In light of this priority, we have established a Microsoft Digital Data Council to help accelerate our companywide AI-powered transformation.

Our data council is a cross-functional team with representation from multiple domains within Microsoft, including Microsoft Digital, the company’s IT organization; Corporate, External, and Legal Affairs (CELA); and Finance.

“By championing robust data governance, literacy, and responsible data practices, our data council is a crucial part of our AI-powered transformation. It turns enterprise data into a strategic capability that fuels predictive insights and intelligent outcomes across the organization.”

Naval Tripathi, principal engineering manager, Microsoft Digital

Our data council’s mission is to drive transformative business impact by establishing a cohesive data strategy across Microsoft Digital, empowering interconnected analytics and AI at scale. Our vision is to guide our organization toward Frontier Firm maturity through a clear blueprint for high-quality, reliable, AI-ready data delivered on trusted, scalable platforms.

“By championing robust data governance, literacy, and responsible data practices, our data council is a crucial part of our AI-powered transformation,” says Naval Tripathi, principal engineering manager in Microsoft Digital. “It turns enterprise data into a strategic capability that fuels predictive insights and intelligent outcomes across the organization.”

Enterprise IT maturity

This article is part of series on Enterprise IT maturity in the era of agents. We recommend reading all four of these articles to gain a comprehensive view of how your organization can transform with the help of AI and become a Frontier Firm.

1. Becoming a Frontier Firm: Our IT playbook for the AI era
2. Enterprise AI maturity in five steps: Our guide for IT leaders
3. The agentic future: How we’re becoming an AI-first Frontier Firm at Microsoft
4. AI at scale: How we’re transforming our enterprise IT operations at Microsoft (this story)

Our evolving data strategy

Over the past two decades, we at Microsoft—along with other large enterprises—have continuously evolved our data strategies in search of the right balance between control and agility. Early approaches were highly decentralized, with different teams owning and managing their own data assets. While this enabled local optimization, it also resulted in inconsistent quality and limited enterprise-wide insight.

Our subsequent shift toward centralized data platforms brought much-needed standardization, security, and scalability. However, as data platforms grew more sophisticated, ownership often drifted away from the business domains closest to the data, slowing responsiveness and diluting accountability.

Today, we and other leading companies are embracing a more balanced, federated approach, often described as a data mesh. Rather than forcing all our data into a single centralized system or allowing unchecked decentralization, the data mesh formalizes domain ownership while embedding governance, quality, and interoperability directly into shared platforms.

With this approach, our domain teams publish data as well-defined, discoverable products, while common standards for security, metadata, and compliance are enforced through automation rather than manual processes. This model preserves enterprise trust and consistency without sacrificing speed or autonomy.

By adopting a data mesh mindset, we can scale analytics and AI more effectively across the organization while still keeping ownership closely connected to the business focus. The result is a system that supports innovation at the edges, strong governance at the core, and seamless collaboration across domains, enabling the transformation of data from a technical asset to a strategic, enterprise-wide capability.

Quality, accessibility, and governance

To scale enterprise data and AI, organizations must first ensure their data is trusted, discoverable, and responsibly governed. At Microsoft Digital, our data strategy is designed to create data foundations that power intelligent applications and effective decision making across the company.

“High-quality, well-governed data is essential to accelerate implementation and adoption of AI tools. Data quality, accessibility, and governance are imperatives for AI systems to function effectively, and recognizing that is propelling our data strategy.”

Miguel Uribe, principal PM manager, Microsoft Digital

By implementing a data mesh strategy at scale, we aim to unlock valuable data insights and analytics, enabling advanced AI scenarios. Our data council focuses on three core dimensions that make AI-ready data possible:

• Quality: Making sure enterprise data is reliable and complete
• Accessibility: Enabling secure and discoverable access to data
• Governance: Protecting and managing our data responsibly

Together, these dimensions form the foundation for scalable innovation and AI-powered data use. They connect data silos and ensure consistent, high‑quality access across the enterprise—enabling both humans and AI systems to work from the same trusted data foundation. As AI use cases mature, this foundation allows AI agents to retrieve and reason over data through enterprise endpoints, while supporting advanced analytics, data science, and broader technology.

“High-quality, well-governed data is essential to accelerate implementation and adoption of AI tools,” says Miguel Uribe, a principal PM manager in Microsoft Digital. “Data quality, accessibility, and governance are imperatives for AI systems to function effectively, and recognizing that is propelling our data strategy.”

Quality

AI-ready data is available, complete, accurate, and high-quality. By adopting this standard, our data scientists, engineers, and even our AI agents are better able to locate, process, and govern the information needed to drive our organization and maximize AI efficiencies.

By utilizing Microsoft Purview, our data council can oversee the monitoring of data attributes to ensure fidelity. It also monitors parameters to enforce standards for accuracy and completeness.

Accessibility

Ensuring that our employees get access to the information they need while prioritizing security is a foundational element of our enterprise data strategy. Microsoft Fabric allows us to unify our organization’s siloed data in a single “mesh” that enables advanced analytics, data science, data visualization and other connected scenarios.

Microsoft Purview then gives us the ability to democratize that data responsibly. By implementing a data mesh architecture, our employees can work confidently, unencumbered by siloed or inaccessible data, and with the assurance that the data they’re working with is secure.

The data mesh connects and distributes data products across domains, enabling shared data access and compute while scaling beyond centralized architectures.

Platform services are standardized blueprints that embed security, interoperability, policies, standards, and core capabilities—providing guardrails that enable speed without fragmentation.

Data management zones provide centralized governance capabilities for policy enforcement, lineage, observability, compliance, and enterprise-wide trust.  

Governance

As organizations scale AI capabilities, strong governance becomes essential to ensure security, compliance, and ethical data use. Data governance—which includes establishing data policies, ensuring data privacy and security, and promoting ethical AI usage—is critical, as is compliance with General Data Protection Regulation (GDPR) and Consumer Data Protection Act (CDPA) regulations, among others.

However, governance is not only a technical capability; it’s also a cultural commitment.

Responsible data use must be embedded into the way teams manage data and build AI solutions. Through Microsoft Purview, we implemented an end-to-end governance framework that automates the discovery, classification, and protection of sensitive data across the enterprise data landscape.

This unified approach allows teams to innovate confidently, knowing that the data powering their insights and AI systems is trusted and protected, as well as responsibly managed.

“AI systems are only as reliable as the data that powers them,” Uribe says. “By investing in trusted and well-managed data, we accelerate not only the adoption of AI tools but our ability to generate meaningful insights and intelligent outcomes.”

The data catalog as the discovery layer

By serving as a common discovery layer for humans and AI, the data catalog ensures that governance translates directly into speed, accuracy, and trust at scale.

A unified data strategy only succeeds if both people and AI systems can consistently find the right data. At Microsoft, this is enabled by our enterprise data catalog, which operationalizes the standards set by our data council. 

For business users, the catalog provides intuitive search, ownership transparency, and trust signals—enabling confident self‑service analytics. For AI agents, the same catalog exposes machine‑readable metadata, allowing agents to programmatically discover canonical datasets, validate schema and freshness, and respect governance constraints.

Our role as Customer Zero

In Microsoft Digital, we operate as Customer Zero for the company’s enterprise solutions, so that our customers don’t have to.

That means we do more than adopt new products early. We deploy them at enterprise-scale, operate them under real‑world constraints, and hold them to the same standards our customers expect. The result is more resilient, ready‑to‑use solutions and a higher quality bar for every enterprise customer we serve.

“When we engage product teams with real telemetry from how data is created, governed, and consumed at scale, we move the conversation from theory to execution. That’s how enterprise readiness becomes real.”

Diego Baccino, principal software engineering manager, Microsoft Digital

Our data council embodies this Customer Zero mindset through its Enterprise Readiness initiative. By engaging product engineering as a unified enterprise voice, the council drives strategic conversations that surface operational blockers, influence roadmap prioritization, and ensure new and existing data solutions are truly ready for enterprise use.

These learnings are then shared broadly across Microsoft Digital to accelerate adoption, reduce duplication, and scale proven patterns across teams.

“When we engage product teams with real telemetry from how data is created, governed, and consumed at scale, we move the conversation from theory to execution,” says Diego Baccino, a principal software engineering manager in Microsoft Digital and a member of the council. “That’s how enterprise readiness becomes real.”

This work is deeply integrated with our AI Center of Excellence (CoE), where Customer Zero principles are applied to accelerate AI outcomes responsibly. Together, the AI CoE and the data council focus on improving data documentation and quality—foundational capabilities that are required to make AI feasible, trustworthy, and scalable across the enterprise.

By grounding AI innovation in measurable data quality and governance standards, Microsoft Digital ensures that experimentation can safely mature into production‑ready solutions. The partnership between our data council, our AI CoE, and our Responsible AI (RAI) Council is essential to our broader data and AI strategy.

“AI readiness isn’t aspirational—it’s operational,” Baccino says. “By measuring the health of our data, setting clear quality baselines, and using those signals to guide product and platform decisions, we turn data into a strategic asset and AI into a repeatable capability.”

Together, these teams exemplify what it means to be Customer Zero: Transforming enterprise experience into action, governance into acceleration, and data into durable competitive advantage.

Learn more

Read about our AI Center of Excellence.

Advancing our data culture

Our data council plays a pivotal role in advancing the organization transition from data literacy to enterprise data and AI capability. In conjunction with our AI CoE, it creates curricula and sponsors learning pathways, operational practices, and community programs to equip our employees with the skills and mindset required to thrive in a data- and AI-centric world.

While early efforts focused on improving data literacy, our data council ’s mission has evolved to enable data and AI capability at scale together with our AI CoE—where employees not only understand data but can effectively apply it to build, operate, and govern intelligent solutions.

“Our focus is not just teaching our teams about data. It is enabling employees to apply data to create AI-driven outcomes. When teams understand how data powers AI systems, they can make better decisions, design better products, and build more responsible AI experiences.”

Miguel Uribe, principal product manager, Microsoft Digital

Our curriculum includes high-level courses on data concepts, applications, and extensibility of AI tools like Microsoft 365 Copilot, as well as data products like Microsoft Purview and Microsoft Fabric.

By facilitating AI and data training, offering internally focused data and AI certifications, and internal community engagement, our council ensures that employees develop the capabilities required to responsibly build and operate AI-powered solutions. Achieving data and AI certifications not only promotes career development through improved data literacy, it also enhances the broader data-driven culture within our organization.

“We recognize that AI capability is built when data skills are applied directly to real AI scenarios and business outcomes—not when learning exists in isolation,” Uribe says. “Our focus is not just teaching our teams about data; it is enabling employees to apply data to create AI‑driven outcomes. When teams understand how data powers AI systems, they can make better decisions, design better products, and build more responsible AI experiences.”

Find out more

Learn how a Copilot Expo helped us build interest in Microsoft 365 Copilot.

Lessons learned

Our data council was created to develop and execute a cohesive data strategy across Microsoft Digital and to foster a strong data culture within our organization. Over time, several critical lessons have emerged.

Executive sponsorship enables transformation

Executive sponsorship is a key element to ensure implementation and adoption of a data strategy. Our leaders are committed to delivering and sustaining a robust data strategy and culture and have been effective champions of the council’s work.

“Leadership provides support and reinforcement of the council’s mission, as well as guidance and clarity related to diverse organizational priorities,” Baccino says.

Cross-functional collaboration accelerates impact

Our council’s work has also benefited from the diverse representation offered by different disciplines across our organization. Embracing diverse perspectives and understanding various organizational priorities is critical to implementing a successful data strategy and culture in a large and complex organization like Microsoft Digital.

Modern platforms allow for scalable AI productivity

Technology and architecture also play a critical role in enabling enterprise data and AI capability. Platforms like Microsoft Purview and Microsoft Fabric provide the governance, discovery, and analytics infrastructure required to create trusted, AI-ready data ecosystems.

