Just like it is for all large enterprises, maintaining accurate and secure group memberships enables our employees to collaborate effectively while also safeguarding our sensitive information internally here at Microsoft.

The Microsoft Group Membership Management (GMM) tool addresses this challenge head-on by providing a robust solution that simplifies group membership management while enhancing security and productivity across Microsoft. Initially developed to solve a challenge within Microsoft, GMM is now available on GitHub, giving other organizations to access to its capabilities.

The need for group membership management 

GMM was designed to address two critical issues that companies like ours face: 

• Collaboration barriers: When the right people aren’t in the group, collaboration tools are less effective.
• Security risks: When individuals retain access to groups unnecessarily, organizations face potential data exposure.

“One of our main priorities was to create a solution that balances seamless collaboration with stringent security,” adds Olivia Han, Senior Product Manager for GMM. “We wanted organizations to feel confident in their group memberships while making the process as intuitive as possible.”

Key features of GMM 

GMM is a multi-source, multi-destination membership synchronization tool. It enables organizations to define group memberships based on user information from multiple sources and project those memberships into groups and even Microsoft Teams channels. Its standout features include: 

• Flexible membership definition: Membership can be defined based on organizational structure, user attributes, and exclusionary rules. Depth limits ensure precision and control. 
• Empowered group ownership: Group owners can define and manage their memberships independently, while administrators retain tools to protect sensitive HR information. 
• Change threshold protection: To prevent accidental disruptions, GMM includes increase and decrease thresholds that require owner confirmation before large-scale membership changes. 

Development journey and challenges 

GMM began as a solution to project nested security group hierarchies into flattened Microsoft 365 groups, addressing the lack of native nesting support in Microsoft 365. Over time, the tool evolved into a comprehensive solution that uses a variety of Azure services, including Storage, Service Bus, SQL, Azure Data Factory, and Key Vault, among others. 

“We’ve been laser-focused on adopting Microsoft Secure Future Initiative best practices,” says Paul Daly, a principal software engineering manager for GMM in Microsoft Digital. “Eliminating secrets, adopting managed identities, and moving resources to private networks have significantly improved our security posture. Scalability has been another ongoing focus, with innovations like a ‘multi-lane’ process to handle large membership changes without delays.” 

Impact and integration 

Internally at Microsoft, GMM has simplified maintenance for thousands of groups.

“Automating user additions increased the use of collaboration tools like Viva Engage, Teams, and Outlook groups,” Han says. “Removing unnecessary access not only boosts security but also gives us the confidence to enable features like Copilot.” 

GMM has had a significant impact on personalizing and enhancing the employee experience at Microsoft. By managing groups based on tenure, GMM enables targeted content delivery on the intranet website and HR portal via Viva Connections, providing relevant information to new employees during their crucial onboarding period. 

“Based on what our internal customers have told us, we know that GMM has eliminated days and even weeks of manual work that our business admins have to do to maintain accurate groups rosters,” Han says. “It has also mitigated security concerns, including reducing the risk of oversharing.” 

Externally, organizations that have adopted GMM from GitHub have experienced similar benefits, and their feedback has driven continued improvements. 

GMM integrates seamlessly with Entra ID groups and Team channel memberships, extending its impact across the Microsoft 365 suite, including Viva Engage, Teams, Outlook groups, Viva Connections, and CoPilot. 

Looking ahead 

The future of GMM is bright, with enhancements focused on usability, performance, and deployment: 

• Improved user interface: Updates driven by internal and external feedback reduce admin effort and empower users. 
• Enhanced scalability: The multi-lane process ensures timely completion of membership changes, even during large onboardings. 
• Simplified deployment: Streamlining installation will make GMM more accessible for external organizations. 

“We hope GMM’s features resonate with organizations and their use cases,” Daly says. “If so, we encourage them to give it a try and share their feedback via the GitHub repository.” 

GMM exemplifies how Microsoft uses its own tools to solve real-world challenges and shares those solutions to help others achieve their goals. With its powerful capabilities and user-centric design, GMM is transforming the way organizations manage group memberships, fostering both collaboration and security.

