At Microsoft we’ve taken a page from the auto industry and have adopted a process called Kanban. Kanban (pronounced “con-bon”) is a Japanese word meaning “signboard” or “billboard.” It was first developed by a Toyota engineer decades ago to improve manufacturing efficiency.

Today, we’re using Kanban to drive improvement and streamline workflows within some of our engineering teams. The process shows great potential to encourage innovation and increase engineering excellence.

In its simplest form, Kanban involves creating a set of cards that track manufacturing or other step-by-step processes. These cards, tacked to a corkboard, can be used to highlight trouble spots and avoid overcapacity. That latter quality helps Kanban users resist loading up a job with too many side tasks.

“I learned about Kanban when I was in the Marine Corps,” says Ronald Klemz, a senior software engineer manager on our Microsoft Commerce and Ecosystems team. “When I joined Microsoft, I could see how it applied to software engineering.”

Less meetings, more flexibility

Although Kanban has gradually grown in popularity at Microsoft, many engineers still rely on the scrum development framework (part of the agile software development methodology). Scrums consist of regular planning meetings, followed by two-week to month-long sprints that are designed to complete a particular stage of work.

While plenty of good work has come out of scrums and agile, they are not always ideal for driving engineering improvement. The regular scrum meetings can be time-consuming; even though they are designed to break big jobs into manageable pieces, teams can still become overwhelmed if customers add new requirements on the fly.

“At the start of each two-week scrum cycle, you’re expected to know everything that you’re going to do in those two weeks,” says Snigdha Bora, an engineering lead with Microsoft Digital, the company’s IT organization. “But there are things that will happen in those two weeks that you can’t know in advance. All of that goes away with Kanban, because it has no artificial boundaries or time limitations.”

Klemz agrees.

“We’d spend so much time in meetings, planning and replanning to ensure our commitments were falling in the sprint window,” Klemz says. “That would result in large work items sitting in the Active column for days or weeks, making it really difficult to visualize the state of the work. To reduce the meeting load and free up our engineers, we decided to give Kanban a try—and we’ve never looked back.”

Balancing workloads and resources

Whether built with simple paper materials or using more sophisticated software versions, a Kanban board shows rows of cards arranged in columns that represent stages of a project’s workflow. Each card contains a specific task and who is responsible for it.

One of Kanban’s most valuable aspects is that each column is designed to self-limit work in progress. If an extra card is added that exceeds the agreed upon limit of tasks, the column heading might light up red, indicating a possible bottleneck that could delay work.

“It helps to simplify the workflow, so people aren’t getting hit with all kinds of sudden, ad hoc projects,” Klemz says. “They’re able to focus on the agreed-upon workflow.”

Kanban also helps engineers easily shift gears as priorities change and challenges arise.

“Kanban really helps us have the flexibility to tackle urgent work without entirely disrupting the state of our planning cycle,” Klemz says. “When you have a small team responsible for many downstream systems, there are bound to be unknowns that surface and suddenly become top priority. By leveraging Kanban, we’re able to break our work into smaller tasks, so that an engineer can switch projects to focus on an urgent issue.”

Virtual Kanban board at Microsoft

That last point underscores another advantage of how Kanban drives engineering improvement at Microsoft: Its visual nature makes it easy for someone who is a newcomer to a team, has been on vacation, or is a part-timer to look at the Kanban board and immediately see what needs to be done.

“With a Kanban board, an employee can pick up any unassigned task without having to consult the project manager on the priority,” Bora says. “This is much easier and more efficient.”

This feature is especially helpful as more Microsoft engineers are working remotely in today’s increasingly hybrid workforce, frequently across various time zones. By checking the Kanban boards, many of which are created with Microsoft Azure DevOps, they can quickly grasp the status of a project at any time.

Enabling greater collaboration and transparency

The Microsoft Commerce and Ecosystem team owns the tools, processes, and controls to ensure that Microsoft’s preferred suppliers and partners are paid in a timely way once invoices are approved. They also ensure that tax and other statutory laws are followed globally, provide tax and statutory compliance information, and report payments to the Internal Revenue Service.

Those multiple workflows often led to siloed work, with different members of the team unaware of what co-workers were doing, or how their work affected others.

Kanban has helped the team create a more collaborative work environment while still giving engineers plenty of freedom for innovation, which has positively impacted both business needs and the customer experience.

“It’s an effective approach to delivering software iteratively,” Bora says. “It brings so much transparency for the team by providing better visualization to track progress.”

The increased agility plays well with Microsoft customers, who have become accustomed to rapid and seamless product improvements. The same goes for internal business changes, such as the expansion of Microsoft Azure and data center launches and announcements.

According to team leaders, Kanban allows them to quickly respond to these strategic shifts, enabling real-time transparency and close tracking of OKRs (Objectives and Key Results). The Kanban dashboards also allow them to more easily give global stakeholders insight into project progress, which builds stronger trust among all parties.

Kanban also helps the organization more effectively manage global statutory laws and compliance processes, which can change rapidly (including predefined timelines that in most cases are non-negotiable).

Adopting Kanban continues to be a learning process for Microsoft engineers, and the discipline is gradually becoming more widely accepted in the tech industry. It shows great potential for making software development faster and more trouble-free, while helping teams work together more flexibly and effectively.

Here are some of the advantages that Kanban can bring to help improve workflow processes at your organization:

• It elevates flexibility over rigid frameworks. Unlike scrums, Kanban doesn’t enforce strict timeboxes (like sprints). This flexibility helps teams adapt to unexpected changes and evolving requirements without disruption.
• Visual workflow = instant clarity. Kanban’s visual boards help engineers and stakeholders easily see the state of work at any time. This is especially useful for remote, hybrid, or globally distributed teams.
• The work-in-progress limits prevent bottlenecks. The columns on a Kanban board can be set to limit the number of active tasks. This helps teams stay focused, avoid burnout, and reduce delays in the workflow.
• It enables better collaboration and reduces siloed work. Kanban promotes shared visibility and team-wide alignment while eliminating siloed efforts, ensuring that everyone is moving toward common business outcomes.
• It increases agility at scale. Kanban has helped Microsoft adjust to increasingly faster business cycles, supporting major product rollouts, organizational changes, and statutory compliance across global markets with speed and confidence.

Sign up for Azure Boards, a web-based service that enables teams to plan and track their work across the entire development process.

• Learn more about using Kanban boards with Microsoft Azure DevOps.
• How to add a Kanban board in Microsoft Teams.
• Four ways to create Kanban boards in Microsoft 365.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Deploying Kanban at Microsoft leads to engineering excellence appeared first on Inside Track Blog.

As Microsoft celebrates its 50th anniversary, it’s a fitting time to reflect on the transformative journey of Microsoft Digital, our team that’s been responsible for powering, protecting, and transforming the digital employee experience across devices, applications, and hybrid infrastructure at the company since the dawn of information technology.

The role of information technology has experienced profound evolution over the past several decades, and Microsoft is no exception. From humble beginnings with Bill Gates and Paul Allen programming and debugging simple applications on MITS Altair 8800s to the current era of sleek, powerful devices (some that even fit in the palm of our hands), the ways we interact with technology have changed dramatically. And just like the internet became an indispensable tool for global commerce and connection, the advent of cloud computing and advances in AI, machine learning, and automation are enabling the next IT revolution, which has already greatly enhanced efficiency and unlocked new possibilities for organizations.

Corporate Vice President Nathalie D’Hers, who has led Microsoft Digital for the past 10 years, talks about how our team’s role has evolved from an information technology-centric one to a modern, AI vision-led, experience-centric engineering organization. 

“The main tenets of our modern engineering era in Microsoft Digital are being vision-led; embracing user-centric, coherent design; fostering innovation to drive exceptional employee experiences; and prioritizing our role as Customer Zero to create a blueprint for our customers to follow,” D’Hers says.

Recently, I had the privilege of speaking with D’Hers and some of the other leaders of Microsoft Digital. During our conversations, they shared significant lessons learned and profound experiences from their time at Microsoft. They also provided valuable insights into the future as we look ahead to the next 50 years of IT.

Several themes emerged from my discussions with them; themes that they believe have consistently enabled Microsoft to lead the IT revolution and that will shape the future of technology for the next 50 years.

1. Digital transformation is a continuous journey

Digital transformation isn’t a one-time event; it’s a continuous journey that involves integrating technologies to stay competitive and to improve customer and employee experiences. In the past 50 years, there have been multiple stages of digital transformation, from adopting basic IT systems to embracing modern technologies like AI, machine learning, Internet of Things (IoT), and automation.

The digital transformation of Microsoft spans the entire personal computing revolution, from the early days of DOS and Windows desktops, through to our current era—highlighted by the rise of AI. Our transformation journey can be divided into four major eras:

1. On-premises IT (1985 to 2009): Characterized by the setup, operation, and maintenance of onsite physical technology.
2. Cloud and culture (2010-2017): Marked by our shift to the Microsoft Azure cloud and a cultural transformation.
3. Modern engineering (2017-2020): Focused on modernizing our engineering practices.
4. AI (2020-present): Embracing AI to revolutionize IT services and operations.

Most leaders felt that both the era of cloud services and our present era of AI have been pivotal in redefining traditional IT services at Microsoft and that these technologies have revolutionized how we think about IT, making processes more efficient and scalable. And all of them mentioned that no matter what the era, robust security and governance play a critical role and are the backbone to any successful IT organization. Enabling a safe and compliant environment ensure that digital transformation leads to sustainable growth without compromising safety or trust.

Monika Gupta, a partner group engineering manager within Microsoft Digital who has been with Microsoft for nearly 20 years, reflects on her continuous digital transformation journey at the company.

“When I joined Microsoft in 2006, Windows XP was still king, Internet Explorer ruled the web, the mobile revolution was starting, and the idea of cloud computing was a distant dream,” Gupta says. “I’ve had the privilege of working in a variety of roles across Microsoft, witnessing and contributing to some of the most transformative shifts in technology. From making solutions designed for enterprise scale, shipping software securely (on CDs or digitally) to building AI-driven experiences, from on-prem solutions to Azure’s global cloud presence, and from traditional IT solutions to AI copilots reshaping productivity, we have been continuously innovating.”

2. Continuous change means change management is critical

Technological changes can be disruptive, requiring significant shifts in processes, individual behavior, and organization culture. Without effective change management, organizations risk facing resistance from employees, disrupted workflows, and ultimately, failure to fully capitalize on the benefits of new technologies.

Within Microsoft Digital, change management best practices have been critically important to our success.

As Microsoft is a global enterprise with more than 220,000 employees worldwide, it’s imperative that we have a well-executed change management plan in place to help guide our employees each time there is any major transition, starting from piloting to gathering localized feedback from employees across the globe, through to initial deployment and subsequent full adoption of the technology.

This includes several best practices including clearly communicating the reasons for change, providing adequate and thorough training in various forms, and targeted activities post deployment, in addition to using adoption data insights to help our employees adapt to the new technology. Moreover, change management helps to align technology upgrades with organizational goals by ensuring that all stakeholders are involved and that there is a shared vision and collective buy-in for the future. When employees feel prepared and supported, including sufficient active sponsorship from leadership, they are more likely to embrace new systems, leading to greater productivity and innovation.

And we know that a well-executed change management plan fosters a culture of continuous improvement. By building a framework for managing change, we have ensured that our technological shifts are met with less resistance and greater success. Ultimately, successful change management is not just about technology, it’s about enabling the people and processes that will use the technology and ensuring that the focus is on the benefits to the users rather than the technology itself to achieve the desired outcomes of digital transformation.

With a career at Microsoft that spans more than 20 years, Andrew Osten, general manager of Business Operations and Programs for Microsoft Digital, talks about the key role change management plays within Microsoft.  

“Dedicated focus on change management is critical within large enterprises when you’re attempting to improve or evolve business processes and drive adoption of technology changes that directly benefit users,” Osten says. “Our team has recognized the importance of investing time and talent into crafting an operationalized adoption program with proven techniques that help accelerate both user and company ROI from our IT investments.”

3. The role of IT is a customer-first experience

One of the most significant lessons learned came from Trent Berghofer, general manager of the Microsoft Digital Modern Support team. It’s a trifecta of sorts, focused on the importance of leading with a customer-centric approach combined with operational excellence and cutting-edge technology.

User experience (UX) and stakeholder satisfaction are central to all of Microsoft Digital’s technology investments. And as the value of customer data, personalized experiences and seamless customer service have become increasingly more important throughout the years, IT systems that support these functions have become integral to business success, boosting not only customer loyalty but revenues as well.

Berghofer, a 26-year veteran at Microsoft, reflects on a time early in his career, when the notion that leading with a customer-centric approach rang loud and clear for him.  

“One of the first times I ever did an IT portfolio initiative check-in with an internal VP in our sales organization, I was fortunate that the executive made time for some coaching at the end of our session,” Berghofer says. “His feedback was along the lines of ‘This looks to be great work, but what are you doing to make me and my team successful?’ I’ll never forgot this feedback, and I’ve incorporated this customer first mindset into all my decision making even still today.”

4. People and talent are our greatest asset

A main theme that’s consistent among every leader of Microsoft Digital is that IT isn’t just about technology; it’s about having the right people and culture that’s the cornerstone for success. Investing in people with not only the skills, but also the commitment, to drive innovation and providing opportunities for training and development to upskill employees results in more agility in adapting to technological changes. Something everyone felt is critically important in the ever-changing and evolving IT landscape.

The journey within Microsoft Digital has been remarkable not just because of all the technological advances, but also because of the unique culture of the organization. Because the role of IT continues to evolve, it’s important that you have people who are willing to evolve as well. Having a good mix of individuals with strong technical skills, problem-solving abilities, adaptability, and effective communication is critical. Cultivating a culture of collaboration, continuous learning, and innovation, and where employees feel empowered to experiment, fail fast, and grow from their mistakes are all important factors in a successful IT organization.   

D’Hers, who has not only led Microsoft Digital and the teams that preceded it for the past decade but is also a 25-year veteran of Microsoft, characterizes the organization’s culture as one that exudes a collective enthusiasm and provides a winning combination of passion, resilience and grit, and teamwork.

“Beyond the technology, what has made this journey truly special is the culture we’ve created together,” D’Hers says. “It’s a shared passion for solving the complex challenges, the resilience we have to embracing constant change, and the camaraderie we have that can turn even the hardest of issues into learning experiences and growth.”

5. AI is the future of IT

As we celebrate 50 years of IT at Microsoft, it’s exciting to envision the future, especially as AI continues to transform the world and our lives. It will no doubt play a critical role in the function and future of IT. Together with continuous improvement (CI), AI and machine learning will enable greater automation and self-serve functions, meeting users where and how they work, and will be central to improving efficiency and enhancing customer experiences.

From AI-powered agents integrated with Microsoft 365 Copilot, to chatbots providing customer support to AI-driven supply chain optimization, the ongoing shift toward better automation is not only reshaping IT, but every single industry from manufacturing, retail, to even healthcare.

As Monika Panpaliya, partner director of the Product Management team and the most recent member of the Microsoft Digital leadership team, shares, for instance, how AI agents are poised to transform IT.

“Agentic AI can act as an intelligent companion that can autonomously reason and adapt to changing environments,” Panpaliya says. “It operationalizes decision-making and collaborates with humans to enhance efficiency and effectiveness across various domains, such as network security, helpdesk support, and HR processes.”

Fifty years of IT evolution at Microsoft has taught valuable lessons about agility, innovation, people and culture, and the critical importance of technology in maintaining competitive advantage. There is no doubt that just like the last five decades, IT will continue to evolve, and companies who want to continue to succeed will need to remain adaptable, constantly exploring new technologies while ensuring they align with the changing needs of their workforce and customers. Our digital transformation journey has been marked by continuous innovation, and the next 50 years promise to be just as transformative!