Combined with strong leadership support and community engagement, these platforms allow our organization to move beyond isolated data projects toward connected, enterprise-wide intelligence.

As our organization continues to evolve, our data council’s strategic work and valuable insights will be crucial in shaping the future of data-driven decision making and AI transformation at Microsoft.

Key takeaways

Here are some things to keep in mind as you contemplate forming a data council to help you manage and scale AI impacts responsibly at your own organization:

• A data mesh strikes the balance enterprises have been chasing. By formalizing domain ownership while enforcing standards through shared platforms, you avoid both chaotic decentralization and slow, over-centralized control.
• Governance is an accelerator when it’s automated and embedded. Using platforms like Microsoft Purview and Microsoft Fabric, governance shifts from a manual gatekeeping function to a built‑in capability that enables faster, trusted analytics and AI.
• AI systems are only as strong as their discovery layer. A unified enterprise data catalog allows both people and AI agents to find, trust, and use data consistently—turning standards into operational speed.
• Customer Zero turns theory into enterprise‑ready execution. By operating its own data and AI platforms at scale, Microsoft Digital provides real telemetry and practical feedback that directly shapes product readiness.
• Building AI capability is a cultural effort, not just a technical one. Our data council’s focus on applied learning, certification, and real-world AI scenarios ensures data skills translate into durable business outcomes.
• AI scale exposes the cost of fragmented data ownership. A data council cuts through silos by aligning priorities, resolving tradeoffs, and concentrating investment on the data assets that matter most for AI impact.
• Shared metrics create shared ownership. Publishing data quality and AI‑readiness scores at the leadership level reinforces accountability and positions data as a core enterprise asset.

Try it out

New to Microsoft 365 Copilot? Check it out!

Related links

• Learn more about the councils that are steering AI projects at Microsoft.
• See how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Explore how we’re unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
• See AI-powered agents in action: How we’re embracing this new ‘agentic’ moment at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Harnessing AI: How a data council is powering our unified data strategy at Microsoft appeared first on Inside Track Blog.

• Deploying Microsoft 365 Copilot: A next-generation business tool
• Chapter 1: Getting governance right
• Chapter 2: Implementation with intention
• Chapter 3: Driving adoption to capture value
• Chapter 4: Building a foundation for support
• Chapter 5: Extending Copilot through agents
• Applying our deployment lessons at your company

Deploying Microsoft 365 Copilot: A next-generation business tool

Welcome to the new era of productivity

Generative AI has captured the world’s attention, and businesses are taking notice.

According to our Work Trends Annual Report, 70% of people would delegate as much work as possible to AI to lessen their workloads.

“I’m inspired by the transformative power of AI. I’ve been impressed with how quickly our employees have put it to work for them.”

Andrew Osten, general manager, Microsoft Digital

Capitalizing on this trend will mean the difference between surging ahead or getting left behind, including here at Microsoft, where we’re the first enterprise to deploy Microsoft 365 Copilot fully.

“I’m inspired by the transformative power of AI,” says Andrew Osten, general manager of Business Operations and Programs in Microsoft Digital, the company’s IT organization. “I’ve been impressed with how quickly our employees have put it to work for them.”

He would know. His team is responsible for driving usage and adoption of Copilot and any new features to more than 300,000 employees and vendors across the world.

“Customers are looking to us to share what we’ve learned as the first enterprise to deploy Copilot,” Osten says. “Our team has a unique opportunity to help them deploy and get to value as quickly as possible.”

Meet Microsoft 365 Copilot

Copilot combines the power of large language models (LLMs) with your organization’s data to turn your employees’ words into some of the most powerful productivity tools on the planet—all within the flow of work. Employees can access intelligent assistance through Microsoft 365 Copilot Chat or the apps they use every day, including Word, Excel, PowerPoint, Outlook, Teams, and more, to provide real-time intelligent assistance. It also forms the foundation for new, agentic capabilities that apply the power of Copilot orchestration to more specific knowledge sources and tasks.

According to our Work Trends annual report, employees who use AI are seeing significant benefits.

Organizations like ours that are unlocking AI assistance within employees’ everyday workflows are poised to gain a distinct advantage in terms of productivity, engagement, and innovation.

“We’re using it to reduce our IT expenses and enhance our productivity,” Osten says. “We’re also excited by its potential to create a lasting competitive advantage for us here at Microsoft and for our customers.”

Our mission in Microsoft Digital is to empower, enable, and transform the company’s digital employee experience across devices, applications, and infrastructure. We also provide a blueprint for our customers to follow in the form of this guide for deploying and adopting Copilot.

“The contents of this guide are based on the lessons we’ve learned deploying Copilot,” Osten says. “The tips and ideas you’ll read here will help you accelerate your own time to value with Copilot so you can realize the same benefits as our employees.”

Are you an executive?

View our condensed, CIO version of the guide here.

Chapter 1: Getting governance right

Maintaining privacy, security, and compliance while respecting regulatory frameworks.

Before you begin your Microsoft 365 Copilot implementation, you’ll want to consider how this tool impacts your data. Copilot employs LLMs that interact with data and content across your organization. It uses information your employees can access to transform user prompts into personalized, relevant, and actionable responses throughout Microsoft 365 apps.

Giving your employees this level of access means proper data hygiene is essential. At Microsoft Digital, we use sensitivity labeling to empower our employees with access while also protecting our data. Our colleagues on the product side designed Copilot to respect labels, permissions, and rights management service (RMS) protections that block content extraction on relevant file labels. By implementing effective sensitivity labeling practices, you can rest assured that anything you intend to remain private or confidential will stay that way.

Pick the governance path that’s right for you

This chapter outlines the highly robust, best-case scenario we created at Microsoft, but we know not every organization has a fully deployed data governance system and strategy. If you’re in that position, don’t worry! You can use techniques like Restricted SharePoint Search that provide value and protection without exposing Copilot to your internal resources.

Laying the groundwork with proper labeling

Throughout our internal governance efforts within Microsoft Digital, we’ve developed four labeling practices that make up our foundation for appropriate policies and settings.

Responsible self-service

Support and enable your employees to create new workspaces like SharePoint sites, ensuring your company data is on your Microsoft 365 tenant and employees don’t simply re-use and overload existing spaces with mismatching permissions. That enables your employees to take full advantage of Copilot in ways that align with your organizational data hygiene while you keep your company’s information safe.

Top-down defaults

Label containers for data segmentation by default to ensure your information isn’t overexposed. At Microsoft, we default our container labels to “Confidential\Internal Only.” That ensures alignment with our policies and settings that limit external sharing. We use Microsoft Purview to manage this process.

Consistency within containers

Derive file labels from their parent containers. Being consistent here boosts security across every layer and reduces the administrative burden on your employees to label every file they create. Copilot will reflect file labels in chat responses, so employees know the level of confidentiality behind each portion of AI-created responses.

Employee awareness

We train our employees to understand how to handle and label sensitive data. By making your workers active participants in your data hygiene strategy, you increase accuracy and your overall security posture.

Self-service with guardrails

The data hygiene practices we outlined above form a foundation for compliance and security, but backstopping those efforts through Microsoft 365 features adds an extra layer of protection. That’s a core principle of Zero Trust.

At Microsoft Digital, we use Microsoft Purview Data Loss Prevention (DLP) policies to define the rules and actions for detecting and protecting sensitive data across Microsoft 365, SharePoint, OneDrive, and Teams. DLP policies support vulnerable data types and scenarios that require protection. Those include any kind of information that might introduce inappropriate access to company data or intellectual property. Examples include access to credentials like keys or tokens, personally identifying information, financial data, or non-public source code.

Sign-in information, reports, and dashboards are available via Purview to help our team monitor and analyze content activity and compliance across the organization. They also provide insights into the volume, location, and usage of sensitive data, as well as any incidents and alerts that indicate potential data breaches or violations.

For example, an employee might label something as “General,” but it contains credentials or other sensitive end-user identification information (EUII). In those instances, Purview will automatically block the file from access beyond its owner or reapply a more appropriate label.

Between proper labeling and backstopping self-service through DLP guardrails, we’re able to keep Copilot Chat from surfacing documents it shouldn’t share in the wrong context or to the wrong people. Using Purview and other tools at our disposal, the five practices below help us keep our employees and our company’s data safe.

Trust, but verify

Empower self-service with sensitivity labels, but verify them by checking against DLP standards, then use auto-labeling and quarantining when necessary. Internally, we’ve configured Microsoft Purview DLP to detect and control sensitive content automatically.

Expiry and attestation

Put strong lifecycle management protocols in place that require your employees to attest containers to keep them from expiring. We don’t keep items that don’t have an accountable employee or that might not be necessary for our work.

Controlling the flow

Limit oversharing at the source by enabling company-shareable links instead of forcing employees to grant access to large groups. At Microsoft, we add an extra layer of highly confidential items that users can only share with specific people on a need-to-know basis. To enforce these behaviors, you can set default link types based on labels through Purview.

Oversharing detection

Even under the best circumstances, accidents happen. When one of our employees does overshare sensitive data, we use Microsoft Graph Data Connect extraction in conjunction with Microsoft Purview to catch and report oversharing.

International compliance: No size fits all

Europe has extra requirements in the form of EU Data Boundary regulations and works councils, internal organizations that provide employee co-determination on workers’ rights or regulatory issues, including performance management or monitoring. Our Copilot deployment meant we needed to partner closely with our Microsoft works councils when launching AI technology with complex data and privacy implications.

Your experience will vary depending on your industry and where you operate, but we’ve learned that it’s best to work closely with local subsidiaries to ensure you have a complete picture of a region’s regulatory situation. Local insiders are poised to liaise with their works councils, as we’ve done at Microsoft, or other bodies through direct relationships. Start the process early so you can manage feedback cycles effectively, make adjustments, synthesize any answers that works councils need, and resolve any concerns through configurations that make sense for your employees.

Learning from Microsoft’s governance, security, and compliance practices

Bring the right people into the conversation

Don’t keep this conversation in the IT sphere alone. Bring in all the relevant security, legal, and compliance professionals.

Build a foundation for automation

Microsoft Purview DLP has powerful intelligent detection, but it relies on establishing good defaults.

Think about how your employees will use Copilot

Determine the primary use cases for Copilot. The kinds of collaboration and access employees need will affect your default labeling architecture.

Take this opportunity to train employees

If you’ve been looking for an excuse to refresh employee knowledge around data privacy, let this moment be your milestone. It will be far easier to start with a clean data estate.

Don’t overwhelm your users

Make labeling simple and intuitive and ensure it isn’t overwhelming. Employees should have a limited set of choices to keep things comprehensible. It’s also valid for different employees to see different choices.

Balance good governance with time to value

Because of the scope and complexity of our deployment, we took a very thorough approach to governance. If speed is your priority, you might consider a faster deployment with a less comprehensive governance approach, for example, using Restricted SharePoint Search to constrain both Enterprise Search and Copilot experiences to a curated set of SharePoint sites of your choice.

Key takeaways

Use these tips to tackle governance, security, and compliance at your company. It’s based on what we learned deploying Copilot internally here at Microsoft.

1) Labeling

• Develop a labeling taxonomy. This should include:
  • Classification levels, not exceeding five primary labels and five sub-labels
  • Descriptions clearly outlining a label’s meaning for employees
  • Examples to clarify usage for employees
• Determine policies and settings that correspond with labels. Consider the following:
  • Storage type and location
  • External allowance
  • Encryption
  • Access control
  • Data destruction
  • Data loss prevention
  • Public disclosure
  • Logging and tracking access
• Establish container defaults
• Configure container labels to set the default file label in document libraries
• Initiate an employee education initiative

2) Data loss prevention

• Configure Microsoft Purview DLP standards and quarantining protocols
• Establish lifecycle management and attestation protocols
• Configure Microsoft Graph Data Connect to discover where you’re oversharing

3) International compliance

• Initiate conversations with local subsidiaries
• Engage works councils or other advocacy bodies
• Address concerns
• Determine the feasibility of regional deployment and segment if necessary

Key actions:

How we did it at Microsoft

• Read our guide to governing Microsoft 365 Copilot. This step-by-step resource, based on our internal experience at Microsoft, will help you adapt your existing governance standards to reflect the new realities of AI.