Here are some tips for rethinking group management at your company:

• Simplified group management: GMM streamlines group membership management, enhancing both security and productivity across organizations.
• Addressing key issues: GMM tackles collaboration barriers and security risks by ensuring that the right people are in the right groups and removing unnecessary access.
• Robust features: GMM offers flexible membership definitions, empowered group ownership, and change threshold protection to prevent accidental disruptions.
• Development and scalability: Initially created to solve internal challenges, GMM has evolved into a comprehensive solution using various Azure services and focusing on scalability and security.
• Impact and future enhancements: GMM has significantly improved group management at Microsoft with ongoing enhancements aimed at usability, performance, and deployment.

Learn more on how to manage your groups.

• Find additional resources for Group Membership Management on GitHub.
• Learn more about Group Membership Management (GMM).
• Unpack how Microsoft automates Group Member Management.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Streamlining group membership management and governance at Microsoft appeared first on Inside Track Blog.

When we launched Microsoft 365 Copilot in February of 2023, it was a watershed moment in the history of Microsoft. By incorporating next-generation AI into the productivity tools that millions of people depend on every day, a new era of productivity was born.

“Today marks a significant milestone in our journey to empower every person and every organization on the planet to achieve more,” Microsoft CEO Satya Nadella said when he announced the product. “With Copilot, we are bringing the power of next-generation AI to the tools millions of people use every day.”

Fast forward to now and there’s no doubt that Copilot is revolutionizing employee productivity here at Microsoft and elsewhere. It’s also clear that the pace of innovation is only increasing, and AI-powered agents, integrated with Copilot, are poised to help enterprises all over the world fulfill the promise of AI.

Jared Spataro, Microsoft corporate vice president for AI at Work, reflected on this paradigm shift during his keynote address at Microsoft Ignite. “Agents are the new apps for an AI-powered world. Every organization will have a constellation of agents, ranging from simple prompt-and-response to fully autonomous.”

Here in Microsoft Digital, the company’s IT organization, the feeling of excitement that we felt that day was palpable.

“It was exciting to hear about the vision for an ‘agentic world,’ where a rich tapestry of AI agents, including personal agents, business process agents, and cross-organizational agents, work together to enhance productivity and collaboration,” says Rajamma Krishnamurthy, a principal program management lead.

The opportunity that agents present is massive.

“AI powered agents can automate or assist in time consuming tasks like document creation, email or meeting summarization, creating presentations or reports, saving precious time and energy,” Krishnamurthy says. “This will enable our employees to focus on more innovative and engaging work.”

They will become our personal assistants.

“Agents will be able to do things like tell me what time I should be leaving for work based on traffic, helping me navigate which way to go, helping me to find parking, and helping me set up my day so I know what’s most important to work on,” says Amy Rosencranz, a principal program manager also working on agents in Microsoft Digital. “I’ve been excited about those scenarios for a long time, anticipating how AI can seamlessly integrate into our daily lives, and now it’s here.”

In Microsoft Digital, we are embracing our agentic future, where agents will make our employees, as well as the millions of employees who rely on Microsoft 365 globally, more productive every day.

Enabling an agent-powered Microsoft

It’s important to acknowledge that adopting AI in the enterprise is a journey. In Microsoft Digital, we’ve adopted a maturity model for AI deployment in the enterprise. Early phases focus on using Microsoft 365 Copilot, grounded in enterprise data, to enhance knowledge discovery and retrieval. Later phases enable employees to act on that knowledge and even fully automate business workflows. Microsoft 365 Copilot enterprise deployment phases

Microsoft 365 Copilot enterprise deployment phases

Use these principles to guide you as you move through the two phases.  

