word, and it can now do the same in Teams with summaries, prewritten prompts, and writing help.

“The Rewrite with Copilot feature has become one of the most popular and highly used in Teams across the company,” says Eileen Zhou, a principal product manager for Microsoft Digital. “Chat messages are typically designed to be short, so the user often leverages Copilot to adjust their tone and make their answer more crisp.”

Using Rewrite with Copilot

Working together, the Rewrite and Adjust functionalities offer options for making your message sound more professional, casual, confident, or enthusiastic. There’s also a Custom option that allows you to direct Copilot to help make your response funnier or whatever other style you might prefer.

“Copilot functions as a kind of instant chat support in Teams. The user doesn’t have to leave Teams and go to Word or another app and then copy something back in, which saves them time and hassle.”

Eileen Zhou, principal product manager, Microsoft Digital

Copilot also now includes a rich gallery of more than 1,000 prewritten prompts for users to access. Depending on the context, Copilot will suggest helpful prompts that the user can simply click on to get the best possible results from their Copilot session.

Using Copilot in Teams in this contextual way is much more efficient than consulting a different application outside of the Teams environment.

“Copilot functions as a kind of instant chat support in Teams,” Zhou says. “The user doesn’t have to leave Teams and go to Word or another app and then copy something back in, which saves them time and hassle.”

Bush says that she also loves to use Copilot to summarize lengthy ongoing chats that she might need to join in the course of her work.

“Sometimes I’m added to a group chat that can be months long,” she says. “So, I simply ask Copilot to recap the chat and bring me up to speed. It’s incredibly helpful; I don’t have to spend 30 minutes reading the chat to understand everything that’s going on.”

This kind of rich conversational assistance is available in a broader context with Microsoft 365 Copilot Chat. Our employees are now taking advantage of this service across all their work functions to save time and be more efficient with daily tasks.

{Learn more about how Microsoft 365 Copilot Chat is helping our employees be more productive.}

2. Copilot to the rescue in Teams meetings

Our workplace is busy and fast-paced, and employees are constantly juggling many different projects and priorities. They may not have time to attend every meeting on their schedule, or they might need to arrive late or leave early. But Copilot is now here to help, offering a variety of features specific to Teams meetings.

If someone is double-booked or unable to attend a specific meeting, they can respond to the invite by selecting Follow. When the meeting starts, the organizer will be prompted to record the meeting for those who couldn’t make it. This automatically generates a meeting transcript and an Intelligent Recap.

“There’s no need to wait around anymore before we start a meeting. Since we have Intelligent Recap, those who’ve joined a meeting late or need to leave early can easily watch anything that they missed later, using the personalized join and leave markers.”

Chanda Jensen, senior product manager, Microsoft Digital

During the meeting, Copilot is available to attendees to ask questions about what’s being discussed. It can access the meeting transcript in real time to provide additional context or summarize topics that have been mentioned.

After the meeting, Intelligent Recap provides a full summary report within just a few minutes to all who attended or followed the meeting. This not only includes a recording and transcript, it also provides notes on the major topics covered. It organizes the video content into “chapters” and even provides suggested follow-up actions based on meeting content. Visually, a bar appears below the meeting video to show who spoke when and the different subjects discussed at those times.

Intelligent Recap example

This feature also creates personalized timeline markers visible only to that person. These markers indicate when they joined or left the meeting or when their name was mentioned, helping them quickly catch up on missed details later. (This feature adheres to each individual’s privacy settings.)

“There’s no need to wait around anymore before we start a meeting,” says Chanda Jensen, a senior product manager in Microsoft Digital who manages internal rollouts of new Teams meetings features. “Since we have Intelligent Recap, those who’ve joined a meeting late or need to leave early can easily watch anything that they missed later, using the personalized join and leave markers.”

{Learn more about how we’re using Intelligent Recap in Teams.}

3. Focus better in meetings with Facilitator

Have you ever scrambled to take notes in a meeting, only to miss something important? It can be awkward or impossible to ask someone to repeat themselves so you can stay engaged with the conversation.

Our employees have found that this is no longer a problem thanks to the Facilitator feature in Teams.

“I hear people say over and over that they are able to be more present in meetings, because they trust that these AI tools are capturing the information or action items they will need to remember later. It’s so critical.”