• Check out how we’re using sensitivity labels to empower our employees while making Microsoft more secure. This article shows you how having a pre-established plan for labeling helped our Microsoft Digital team quickly deploy Copilot with proper guardrails.

• See how we’re riding the wave of agents that’s washing over Microsoft through good governance. This post talks about the ways good governance also pertains to enterprise AI extensibility through agents.

Further guidance for you

• Conduct the Microsoft 365 Copilot Optimization Assessment to understand your level of AI adoption and chart your course.
• Access Microsoft Learn documentation to read more about data, privacy, security, and Zero Trust principles.
• Follow the company’s governance and security overview for Copilot Studio to ensure your agents are managed safely and efficiently.

Chapter 2: Implementation with intention

Building a strategy for licensing, administration, and rolling Microsoft Copilot out to different groups within your organization.

Implementing Microsoft 365 Copilot isn’t as easy as just turning on licenses and alerting your users. It takes organizational partnerships, early assessments of your concrete business needs, and careful planning.

Design for the “who”

Copilot is a new concept in business software. At the time of our implementation, we were the first company to roll it out anywhere in the world, and our Microsoft Digital implementation team had to choose from countless ways to approach a licensing strategy—different mechanisms of licensing, automation, management, and the list goes on. Regardless of your overall approach, we’ve learned from experience that it almost always makes sense to start with pilot groups who can validate the tool and enable the rest of your organization.

For us, that looked like this:

Phase zero

We gave our Copilot engineering team early access so they could test Copilot from an insider’s perspective. We shared our early feedback with the product team.

• Product engineers

Phase one

We issued a limited number of on-demand licenses in core scenarios to get validation and feedback for key use cases.

• Sales
• Marketing

Phase two

We extended licenses to teams who needed to understand and support Copilot or provide approval for use.

• Support
• HR
• Legal
• Security
• Works councils

Phase three

We deployed Copilot and started working on adoption across the entire company.

• Advancing in phases, we deployed Copilot to more than 300,000 Microsoft employees and external staff.

Scaling out your licenses

After you decide on the general shape of your rollout, you can begin building your licensing strategy. Fortunately, if your organization uses Microsoft 365, you’ll already have access to most of the apparatus you need. The inherent flexibility of Microsoft 365 licensing means you can easily adjust your strategy as you progress based on scale, organization changes, or any other factors.

At Microsoft Digital, we started with individual licenses at the single-user level. As our implementation scaled, we tied licensing automation to Microsoft 365 security groups to implement targeted licensing changes at scale. Those groups could include tailor-made subsets of employees or entire organizations within Microsoft, and we keyed our automation logic to their expanding and contracting eligibility.

We highly recommend defining a phased rollout strategy and structuring your groups accordingly. That creates accountability and gives your IT admins a crucial point of contact for understanding the licensing needs of different groups within your organization.

Based on our implementation experience, there are three main benefits to using security groups:

Optimize licensing costs: Create groups that reflect your business needs and goals that align with your respective business sponsors. Sync your licensing status changes with group membership changes. That way, you can assign the right licenses to the right users and adjust easily if you require frequent changes, for example, in your early initial validation phase, to avoid paying for licenses you don’t need or use.

Refine admin costs: Group-based licensing lets your admins assign one or more product licenses to a group. This depends on your rollout strategy and progress. Your admins will be able to streamline your group setup at scale, reducing your admin overhead. This strategy is helpful, considering all the licenses you likely need to manage.

Enhance compliance and security: This ensures that only authorized users receive licenses and get access to resources, enhancing your security and compliance. Your admins can use audit logs and other Microsoft Entra services to monitor and manage your group-based licensing activities.

Pre-adoption communications

Given the excitement around AI tools, one of the biggest challenges during our phased implementation was support requests from employees outside our initial pilot groups. Most of our support requests at this stage were essentially asking, “Where’s my license?” It was a key learning for our Microsoft Digital implementation team.

You can easily avoid the issue through clear and honest communication. For example, when you alert your initial implementation groups about their Copilot access, you could simultaneously deploy “Coming soon” emails to the rest of your organization. That will help you avoid any confusion while simultaneously generating excitement and boosting general adoption when the time comes.

In the end, what’s most important is building a strategy for getting all users access to Copilot, structuring your rollout, and helping people build the daily habit of using AI. While leadership sponsorship is especially important in later phases of adoption, it’s also crucial here as a way of identifying who should be part of pilots and subsequent cohorts. Leaders can help communicate those decisions.

The bottom line is that your IT implementation team can’t work in isolation. Communication—especially from organizational leadership—will be a key part of your licensing and implementation strategy.

Learning from our implementation 

Design for the “who”

When you determine your initial cohorts, base your decisions on which roles have the largest coverage and will provide the most relevant feedback.

Get your groups in place

Be thoughtful about your Microsoft 365 groups and make sure everyone knows who owns them and who’s responsible.

Engage your support team from the start

This is a new technology, so your support teams will receive requests. Ensure they’re ready by giving them early access.

Manage expectations to minimize blowback

Proactively help users understand why they have licenses or don’t. Note that your rollout strategy might be subject to change.

Bring leadership on board early

Executive sponsorship isn’t just useful for adoption. Leaders will also help you identify the key use cases within their organizations to determine if they belong in early rollout phases.

Product feedback at every level

Encourage feedback for employees in your early implementation phases, because that will guide your wider adoption efforts.

Key takeaways

Use these tips to help you with your internal implementation and admin process. They are based on our experience here at Microsoft.

1) Get ready

• Perform the Microsoft 365 Copilot optimization assessment
• Identify key implementation phases and groups
• Secure leadership involvement
• Build out your implementation plan and map it to a licensing strategy

2) Onboard and engage

• Assemble security groups and assign responsibilities
• Build an automated Microsoft 365 licensing management workflow
• Enable roles for Copilot reports and the Copilot dashboard
• Assign licenses and configure them using the setup guide
• Analyze pilot data:
  • Access in-app feedback
  • Facilitate feedback sessions
  • Analyze usage reports
• Deploy communications: For strategy around this element, see the next section

Key actions

How we did it at Microsoft

• Learn about the councils steering our AI projects here at Microsoft.
• Find out how we’re unlocking the value of Microsoft 365 Copilot at Microsoft.

Further guidance for you

• Use the Microsoft Copilot Success Kit to accelerate your implementation with templates, onboarding guides, and technical readiness resources.
• Follow step-by-step instructions for assigning licenses and onboarding users in the Microsoft 365 admin center.

Chapter 3: Driving adoption to capture value

Effective adoption: From readiness to empowerment

The fact that your employees are excited to try out a powerful new technology platform isn’t enough. We found that you need strategic, coordinated change management efforts to drive Microsoft 365 Copilot adoption.

That way, you can be sure to get your employees onboard at the right time in the ways that you want. The idea is to give them the freedom to be themselves with proper guardrails.

Consider breaking your company-wide adoption into cohorts, for example, subsidiaries or business groups. We divided our adoption along two vectors: internal organizations like legal or sales and marketing, and regions like North America or Europe. Different cohorts have different focuses, but the strategy is similar.

Microsoft 365 Copilot change management

Effective change management needs careful planning. Our adoption efforts took inspiration from the Microsoft Engagement Framework, which we’ve developed specially for driving adoption of our products. If you’re an adoption specialist or change manager, you might notice similarities with Prosci’s ADKAR model, which progresses through awareness, desire, knowledge, ability, and reinforcement.

Whichever framework you choose, the techniques we use here at Microsoft will apply. Either way, the process starts with your people.

Get ready

Begin by working with your company-wide adoption leads, then identify members of your target cohorts who will support the adoption, including change managers, leadership sponsors, and employee champions.

Champions boost adoption by filling several important roles:

• Pinpointing key usage scenarios for Copilot based on their cohort’s culture or processes.
• Deciding on the best methods of communication.
• Providing insights that help adoption leaders build out their rollout plans.
• Extending the reach of our adoption team through peer-to-peer support and guidance.
• Most importantly, demonstrating the value of Copilot and showing their peers how powerful this tool can be in their day-to-day work.

When champions socialize their tips and tricks, our experience at Microsoft Digital has revealed that it’s best to share specific prompts and the value they provide as a concrete entry point for users. For example, a champion could say, “I saved three hours drafting this sales script in Microsoft Word using this prompt,” then share their Copilot prompt as a place for peers to start. You’ll find advice below for how you can effectively incorporate champs into your adoption efforts.

Works councils also play a key role at this stage. They offer the benefit of local cultural expertise and can help you identify challenges employees face in their jurisdictions. Even something as simple as understanding proper modes of address helps smooth the road to adoption through effective communication.

Each of these sets of stakeholders has a role to play in your rollout. We recommend using Microsoft Copilot adoption resources to build out your adoption plan.

Onboard and engage

At Microsoft, we implemented this phase across each adoption cohort. Because every group will have its own champions and leadership sponsors, it’s important to treat each of them as its own organization, with its own unique adoption needs.

In advance of our general rollout, we deployed jump-start communications with links to learning opportunities:

• Localized training took the form of Power Hours in different languages and time zones. These training sessions demonstrated key Copilot scenarios across Microsoft 365 apps.
• Self-learn assets included user quick-start guides, demo videos, and the Microsoft Copilot Academy to accommodate different learning styles and preferences.

From our experience at Microsoft Digital, pre-rollout communications fulfill two needs. First, this messaging is a great opportunity to launch your champion communities because early access to Copilot licenses and learning material helps peer leaders build their expertise. Second, these communications build your general adoption population’s desire and excitement for their incoming Copilot licenses, then prepare them to hit the ground running when they finally get access. Clear messaging also helps ward off questions from eager employees asking why they don’t have licenses yet.

After your Copilot licenses are live, your launch-day welcome communications are relatively simple. Just invite employees to access Copilot, play with this new tool, and start to experiment with how it can fit into their daily workflows. It’s also helpful to include information about where employees can get support. There are many possible vectors for deploying these communications, but a multi-pronged effort that includes Microsoft Viva Amplify will deliver the maximum impact.

For support in building out your own communication plan, our adoption team has created a user onboarding kit for Copilot. These ready-to-send emails and community posts can help you onboard and engage your users.

Deliver impact

After everyone has access, it’s time to promote Copilot usage and ensure your employees are getting the best possible experience and the most value. For Microsoft’s cohorts, employee champions and leadership sponsors were essential levers.

It’s important to remember that Copilot isn’t just another tool. It introduces a whole new way of working within employees’ trusted apps. At Microsoft Digital, we took great care to encourage employees to be adventurous and lean into a mindset shift to see it as part of their daily work—not just something they play with when there’s time.

Microsoft Viva Engage or a similar employee communication platform is a helpful forum for peer community support. In our case, it provided an organic space for champions to share their expertise and change managers to provide further recommendations and adoption content. For employees who explore best on their own, Copilot Lab provides in-the-flow learning opportunities to build their prompt skills.

Meanwhile, leadership sponsors diversified our communications strategy by deploying and amplifying messaging through executive channels like org-wide emails or Microsoft Viva Amplify. Because we broke our adoption out by both organization and region, employees benefited from two sets of communications, each focusing on the scenarios that are most relevant to them.

Extend and optimize

Finally, successful adoption depends on measurement, feedback, and listening.

Understanding overall usage patterns and impact is crucial to optimizing adoption. Our Microsoft Digital team employed a combination of controlled feature rollout (CFR) technology while tracking usage through Microsoft 365 Admin Center, the Copilot Dashboard, and Viva Insights. Together, these tools gave us the visibility and tracking we needed to establish and communicate adoption patterns. Meanwhile, IT admins and user experience success managers accessed simple in-app feedback through Microsoft 365 admin center. But to really maximize value, our Microsoft Digital employee experience teams conducted listening sessions and satisfaction surveys.

