Highlighted in the third edition of the Microsoft Digital Defense Report, ransomware and extortion are considered nation-level threats due to the sophistication and boldness of attacks and their financial impact. No business, organization, or government can be considered safe from the crosshairs of ransomware threat actors. Experts estimate that ransomware’s cost to the world could reach $234 billion within the next decade.

To defend against the evolving ransomware landscape, Microsoft created the Optimal Ransomware Resiliency State (ORRS), a key component of its Ransomware Elimination Program.

This post, the third in our series on ransomware, overviews the concept of ORRS and the steps that you can take to build a ransomware resiliency state of your own.

[Read blog one in our ransomware series: Sharing how Microsoft protects against ransomware. | Read blog two in our ransomware series: Why Microsoft uses a playbook to guard against ransomware.]

What is ORRS?

Optimal Ransomware Resiliency State is the term that the Ransomware Elimination Program team uses to describe our aspiration to defeat ransomware attacks—today and in the future.

Optimal means we’re doing everything we can do—all the ORRS-required capabilities and controls are in place and verified.

—Monty LaRue, principal program manager, Ransomware Elimination Program team

Specifically, ORRS is the outcome of meeting the requirements covering an extensive set of protection and operational capabilities. Built on the foundation of Zero Trust, our ORRS consists of the collection of requirements for training, capabilities, and controls aligned to the NIST Cybersecurity framework and supported by continuously improved processes and practices. These requirements are common across Microsoft’s business, service, and product groups. Their complete implementation produces an organization-wide state of readiness that protects and defends the company and its customers, while also minimizing exposure and increasing resiliency to ransomware attacks.

“Optimal means we’re doing everything we can do—all the ORRS-required capabilities and controls are in place and verified,” says Monty LaRue, the principal program manager on the Ransomware Elimination Program team.

“It’s about achieving that optimal state through the deployment and operationalization of products, like Microsoft Defender for Endpoint for devices, covering our assets, applications, and infrastructure. We consider training and awareness to be a crucial part of ORRS. It’s essential that everyone knows how to recognize threats and how to respond appropriately. Our toolkit includes, incident response plans and playbooks, phishing education and simulation, and other simulation exercises.”

Partnerships are key to producing optimal resiliency

The role of partnerships and teamwork cannot be understated in the development and maintenance of our Optimal Ransomware Resiliency State. The approach must be holistic and cohesive, closing gaps and seams where possible.

Collaboration and open lines of communication with key stakeholders across Microsoft ensure that products and systems with protection needs are accounted for; likewise, Microsoft’s Ransomware team provides requirements to partnering teams to ensure they are equipped and running the latest defensive measures to minimize their attack surface. All involved parties have a deep understanding of their role in keeping the enterprise and our customers safe.

“We’re looking at Microsoft 365, Windows, and Azure,” LaRue says. “We’re looking at the people running MacOS, Linux, and personal devices within Microsoft. If the platforms and foundations follow Zero Trust principles and highly resilient to ransomware attacks, everything built on top shares that benefit.”

The REP team also has close ties to Microsoft’s threat intelligence and research teams, which provide information on the threat landscape and how attackers’ techniques, tactics, and procedures evolve and trend on a regular basis. They also work with internal Security Operation Centers (SOCs), which monitor threat actors and provide insights via attack data and post-mortems.

The more you prevent and protect, the less you have to respond and recover. The further you are in an attack sequence, the more complex and expensive it is to respond and recover.

—Monty LaRue, principal program manager, Ransomware Elimination Program team

Maintaining our Optimal Ransomware Resiliency State also involves using existing technology, such as Microsoft Defender suite, with a continuous improvement approach to take advantage of their latest capabilities and threat information. Learnings and insights from the ransomware program team flow back to the product and engineering teams in the form of enhancements or new requirements and features, helping to further improve our commercial products and services. One example of this is the detection of abnormal file activities, such as encryption or exfiltration, for data stores and backups in commercial services such as OneDrive, SharePoint, and Microsoft Azure which extends beyond Microsoft’s walls to protect all customers.

The practice of continuous improvement is also applied to the response procedures that make up the ransomware incident response playbook. Tabletop exercises based on new threats and information help to uncover gaps in response procedures, while simulations stress test the response system to ensure the involved security professionals have response readiness excellence should an attack ever breach our protective capabilities and controls.

Our commitment to company-wide alignment reduces the risk of a successful attack and the chance of a resulting payoff. “The more you prevent and protect, the less you have to respond and recover,” LaRue says. “The further you are in an attack sequence, the more complex and expensive it is to respond and recover.”

Building toward an optimal state

As we’ve seen throughout this series, ransomware is evolving and attackers are opportunistic. The goalposts for protection continue to shift, and ransomware’s impact on the world shows no signs of slowing. Because of this, there is no universal optimal resiliency state. Every organization’s situation is unique, from level of exposure to threats, to capabilities and services deployed, to protection needs, so every organization’s optimal state must be tailored to their business and risk tolerances.

“The Optimal Ransomware Resiliency State means different things to each organization, it’s different depending on whether your systems are physical, in the cloud, or hybrid, if you provide high availability services or large data stores, and if you work with highly confidential or sensitive data in regulated environments,” LaRue says.

The task of building an optimal ransomware resiliency state begins with a comprehensive inventory of the current state—and that means asking a lot of questions and doing verifications. Start with an understanding of which business-critical systems and services across the organization must be defended and why. It also means understanding the systems themselves, their dependencies, which configurations and controls are enabled, as well as the state of existing ransomware readiness capabilities. Such an inventory can shed light on high-value targets and the unforeseen risks to them exposing potential weaknesses and highlighting strengths.

The process of establishing your current state is insightful and has the potential to be humbling, but it encourages taking the next steps in developing your ORRS roadmap. This may include investments in training for response readiness or new technologies to reduce attack surface risk, but all optimal resiliency states require implementing a continuous improvement process to keep the organization and those that depend on it safe now and in the future.

Microsoft’s investment in the Ransomware Elimination Program highlights our commitment to defeating successful ransomware attacks. Establishing our ORRS provides us with learnings and guides us to improving our security posture, which helps the company produce secure and dependable products and services.

Ransomware may be one of the biggest security threats to your organization. Taking up the challenge to develop your own ransomware resiliency state will put you on a path forward to protecting and defending what matters most.

• You will define optimal for your organization, but attackers will always be looking for new avenues. You must be able to shift focus and update ORRS quickly to match the threat and attacker’s agility.
• Ransomware elimination starts with a shared understanding, frameworks e.g., Zero Trust, and defining your ORRS. Core protections such as MFA, pervasive backups, comprehensive telemetry and alerts, as part of a holistic, cohesive effort that spans devices and services are crucial in responding to cyberthreats like ransomware.
• Implementing tamper-resistant security capabilities and controls, and attack surface reductions reduces your malware related risks.
• Understanding the right investments is difficult, especially when threats and attackers are moving fast. Engage early and often within your organization to understand your assets, risks, and state as you define your ORRS and implement capabilities, controls, processes, and practices.

• Read blog one in our ransomware series: Sharing how Microsoft protects against ransomware.
• Read blog two in our ransomware series: Why Microsoft uses a playbook to guard against ransomware.
• Learn more about human-operated ransomware.
• Discover how Microsoft’s Zero Trust effort keeps the company secure.
• Find out how Microsoft is building a safer world together with our partners.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Building an anti-ransomware program at Microsoft focused on an Optimal Ransomware Resiliency State appeared first on Inside Track Blog.

There’s a new way to include video in your projects thanks to the modern Microsoft Stream experience. Now native to Microsoft 365, Microsoft Stream, Microsoft’s internal video platform, empowers users to easily create, edit, upload, and publish videos to be shared inside an enterprise.

“The last few years have really shown the importance of video for hybrid work,” says Farnaz Hafezi, a program manager with Microsoft Digital Employee Experience, the organization that powers, protects, and transforms the company. “It helps us collaborate, communicate, and educate. We’ve seen a significant increase in video within our tenant.”

From recordings of Microsoft Teams meetings to short explainer videos to polished studio productions, video plays a big role at Microsoft. The revamped video platform, which is more customizable, secure, and offers better analytics and features, allows teams across Microsoft to easily release impactful content.

Now, thanks to the modern Microsoft Stream experience, early adopters at Microsoft are seeing the benefits of the upgraded product.

[Find out how Microsoft is redefining the intranet experience with SharePoint. Discover how Microsoft moved its large meetings online with live events in Microsoft 365. Read chasing the sun with live event capabilities in Microsoft 365.]

A modern spin on a familiar classic

For most of its history, Microsoft Stream was a separate solution integrated into Microsoft 365 instead of using native SharePoint and OneDrive storage like all other files.

Several factors led us to this vision—most of what people wanted added to Stream is already available through SharePoint. Customers are used to eDiscovery, retention, permission models, Microsoft Search, APIs, and analytics for files in SharePoint. They wanted video experiences that had those capabilities too, just like the other files in Microsoft 365.

—Marc Mroz, product manager, Office Media group

And while the product and its features had a large following, it didn’t perfectly align with user and IT admin expectations.

This created an opportunity to create a new experience.

“Several factors led us to this vision—most of what people wanted added to Stream is already available through SharePoint,” says Marc Mroz, a product manager for Microsoft’s Office Media group. “Customers are used to eDiscovery, retention, permission models, Microsoft Search, APIs, and analytics for files in SharePoint. They wanted video experiences that had those capabilities too, just like the other files in Microsoft 365.”

While it was possible to replicate the governance, administrative, and other capabilities of SharePoint, it would require a big effort to reach and maintain parity, matching all the functions commonly found within a product like Microsoft 365. Left in a separate solution outside of SharePoint storage, the classic experience would constantly be playing catchup to align with Microsoft 365’s features.

In pivoting to SharePoint storage, customers would get the benefits of the platform and developers would be able to offer popular features without the same degree of custom work that replication in the classic experience would require.

Bringing the modern Microsoft Stream experience to users

Microsoft Digital Employee Experience and the Office Media group engaged with teams throughout Microsoft to both promote adoption and gather feedback.

“New features for end users were coming out quickly,” Hafezi says. “We needed to make sure site admins were aware of the new experience.”

There are things we can do in modern Stream that were difficult to do in classic. Our team is a mix of employees and vendors at any given time, but the whole team needs to be able to do authoring and manage videos. Anything you can do in SharePoint, including guest permissions, is now available to us.

—David Potts, site administrator, MSW

As part of this effort, the two teams helped organizations around Microsoft employ the new platform. Organizations received hands on assistance in moving videos over to the new experience, including setting up portals so that enterprise videos could take advantage of the new product.

Immediately upon adoption, content administrators and video coordinators unlocked the benefits of Microsoft Stream being in SharePoint.

“There are things we can do in modern Stream that were difficult to do in classic,” says David Potts, a site administrator for MSW, an internal-facing intranet where employees and partners at Microsoft can discover important company news and events. “Our team is a mix of employees and vendors at any given time, but the whole team needs to be able to do authoring and manage videos. Anything you can do in SharePoint, including guest permissions, is now available to us.”

The Microsoft 365 features these users longed for, like analytics, searchability, governance, and better security, were now available. Everything was in one place, which makes it easier for editing and posting enterprise videos. It hasn’t taken long for popular features from classic Microsoft Stream, like automatically creating transcripts, have made their way over to the modern experience, but enhanced by Microsoft 365.

But there’s another way for users to reap benefits of the move.

Discovering the modern Microsoft Stream experience for yourself

While Microsoft Digital Employee Experience and the Office Media group helped teams like MSW convert to the modern Microsoft Stream experience, other organizations took advantage of public guidance on how to use enterprise video in SharePoint, thus successfully making the move independently.

“A lot of documentation came out letting people know what was already possible in the modern experience,” Mroz says. “Many people were already familiar with what they can do in SharePoint, we just helped connect the dots and showed them how to make a video destination, how to organize by folder, keyword, or metadata.”

One of these teams includes Worldwide Customer Success Account Manager (CSAM) Enablement, part of the Customer Success Organization at Microsoft. Responsible for supporting continuing education within CSAM through the use of training presentations, live events, podcasts, and video, the modern Microsoft Stream experience was a major opportunity for a team who relies heavily on video.