Sara Bush, principal PM manager, Microsoft Digital

Facilitator, which is currently in public preview, keeps track of everything that’s been said in a meeting in real time. It takes notes, manages the meeting clock, tracks meeting goals, and even highlights key points and major decisions that are made.

“It’s one of those rare features that comes along and immediately increases our productivity,” Jensen says. “Facilitator takes live notes in the meeting for everyone, which allows me to sit back, listen, and be more engaged.”

Any meeting participant can ask Facilitator a question in the meeting chat if they need clarity on something previously discussed. Because Facilitator’s response is visible to all participants, this has the potential to help everyone stay on track. (If the participant wants to ask a question privately, they can use Copilot for the same purpose.)

Bush feels the overall impacts of Teams features like Copilot, Facilitator, and Intelligent Recap have been incredibly transformative over the lifecycle of a meetings, meaning before it starts, during, and after it ends.

“I hear people say over and over that they are able to be more present in meetings, because they trust that these AI tools are capturing the information or action items they will need to remember later,” she says. “It’s so critical. I think it’s unlocked more of our human potential, allowing us to be creative and really pay attention to one another, rather than having a split focus.”

{Learn more about how we’re using the Facilitator feature in Microsoft Teams.}

4. Hurdle language barriers with the Interpreter agent

Because we’re a global company with a full-time workforce of more than 230,000, our employees speak many different languages. In the past, this might have meant barriers to understanding if people attended a meeting that wasn’t in their preferred or first language.

Traditionally, human interpreters were needed to translate what meeting participants were saying in real time. But it was often logistically and financially impossible to offer this service for every multilingual meeting. An AI solution was clearly needed.

“Hearing my voice speaking Japanese the first time was surreal. This agent is going to completely change the way we—and Microsoft customers—have multilingual meetings.”

Petra Glattbach, senior business program manager, Microsoft Digital

The introduction of the Interpreter agent in Teams meetings is a major breakthrough for this challenge. Not only does this feature allow users to hear real-time translations of what everyone is saying in the language they are most comfortable with, it can even provide these translations in each speaker’s own voice, through AI-synthesized speech.

“Hearing my voice speaking Japanese the first time was surreal,” says Petra Glattbach, a senior business program manager with Microsoft Digital. “This agent is going to completely change the way we—and Microsoft customers—have multilingual meetings.”

The end result is that everyone will feel more engaged in meetings, rather than face language obstacles that might cause them to miss important nuances or shades of meaning.

“It will help people be more confident in their meetings,” Zhou says. “They’ll be able follow along easier and join in. For global companies especially, this feature is going to have a big impact.”

{Get further details about how we deployed and are using Interpreter.}

5. Seamless collaboration with Copilot Pages

The overall goal of Microsoft Teams is to enable effortless collaboration. Today, that not only includes people working together, but also people working in combination with AI companions such as Copilot Chat.

Copilot Pages is a new feature in Copilot Chat that helps human-AI interactions come to life.

“[Copilot Pages] lets you seamlessly modify, share, and collaborate on any Copilot Chat result, which means ideas that start in Copilot Chat are solidified and developed more quickly using Pages.”

Tom Heath, senior business program manager, Microsoft Digital

It offers an editable, Microsoft Loop-based canvas that is savable, shareable, and “multi-player”—meaning it allows multiple users to work on the content in a real-time manner. The results can then be shared directly or with a link to Teams, allowing for further discussion and collaborative efforts.

“Copilot Pages provides an important bridge between creation and collaboration,” says Chhavi Chopra, a principal product manager for Microsoft Digital. “With Copilot Pages, you can take the result that Copilot Chat provides and continue the content creation and refinement process.”

The goal is for our employees to quickly and easily move between apps like Teams, Word, Outlook, and Copilot when collaborating on projects.

“Copilot Pages is another piece of creating an employee-centric experience with Copilot,” says Tom Heath, senior business program manager for Microsoft Digital. “It lets you seamlessly modify, share, and collaborate on any Copilot Chat result, which means ideas that start in Copilot Chat are solidified and developed more quickly using Pages.”