All of these insights are helping us establish a virtuous cycle to drive further value and better adoption for future rollouts, extend usage to new and high-value scenarios, incorporate Copilot into business process transformation, and understand custom line-of-business opportunities.

Driving user enablement with Microsoft Viva 

We used Microsoft Viva to help enable our 300,000+ global users. Microsoft Viva is an Employee Experience Platform that brings communication and feedback, analytics, goals, and learning into one unified solution. Our team in Microsoft Digital used Viva across a range of change management scenarios, including building awareness, communicating with our employees, providing access to readiness and learning resources, and measuring the impact of our deployment. 

Accelerating Microsoft 365 Copilot with Viva

Viva Connections

Sharing key news related to deployment and enablement, generating “buzz,” and tying Copilot to Microsoft culture.

Viva Amplify

Producing and efficiently distributing employee communications to build awareness and excitement.

Viva Learning

Courses and training for our employees on how to maximize value from Copilot, inclusive of building effective prompts.

Viva Engage

Actively engaging employees, providing leader updates, listening to feedback, and enabling Champs community.

Viva Insights

Using the Microsoft 365 Copilot Dashboard beta to identity actionable insights and usage trends.

Viva Pulse

Instant feedback from employees on their Copilot experience to fine-tune our landing and adoption approach.

Viva Glint

Understanding employee sentiment and gauging the overall effectiveness of our Copilot deployment effort.

Consider these examples:

• A human resources professional might use Copilot to create job descriptions by prompting it to suggest essential skills, qualifications, and responsibilities for a prospective role.
• A salesperson could ask Copilot to generate a table comparing their company’s flagship product with a competitor’s to address customer questions more efficiently.
• A finance professional might prompt Copilot to review and summarize a new contract to reduce the time it takes to search for key data.

Any single approach would never be adequate to address every different discipline and use case. With the rise of agents, specialized AI-powered assistants that customize and focus the capabilities of Copilot, certain roles derive the most value from tailored assistance for specific tasks.

So, we created a playbook that our employees can use to construct their own role-based scenarios according to their individual teams’ unique needs.

We designed it to help adoption professionals accomplish the following objectives:

1. Understand the top responsibilities, challenges, needs, and wants of prioritized roles.
2. Articulate and communicate hero scenarios by clearly depicting how Copilot can enable them.
3. Share deliverables that include roles, scenarios, and prompts with the wider organization to drive awareness, adoption, engagement, and value.

Through internal testing and scenario crafting, we developed a four-part framework for creating, delivering, and socializing hero scenarios across any organization. These are the steps you can follow to create Copilot support content for adoption efforts tailored to specific roles.

Phase 1: Ready

This phase will help your organization, department, or team prepare for the process. It involves aligning with leadership and sponsors who will be accountable for driving value using Copilot. It’s also where you’ll select the priority roles, draft outlines of those roles so you can clarify your understanding of their needs and wants, and seek out feedback from leaders, managers, and subject matter experts.

Phase 2: Engage

Engaging with employees is the key to uncovering Copilot’s core value. In this phase, you’ll identify participants from your priority roles who demonstrate enthusiasm and early aptitude with the tool. From there, you can choose an approach, which might include in-person group sessions, virtual Microsoft Whiteboard sessions, one-on-one interviews, Microsoft 365 Loop collaboration, or whatever modality works best, then communicate the process to participants. Whatever you choose, the final step in this phase is conducting your employee engagements to document existing and aspirational Copilot usage scenarios.

Phase 3: Deliver

Ideating hero scenarios is how you discover value. The delivery phase defines that value and organizes it into a useful, consumable format. It starts with reviewing and analyzing the outcomes of your sessions to gain insights and identify themes. Now is the time to document your hero scenarios and the value they add, as well as blockers and accelerators. Finally, you’ll provide your output: a comprehensive deck that includes your priority roles, hero scenarios, next steps, and more.

Phase 4: Share

The final phase of this process involves socializing your scenarios across your team or organization to realize value. If you’re part of a large organization, it’s helpful to radiate these outputs beyond the target group as an opportunity for further Copilot momentum. This stage includes diving deeper into blockers and accelerators that can help your organization as a whole speed time to value.

Learning from our adoption of Copilot

Cascade adoption efforts through localization

Regional differences, priorities, even time zones—they can all block your centralization efforts. Your insider adoption leaders within each adoption cohort can help.

Empower your employee champions with trust

Monitor your user-led adoption communities at the start to provide support. As this community of power users becomes product experts, they’ll take over.

Empower employees as innovators

You’ll be surprised by what your employees dream up. Provide every opportunity for them to share their favorite tips and usage scenarios.

Create excitement, but set expectations

Encourage a healthy mindset around what Copilot can accomplish and where it fits. Don’t overpromise.

Gamify learning to build engagement and experience

Friendly competitions or cooperative challenges like prompt-a-thons generate excitement and invite creativity.

Understand that for many, AI is emotional

Overcome AI hesitancy by encouraging employees to tackle easy tasks with Copilot assistance. That will help minimize reluctance through practice.

Key takeaways

Use these tips as your guide as you build out and implement your adoption plan. They are based on our own experience internally at Microsoft.

1) Get ready

• Identify and ramp up the person who will lead adoption for your organization
• Create an adoption team and identify who will lead each workstream within each cohort, including:
  • Change managers
  • Executive sponsors
  • Employee champions
• Conduct a kickoff meeting with your adoption team and set up a meeting cadence and workflow
• Identify users and usage within your cohorts:
  • Pinpoint key usage scenarios, for example, CRM-connected email communication for salespeople or customer-facing copy support for marketers
  • Identify cohort-specific personas, for example, software engineers, customer support specialists, and business operations project managers
• Determine communication preferences for each cohort and their personas and optimize messaging for each
• Define success criteria with KPIs and a success measurement plan
  • Examples include usage by app or feature and user sentiment
• Complete user enablement strategy training
• Define a user experience and feedback strategy
• Build deployment communications and an enablement asset library
  • Localize for international audiences

2) Onboard and engage

• Deploy readiness communications with onboarding content:
  • Led by cohort adoption team
  • Led and amplified by leadership sponsors
• Launch champion communities
• Deploy launch communications
  • Led by cohort adoption team
  • Led and amplified by leadership sponsors
• Socialize employee engagement communities
• Run live learning sessions
• Provide self-learning opportunities
• Upscale the working environment with digital banners, posters, and other promotional materials to help employees visualize Copilot

3) Deliver impact

• Promote usage through internal cohort channels
  • Follow-up communications
  • Viva Engage champion posts
• Report on KPI success at predetermined intervals
• Facilitate listening
  • Satisfaction surveys
  • Listening sessions
• Gather and amplify success stories
• Apply learnings to further adoption activities
• Nurture existing champions through a technical training track
• Develop reinforcement, resistance, and maintenance plans

4) Extend and optimize

• Explore new high-value scenarios
• Investigate business process transformation via agents, Copilot Studio, plugins, and connectors
• Source custom line-of-business opportunities

Key actions

How we did it at Microsoft

• Learn how we’re unlocking the value of Copilot at Microsoft. This post shares our overall journey from planning to measuring impact.
• Discover ways we’re approaching change management around Microsoft 365 Copilot. This story identifies the challenges and opportunities around adopting a new and revolutionary technology.
• See how we’re using Microsoft Viva to drive Copilot adoption. This article shares how Microsoft Viva acted as a comprehensive adoption tool during our Copilot rollout.
• Find out how we made Microsoft 365 Copilot adoption fun with Camp Copilot. This post shares how a grassroots, gamified community initiative became one of our most effective adoption drivers. Pair that story with this one that shares our seven tips for driving a successful virtual Copilot skilling event, and check out this article about our three-week Copilot Expo.
• Find out how a Copilot Champs community can help you drive adoption. This post shares how peer-to-peer adoption support helps drive greater engagement for employees.
• Learn how we’re helping our employees build daily Copilot habits with these 10 tips and check out our tips list for engineers.
• Explore how we created a Center of Excellence to guide our adoption and use of AI.
• Learn how we’re applying the Microsoft Responsible AI Standard here in Microsoft Digital and across the company.

Further guidance for you

• Explore the company’s essential guide to Copilot adoption for practical steps to onboard, engage, and measure impact across your organization.
• Use the Microsoft Customer Hub to access community resources and skilling events that can help you build a champions network and foster peer-to-peer support.

Support for adoption leaders

• Access the Copilot scenario library to understand different user needs and opportunities.
• Gain insights from your Microsoft Copilot Viva Insights dashboard.
• Deepen Copilot engagement through the Microsoft Modern Collaboration Architecture (MOCA).
• Help users build daily habits around Copilot using our suite of user engagement tools and templates.

Resources for IT practitioners

• Offer your employees training opportunities through a Microsoft Learn training module.
• Access different Copilot user help and learning resources.
• Give your employees a leg up on creating AI prompts with this blog post.

Chapter 4: Building a foundation for support

Setting your Support team up for success

Empowering employees means making sure they have access to the right support channels, especially if they have concerns with a new technology. The fact that Microsoft 365 Copilot operates across a wide spectrum of Microsoft 365 apps adds complexity to your support apparatus.

As a result, it’s important to give your support teams early access along with your earliest pilot implementations. For Microsoft Digital, that included members of our internal support teams who help Microsoft employees when they run into technical issues, as well as our Customer Experience and Support team that engages with external customers to troubleshoot problems with new Microsoft products. We also invited subject matter experts for Microsoft 365 apps featuring Copilot experiences, including Teams, Outlook, and more.

A small group of users across both internal and external support teams, as well as our Microsoft 365 subject matter experts, gained access at first, and we encouraged them to experiment and try to break features. This was a crucial learning phase for Microsoft Digital because it surfaced interesting issues that wouldn’t come up if our teams didn’t have access and an opportunity to experiment.

Building insights and product experience was step one, but we needed to collect that knowledge so it would be actionable in real situations. To accomplish that, we created a special Teams channel where our support team members collaborate with pilot users of Copilot and representatives of the product group. From there, we worked with marketing and communications professionals to start building our support team’s knowledge base, which would also serve as the foundation for our user-facing content.

Eventually, the time came to provide access to our wider support team. At that point, our support pilot members operated as learning leaders. When it came time to share their knowledge, it took the form of informal brown-bag sessions. We also engaged in shadow/reverse-shadow role-playing exercises so our support agents could practice addressing common issues.

Principles of good support

Available

Highly available and in-context support should deliver both self-help and assisted experiences wherever and however the user needs them.

Consistent

Coherent and seamless access to support across the entire journey eliminates frustration and keeps the experience consistent.

Contextual

Base your support experience on where the user is and what they’re trying to accomplish.

Personal

Anchor support in a user’s goals and preferences.

Strategizing for support

Building experience and knowledge is one thing, but coming up with your approach to support requires planning and a strong idea of your users’ ideal experience. At Microsoft Digital, we take a “shift-left” approach. That means we save our human support staff time by attempting to create excellent self-service options for our users. As a result, they won’t need to access a human agent unless they’re at a genuine impasse.

Shift-left principles can apply to many different support contexts, but with Copilot, we’ve found that the most important upfront action is ensuring your employees have accessible self-service support channels and communicating their availability. That might come through in-app support or access to knowledge bases.

Work with your adoption teams to ensure they include those self-service support vectors in their rollout communications. For us, self-service was able to answer many of our users’ questions, and for any extra-tricky issues, we had them access human-led support.

Seven things we learned preparing our Microsoft 365 Copilot support

Preliminary access

Select your initial support specialists. Include people with different Microsoft 365 app focuses, support tiers, and service audiences.

Communication hub

Establish a community space where your support team can connect and collaborate on issues. Invite non-support professionals as needed.