1. Foundational capabilities. The first and most important step is to deploy a secure, enterprise-grade AI solution like Copilot for Microsoft 365 that’s grounded in your enterprise data. At Microsoft, we’ve deployed Microsoft 365 Copilot to all of the more than 300,000 employees and vendors at the company, providing everyone with an AI-powered assistantto enhance their daily productivity.
2. Specialized agents. Employees use low-code solutions like Copilot Studio Agent Builder or ready-made agents in SharePoint to quickly train models and retrieve knowledge for specialized scenarios.
3. Knowledge and actions. Powered by Copilot Studio, agents go beyond simple knowledge retrieval, offering next steps and actions that help employees to defragment their day-to-day employee experience. While these agents take a little more time to build, they offer significantly more utility in the enterprise. Copilot Studio provides a robust library of first- and third-party connectors that make it easy to incorporate actions across enterprise platforms.
4. Workflow reinvention. Employees manage and train a constellation of agents that perform fully autonomous actions. Note, the ability to create fully autonomous agents is currently in public preview. “The best way to think about these are just as your teammates,” Nadella said when explaining this at Microsoft Ignite.

It’s important to note that these steps can take time.

Deploying Microsoft 365 Copilot at global enterprise scale and conducting change management practices to help our employees maximize the potential of AI has required patience as we create locally relevant change management campaigns tailored to individual countries, roles, and other factors.

Later phases require more advanced tools, appropriate tenant governance, and collaboration between departments to ensure appropriate and responsible uses of AI. Additionally, our AI Center of Excellence has been instrumental in helping to build an AI-forward culture through training activities, knowledge sharing, and other activities to accelerate our growth as an organization.

Data quality and tenant governance are also important considerations for unlocking the value of agents in your enterprise.

“The better your data, the better your back-end data, the better your data is set up to interact with AI, the better the responses are going to be,” Rosencranz says.

In Microsoft Digital, we’ve adopted standards and policies that help us ensure that our agents are trained on high quality, accurate AI-ready data. AI-ready data for enterprise AI agents is data that’s clean, well-governed, and accessible through scalable pipelines, integrating principles of data standardization, privacy compliance, and federated governance to enable seamless interoperability and actionable insight. With AI-ready data, our data scientists and engineers are better equipped to locate, process, and govern the enterprise data that drives our organization, including the development of agents.

But we’ve also been deliberate in building tools that make it easy to build and deploy agents in the enterprise. In fact, our design-first mindset, facilitated through architectural reviews, is enabling us to design and deploy agentic architectures that are resilient, secure, cost-effective, high-performance, and operationally sound. This structured approach ensures that AI agents deliver transformative value while aligning with organizational goals and maintaining trust.

{Learn how we’re transforming our data culture with AI-ready data.}

{Learn more about how we’re responding to the AI Revolution with an AI Center of Excellence.}

Bringing agents to life at Microsoft

While everyone at Microsoft already has access to Microsoft 365 Copilot, we’ve been cautious in deploying Copilot Studio, part of the Microsoft Power Platform, to all of our employees. Copilot Studio uses the same low-code connector model as the Power Platform to provide over 1,400 first- and third-party services that can power actions. The same principles that we apply to the Power Platform—“employee empowerment with guardrails”—are being used to safely bring agents to life at Microsoft.

“Anyone at Microsoft can build agents to help them through mundane tasks such as a writing assistant to help write better content or to strategize with them on important areas like their career, however these agents are available only to the person who created them,” Krishnamurthy says. “Agents that need to scale enterprise-wide are worked on by the respective engineering teams in collaboration with business partners.”

While the power in these “knowledge-only” or specialized agents is significant, we in Microsoft Digital must balance employee innovation against some of the risks of agentic AI. Security and privacy controls are important for all applications, and even more so for those that incorporate AI.

“Sometimes we mysticize these agents as things that take a lot of effort to build,” Nadella said at Ignite. Our vision is that it should be as simple as creating a Word doc or a PowerPoint slide.”

Additionally, understanding and incorporating our responsible AI principles in all aspects of the Security Development Lifecycle (SDL) is critical.

“A robust governance process and controls should be adhered to when building these AI agents through the entire SDL, starting with designing, building, deploying and monitoring agents after they’re deployed,” Krishnamurthy says.