{Learn how we’re using Copilot Pages here at Microsoft.}

Key takeaways

Here are some tips for getting more out of Microsoft Teams and its AI-powered features at your organization:

• An indispensable tool: The rapidly advancing capabilities of AI-driven tools like Microsoft 365 Copilot can make Microsoft Teams an even more powerful and indispensable application for collaboration and creativity at your company.
• More focus and engagement: By taking advantage of Teams features like Intelligent Recap and Facilitator, your employees will be more focused and engaged in meetings, and able to quickly catch up on what they might have missed during the meeting and afterwards.
• Instant chat support: Thanks to language tools in Teams like Rewrite with Copilot, prewritten prompts, and summary functionality, your employees can communicate more effectively and spend less time composing messages, typing up queries, and scrolling through long chats to gather context.
• On-the-fly translation: We’ve entered a new era of language translation with the introduction of the Interpreter agent for Teams meetings. This groundbreaking feature offers real-time, AI-generated translation in each participant’s preferred language, helping them better grasp the meaning of what’s being shared and feel more comfortable participating.
• Powerful collaboration: As Copilot Chat becomes an essential tool for human-AI collaboration, Copilot Pages offers an easy way for your employees to move content from the chat into a “multi-player” canvas that allows everyone to work together to refine their ideas. The Pages content is then shareable to Teams, allowing for further smooth collaboration.

Try it out

• Learn more about how Microsoft Teams can transform the way your organization communicates.  
• Join the Microsoft Teams public preview program to get early access to the latest features.

Related links

• Check out different ways to use Microsoft 365 Copilot in Teams.
• Explore how that we’re reimagining collaborative work with Microsoft Teams and AI agents.
• Learn how we catch up on missed meetings from anywhere with the Audio Recap feature in Teams.
• Discover ways the Facilitator feature is transforming our meetings in Microsoft Teams.
• Read more about the advantages of Intelligent Recaps in Microsoft Teams Premium.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Five ways we’re getting more out of Microsoft Teams in the era of AI and Microsoft 365 Copilot appeared first on Inside Track Blog.

The increasing prevalence of cloud-based services, mobile computing, internet of things (IoT), and bring your own device (BYOD) in the workforce have changed the technology landscape for the modern enterprise. Security architectures that rely on network firewalls and virtual private networks (VPNs) to isolate and restrict access to corporate technology resources and services are no longer sufficient for a workforce that regularly requires access to applications and resources that exist beyond traditional corporate network boundaries.

The shift to the internet as the network of choice and the continuously evolving threats led us to adopt a Zero Trust security model internally here at Microsoft. Though our journey began many years ago, we expect that it will continue to evolve for years to come.

Carmichael Patton, a principal security architect at Microsoft, shares about the work that his team in the Chief Information Security Office (CISO) organization has been doing to support a Zero Trust security model.

The Zero Trust model

Based on the principle of verified trust—in order to trust, you must first verify—Zero Trust eliminates the inherent trust that is assumed inside the traditional corporate network. Zero Trust architecture reduces risk across all environments by establishing strong identity verification, validating device compliance prior to granting access, and ensuring least privilege access to only explicitly authorized resources.

Zero Trust requires that every transaction between systems (user identity, device, network, and applications) be validated and proven trustworthy before the transaction can occur. In an ideal Zero Trust environment, the following behaviors are required:

• Identities are validated and secure with phishing-resistant authentication (MFA) everywhere. Using phishing-resistant authentication eliminates password expirations and eventually will eliminate passwords. The added use of biometrics ensures strong authentication for user-backed identities.
• Devices are managed and validated as healthy. Device health validation is required. All device types and operating systems must meet a required minimum health state as a condition of access to any Microsoft resource.
• Telemetry is pervasive. Pervasive data and telemetry are used to understand the current security state, identify gaps in coverage, validate the impact of new controls, and correlate data across all applications and services in the environment. Robust and standardized auditing, monitoring, and telemetry capabilities are core requirements across users, devices, applications, services, and access patterns.
• Least privilege access is enforced. Limit access to only the applications, services, and infrastructure required to perform the job function. Access solutions that provide broad access to networks without segmentation or are scoped to specific resources, such as broad access VPN, must be eliminated.

Zero Trust scenarios

We have identified four core scenarios at Microsoft to help achieve Zero Trust. These scenarios satisfy the requirements for strong identity, enrollment in device management and device-health validation, alternative access for unmanaged devices, and validation of application health. The core scenarios are described here:

• Scenario 1: Applications and services have the mechanisms to validate multifactor authentication and device health.
• Scenario 2: Employees can enroll devices into a modern management system which guarantees the health of the device to control access to company resources.
• Scenario 3: Employees and business guests have a method to access corporate resources when not using a managed device.
• Scenario 4: Access to resources is limited to the minimum required—least privilege access—to perform a specified function.