Knowledge base

Start a collaborative document and add learnings. This will eventually evolve into your knowledge base for internal support.

Widen access

Host information sessions with the wider support team and extend access so all relevant support professionals can ramp up.

Rehearse

Conduct role-playing and shadowing sessions so support teams can build practical knowledge and confidence.

Support go-live

Get your support resources and processes ready and push them live in advance of your Copilot deployment. Consider a dry run.

Track

Determine a tracking cadence and gather data on Copilot issues that arise so support teams can identify trending issues and tickets.

Common questions, issues, and resolutions

As the first enterprise organization to go through the Copilot deployment process, we’ve identified a few challenges and questions you might have. Feel free to add these to your support knowledge base and employee-facing communications.

We’re getting questions about why particular employees don’t have licenses.

Ideally, your adoption communication waves solve this issue by alerting employees when to expect their licenses and when they receive them. Otherwise, consider having a readily available link that answers licensing questions for users or directs them to their relevant managers or admins. You can also automate this process.

Users are coming to us with questions that would be better served by adoption and employee material, and that isn’t our role as support.

Work with your adoption team to preempt these issues with proactive communications. Update your self-help content and provide your support agents with ready access to different employee education resources, including your user-facing knowledge base, self-help videos, and Viva Engage communities focused on Copilot.

Teams are looking for integration support. Where do I send them?

Share this list of pre-built connectors to help your users integrate various data sources into your Microsoft Graph. This list shares the types of content supported.

Can employees put confidential information into Copilot?

As long as your employees are signed in to Copilot with their Entra ID, they can enter confidential information.

My organization has concerns about who owns the IP that Copilot generates. Does the Microsoft Customer Copyright Commitment apply to Copilot?

Microsoft does not own the IP generated by Copilot. Our universal terms state, “Microsoft does not own customers’ output content.” Those terms also include our Customer Copyright Commitment.

What’s the best way to verify the accuracy of the information Copilot provides?

Where possible, Copilot is transparent about where it sources responses from. It answers complex questions by distilling information from multiple web sources into a single response. Copilot provides linked citations to these answers so the user can verify further. 

Key takeaways

Use these tips as your guide as you build out and implement your adoption plan. They are based on our own experience internally at Microsoft.

1) Onboard and engage your support team

• Start with a small set of support leaders:
• General support
• Microsoft 365 product specialists
• Establish a Teams channel for communication and knowledge sharing
• Create a collaborative knowledge base foundation
• Widen access to the full Copilot support team
• Train your full support team:
  • Conduct information sessions
  • Conduct role-playing exercises
• Establish your escalation process
• Engage your internal communications team:
  • Finalize your user-facing knowledge base
  • Discuss the inclusion of knowledge base material and the support process in rollout communications

2) Deliver impact for your users

• Signal support availability in user communities on Viva Engage and other platforms
• Publish your user-facing knowledge base
• Establish self-service automations if applicable

3) Extend and optimize your services

• Review support issues and product feedback
• Calibrate the optimization of your support workflows

Key actions

How we did it at Microsoft

• Read how we’re using AI to transform our Support business at Microsoft. This article shares how our Support team in Microsoft Digital is using AI to overhaul the business from end to end.
• Learn how we deployed the Employee Self-Service Agent here at Microsoft. This blog post shares how we’re using this agent to help our employees with their support needs in the flow of where they work in Copilot.
• Discover ways that AI is revolutionizing support for corporate functions at Microsoft. This post shares an overview of areas where AI can help support teams do their work more effectively.
• See how we’re supercharging our support experience with Microsoft Dynamics 365 and AI. This story outlines ways that AI is boosting our HR team’s support for employees.

Further guidance for you

• Follow the Microsoft IT admin guide for Copilot onboarding, enablement, and support resources to ensure a smooth rollout.
• Access the Copilot Success Kit for launch day assets, support templates, and troubleshooting guides.

Chapter 5: Extending Copilot through agents

Unlocking more tailored experiences by enabling employees and teams to create agents

As organizations and employees have matured with respect to AI, agentic extensibility is expanding the frontiers of this technology. By using and even creating agents that surface knowledge, take actions, and reinvent workflows, employees can personalize AI’s capabilities to fulfill more specific needs.

At Microsoft, we’re leaning into the agentic future by empowering employees and teams to create agents of their own. Agents and their capabilities are incredibly varied. They range from pre-made out-of-the-box agents in Microsoft 365 embedded directly into Copilot Chat; to straightforward agents that employees create themselves using a simplified process also available through Copilot Chat; to Copilot Studio agent builder or SharePoint agent builder; all the way up to complex agents that can take action on behalf of users, designed using tools like Microsoft Copilot Studio and Azure AI Foundry.

Our goal has been to provide access and enable their use at appropriate levels for our employees and the company as a whole. To make that happen, we’ve adopted a maturity model for agentic AI deployment. Early phases focus on using Copilot, grounded in enterprise data, to enhance knowledge discovery and retrieval. Later phases will enable our employees to act on that knowledge and even fully automate business workflows.

Phases of maturity

Each of these levels of agentic capability requires different tools to create and depends on different policies to govern. In the simplest terms, this involves three levels of agent, each of which can handle progressively more complex tasks:

Retrieval agents

Employees use low-code solutions like Copilot Chat or Copilot Studio agent builder, or they can access ready-made agents in Microsoft 365 or SharePoint to quickly train models and retrieve knowledge for specialized scenarios.

Knowledge and action

Powered by built-in connectors in Copilot Studio, agents go beyond simple knowledge retrieval, offering next steps and actions that help employees defragment their day-to-day experience.

Workflow reinvention

Human-led, agent-operated teams perform fully autonomous actions to complete end-to-end workflows, enabling employees to focus on the highest value work while agents take care of repetitive tasks.

While the third level of maturity is still in its initial stages, our employees and teams are already creating retrieval agents and knowledge and action agents. Because retrieval agents don’t require special tooling, we allow employees to create them at will through Copilot Chat and simplified agent builders in Copilot Studio and SharePoint.

For more complex agents intended to meet enterprise needs across lines of business or the company as a whole, our developers use more full-featured tools like Copilot Studio or Azure AI Foundry. For these kinds of agents, we apply the same rigor, reviews, and software development lifecycle (SDL) we use as part of our standard internal app development.

As you explore the different kinds of agents available to your users and decide how and where to enable them, adoption.microsoft.com provides an excellent place to start. It provides three different approaches to creating agents: Microsoft 365 Copilot, Azure AI Foundry, and Copilot Studio. Once you determine who should have access to each of these creation methods, you can follow our advice on driving adoption for this new practice.

Of course, all of this choice adds complexity, so maintaining visibility and control over the agents your employees create can be a challenge. As a result, we take a matrixed approach to creating and governing agents based on different parameters. They include the type of agent, how the user creates it, its knowledge sources, the need for custom tooling, sharing and publishing permissions, and more. It will be helpful to review our strategy in full to help you think through the different parameters behind your agents, in addition to the processes and policies you’ll need to put in place to govern them.

Keeping agents safe and effective through good governance

As you enable your employees and teams to create and use agents, you’ll need structures in place to govern these tools. At Microsoft, we incorporated elements of our tenant’s minimum bar for governance into our policies for managing agents. These measures include Microsoft Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.

Our general governance strategy operates at the container level, but agents bring extra functionality to the table. To govern these capabilities, we introduced further controls like sharing limits, breadth of knowledge sources, agent metadata, and information about an agent’s behaviors. The result is a proactive approach to governance backstopped by reactive structures that catch any issues.

As you think about governing your own agents, consider the four core principles we’ve established at Microsoft Digital.

We empower employees to create and share simple, low-risk agents

We provide a safe space and personal flexibility that allows individual employees to experiment without implicating company data or content users don’t own.

We capture and vet sensitive data flows at the enterprise level

More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation. Builders need to demonstrate that they’ve thought through the security and privacy implications of their agents, so these projects go through approval process flows similar to other professionally developed apps before we trust them with potentially sensitive data.

We protect data designated confidential or higher

We contain data flows to tenant mandates and only trust suitable storage destinations for content. That depends on the ability to gate which connectors can work with particular source data and sensitivity labels.

We honor the enterprise lifecycle 

Both user-based and attestation-based lifecycles come into play. We treat agents that individual employees own like any other user-created app and delete them when that individual leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the SDL, and accountability confirmations.

Once you have your governance policies and procedures in place, you can begin your rollout to users through many of the same strategies and processes we’ve discussed in this guide.

Learning from our experience with agents

Connect with relevant stakeholders

Establish early communication and collaboration with members of your security, legal, compliance, IT, and other teams who can help you define ways to configure Copilot Studio agent builder safely.

Trust and empower

Provide safe spaces with appropriate guardrails for individual employees to experiment with simple agents. Copilot Studio agent builder is a great place to start.

Expand enterprise capabilities

Empower a small number of trusted creators to experiment with more powerful agent-building tools under the close watch of IT, Governance, Security, Privacy, Data, and HR teams. This will reveal gaps in process and policy and inform future reviews.

Solidify labeling and data

Revisit your labeling structures and data flows. It will be important to have these structures in place to support this new agentic environment. Start by learning from our experience governing Copilot at Microsoft.

Extend your review process

Adapt any review processes you already have in place to agents, including security, privacy, and accessibility. Embed those reviews into your publishing workflow for agents operating above the individual level. Consider adding reviews for Responsible AI.

Prevent agent sprawl

Establish a reasonable enterprise lifecycle for agents that includes attestation. That will keep agents from sprawling or remaining in place after employees have left your organization or simply no longer need a particular agent.

Key takeaways

Use these tips as your guide as you build out and implement your adoption plan. They are based on our own experience internally at Microsoft.

1) Plan and adapt

• Connect with stakeholders on relevant teams, including Security, Legal, Compliance, HR, and IT.
• Revisit your overall governance and labeling policies and procedures and update them to reflect the needs of agents.
• Plan and document your intended review process.
• Build your matrix of agent capabilities and parameters and map governance policies and procedures to each aspect of agents.
• Decide how your SDL procedures will map to agents.

2) Run pilots with select teams

• Determine your pilot teams. IT and other teams who will be responsible for determining policy are good places to start, for example, Security and HR.
• Establish a feedback and monitoring pipeline.
• Fine-tune your review and remediation procedures based on your learnings.

3) Enable agents across your organization

• Ensure Purview DLP, Microsoft Information Protection, and other backstops are in place before widely enabling agents for users.
• Deploy adoption communications and change management efforts.
• Enable simple agent builder capabilities for your general workforce.
• Enable more complex agent creation for developers on IT and line of business teams.

Key actions

How we did it at Microsoft

• Read about how embracing the agentic future is enabling us to become an AI-first Frontier Firm. This post shares our vision for using agents to transform the workplace.
• Read how good governance is helping us ride the wave of agents washing over Microsoft. This article outlines the governance strategies we’ve adapted to the new agentic moment.
• Find out more about our deployment of Microsoft Agent 365 at Microsoft. This post shows how we’re using this new platform to manage our agent ecosystem. 
• See how we’re unlocking enterprise AI extensibility with Copilot Studio. Read about Microsoft’s internal AI development initiatives and how we’re using and governing Copilot Studio.
• Learn how we’re enabling our employees to build custom retrieval agents. These agents are empowering our workers to accomplish more.
• Discover how we’re keeping our network infrastructure healthy at Microsoft with an employee-built AI agent. This article shares how our team built an agent to improve how we manage our network.
• Access our internal learnings and a step-by-step guide for unleashing API-powered agents at Microsoft. This article explains API agents and shares lessons from our journey using them internally.