Here are some of the key learnings we’ve had on our journey as the company’s IT organization:

• IT has drastically evolved over the years and is no longer considered “just a support function” like it once was. It’s now a fundamental driver of business success.
• Agility, innovation, and having the right people are key to running a successful IT organization.
• Make sure your workforce has the skills to keep pace with technological advancements. Investing in people is critical!

Visit our Microsoft Digital Inside Track website to learn more about how we’re transforming the way we do IT at Microsoft.

• Learn more about our digital transformation journey here at Microsoft.
• Find out how we’re powering a generational shift in IT at Microsoft with AI.
• Microsoft Read our guide for executives on deploying and driving adoption of Microsoft 365 Copilot.
• Check out how we’re embracing this new ‘agentic’ moment at Microsoft.
• Learn how we serve as the company’s Customer Zero.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Reflecting on 50 years of IT at Microsoft: Five key lessons and insights on the future appeared first on Inside Track Blog.

Our employees are using the new Microsoft 365 Copilot-powered Facilitator feature in Microsoft Teams, and it’s helping them do a lot more in meetings.

Currently available to some of our employees as part of a ringed-deployment, Facilitator does the stuff none of us want to do in meetings, including taking and sharing notes in real-time, managing the meeting clock and reminding colleagues to wrap up, tracking your goals for the meeting, including highlighting when key points and decisions are made, and answering questions without interrupting the flow of the meeting.

Facilitator keeps up with your conversation and creates AI-generated notes for everyone within a single workspace. The notes are shown in the full meeting in the meeting notes windowpane, which frees meeting attendees from having to take their own notes and allows attendees to make updates and correct meeting notes in the same meeting notes windowpane. This allows them to stay present, focused, and more productive in meetings.

It’s important to note that Facilitator updates your meeting notes as your conversations unfold, and your group’s collective viewpoints change. It uses the AI Notes feature to keep track of the topics, action items, and tasks shared in the conversation (please note that there is a delay in adding new and updated information as the meeting progresses).

The effective result is you no longer need to comb through your notes to see what the outcome was, Facilitator captures it for you.

“It’s one of those rare features that comes along and immediately increases our productivity,” says Chanda Jensen, a senior product manager on the deployment team in Microsoft Digital, the company’s IT organization. “Facilitator takes notes for everyone, which allows me to sit back, listen, and be more engaged.”

We have deployed Facilitator to some employees internally here at Microsoft and will soon deploy it to the full company. You can learn more about Facilitator’s public preview here.

Delivering immediate value

Running late to a meeting?

You can ask Copilot what you missed, or you can review Facilitator’s live AI Notes for a quick review and update.

“So many times when we come into a meeting, we’re a little bit late because we’re jumping from meeting to meeting,” says Sara Bush, a principal product manager and leader of the Microsoft Teams deployment team here in Microsoft Digital. “Now we can use Facilitator to catch up without disrupting anyone.”

Need to catch up on the Group Chat?

You can @Facilitator in the group chat to summary.

Trying to remember a point without writing it down and taking your focus off the meeting?

Facilitator has got you covered.  

You can ask a question in your meeting’s group chat, and Facilitator’s answer will be shared with all the meeting participants, or you can open your private Copilot view, and ask a question where you are the only one who sees the response in your private windowpane.

After the meeting is over, Facilitator notes are shared in the post meeting group chat in a Loop Component and via the meet’s Teams Activity icon. If people were assigned work in the meeting, you can go to either location to see what each person was asked to do.

Facilitator has become our employees’ advocate in the room that always keeps track of things for them.

“Facilitator is there to be your champion, to be your collaborator,” says Lesley Montgomery, a principal product manager on the deployment team in Microsoft Digital. “It’s the part of AI that has the tools and humans working together.”

Internal feedback leads to a better product

While they love the new capabilities, our employees wanted to make sure they can still talk securely in meetings.

“We had to show that we were using their meeting data appropriately and that Copilot and Facilitator are secure on our tenant,” Jensen says. “They wanted to know that private chats with Copilot could stay private when needed, and they can.”

Recognizing that there are times when sensitive matters need to be discussed, our team worked with the product engineering team to ensure that controls are available to allow meeting organizers and attendees to turn off Copilot and features like Facilitator when they want privacy in a meeting.

The team continues to receive and adjust to feedback it receives from employees.

“We’re continuously innovating and improving,” Jensen says. “Our users are always asking for more innovative ways to use Teams.”

Endless possibilities

The effects of deploying Facilitator are being felt throughout the company as the benefits of employees having higher-caliber meetings are passed upward through the organization in a compounding way.

“It’s amazing the response we’re getting from employees,” says Eileen Zhou, a principal product manager on the deployment team in Microsoft Digital. “They feel great about having more real, genuine time to focus on brainstorming, on being creative, on having time to come up with higher-value solutions that can move the company forward.”

A great way Facilitator helps groups stay on task is by monitoring the meeting time with or without an agenda.

You can tell Facilitator to keep track of time for certain agenda items to keep meetings running efficiently. Facilitator can also send post-meeting tasks directly to the assigned owner(s) that include action items and requested deliverables. Those are just a few of the ways we’re using Facilitator to help employees save time and be more productive.

“The possibilities are endless,” Bush says. “It’s already changing how we work, and we’ve barely scratched the surface as to what our employees are going to be able to do with this.”

Facilitator is one of many new AI-infused capabilities that we’ve gradually been folding into Teams, including Copilot analyze content shared onscreen during meetings. It can answer questions based on the shared content, such as slides, documents, spreadsheets, and websites. It also suggests follow-up questions to keep the conversation going and combines screenshare with transcript and chat data to provide comprehensive answers.

Copilot works well with Facilitator as it focuses on content analysis and follow-up questions, while Facilitator manages real-time meeting dynamics, including notetaking, time management, and goal tracking.

“Copilot works like a personal assistant for users, while Facilitator helps out the whole group,” Jensen says.  

These new features build on the personal AI assistant capabilities we added to Copilot in Teams last year, including the Intelligent Recap feature. These features capture what was said and decided at the end of a meeting, create lists of action items for attendees, answer questions in real time, and provide a transcript and notes. Learn more about what it was like for us to deploy the Intelligent Recap feature here.

We’ve expanded Copilot’s personal AI assistant capabilities a step further—instead of helping one employee at a time, Facilitator serves all the people who attend a meeting together, collaboratively.

“It really can help you stay on task as a group,” Montgomery says. “Traditionally, when people take notes, they take them from their perspective – with Facilitator, that’s no longer an issue as Facilitator doesn’t bring any partialities.”

Deployment journey

We deployed early versions of Facilitator to some of our engineering teams in the summer of 2024, and as they provided feedback, the product group made improvements to the feature. In the fall, we deployed the improved version to 18,000 employees in our Microsoft Elite program.

The Elite program is made up of employees who volunteer to test new products and experiences at Microsoft. They help us in Microsoft Digital serve as the company’s Customer Zero, which refers to how we gather and send employee feedback to the product group. That feedback is then used to make improvements to the experience before shipping it to customers.

We plan to fully roll out Facilitator to all employees and vendors with a target date of April 30^th, 2025.

Here are some tips for getting started with Facilitator in Teams at your company:

• Enable AI-generated notes: A transcript is required to ensure that AI-generated notes are captured for your meetings and chats. Select the AI notes icon in the chat header or during a meeting.
• Use voice recognition: For meetings that include Microsoft Teams Rooms, turn on voice recognition to ensure speakers are correctly identified in the notes and action items.
• Speak clearly and concisely: Facilitator works best when there is a clear and substantive volume of content. Make sure to speak or chat in supported languages and provide detailed information.
• Collaborate in real-time: Use Facilitator to co-author and collaborate on notes during the meeting. This helps keep everyone on the same page and ensures that important points are captured.
• Review and edit notes: After the meeting, review the AI-generated notes and make any necessary edits.

Try out the public preview of Facilitator in Teams.

• Set up Facilitator in Teams for collaborative AI-generated notes.
• Review frequently asked questions about Facilitator in Teams.
• Get early access to new features in Teams.
• Learn how we’re recapping our meetings at Microsoft with AI and Teams.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Transforming meetings: How we’re using the new Microsoft 365 Copilot-powered Facilitator feature at Microsoft appeared first on Inside Track Blog.

For countless organizations around the world, Microsoft SharePoint is the go-to solution for managing authoritative business content and collaborating on projects.

With the launch of Microsoft 365 Copilot and the ability to extend its impact through agents, we saw an opportunity to roll the value of AI-powered assistants into the information-rich ecosystem of SharePoint. By infusing SharePoint with Copilot features, we’re making the search for authoritative content more accurate and more streamlined for users while giving site administrators, site editors, and content owners greater control and more opportunities to enable their colleagues.

As we’ve implemented this new kind of AI assistant internally at Microsoft, we in Microsoft Digital, the company’s IT organization, have gained first-hand knowledge of how to deploy, manage, and optimize the new capabilities—and learned key lessons that can help you use SharePoint agents to their full potential.

SharePoint in the age of AI extensibility

As a content management and collaboration platform, SharePoint is so deeply integrated into the fabric of business that it’s easy to take it for granted. Every day, people add almost two billion documents to Microsoft 365 Copilot apps (Outlook, Teams, Word, and so on). Searching through those vast quantities of content and information can be a challenge for users.

One of extensibility’s core principles is using agents to bring AI capabilities into any canvas or endpoint. With the emergence of this new framework, connecting retrieval agents to the SharePoint experience was an instinctive move.

“SharePoint is a natural place for agents to live,” says Eric Gradel, principal product manager working on SharePoint agents at Microsoft. “They marry what SharePoint is really good at, which is storing all the rich content within an enterprise and making it accessible to employees, with what agents do best: simplifying workflows and enhancing discoverability.”

Transforming enterprise content accessibility

At their core, SharePoint agents are about surfacing insights, scaling expertise, and powering more informed decisions.

Every SharePoint site includes an agent scoped for the site’s content. They allow users to search a site using natural language queries like “Summarize last week’s files on benefits” or “Create an executive summary of last quarter’s sales reports.” That means people can find answers without combing through the site or wrestling with cumbersome search terms.

SharePoint agents

“SharePoint agents are a way for users to ask very specific, scoped questions in order to receive authoritative answers from that specific content source,” says Sunitha Bodhanampati, senior product manager working on SharePoint agents with Microsoft Digital. “We want to add value to the user’s workflow to ultimately improve their productivity.”

Ready-made agents are a helpful starting point; but SharePoint agent builder introduces even more targeted capabilities. It gives site administrators, editors, and content owners the opportunity to create, customize, and control agents to provide greater assistance to their users.

In just a few clicks, anyone with SharePoint site editing permissions can create agents based on content that’s relevant to specific projects or tasks. They can customize their agent’s branding and purpose, specify the sites, pages, and files that it should access, and define customized prompts tailored to its objectives and scope.​​​​​​​ This flexibility ensures that the right people get the best possible access to content while ensuring security and adherence to governance guardrails.

Most importantly, it’s easy to create SharePoint agents. This technology isn’t just accessible to software developers. SharePoint agent builder’s inherent simplicity means that people in communications, HR, marketing, or any other role can create digital assistants in just a few minutes and a few clicks.

“We’re making knowledge accessible at a level it’s never been before,” says Siobhan Flanigan, senior marketing communications manager for Worldwide Learning in Microsoft Customer and Partner Solutions. “For human beings, the more content you give them, the less they engage, so agents are a way to narrow that field of inquiry to make your site more helpful.”

Beyond SharePoint sites, employees can easily share agents via email or within Microsoft Teams chats, granting colleagues access to the same accurate and relevant information through natural language queries. Not only are coworkers able to use each other’s agents, but @mentioning the agent in a group chat setting gives the team a digital subject matter expert, ready to assist and facilitate collaboration. 

Building these capabilities and implementing them securely required extensive collaboration between the SharePoint product group and Microsoft Digital, the company’s IT organization. As the first business to implement this technology at scale, we had to be confident that it met our standards for trustworthy administration, governance, security, and responsible AI.

“With any AI-specific experience, there needs to be guardrails and governance to manage its behaviors,” says Swapna Malekar, principal product manager for Information Discovery and Experiences in Microsoft 365 Copilot. “There’s a lot of intelligent creation and summarization with Copilot experiences, so naturally, there are fears around organizational risk from overexposure, hallucinations, or mis-directions that lead to user frustration.”

In the simplest terms, SharePoint agents are scoped versions of Copilot Chat. As a facet of agents in Microsoft 365 apps, SharePoint agents benefit from all of the same governance controls that protect our tenants in any other Copilot-enabled context.

That alignment with pre-existing tooling and policy means that SharePoint agents respect permission-trimming when they provide responses. Because the content itself honors permissions according to Microsoft 365 Copilot governance policies, users who don’t have access to that content won’t receive it as part of the agent’s outputs.

These capabilities arose from our iterative development process and experience as an enterprise, but it’s just the beginning. In our early experiments with SharePoint agents, we’ve also developed some helpful scenarios and best practices our customers can use.

Creating agent-friendly content ecosystems in SharePoint

Early adopters here at Microsoft have already created some highly useful SharePoint agents. In the Microsoft Customer and Partner Solutions (MCAPS) business group, the Worldwide Learning team has used the following agents to support employees in specific contexts:

Ask MCAPS Academy

This agent makes it easy for learners to query the Microsoft learning catalog to find specific answers contained in our course content. For example, before a salesperson demonstrates Microsoft Fabric, they could ask for best practices without having to take an hour-long course.

Ask MCAPS Tech Connect

MCAPS Tech Connect is a strategic training event for technical field roles, designed to help them uplevel their expertise and build confidence through collaborative learning and hands-on skilling. The Ask MCAPS Tech Connect agent gives employees easy access to content from more than 70 sessions. Users ask questions about the material, and the agent retrieves Microsoft PowerPoint decks and summarizes sessions so they can determine if they want to watch full videos.

During the process of creating these agents and others, our internal site editors and administrators have developed best practices to make sure employees get the most value out of their new digital assistants. The following techniques can help you create your own agents:

• Understand agent instructions
  It’s helpful to think about creating agents with two sets of parameters: sources and behaviors. Sources are how you define the sites, folders, and content your agent will encompass. A more expansive scope will be more likely to return an answer, but that answer might be too broad. A more limited scope will provide better accuracy, but it might not have access to answers from a wider content base and therefore not return results at all. Meanwhile, behaviors are the explicit instructions and guidance you provide your agent, for example fine-tuning the structure of the summaries it delivers or specifying the technical level of responses the agent should provide.
• Optimize your libraries for AI
  Just like it’s important to structure web content for search engine optimization (SEO), it’s helpful to structure your SharePoint sites for AI optimization—what some super-users are calling “AIO.” We recommend using all available metadata to ensure content is highly available to SharePoint agents, for example headers, meta-tags, and alt-text. File names are particularly impactful. We recommend naming a file according to the way a user is most likely to search for it, like “Q3 AI impact executive summary.” It’s also helpful to name files associated with each other in similar ways. For example, the PowerPoint presentation and recording transcript for the same conference session should have similar titles.
• Recognize human behaviors
  If site administrators and editors want to enable their users, they need to think about how to accommodate the ways they work. Plenty of employees will know to access SharePoint agents through the built-in chat, but why not provide even easier onramps? Our insiders have learned that it’s extra helpful to share agents through Microsoft Teams chats, in communications, and anywhere else people might need content support. It’s also helpful to use the UX design capabilities in SharePoint to create explicit call-to-action buttons that direct users to particular agents.

“SharePoint agents unlock and scale knowledge,” Flanigan says. “If there’s an answer locked somewhere in a content library, agents essentially turn that library into a responsive assistant, and people can ask it questions to get the information that empowers their work.”