Zero Trust scope and phases

We’re taking a structured approach toward Zero Trust, an effort that spans many technologies and organizations and requires investments that will carry over multiple years. The graphic below represents a high-level view of the Zero Trust goals—grouped into our core Zero Trust pillars—that we continually work toward.

While these goals don’t represent the full scope of the Zero Trust efforts and work streams, they capture the most significant areas of Zero Trust effort at Microsoft.

Pillars of the Microsoft Zero Trust model

Scope

Our initial scope for implementing Zero Trust focused on common corporate services used across our enterprise—our employees, partners, and vendors. Our Zero Trust implementation targeted the core set of applications that Microsoft employees use daily (e.g., Microsoft 365 apps, line-of-business apps) on platforms like iOS, Android, MacOS, Linux, and Windows. As we have progressed, our focus has expanded to include all applications used across Microsoft. Any corporate-owned or personal device that accesses company resources must be managed through our device management systems.

Verify identity

To begin enhancing security for the environment, we implemented MFA using smart cards to control administrative access to servers. We later expanded the multifactor authentication requirement to include all users accessing resources from outside the corporate network. The massive increase in mobile devices connecting to corporate resources pushed us to evolve our multifactor authentication system from physical smart cards to a phone-based challenge (phone-factor) and later into a more modern experience using the Microsoft Azure Authenticator application.

The next step in this area is the widespread deployment of Windows Hello for Business for biometric authentication. While Windows Hello hasn’t completely eliminated passwords in our environment, it has significantly reduced password usage and enabled us to remove our password-expiration policy. Additionally, multifactor authentication validation is required for all accounts, including guest accounts, when accessing Microsoft resources.

Our most recent efforts involve rolling out phishing-resistant authentication credentials through Passkey options in the Microsoft Authenticator app, with YUBIKeys as an option for limited-scale use cases. Additionally, all new employee onboarding is now run through a process for Passkey configuration, without the use of a password from day one.

Verify device

Our first step toward device verification was enrolling devices into a device-management system. We have since completed the rollout of device management for Windows, Mac, Linux, iOS, and Android. Many of our high-traffic applications and services, such as Microsoft 365 and VPN, enforce device health for user access.

Additionally, we’ve started using device management to enable proper device health validation, a foundational component that allows us to set and enforce health policies for devices accessing Microsoft resources. We’re using Windows Autopilot for device provisioning, which ensures that all new Windows devices delivered to employees are already enrolled in our modern device management system.

Devices accessing the corporate network must also be enrolled in the device-management system. This includes both Microsoft-owned devices and personal BYOD devices. If employees want to use their personal devices to access Microsoft resources, the devices must be enrolled and adhere to the same device-health policies that govern corporate-owned devices.

For devices where enrollment in device management isn’t an option, we’ve created a secure access model called Microsoft Azure Virtual Desktop. Virtual Desktop creates a session with a virtual machine that meets the device-management requirements. This allows individuals using unmanaged devices to securely access select Microsoft resources.

There is still work remaining within the verify device pillar. We’re in the process of maturing device management for Linux devices and expanding the number of applications enforcing device management to eventually include all applications and services. We’re expanding the number of resources available when connecting through the Virtual Desktop service. We’re also expanding to other devices, such as the Meta Quest headsets, conference room devices, and kiosks. Finally, we’re making device-health policies more robust and enabling validation across all applications and services.

Verify access

In the verify access pillar, we focused on segmenting users and devices across purpose-built networks, migrating all Microsoft employees to use the internet as the default network, and automatically routing users and devices to appropriate network segments. We successfully deployed several network segments, both for users and devices, including internet-default wired and wireless networks across all Microsoft buildings. All users received policy updates to their systems, thus making this internet-based network their new default.

As part of this network rollout, we deployed a device-registration portal. This portal allows users to self-identify, register, or modify devices to ensure that the devices connect to the appropriate network segment. Through this portal, users can register guest devices, user devices, and IoT devices.

We also created specialized segments, including purpose-built segments for the various IoT devices and scenarios used throughout the organization. We completed the migration of our highest-priority IoT devices in Microsoft offices into the appropriate segments.

Verify services

In the verify services pillar, our efforts center on enabling conditional access across all applications and services. To achieve full conditional access validation, a key effort requires modernizing legacy applications or implementing solutions for applications and services that can’t natively support conditional access systems. This has the added benefit of reducing the dependency on VPN and the corporate network.