Further guidance for you

• Explore the company’s official AI agent adoption guidance to plan, govern, and operate agents using proven frameworks and best practices.
• Visit the AI Agents Hub on Microsoft Adoption to access webinars, quick-start guides, and business scenarios for Copilot, Foundry, and Copilot Studio.
• Follow the Microsoft 365 Copilot Agents Deployment Blueprint to enable agents at scale with security, governance, and measurement strategies.
• Download the Agentic Automation Adoption Guide to learn migration strategies, governance models, and business value for agentic automation.
• Secure your agents at scale with Microsoft Agent 365 guidance for unified identity, compliance, and control across platforms.
• Learn about the Responsible AI policies and practices that we use to guide our use of AI at Microsoft.

Applying our deployment lessons at your company

You’ve learned from our Copilot deployment. It’s time to get started on yours.

Embarking on your Microsoft 365 Copilot deployment journey might seem daunting, but by capitalizing on the lessons that we’ve learned during our internal deployment, you can both speed up the process and avoid any pitfalls.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience.”

Stephan Kerametlian, business program management senior director, Microsoft Digital

By anchoring your work in careful planning and using the steps and resources provided in this guide, you can unleash a new era of productivity through Copilot.

You’re not in this alone. If you’re looking for support or knowledge on any aspect of your deployment, reach out to our customer success team.

For inspiration around ways that Copilot can become your employees’ AI assistant at work, read stories about how we’re using AI within Microsoft Digital and Microsoft as a whole.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience,” says Stephan Kerametlian, a business program management senior director within Microsoft Digital. “With the lessons we learned from our deployment, we’re confident that we can support businesses around the world as they achieve more through the next generation of intelligent experiences.”

Key takeaways

This guide reflects our learnings and the processes we followed during our internal rollout of Microsoft 365 Copilot. This last set of tips summarizes the major actions you can take to get started with Copilot at your company.  

• Start with strong governance: Build a clear labeling and data protection strategy before deploying Copilot to safeguard sensitive information and meet compliance needs.
• Pilot, then scale: Roll out Copilot in phases, beginning with pilot groups to gather feedback and refine your approach before expanding companywide.
• Communicate early and often: Proactive communication and leadership sponsorship are essential for managing expectations and driving successful adoption.
• Empower champions: Identify and enable employee champions to share best practices, tips, and real-world scenarios that help others get value from Copilot.
• Invest in training: Provide tailored learning resources and support to help users build confidence and skills with Copilot in their daily workflows.
• Measure and optimize: Track usage, collect feedback, and continuously refine your deployment to maximize impact and uncover new opportunities.
• Plan for support: Set up self-service and human support channels early so employees can get help quickly and keep momentum going.
• Extend with agents: As your organization matures, explore agentic AI to automate workflows and unlock even greater productivity gains.

Key actions

How we did it at Microsoft

• Read our IT playbook for becoming a Frontier Firm in the era of AI.
• Review our five-step AI maturity guide for IT leaders.
• Use our detailed Copilot governance readiness guide—based on our internal experience here at Microsoft—to manage the governance of your Copilot deployment.
• Learn how our IT organization is powering our companywide digital transformation.
• View our condensed, CIO version of this guide.

Further guidance for you

• Use this technical readiness guide to manage your Copilot deployment (PowerPoint download).
• Check out this content map to help you organize your Copilot deployment (PowerPoint download).
• Find the best overall Copilot deployment and adoption guidance at adoption.microsoft.com.

Try it out

• Learn how to get ready for Microsoft 365 Copilot at your company.

We’d like to hear from you!

• Want more information? Email us and include a link to this story, and we’ll get back to you.

The post Deploying Microsoft 365 Copilot in five chapters appeared first on Inside Track Blog.

Generative AI has captured the world’s attention, and businesses are taking notice.

According to our annual Microsoft Work Trends report, 70% of people would delegate as much work as possible to AI to lessen their workloads.

Capitalizing on this trend will mean the difference between surging ahead or getting left behind, including here at Microsoft, where we were the first enterprise to fully deploy Microsoft 365 Copilot.

“I’m inspired by the transformative power of AI,” says Andrew Osten, general manager of Business Operations and Programs in Microsoft Digital, the company’s IT organization. “I’ve been impressed with how quickly our employees have put it to work for them.”

He would know. His team is responsible for driving usage and adoption of Copilot and any new features to more than 300,000 employees and vendors across the world.

“Customers are looking to us to share what we’ve learned as the first enterprise to deploy Copilot. Our team has a unique opportunity to help them deploy and get to value as quickly as possible.”

Andrew Osten, general manager, Microsoft Digital

Our mission in Microsoft Digital is to empower, enable, and transform the company’s digital employee experience across devices, applications, and infrastructure. We provide a blueprint for our customers to follow as Customer Zero for the company, and as such, we’ve created this guide for deploying and adopting Microsoft 365 Copilot that’s based on our experience here at Microsoft.

“Customers are looking to us to share what we’ve learned as the first enterprise to deploy Copilot,” Osten says. “Our team has a unique opportunity to help them deploy and get to value as quickly as possible.”

Are you an IT pro?

View the full version of this deployment and adoption guide here.

Chapter 1: Getting your governance right

Before you even begin your Microsoft 365 Copilot implementation, you’ll want to consider how this tool impacts your data. Copilot uses Large Language Models (LLMs) that interact with data and content across your organization and uses information your employees can access to transform user prompts into personalized, relevant, and actionable responses.

Giving your employees this level of access means proper data hygiene is a priority. At Microsoft Digital, we use sensitivity labeling to empower our employees with access while also protecting our data. Microsoft 365 Copilot was designed to respect labels, permissions, and rights management service (RMS) protections that block content extraction on relevant file labels. That ensures private or confidential information stays that way.

This chapter outlines the highly robust, best-case scenario we created for Microsoft, but we know not every organization has a fully deployed data governance strategy. If you’re in that position, don’t worry! You can use Restricted SharePoint Search to provide instant value and protection without exposing Copilot to all of your internal SharePoint sites.

Laying the groundwork with proper labeling

We’ve developed four data labeling practices that make up our foundation for appropriate policies and settings.

Responsible self-service

Enable your employees to create new workspaces like SharePoint sites, ensuring your company data is on your Microsoft 365 tenant. That enables your people to take full advantage of Copilot in ways that align with your organizational data hygiene while you keep your company’s information safe.

Top-down defaults

Label containers for data segmentation by default to ensure your information isn’t overexposed. At Microsoft, we default our container labels to “Confidential\Internal Only.” We use Microsoft Purview to manage this process.

Consistency within containers

Derive file labels from their parent containers. Consistency boosts security and reduces the administrative burden on your employees for labeling every file they create. Copilot will reflect file labels in chat responses so employees know the level of confidentiality of each portion of AI-created responses.

Employee awareness

We train our employees to understand how to handle and label sensitive data. By making your employees active participants in your data hygiene strategy, you increase accuracy and improve your security posture.

Self-service with guardrails

The data hygiene practices above form a foundation for compliance and security, but backstopping those efforts through Microsoft 365 features adds an extra layer of protection. Here’s how:

Trust, but verify
Empower self-service with sensitivity labels, but verify by checking against data loss prevention standards, then use auto-labeling and quarantining when necessary. We’ve configured Microsoft Purview Data Loss Prevention to detect and control sensitive content automatically.

Expiry and attestation
Put strong lifecycle management protocols in place that require your employees to attest containers to keep them from expiring. We don’t keep items that don’t have an accountable employee or that might not be necessary for our work.

Controlling the flow
Limit oversharing at the source by enabling company-shareable links instead of forcing employees to grant access to large groups. To enforce these behaviors, you can set default link types based on labels through Purview.

Oversharing detection
Even under the best circumstances, accidents happen. When one of our employees does overshare sensitive data, we use Microsoft Graph Data Connect extraction in conjunction with Microsoft Purview to catch and report oversharing.

International compliance: No size fits all

Europe has extra requirements in the form of EU Data Boundary regulations and works councils, organizations that provide employee co-determination on workers’ rights or regulatory issues. Our Microsoft 365 Copilot deployment meant we needed to partner closely with our Microsoft works councils to address complex data and privacy implications.

Your experience will vary depending on your industry and where you operate, but we’ve learned that it’s best to work closely with local subsidiaries to ensure you have a complete picture of a region’s regulatory situation. Local insiders are poised to liaise with works councils or other bodies through direct relationships. Start the process early so you can manage feedback cycles effectively and resolve any concerns through configurations that work for your employees.

Learning from our governance, security, and compliance practices

Bring the right people into the conversation

Don’t keep this conversation in the IT sphere alone. Bring in all the relevant security, legal, and compliance professionals.

Build a foundation for automation

Microsoft Purview Data Loss Prevention has powerful intelligent detection, but it relies on establishing good defaults.

Think about how your employees will use Copilot

Determine the primary use cases. The kinds of collaboration and access employees need will affect your labeling architecture.

Take this opportunity to train employees

If you’ve been looking for an excuse to refresh employee knowledge around data privacy, let this moment be your milestone.

Don’t overwhelm your users

Make labeling easy and intuitive and ensure it isn’t overwhelming.
Employees should have a limited set of choices to keep things simple.

Key takeaways

Use these tips to tackle governance, security, and compliance at your company. It’s based on what we learned deploying Copilot internally here at Microsoft.

• Establish a clear labeling framework that defines classification levels, maps labels to the right policies (such as access control, encryption, DLP, and storage rules), sets container defaults, and ensures employees understand how to apply labels correctly.
• Implement comprehensive data loss prevention controls by configuring Microsoft Purview DLP standards and quarantines, defining lifecycle and attestation processes, and using Microsoft Graph Data Connect to identify and remediate oversharing.
• Engage globally to meet international compliance needs by partnering with local subsidiaries and works councils, addressing regional requirements and concerns, and determining where segmented or region‑specific deployments are necessary.

Key actions

How we did it at Microsoft

• Read our guide to governing Microsoft 365 Copilot. This step-by-step resource, based on our internal experience at Microsoft, will help you adapt your existing governance standards to reflect the new realities of AI.

Further guidance for you

• Conduct the Microsoft 365 Copilot Optimization Assessment to understand your level of AI adoption and chart your course.

Chapter 2: Implementation with intention

At the time of our deployment, we were the first company to roll out Microsoft 365 Copilot and agents at scale, and our implementation team had to choose from different licensing strategies. We’ve learned from experience that it makes sense to start with pilot groups who can validate the experience and enable the rest of your organization. For us, that looked like:

Phase zero

We provided early access to our Copilot engineering team to test-drive the tool from an insider’s perspective. 

• Product engineers

Phase one

We issued a limited number of on-demand licenses in core scenarios to get validation and feedback for key use cases.

• Sales
• Marketing

Phase two

We extended licenses to teams who needed to understand and support Copilot or provide approval for use.

• Support
• HR
• Legal
• Security
• Works councils

Phase three

We deployed Copilot and started working on adoption across the entire company.

• Advancing in phases, we deployed Copilot to more than 300,000 Microsoft employees and external staff.

Scaling out your licenses

After you decide on the general shape of your rollout, you can begin building your licensing strategy. In Microsoft Digital, we started with individual licenses at the single-user level. As our implementation scaled, we tied licensing automation to Microsoft 365 groups to implement targeted licensing changes at scale. Those groups could include subsets of employees or entire organizations within Microsoft, and we keyed our automation logic to their expanding and contracting eligibility.

We highly recommend defining a phased rollout strategy and structuring your groups accordingly. That creates accountability and gives your IT admins a crucial point of contact for understanding the licensing needs of different groups within your organization.

There are three primary benefits to using groups:

Optimize licensing costs: Create groups that reflect your business needs and goals that align with your respective business sponsors. Sync your licensing status changes with your group membership changes. That way, you can assign the right licenses to the right users and adjust easily if you require frequent changes (e.g., in your early initial validation phase) and avoid paying for licenses you don’t need or use.

Refine admin costs: Group-based licensing enables your admins to assign one or more product licenses to a group. This depends on your rollout strategy and progress—your admins will be able to streamline your group setup at scale, reducing your admin overhead, which is helpful considering all the licenses you likely need to manage.