“When I started, there were around 50 videos on classic,” says Miranda Grueiro, a business program manager with Worldwide CSAM Enablement. “Over the course of a year, the demand for video learning and recording rapidly expanded we’re up to 132 videos and counting. We needed to make it easier to find and update our content.”

When Grueiro heard about the modern Microsoft Stream experience on SharePoint, it was clear CSAM could simplify video workflows while also creating a curated space where PowerPoints, diagrams, and videos all lived in harmony.

Using the public-facing guide for using Microsoft Stream, Grueiro found that videos could be edited, uploaded, and tagged to different areas. Wherever the video was tagged, it would surface correctly so that people could effortlessly find it.

Enterprise videos are now a regular part of the CSAM learning environment.

“Videos used to be all on their own, we had maybe two pages of embedded video links in a pivot table,” Grueiro says. “Now we have actual videos on every turn, every corner, sometimes as many as twelve in a film strip. We made consumable pages that incorporate all modalities for our users.”

A better experience for everyone

From site administrators to casual viewers, the modern Microsoft Stream experience is already having a big impact on the way the company engages with enterprise video.

Microsoft Digital Employee Experience has been able to optimize video, this includes creating policies for how long videos are stored within the system, a major cost saver.

“In Microsoft Stream classic, we noticed a lot of stale data that wasn’t being used,” Hafezi says. “We couldn’t easily go in and tell owners that an older video would be removed. In the modern Microsoft Stream experience, we can use the same retention policies and features available in Microsoft 365 to help reduce that workload and archive old content.”

Performance improvements within the SharePoint environment mean videos load faster and play better. Users can take advantage of Microsoft Search to easily connect with videos.

“All the metadata, title, descriptions, and transcripts are discoverable in Search,” Potts says. “If I’m looking for an Annie Liebowitz’ presentation from a few months ago, I can go into Microsoft Search and it will return the video. If I know there was a presentation about a recipe book, I can search those terms and find the recording of J. Kenji Lopez-Alt.”

In addition to easier workflows and improved functionality, site administrators now have access to deeper analytics, including important trends, like which videos are being watched the most, when, for how long, and how many unique viewers.

But there’s still a lot more to come.

What’s possible with the modern Microsoft Stream experience

Now that Microsoft Stream is inside Microsoft 365 and new features are being released at a regular clip, site administrators in charge of enterprise video are finding a plethora of tools and functions to play with.

The story doesn’t end here. A new migration tool is being developed to help teams across Microsoft move videos from Microsoft Azure over to SharePoint. We’re helping to pilot and test the migration tool. We have one of the largest sized tenants in the world to migrate, so we want to be strategic.

—Farnaz Hafezi, program manager, Microsoft Digital Employee Experience

“Automation is definitely the next step for us,” Potts says. “I can get efficiencies out of PowerApps and Power Automate to update metadata, move files around, create archives outside of SharePoint, and notify a group of employees that a relevant video has been posted. I definitely couldn’t do that in classic.”

As more and more teams adopt the modern Microsoft Stream experience, Microsoft Digital Employee Experience is trailblazing a method for a large-scale migration of video content from the classic environment.

“The story doesn’t end here,” Hafezi says. “A new migration tool is being developed to help teams across Microsoft move videos from Microsoft Azure over to SharePoint. We’re helping to pilot and test the migration tool. We have one of the largest sized tenants in the world to migrate, so we want to be strategic.”

The question now is how Microsoft will grab hundreds of videos from archive and bring them over, but in the meantime, teams everywhere can take advantage of the modern Microsoft Stream experience inside Microsoft 365.

“We just wanted to inspire organizations to create these video destinations,” Mroz says. “It’ll look better and be more purpose fit than classic could ever do. Now we have an out-of-the-box video platform built into SharePoint, and when we show it to customers, they get it.”

• When moving from classic to the modern Microsoft Stream experience, take stock of your current inventory, especially if you have a large archive of Microsoft Teams recordings. Not every video is going to be worth the effort of bringing along.
• Thanks to the way SharePoint sites populate content, you can elegantly use parent and child sites to share content to targeted audiences without having to duplicate efforts
• Keep your SharePoint organized; this was true before Microsoft Stream came to Windows 365 and it’s still true after
• Video is a great way to onboard new employees or offer just-in-time training. Microsoft Stream’s compatibility with Microsoft Search makes it easy for connections to be made

• Find out how Microsoft is redefining the intranet experience with SharePoint.
• Discover how Microsoft moved its large meetings online with live events in Microsoft 365.
• Read chasing the sun with live event capabilities in Microsoft 365.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Corporate video at Microsoft gets a big upgrade thanks to the modern Microsoft Stream experience appeared first on Inside Track Blog.

Looking to find your benefits, adjust withholdings, or find a specific policy? Microsoft employees can get this information and more through HRWeb: its internal human resources site that serves as a central hub for a variety of important employment information.

As part of a company-wide push to improve employee experience and meet employee needs around the globe, HRWeb is now supported by the modern experience in SharePoint, which, along with being integrated into Microsoft 365, has been optimized for a better user experience, including mobility.

HRWeb is a critical asset for HR from a standpoint of supporting employees. We try to make sure employees are connected to resources in the best way possible so that they can spend their time focusing on their customers, effectively empowering the people who empower every person and organization on the planet to achieve more.

—Corinne Dubedat, HR director, HR Services

“Through this migration, we improved the performance, accessibility, and reliability of our HRWeb platform while also reducing the cost to maintain it,” says Sam Crewdson, a principal program manager with Microsoft Digital Employee Experience, the organization that powers, protects, and transforms the company. “The platform, the way it’s built, it’s more what-you-see-is-what-you-get. It’s no longer complex.”

And this transformation is critical to empowering self-service at Microsoft. There’s no need to file a help desk ticket or to go looking for someone to help you when you can find what you need with a quick search.

“HRWeb is a critical asset for HR from a standpoint of supporting employees,” says Corinne Dubedat, HR director for Employee Support Experiences within HR Services. “We try to make sure employees are connected to resources in the best way possible so that they can spend their time focusing on their customers, effectively empowering the people who empower every person and organization on the planet to achieve more.”

With the modern platform in place, the company’s more than 220,000 employees can find the information they need in a snap, but it’s also easier for HR to manage content at scale. All of this translates into the kind of experience employees expect from Microsoft.

[Learn more about using the SharePoint Framework to build out customization in SharePoint. Find out how Microsoft is redefining the intranet experience with SharePoint.]

Save the best for last

Since 2016, Microsoft Digital Employee Experience has been migrating major functions across the company from classic to the modern experience in SharePoint. This Herculean effort has focused on moving over high-traffic portals—including corporate communications, IT, legal, and the corporate library—all without disturbing users.

“HRWeb has some unique needs that made us put it at the end of the list,” Crewdson says. “We needed it to be able to target by specific role, geography, and company code, otherwise users wouldn’t be able to easily find the right information.”

Because Microsoft has a presence in so many different countries and regions (it has subsidiaries in 122 countries and regions), it needs policies that reflect these different regulatory environments. Users on HRWeb should only see content that’s appropriate for their circumstances, which means a policy search should return information relevant to a specific user.

The same could be said of different roles, like what information a manager might have access to that an employee might not.

When you factor this across Microsoft’s large number of teams, vast global presence, and specific roles, the personalization requirements only compound.

But there was a vision for meeting HRWeb’s personalization needs.

Getting the fit just right

While most of the out-of-the-box functions within SharePoint would be an upgrade for HRWeb, including user targeting, Microsoft’s complicated global footprint would require some custom code.

Fortunately, the product was built for that.

We saw the modern experience in SharePoint as the perfect landing place for us going forward from a user standpoint. So when we went from classic to modern, we revamped how the content was tagged. It enabled us to be able to take information and make it available in more relevant locations for the users.

—Andy Hopkins, software engineer, Microsoft Digital Employee Experience

“The SharePoint Framework empowers anyone to build for this platform,” Crewdson says. “A web developer can be a SharePoint developer as well.”

This meant that Microsoft Digital Employee Experience could work closely with the Employee Support Experiences team and product groups to get the solution exactly right for HRWeb’s needs.

“We saw the modern experience in SharePoint as the perfect landing place for us going forward from a user standpoint,” says Andy Hopkins, a software engineer with Microsoft Digital Employee Experience who helped ready HRWeb for the move. “So when we went from classic to modern, we revamped how the content was tagged. It enabled us to be able to take information and make it available in more relevant locations for the users.”

This move opened up the ability to access content on HRWeb in a personalized and scalable way.

The shift was also an important part of Microsoft’s commitment to accessibility, with the modern SharePoint giving users everything they need to use and navigate the platform by default.

But Employee Support Experiences saw this migration as more than just a system upgrade.

An opportunity to hit the refresh button

It wasn’t just the backend that was changing for HRWeb. The transformation was extending to the content that employees would engage with as well.

“The move gave us an opportunity to align a few things while also getting the latest and greatest,” says Jodi Kogan, a senior manager of HR content and knowledge on the Employee Support Experiences team, who led the team responsible for the audit and the business requirements for the site redesign and migration. “We didn’t want to just do a lift and shift; we wanted to improve the experience for employees.”

The features in the modern experience for SharePoint make it easier to do this. We’re able to personalize content better. We can also reuse content and tag things so that it shows up in the right places. This way we can surface content in a way that isn’t manual.

—Jodi Kogan, senior manager of HR content and knowledge, HR Services

Migrating to the modern experience in SharePoint meant the Employee Support Experiences team could perform an internal audit across all the content, develop new style guides, and simplify HRWeb, making it easier to navigate and search.

This meant getting rid of what didn’t make sense and ensuring content was going to the relevant persona.

“The features in the modern experience for SharePoint make it easier to do this. We’re able to personalize content better,” Kogan says. “We can also reuse content and tag things so that it shows up in the right places. This way we can surface content in a way that isn’t manual.”

Using Microsoft Azure Active Directory to define groups and then tags to define content, the Employee Support Experiences team can ensure the right content showed up in the right country or region for the right role. And since content is centralized in SharePoint, it is easy to edit and then disseminate to appropriate users without oversharing.

A foundational experience to power the future of Microsoft

“If you’re spending a lot of time looking for something simple, that’s wasted time,” Dubedat says. “We don’t want to make people hunt through content. Eventually, we want to envision a world where we remove the need to even go to HRWeb, because the information can be found from anywhere.”

We reduced the number of server calls by around two-thirds. We think we can get it down even more, which makes HRWeb faster, less expensive, and perform better. End-users get a faster and better HRWeb, and we have something that’s more reliable and scalable.

—Sam Crewdson, principal program manager, Microsoft Digital Employee Experience

Integration with Microsoft Search, made possible by the move to the modern experience in SharePoint, is one of the initial efforts to seamlessly connect employees to HRWeb’s content. The content audit and migration are also empowering advisors and a virtual assistant, enabling stakeholders to find the right information faster.

Part of that is due to the new tags and personalization features, but it’s also due to improved performance.

“We reduced the number of server calls by around two-thirds,” Crewdson says. “We think we can get it down even more, which makes HRWeb faster, less expensive, and perform better. End-users get a faster and better HRWeb, and we have something that’s more reliable and scalable.”

Now that a new backend platform is in place, the Employee Support Experiences team is working on introducing further improvements to the content that lives on HRWeb. This includes even more personalization for employees.

“Everything has a new look and feel, and the feedback has been favorable,” Kogan says. “We want to do even more to improve the UX and reduce the number of touchpoints.”

And these new features? They’re possible because HRWeb is now on the modern experience in SharePoint.

“What started out as being just a lift and shift ultimately ended up adding some new interesting features,” Hopkins says. “The SharePoint Framework really exposes the ability to create components with some basic standard web development tools. That’s a huge benefit to the end user and administrator.”

• The modern experience in SharePoint covers most of your intranet feature requirements out of the box, including mobile responsiveness. The SharePoint Framework enables developers who are familiar with common tools to integrate custom solutions with ease.
• Content owners can publish directly inside SharePoint, freeing up other team members to take on other roles.
• A good intranet reduces the number of steps it takes to find information. Integration with other Microsoft 365 tools, like Microsoft Search, puts information into the hands of users faster and from anywhere.
• Using groups in Azure Active Directory along with tags targets content to specific profiles. This enables scaling and personalization without having to republish content to multiple different locations.