The agentic future of enterprise knowledge

As our teams continue to experiment with SharePoint agents, they continue to find value in more accessible and authoritative knowledge. Site editors and administrators across Microsoft are eagerly seeking out advice and opportunities for more and more agents to support their organizations.

Our product teams are also extending SharePoint agents’ capabilities to amplify their impact even further. In addition to linking to agents in Microsoft Teams chats, they’ll soon be available in channels to provide AI assistants as digital liaisons for specific projects or teams.

Other, more complex features are on the way as well, improvements that will lead to even greater value, all stemming from the combination of enterprise content and AI assistance.

“SharePoint revolutionized enterprise content management and collaboration once before,” says Jeff Teper, president of Microsoft 365 Collaborative Apps and Platforms. “Now, we have an incredible opportunity to use the power of AI to help people get the information and insights they need, driving more informed decision-making, better collaboration, and more streamlined business processes.”

Here are some things to think about as you consider getting started with SharePoint agents at your company:

• Experiment with different scopes and behaviors by iterating your SharePoint agents over time.
• Pay special attention to the metadata in your SharePoint sites and files to ensure they’re optimized for AI discoverability. This resource shares best practices for managing metadata.
• Tailor your SharePoint agents and how you disseminate them to human needs and behaviors to encourage uptake.

Want to start streamlining access to content for your employees? Get started with SharePoint agents here.

• See how our Microsoft legal team is helping clients find answers faster with SharePoint agents.
• Find out how we’re reimagining content creation with our Azure AI-powered Inside Track story bot.
• Discover ways we’re unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Unlocking knowledge through intelligence: Lessons learned using SharePoint agents at Microsoft appeared first on Inside Track Blog.

Editor’s note: This story was created with the help of artificial intelligence. To learn more about how Inside Track is using the power of generative AI to augment our human staff, see our story, Reimagining content creation with our Azure AI-powered Inside Track story bot.

When a customer asked us if they should use Microsoft Copilot Studio or Microsoft Azure AI Foundry to build their employee self-service agent, we knew Ravi Goriparthy was exactly the right person to talk to.

He and the engineering team he works on here in Microsoft Digital, the company’s IT organization, had to answer that exact question when they set out to build agents that would help our Human Resources and IT Support teams better respond to requests for support from our employees.

We had Goriparthy, a principal software engineering manager, talk with our Inside Track bot, which wrote the following story (with some help from us humans).

Choosing the right platform

When it comes to solving complex IT challenges, the Human Resources Engineering team here in Microsoft Digital has a knack for navigating through the maze of available tools to find the optimal solution. As Goriparthy explains, their recent project to create an employee self-service agent for Microsoft employees and managers was no different.

The goal was ambitious: To build an intelligent agent that could answer questions about HR policies, offer IT help, and interact with various line of business (LoB) applications.

The challenge?

Deciding what combination of Microsoft 365 Copilot, Microsoft Copilot Studio, or Microsoft Azure AI Foundry would best serve their needs.

Understanding the landscape

Goriparthy and his team started to tackle the challenge by understanding the landscape of their LoB applications, focusing on policy content, help content, and employee data.

“We needed an agent that could easily integrate with a lot of LoB apps, as our data resides outside of the Microsoft 365 ecosystem,” Goriparthy says. Their research led them to Copilot Studio, part of the Power Platform ecosystem, which offers more than 1,000 connectors to various LoB applications.

The team created an agent using Copilot Studio, adding various SharePoint sites as knowledge sources. But there was a catch.

“We found that the agent was getting answers from various SharePoint sites that are not managed by the HR and IT business,” Goriparthy says.

The solution was to work with the Copilot Studio and Microsoft 365 Copilot teams to add an “authoritative source” badge to answers from configured SharePoint sites.

Driving integration

This wasn’t the end of their innovation.

The team integrated Copilot Studio with SuccessFactors and ServiceNow, identifying gaps in the existing Power Platform connectors and working with respective engineering teams to enhance them. This included adding a metadata-driven extensibility design capability that anyone who deploys an employee self-service agent can use. This enabled our team to add metadata that reflects our SuccessFactors and ServiceNow customizations and that enables our Copilot actions to dynamically modify our API calls to get, update, and customize our datasets.

“These integrations opened up numerous opportunities to improve employee productivity by providing an agent that can read employee data and take action on it, all from a single agent interface,” Goriparthy says.

The project has since become a showcase of how agents can improve our employee experience and productivity, expanding the functionality of Microsoft 365 Copilot.

Goriparthy wants to help others navigate the AI landscape by sharing his team’s insights, providing clarity on when to use each tool—Microsoft 365 Copilot for enhancing productivity within the Microsoft 365 suite, Copilot Studio for creating custom AI agents and automating tasks, and Azure AI Foundry for developing and deploying custom AI applications.

Microsoft 365 Copilot is designed to enhance productivity within the suite of Microsoft 365 Copilot apps (Outlook, Teams, Word, etc.). Here are some common use cases:

• Document creation: Drafting documents in Word, creating presentations in PowerPoint, and analyzing data in Excel
• Email management: Summarizing emails, drafting responses, and organizing inboxes in Outlook
• Meetings: Generating meeting summaries, action items, and follow-up tasks in Teams
• Project management: Streamlining project planning and tracking progress in Planner
• Collaboration: Enhancing teamwork by integrating AI into SharePoint and OneDrive

Microsoft Copilot Studio is a low-code tool for creating custom AI agents and automating tasks. Here are some typical use cases:

• Customer support: Building agents to handle customer queries and provide support across multiple channels
• Employee assistance: Creating agents to answer common employee questions, manage benefits, and track public health information
• Custom solutions: Extending Microsoft 365 Copilot with your own enterprise data and scenarios
• Sales and marketing: Developing agents to assist with sales inquiries, to provide product information, and to support marketing campaigns

Microsoft Azure AI Studio is ideal for developing and deploying custom AI applications. Here are some common use cases:

• Generative AI: Creating applications that generate content, insights, and solutions from your data
• Predictive analytics: Building models to forecast trends, customer behavior, and market dynamics
• Natural language processing: Analyzing text data for sentiment analysis, customer feedback, and more
• Image and video analysis: Automating quality control, detecting anomalies, and enhancing security
• Custom AI solutions: Tailoring AI models to specific business needs across various industries

“Use Microsoft 365 Copilot when you want to boost productivity and streamline tasks within the Microsoft 365 Copilot app ecosystem,” Goriparthy says. “Use Copilot Studio when you want to create custom AI agents and automate complex tasks with a low-code approach. Use Azure AI Studio when you need to build and deploy custom AI applications tailored to specific business needs.” 

Innovation, collaboration, and the pursuit of optimal solutions are at the heart of what Microsoft Digital does. As Goriparthy’s team has shown, embracing these values can lead to solutions that not only solve complex challenges but also propel the company and its customers into new frontiers of productivity and efficiency.

Here are some tips for getting started with agents and Copilot Studio at your company:

• Evaluate needs and choose the right tools: Assess your organization’s requirements for an intelligent agent that can handle HR policies, IT help, and interact with various line of business (LoB) applications. Based on this assessment, decide between Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry, ensuring the chosen agent can easily integrate with multiple LoB applications, especially if your data resides outside the Microsoft 365 ecosystem.
• Configure knowledge sources: Add relevant SharePoint sites as knowledge sources for the agent, and work with the Copilot Studio and Microsoft 365 Copilot teams to add an “Authoritative Source” badge to answers from configured SharePoint sites.
• Enhance connectors: If you identify gaps in existing Power Platform connectors, you may need to build custom connectors to get them to integrate with your tools the way you want.
• Improve employee productivity: Use the integrated agent to read employee data and take actions on it to improve employee productivity from a single agent interface.
• Share insights: Share your team’s insights and experiences to help others navigate the AI landscape, providing clarity on when to use each tool for enhancing productivity, creating custom AI agents, and developing custom AI applications.

Curious what Copilot Studio can accomplish for your business? Try a demo here.

• Learn how we’re boosting HR and IT services at Microsoft with our new Employee Self-Service Agent in Microsoft 365 Copilot.
• Unlock enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
• Use Microsoft 365 Copilot extensibility to unlock deeper AI value.
• Find out how our employees are extending enterprise AI with custom retrieval agents.
• Learn how we’re embracing this new ‘agentic’ moment at Microsoft.
• Learn more about the Track Content bot that wrote this story.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Customer questions answered: Should I use Copilot Studio or Azure AI Foundry to build my agent? appeared first on Inside Track Blog.

Employees who are using Microsoft 365 Copilot to transform the way they work now have a new tool to help them even more—the agent.

At Microsoft, we’re deploying a spectrum of agents to fulfill different needs, from acting as knowledge sources for our individual employees, to helpers that handle specific tasks for our teams, organizations, and for the full company.

Of the different kinds of agents, the easiest to implement are retrieval agents, which employees can build using Microsoft Copilot Studio agent builder or SharePoint. After a few quick steps, the agents they create retrieve information for them from data grounded in our Microsoft 365 tenant, like a SharePoint library or collection of libraries, reason over it, summarize it, and answer their questions.

As one of the first enterprise IT organizations to deploy this capability to our employees, we’re starting to see their impact first-hand, and along the way, we’re learning lessons that our customers can use to unlock their own agentic abilities.

Copilot + retrieval agents: A new way to drive enterprise AI value

So, what are retrieval agents?

First, it’s important to understand where these Microsoft 365 Copilot extensions fit within the emerging agentic environment.

Copilot agents expand Copilot’s knowledge and skills, and they can even operate autonomously to complete tasks or automate processes. Retrieval agents operate at the simplest end of the agentic spectrum and are the easiest for employees to create.

Types of agents

“Retrieval agents wrap around knowledge sources and data sets, and they include system prompts so they behave the way their creators want,” says Aisha Hasan, Power Platform and Copilot Studio product manager for Microsoft Digital. “They’re AI helpers that our employees can create to find what they want without having to search around manually.”

A retrieval agent is essentially Copilot, plus its creator’s instructions, plus grounding in a particular data set. These extensions can accomplish a wide variety of jobs, from acting as an event planning assistant to sourcing insights into business optimizations to surfacing internal guidance around leadership best practices.

“If we think of Copilot as the UI for AI, retrieval agents are a further layer on that UI that access and reason over their organization’s data,” says Mykhailo Sydorchuk, Customer Zero lead for Microsoft 365 integrated apps at Microsoft Digital. “They can also address other data sets and systems using Copilot, without the need to build custom connectors or orchestration.”

At Microsoft, retrieval agents are accelerating our AI journey by enabling employees to tailor Copilot’s capabilities to their own work and specific knowledge sources. Their value comes from creating micro-experiences that meet specialized needs to enhance productivity and information discoverability.

Creating retrieval agents couldn’t be easier. One option is through Microsoft Copilot Studio agent builder, accessible through Copilot Chat within Microsoft Teams. Employees can use natural language prompts and a simplified configuration process to provide custom instructions, tell their agents how to behave, and provide specific data and knowledge sources.

SharePoint agents are another opportunity to add AI assistance into everyday work. These enable users to turn SharePoint sites and documents into scoped agents that are subject matter experts for your business needs. Site owners or admins simply customize their SharePoint agent’s branding and purpose, specify the sites, pages, and files it should get information from, and define customized prompts tailored to its purpose and scope.​​​​​​​

“We’re targeting our core enterprise professional developer scenarios with more advanced tooling,” says Amy Rosenkranz, principal product manager for Customer Zero Extensibility in Microsoft Digital. “But with Copilot Studio agent builder and retrieval agents, we’re empowering our employee citizen developers to experiment freely and create agents easily, then share them out, all surrounded by the right governance and management process.”

Enabling retrieval agents while ensuring our organization’s integrity

While agents represent a leap forward in AI-powered productivity, capturing that value means balancing the freedom to explore with the need to protect our company.

Microsoft is one of the first and largest organizations to extend Microsoft 365 Copilot by enabling agents. As a result, our team here in Microsoft Digital, the company’s IT organization, has been hard at work ensuring those agents don’t put the company at risk.

The level of risk an agent presents largely depends on its access to data sources and the actions it can take. More advanced task and autonomous agents need to cross Microsoft 365 tenant boundaries to enable actions. But retrieval agents are much simpler.

Retrieval agents typically only access data within tenant boundaries through graph connectors. Although they occasionally need to connect with information outside the tenant, they only retrieve data and don’t transmit it externally. As a result, administrating and governing these agents is much simpler.

“The beauty of retrieval agents is that, for the most part, they’re grounded in Microsoft 365 data, so they provide a single-pane view within Teams instead of forcing users to go from one source to another to seek out information,” Hasan says. “Whatever your window of productivity might be, you can interact with the information you need without constantly switching context.”

We started small, experimenting with retrieval agents with trusted stakeholders and reviewing each one to ensure they didn’t present unacceptable risks to the company. Through what we learned during that process and the data safety controls we maintain across our tenant, we’ve minimized the scenarios where agents require reviews, which only come into play for more complex agents that build on bespoke graph connectors, API plugins, or custom orchestration to access external knowledge sources and take actions.

Our confidence in retrieval agents’ safety comes from a few key factors.

Administration and configuration

Retrieval agents’ simplicity also helps us keep the risk of data overexposure low. Unlike more complex agents that require security assessments, threat modeling, privacy assessments, and Responsible AI reviews, we’re able to define our policies for retrieval agents at the agent builder environment level.

We empower tenant administrators and our partners on the Microsoft Security team to apply data loss prevention policies that configure what individual employees can enable for their retrieval agents. At this level, everyone in the company has the same configuration and tools available, and automation largely handles agent reviews and assessments. We based these pre-configured settings on the same security, privacy, and regulatory compliance standards we apply to any internally built application.

Approved graph connectors

Graph connectors increase the discoverability of external data by integrating it into an agent’s grounding. At Microsoft, we’ve onboarded a series of approved connectors that creators can use to incorporate additional data for their agents to reason over. They include connectors for external websites as well as tools like Azure DevOps and ServiceNow.

Our criteria and review process for connectors ensure that agents don’t put our tenant at risk. As long as a connector is approved, employees are free to use it to create their agents.

Ensuring Responsible AI standards at the platform layer

Microsoft has been at the forefront of establishing Responsible AI principles: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. To ensure we enabled retrieval agents that would respect Responsible AI standards, we needed to translate those concepts into concrete policies we could apply at the platform level.

Microsoft’s Office of Responsible AI has been an indispensable resource during this process. They maintain a comprehensive and evolving list of policy statements around restricted uses for AI capabilities. Those include things like using AI to infer emotions or personal characteristics, assess employee performance, or social scoring.

As our implementation of retrieval agents matured, we instituted controls at the platform layer to block these restricted uses for AI, identifying what kinds of information an agent can retrieve. Now, Copilot Studio agent builder knows how to evaluate responsibility against a wide array of parameters and make determinations based on the parameters we’ve set out.

For example, if a manager attempted to create a retrieval agent that would assess employee performance based on meeting attendance, guardrails at the platform layer would curtail that ability. Naturally, as we develop our policies around responsible AI further, the parameters of Responsible AI will shift and grow, and we’ll continue to nuance our configurations.

Thanks to these foundations, we’re now at the point where we feel comfortable giving every Microsoft employee access to Microsoft Copilot Studio agent builder and the freedom to create retrieval agents. It’s all part of our principle of employee self-service with guardrails.

“It’s a constant evaluation,” says Hasan. “Our goal is to allow as much freedom as we can with retrieval agents so employees can increase productivity without going down the path of greater customization that requires more intensive review.”

Different organizations are at different stages of their AI maturity journey. As you experiment with Copilot extensibility, it will be important to define your organization’s level of experience implementing AI tools, your employees’ state of readiness and training, key risk areas, and sensitive scenarios.