Enhance compliance and security: This ensures that only authorized users are licensed and have access to resources, enhancing your security and compliance. Your admins can use audit logs and other Microsoft Entra services to monitor and manage your group-based licensing activities.

Pre-adoption communications

Given the excitement around AI, one of the biggest challenges during our phased implementation was support requests from employees not within our initial pilot groups. Most of our support requests at this stage were essentially asking, “When do I get access?”

You can easily avoid the issue through clear and honest communication. For example, when you alert your initial implementation groups about their Copilot access, you could simultaneously deploy “Coming soon” emails to the rest of your organization. That will help you avoid any confusion while simultaneously generating excitement.

Your IT implementation team can’t work in isolation. Communication, especially with organizational leadership, is a key part of your licensing and implementation strategy.

Learning from our implementation

Design for the “who”

When you determine your initial cohorts, base your decisions on which roles have the largest coverage and will provide the most relevant feedback.

Get your groups in place

Be thoughtful about your Microsoft 365 groups and make sure everyone knows who owns them and who’s responsible.

Engage your support team from the start

This is a new technology, so your support teams will receive requests. Ensure they’re ready by giving them early access.

Manage expectations to minimize blowback

Proactively help users understand why they have licenses or don’t. Note that your rollout strategy might be subject to change.

Bring leadership on board early

Executive sponsorship isn’t just useful for adoption. Leaders will also help you identify the key use cases within their organizations.

Product feedback at every level

Encourage feedback for employees in your early implementation phases because that will guide your wider adoption efforts.

Key takeaways

Use these tips to help you with your internal implementation and admin process. They are based on our experience here at Microsoft.

• Prepare your organization for Copilot by performing the Microsoft 365 Copilot optimization assessment, defining implementation phases and audience groups, securing leadership sponsorship, and mapping your rollout plan to a clear licensing strategy.
• Onboard users and activate your environment by assembling the right security groups, building an automated licensing workflow, enabling roles for Copilot reports and dashboards, assigning and configuring licenses, and gathering early signals from pilot usage and feedback.
• Drive engagement through targeted communication by analyzing in‑app and qualitative pilot feedback, reviewing usage data, and delivering clear, ongoing communications aligned with your adoption strategy.

Key actions

How we did it at Microsoft

• Learn about the councils steering our AI projects here at Microsoft.
• Find out how we’re unlocking the value of Microsoft 365 Copilot at Microsoft.

Further guidance for you

• Use the Copilot Success Kit to accelerate your implementation with templates, onboarding guides, and technical readiness resources.

Chapter 3: Driving adoption to accelerate value

The fact that your employees are excited about trying out Copilot isn’t enough. We found that you need strategic, coordinated change management to drive usage and adoption.

To do this effectively, you will need to empower change agents in your organization. These are not part-time roles; they are dedicated resources across your company who are responsible for the change management function, including creation of a deployment and adoption plan, facilitating principled change management practices, communicating and engaging with employees, preparing employee readiness and learning opportunities, and then measuring the success of your deployment across the enterprise. At a high level, your strategy should consist of the following five steps.

Microsoft 365 Copilot change management

How we drove adoption in Microsoft Digital

At Microsoft, we broke our company-wide adoption efforts into cohorts, for example, subsidiaries or business groups. Depending on the size of your enterprise, you may benefit from this approach as well. We divided our adoption along two vectors: internal organizations like legal or sales and marketing, and regions like North America or Europe. Different cohorts have different focuses, but the strategy is similar. At Microsoft, we did this in four phases:

Get ready

Effective change management requires careful planning. Begin by identifying and then working with company-wide change management leads. Next, identify members of your target cohorts who will support the adoption, including change managers, leadership sponsors, and employee champions.

Champions will be crucial to your adoption by filling several powerful roles:

• Pinpointing key usage scenarios for Copilot based on their cohort’s culture or processes.
• Providing insights that help adoption leaders build out their rollout plans.
• Most importantly, demonstrating the value of Copilot and showing their peers how powerful this tool can be in their day-to-day work.

When champions socialize their tips and tricks, our experience at Microsoft Digital has revealed that it’s best to share specific prompts and the value they provided as a concrete entry point for users. For example, a champion could say, “I saved three hours drafting this sales script in Microsoft Word using this prompt,” then share their Copilot prompt as a place for peers to start.

Works councils also play a key role at this stage. They offer the benefit of local cultural expertise and can help you identify the challenges employees face in their jurisdiction. Even something as simple as understanding proper modes of address helps smooth the road to adoption through effective communication.

Each of these sets of stakeholders has a role to play in leading your own rollout. We recommend using Microsoft 365 Copilot adoption resources to build out your own adoption plan.

Onboard and engage

At Microsoft, we implemented this phase across each adoption cohort. Because every group will have its own champions and leadership sponsors, it’s important to treat each of them as its own organization, with its own unique adoption needs.

In advance of our general rollout, we created “jump-start” communications with links to learning opportunities:

Localized training took the form of Power Hours in different languages and time zones. These training sessions demonstrated key Copilot scenarios across Microsoft 365 apps.

Self-learn assets included user quick-start guides, demo videos, and Microsoft Viva Learning modules to accommodate different learning styles and preferences.

Pre-rollout communications fulfill two needs. First, this messaging is a great opportunity to launch your champion communities. Second, these communications build your employee population’s desire and excitement for their incoming Copilot licenses, then prepare them to hit the ground running when they get access.

After your Copilot licenses are live, your launch-day welcome comms are straightforward. Invite employees to access Copilot and to start experimenting with how it can fit into their work. There are many possible vectors for deploying these communications, but a multi-pronged effort that includes Microsoft Viva Amplify will deliver the maximum impact.

For support in building out your own communication plan, our adoption team has created a user onboarding kit for Copilot. These ready-to-send emails and community posts can help you onboard and engage your users.

Deliver impact

After everyone has access, it’s time to promote Copilot usage and ensure all employees are having the best possible experience and gaining the most value. For our cohorts, employee champions and leadership sponsors were essential levers.

It’s important to remember that Copilot isn’t just another tool. It introduces a whole new way of working within employees’ trusted apps. At Microsoft, we took great care to encourage employees to adapt a mindset to see it as part of their daily work—not just something they play with when there’s time.

Microsoft Viva Engage, or a similar employee communication platform, is a helpful forum for peer community support. In our case, it provided an organic space for champions to share their expertise and change managers to provide further recommendations and adoption content. For employees who explore best on their own, Copilot Lab provides in-the-flow learning opportunities to build their prompt skills.

Meanwhile, leadership sponsors diversified our communications strategy by deploying and amplifying messaging through executive channels like org-wide emails or Viva Engage Leadership Corner posts.

Extend and optimize

Understanding overall usage patterns and impact is crucial to optimizing usage. Our Microsoft Digital team used a combination of controlled feature rollout (CFR) technology while tracking usage through Microsoft 365 admin center and the Copilot Dashboard in Viva Insights. Together, these tools gave us the visibility and tracking we needed to establish and communicate adoption patterns.

Meanwhile, IT admins and user experience success managers can access simple in-app feedback through Microsoft 365 admin center. And to really maximize value, our Microsoft Digital employee experience teams conducted listening sessions and satisfaction surveys.

All these insights are helping us establish a virtuous cycle to drive further value and better adoption for future rollouts, extend usage to new and high-value scenarios, incorporate Copilot into business process transformation, and understand custom line-of-business opportunities.

Driving user enablement with Microsoft Viva

Our team in Microsoft Digital used Microsoft Viva to help enable our 300,000-plus global users. Microsoft Viva is an Employee Experience Platform that brings together communication and feedback, analytics, goals, and learning in one unified solution. Our team used Viva across a range of change management scenarios, including building awareness, communicating with our employees, providing access to readiness and learning resources, and measuring the impact of our deployment.

You can see a few of the specific ways we used Viva to accelerate employee adoption below.

Accelerating Microsoft 365 Copilot with Viva

Viva Connections

Sharing key news related to deployment and enablement, generating “buzz,” and tying Copilot to Microsoft culture.

Viva Amplify

Producing and efficiently distributing employee communications to build awareness and excitement.

Viva Learning

Courses and training for our employees on how to maximize value from Copilot, inclusive of building effective prompts.

Viva Engage

Actively engaging employees, providing leader updates, listening to feedback, and enabling Champs community.

Viva Insights

Using the Microsoft 365 Copilot Dashboard beta to identity actionable insights and usage trends.

Viva Pulse

Instant feedback from employees on their Copilot experience to fine-tune our landing and adoption approach.

Viva Glint

Understanding employee sentiment and gauging the overall effectiveness of our Copilot deployment effort.

Learning from our adoption of Copilot

Cascade adoption efforts through localization

Regional differences, priorities, even time zones—they can all block your centralization efforts. Your insider adoption leaders within each adoption cohort can help.

Empower your employee champions with trust

Monitor your user-led adoption communities at the start to provide support. As this community of power users becomes product experts, they’ll take over.

Empower employees as innovators

You’ll be surprised by what your employees dream up. Provide every opportunity for them to share their favorite tips and usage scenarios.

Create excitement, but set expectations

Encourage a healthy mindset around what Copilot can accomplish and where it fits. Don’t overpromise.

Gamify learning to build engagement and experience

Friendly competitions or cooperative challenges like prompt-a-thons generate excitement and invite creativity.

Understand that for many, AI is emotional

Overcome AI hesitancy by encouraging employees to tackle easy tasks with Copilot assistance. That will help minimize reluctance.

Use Microsoft Viva to accelerate time to value

Viva supports user enablement through learning, effective communication, usage tracking, and employee sentiment.

Key takeaways

Use these tips as your guide as you build out and implement your adoption plan. They are based on our own experience internally at Microsoft.

• Prepare your organization for adoption by identifying your adoption lead, building a cross-functional cohort-based team, defining personas and key usage scenarios, establishing communication preferences and success metrics, completing enablement training, and creating a localized communications and asset library.
• Engage your cohorts and activate readiness by deploying targeted onboarding communications, launching champion communities, running live and self-paced learning experiences, and elevating visibility with digital materials that help employees understand how Copilot improves their daily work.
• Drive measurable impact across cohorts by promoting usage through internal channels, reporting on KPIs at planned intervals, gathering employee sentiment through surveys and listening sessions, spotlighting success stories, applying learnings to refine adoption activities, and nurturing champions through deeper technical training.
• Extend and optimize your deployment by exploring new high‑value scenarios, identifying opportunities for business process transformation with agents, Copilot Studio, plugins, and connectors, and sourcing custom line‑of‑business use cases that advance your organization’s Copilot maturity.

Key actions

How we did it at Microsoft

• Learn how we boosted our Copilot adoption with a companywide expo.
• Explore how we created a Center of Excellence to guide our adoption and use of AI.

Further guidance for you

• Access the Copilot scenario library to understand different user needs and opportunities.
• Deepen Copilot engagement through the Microsoft Modern Collaboration Architecture (MOCA).

Chapter 4: Building a foundation for support

Empowering employees means making sure they have access to the right support channels. The fact that Copilot operates across a wide spectrum of Microsoft 365 apps adds complexity to support scenarios. As a result, it’s important to get your support teams early access along with your earliest pilot implementations.

For us in Microsoft Digital, four principles define high-quality support:

Available

Highly available and in-context support should deliver both self-help and assisted experiences wherever and however the user needs it.

Consistent

Coherent and seamless access to support across the entire journey eliminates frustration and keeps the experience consistent.

Contextual

Base your support experience on where the user is and what they’re trying to accomplish.

Personal

Anchor support in a user’s goals and preferences.

Strategizing for support

Building experience and knowledge is one thing, but coming up with your approach to support requires planning and a strong idea of your users’ ideal experience. At Microsoft Digital, we take a “shift-left” approach. That means we save our human support staff time by attempting to create excellent self-service options for our users.