• Learn more about using the SharePoint Framework to build out customization in SharePoint.
• Find out how Microsoft is redefining the intranet experience with SharePoint.
• See how Microsoft is helping its employees understand their value with the Total Rewards Portal.
• Learn how Microsoft is answering its employees’ HR-related questions with Dynamics 365 and the Power Platform.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Microsoft’s HR portal gets personal, thanks to the modern experience in SharePoint appeared first on Inside Track Blog.

“The cool stuff, the end user stuff, you can get it in one space, but it’s a lot harder to evolve and build it out at scale,” says Kyle Getty, a senior developer with Microsoft Digital, the organization that powers, protects, and transforms the company. “You need a smart platform, a way to do more, faster, and easier, to replicate those experiences in 600 buildings.”

What’s the bare-bones minimum way to connect to Azure Digital Twins? We want to simplify and consolidate declaratively in the build, then let the different teams handle the deployment.

—Kyle Getty, senior developer, Microsoft Digital

To get to these smart building scenarios, Microsoft Digital needs to bring several pieces together. That’s where CI/CD comes in. CI/CD utilizes pipelines—automated processes and tools for build and release steps—which enables teams to build services and packages with greater speed and efficiency.

When used with templates, which combine the content of multiple files into a single pipeline, CI/CD can quickly support incremental changes to deliverables without introducing errors.

[Discover how Microsoft is creating the digital workplace. Learn how Microsoft uses Azure Digital Twins and IoT to modernize its buildings.]

A better way to deliver experiences at scale

Microsoft Azure Digital Twins, which serves as a virtual model of a physical space or object, is pivotal to Microsoft’s strategy for engineering real-world experiences. When a new model or change comes in, the faster it’s available, the faster an experience can be built.

“What’s the bare-bones minimum way to connect to Azure Digital Twins?” Getty says. “We want to simplify and consolidate declaratively in the build, then let the different teams handle the deployment.”

By using CI/CD for Microsoft Azure Digital Twins, Microsoft Digital reduces the number of repetitive and manual tasks required to build and deploy features. Not only does this structured approach accelerate iterative deployment, it introduces extensibility, allowing the organization to create new ways of interacting with smart building features.

This saves Microsoft significant time and avoids a few key obstacles.

“A lot of teams are trying to go from monolith to microservices,” says Michael Bir, a senior software engineer with Microsoft Digital, speaking of the architectural shift from a large system to several smaller ones to improve scalability and developer productivity. “These modular setups create a lot of repositories that comprise the whole application. That also introduces repetition across the repositories.”

While necessary for extensibility and scalability, using linked microservices can be challenging to manage.

Developers often copy existing configurations to tie into these libraries and repositories, regularly taking the last release and mining it for relevant settings before getting to work on the new release. In addition to being tedious, this process can result in subtle changes that might introduce incompatibilities over time.

Using Microsoft Azure DevOps allows Microsoft Digital to merge pipelines (a series of steps needed for delivery) into templates for rapid development, with all the tedious foundational code and testing requirements already in place.

This is core to CI/CD for Microsoft Azure Digital Twins. Once in the hands of developers, these templates can evolve into new projects. Commonalities can be used to build out core services, packages, and downstream microservices needed for Microsoft Azure Digital Twins experiences.

Iterative by nature

CI/CD does more than enable rapid development.

“Our templates allow you to have a global model or to use ring deployments,” Bir says. “We don’t need separate templates to maintain an iterative development environment.”

With CI/CD for Microsoft Azure Digital Twins, developers can work on features independently, testing and deploying them in stages to introduce gradual improvements.

Microsoft Digital can deploy directly into a testing ring where the package or service is automatically inspected for bugs before being elevated into the next ring, a production environment. This ensures a level of quality and consistency across every deployment, but also removes manual testing from the equation. Now, developers can quickly and easily check that a deployment is fully integrated with models before being released.

It also allows the templates to be used in specific environments, like development and production regions where smart buildings might have different needs or requirements, all while enabling extensibility.

With so many different repositories, testing for incompatibilities can become difficult. Fortunately, the team’s structured approach addressed that. By utilizing a single project, or common pipeline, Microsoft Digital can maintain templates for common CI/CD scenarios used by all repositories.

“The common pipeline uses itself to run tests,” Bir says. “We then use Azure DevOps to tag that for iterative deployment by consuming repositories.”

To maintain a healthy and productive iterative development environment, Microsoft Digital auto-deploys to a testing environment. As the test is defined, it establishes requirements to move and elevate the build into production. This gate prevents incompatibilities from reaching a smart building experience.

We had some templates for static code analysis, but we took it to the next level. Before this, we would have to go back to a previous repository that we thought was good, copy and paste it, change the variables for it to make sense, and then tweak some optional things. Now it’s all handled by the template. It’s very flexible.

—Michael Bir, senior software engineer, Microsoft Digital

The iterative agility of CI/CD means that if Microsoft Digital does need to introduce a change, say to adjust for compliance, the organization can orchestrate everything from Microsoft Azure DevOps and then push it out to all repositories. The next time a project deploys, it grabs the updated template.

In centralizing the way projects are updated and published, Microsoft Digital no longer needs to retest and rebuild features for different repositories.

A smart way to build experiences

Teams across Microsoft can now deploy stable and extensible Microsoft Azure Digital Twins experiences at scale.

“We had some templates for static code analysis, but we took it to the next level,” Bir says. “Before this, we would have to go back to a previous repository that we thought was good, copy and paste it, change the variables for it to make sense, and then tweak some optional things. Now it’s all handled by the template. It’s very flexible.”

The structured approach also makes it easy to add members to the team. Instead of pointing users to old releases, the team only has to share the template. It’s already the latest version, and the new user only has to plug in a few variables.

CI/CD for Microsoft Azure Digital Twins has simplified the way Microsoft Digital can approach a build, eliminating lengthy coding and testing tasks while empowering extensible solutions to flourish at scale. Common pipelines and templates can be used to manage and accelerate the features needed to supercharge Microsoft Azure Digital Twins and the models needed to power smart building experiences.

Microsoft Digital will continue to find ways to add value, giving developers certain resources and permissions to test, similar to how Microsoft Azure uses Azure Resource Management templates. As more common pipelines are built into the template, developers will be able to do more faster, without having to take on additional management responsibilities.

“I want a smart building UI,” Getty says. “I don’t want to worry about building code and running tests or which instance to talk to. I want to run code efficiently for how an Azure Digital Twins model has been set up. Now we have something to tie it all together and pass on that value so others can focus on what they need to.”

• Simplify. You don’t need to engage with every lever available; leave enough options available to stay agile.
• If you decide to use CI/CD, version correctly. All pipelines referencing a main branch will be affected by changes, but tags allow developers to share changes and bring them in as needed.
• Microsoft Azure DevOps and YAML enable Microsoft Digital to deploy smart building experiences at scale by simplifying and reusing common pipelines.
• Always leave something extensible. Open parameters to run testing or change a component. Leaving flexibility via parameters gives you as many options as possible.
• Going all-in on CI/CD means that some unique things won’t fit. If you’re open, orchestration becomes extensible. When you have an outlier, adopt the pattern first; this new functionality can be given to other repositories by default.

• Learn how multi-stage pipelines and YAML are used for continuous delivery in Microsoft Azure DevOps.
• Discover the different Microsoft Azure DevOps template types and their usage.
• Gain insights into how Microsoft Azure DevOps enforces security through templates.
• Discover how Microsoft is creating the digital workplace.
• Learn how Microsoft uses Azure Digital Twins and IoT to modernize Microsoft buildings.

The post How Microsoft is delivering smart building experiences with CI/CD for Azure Digital Twins appeared first on Inside Track Blog.

Inside a building you have multiple systems to capture data. We wanted a unified platform, but we also wanted to make sure our experiences are universal.

—Emmanuel Daniel, director of digital transformation and smart buildings, Global Workplace Services

IoT device signals are transformed into services, which light up productivity, wellness, and other solutions for employees and visitors in Microsoft’s smart buildings.

But information from different IoT devices is distinct and lands in several places. No two suppliers expose or integrate information the same way, making it a complex environment to manage and work with.

“Inside a building you have multiple systems to capture data,” says Emmanuel Daniel, a director of digital transformation and smart buildings with Global Workplace Services, the organization responsible for creating world-class experiences across Microsoft’s buildings and spaces. “We wanted a unified platform, but we also wanted to make sure our experiences are universal.”

Replicating IoT-driven experiences across any building in the 110 countries and regions where Microsoft has a presence was a priority.

Thankfully, new seamless architecture gives Microsoft a stable and uniform platform to work from. Designed by Microsoft Digital and Global Workplace Services, the Digital Integration Platform is an abstraction layer that gives Microsoft a simple interface to expose IoT insights in a consistent way.

Supported by Microsoft products like Azure Digital Twins, Azure Maps, IoT Edge, and Time Series Insights, the company’s enterprise-wide IoT integration platform enables services to capture IoT signals in real-time, enabling employee experiences like wayfinding, hotdesking, and occupancy.

[Find out how Microsoft is creating a digital workspace. Learn how Microsoft is reinventing the employee experience.]

How smart buildings create cool experiences

IoT devices help Microsoft connect sensor data to real-world benefits. Each signal is an opportunity to create a digitally transformed workplace.

“My focus has always been to address employee challenges in the most graceful way,” says Sonaly Choudary, a senior program manager with Microsoft Digital’s SmartBuilding Services team. “If an employee needs to find a vacant conference room, we can use a sensor status to recognize that.”

By capturing signals and exposing them as insights, Microsoft Digital can improve productivity. This can manifest as efficiency systems for onsite visitors, such as pathfinding, or intricate system health monitoring that speeds up IoT device management.

The SmartBuilding Services team puts a lot of effort into understanding the specifics of each use case.

But it was also important to recognize and respect how different regions might have different experience requirements.

“Culturally, we’re going to see different expectations depending on which country we’re in,” Daniel says. “We want everyone to have great experiences without feeling like there’s an invasion of their norms.”

In addition to standardizing IoT signals from disparate devices so that Global Workplace Services can replicate services, the Digital Integration Platform allows the team to shape experiences to the needs of any environment.

Once there’s a clear picture of how to create positive impact with an IoT device, Microsoft can render the experience.

“When you know a pain point, you can start building a solution,” Choudary says. “From there, you can start working with suppliers to understand which solutions solve the problem.”

One platform to manage them all

If 40 sensors are used to create 40 different experiences, should you go to 40 different systems? Of course not, you go to one.

But IoT device integration wasn’t always so easy.

“What could happen in the past is that a building might have certain device vendors with their own software and unique ways of exposing data, and a different building would have a completely different set of suppliers,” says Rohun Patel, a program manager on the Microsoft Digital device management team. “Not only does this cause different features across locations, but it also fragments the experiences. You can’t use one company’s hardware with another’s software, so different buildings would have to use different employee apps.”

Some suppliers use APIs, others require Microsoft to ping for the data, while others might push data when a sensor is triggered.

“We’ve created a set of integration patterns that can talk to whatever hardware we’re trying to outfit campuses with and onboard that data into the Digital Integration Platform,” Patel says. “Our patterns can use webhooks, MQTT protocol, consume from EventHubs, or communicate through APIs. That’s how we can power our experiences consistently even when different campuses buy different devices that behave a little differently.”

By making integrations with IoT devices smoother, employee experiences become consistent. Bringing signals into the Digital Integration Platform allows Microsoft Digital and Global Workplace Services to expose insights in a standard way, regardless of the device supplier.

Keeping pace with the future

Construction of a Microsoft smart building can take up to three years, and the lifecycle extends for even longer, so the company has to plan IoT device integration and experiences for the long run.

“We continue to add to our global real estate portfolio and refresh cycles are ongoing,” Shanmugam says. “Users always expect something new, but it takes time and onboarding is critical. There are unknowns.”

At the end of the day, we’re still reliant on suppliers to expose data in a way that we can consume. In many cases, we are working with suppliers that are exposing data at this scale for the first time, which presents a lot of challenges to deliver integrations in a predictable and schedulable way.

—Rohun Patel, program manager, Microsoft Digital

Sometimes it takes several months before an experience becomes a reality, and even then, it carries some uncertainty. Until the IoT device is onboarded and tested, Global Workplace Services and Microsoft Digital have limited time to play around with an experience in the real world.

“Employees will use it because they love it or they’ll leave it alone,” Choudary says.

Even with the Digital Integration Platform, IoT device integration still has its challenges.