Some practices we’re using within Microsoft Digital to keep our employees safe include:  

1. Security. We have established standards for data classification, policies on handling confidential information, and other security measures to protect data from unauthorized access, misuse, and disclosures. Microsoft Purview provides these foundational capabilities, including data labeling, rights management, and data loss prevention at Microsoft. 
2. Privacy. At Microsoft, we have established privacy compliance measures to ensure that personal data is protected. Includes adhering to regulations such as GDPR and CCPA. We also conduct regular privacy assessments for all applications, especially AI-powered agents.
3. Regulatory. It’s important to conduct regulatory compliance assessments to ensure that agents and extensions are meeting legal standards. Our legal and compliance teams are carefully monitoring AI regulations like NY 144 and the EU AI Act. Understanding and incorporating applicable guidelines, regulations, and laws into assessments is critical.

As Peter Parker famously learned, “with great power comes great responsibility.” The same holds true with agents in the enterprise. While agents are an incredibly powerful tool that nearly anyone can take advantage of to improve their productivity, being mindful of security, privacy, and regulatory issues is essential to the responsible deployment of agentic AI in the enterprise.

{Find out how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.}

{Learn how citizen developers at Microsoft are empowered through good governance with the Power Platform.}

Enabling employee self-service

In Microsoft Digital, we’re building AI-powered agents to support common employee scenarios like IT support and HR queries. The employee self-service agent seamlessly integrates with Microsoft 365 Copilot and helps to defragment the employee experience by providing a single place for employees to seek help with their most common pain points. With Copilot Studio, this agentic experience helps employees to quickly retrieve relevant information and then resolve their issues while also enabling them to act, such as by opening a support ticket or submitting a request for time off.

Other capabilities include:

• An out-of-the-box experience that facilitates a no-configuration, focused employee self-service lens for optimized responses to common HR and IT questions.
• The minimum configuration delivers answers to employees via official content sources and company-crafted answers where necessary, lowering search time and frustration.
• Additional configuration reduces cost and accelerates time to value for HR functions and IT workflows.

Employee self-service agent in Microsoft 365 Copilot

Employee-self service is being used by some partners and customers in a private preview and will be available globally to all Microsoft customers soon.

{Learn how we’re building employee self-service agents for IT and HR.}

The future of IT

While we’re at the very beginning of this agentic journey at Microsoft, the pace of change has been and will continue to be incredibly swift, as new capabilities emerge and autonomous agents become more common. In Microsoft Digital, we see a world where agentic AI will unlock productivity and creativity, empowering our employees to train their own agentic teams that handle routine day-to-day operational tasks so they can focus on the higher value work only humans can do. Some ways we’re exploring applying agents within Microsoft Digital include:

• Autonomous agents that can detect, report, remediate, and monitor network security and connectivity issues.
• Autonomous agents that streamline and simplify business and operational processes, enabling our employees to focus on the higher value work that only humans can do.
• Autonomous agents that anticipate your needs during travel, clearing your calendar, reconciling schedule conflicts, and even helping with things like reserving a car or mitigating flight delays.
• Autonomous agents that help our global workplace services team to manage their facilities more effectively, reducing carbon emissions while maximizing workplace occupancy.
• Autonomous agents that anticipate device issues, apply patches, continuously monitor device health and security, and keep our infrastructure and devices secure and reliable.

While the advent of generative AI in the enterprise has been a boon to employees and has given organizations like Microsoft a competitive advantage, fully autonomous agents, powered by Copilot Studio, will give our employees an incredible advantage in a very competitive global marketplace for products, ideas, and solutions.

“We are so at the tip of the iceberg, and the pace at which the product is developing is unlike anything I’ve seen in my tenure at Microsoft, and I’ve been here a while,” Rosencranz says. “Agents are already so powerful, but they’re only going to get more powerful. More “wow” moments are coming.”

We invite you to seize this generational opportunity with agents to provide more “wow” moments for your own employees.

Here are principles to think about as you consider experimenting with agents at your company:

• Agents are the next wave of AI innovation, enabling your employees to retrieve information, act, or even fully automate business processes and operations.
• While agents are powerful and simple to create, be mindful of security, privacy, responsible AI, and compliance requirements to ensure that your agents aren’t creating unnecessary business risks.
• There are several ways to build no-code and low-code agents for personal or enterprise-wide use, including Agent Builder in SharePoint, creating agents in Microsoft 365 Copilot Chat, and using Copilot Studio.
• AI-ready data is essential to unlock the power of agents in the enterprise. Like other AI systems, the responses and actions of your agents are only as good as the data they were trained on.