From there, you’ll be able to use out-of-the-box configuration capabilities in Copilot Studio agent builder to establish guardrails that work for you. It will take careful collaboration across security, privacy, legal, and IT teams, but we’re already learning that the benefits are worth the effort.

Ease and access drive creativity and new ways to work

Now that we’ve empowered our employees to build retrieval agents organization-wide, examples of creativity and innovation are popping up all over the company. Ease of use and freedom have a lot to do with this proliferation.

Using Copilot Studio agent builder

“Users who want to build agents with no code can select from premade templates using natural language, or they can fill out a few fields,” says Brian Moran, senior product manager on the Employee Experiences team at Microsoft Digital. “They can get their agents up and running in minutes.”

Creative examples of the ways that employees and teams are using retrieval agents include:

• IDEAS Copilot democratizes access to our Insights, Data, Engineering, Analytics, AI, and Systems (IDEAS) knowledge base to help users act on crucial usage information without the need for technical expertise. The agent fully integrates with Microsoft Teams, so employees can dig into data across sales, marketing, finance, operations, and more using natural language queries in their familiar working environment.
• Security Comms Agent helps our communications team create blog posts by providing a prompt that includes the content’s purpose and context. It accesses internal documents about business objectives, positioning frameworks, voice guidelines, and our Microsoft Digital communications and marketing plan, as well as the internet and specific Microsoft-owned learning sites for added context. From there, the agent creates a first draft that aligns with our Microsoft Digital positioning, objectives, and voice.
• Know Your Customer leverages AI to provide a comprehensive view of customer profiles. It accesses an overview of a customer’s tenant, usage metrics for Copilot, service incident reports, and more to provide usage statistics and health data for Microsoft 365 apps, email, meetings, Microsoft Viva, and other products to enhance customer engagement and support. The agent can even generate a tenant-specific Microsoft PowerPoint dossier for ease of use.
• Prompt Buddy Agent helps employees discover ready-to-use prompts that eliminate the need for experimentation and prompt engineering. Employees use natural language queries to discover AI prompts their colleagues have shared across industries, roles, personas, and topics, all without leaving Copilot Chat. As a result, they can save valuable time by streamlining AI-assisted workflows.
• Communications Plan Assistant accesses a library of prompts our Microsoft Viva communications team has developed to quickly draft content. The team communicates with the agent conversationally, providing feedback and selecting from the options it provides, then populates pre-defined sections in their communications plan template. At the end of the interaction, they can request a summary with all the final content that will go into the plan.

“By trusting our employees to imagine and create their own extensions for Microsoft 365 Copilot, we’re making it possible to personalize enterprise AI like never before,” says Nathalie D’Hers, corporate vice president of Microsoft Digital. “Empowering our people to create retrieval agents in a responsible environment is the ideal combination of human creativity and AI capabilities, and we’re confident it will unlock a new era of innovation.”

Here are some tips for getting started with retrieval agents at your company:

• Establish early communication and collaboration with members of your security, legal, compliance, IT, and any other teams who can help you define ways to configure Copilot Studio agent builder safely.
• Agents rely on data, so ensure your enterprise data is clean, well-governed, and accessible through scalable pipelines.
• Start slowly. Enable retrieval agents for smaller, select groups to work through any configuration issues or concerns before widening access. Plan to review everything you do at each step, and use those learnings as a basis for configuration and automation as time progresses.
• Balance employee empowerment with organizational safety. That balance will evolve as your organization’s AI maturity progresses.
• Use simple retrieval agents as a springboard to more complex extensions that require a structured review process.

Want to explore the possibilities for creating agents with Microsoft Copilot Studio? Try it free here.

• Witness AI-powered agents in action so see how we’re embracing this new ‘agentic’ moment at Microsoft.
• Learn how we’re finding deeper AI value at Microsoft with Microsoft 365 Copilot extensibility.
• Find out how we’re unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
• Check out how we’re empowering our employees with the Microsoft Power Platform.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post How our employees are extending enterprise AI with custom retrieval agents appeared first on Inside Track Blog.

When we deployed Microsoft 365 Copilot internally at Microsoft, we thought it would save time for our employees and vendors, and it has, especially with the help of Copilot Chat.

With a Microsoft 365 Copilot subscription, Copilot Chat becomes more powerful with its ability to bring together your web and work data as your front door to Copilot. It’s accessible within the flow of where you work, including in your Microsoft 365 Copilot app, Teams, Outlook, and Edge sidebar.

“It allows you to get ahead of all the noise that’s all around you,” says Swapna Malekar, co-lead for deployment of Copilot Chat and a principal product lead in Enterprise Search on our Microsoft Digital team, the company’s IT organization. “It’s about creating a coherent experience wherever you go—whether it’s your emails, your chats, your documents, your people, your calendars, your meetings, each and every entity type is covered under Copilot Chat.”

In short, Copilot Chat, a key path for accessing Copilot, simplifies your life at work, so you have time to think and get high-value tasks done.  

Today, our employees and vendors are using Copilot Chat to get summaries of their emails, meetings, and messages; to check Teams mentions; to manage their inboxes; and to make graphics and illustrations. They’re using it to create documents and set up meeting agendas. They’re using it to draft documents, augment content, and do simple searches.

But to get these benefits, we first had to ready our employees for the change.

Employees wanted ‘more and more’ Microsoft 365 Copilot

Malekar and Anishkumar Thoppil Ramakrishnan, director of product management on the Microsoft Search team in Microsoft Digital, co-led the initial deployment pilot in May 2023, when 2,000 of our employees in sales roles were trained to use the product. Microsoft Digital used different scenarios and use cases to show that group of employees the value of Copilot and Copilot Chat.

“People were loving it more than we thought,” Thoppil Ramakrishnan says. “They wanted more and more because they were seeing the benefits.” 

By October 2023, the number of internal users rose to 25,000 when our legal and marketing teams were onboarded, and in February 2024 our company-wide rollout was completed.

Driving adoption of a powerful, easy-to-use tool

The impact of Copilot Chat was almost immediate and transformational. And as Copilot Chat usage grew, so did the focus on accuracy and reliability. We in Microsoft Digital studied the rollout closely, evaluating overall user experience and the product’s accuracy, reliability, completeness, relevancy, personalization, coherency, consistency, and ability to evolve. Of equal importance, we also compared how well it surfaced and shared workplace information.

While usage was high, the deployment team remained cautious, especially as some employees wanted more accuracy for the information Copilot Chat was gathering.

“We have to help employees use Copilot Chat to find information, but at the same time, we have to be cautious,” Ramakrishnan says. But over time, the model continued to learn and improve. And with it, accuracy and user confidence went up. “They trust it more now.”

No longer having to focus on the mundane

Advancements haven’t just focused on accuracy, but product refinements and feature releases that empower our employees to do more.

“As an employee, as a user, you want to work on the most high-priority items,” Malekar says. “Copilot Chat can help you with the mundane tasks and free up your time to think more strategically and be more effective in your communication with your stakeholders.” 

 Our employees can automate their favorite prompts and share them with their colleagues using a feature that will become widely available in the coming months. If they create a useful Copilot prompt and want to keep using it, they can save and automate the prompt by asking Copilot to run it for them later. The prompt can be scheduled to run at set times and frequencies. 

This spring, the team is releasing a new feature called Rewrite, which allows users to edit typed text for tone, format, and length within an open page in Microsoft Edge. Last year we introduced Copilot Pages—a dynamic, persistent canvas designed for multiplayer AI collaboration that our employees are now using to turn Copilot responses into editable and sharable pages. This gives users a digital place for generating, organizing and refining content in real-time.

And the product is improving rapidly, so if it can’t do something thing one day, chances are it will be able to do it the next.

This is just the start

It takes time to build new habits.

“That’s the journey we’re on,” says Tom Heath, senior business program manager for Microsoft Digital. “It’s a natural migration, and our employees are getting there.” 

Malekar believes Copilot Chat needs to be extended to include more data, domain types, and knowledge sources. In the meantime, it’s becoming more personalized—and effective—through the actions of its users. 

Heath is one of our employees who uses Copilot Chat every day. 

“There’s always a file or a conversation or something that’s happened and I can’t find it in Teams or Outlook,” Heath says. “I just put a prompt into Copilot Chat, and there it is.” 

Copilot Chat will continue to evolve at the speed of AI and the product team is continuing to share the learnings it hears from employees back to the product group. That feedback is used to make rapid and iterative improvements to the product, turning Copilot Chat into an even more user-friendly, intuitive, and easy to use tool.

“Our employees are finding wonderful and clever ways to use Copilot Chat,” Malekar says. “They are doing things with it that we never expected—it really has fueled their creativity. It’s changing the way we use and think about technology.” 

Here are our suggestions for getting the most out of Microsoft 365 Copilot at your company:

• Use Copilot Chat to help your employees quickly find and use information buried in documents, presentations, emails, calendar invitations, notes, and contacts.
• Your employees can use it wherever they work, as it’s woven into m365copilot.com, Teams, Edge, Windows, Outlook, and the Microsoft 365 Copilot app. If this link doesn’t work for you, feel free to remove the link and just use the text.
• It will save your employees much needed work time to focus on core work. In a three-month period during its deployment, Copilot Chat saved our employees 900,000 hours.
• Your use rates will go up when employees realize the best way to get to value is to change the way they work.
• Teaching your employees how to prompt Copilot Chat is key—our employees reported its usefulness went up when they learned how to write effective prompts.

• Go here to learn how to get started with Copilot Chat and our agent starter kit.
• Here’s where to go if you’re looking to learn more about getting started with Microsoft 365 Copilot Chat.

• Learn how we’re measuring the effectiveness of our Microsoft 365 Copilot rollout at Microsoft.
• Read our internal guide for deploying Microsoft 365 Copilot.
• Check out these 10 tips for using Microsoft 365 Copilot every day.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Taking back time: Evolving how we use Microsoft 365 Copilot Chat at Microsoft appeared first on Inside Track Blog.

For the network engineers who keep Microsoft connected across thousands of devices at more than 800 sites around the world, time is always of the essence. They need to monitor network performance, identify outages, and keep devices running smoothly. Otherwise, we risk severe productivity setbacks and security risks.

Our team in Microsoft Digital, the company’s IT organization, has been enabling up-to-date data for a growing number of network devices through real-time streaming telemetry. Now, we’ve created a powerful new tool that provides greater visibility than ever before.

The Live Streaming Panel is a new feature for Infrastructure Graph (IGraph), an internal Microsoft tool that maps the topology of our enterprise network. Through real-time visual mapping and low-latency metrics, it unlocks new capabilities for network engineers, helping keep our company connected and productive.

If you’re planning on providing your network engineers with more easily visualized, more up-to-date data, the lessons we learned while creating this solution can help guide your work.

The urgency of real-time telemetry for network devices

Our network engineers deploy and maintain the network devices that keep Microsoft running. They serve as direct response individuals (DRIs), handling reports of outages as part of our incident management (ICM) process.

Imagine a network incident that leaves an entire corporate facility with little or no connectivity, preventing potentially hundreds of employees from doing their work. Worse, consider an outage affecting an app or solution Microsoft customers use. Resolving these kinds of issues is mission-critical, and every second counts.

Many legacy network devices are only compatible with the Simple Network Management Protocol (SNMP), which retrieves log data at lengthy intervals stretching anywhere from five minutes to six hours. This lag means slower mean time to detection and mean time to resolution for engineers tasked with solving network issues.

“We wanted a more proactive approach to monitoring and data observability, which aligns with our goal to increase the reliability of network infrastructure at Microsoft and strengthen our overall security posture,” says Astha Sinha, senior product manager on our Real-Time Telemetry team in Microsoft Digital.

Modern network devices using the gRPC Network Management Interface (gNMI) telemetry protocol operate on a push-based model, enabling streaming telemetry at intervals as short as one minute. Implementing streaming telemetry at Microsoft has been transformative, allowing network engineers to access near real-time data for any onboarded devices so they can find and fix outages in minutes—not hours.

The next step was layering intuitive observability on top of that technology. Instead of signing in to multiple tools and constructing Kusto queries in Azure to investigate issues, engineers would benefit from simple, visual data access.

“With just a raw data interface, network engineers can certainly find issues, but they want to see data over time, in real time,” says Faiz Gouri, a senior software engineer on the Microsoft IGraph team. “It becomes possible to identify trends when the history is more visual.”

This approach led to the creation of the Live Streaming Panel for IGraph, modernizing our network with real-time insights, proactive monitoring, enhanced network management capabilities, and faster incident resolution.

Unlock instant visibility into network device performance

IGraph offers a visual platform to correlate vital metrics across network devices, helping our network engineers achieve a truly intelligent infrastructure. The Live Streaming Panel, its latest feature, lets teams select devices and interfaces to view critical metrics that include throughput, utilization, packet drops, and errors. It displays historical data first, followed by live updates for devices capable of real-time telemetry on a minute-by-minute basis.

To create this feature, our Real Time Telemetry and IGraph teams collaborated with network engineers from different service lines, including members of the WAN, wired, wireless, and cloud teams. We identified pain points that included stale log data, difficulties isolating issues, and the need to sign in to network devices to access their information, which consumes critical CPU usage and introduces security liabilities.

We also uncovered core needs for what metrics would be most relevant and the best ways to present that data intuitively. Most of all, network engineers wanted access to free-flowing data on metrics that affect quality of service, without a cumbersome sign-in process or hopping from pane to pane. Initial core metrics included throughput, utilization, and whether links were active or inactive.

“The live stream empowers network engineers to monitor critical metrics continuously, enabling them to swiftly identify and address potential issues to enhance overall operational efficiency,” says Vinod Kumar Singh, principal software engineer on the Real Time Telemetry team. “This proactive approach not only improves network reliability but also ensures a seamless experience for our users.”

The prototype arose out of a Fix, Hack, Learn session, a creative workshop that allows internal teams to create useful passion projects. Through iterative proofs of concept and agile feedback collection, we developed a tool that matches network engineers’ needs for crucial metrics alongside preferences for accessibility, color coding, and legibility.

After the concept had proven itself, we had the opportunity to create a full-featured solution and start scaling up. Real-time telemetry and metrics started small, but its capabilities are quickly spreading across more of our enterprise networks.

Of the 50,000 network devices across Microsoft facilities, between 15,000 and 20,000 constitute wired, physical hardware like routers and switches. We decided to start with these devices, then scale to others as the need and demand arose. And because we onboarded our streaming telemetry capabilities to Azure Kubernetes Service, they’re secure and scalable by default.

Creating your own Live Streaming Panel

If you’re considering creating a tool like this to support your organization’s network engineers, use these lessons from our internal experience to guide you.

At Microsoft, IGraph visualization operates at three levels of altitude:

• Global view: A geographical world map displaying all devices onboarded to real-time telemetry and ongoing incidents.
• Site details: A site topology map with device-to-device connections, health information on devices, and utilization metrics.
• Device details: Device metadata, neighbor information, and the Live Streaming Panel powered by real-time telemetry.

Within the Live Streaming Panel, network engineers can select and correlate metrics to track performance and identify problems almost as soon as they arise through an easily consumed visual format. The default view tracks ongoing log data while displaying the previous hour’s performance. Users can filter for both time and metrics.

Microsoft infrastructure graph example

We experimented with visualizing metrics in parallel for streamlined consumption—for example, in and out throughput and utilization, which share similar scales and correlate with performance. Thoughtful element placement helped us find the right balance between over-consolidation, clutter, and over-segregation that would hinder a simple, all-up view.

The combination of real-time metrics in conjunction with historical data is especially useful for identifying trends or disruptions, largely because it appears in a highly intuitive UI.

“It’s far easier to analyze the network and monitor devices if everything appears visually, in a correlated manner,” says Nevedita Mallick, principal product manager on the IGraph team. “Our goal is to visualize the enterprise network holistically, from demonstrating topology to showing the metrics on top of it to uncovering any incidents or changes.”