“At the end of the day, we’re still reliant on suppliers to expose data in a way that we can consume,” Patel says. “In many cases, we are working with suppliers that are exposing data at this scale for the first time, which presents a lot of challenges to deliver integrations in a predictable and schedulable way.”

And of course, security, governance, privacy, and device health are also top of mind for managing IoT devices.

“We can now be mindful of data privacy issues,” Daniel says. “Users will only trust these services if we are respectful and governed appropriately. Data is centralized in the Digital Integration Platform—it serves as the secure backbone for data extraction.”

Cool experiences start with collaboration

Microsoft’s smart building experiences need to operate at scale, but the Digital Integration Platform allows Microsoft Digital and Global Workplace Services to replicate and fine-tune experiences across the globe.

“The unique challenge has been effectively digitizing the environment,” Daniel says. “Working with Microsoft Digital has allowed us to correlate data to device to space.”

Because of Microsoft’s large and diverse portfolio of global real estate, the two organizations will continue to collaborate on finding improvements.

“We want to work towards automation and make systems self-serve,” Shanmugam says. “An experience in a box, packaged as smart plug and play that just starts working when they’re plugged in.”

Microsoft Digital is currently working on helping the industry build seamless systems that can be shipped anywhere, allowing Microsoft to grow its IoT-driven experiences without complicating IoT device deployments.

“We’re constantly trying to standardize and automate how we onboard,” Patel says. “The gold standard for our message format is adopting the RealEstateCore Digital Twins Definition Language (DTDL) models, which declare what the device is and what data it can supply in Azure Digital Twins. As companies continue to adopt this, their devices will be able to speak the same language as many others and align to a data standard that is quickly growing and being deployed at scale.”

This standardization effort not only helps Microsoft, but IoT adoption at large.

“One of the biggest benefits is the ease at which I can onboard a building to offer services,” Daniel says. “Tenants and users will now get fine-tuned experiences to better collaborate in a way that’s best suited for their needs.”

And as new experiences roll out, Microsoft users will reap the benefits of an awesome experience.

“IoT is valuable because you can provide a consistent experience,” Choudary says. “You can get information as to what’s going on inside a building. It’s a consortium of devices, sensors, integration, people, and information.”

• Before you do anything, you need to understand the users and their needs. This should funnel any decisions you make around IoT-based experiences.
• Once you understand the needs, understand what kind of data you need to power these experiences. This will inform what kind of devices are needed to power services.
• Industry standardization will make integration easier. Until then, having a platform to serve as a broker between devices will allow you to expose insights consistently.
• Not every experience needs to be big or complex; start small and always focus on solving a specific user problem.

• Find out how Microsoft is creating a digital workspace.
• Learn how Microsoft is reinventing the employee experience.

The post New approach to IoT device integration enables employee experience at Microsoft appeared first on Inside Track Blog.

To tackle this challenge head-on, Microsoft engineers in Puget Sound developed the Global Commute Service. The software comes in the form of a web and mobile app and has ever-improving features that streamline the commuting experience for employees.

One of these features is an upgraded user interface (UI) that is visually consistent with other Microsoft workplace applications. The familiar design and layout make the software more readily understandable and usable for employees. Riders are also empowered by the modern mobility platform with a trip-planning function, push notifications, real-time ETAs, and live vehicle map tracking for shuttle and Connector bus services.

Trip planner allows employees to plan for their multimodal trips and take the hassle of planning away. This allows employees to plan their end-to-end trips using Connector or shuttle, or on foot up to two weeks in advance.

At the same time as the UI upgrade, the entire backend of the experience was also updated. The updates gave Microsoft a scalable and extensible system that powers real-time updates and can be deployed globally. These improvements benefit the drivers and operators who manage these transportation services, giving them visibility into route usage, rider traffic, and automated vehicle dispatch.

[Find out what Microsoft is doing to create a digital workplace. Discover how Microsoft is reinventing the employee experience for a hybrid world.]

Switching up routes to deliver a new experience

For a long time, the booking platform known to the Puget Sound campus as MERGE (Manage Explore Reserve Go Anywhere) served as the main method for riders to get a seat on one of Microsoft’s buses or shuttles. It was the go-to for reserving a ride on a Connector shuttle, the fixed route shuttles that run on a loop around campus, and the on-demand shuttles that move people between offices.

The legacy booking platform served Puget Sound well but had a different interface than other services available to Microsoft employees, making for an inconsistent user experience. To further complicate matters, MERGE was closely tied to the local transportation services found exclusively in Puget Sound, meaning the app could not be easily replicated to other Microsoft campuses. It was also difficult to extract important and accurate data from the transportation system for operational insights.

The first thing we think about is the rider experience. We start with the physical world, the environment that we live and work in, then we think about the digital world. We want to deliver an experience that is centered around ease, flexibility, and choice.

—Esther Christoffersen, senior services manager, Real Estate and Facilities

All of this added up to one key takeaway—it was time to transform Merge into Global Commute Service, a new mobility experience that offers a consistent interface, modern features, scalability, and visibility.

Two teams worked in tandem to help upgrade transportation systems: Microsoft Digital Employee Experience, the organization that powers, protects, and transforms the company, and Microsoft’s real estate team who are responsible for managing and operating the company’s global facilities and services.

“The first thing we think about is the rider experience,” says Esther Christoffersen, a senior services manager with Real Estate and Facilities. “We start with the physical world, the environment that we live and work in, then we think about the digital world. We want to deliver an experience that is centered around ease, flexibility, and choice.”

The team knew that building a strong bridge between the physical and digital would empower riders with an improved transportation experience.

“We had to think about what really matters,” says Garima Gaurav, a senior product manager with Microsoft Digital Employee Experience. “That meant building something modern, real-time, and fast for riders. But we also wanted operational agility for the Real Estate and Facilities team.”

Improving mobility at Microsoft

The two organizations started brainstorming new rider experiences in 2019, but a few months into the project, the Puget Sound campus shifted to primarily remote with only essential employees working onsite.

“This was an opportunity to pause and really dive into the feedback to see what we could do better,” Christoffersen says.

We built a service that is robust, reliable, and scalable.

—Ram Kuppaswamy, principal software engineering manager, Microsoft Digital Employee Experience

With campus services pausing, Microsoft could disassemble the front-end (the web and app interface riders engage with) and the back-end (the operational workhorses that manage transportation services) without creating disruption.

Work started by decoupling Global Commute Service from the Puget Sound’s established back end. This allowed Microsoft’s new service to integrate with any transportation system. If, for example, a campus uses a new transportation system, Global Commute Service will connect seamlessly, offering riders a consistent experience no matter which Microsoft campus they were on.

“We built a service that is robust, reliable, and scalable,” says Ram Kuppaswamy, a principal software engineering manager with Microsoft Digital Employee Experience. “Now we can launch similar experiences for the rest of Microsoft’s campuses globally.”

Vehicles used to be dispatched manually. By selecting this partner, technology is driving everything from booking, managing dispatch, and assigning vehicles. It has also empowered us to provide features like real-time updates and communications with drivers. We can do it now.

— Garima Gaurav, a senior product manager with Microsoft Digital Employee Experience

Having separated the booking interface, Microsoft could transform the back-end management of its transportation system. This would give much needed visibility and ownership of operating data, the kind that enables real-time status updates and introduce new efficiencies, like automated vehicle dispatch and data-driven service scaling.

To get there, Microsoft engaged with a new partner to help introduce these new data-driven optimizations across Puget Sound. Having onboarded the partner into Microsoft Azure, Microsoft now had access to transportation data that was once lacking.

“Vehicles used to be dispatched manually,” Gaurav says. “By selecting this partner, technology is driving everything from booking, managing dispatch, and assigning vehicles. It has also empowered us to provide features like real-time updates and communications with drivers.
We can do it now.”

This data introduced other benefits as well.

“In the past, we didn’t have a common dashboard for operations and engineering,” Kuppaswamy says. “There was no easy way to understand why an error in the system was occurring. We can have consistent understanding now.”

Access to this technology is also giving Microsoft’s transportation service more operational agility. Data can be augmented, and machine learning can be applied for better operational insights.

“We can share this data with our partners to adjust routes, increase or decrease the number of buses we have, and prioritize service and operational adjustments,” Christoffersen says.

Microsoft’s enterprise shuttle simulator

Microsoft was able to get a lot done with the majority of employees working remotely during the height of the pandemic. Unfortunately, it also meant there were few employees on campus to test the new service.

“That was an unexpected part of the lifecycle,” says Jessie Go, an application manager with Real Estate and Facilities. “With the pause in services, we had to do a lot of testing virtually. No one was traveling.”

How a rider books, how long it takes a driver to get to a stop, and how a rider is verified by a driver all needed to be tested for bugs. To ensure it worked in a real usage scenario, the Microsoft Digital Employee Experience’s engineering team worked onsite at the Puget Sound campus to run everything through the steps.

“We followed all the COVID safety protocols,” Kuppaswamy says. “One or two engineers would book a trip with a shuttle. We tested all the major use cases. It’s a new experience for the drivers as well. They got trained for the new technology.”

One trip at a time, Microsoft was able to validate the upgraded transportation experience. When employees came back, they loved the new experience. It was consistent and intuitive.

Booking a seat to a new future

Microsoft has launched a seamless transportation experience for riders.

Whether they want to use the web or a mobile app, riders have a consistent interface akin to other workplace services. Global Commute Service was deployed across Puget Sound’s new kiosks, giving users more options for how they want to schedule transportation.

“We want to provide Microsoft employees the best commute option for reaching any destination between home, office, or any building on campus,” Kuppaswamy says. “The first step was to make the experience consistent.”

We can make almost real-time updates in terms of routes and how often we hit them in our schedules. We weren’t able to do that before. The work we’ve done so far is impactful for scalability and insight.

—Jessie Go, application manager, Real Estate and Facilities

Riders will have access to real-time status updates on their transportation plans. When you’re moving Microsoft’s Puget Sound employee population around, that’s a big deal.

“We have around 55,000 employees or more in Puget Sound. We run a small city,” Christoffersen says. “Everything is organized; nothing is ambiguous. I can now see a shuttle on a map that’s moving in my direction. That creates a sense of confidence that reduces the stress of getting from point A to point B.”

Data visibility gives Microsoft the operational agility that was once lacking, allowing Real Estate and Facilities to give riders an even better transportation experience.

“We can make almost real-time updates in terms of routes and how often we hit them in our schedules,” Go says. “We weren’t able to do that before. The work we’ve done so far is impactful for scalability and insight.”

Now that modern transportation experiences exist for Microsoft’s campuses, the teams are thinking about how to further empower riders.

“The next big step is to combine every type of commute option, to provide a more holistic trip plan—be it the Microsoft offered transport options, driving, walking, or public transport” Gaurav says. “There are so many ways to move around campus. How can we support that? What’s the total length of time for walking, biking, or even using public transportation? Let’s give employees options so that they can decide the best way to get around.”

• Meet riders where they are: mobile, desktop, or kiosk. The new transportation experience can be accessed in a variety of ways.
• Testing at various stages of development is critical though difficult due to the offices being closed down.
• Employees expect modern transportation experiences to be like what they see when booking a cab or some other mode of travel.
• Digitally transforming a real-world service starts with the physical experience. Finding that intersection between physical and digital creates outcomes for users.
• Ease, flexibility, and choice—those are three priorities for creating a better employee experience.

• Find out what Microsoft is doing to create a digital workplace.
• Discover how Microsoft is reinventing the employee experience for a hybrid world.

The post Microsoft’s upgraded transportation experience arrives in Puget Sound appeared first on Inside Track Blog.

Sometimes you outgrow the capabilities of a well-loved tool—that’s exactly what happened to Microsoft and its on-premises Security Information Event Management (SIEM) system. Thanks to a timely assist from Microsoft Sentinel, the company hasn’t missed a beat.

Our old SIEM capped out at 10 billion events daily. We had already begun to leverage other solutions to keep increasing our security monitoring coverage.

– Mei Lau, principal PM manager, Microsoft Security

As an enterprise, Microsoft’s footprint is massive. The company sees a lot of malicious traffic, which results in more than 20 billion cybersecurity events per day. This massive wave of noise was hard to sort through to find real threats—until the company’s internal security team turned to Microsoft Sentinel, which, thanks to the cloud and AI, has the power to keep up with that volume.