Get started with Microsoft 365 Copilot at your company.

• Read our guide for deploying and driving adoption of Microsoft 365 Copilot.
• Find out how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Learn how we’re keeping our network infrastructure healthy at Microsoft with an employee-built AI agent.
• Check out how we’re transforming our data culture with AI-ready data.
• Learn more about how we’re responding to the AI Revolution with an AI Center of Excellence.
• Find out how citizen developers at Microsoft are empowered through good governance with the Power Platform.
• Learn how we’re building employee self-service agents for IT and HR.
• Find out how we’re unlocking deeper AI value at Microsoft with Microsoft 365 Copilot extensibility.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post AI-powered agents in action: How we’re embracing this new ‘agentic’ moment at Microsoft appeared first on Inside Track Blog.

Editor’s note: This content was first published in 2021. Although this particular event or moment in time has passed, we’re republishing it here so you can see what our thinking and experience was like at the time.

Our Microsoft Digital team is improving our support experience by partnering with ServiceNow to incorporate modern support-agent functionality into our environment by using ServiceNow Virtual Agent and Microsoft Teams. As a result, our support team and the employees they assist have a more complete tool set, a simpler view into the support environment, and a more streamlined method for executing tasks and solving issues quickly.

Understanding virtual-agent-based support at Microsoft

Our Global Helpdesk supplies support to these employees throughout more than 120 countries and regions worldwide. Global Helpdesk receives approximately 3,000 requests for support every day, and the ability to efficiently assess what help our users need and how we can provide that help are critical to the effectiveness of Global Helpdesk and our Microsoft Digital organization at Microsoft.

Improving the agent experience

One of the primary touchpoints for our employees has been agent-driven communication. Connecting to and speaking with a live support-team member has always been an important part of the end-user support experience here at Microsoft. As part of our ongoing digital transformation, we’re working toward a more streamlined support experience for our support team and our users, including improved virtual-agent experiences.

The preexisting virtual-agent interface—one that Microsoft Digital developed and maintains—was initially developed as an experimental solution. While the previous solution had worked well in the past, we were experiencing several challenges in using an internally developed, custom-built tool:

Limited ability to innovate. While we initially developed the previous virtual-agent tool to meet our needs at the time of its implementation, our needs changed over the years. The way our employees work also changed, and industry changes and technology advances affected our platform’s efficiency. It was difficult to keep functionality and feature availability current on a self-developed platform.

Minimal integration and information reuse. The virtual-agent experience wasn’t effectively integrated with many of our other support tools, including our service-management platform knowledge base. Our support team had to copy and paste support information into the agent and manually search for and enter ticket management data for each support request.

Limited virtual-agent support. It was difficult to develop and maintain workflows for virtual-agent functionality and to provide the guidance and support that our live agents required.

Scalability and performance issues. Our previous platform didn’t support the scalability and performance goals that we set for our infrastructure and tools.

Creating a modern virtual-agent experience

Our vision for a modern support experience involves providing our employees with easy-to-use, transparent, and integrated services by transforming how we deliver support capabilities across all digital interactions at Microsoft. As part of this vision, we examined how we could improve the virtual-agent process while enabling our continued digital transformation in this area. We established several goals, including:

• Increase information reuse. Invest in integrated tools that support connected and correlated data and the reuse of information across support processes. We wanted a solution that would integrate directly with our service-management platform and integrate with existing data in our support environment.
• Take advantage of existing partnerships and tool sets. As part of our vision for simplicity and transparency in our infrastructure, we wanted to use existing tools effectively and pursue partners that supply complementary features.
• Adopt commercially available tools with out-of-the-box functionality. We wanted to move to a commercially available product that was already in development for a large customer base. We wanted a solution that enabled agile development and also provided built-in support.
• Identify AI and machine-learning capabilities to streamline and improve support and employee experiences. Virtual-agent functionality was an important consideration for the new solution—whatever we chose needed to integrate AI and machine-learning tools to better inform the support process and better serve our Helpdesk users.