The Live Streaming Panel unlocks a host of new capabilities for network engineers. The following benefits are already making their work easier:

• Real-time network monitoring: Live data visualization helps teams monitor key metrics like availability, throughput, utilization, packet drops, and errors without refreshing the screen, identifying issues as they develop and acting quickly to prevent service disruptions.
• Enhanced incident management: Maintaining current data across multiple interfaces and metrics supports efficient troubleshooting and resolution, reducing mean time to detect and mean time to repair.
• Customizable and targeted views: Users can select devices and metrics relevant to their needs, reducing data noise and helping them concentrate on critical network areas.
• Efficient session and resource management: The tool optimizes session usage, displaying live data only when users are actively monitoring, reducing resource strain.
• Proactive error detection: Clear, real-time error messages help diagnose and address issues with data streaming or connectivity, ensuring consistent data flow for high-priority devices.
• Seamless collaboration and shared insights: A shared view of network performance fosters coordination between teams, since they can now use the panel as a single source for real-time network health.
• Enhanced situational awareness: Integrating live metrics with network topology and historical data provides a holistic view of network health to enable informed decision-making, contributing to data-driven strategies for network management and incident resolution.

It’s easy to see how visualization provides a big boost for network engineers. For example, app performance issues often stem from packet discards on network links. Without visualization, an on-call DRI tasked with fixing the problem would have to go through network links one by one to find its source.

Because the Live Streaming Panel maps data visually, engineers can access the device view, select all links, and filter for packet discards. From there, they can visually identify the discards, click into the specific devices, pinpoint the problem interface, and troubleshoot the issue.

“In such a big network, looking for a specific link can be like looking for a needle in a haystack, and if you don’t have a visual tool, it’s very hard to drill down,” says Manjiri Keskar, a principal cloud network engineer for the Hybrid Datacenter and Lab Core team. “The visual component is just so much more intuitive.”

A new era of incident response

At this point, the Real Time Telemetry team has onboarded 4,400 network devices onto the platform, with the ability to track eight separate metrics. For each device, network engineers have access to device data streaming at 60-second intervals. We also have the ability to enable a high-frequency debug mode to stream data at 10-second intervals for specific network devices if necessary.

Even for devices that don’t push data in real time, the Live Streaming Panel reports current and historical metrics at 5-minute intervals. Engineers still benefit from the visual interface, just with higher latency.

The results are impressive. Leaders estimate that their teams save at least an hour for every incident.

Keskar points to network updates and changes as a key example of where her teams are saving time.

“The historical view provides a clear picture of how a device was behaving before, during, and after an upgrade, so it helps us immediately identify any anomalies, unexpected drops, or loss of throughput and utilization,” Keskar says. “We’re now able to isolate those issues in just a few minutes because we can clearly monitor key metrics on the graph.”

Further developments are on the way. As we onboard more network devices to streaming telemetry, the benefits of faster mean time to detect and mean time to repair will only increase. The team is also considering additional features, including even shorter telemetry intervals in high-impact situations, configuration data alongside performance metrics, and information on routing protocols beyond physical connectivity.

As the tool advances, we’ll see greater security and stability for our networks.

“We’re continuing to find opportunities to benefit from streaming telemetry’s unique capabilities, including scale, features, and data freshness that simply weren’t possible before,” says Damon Gray, a principal group engineering manager on the Infrastructure and Engineering Services team in Microsoft Digital. “These forward-looking features demonstrate what’s possible when we light up ideas that build on each other to create revolutionary new experiences.”

Here are some tips to get started with real-time telemetry at your company:

• Future-proof your infrastructure: Prioritize hardware capable of real-time telemetry as you replace devices and expand your network.
• Start from user needs: Understand the team’s needs and pain points. Engineers are the best authority on how to reflect the real state of the network.
• Iterative process: Start small, conduct proofs of concept, and gather feedback.
• Incorporate security and accessibility: These are core functions, not enhancements.
• Listen to your customers: Give them what they want without overloading solutions with unnecessary features.
• Visualize data correlation: Enable dynamic network topology visualization.

New to Azure? Learn more about what it can do for you.

• Explore how we’re finding and fixing network outages in minutes—not hours—with real-time telemetry at Microsoft.
• Learn how we’re keeping our network infrastructure healthy at Microsoft with an employee-built AI agent.
• Discover ways we’re boosting our Security First Initiative at Microsoft with a transformed approach to wired network security.
• Read about moving our network to the cloud with Microsoft Azure.
• Learn about running customer service and support contact centers on Microsoft Azure.
• Explore ways we’re enhancing space management internally at Microsoft with Wi-Fi data.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Boosting network performance at Microsoft with real-time telemetry and performance visualization appeared first on Inside Track Blog.

The digital transformation of Microsoft spans the entire personal computing revolution, from the days of DOS and early Windows desktops, through our journey to the Azure cloud, to our modern engineering era highlighted by the rise of AI. The company has grown into a global organization with more than 220,000 employees, all relying on us in Microsoft Digital—the company’s IT organization—to provide the tools, technologies, and solutions that empower them to accomplish more every day.

The need for digital transformation

The history of information technology is one of constant evolution, and the pace of change has never felt greater than it does right now. The AI capabilities and other groundbreaking innovations unveiled in the last few years show the potential to radically transform our world and change the way we think about and operate all IT services.

When the world pivoted to remote online work and collaboration because of the COVID-19 pandemic, it was just one example of how digital transformation doesn’t always happen in a straight line or on a predictable schedule. Our company’s history of shaping and adapting its IT organization to the latest challenges faced by employees and partners is no different; marked by bold decisions and strategic shifts that reflect our ever-changing world.

Mapping our IT journey

Today, Microsoft Digital is the team that powers, protects, and transforms the digital employee experience across all devices, applications, and hybrid infrastructure at the company. Using our deep knowledge and experience in enterprise IT, we’re pivoting to help lead the company’s AI transformation while enabling our customers to take advantage of this generational opportunity to reshape their businesses and IT operations.

To understand where we’re going, it helps to take a look at where we’ve been. This article explores the details of the major eras of our IT history, and the shifts to examine the trendlines and technological innovations that are shaping Microsoft Digital today.

On-premises IT (founding to 2009)

It’s useful to break the history of our IT operations into different eras. For the first three decades or so from its founding in 1975, Microsoft operated with on-premises IT systems. This era was characterized by the setup, operation, and maintenance of onsite physical technology—servers, datacenters, and other hardware infrastructure.

During this time, IT roles were narrowly defined. IT team members functioned primarily as “order-takers,” with limited influence over strategic decisions.

Because funding was inconsistent, our IT organization had limited growth opportunities and relied on vendors for development work. Gaps were filled in with “shadow IT” efforts, where other internal teams would procure their own hardware without formal IT approval or standards.

We established security as an early priority for the company. Co-founder Bill Gates launched the Trustworthy Computing initiative more than two decades ago, an effort emphasizing the importance of security, privacy, and reliability across Microsoft products and services both internally and externally.

Our On-Premises IT era established the foundation that would become crucial to the company’s future digital transformations.

All in on the cloud: The Cloud and Culture era (2010-2018)

Cloud computing marked the next significant shift in the history of digital transformation at Microsoft. This transition, which began in 2010 under the leadership of CEO Steve Ballmer, signaled a major break with the previous era of physical IT infrastructure and an important step toward today’s distributed-computing world.

The launch of the cloud computing solution then known as Windows Azure heralded this new era, as we transitioned away from an IT philosophy focused on the Windows desktop client toward a more platform-agnostic view. Cloud computing infrastructure offered extensive advantages for the customer and for our own IT networks. (Azure was one of the earliest examples of our Customer Zero philosophy, a linchpin concept that continues to drive innovation here at Microsoft Digital.)

We started our journey by moving productivity workloads (Exchange and SharePoint) to the cloud. Then, we shifted new development to Azure and optimized modern applications to run in the cloud. We also moved existing applications targeted for migration to virtual machines. Today, 98.5% of our IT systems supporting employees run on Azure.

Cultural transformation

Another important shift during this era was the profound cultural transformation at Microsoft sparked by new CEO Satya Nadella, who rose to the top job at the company in 2014. (Nadella had previously run the Microsoft cloud computing and enterprise group, so he was already steeped in the idea of transformational change at the company.)

Before Nadella’s ascension, Microsoft had long been known for its extremely competitive, “know-it-all” culture. Employees succeeded by showcasing their own individual achievements and how their accomplishments exceeded their peers.

Nadella changed this ethos by championing a growth mindset, encouraging employees to be “learn-it-alls” rather than “know-it-alls.” The shift included placing new importance on how employees contributed to the success of others, a value that was incorporated into individual performance reviews. Nadella made this transformation his personal mission and directed leadership to propagate the new philosophy at all levels across the organization.

“Achieving our mission requires us to evolve our culture,” Nadella says. “It all starts with a growth mindset—a passion to learn and bring our best every day to make a bigger difference in the world.”

Some of the key principles that made up this new culture had a direct impact on our ongoing digital transformation journey. These included:

• Being willing to try new things and being unafraid to fail fast
• Obsessing over what matters to customers
• Seeking collaboration across teams rather than working in silos
• Making a difference in the world

The combination of the shift to cloud computing infrastructure and overhauling the company culture helped set the stage for the major technological innovations to come.

A new vision: The Modern Engineering era (2018-2023)

For years, IT at Microsoft had been order takers, doing what the business requested with limited ability to impact strategic priorities. That changed as we shifted to become a modern engineering organization. With support from our executive leadership, IT was elevated to primary engineering function at Microsoft. Rather than simply taking orders, the team was empowered to lead with a strong vision for the future on information technology. In fact, leading with vision is the primary hallmark of our Modern Engineering era. As we moved into this new era, we needed a clearly articulated view of our goals as an IT organization and the resources needed to achieve them.

Aligning our goals with the larger company vision pushes us beyond our day-to-day work and comfortable routines and enables us to deliver high-value work for the company. Every group within Microsoft Digital has its own clear, targeted vision grounded in what our customers need and the larger goals of the organization.

Role transformation

After the transition from the old model of traditional IT to cloud computing was fully underway, we tackled the next challenge: adapting the IT roles in our engineering organization to this new paradigm.

The Modern Engineering era

Operating an engineering organization in a cloud environment meant new roles, new skills, and a new mindset. With no need to manage hardware or server space, our modern IT professionals often worked more closely with business groups, which required higher-level strategic business chops. There was an increased emphasis on DevOps skills, Agile program management, and user-centric design principles.

In many cases, we were able to help our employees gain the skills required to work in this new environment—a product of the company’s emphasis on continuous learning and a growth mindset. At the same time, we looked for new hires who had these newer network-engineering skills and would be able to work alongside existing team members, helping them adapt to their new roles.

User-centric, coherent design

Our design philosophy puts the user—an employee or guest—at the heart of every decision we make at Microsoft Digital. This helps us align all facility services (both physical and digital) with the needs of our people and our company culture.

The goal of this approach is to make tasks that might have previously caused friction in an employee’s day simpler and easier. Instead of dealing with disconnected systems, user-centric design introduces consistent and logical flow between services. This makes it easier for people to access services, learn how to use them, and then put them to good use.

Microsoft also embraces coherent design across all our products. A similar look and feel, along with familiar usage patterns, accelerates employee usage and adoption. 

Embracing work-from-anywhere capability

During the pandemic, when our workforce was still fully remote, our organization was already starting to think about what the new hybrid workplace would look like when people started returning to the office. We identified three key dimensions of the employee experience:

• Physical spaces: We partner with Global Workplace Services to create spaces that support an inclusive approach to hybrid productivity.
• Digital capabilities: We keep employees productive and the environment safe and secure no matter where they’re located or how they connect.
• Culture: A strong partnership with HR ensures the digital employee experience connects with and embodies our aspirational company culture.

Customer Zero at Microsoft

Customer Zero

Our term for employee obsession with Microsoft products is “Customer Zero.” At Microsoft Digital we take pride in being the first customer for a wide variety of Microsoft products and services, obsessing over our own employee experience in order to create products that enable every person on the planet to be more productive.

Being Customer Zero means forging a deep partnership between our IT organization and product engineering groups to envision the right experiences, co-develop innovative solutions, and then listen to and act on insights gathered from our employees. We work together to stay grounded in the way our employees use our products every day, so your employees can benefit from our insights.

{Read about how we’re improving our employee experience through our Customer Zero focus.}

Managing shadow IT with a culture of trust

Shadow IT is the unknown and unmanaged set of applications, services, and infrastructure that are developed and managed outside standard IT policies. Shadow IT typically crops up when engineering teams are unable to support the needs of non-engineering partners, a situation that could arise from a lack of available engineering capacity or the need for specialized domain solutions. 

While earlier eras of our IT history focused on trying to prevent shadow IT, we are now concentrating on managing it. We use Azure best practices to optimize shadow IT and Microsoft 365 governance policies to ensure that our corporate security, privacy, and accessibility standards are being met.

{Learn how optimizing our Microsoft Azure usage is helping us manage our Shadow IT.}

The AI era (2023 to present)

The latest chapter in the history of our organization’s digital transformation is defined by the integration of AI into all our operations. AI is revolutionizing how Microsoft approaches IT and business processes, driving efficiency and innovation across the board.

In the last several years, we’ve demonstrated our commitment to completely rethinking every dimension of IT. From the apps, workflows, and services that power our employee experience to the network, infrastructure and devices that enable employee productivity, our AI-focused investments provide a solid foundation for the innovations that are coming fast.

“The potential for transformation through AI is nearly limitless,” says Nathalie D’Hers, corporate vice president of Microsoft Digital. “We’re evaluating every service in our portfolio to consider how AI can improve outcomes, lower costs, and create a sustained competitive advantage for Microsoft and for our customers.”

As we look at the future of Microsoft Digital, we’re focusing on three high-level priorities: security, service fundamentals, and corporate functions growth. We’ll work to excel in all three areas with the help of our industry-leading AI tools and technologies.

Securing our future

Security is our highest priority at Microsoft Digital. Spearheaded by Nadella, the Secure Future Initiative brings together every part of Microsoft to ensure the highest level of cybersecurity protection across the company in all our products. 

“Prioritizing security above all else is critical to our company’s future,” Nadella says. “Every task we take on—from a line of code to a customer or partner process—is an opportunity to help bolster our own security and that of our entire ecosystem. If you’re faced with a tradeoff between security and another priority, your answer is clear: Do security.”

The Secure Future Initiative is built on three core principles: Secure by design, secure by default, and secure operations. As the company’s IT organization, we work relentlessly to fulfill the key pillars of the Secure Future initiative across all our systems, including:

• Safeguarding identities and secrets
• Protecting tenants and isolating production systems
• Securing networks and engineering systems
• Enhancing threat detection
• Expediting response and remediation

“Our mission is to power and protect Microsoft, and that starts with an unwavering commitment to the Secure Future Initiative,” says Brian Fielder, vice president for tenant and platform management at Microsoft Digital.

Secure Future Initiative | Microsoft

Transforming and securing our network and infrastructure

We’re focused on using AI to infuse data-driven intelligence into every part of our infrastructure and network operations. This allows us to optimize network operations and increase security while simultaneously improving outcomes.

Examples include:

• Network observability and governance: Ensuring data accuracy, eliminating non-compliant hardware and software, and real-time updates
• Securing endpoints: Device management, asset management, and patching
• Zero Trust networking: Isolating device classes and limiting attacker’s movements across the network
• Network access: Azure VPN, identity management, and Secure Access Workstation (SAW) infrastructure security

{Learn more about transitioning to modern access architecture with Zero Trust.}

Device management

We manage a vast network of more than 1 million interconnected employee devices, including more than 264,000 Windows devices. Managing these devices requires significant time and resources, generating more than 12,000 support tickets weekly.