“Our old SIEM capped out at 10 billion events daily,” says Mei Lau, principal PM manager for Microsoft Security, the organization that powers, protects, and transforms Microsoft. Lau is responsible for leading the migration of Microsoft’s legacy SIEM to the cloud-based Microsoft Sentinel. “We had already begun to leverage other solutions to keep increasing our security monitoring coverage.”

Because running out of capacity could lead to a worst-case scenario, Lau’s team works with the Microsoft Sentinel product group to test and pilot the new security monitoring system, which includes several time-saving and modern solutions that empower security analysts to connect to and query datasets quickly and easily.

“Ingesting data into our legacy SIEM took hours,” Lau says. “In Microsoft Sentinel, it takes around 10 minutes, which is 18 times faster.”

Now, they have deployed the cloud-based version of SIEM throughout Microsoft’s internal Security Operation Centers (SOC). In partnering with Microsoft Security, which provides enterprise IT capabilities across Microsoft (including security), the Microsoft Sentinel team introduced several time-saving and modern solutions that empower security analysts to connect and query datasets quickly and easily. Best of all, they’re using the power of cloud computing at scale.

[Discover how Microsoft protects its network with Zero Trust. Find out how Microsoft uses elevated-privilege accounts for security.]

For a transcript, please view the video on YouTube: https://www.youtube.com/watch?v=dtyDMjMvN98, select the “More actions” button (three dots icon) below the video, and then select “Show transcript.”

Getting it right with the right partners

The Microsoft Sentinel product team tapped the expertise of the company’s internal security team in Microsoft Security for insights about how to improve the product. Their input helped shape Microsoft Sentinel into a SIEM that dramatically improved how efficiently it responds to threats.

If we can help them be successful, we’re also helping our large customers, who often have the same challenges, requirements, and needs.

– Laura Machado de Wright, principal PM manager, Microsoft Sentinel product team

“Microsoft Sentinel uses all the automation and scalability capabilities available in the Azure platform,” Lau says.

Microsoft Security’s engagement with the Microsoft Sentinel team addressed two sets of needs at once.

“They get the benefits of Microsoft Sentinel for incident response, but we get the benefit as the product team of working with customers, like our own internal digital security team,” says Laura Machado de Wright, a principal PM manager on the Microsoft Sentinel product team. “If we can help them be successful, we’re also helping our large customers, who often have the same challenges, requirements, and needs.”

The collaboration meant the product team could identify what enterprise-scale customers were looking for at a faster rate.

“We can work closely and iterate more rapidly with internal teams,” Machado de Wright says. “We can get their requirements and feedback before moving into formal previews with external customers.”

These early interactions allowed the product team to work through a few nuances that could have disrupted users. In an early version of Microsoft Sentinel, for example, some of Microsoft Security’s security analysts noticed that they were getting a lot of long notifications.

“When you start testing, you realize you need certain capabilities,” Lau says. “We were able to point out the business impact of noisy alerts that are too long.”

In response, the product team introduced suppression and aggregation support to avoid alert fatigue, reducing the amount of noise generated by Microsoft Sentinel.

“Now we have a better product that meets our needs at an enterprise level,” Lau says.

Always a group effort

One objective of Microsoft Security is to unify security operations teams onto a single SIEM—Microsoft Sentinel. “Depending on the scope, there are different teams responsible for protecting Microsoft,” Machado de Wright says. “There are some common solutions between them, but many security operations teams built their own solutions or relied on third-party solutions to manage security events. With Microsoft Sentinel, we think there’s an opportunity for them to be the first and best customers of Microsoft.”

With Microsoft Sentinel, it’s easier for SOCs to develop a tactical and coordinated response to security threats and incidents.

“Even though they might look at different pieces of the puzzle, data from different internal teams can be brought into Microsoft Sentinel and create detections,” Machado de Wright says. “Then, automation can assign it to the right group.”

These multiple sources can be connected for rich, multifactor detections.

“Multifactor allows us to grab from multiple sources and compare them together,” Lau says. “We can see if someone is attacking us in several different ways. Between detection and hunt, it’s very simple to track down what’s happening.”

Unifying security operations teams onto the Microsoft Sentinel platform also allowed the company’s internal security team in Microsoft Security to align on a deployment strategy.

“It was great to work with other SOCs within Microsoft,” Lau says. “We have the shared goal of protecting the entire enterprise, which enabled us to identify key requirements for parity to retire the legacy SIEM.”

Steps had already been taken to retire the legacy SIEM, so deploying Microsoft Sentinel in a timely manner was critical.

To move to Microsoft Sentinel, the product team needed to verify that equivalent features and capabilities were live in the new security environment. Making sure the various teams’ needs were aligned helped ensure that.

“Some of these teams had fairly mature monitoring systems,” Machado de Wright says. “We had to work on prioritization and work closely to understand their scenarios to meet the requirements of their timeline.”

Faster, together

To build new detection systems, you need connected data sources. But first, you have to find each source and connect it to your analytics engine.

“Before, you had to understand how the data was structured and then build software to connect to your events management system,” Lau says. “Microsoft Sentinel’s broad ecosystem allows many out-of-the-box data connectors to be connected up to 18 times faster.”

This is one of the major ways Microsoft Sentinel accelerates and empowers engineers and analysts.

“Finding access to data can be ponderous across large volumes of data,” Lau says. “When security analysts go in and perform open-ended queries to find access to data in the repository, Microsoft Sentinel is extremely fast.”

Now tracking down a new connector or data source in Microsoft Sentinel takes just a few seconds. This free time has allowed the security team in Microsoft Security to reprioritize engineering resources previously dedicated to scaling the infrastructure. Plus, the time-saving automations introduced with Microsoft Sentinel have improved the lives of Microsoft Security’s SOC analysts.

Some of these time savings manifest in how quickly code can be written and deployed.

“It all happens at the speed of pushing code to the cloud,” Lau says. “So, a matter of minutes.”

This streamlined process gives Microsoft Security much better change control, enabling a continuous integration and continuous detection pipeline.

Transforming the future of security

Microsoft Security isn’t the only group benefiting from Microsoft Sentinel.

During development, Microsoft Security and the Microsoft Sentinel product team also solicited input from other enterprise customers. These partners, including a global retailer that experiences more than 9 billion security events per day, helped shape the final product.

“Sometimes we get conflicting feedback from customers,” Machado de Wright says. “We can’t always address it, but we can dive deeper by asking the internal team if they have the same pain point or scenario.”

Thanks to the contributions of Microsoft Security and its partners, the Microsoft Sentinel team has quickly developed and released a product that can handle the scale and security needs of modern enterprises.

“We have access to different personas, like analysts, engineers, managers, and different security operations teams,” Machado de Wright says. “The ability to just sit with them accelerated everything.”

And there’s still more to discover with Microsoft Sentinel.

For example, with new ways to engage and interact with connected datasets, Microsoft Security is now using machine learning with the new tool. “We are moving some of our most complex detections into Microsoft Sentinel,” Lau says.

For enterprise customers like Microsoft who already have the Microsoft Azure stack, using cloud-based security tools made a lot of sense.

“We’re already using Azure,” Lau says. “Now we have a better product that meets our security needs at an enterprise level. Our security operations teams don’t need to leave Microsoft Sentinel. They can query different Azure Data Explorer clusters and other workspaces with permission. It’s a single pane of glass to complete an investigation.”

• Discover how Microsoft protects its network with Zero Trust.
• Find out how Microsoft uses elevated-privilege accounts for security.

The post Boosting Microsoft’s response to cybersecurity attacks with Microsoft Sentinel appeared first on Inside Track Blog.

Attackers are more focused and targeted, they’re on a mission. It’s not a phishing email that spreads out to a bunch of random addresses and hopes someone clicks. That only nets you random targets. Human-operated ransomware aims for an enterprise and tries for big returns.

—Henry Duncan, senior security program manager, Digital Security and Resilience

As we discussed in our previous ransomware post, REP was purpose-built atop the philosophy of the philosophy of Zero Trust to give Microsoft a way to centralize defense, recovery, and resilience against ever changing cyberthreats. Core to the program is the ransomware playbook, our internal guide to ensure teams across the company take the right action to respond, recover, and remediate in the event of an attack. Adherence to the playbook limits the opportunity for attacks and minimizes the potential reward that criminals seek.

“Attackers are more focused and targeted, they’re on a mission,” says Henry Duncan, a senior security program manager on REP, part of DSR, the team responsible with protecting our enterprise so that we can deliver and operate secure products and services to our customers. “It’s not a phishing email that spreads out to a bunch of random addresses and hopes someone clicks. That only nets you random targets. Human-operated ransomware aims for an enterprise and tries for big returns.”

The longer threat actors are active in an environment and can move around, the greater the risk to the target. Each passing moment presents an opportunity to acquire more access to data through compromised accounts, or tamper with security and backup systems—and that means a higher likelihood of data being compromised and a larger ransom demand. Time is of the essence.

[Read blog one in our ransomware series: Sharing how Microsoft protects against ransomware. | Read blog three in our ransomware series: Building an anti-ransomware program at Microsoft focused on an Optimal Ransomware Resiliency State. | Learn more about human-operated ransomware. | Discover how Microsoft’s Zero Trust effort keeps the company secure.]

Writing the book on ransomware

When conceptualizing what it wanted the playbook to achieve, the REP team knew it needed to facilitate excellence in operational response readiness, have the flexibility and scope to address cyberattacks of any scale, and to align response processes across the company.

“We needed the playbook to articulate and visualize what everyone’s role in a process is,” Duncan says. “It’s not just a security thing; we have to get other teams involved, like legal, finance, and enterprise business continuity.”

Engaging with stakeholders from those organizations allowed the REP team to better understand the different methods used across the company to triage, contain, and escalate events. Such conversations and interviews were a vital learning opportunity, and when combined with industry and internal best practices, illuminated gaps and weaknesses and generated ideas to bridge them. Collaborative cross-team dialogue shaped the framework the team used to develop key processes, including what is used to recover critical services.

With this information synthesized, the REP team began structuring the ransomware playbook around addressing these four key questions:

• How prepared are we for a cyber event?
• What controls are in place to detect and identify malicious activity in our environment?
• What is the appropriate response from various teams to contain and recover from threats?
• How should a post-incident and root-cause analysis be performed?

The resulting document provides a unified and holistic response to cyberthreats for the company to use.

Walking the walk

“For a playbook to work, you need to test,” Duncan says. “It’s easy to think you’ve captured everything on the page, but we need to see what happens in practice.”

Performing simulations for a variety of scenarios demonstrated what might happen if an attack were to occur at Microsoft.

It’s hard to measure the significance and when to escalate events; are we talking about a handful of machines or a large critical system? Now we have processes to have a consistent plan for triaging and triggering events.

—Henry Duncan, senior security program manager, Digital Security and Resilience

Security professionals and stakeholders were put to the test. Detection and prevention systems were put through the wringer. Backup and restore functions were reviewed, ensuring the resiliency and recovery precautions needed to circumvent the leverage of cybercriminals were in place.

Not only did these live drills verify steps within the ransomware playbook, they also allowed the REP team to gather additional feedback, including ways to better categorize and triage ransomware.

“It’s hard to measure the significance and when to escalate events; are we talking about a handful of machines or a large critical system?” Duncan says. “Now we have processes to have a consistent plan for triaging and triggering events.”

Because ransomware continues to change, so must Microsoft’s response. The playbook is a living document, updated with regular reviews of testing and stakeholder engagement, enabling it to stay current with the quickly changing tactics of threat actors.

The benefits of playing it by the book

While the primary function of the ransomware playbook is to ensure Security Operation Centers (SOCs) and engineering teams across Microsoft have a documented process for responding to and recovering from ransomware, the playbook’s design has additional built-in benefits.

For instance, its detail clearly outlines who is responsible for what, creates visibility at the appropriate time, and clarifies escalation. The right process owners get the right information at the right time.

“You need visibility into how an event surfaces,” Duncan says. “Now we have a predictable mechanism to trigger incident response. Those definitions bring leadership into appropriate major events.”

In practice, Duncan and the REP team found the playbook to be a useful tool for continuous improvement. Regularly run internal tabletop exercises help DSR and the REP team measure Microsoft’s ability to effectively respond to specific types of attacks. Simulations and tests provide vital opportunities to expose issues, refine internal processes, and close the gap in eliminating ransomware. In using the playbook, Microsoft isn’t just more prepared against ransomware, but against security attacks in general.