Combining ServiceNow and Teams

To begin the process of selecting a new platform, we used our challenges and goals to evaluate several potential solutions. The ServiceNow suite of capabilities now serves as our primary agent experience for live and virtual-agent support, and we use Teams as one of our most critical agent hosting environments. We’ve used ServiceNow IT Service Management for six years as our primary support-automation tool. Microsoft and ServiceNow have engaged in a strategic partnership to accelerate digital transformation for enterprise customers. As part of the partnership, we’re working together toward a common solution based on ServiceNow and Microsoft platforms, with a goal of building better products and improving customer experience for both companies.

By combining ServiceNow and Teams, we’ve created an agile support platform that easily integrates with our existing support environment and data. We’re using all the ServiceNow out-of-the-box features that fit our needs to ensure that our use-case scenarios are robustly supported. Our current ServiceNow implementation included several important milestones and challenges. Highlights from the implementation process include:

Aligning feature capabilities and requirements. We prioritized features and implementation timelines, noting what was necessary to decommission the previous solution and facilitate a smooth transition.

Establishing a crawl, walk, run approach. Our implementation started small, and we iterated from there. We incorporated quick-win features early, ensuring that we established sound implementation practices before moving on to larger and more important components.

Identifying and resolving Microsoft Entra ID synchronization issues. Initially, Microsoft Entra ID synchronization complexities made it difficult to fully integrate user data. However, through our partnership with ServiceNow and because of ServiceNow’s agility and large product support team, we received an update in the next release that fixed the problem.

Supplying direct agent integration across multiple contexts. While Teams is one of our primary agent interfaces, we’re also incorporating the ServiceNow Virtual Agent across many of our web-portal workspaces, offering in-context agent support to our employees within the application or interface that they’re using.

Integrating with Azure Cognitive Services components for intelligent virtual-agent functionality. We’re using the Azure AI Language service to supply natural-language FAQ support to the virtual-agent experience, using existing knowledge-base sources.

Results and benefits

Our new support-management platform has generated several benefits, for our business, our support agents, and our customers. These benefits include:

• Simplified interaction for our end-users. Our virtual agent usage has doubled during the first year using ServiceNow. More of our Global Helpdesk end-users are using the virtual agent to initiate support contact. Almost 50 percent of virtual agent-initiated issues are solved within the virtual agent context, without needing human involvement. The increase in virtual agent adoption decreases support costs and allows our live agents to focus on more complex issues. We expect virtual agent adoption and efficiency to increase as we improve functionality, build the virtual-agent interface into more of our end-user environment, and grow virtual-agent adoption as a replacement for other contact methods, such as email or phone calls.
• Increased future cost savings from the new solution platform. By implementing a software-as-a-service (SaaS) solution like ServiceNow, we benefit from the built-in resiliency, scalability, reusability, and feature set of a SaaS platform. We’ve also deprecated our internally developed tool, saving the associated infrastructure and maintenance costs.
• More effective self-service problem solving for our end-users. The ServiceNow virtual agent enables detailed workflow automation within the agent interface. We’re using that automation to create a better self-service experience that allows our users to resolve issues without live-agent intervention, giving more time back to the live agent.
• Improved live agent handoff. We’ve significantly improved integration between the virtual agent and our other support systems data. When the virtual agent transfers an end-user to one of our live agents, the live agent can access the virtual-agent chat transcript alongside the ServiceNow ticket and end-user information. This capability makes it easier to provide comprehensive support for the end-user in a live chat experience.
• More accurate metrics for end-to-end support processes. Due to integration with ServiceNow and other data platform, we can better understand the end-to-end support experience and identify opportunities for improvement and greater efficiency across the entire support landscape. This enables us to further reduce support costs and decrease support resolution times for our end-users.

Want to learn how Microsoft Teams can streamline communications and make a difference in your organization? Get more details here.

• Unpack modernizing Microsoft’s internal Help Desk experience with ServiceNow.
• Explore rethinking software licensing at Microsoft with ServiceNow Software Asset Management.
• Discover instrumenting ServiceNow with Microsoft Azure Monitor.
• Learn about how we’re enabling a modern support experience at Microsoft.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Using Microsoft Teams and ServiceNow to enhance end-user support at Microsoft appeared first on Inside Track Blog.