To manage this enormous set of devices, we’re investing in a range of new AI-powered device capabilities that span the entire device lifecycle. These include:

• Integrated employee device procurement
• AI-powered predictive maintenance and intelligent troubleshooting
• Advanced insights and data-driven device administration
• Device security and vulnerability management
• Remote worker device experience
• Meeting rooms and calling

{Check out how we’re rethinking device management internally at Microsoft with AI.}

Foundations: Service fundamentals

The second pillar of our three major Microsoft Digital priorities is to maintain the highest standards of service fundamentals. These are the essential capabilities and practices that enable us to deliver reliable, secure, and compliant services. Adhering to the highest standards of service fundamentals ensures that our organization continues to play a critical role in running the company’s business, enabling innovation, agility, and resilience in a fast-changing and competitive environment.

Solid foundations

We’ll accomplish this by focusing on the following areas: 

• Compliance: In addition to regulatory compliance, where we’ll align with the requirements of all global jurisdictions that apply to us, we’ll continue to improve our security posture by deploying all patches and new releases as required. 
• Privacy: We’ll maintain privacy controls in accordance with company policies and complete privacy reviews as appropriate. This priority will assume even greater significance as we develop new AI capabilities. 
• Accessibility: We’ll continue investing in making our services accessible to all users. This includes using the latest accessibility tools and trainings, following all Microsoft standards, and conducting accessibility testing.
• Resilience: We’ll ensure the resilience of our services through sound service excellence practices that minimize business impact due to service outages. These include safe change management to minimize disruptions due to code or configuration changes, automated certification management, and best-in-class incident management. 
• Engineering fundamentals: In addition to our ongoing focus on adopting AI capabilities that enable more efficient and higher-quality development of solutions, we’ll continue to follow best practices for securing code repositories, software supply chains, build and release pipelines, and dev and test environments.
• Tenant management: With the help of AI, we’re building a coherent asset management solution across Microsoft 365 and Power Platform to serve both admins and users. We’ll prioritize securing the tenant, limiting reach and access, and applying zero trust principles to make our systems secure by default.

Defragmenting our employee experience

Our vision is to deliver a unified, connected, and personalized experience where users can access employee data, tools, and insights from one place. One of the key ways we’re doing this is with Microsoft 365 Copilot, which functions as a “UI for AI” across our employee services and tools. An example is our Employee Self-Service Agent in Microsoft 365 Copilot, an AI-driven tool that helps employees more efficiently find context-specific answers to their questions using natural-language queries.

“We see AI as the key to unlocking the full potential of our employees, delivering personalized experiences that empower us to work smarter, faster and happier—unleashing the innovation and collaboration necessary for our success,” MacDonald says.

To achieve our vision, we’re building a workplace where AI defragments the employee experience by:

• Providing contextual support in the flow of work.
• Reducing the number of sites and apps an employee must remember.
• Using Microsoft 365 Copilot as the “UI for AI,” making it simple for employees to find information, to take action, and even to fully automate certain repeatable tasks.

Tenant management

We manage one of the most complex tenants anywhere. Governance today is a somewhat fragmented experience, with no clear mechanism for IT to safely enable self-service asset creation for sites, Teams, groups, Power Apps, and so on. These unmanaged assets increase the risk of over-sharing sensitive data and compromise the health and security of our IT environment.

In the world of AI, security through obscurity is no longer a viable option. This means data hygiene, permission management, and data protection are essential to providing trustworthy AI tools that don’t overexpose sensitive content, while still providing quality responses.

{Read about one way we’re improving security by protecting elevated-privilege accounts at Microsoft.}

Transforming our support experience

We’re using generative AI to transform the way our employees interact with our support services. IT issues will be either auto-remediated or resolved remotely and instantly through conversational, personalized, and contextualized solutions, often without agent intervention.

We’ll accomplish this with a focus on the following:

• User experience: Self-help will use Copilot for Helpdesk (a declarative agent tool) to provide personalized, accurate, and cost-effective issue resolution. Notably, a seamless transition to human agents can occur even while the user stays within Copilot.
• Agent experience: Operational efficiency and automation powered by Copilot for Service will be integrated into the Service Operations Workspace. The service includes chat and incident summarization that recommends next-best actions and drafts contextual answers to queries.

{Find out how we’re modernizing our internal Help Desk experience with ServiceNow.}

Corporate functions growth

Our third major priority in Microsoft Digital is to improve how we support the company’s corporate functions organizations, including HR, legal, and building services. This is a particular challenge, as all these teams are being asked to do more with less today; Microsoft can no longer afford to grow operational costs at the same rate as in the past.

AI will play a fundamental role in transforming the business workflows of our corporate functions partners while improving operational efficiency, user productivity, regulatory and corporate compliance, and data-driven decision making. It will revolutionize the way they operate by automating repetitive and time-consuming operational tasks.

“With AI, we have so many new ways to innovate,” says Patrice Pelland, a partner engineering manager for Microsoft Digital. “From saving valuable time for our legal professionals, to optimizing building occupancy, to helping our HR professionals support employees in the hybrid workplace, we have incredible potential to make our corporate functions more efficient and impactful.”

Some of the corporate functions areas that we hope to grow by taking advantage of AI capabilities and related increased efficiencies include:

• Human Resources: We’ll advance the mission of the company’s HR organization by using AI-driven workflow scenarios such as enhanced communications support and intelligent recruiting throughout the candidate experience.

{Learn more about how we boosted HR services with our new Employee Self-Service Agent in Microsoft 365 Copilot.}

• Legal: Our vision for integrating AI into Corporate, External, and Legal Affairs (CELA) includes more discoverable legal findings, better corporate document management with the Docufy platform, enhanced engagement with Microsoft Philanthropies, and accelerated support for business-critical functions such as immigration, contracting, and insider trading compliance.

{Read how AI is revolutionizing the way we support corporate functions at Microsoft.}

• Global Workplace Services: In supporting the technology needs for more than 570 company buildings worldwide, we are poised to use AI and related innovations to implement cost savings in the areas of workspace management, facilities management, and financial systems for GWS operations.

{Find out more about using AI to enhance flexible work at Microsoft.}

• Travel and expense: Our plan is to work for near elimination of the traditional expense reporting process through AI-based and touchless experiences, driving simplification and productivity gains.

{Check out how OneExpense transformed our employee expense reporting.}

A catalyst for change and growth

Microsoft’s digital transformation is a story of evolutionary change, resilience, and adaptation across multiple eras of information technology. From our origins as a traditional IT organization to becoming a modern engineering organization focused on driving AI-powered innovation, we in Microsoft Digital remain a catalyst for change within the company and our industry.

With our insights borne of customer and employee obsession, we’re committed to streamlining IT operations while prioritizing security, revolutionizing user services, and facilitating corporate functions growth and development. All with the overarching goal of making Microsoft employees everywhere more productive while showing our customers and partners what’s possible as we move forward together into the future of IT.

“We’ve been through many eras of IT at Microsoft, and I’m so excited to lead Microsoft Digital during this era of AI,” D’Hers says. “The future of IT has never been so exciting!”

Our IT digital transformation story offers valuable lessons for organizations in the midst of their own IT journey. They include:

• Be vision-led: A clear, articulated vision is crucial for driving transformation.
• Foster a growth mindset: Encourage continuous learning and adaptability among employees (“learn-it-all” culture).
• Invest in people: Upskill and reskill your workforce to keep pace with technological advancements and emphasize diversity of skills and experience.
• Insist on security: Prioritize security in all aspects of operations to safeguard data and maintain trust.
• Focus on collaboration and partnership: Create successful hybrid work environments to foster strong partnerships across functions.
• Seek continuous improvement: Learn from the past and use those lessons to shape the future.
• Embrace AI: Take advantage of AI tools and technologies to drive efficiency, innovation, and security.

Visit our Microsoft Digital Inside Track website to learn more about how we’re transforming the way we do IT at Microsoft.

• Learn more about our vision for using AI and Microsoft 365 Copilot internally at Microsoft.
• Read about how we boosted our HR and IT services with a new Employee Self-Service Agent in Microsoft 365 Copilot.
• Learn more about how we drive business advantage by bringing AI to every corner of our organization.
• Access our guide for executives that walks through how to deploy Microsoft 365 Copilot at your company.
• Check out how we’re embracing the new era of AI-powered agents in our organization.  

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Digitally transforming Microsoft: Our IT journey appeared first on Inside Track Blog.

We all know the frustration of searching for answers we can’t find, and legal professionals often spend too much time answering the same questions repeatedly.

To address these challenges, knowledge must be captured, presented, and made accessible so that individuals can quickly find answers on their own. Our legal team supporting marketing at Microsoft developed a SharePoint agent to help achieve just that.

Over the years, our Microsoft legal team, Corporate, External, and Legal Affairs, has developed rich, comprehensive, and curated content accessible through SharePoint. This includes guidelines, policies, summaries of laws, self-service tools, and more; all presented in a way that’s understandable for a non-legal audience. The marketing section alone of this SharePoint site drives approximately 8,000 page views per month, resulting in significant cost savings.

When Microsoft released SharePoint agents, it created an opportunity to do even more. Now, the marketing legal team’s newly developed SharePoint agent sits on top of its robust SharePoint site, adding the power of AI to answer legal questions and further unlocking the value of the existing resources in an elegant and streamlined way.

SharePoint agents are natural language AI assistants tailored to specific tasks and subject matter, providing trusted and precise answers and insights to support informed decision-making. Each SharePoint site includes an agent based on the site’s content, or, with a single click, users can create and share a custom agent that accesses only the information they select. 

“At Microsoft, AI is transforming how our legal teams operate, creating new opportunities to enhance workflow efficiency,” says Hossein Nowbar, chief legal officer and corporate vice president for Microsoft. “We’ve used SharePoint agents to improve the discoverability and delivery of legal resources, scale our legal advice, and gain critical insights into content usage. This saves considerable time for teams that need advice and those that provide it, all the while driving greater legal compliance and consistency.”

To determine whether using this SharePoint agent that we showed you in the demo is better than using search and navigation alone, the legal team ran a test consisting of six legal questions to which five participants were asked to find answers. For each question, the participants were timed using search and navigation alone and then using the new SharePoint agent.

In timing each participant, we stopped the clock either when they were satisfied that they had found the correct answer or at five minutes if they did not find the correct answer. In the first test, using search and navigation, participants only found the answer 83.3% of the time, leaving 16.7% of the questions unanswered. Using the SharePoint agent, participants found thecorrect answer 100% of the time.

Not only were participants more successful at finding the correct answers, but they also found the answers much more quickly using the SharePoint agent. Participants found and confirmed the answer in under 1 minute 46.7% of the time and found and confirmed the answer in under two minutes 100% of the time. On average, participants found the correct answers 2.97 times faster using the SharePoint agent compared to using site search and navigation.

We know from experience and feedback that when people can find answers to their legal questions quickly and easily using self-service resources, the legal department can focus on more complex issues. A SharePoint agent is an essential tool for any organization seeking to harness the power of AI to make answers readily available, reduce the need for live support, and bring their existing content to life.

“The Microsoft Legal team was an ideal early adopter of SharePoint agents due to their well-curated content,” says CJ Tan, principal group product manager for SharePoint agents. “They recognized the value of an agent in scaling support and handling easily addressable questions, allowing the team to focus on more complex, unique business scenarios. Instead of learning how to build an agent, they could concentrate on helping marketers surface and use the right content for their business needs. As subject matter experts, they were also well-positioned to validate and test their agent before publishing it on their SharePoint site.”

As we build our array of Microsoft 365 agents, we continue to look to our internal experiences to guide the product’s evolution for our customers. We are exploring new ways for SharePoint agents to be shared and extensible across a variety of content sources. Lastly, we know that governance controls and analytics are critical as organizations introduce new features within their workflow and are excited about the roadmap for additional insights available and coming soon from Copilot Analytics, SharePoint Advanced Management, and SharePoint Purview.

“Organizations rely on SharePoint, creating more than two million sites and uploading more than two billion files daily,” says Jared Spataro, chief marketing officer of AI at Work @ Microsoft. “By giving every SharePoint site an agent, employees can quickly tap into this massive knowledge base with a single click.”

As with any new product and technology innovation, we’re focused on education and customer learnings. At the Microsoft 365 Community Conference in May, we will host a variety of sessions on SharePoint agents to go deeper into business use cases and best practices for creation and usage.

Connect with author Brent Sanders on LinkedIn.

Here are some of our top tips for getting started with SharePoint agents at your company:

• Prepare your content: Ensure SharePoint content is highly curated, accurate, complete, and unique. This helps agents provide more accurate and relevant responses.​ Organize content into smaller, manageable sets to improve response accuracy. For example, using smaller document libraries with fewer files and minimal graphics.
• Maintain your content: Updates made to content sources are reflected in the SharePoint agent responses so ensure content sources are maintained. Also regularly check file permissions are accurate based on the agent audience.
• Use ready-made agents: Each SharePoint site comes with a ready-made agent scoped to the content of the site. SharePoint admins can approve this agent to help jumpstart usage. Use the communication kit to help announce SharePoint agent availability and increase awareness.
• Identify where custom SharePoint agents can add value: SharePoint agents can be grounded to specific sites, folders, or files. Collaborate with business stakeholders to identify business objectives and priorities to create specialized expert and informational agents.
• Target 20 or less content sources: If you are selecting a site or folder, you can have any number of files underneath. However, when selecting items individually, we recommend capping 20 sites, folders, or files for best results.
• Encourage users to provide feedback: Users can use a “thumbs up or thumbs down” to give feedback on the SharePoint agents response. This feedback can be used to continuously improve content and enhance response accuracy over time.
• Measure the impact: We have a variety of analytics resources to help measure adoption and usage including; the SharePoint document library, SharePoint Advanced Management, Microsoft Purview, and additional reports coming to Copilot Analytics.

For organizations with at least 50 Microsoft 365 Copilot licenses, any employee in the organization will be able to create, share, and interact with SharePoint agents. Qualifying organizations will receive 10,000 queries per month through June 30, 2025. Learn more about SharePoint agents.

• Explore the SharePoint agents Adoption page to learn more about implementing and using SharePoint agents.
• Learn about using ready-made-agents that are automatically scoped to the content on your site.
• Start your journey with SharePoint agents.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Boosting efficiency with SharePoint agents: How our Microsoft legal team is helping clients find answers faster appeared first on Inside Track Blog.

• Microsoft Viva Engage: A powerful business transformation tool
• Chapter 1: Administration, access, and governance
• Chapter 2: Community management and content moderation
• Chapter 3: Learning from Microsoft success stories

Microsoft Viva Engage: A powerful business transformation tool

Leading change through community engagement

Microsoft Viva Engage connects employees with their leaders and each other. It gives leaders a powerful way to engage employees in two-way dialog to foster alignment of vision and strong organizational culture. It also helps people create meaningful relationships by building community, sharing their experiences, participating in discussions, and asking questions.

By creating a space where all of your employees can seek help, participate in conversations, and connect with peers and leaders, Viva Engage emulates the ways people connect through social media channels in their personal lives. The app can serve many different functions across an organization, from executive communications to crowd-sourced troubleshooting. And because Viva Engage integrates with Microsoft Teams and Microsoft Outlook, people can participate no matter their preferences and style for getting work done. Through our widespread implementation of Viva Engage across Microsoft, we’ve discovered that those capabilities are especially useful for business transformation.

Viva Engage makes coordinated communication and engaged adoption possible like never before, and we’re continuing to see results internally across the company.