This also happens to make the ransomware playbook a valuable training tool. Its adoption across the company is essential to a successful and holistic response to an attack. With training, the knowledge of roles and responsibilities, combined with muscle memory of the right actions to take ensures those involved are ready when put on the spot.

“We’ve also found that teams love the playbook as an onboarding tool,” Duncan says. “Anyone who joins Microsoft can know what the expectations are and loop that into their training. They’ll know how they fit into the ransomware equation.”

There’s a plan in place

Having the Ransomware Elimination Program along with the playbook gives teams across the company more visibility into the importance of ransomware. Microsoft now has a platform to share knowledge across organizations and centralize efforts to reduce the opportunity and reward for cybercriminals.

Human-operated ransomware is a full-time job for cybercriminals. None of us are perfect but being aware, having the right technology in place, and putting a plan in place reduces the likelihood and impact of an attack on the environment.

—Henry Duncan, senior security program manager, Digital Security and Resilience

“We can champion how people protect the environment while also involving them to improve response procedures,” Duncan says. “REP is the frontline of what an optimal ransomware resilience state should look like. That’s going to happen by working with different teams throughout Microsoft to research and understand the greatest risks.”

With a playbook at hand, there’s more confidence than ever that Microsoft’s people are prepared to detect and respond appropriately to malicious activity. The structure provided by REP and its playbook empowers Microsoft to capture important insights about its own resiliency, helping to drive future improvements. That’s critical, especially as ransomware continues to evolve.

“Human-operated ransomware is a full-time job for cybercriminals,” Duncan says. “None of us are perfect but being aware, having the right technology in place, and putting a plan in place reduces the likelihood and impact of an attack on the environment.”

While the ransomware playbook is internal to Microsoft, the REP team is investigating the best way to share its learnings so others can build their own.

• The ransomware playbook serves as a single source of truth for detecting, responding, and recovering to ransomware. It helps identify the strategy and preparation approach for resiliency
• Leverage your existing resources; you don’t have to start from scratch when developing a ransomware playbook
• Invite stakeholders to participate in the development of your ransomware playbook. It will create a more comprehensive and inclusive document, and will improve adoption
• Clarity of documentation is essential. Be sure to define expectations, roles, and responsibilities. Create diagrams and process flows whenever possible

• Read blog one in our ransomware series: Sharing how Microsoft protects against ransomware.
• Read blog three in our ransomware series: Building an anti-ransomware program at Microsoft focused on an Optimal Ransomware Resiliency State.
• Learn more about human-operated ransomware.
• Discover how Microsoft’s Zero Trust effort keeps the company secure.

The post Why Microsoft uses a playbook to guard against ransomware appeared first on Inside Track Blog.

Search is part of our everyday life. It’s useful—we all know that—but how can you quantify that impact?

That was the challenge faced by Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital. “There’s an obvious value, we can see that by the existence of Bing,” Willingham says. “But how do you put it in numbers?”

Lots of searches happen in a company, but when asked to demonstrate the business impact as part of justifying more investment, Willingham had an epiphany. He could use telemetry to make the argument for him.

Click the image to learn how Microsoft is using Microsoft Search internally to dramatically improve the finding experience for company employees.

Microsoft Search is unifying search for Microsoft 365 customers across Microsoft Outlook, Microsoft 365 apps on Windows, Microsoft OneDrive for Business, Microsoft SharePoint, and Microsoft Bing. More specifically, the Microsoft Search team strives to bring complete, company-wide results to each individual, no matter where they’re searching from. No longer should they need to search in separate products to ensure that they search all possible content.

Internally at Microsoft, this shift is proving to be very powerful.

“Employees no longer need to change platforms to get the results they’re looking for,” Willingham says. “They do a single search and get all the results they need.”

Within the company, Microsoft Digital manages the internal deployment of search across the company. “The purpose of active search administration is to deliver the most complete search results, with good relevancy and good quality,” Willingham says. “These improvements to search are helping us do that.”

One crucial way that Willingham and his team help deliver better search results is through corporate bookmarks that allow internal teams like Corporate Communications and Human Resources to select the top results employees get when they search specific sets of keywords.

These bookmarks aren’t the kind used to save your favorite sites—they’re curated results that search administrators can use to point people to content located someplace that can’t be indexed. They highlight authoritative sources of content, and ensure popular content is accessible.

Bookmarks boost employee productivity because they get employees the right results very quickly.

Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital

And they’re fast.

“Bookmarks boost employee productivity because they get employees the right results very quickly,” Willingham says.

The business value of search

Including telemetry in the overall improvements to internal corporate searching—a feature built into Microsoft Enterprise SharePoint—allowed Willingham and his team to measure how much time employees spend on a search.

And what story is the data telling?

“We found that bookmarks net a direct benefit of 6,250 hours a month and 17,160 hours in indirect benefits,” Willingham says. “Combined, 23,410 hours of benefits are being realized each month.”

How did Willingham come to these numbers?

“Forty-five percent of all searches click on a bookmark,” Willingham says. That percentage is across the 1.6 million monthly searches that take place internally at Microsoft within Microsoft Bing and Microsoft SharePoint Enterprise Search.

Scaled to an enterprise level, the business value of bookmarks quickly became apparent.

“Conservatively, our basic measurement of search success was yielding results of 60 seconds per search using a bookmark versus an average of 115 seconds across all searches,” Willingham says. “That’s one whole minute of productivity re-captured for every bookmark-backed search.”

Multiplied across Microsoft’s population and search usage, that one minute of search time netted 6,250 hours a month in productivity. But it’s not just time gained from quick search results, it’s also about getting the right answers.

There’s a measurement based on telemetry of whether a search succeeded or failed to find useful content. Using that metric, Willingham found that a person who uses a bookmark appears to be successful 98 percent of the time. By contrast, searches without a bookmark average 72 percent for the same calculation.

“The absolute calculation [of search success] is kind of meaningless; what’s important is that it moved by a significant margin,” Willingham says. “It suggests that with bookmarks, more people find the content they need faster.”

In direct benefits, you’re gaining 6,000 hours at the cost of 300. When you include indirect, you can triple that. The return on investment is 2,000 percent, and that’s using conservative estimates.

Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital

Faster is a direct productivity gain. Getting the right content to the right person at the right time is an indirect benefit. But the biggest insight is that delivering these benefits only requires investing less than 300 hours per month, spread across several staff.

“In direct benefits, you’re gaining 6,000 hours at the cost of 300. When you include indirect, you can triple that,” Willingham says. “The return on investment is 2,000 percent, and that’s using conservative estimates.”

How Microsoft uses bookmarks

With new practices in hand and telemetry to chart impact, Willingham and his team set out to optimize using bookmarks in search.

“Over the course of three years, we took the volume of bookmarks from around 1,100 to a peak of 1,800,” he says. “We’re currently sitting at around 1,200.”

Bookmarks were already being used before Microsoft Search was rolled out.

“We didn’t do anything revolutionary, we just opened up the guidelines so that more bookmarks could be added when appropriate,” Willingham says. “We then tuned them based on actual usage so that only those being used were kept.”

The technology for bookmarks had previously been part of Microsoft SharePoint and Microsoft OneDrive, made visible in the employee portal for Microsoft SharePoint Enterprise, MSW. Bookmarks had a set of configuration rules and standards for what could and couldn’t be a bookmark, but that’s it.

Librarians from the Microsoft Library Services team create and manage the company’s search bookmarks.

“It’s a multifaceted role,” says Beck Keller, also a member of the Microsoft Digital Enterprise Search team. “My responsibilities as a librarian at the Microsoft Library are far broader—bookmarks are just a small part of my job. This doesn’t take up my entire work week.”

What does she do for search administration?

Every month, Keller pulls search query metrics and analyzes them for areas of interest that currently lack a bookmark or good naturalized results. From this analysis, Keller can update the enterprise bookmarks across Microsoft.

“Sometimes this means removing or changing bookmarks that don’t currently meet our standards,” Keller says. “I also review proposed bookmarks and offer guidance to Microsoft teams looking to create bookmarks for their own sites, outside of Enterprise Search.”

This is the administrative work Willingham is talking about—bookmarks can be added, removed, or updated with ease. But the impact can be bigger than recapturing lost productivity.

“A year ago, there were no searches for COVID-19,” Willingham says. “We now get hundreds and thousands of searches a month. We went from zero to around 200 [between October and February]. There was no way to surface relevant results about COVID-19 because there were so few of them.”

But this was the trait the administrative search team was looking for—how to get better and proactive insights on Microsoft Search. Informed by current events, the team sought to anticipate which results users would be looking for.

“We asked if there should be a bookmark for the right COVID-19 link,” Keller says.

Willingham and Keller reached out to Corporate Communications about where to direct Microsoft users searching for information on COVID-19. That team was putting together a landing page for employees dedicated to content on the topic, including a FAQ. The bookmark was quickly built and deployed.

This was February 2020.

“The next month, the volume of searches for COVID-19 went up 40-fold,” Willingham says. “Maybe users would have found the info on their own, but as search volume was growing, 8,000 times a month they would nearly always find what they were looking for quickly, thanks to the bookmark.”

That’s the main goal of a search administrator.

Bright future for bookmarks

So, what’s next for Microsoft Search and bookmarks?

“More telemetry,” Willingham says. “The custom telemetry that we created is something any customer can do. It’s a capability within SharePoint.”

Having even more metrics will also help to further quantify Willingham’s findings.

“We erred on the low side for our productivity numbers, but it shows what’s possible for a medium or large company.”

Both Willingham and Keller are excited to see others adopt bookmarks as a way of improving Microsoft Search.

“Bookmarks are easy to put in,” Keller says. “The owner of the content tells us what the URL is, and some basic info such as a preliminary title and description. We figure out the appropriate keywords, update the basic info where needed, and then say ‘Go.’”

It all adds up to a better experience for employees when they need to go looking for something.

“The same tools we use to optimize bookmarks are available to everyone,” Willingham says. “That’s why they’re so useful for productivity. When combined with telemetry, you can really gain some unexpected insights into the productivity of your organization.”

• Read this guide on how to create and manage bookmarks at your company.
• Getting to ‘search completeness’ internally at Microsoft.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Internal search bookmarks boost productivity at Microsoft appeared first on Inside Track Blog.

I like to think about how to make expenses less expensive. We were seeing employees spending 15-20 minutes for a simple expense. Can we automate it or give them a better experience?

—Amruta Anawalikar, senior program manager, Microsoft Commerce Financial Services

“I like to think about how to make expenses less expensive,” says Amruta Anawalikar, a senior program manager for Microsoft Commerce Financial Services (CFS), the team responsible for expenses in Finance Engineering. “We were seeing employees spending 15-20 minutes for a simple expense. Can we automate it or give them a better experience?”

Whether it be travel for business, a working lunch, or supplies for a home office, employees everywhere are familiar with the process of saving the receipt, filling out an expense sheet, and then filing for reimbursement. Depending on how many items a user must sort through, this small-but-necessary piece of housekeeping can take up significant time.

In rolling out the new OneExpense architecture, Microsoft gains access to automation and flexibility to implement future capabilities in a cloud-based environment that’s supported by Microsoft Dynamics 365 and Microsoft Azure.

[Check out how automating expense reporting at Microsoft boosts the company’s employee experience. Learn how Microsoft is transforming its corporate expense tools with Microsoft Azure and Microsoft Dynamics 365. Discover how Microsoft is creating efficiencies in finance with Dynamics 365 and machine learning. Learn how Microsoft migrated critical financial systems to Microsoft Azure.]

Making it easier to do more

“When we think about Microsoft’s mission to empower end users to achieve more, that applies to internal customers as well,” says Ashley Park, a program manager with Microsoft Financial Operations.

MyExpense, the new expense app that runs on the OneExpense architecture, was developed with that principle in mind. Previously, Microsoft employees relied on a legacy on-premises system to manage expenses. This limited what users could do with the environment and meant that filing was a manual process.

Built on Microsoft Dynamics 365 Project Operations and leveraging Microsoft Azure services, MyExpense is a modern cloud platform with the ability to introduce automated expense reporting through OneExpense.

When an employee swipes a corporate card, OneExpense will identify which expense category it falls under—travel, home office, or meals, for example—then proactively sends an email a week later asking the employee to confirm.