Microsoft has adopted a hybrid workplace and a large percentage of our employees have transitioned to work from home. This shift has meant greatly increased use of remote network connectivity. Gradually, we have been able to successfully engage application owners in our plans to make applications and services accessible over the internet without VPN, and we’ve been able to transition 98% of our workloads to internet-facing services.

For those services that remain on-premises or are behind Azure Private Endpoints, we have enabled Azure VPN, which we’ve migrated from “always on” to manual access when a VPN is required. Our goal is to further reduce dependency on VPNs in order to restrict access to only required services, rather than the broader access that VPNs provide. We also further reduced the risk of lateral movement by implementing the Entra Secure Service Edge solution.  

Implementing Entra SSE allows us to provide secure tunnel access through Private Access and Internet Access for Microsoft Services. For Microsoft-specific SaaS solutions like Microsoft 365 and Microsoft Dynamics, the Internet Access for Microsoft Services gives us important functionality, including token protection and the ability to prevent man-in-the-middle (MitM) attacks.

We are also working on onboarding our on-premises and Private Endpoints through Private Access. In addition to helping deal with MitM attacks and token protection, this allows for direct service connections from the client to the service, without allowing broader access to other services that an employee should not have direct access to.

Zero Trust architecture with Microsoft services

The graphic below provides a simplified reference architecture for our approach to implementing Zero Trust. The primary components of this process are Intune for device management and device security policy configuration, Microsoft Entra Conditional Access for device health validation, and Microsoft Entra ID for user and device inventory.

The system works with Intune, by pushing device configuration requirements to the managed devices. The device then generates a statement of health, which is stored in Microsoft Entra ID. When the device user requests access to a resource, the device health state is verified as part of the authentication exchange with Microsoft Entra ID.

Microsoft Security Zero Trust access model

A transition that’s paying off

In our transition to a Zero Trust model, we continue to make consistent progress. Over the last several years, we’ve increased identity-authentication strength with expanded coverage of strong authentication, a transition to biometrics-based authentication by using Windows Hello for Business, and phishing-resistant credentials for all supported platforms. We’ve deployed device management and device-health validation capabilities across all major platforms. We’ve also launched a Windows Virtual Desktop system that provides secure access to company resources from unmanaged devices and is Zero Trust compliant by design.

As we continue our progress, we’re making ongoing investments in Zero Trust. We’re expanding health-validation capabilities across devices and applications, increasing the Virtual Desktop features to cover more use cases, and implementing better controls on our network. After reducing (and eliminating when possible) our dependencies on VPN, our next chapter is to migrate to a more modern secure tunnel per application.

Each enterprise that adopts Zero Trust will need to determine what approach best suits their unique environment. This includes balancing risk profiles with access methods, defining the scope for the implementation of Zero Trust in their environments, and determining what specific verifications they want to require for users to gain access to their company resources. In all of this, encouraging the organization-wide embrace of Zero Trust is critical to success, no matter where you decide to begin your transition.

Key takeaways

Here are some tips for moving to a Zero Trust security model at your company:

• Collect telemetry and evaluate risks, then set goals.​
• Get to modern identity and MFA—then onboard to Microsoft Entra ID.​
• For conditional access enforcement, focus on your most-used applications to ensure maximum coverage.​
• Start with simple policies for device health enforcement, such as device lock or password complexity. ​
• Run pilots and ringed rollouts. Slow and steady wins the race. ​
• Migrate your users to the internet and monitor VPN traffic to understand internal dependencies.​
• Focus on the user experience, which is critical to employee productivity and morale. Without adoption, your program won’t be successful.​
• Communication is key—bring your employees on the journey with you! ​
• Assign performance indicators and goals for all workstreams and elements, including employee sentiment.

Try it out

Learn how your organization can protect and modernize with a shift to a Zero Trust strategy.

Related links

• Learn more about the concept of Zero Trust.
• Explore improving security by protecting elevated-privilege accounts at Microsoft.
• Find out how we keep our in-house optical network safe with a Zero Trust mentality.
• See how we’re implementing strong user authentication with Windows Hello for Business internally at Microsoft.
• Read our Microsoft Security Zero Trust blogs.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Implementing a Zero Trust security model at Microsoft appeared first on Inside Track Blog.