1. How to Improve Employee Engagement in the Workplace – Gallup
2. How Glint enriches the Microsoft Viva experience | Microsoft Community Hub

A blueprint for using Viva Engage effectively

Meaningful Viva Engage adoption won’t happen by accident. Like any tool, you need strategy and alignment across multiple teams to use it effectively.

Your organization will benefit from adopting the following:

• A goal and common purpose for the platform across your organization  
• A consistent model for your different types of communities
• Unlocking the breadth, transparency, and employee agency the platform empowers
• Getting leaders on board and securing their participation
• Evolving from mono-directional to networked communications
• Measuring your reach and audience participation
• Automating your data and analytics capabilities and the insights they deliver
• Integrating AI to help craft communications based on audience insights

This guide shares how Microsoft Digital, the company’s IT organization, collaborated with a diverse team of stakeholders to put administrative policies and practices in place for Viva Engage while establishing best practices for community management and moderation.

It also shares stories of three of our successful—but very different—communities of practice and how they use the app effectively. Throughout the guide, you can follow our thought processes, benefit from the lessons we’ve learned, and access resources and checklists that will guide your own work.

“We operate within a culture of ‘how,’” says Jeff Teper, president of Microsoft 365 Collaborative Apps and Platforms. “How do we foster the confidence to speak and share with integrity and accountability? How do we build connections while ensuring safety? Viva Engage gives us the power to realize these goals as a community.”

Read on to start your Viva Engage journey and add a powerful community building and business transformation solution to your toolkit.

{Download our Viva Engage at Microsoft readiness guide.}

Chapter 1: Administration, access, and governance

Laying an administrative foundation for success

With the release of Viva Engage in 2022 as a successor to Yammer, we had a powerful opportunity to invigorate employee communities like never before. The massive growth of hybrid work amplified those possibilities. But making it happen effectively demanded real foresight and collaboration with the teams who actively use the tool in their work.

Viva Engage is a deeply human tool. It’s our role in Microsoft Digital to ensure that it serves our employees to its fullest potential.

Setting your organization up for successful engagement: Configuring Viva Engage for effective communities

At Microsoft, implementing Viva Engage involved working closely with our communications and employee experience leaders, in addition to our product team. Much of that effort centered around understanding our internal communities’ needs and primary modes of engagement, allocating responsibility for management, and making decisions around how the app should work. It also required extensive consultation with the community leaders responsible for employee enablement and change management.

Designing our approach to Viva Engage

We took special care to ask questions that would identify how users and communities would benefit most from the app:

• Would they take a more peer-centered or leadership-driven approach?
• Is a community’s engagement more event-based or asynchronous?
• Do campaigns need to reach the entire company, specific organizations, or narrow groups? How should those different communities function?
• Are users most interested in connecting with leaders, finding answers, exploring topics, or sharing expertise?

Thinking through each of these questions informs the tone, participation goals, and management and moderation requirements for a community.

Community leaders have a substantial toolkit of capabilities, including storyline posts, campaigns, ask-me-anything (AMA) sessions, live and broadcast events, and more at their disposal. Each has an important role, but laying the groundwork for effective usage requires giving informed leaders and administrators the power to manage the features that support their work.

In addition to these capabilities, several features enable administrators to make foundational decisions about the environments where communities can thrive:

• Managing community membership
• Implementing and managing campaigns
• Creating specialized accounts for leadership and communicators
• Allowing organizationally led vs employee-led communities

Decisions around communities will naturally evolve over time. What’s important at the outset is identifying who’s the best fit for making these kinds of decisions for different communities.

Internally, we share responsibility for these capabilities between Microsoft Digital and our internal business leaders and communicators. Identifying who would lead a community and what level of control they should have was an integral part of establishing our administrative structure for Viva Engage.

The ability of designated Viva Engage leaders to target their specific audiences with storyline announcements enables them to share perspectives and anecdotes in a way that encourages dialog and reveals more about their personality and values. And because storylines are visible to people across the company, leaders model transparency and foster connection across divisions.

Your organizational needs will differ from ours. But what’s most important is that you reflect on how you want to use Viva Engage, then consider how to structure those objectives into your administrative choices.

Pairing administrative features with organizational needs

Working out these relationships and spheres of responsibility is one task. Implementing them is another. Fortunately, features and administrative roles are highly configurable in Viva Engage.

As you implement the tool throughout your organization, these six steps will help you configure Viva Engage to meet your organizational needs and distribute ownership over communities securely and effectively.

The user’s perspective: Global Employee and Executive Communications

Jon Bates is the employee and executive communications lead for Microsoft in Western Europe. He’s part of a team driving executive and organizational communications for 3,000 sales and marketing employees across ten countries, each with its own subsidiary.

Bates is part of a network of communicators that form the Global Employee and Executive Communications (GEEC) team, responsible for reinforcing our company culture and keeping our workforce up to speed. Their Viva Engage community helps them stay connected and tapped into crucial company information. For Bates, it’s a place to consume official content curated by our centralized communications team. It’s also a forum for crowdsourcing information, answers, and best practices while providing insights based on his expertise.

“This community helps turn the cascade of information into conversation,” Bates says. “It helps me explore the stories that matter.”

In information-rich, high-communication roles like Bates’, Viva Engage provides an invaluable direct line to both organizational leaders and his colleagues around the world.

Flexibility is key

As you collaborate with different Viva Engage community leaders, you might find that you need to provide extra guidance about capabilities that promote awareness and participation for members. Different communities will gravitate toward different modes of interaction, so it’s worth providing training material about their options. During this process, your more centralized administrators, employee experience professionals, and communications experts have an important role as guides and consultants to help line of business community managers understand the implications of Viva Engage features.

Onboarding your users

After you’ve established the guidance and structure that make sense for your teams, it’s time to get your communicators, leaders, and users onboard. With appropriate configurations and active, communicative partners to lead your communities, you’ll set your people up for rewarding engagement that supports your organizational goals.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Discover best practices and tips from Microsoft’s own internal adoption of Microsoft Viva. This resource shares tips and tricks we developed while rolling Viva Engage out at Microsoft.
• Read the story of how we drove adoption of Microsoft Viva internally. This blog post shares some of the lessons we learned during our own implementation.

More guidance for you

Here are more assets that we found useful.

• Understand the fundamentals of setting up Viva Engage to build a foundation for appropriate and effective communities.
• Learn how to configure your Viva Engage tenant to ensure your setup meets your employees’ needs.
• Find out how to manage licenses to ensure appropriate access for all relevant employees.
•  Learn how to determine administrative roles to ensure proper control over your Viva Engage communities.

Chapter 2: Community management and content moderation

Creating and leading secure, supportive, effective communities

With the right administrative parameters in place, our communications leaders, community managers, and content moderators have the control that they need to build and maintain engaged, helpful, and secure communities. Grounding our practices in Microsoft’s organizational culture helped us structure those efforts.

To do this work, we relied on our experts in the employee experience and policy space: executive communications and HR professionals.

Matching community to culture: Building Viva Engage communities founded in your culture and vision

Viva Engage is all about fostering community—between peers, between teams and leaders, and across our organization as a whole. When our communications professionals started strategizing for Viva Engage, they formulated three goals.

Communications goals for employee and executive communications

Accomplishing our goals relies on a delicate balance between driving value through connection and protecting our employees from harm. In any space where people communicate, there’s a small risk of disruption, agitation, and lapses in integrity—often occurring accidentally. To avoid those pitfalls, we grounded our Viva Engage strategy in Microsoft’s culture of respect, integrity, and accountability while ensuring that we didn’t stifle communication or engagement.

Community management in an expanding Viva Engage environment

Building a foundation for effective community management relies on understanding what different Viva Engage communities do and how they work. At Microsoft, our executive communications team developed a framework for structuring communities to guide our thinking about who owns the responsibility for posting, management, and moderation.

Community management in Viva Engage

As you think through structuring any Viva Engage community, there are a few key questions to ask yourself:

• What are your goals for this community and how can Viva Engage help you achieve them?
• Who will you include in its membership?
• Who will be responsible for managing this community?
• Who can post and engage?

Owners for every effort, initiative, or community will need to ask themselves these questions to guide their decision-making. Being thoughtful about these issues will ensure the communities they oversee serve both the broader organization’s objectives and more specific line-of-business goals.

Employees will use Viva Engage in the way that seems most organic to them, but these features have been particularly useful for supporting communications and engagement at Microsoft. They’ll be powerful assets as you build out your own Viva Engage strategy.

In more employee-led communities, this can be a largely hands-off process, with peers asking questions, solving problems, and carrying on conversations on their own initiative.

Protecting communities through moderation

Viva Engage offers plenty of creative ways to reach your community. But keeping conversations respectful and appropriate is an important part of making people feel safe enough to share their ideas and opinions.

Our moderation process relies on input from several different organizations within Microsoft, including IT professionals with Microsoft Digital and Viva product engineers, executive and crisis communications specialists, HR, and our legal team. In consultation with these stakeholders, we established policies and practices for effective moderation.

Each of these practices has a role to play in keeping our professional communities safe and respectful.

The user’s perspective: Copilot Champs

Samuel Boulanger is a cross-solution AI lead, but he wears another hat as well. He’s one of our Copilot Champs, a group of early and enthusiastic AI adopters the company has embraced as peer leaders throughout our Microsoft 365 Copilot adoption. They help spread enthusiasm and model creativity for their peers.

There’s no single employee profile, so the champs are a diverse group of professionals working across all disciplines. Viva Engage provides an ideal peer-driven space for sharing inspiration, hosting discussions, and asking questions. The social aspects of the tool are some of the most powerful for Boulanger, especially the ability to tag people into conversations, follow relevant subjects, and conduct live events like the Copilot Champs’ community-wide monthly meetings, where he’s been a featured speaker on more than one occasion.

Boulanger also maintains a YouTube channel dedicated to mastering productivity with AI, and media integration features in Viva Engage make it a perfect place to share his work his peers can easily discover his tips and tricks.

“In an age of fast-paced tech evolution, being able to take advantage of others’ knowledge is crucial for keeping up,” Boulanger says. “Viva Engage is the place I go to connect with subject matter experts.”

If questionable posts do appear, Viva Engage enables several possible actions, all depending on the severity and context of the issue we’re trying to resolve. Community managers and moderators can take several actions:

While Viva Engage is a powerful tool for building community, any forum carries the potential for sowing division, much like social media in the public sphere. In addition to the moderation practices detailed in this guide, it’s important to proactively communicate appropriate usage policies to your employees, always staying sensitive to your company culture, location, and industry. While employees may feel that their right to expression is being impinged, it’s important for them to understand that employers have a prerogative to manage the appropriate use of their corporate resources, and their speech rights as employees may differ from their rights as individuals outside of work. Depending on your company culture, you may want to put policies in place that discourage or even prohibit political discourse or other controversial topics on Viva Engage.

As you’re setting out your own policies for Viva Engage moderation, it will be helpful to align behavioral guidelines with your organization’s values. From there, you can agree on what actions are appropriate in various circumstances and decide who will carry out the actions.

There will always be room for subjectivity and discretion on the part of your community managers and moderators—after all, community engagement is a deeply human practice.

Community management and moderation lessons

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• See how we’re transforming internal communications at Microsoft with Viva Amplify and Viva Engage. This blog post shares the story of how our communications leaders coordinate their efforts across Viva apps.
• Understand the evolution of employee engagement at Microsoft with Viva Engage. This story outlines how Viva Engage is revolutionizing community and connection between employees.

More guidance for you

Here are more assets that we found useful.

• Learn how to manage a community in Viva Engage to ensure a safe and smooth process for employees.
• Create a dynamic group in Viva Engage to automate and simplify community creation.
• Learn from Microsoft insiders about digital safety and moderation in Viva Engage to see how our internal experts keep our employees safe.
• Explore best practices for engaging employees with AMAs and live events to diversify engagement and employee connections.

Chapter 3: Learning from Microsoft success stories

Guiding communities through successful creation and engagement

One of the superpowers of Viva Engage is its ability to connect leaders with employees and peers with peers. At Microsoft, we surveyed our own employees and learned that people appreciate timely communication from leaders on topics that matter to them. Since we transitioned our broad-reaching company communications primarily to Viva Engage, we’ve been hearing that employees prefer the kind of connection they experience with community and storyline conversations.

At Microsoft, there are many kinds of communities that serve diverse purposes and operate in unique ways. Whatever you want your Viva Engage communities to accomplish, you can draw lessons from our experiences with these three teams.

Global employee and executive communications: A new connection for high-impact communicators

The Global Employee and Executive Communications community—affectionately known at Microsoft as GEEC—includes comms leads across the company who are responsible for disseminating information and supporting messaging from senior leadership. This community has existed since 2018, primarily using traditional employee engagement channels like email, intranet sites, and all-hands meetings. The rise of hybrid work coincided with a desire for leaders to find ways to connect more personally at scale with employees. Viva Engage provided an opportunity to connect this cross-company community even more closely, further empower their work, and accelerate leader adoption of the platform.

As highly skilled communications professionals, the GEEC community were in an ideal position to test the new tool internally, build out best practices, and help each other drive company-wide impact. As a result, they’ve left their stamp on much of our overall Viva Engage policy and practice.

When GEEC leadership started exploring Viva Engage, they needed to think through several aspects of the tool:

• The learning and adoption curve
• Incorporating Viva Engage into the larger communication channel portfolio
• Membership management for people entering and exiting roles
• Resource storage and access for teams with different purviews

None of these considerations were difficult to overcome, but they did require thought and planning, especially for the IT professionals responsible for managing access and identity. At the same time, we knew we needed to equip these high-visibility communicators with the skills to use Viva Engage effectively. We accomplished that through a combination of in-depth support from community owners and ample opportunities to consume learning content.

Clear leadership was also essential. For an impactful group like GEEC, it’s not enough to have a purely peer-led effort. Senior comms leaders took special care to align the community’s Viva Engage habits with its goals.

Internal communications on Viva Engage

As you consider using Viva Engage within your own organization, corporate and executive communicators can be one of the most effective groups to lead your adoption. Their communications expertise paired with a knack for effectively reaching audiences make them excellent pioneers in the space.

Our Copilot Champs Community: Supporting adoption by empowering peer leaders

When we deployed Microsoft 365 Copilot company-wide in the winter of 2024, we knew this tool represented a generational shift in workplace technology. We also had the benefit of eager early adopters who were quickly building their expertise with AI tools. Copilot adoption leaders saw an opportunity to empower them as peer leaders and created the Copilot Champs Community.

A team like this has several benefits.

Why should I build a Champs Community?

Unlike the GEEC community, which consists entirely of communicators, the Copilot Champs Community represents a broad cross-section of Microsoft employees working across different roles, lines of business, and job disciplines. The common ground is enthusiasm for sharing Copilot innovation. As a result, recruitment and enablement for new members were crucial aspects of launching this community.

To meet this need, the Copilot Champs Community lead developed a process that onboards, educates, and empowers new members while encouraging input.

Getting your new Copilot Champs started

An active onboarding process decreases the risk of a community growing stale while increasing buy-in and community culture. With 5,000 members and counting, the Copilot Champs Community clearly has a winning strategy.

Maintaining a purpose-driven community like this requires active leadership. If you’re intending to foster a team of peer leaders like we’ve done for Copilot, you will need to commit resources to staffing, either through fractional ownership or a full-time community leader. These leaders can help direct people to answers, highlight exciting conversations, tag people in where necessary, and coordinate live events.

We’ve made it easy for network admins and corporate communicators to enable a Viva Engage community specifically built to support adoption of Microsoft 365 Copilot. Find step-by-step guidance for creating a Copilot adoption community in Viva Engage here.

The Microsoft Sales Experience Community: Enabling communities of practice and deep product expertise

Some communities are based around mutual support with a highly specific toolset, skill set, or discipline. Microsoft Sales Experience (MSX) within Microsoft Dynamics 365 is an excellent example.