From there, users can make micro-changes without having to go into the tool. If there are no changes, the user can submit the expense report, which is automatically delivered to the appropriate destination for approval.

It’s a better experience for everyone, which should see users spending less time on manual documentation.

“We want to go from 600,000 hours per year spent on expenses to 300,000,” Park says.

And CFS has an idea as to how they’ll reach that goal.

The things you can do with a modern system

OneExpense does more than automated expense reporting.

“There are local, national, and international policies to take into account,” Anawalikar says. “We have to think about automation differently. Dynamics 365 on Azure is such a rich infrastructure; we can make changes to the system that are separate from automation, which makes automation that much easier.”

A byproduct of the automation is that we can decrease the number of manual touches using AI. This supports compliance by design and reduces the number of audited expense reports downstream.

—Ashley Park, program manager, Microsoft Financial Operations

By layering automation within MyExpense, Microsoft can process functions separately. Microsoft Dynamics 365 empowers agility, giving the team enough flexibility to make changes without affecting scale. Differences across regions, including tax implications and other reporting requirements that differ around the globe, can be quickly addressed, enabling the team to transition from the legacy platform to MyExpense for over 180,000 users across 112 countries in approximately 12 months.

It also means the automation can be used differently, leveraging OneExpense and Microsoft Azure services to support several efforts and teams across the expense lifecycle.

“A byproduct of the automation is that we can decrease the number of manual touches using AI,” Park says. “This supports compliance by design and reduces the number of audited expense reports downstream.”

Approvers can now see if something has been flagged.

When a manager gets an expense report, they’ll see a risk score applied. Using Microsoft Azure Machine Learning and artificial intelligence, OneExpense can look at an employee’s spending history and attributes of the report and identify if it is a low, medium, or high-risk submission.

Eventually, OneExpense will be able to use AI to understand why a report has a high score, pointing the manager directly to the risk factor.

This feature helps elsewhere as well.

“Downstream, the audit will have fewer reports added to the post-mortem,” Anawalikar says. “The same risk score is part of our audit system. A threshold will show us whether an expense report should be audited.”

Readying Microsoft for MyExpense

To help migrate 180,000 Microsoft employees around the world to the new system, Kris Jolma, a group finance program manager in Finance Operations, focused on the benefits of transitioning to the new MyExpense solution.

“It’s not just ‘Here’s a new tool, have fun,’” Jolma says. “There are 80,000 Microsoft employees in the United States, there’s a lot of change management as we launch.”

Acceptance of automated expense reporting will take some time, as users are familiar with the traditional process of manually filling out and submitting sheets. But as employees recapture time and re-allocate it to something meaningful, the value of MyExpense becomes clear.

This message is helping Microsoft ready users for a new experience.

While configurations for specific expense categories across different regions will take some time to set up, the result is still improved productivity. This has helped improve adoption, as   was recently rolled out in 66 of the 112 countries and regions where Microsoft has offices.

Saying ‘Hello’ to a better experience

As MyExpense has become the go-to solution for Microsoft’s expense reporting, Microsoft Digital Employee Experience (MDEE) has now retired the old on-premises servers that ran the legacy solution. This has created savings in support, maintenance, and operational costs, and also reduced the amount of time users spend on expenses.

“Users weren’t satisfied with the previous expense tool, it took too much time away from them,” Anawalikar says. “We cannot provide an automated experience unless they’re migrating to MyExpense.”

With more and more reports being submitted via automation instead of manual submission, Microsoft will soon reach a tipping point where time saved doing expenses is a measurable outcome. MDEE is closely engaged with new MyExpense users to further refine the process.

We have scalable automation capabilities for expenses now. We can showcase this to our users and external customers.

—Kris Jolma, group finance program manager, Finance Operations

“We’re working on features where users can customize their experience,” Park says. “Right now, the automated expenses are sent out to everyone a weekly basis, but we’re adding ways to let users decide their own cadence.”

New automation and functionality added to Microsoft Dynamics 365 Project Operations will continue to grow the OneExpense environment, transforming more tasks, making life easier, and strengthening compliance. This will be a big deal at Microsoft and the rest of the world.

“We have scalable automation capabilities for expenses now,” Jolma says. “We can showcase this to our users and external customers.”

• Traditional processes, like filing expenses, give users peace of mind, but demonstrating the value of automation creates an opportunity to introduce more improvements.
• Always look for ways to simplify. In evaluating Microsoft’s environment, the Program team reduced the number of categories from 400 to 120.
• MyExpense is built on Microsoft Dynamics 365 Project Operations and a few Microsoft Azure services, which has given the organization access to core functionality without any custom work.
• Digital transformation helps to streamline, but it doesn’t mean creating a one-size-fits-all approach. Use a layered approach to create macro and micro levels of customization.

• Check out how automating expense reporting at Microsoft boosts the company’s employee experience.
• Learn how Microsoft is transforming its corporate expense tools with Microsoft Azure and Microsoft Dynamics 365.
• Discover how Microsoft is creating efficiencies in finance with Dynamics 365 and machine learning.
• Learn how Microsoft migrated critical financial systems to Microsoft Azure.

The post Meet OneExpense, the automated expense reporting backend transforming Microsoft appeared first on Inside Track Blog.

Microsoft’s recent deployment of Windows 11 to 190,000 devices across the company is enabling its employees to work smarter and stay better connected.

Microsoft Digital Employee Experience, the organization that powers, protects, and transforms the company, completed the rollout in five weeks—the fastest deployment of an operating system in company history—without disruption.

“When you look at the data, our time to deploy and the number of support contacts, Windows 11 is the most successful Windows deployment in our history,” says Nathalie D’Hers, Microsoft’s corporate vice president of Microsoft Digital Employee Experience. “For a major release, it was so straightforward and fast that it was almost a non-event. Windows 11 raises the bar for all future deployments.”

Getting Windows 11 to employees in a fast, hassle-free way was crucial. Ensuring rollouts are free of disruption makes a big difference for Microsoft employees and—because employee feedback gets rolled into the products—for customers.

A device is your connection to your work experience, especially when you can’t go into the office. Your device shouldn’t get in the way of what you’re doing, so we wanted to make sure our employees had a good upgrade experience.

—Nathalie D’Hers, corporate vice president, Microsoft Digital Employee Experience

“Microsoft employees are very vocal when it comes to giving us feedback about our products and features and that’s a good thing,” D’Hers says. “If the product isn’t working well, we hear about it early on, and that wasn’t the case this time. When we deployed Windows 11, we received very few requests for support—that’s an important indicator of product quality for us.”

Making deployment seamless for employees

A good Windows deployment is frictionless, where employees are not inconvenienced or prohibited from using their devices, apps, or important features.

“A device is your connection to your work experience, especially when you can’t go into the office,” D’Hers says. “Your device shouldn’t get in the way of what you’re doing, so we wanted to make sure our employees had a good upgrade experience.”

The experience of moving from Windows 10 to Windows 11 was so smooth, it felt more like an update than an upgrade.

—Sean MacDonald, partner director of program management, Microsoft Digital Employee Experience

Check out the entire Moving Microsoft to Windows 11 series:

• Microsoft tries Windows 11 on for size and likes the fit (this blog post)
• Unpacking Microsoft’s speedy upgrade to Windows 11
• Windows 11 boosts employee engagement at Microsoft
• Employees are at the heart of Microsoft’s internal Windows 11 upgrade
• Five key learnings from Microsoft’s Windows 11 upgrade

The Microsoft Digital Employee Experience team knew improvements in Windows 11, including an intuitive and improved user interface, would help employees stay connected and work smarter. That made a straightforward deployment—where critical business applications weren’t risked and security wasn’t compromised—even more important.

“It always starts with the user, the employee, the person—that’s who we center around,” says Sean MacDonald, partner director of program management with the Microsoft Digital Employee Experience team who oversaw the deployment of Windows 11 at Microsoft. “Windows 11 does a great job of taking that perspective, it’s about the user, which is key to our employee experience.”

Helping to make this deployment frictionless were familiar processes that had been utilized for Windows 10 releases. “The experience of moving from Windows 10 to Windows 11 was so smooth, it felt more like an update than an upgrade,” MacDonald says.

There was no disruption to business, just a download that occurred in the background, an alert telling the employee that their device was ready, and a quick restart to finish installing the new operating system. As soon as 20 minutes later, the employee was up and running in Windows 11. The device owner could also schedule the upgrade to take place during non-work hours—when they logged in the next day, they were using the new operating system.

For a transcript, please view the video on YouTube: https://www.youtube.com/watch?v=40B99JJpaUo, select the “More actions” button (three dots icon) below the video, and then select “Show transcript.”

Connecting with employees

Communications played a key part in Microsoft’s disruption-free rollout.

Windows 11 has specific hardware requirements, which meant not every device at Microsoft would be part of the deployment.

“Most devices were eligible but letting everyone know about hardware requirements was an early step,” MacDonald says. “Since Windows 10 and Windows 11 work in tandem with no additional overhead, we’re able to seamlessly co-manage both upgraded and non-upgraded devices until all of our older Windows 10 devices are replaced.”

Sharing this fact with employees across Microsoft eased anxieties.

From that point on, it was about sharing clear and concise messaging that encouraged employees to upgrade and provide feedback. Communication plans emphasized empowering employees across Microsoft to submit comments through Feedback Hub, a tool where users can voice and upvote suggestions. Elsewhere, Microsoft support teams readied their own listening systems to resolve queries and to report feedback to the product group.

Even with many channels open, few issues were reported.

“We saw no uptick in support contacts,” MacDonald says. “If the only noise is people talking about features, that’s the sign of a good deployment.”

A better deployment experience

Microsoft Digital Employee Experience encounters many of the same challenges other IT organizations face. But with the deployment of Windows 11, an established playbook of trusted practices along with modern solutions, like Windows Update for Business, converged for a streamlined experience.

A large part of this is due to the Windows Update for Business deployment service.

“It’s truly Windows-as-a-Service,” MacDonald says. “Windows Update for Business deployment service is easy to control, highly compliant, and adoption is straightforward.”

Windows Update for Business deployment service combines two workstreams into one, which sped up Microsoft’s internal deployment of Windows 11. Instead of building separate deployment plans for Microsoft Azure Active Directory (AAD) devices, Windows Update for Business deployment service allowed the team to establish a single strategy for the entire environment. Within the service, Microsoft Digital Employee Experience was able to handle exclusions, automatically stage deployment waves, and bypass devices that were ineligible for the upgrade.

Other tools, like Windows Update for Business reports, further reduced the workload placed on the team. Using Update Compliance, the organization quickly and easily analyzed the device population for hardware eligibility. Data gathered from Update Compliance and Microsoft Endpoint Manager informed Microsoft Digital of a device’s deployment status, giving clear visibility to which ones had moved to Windows 11.

Over the course of five weeks, Microsoft Digital Employee Experience seamlessly rolled out Windows 11 to all eligible employee devices.

Success measured in outcomes

The deployment of Windows 11 represents the right chemistry of technology and expertise working together for a harmonious experience. Employees at Microsoft quickly and easily upgraded to Windows 11 on their schedules. Microsoft Digital Employee Experience utilized tools like Windows Update for Business deployment service to streamline familiar processes.

“We had to target the devices that could run Windows 11, but we have a plan to ramp up and refresh all devices as we go,” MacDonald says. “We have a path to Windows 11 for everyone.”

Windows 11 has done a good job of keeping the user in mind. The aesthetics are simple. The user experience is familiar but improved, making it easier to complete the common tasks and activities I do every day.

—Nathalie D’Hers, corporate vice president, Microsoft Digital Employee Experience

Thanks to its design, Microsoft Digital Employee Experience will be able to easily co-manage Windows 11 and Windows 10 side-by-side. Microsoft designed Windows 11 to ensure backward compatibility with Windows 10, so apps remain compatible, removing another challenge typically found during the release of new operating systems.

The transformation continues

The success of the deployment of Windows 11 validates Microsoft Digital Employee Experience’s approach to new features and product releases, which empowers people to succeed while minimizing disruption.

“Windows 11 has done a good job of keeping the user in mind,” D’Hers says. “The aesthetics are simple. The user experience is familiar but improved, making it easier to complete the common tasks and activities I do every day.”