Microsoft’s sales team is an enormous, highly matrixed organization with many routes of accountability associated with different aspects of MSX. It’s important that our sellers stay up to date with the latest product features and capabilities while having a discipline-specific peer-to-peer support network.

A solution-based community might be the most straightforward to set up in Viva Engage from a membership perspective. For our MSX community, we accomplish that through auto-provisioning. In the simplest terms, everyone on our sales team provisions for MSX gets automatically added to new community that you create.

The user’s perspective: MSX for Microsoft Dynamics 365

Nick Fratello is a Power Platform director at Microsoft, operating as a BizApps specialist for our sales team. As a result, he needs to engage with MSX daily.

His specific purview deals with Power Platform, which releases around 400 enhancements every six months. That’s far too much to keep track of through conventional documentation or communications. The MSX Viva Engage community is a way to lean on fellow employees for technical answers, sales collateral, and support for customer questions.

“As field-based employees, we’re often floating on our independent rafts,” Fratello says. “Viva Engage helps us connect to our tribe and make progress so we can keep Microsoft’s sales engine moving.”

For Fratello, sharing his work within the community is a way to create a digital trail that helps people retrace their steps on problems or processes they’ve solved. Conversations and questions become established knowledge, and that helps the whole community.

Using the MSX Viva Engage community

Community managers augment peer-led engagement to provide even more value. For example, community managers can codify peer support questions and the resulting conversations through Answers in Viva or direct members to relevant support material based on their conversations.

When members share their wins and insights, community managers can highlight and amplify these conversations to give them a wider reach. In turn, a community of practice like this informs organizational leaders about their team’s needs and contributes to better workflows and proficiency.

Learning from our established Viva Engage communities

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Unpacking the ways Microsoft employees collaborate on Microsoft Teams and Viva Engage. This blog post showcases the power of community for boosting employee collaboration.
• Driving our Microsoft Viva Goals usage with Microsoft Viva Engage.

More guidance for you

Here are more assets that we found useful.

• Explore the step-by-step process of creating and managing Viva Engage communities to ensure effective setups and avoid rework.
• Understand Viva Engage campaigns and discover ways to boost communications.
• Find out how we’re transforming communications and employee engagement at Microsoft to start enacting these principles at your organization.
• Learn how to collaborate with Copilot in Viva Engage on posts and articles to add AI automation into your community engagement efforts.

Applying Microsoft’s lessons to your own organization

You’ve learned from our Viva Engage initiatives. It’s time to get started on yours.

The impact of engaged and connected employees is hard to overstate. Viva Engage is a powerful vehicle for fulfilling that need by fostering vibrant communities that offer support, provide information, and build organizational culture. By applying the lessons and best practices we’ve acquired while implementing and using Viva Engage at Microsoft, you can accelerate time to value for your business and your employees.

“Viva Engage takes all the energy and innovation at work in our employees and provides a space where their ideas can enrich our wider organization,” says Rajesh Jha, executive vice president of Experiences and Devices at Microsoft. “By thoughtfully and intentionally harnessing people’s passion through community, we make our work environment more vibrant, more engaged, and ultimately more impactful.”

However you choose to move forward, our customer success team is always here to provide support, knowledge, and technical expertise.

If you’re looking for further inspiration for using Viva Engage or other apps in the Viva suite, read stories about how this modern employee engagement platform is making waves at Microsoft.

• Here’s where to go to get started with Viva Engage.
• If you’re an admin, here’s where to go get guidance for managing your Viva Engage instance.

• Click here to download an eBook version of this Viva Engage at Microsoft readiness guide.
• Learn how we’re transforming our employees engagement at work with Viva Engage.
• Find out how we’re driving Microsoft 365 Copilot adoption with our Copilot Champs Community.
• Discover how we’re evolving our culture with Microsoft Viva.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Community with purpose: Deploying Viva Engage at Microsoft in three chapters appeared first on Inside Track Blog.

This story was first published in 2016. We periodically update our stories, but we can’t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time.

Deploying Windows Hello for Business internally here at Microsoft has significantly increased our security when our employees and vendors access our corporate resources. This feature offers a streamlined user sign-in experience—it replaces passwords with strong two-factor authentication by combining an enrolled device with a PIN or biometric user input for sign in. Windows Hello was easy to implement within our existing identity infrastructure and is compatible for use within our remote access solution.

The Windows Hello for Business feature can replace passwords with strong two-factor authentication that combines an enrolled device with a PIN or biometric (fingerprint or facial recognition) user input to sign in. We in Microsoft Digital, the company’s IT organization, streamlined the deployment of this feature as an enterprise credential to improve our user sign-in experience and to increase the security of accessing corporate resources.

Using this feature, users can authenticate to a Microsoft account, an Active Directory account, or a Microsoft Entra ID account (formerly known as a Microsoft Azure Active Directory account).

The Windows Hello for Business feature is a public key or certificate-based authentication approach that goes beyond passwords. This form of authentication relies on key pairs that can replace passwords and are resistant to breaches, thefts, and phishing.

Other benefits of this feature include:

• It supports our Zero Trust security model. Emphasizes an identity-driven security solution by centering on securing user identity with strong authentication as well as eliminating passwords.
• It uses existing infrastructure. We configured Windows Hello to support smart card–like scenarios by using a certificate-based deployment. Our security policies already enforced secure access to corporate resources with two-factor authentication, including smart cards and Microsoft Azure Multi-Factor Authentication. Windows Hello is currently enabled, and we anticipate an increase in usage as more biometric-capable devices become available in the market.
• It uses a PIN. Replace passwords with a stronger authentication. Users can now sign in to a device using a PIN that could be backed by a trusted platform module (TPM) chip.
• It provides easy certificate renewal. Certificate renewals automatically occur when a user signs in with their PIN before the lifetime threshold is reached.
• It permits single sign on. After a user signs in with their PIN, the user has access to email, SharePoint sites, when using the latest Microsoft 365 versions, and business applications without being asked for credentials again.
• It is compatible with remote access. When using a certificate-based PIN, users can connect remotely using a Microsoft Digital VPN without the need for multi-factor authentication with phone verification.
• It supports Windows Hello. If users have compatible biometric hardware, they can set up biometrics sign-in to swipe their finger or take a quick look at the device camera.

Our deployment environment for the Windows Hello for Business feature includes:

• Server: Microsoft Entra ID subscription and Microsoft Entra Connect to extend on-premises directory to Entra ID:
  • For certificate-based: Active Directory Certificate Services (AD CS), Active Directory Federation Services (AD FS) Network Device Enrollment Service (NDES), and Microsoft Intune
• Client: A device, preferably with an initialized and owned TPM.

For more information about integrating on-premises identities with Microsoft Entra ID, see What is hybrid identity with Microsoft Entra ID?

Enrollment and setup

Windows Hello for Business user enrollment steps vary, based on our deployed scenarios. For all scenarios, users will need to use their smart card or multi-factor authentication with a verification option—such as a phone call or verification on a mobile app, such as Microsoft Authenticator, in addition to their user name and password—to complete the enrollment.

The Windows Hello for Business feature supports the following enrollment scenarios:

• On-premises Active Directory domain–joined devices. Users sign in with their domain account, the Group Policy is applied, the device is registered with Microsoft Entra ID, and then the user creates a PIN.
• Microsoft Entra ID–joined devices managed by Microsoft Intune. Users must enroll in device management (or add a work account) through Microsoft Intune. After their device is enrolled and the policies are applied, the PIN credential provisioning process begins and users receive the prompt to create their PIN.

Requirements

• Two-factor authentication is required for PIN creation using one of the existing methods (virtual smart card, physical smart card, or multi-factor authentication with phone verification).
• A PIN that is at least six characters long.
• A connection to the internet or Microsoft corporate network.

Physical architecture

Our Windows domain-joined devices were already synchronized with Microsoft Entra ID through Microsoft Entra Connect, and we already had a public key infrastructure (PKI) in place. Already having PKI reduced the amount of change required in our environment to enable the Windows Hello for Business feature.

To deploy user certificates based on Windows Hello keys, we used AD FS, AD CS, and Group Policy.

Server roles and services

In our implementation, the following servers and roles work together to enable Windows Hello as a corporate credential:

• Microsoft Entra ID subscription with Microsoft Entra Device Registration Service to register devices with Entra ID.
• Microsoft Intune is used to enroll devices joined to Microsoft Entra ID.
• AD FS is used for federated identities and Microsoft Entra Application Proxy for secure remote access of web applications hosted on-premises. AD FS Registration Authority is used to handle certificate issuances and renewals for devices that are joined to the domain.
• PKI includes NDES servers (with policy module) and certificate authorities (with smart card EKU—enhanced key usage—template), used for the issuance, renewal, and revocation of Windows Hello for Business certificates.

Domain-joined service workflow

The following workflow applies to any Windows 10 computers joined to our AD DS domain.

• Our domain-joined devices pull a Group Policy object that configures certificate enrollment, PIN-enablement, and notification tasks.
• After users sign out and sign in again, or if they select the pop-up notification when it displays, a PIN creation workflow runs, and they must configure their new PIN.
• During the next sign-in, the user is prompted to configure Windows Hello for Business, confirm their identity using multifactor authentication, and create a PIN. A private key is created and registered in Microsoft Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.
  • If the client and infrastructure support Instant-On, a key-receipt verification package is downloaded and a certificate request is sent to the AD FS registration authority. AD FS confirms valid key ownership and submits the request on behalf of the user to an AD CS certification authority.
• The certificate is delivered to the computer.

Microsoft Entra ID–joined service workflow

• Windows Intune pushes a device policy to Microsoft Entra ID devices that contains the URL of the NDES server and the challenge generated by Intune. A policy has already been pushed to the device by the Intune service. This policy contains the URL of the NDES server and the challenge generated by Intune.
• During the next sign-in, the user is prompted to configure Windows Hello for Business, confirm their identity using multifactor authentication, and create a PIN. A private key is created and registered in Microsoft Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.
• The device contacts the internet-facing NDES server using the URL from the NDES server and provides the challenge response. The NDES server validates the challenge with the CRP and receives a “true” or “false” to challenge verification.
  • If the challenge response is “true,” the NDES server communicates with the certificate authority (CA) to get a certificate for the device. Appropriate ports need to be open between the NDES server and the CA for this to happen.
• The NDES server delivers the certificate to the computer.

Setting policies

Our Microsoft Digital team used domain-based Group Policies to push out policy-based settings to configure our Windows 10 domain-joined devices to provision Windows Hello user credentials when users sign in to Windows. Non-domain joined devices receive their policies from Intune. We also used these settings to define the complexity and length of the PIN that our users generate at registration and to control whether Windows Hello was enabled.

We had the option to configure whether we would accept certificate-based Windows Hello for Business with PIN as a software-backed credential. We chose to enable Windows Hello for Business with a hardware-required option, which means that keys are generated on the TPM.

Policies for Microsoft Entra ID domain–joined clients

You must create and deploy a Group Policy object using the settings found under User Configuration > Administrative Templates > Windows Components Windows Hello for Business.

The Group Policy object contains the policy settings needed to trigger Windows Hello for Business provisioning and to ensure Windows Hello for Business authentication certificates are automatically renewed. Both the Enable Windows Hello for Business setting and the Use certificate for on-premises authentication setting must be enabled.

Windows 10 also provides PIN complexity settings for control over PIN creation and management. Beginning with Windows 10 version 1703, the policy settings are found under Computer Configuration > Administrative Templates System > PIN Complexity.

Policies for Microsoft Azure Active Directory–joined clients

To use the Windows Hello/Windows Hello for Business certificate-based sign-in, configure the certificate profile (Assets & Compliance > Compliance Settings > Company Resource Access > Certificate Profiles). Select a template that has smart card sign-in extended key usage. Note that to set the minimum key size set, this certificate template should be configured in the Simple Certificate Enrollment Protocol (SCEP) Enrollment page—then you can use the Windows Hello for Business and Certificate Properties page to set the minimum key size set to 2048.

To set up the desired policy, we also need to create a new Windows Hello for Business profile (Assets & Compliance > Compliance Settings > Company Resource Access > Windows Hello for Business profiles) and specify the following required options:

• Use Windows Hello for Business
• Use a hardware security device
• Use biometrics
• PIN Complexity

User enrollment experience

When a domain-joined computer running Windows 10 Anniversary Update or later pulls Group Policy settings from a domain controller, certificate enrollment policies and the Windows Hello for Business policies are applied to the Windows 10 computer, provided all the criteria for policy application are met.

Client signs out and signs in (and unlocks the device)

The user unlocks their device, and the certificate enrollment process is triggered.

Certificate enrollment process

After a PIN is successfully created, the scheduled task runs (triggered by Event ID 300, which is “Key registration was successful.”). It checks for an existing certificate. If the user doesn’t have one, the task sends the requests for a new challenge.

At this point, Windows 10 calls on the specified Certificate Services server through AD FS and requests a challenge with an expiration time. If the PIN is cached, the certificate enrollment is triggered.

Certificate renewal behavior

We have configured PIN credential certificates to have a lifetime of 90 days from when they are issued. Renewals will happen approximately 30 days before they expire. When a user next enters their Windows Hello for Business PIN within the 30 days prior to its expiration, a new certificate will be automatically provisioned on their device.

Certificate renewal is governed by Group Policy settings for auto-enrollment. The system checks for certificate lifetime percentage and compares it against the renewal threshold. If it’s beyond the set threshold, a certificate renewal starts.

Microsoft Intune specifics

The Open Mobile Alliance Device Management client talks to the Microsoft Intune mobile device management server using SyncML. Policies are routed, and then the user receives the Simple Certificate Enrollment Protocol profile, as configured in our hybrid environment, deployed through Microsoft Intune. Within 10 minutes, the user should receive a certificate. If that fails, the user needs to manually sync.

Service management

We manage identity as a service at Microsoft and are responsible for deciding when to bring in new types of credentials and when to phase out others. When we were considering adding the Windows Hello for Business feature, we had to figure out how to introduce the new credential to our users, and to explain to them why they should use it.

Measuring service health

We’re in the process of creating end-to-end telemetry to measure the service health of Windows Hello for Business. For now, we’re monitoring the performance and status of all our servers. We’re also expanding the service, so adoption and usage numbers are very important metrics that demonstrate the success of our service. We also track the number and types of help desk issues that we see.

We use custom reports created from certificate servers and custom telemetry service metrics to collect prerequisites, and key and certificate issuance times for troubleshooting. Detailed reports about other aspects of the service can also be generated from Microsoft Intune.

We configure a user’s certificate to expire, and certificate renewals are issued with the same key. When necessary, the certificates can be revoked directly through Microsoft Intune, which provides easier administration.

Here are some tips for getting started with Windows Hello for Business at your company:

• OEM BIOS initialization instructions and TPM lockout policies are OEM-specific. We performed steps to identify and document the potential issues for each hardware provider. We also communicated to our users that clearing a TPM will cause their private key to not work in Windows Hello for Business.
• Some of the common issues we saw with users creating their PINs could have been avoided with better communication. These issues include users not understanding the prerequisites, or the expected delays in onboarding scenarios. To help avoid this issue, we created a productivity guide to walk users through the steps.
• Windows Hello for Business relies on several underlying services: Microsoft Entra ID, AD FS, Microsoft Intune, NDES, and CA. All of these services need to be healthy and available.
• Certificate issuance delays can be hard to troubleshoot, but monitoring the health and performance of the supporting services can help.

Explore Windows Hello for Business.

• Learn how to transition to modern access architecture with Zero Trust.
• Discover enabling a modern support experience at Microsoft.
• Explore improving security by protecting elevated-privilege accounts at Microsoft.
• Unpack hybrid identity with Microsoft Entra ID

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Implementing strong user authentication with Windows Hello for Business appeared first on Inside Track Blog.