With new functionality, like snap assist and docking, users can work more efficiently. Device hardware baselines, including a Trusted Platform Module 2.0 (TPM) requirement, enhance the security of devices and create better hardware-to-software integration in Windows 11. Transport Layer Security, an encryption protocol for transferring data over a network, empowers Microsoft Digital Employee Experience to perform IT functions remotely without fear of a compromise.

All of this improves how Microsoft employees can stay safe and productive.

“An important part of our Customer Zero role is to provide our employees and other internal users with the best products and services as early as possible,” D’Hers says.

• The disruption-free deployment of Windows 11 was powered by the same tools and practices Microsoft Digital uses for Windows 10 updates.
• Since Windows 10 and Windows 11 can be co-managed side-by-side, Microsoft intends to let users stay on their current devices until it is time for a refresh.
• Apps that work on Windows 10 work on Windows 11, and a better user interface improves employee experience.
• As customer zero, Microsoft employees take on the role of providing feedback and suggesting improvements from an enterprise perspective.

• Unpacking Microsoft’s speedy upgrade to Windows 11.
• Employees are at the heart of Microsoft’s internal Windows 11 upgrade.
• Windows 11 boosts employee engagement at Microsoft.
• Five key learnings from Microsoft’s Windows 11 upgrade.
• Find out how Microsoft is reinventing the employee experience for a hybrid world.
• Review Windows client documentation for IT Pros.
• Get insights into what the Microsoft Tech Community has to say about deploying Windows 11.
• Learn how to streamline upgrades with Windows Update for Business deployment services.
• Explore how Windows Update for Business keeps devices up to date.
• Discover how Update Compliance improves device configuration.

The post Microsoft tries Windows 11 on for size and likes the fit appeared first on Inside Track Blog.

A new machine learning model and Internet of Things (IoT) sensors and automation enables Microsoft smart buildings to keep company employees as comfortable as possible. Microsoft’s real estate operations team relies on energy smart buildings, structures with interconnected automation and sensors, to responsibly maintain a base level of comfort.

Microsoft has deployed more than 50,000 sensors in roughly 100 buildings throughout Microsoft’s Puget Sound region in Washington state. The company is using data captured from these sensors to identify issues and inefficiencies as they happen, allowing them to be fixed before employees even notice them.

“Hot and cold calls are the biggest part of our facilities management requests,” says Mark Obermayer, a senior program manager on the Real Estate & Facilities (RE&F) team, the group responsible for managing the buildings across Microsoft. “A lot of our work is making sure our employees are comfortable and productive. It makes a big difference.”

Fortunately for those responsible for responding when one of these sensors goes off, the vast majority of all the signals emitted from Microsoft smart buildings don’t necessitate a response. Puget Sound could see hundreds of thousands of signals in a single week, with fewer than 1 percent being actionable.

“A portion of a building being off by a couple of degrees might not be a big deal,” Obermayer says. “It might be that the wind is blowing from the north that day.”

What Microsoft Digital came up with was a way to not only generate work orders in a quick manner—a few clicks—but also to predict which faults are a priority.

– Mark Obermayer, senior program manager, Real Estate & Security

To wrangle and maximize this data, RE&F tapped Microsoft Digital, the organization that powers, protects, and transforms the company, to figure out when a response is needed.

This meant finding a better way to parse the plethora of IoT data that the sensors were producing. In short, artificial intelligence and machine learning were needed.

“In the past, someone would manually enter tickets to check out a group of faults,” Obermayer says. “What Microsoft Digital came up with was a way to not only generate work orders in a quick manner—a few clicks—but also to predict which faults are a priority.”

[Discover how Microsoft’s smart buildings showcase Azure Digital Twins. Learn about Microsoft’s new era of smart building in Singapore. Find out how Microsoft promotes environmental sustainability from the inside out.]

Making sure work orders work

As sensors from Microsoft smart buildings feed this IoT data to Iconics (a third-party solution), faults, or specific violations of established rules, are identified. When a fault is recognized, a technician creates a ticket in Facility Link, the building management system Microsoft Digital built on Microsoft Dynamics 365 to manage work orders.

“Iconics and Facility Link weren’t communicating,” says Garima Gaurav, a senior program manager with Microsoft Digital, who identified several opportunities to introduce improvements across Microsoft’s heating, ventilation, and air conditioning (HVAC) systems. “Some technicians were spending the same amount of time writing tickets as working on the fix.”

In addition to being inefficient, manual processes were generating errors due to incomplete or inaccurate tickets. Incorrect work orders left jobs unfinished, leaving equipment running suboptimally and requiring additional technician visits.

To fix this, Obermayer and Gaurav reached out to Kundan Karma, a senior software engineer with Microsoft Digital.

“Technicians had to go to two places,” Karma says. “They went to Iconics, to perform the analysis, and they used Facility Link to submit the ticket. The new IoT Connector that we built brings them together.”

Built on Microsoft Azure, the IoT Connector immediately removed manual steps, reducing errors, and improving communication. Creating a ticket became a one-click process, with greater accuracy and faster processing time for technicians.

“In the IoT Connector, we take care of all the data,” Karma says. “It’s a bridge between two systems.”

Designed with auto-healing and telemetry fail-safes, the IoT Connector gives RE&F confidence that faults will be captured and reported as tickets with greater accuracy.

“If messages between the two systems fail, the IoT Connector will resubmit,” Karma says. “After a certain number of retries or if there’s a major problem, it will create a ticket for an engineer to look at.”

Improved communication introduced a handful of ancillary benefits—specifically, visibility.

Where a technician might previously circumvent inputting information into a work order, automated copying facilitated by the IoT Connector made tickets in Facility Link a single click away.

“In cases where someone just does the fix without a work order, we don’t know what’s been done,” Obermayer says. “This left us with an incomplete history. We couldn’t see the demand for certain things.”

Now capable of tracking work orders, RE&F has a better understanding of what’s going on within specific buildings and assets. These insights are improving decision-making, especially as it relates to energy efficiency.

A firehose of IoT data

The IoT Connector shines a light on some challenges that come with scaling energy smart buildings.

“The target was 100 buildings,” Karma says. “We were so focused on integrating Iconics with Facility Link that we didn’t consider the volume of data. When we first rolled out the IoT Connector, we had to stop at 13 buildings. One building was generating approximately 2,000 faults per day.”

Extrapolated across Puget Sound’s 100 buildings, that amounted to roughly 200,000 faults in a single day. The scale of data being generated by IoT sensors could overload Microsoft’s entire Dynamics 365 system, bringing things to a standstill.

“The issue was conversions,” Gaurav says. “Only meaningful faults require an actionable response. We only want to check on real issues.”

Getting useful information out of IoT sensors is a challenge.

“There are different tolerances and different polling schedules for different pieces of equipment,” Obermayer says. “It changes from building to building.”

Microsoft Digital needed to separate the wheat from the chaff.

“If you have data generated in the thousands, it’s easy to miss important alerts,” Gaurav says.

Reducing the number of faults meant rethinking the way alerts from energy smart buildings were generated.

“What we realized is that 75 percent of the total faults were coming from one source, terminal units, and most of them were never converted to any work orders,” Gaurav says. “It was taking up most of the UI and creating too much noise. The way this data is now processed has adjusted how we’re digesting and prioritizing alerts.”

Terminal units, for example, were reordered and reprioritized to reduce the amount of noise being generated.

“We tried to group faults together,” Gaurav says. “One fault can trigger other alerts, but you don’t need multiple work orders.”

We want the model to mimic the behavior of a technician. It can go through the same decisions a human being can and reach the same conclusion.

– Kundan Karma, senior software engineer, Microsoft Digital

Instead of treating all alerts as individual issues, alerts could be grouped so several related faults resulted in a single ticket.

“Would a technician investigate that?” Karma says. “We want the model to mimic the behavior of a technician. It can go through the same decisions a human being can and reach the same conclusion.”

Teaching a machine to think like a technician

To get things started, Microsoft Digital looked at the history of faults and determined how they were converted to work orders.

Brendan Bryant, a mechanical engineer with DB Engineering, one of Microsoft’s partners, helped translate the technician’s process to the team. These inputs allowed the Microsoft Digital team to build a machine learning model that could mimic the behavior of a technician.

“We had key performance metrics from six to eight months’ worth of IoT Connector data,” Bryant says. “I helped Kundan look at HVAC telemetry and all the IoT metrics to get his team the information they needed to train the algorithm the right way.”

But before they could get there, naming conventions for assets and structures had to be standardized.

“This is one of the reasons we put in our own system,” Obermayer says. “How things would work was that a vendor would decide on an asset name when the building was constructed, then we’d change vendors or use a different vendor for a different building.”

The result was a variety of similar, yet varied, naming conventions. Facility Link meant RE&F could standardize and align all data points for energy smart buildings across campus.

“We can now look at a data point and tell you the number of air valves in Puget Sound,” Obermayer says. “Data and problem types are now the same on every system, making energy smart buildings more precise and efficient.”

Alignment of nomenclature also meant Bryant could better convey priority issues.

“There’s a lot of engineering intuition involved, especially when checking what’s false and what’s true,” Bryant says. “It’s a large amount of data provided by all of the equipment, so you have to make a judgement based on what you’re seeing.”

To help train the model to identify real issues over false alarms, Bryant and Karma moved away from real-time response and started viewing faults in aggregate.

“Something might show up on a Tuesday and be gone by Wednesday,” Bryant says. “There’s no value in creating a work order for that. But if it’s an issue for most of a week, that’s something we want to flag.”

Once aggregated, certain key performance metrics became strong predictors of a fault.

“In order to maintain high confidence that a fault needs to be addressed, we need a longer period of data,” Bryant says.

As the team continued their efforts, items that would result in a work order were flagged while all others were archived. From this, the model began to predict the faults that would result in work orders, flagging them for attention and archiving the rest.

“The technician can view anything flagged as ‘false’ and review it,” Karma says. “If needed, the technician can pull the fault from the archive and review it on the fly. The model learns from the mistake when it’s time to retrain.”

Thanks to machine learning and new practices, the number of faults was reduced by 80 percent to 90 percent.

“When we were onboarding, we couldn’t do all of Puget Sound’s smart buildings because the number of faults was huge,” Gaurav says. “Once we were confident that the faults generated were manageable and convertible to work orders, we were able to quickly onboard the rest of campus.”

Predicting the future for smart buildings

With the IoT Connector, Microsoft’s technicians are more efficient, disparate systems are better integrated, and modern infrastructure is in place to further sustain energy smart buildings.

“Right now, we’re only looking at HVAC, but there are so many other IoT assets throughout Microsoft,” Karma says. “A/V, security cameras—you name it. The next phase is to integrate all of these items into the IoT Connector.”

Flexibility within the IoT Connector allows it to be utilized with any asset across any region in the world.

“It becomes a scalable implementation,” Gaurav says. “We can even use it in areas that will eventually become energy smart buildings to help support those efforts.”

Karma also sees the IoT Connector, which is built on Microsoft Dynamics 365, as being available to other companies looking to improve the efficiencies of energy smart buildings.

“What we’re planning is to create the IoT Connector in a generic way so that other people can benefit from it outside of Microsoft,” Karma says. “Any other team should be able to use our learnings.”

The standardization of assets in Facility Link has helped spur other RE&F initiatives.

“Having this data is super important,” Obermayer says. “This will impact everything from procurement decisions to the management of movable assets.”

As Karma continues to refine the model, retraining hones prediction accuracy.

With each iteration, the model gets stronger.

“The big thing looking forward is helping to teach the algorithm so that we understand when it makes a decision and why,” Karma says. “Eventually the model will be able to assign work orders automatically.”

Gaurav agrees.

“The model is robust and converts some fixed number of alerts to tickets automatically. However, we also allow technicians to review through the list of alerts and allow them to manually create tickets as and when needed,” Gaurav says.

For Obermayer, all of this is a dramatic improvement.

“We started with thousands of faults but could only address about one percent of the issues,” Obermayer says. “We got the number of faults down so that we’re actioning 10 to 20 percent, which means we’re hitting meaningful faults. Artificial intelligence and machine learning are improving the business of energy smart buildings.”

• Discover how Microsoft’s smart buildings showcase Azure Digital Twins.
• Learn about Microsoft’s new era of smart building in Singapore.
• Find out how Microsoft promotes environmental sustainability from the inside out.

The post Microsoft smart buildings bolstered by machine learning model, IoT appeared first on Inside Track Blog.