Shift-left principles can apply to many different support contexts, but with Copilot, we’ve found that the most important upfront action is ensuring your employees have accessible self-service support channels and communicating their availability. Work with your adoption teams to ensure they include self-service support options in their rollout communications.

Seven things we learned prepping to support Microsoft 365 Copilot

Preliminary access

Select your initial support specialists. Include people with different Microsoft 365 app focuses, support tiers, and service audiences.

Communication hub

Establish a community space where your support team can connect and collaborate on issues. Invite non-support professionals as needed.

Knowledge base

Start a collaborative document and add learnings. This will eventually evolve into your knowledge base for internal support.

Widen access

Host information sessions with the wider support team and extend access so all relevant support professionals can ramp up.

Rehearse

Conduct role-playing and shadowing sessions so support teams can build practical knowledge and confidence.

Support go-live

Get your support resources and processes ready and push them live in advance of your Copilot deployment. Consider a dry run.

Track

Determine a tracking cadence and gather data on Copilot issues that arise so support teams can identify trending issues and tickets.

Common questions, issues, and resolutions

We’re getting questions about why particular employees don’t have licenses.

Use employee change management communication waves to solve for this issue by alerting employees when they’ll have access to licenses.

Users are coming to us with questions that would be better served by adoption and employee material, and that isn’t our role as support.

Work with your adoption team to preempt these issues with proactive communications. Update your self-help content and provide your support agents with ready access to different employee education resources.

Teams are looking for integration support. Where do I send them?

Share this list of pre-built connectors to help your users integrate various data sources to Microsoft Graph. This list shares the types of content supported.

Can employees put confidential information into Copilot?

If employees are signed into Copilot with their Entra ID, they can enter confidential information.

My organization has concerns about who owns the IP that Copilot generates. Does the Microsoft Customer Copyright Commitment apply to Copilot?

Microsoft does not own the IP generated by Copilot. Our universal terms state “Microsoft does not own customers’ output content.”

What’s the best way to verify the accuracy of the information Copilot provides?

Copilot is transparent about where it sources responses. It provides linked citations to these answers so the user can verify further.

Key takeaways

Use these tips to manage your Copilot support efforts. They are based on our experience here at Microsoft.

• Enable and align your support team by starting with a core group of support leaders, establishing shared communication spaces and a collaborative knowledge base, expanding access to the full Copilot support team, training them through information sessions and role‑playing exercises, defining escalation paths, and partnering with internal communications to finalize user‑facing support materials.
• Deliver meaningful user impact by signaling support availability across employee communities, publishing a clear and accessible user-facing knowledge base, and standing up self-service automations where appropriate to empower users and reduce friction.
• Optimize and mature your support services by reviewing ongoing support issues and product feedback, and continually refining support workflows to drive efficiency, accuracy, and a better user experience.

Key actions

How we did it at Microsoft

• Read how we’re using AI to transform our Support business at Microsoft. This article shares how our Support team in Microsoft Digital is using AI to overhaul the business from end to end.
• Learn how we deployed the Employee Self-Service Agent here at Microsoft. This blog post shares how we’re using this agent to help our employees with their support needs in the flow of where they work in Copilot.

Further guidance for you

• Follow the Microsoft IT admin guide for Copilot onboarding, enablement, and support resources to ensure a smooth rollout.
• Access the Copilot Success Kit for launch day assets, support templates, and troubleshooting guides.

Chapter 5: Extending Copilot through agents

As organizations and employees have matured with respect to AI, agentic extensibility is expanding the frontiers of this technology. By using and even creating agents that surface knowledge, take actions, and reinvent workflows, employees can personalize AI’s capabilities to fulfill more specific needs.

At Microsoft, our goal has been to provide access and enable agents at appropriate levels for our employees and the company as a whole. To make that happen, we’ve adopted a maturity model for agentic AI deployment. Early phases focus on using Copilot, grounded in enterprise data, to enhance knowledge discovery and retrieval. Later phases will enable our employees to act on that knowledge and even fully automate business workflows.

Agentic AI at Microsoft

Each of these levels of agentic capability requires different tools to create and depends on different policies to govern. Because retrieval agents don’t require special tooling, we allow employees to create them at will through Copilot Chat and simplified agent builders in Copilot Studio and SharePoint.

For more complex agents intended to meet enterprise needs across lines of business or the company as a whole, our developers use more full-featured tools like Copilot Studio or Azure AI Foundry. For these kinds of agents, we apply the same rigor, reviews, and software development lifecycle (SDL) we use as part of our standard internal app development.

As you explore the different kinds of agents available to your users and decide how and where to enable them, adoption.microsoft.com provides an excellent place to start. It provides three different approaches to creating agents: Microsoft 365 Copilot Chat, Azure AI Foundry, and Copilot Studio.

All of this choice adds complexity, so maintaining visibility and control over the agents your employees create can be a challenge. As a result, we take a matrixed approach to creating and governing agents based on different parameters. They include the type of agent, how the user creates it, its knowledge sources, the need for custom tooling, sharing and publishing permissions, and more.

Keeping agents safe and effective through good governance

At Microsoft, we incorporated elements of our tenant’s minimum bar for governance into our policies for managing agents. These measures include Microsoft Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.

To govern agentic capabilities, we introduced further controls like sharing limits, breadth of knowledge sources, agent metadata, and information about an agent’s behaviors. The result is a proactive approach to governance backstopped by reactive structures that catch any issues.

As you think about governing your own agents, consider the four core principles we’ve established at Microsoft Digital.

We empower employees to create and share simple, low-risk agents

 We provide a safe space and personal flexibility that allows individual employees to experiment without implicating company data or content users don’t own.

We capture and vet sensitive data flows at the enterprise level 

More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation.

We protect data designated confidential or higher 

We contain data flows to tenant mandates and only trust suitable storage destinations for content.

We honor the enterprise lifecycle 

We treat agents that individual employees own like any other user-created app and delete them when that individual leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the SDL, and accountability confirmations.

Once you have your governance policies and procedures in place, you can begin your rollout to users through many of the same strategies and processes we’ve discussed in this guide.

Learning from our experience with agents

Connect with relevant stakeholders

Establish early communication and collaboration with members of your security, legal, compliance, IT, and other teams who can help you define ways to configure Copilot Studio agent builder safely.

Trust and empower

Provide safe spaces with appropriate guardrails for individual employees to experiment with simple agents. Copilot Studio agent builder is a great place to start.

Expand enterprise capabilities

Empower a small number of trusted creators to experiment with more powerful agent-building tools under the close watch of IT, Governance, Security, Privacy, Data, and HR teams. This will reveal gaps in process and policy and inform future reviews.

Solidify labeling and data

Revisit your labeling structures and data flows. It will be important to have these structures in place to support this new agentic environment. Start by learning from our experience governing Copilot at Microsoft.

Extend your review process

Adapt any review processes you already have in place to agents, including security, privacy, and accessibility. Embed those reviews into your publishing workflow for agents operating above the individual level. Consider adding reviews for Responsible AI.

Prevent agent sprawl

Establish a reasonable enterprise lifecycle for agents that includes attestation. That will keep agents from sprawling or remaining in place after employees have left your organization or simply no longer need a particular agent.

Key takeaways

Use these tips to manage your Copilot support efforts. They are based on our experience here at Microsoft.

• Plan and refine your governance approach by aligning with Security, Legal, Compliance, HR, and IT; updating existing governance and labeling policies for agents; defining your review process; building a matrix that maps agent capabilities to governance controls; and determining how your SDL procedures apply to agents.
• Pilot with targeted teams to validate your controls by selecting groups such as Security, HR, and IT; establishing clear feedback and monitoring channels; and iterating on your review and remediation procedures based on insights from early adopters.
• Enable agents responsibly across the organization by ensuring foundational protections like Purview DLP and Microsoft Information Protection are in place, deploying adoption and change‑management communications, enabling simple agent‑builder capabilities for broad users, and unlocking advanced agent development scenarios for IT and line‑of‑business developers.

Key actions

How we did it at Microsoft

• Read about how embracing the agentic future is enabling us to become an AI-first Frontier Firm. This article shares our vision for using agents to transform the workplace.
• Find out more about our deployment of Microsoft Agent 365 at Microsoft. This post shows how we’re using this new platform to manage our agent ecosystem. 

Further guidance for you

• Follow the Microsoft 365 Copilot Agents Deployment Blueprint to enable agents at scale with security, governance, and measurement strategies.
• Learn about the Responsible AI policies and practices that we use to guide our use of AI at Microsoft.

Applying our lessons to your own Copilot deployment

Embarking on your Microsoft 365 Copilot deployment and agentic extensibility journey might seem daunting, but by capitalizing on the lessons that Microsoft Digital has learned from our internal deployment, you can both speed up the process and avoid any pitfalls.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience.”

Stephan Kerametlian, business program management senior director, Microsoft Digital

By anchoring your work in careful planning and making use of the steps and resources provided in this guide, you can unleash a new era of productivity through Copilot.

We’ve learned a lot on our journey with Copilot, and we’re happy that we get to share our experiences with you—hopefully they help you on your journey.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience,” says Stephan Kerametlian, a business program management senior director in Microsoft Digital.

You’re not in this alone. If you’re looking for support or knowledge on any aspect of your deployment, reach out to our customer success team.

Key takeaways

This guide reflects our learnings and the processes we followed during our internal rollout of Microsoft 365 Copilot. This last set of tips summarizes the major actions you can take to get started with Copilot at your company. 

• Start with strong governance: Build a clear labeling and data protection strategy before deploying Copilot to safeguard sensitive information and meet compliance needs.
• Pilot, then scale: Roll out Copilot in phases, beginning with pilot groups to gather feedback and refine your approach before expanding companywide.
• Communicate early and often: Proactive communication and leadership sponsorship are essential for managing expectations and driving successful adoption.
• Empower champions: Identify and enable employee champions to share best practices, tips, and real-world scenarios that help others get value from Copilot.
• Invest in training: Provide tailored learning resources and support to help users build confidence and skills with Copilot in their daily workflows.
• Measure and optimize: Track usage, collect feedback, and continuously refine your deployment to maximize impact and uncover new opportunities.
• Plan for support: Set up self-service and human support channels early so employees can get help quickly and keep momentum going.
• Extend with agents: As your organization matures, explore agentic AI to automate workflows and unlock even greater productivity gains.

Key actions

How we did it at Microsoft

• Read our IT playbook for becoming a Frontier Firm in the era of AI.
• Review our five-step AI maturity guide for IT leaders.
• Learn how our IT organization is powering our companywide digital transformation.
• View the full, detailed version of this guide.

Further guidance for you

• Read the Microsoft Work Trend Index Annual Report.
• Find the best overall Copilot deployment and adoption guidance at adoption.microsoft.com.

Try it out

• Learn how to get ready for Microsoft 365 Copilot at your company.

We’d like to hear from you!

• Want more information? Email us and include a link to this story, and we’ll get back to you.

The post Microsoft 365 Copilot for executives: Sharing our deployment and adoption journey at Microsoft appeared first on Inside Track Blog.

At Microsoft Digital, the company’s IT organization, we’ve been on the front lines of this AI-powered revolution, translating vision into reality and reimagining what’s possible for the enterprise.

“We’ve learned so many lessons over the past few years building AI-powered solutions and driving an AI-forward culture. We’re excited to share them with our customers and partners so they can learn from our journey.”

Brian Fielder, vice president, Microsoft Digital

As generative AI leapt into the mainstream with the arrival of models like OpenAI’s GPT-3.5 and transformative tools such as Microsoft 365 Copilot, the stakes for IT leaders have never been higher.

The challenge isn’t just about deploying the latest AI tools—it’s about architecting a foundation for sustained, responsible, and scalable change across the enterprise.

That’s where this guide comes in. We’re opening a window into our own AI evolution—sharing our hard-won lessons, proven frameworks, and actionable steps that can help you steer your organization from AI exploration to AI acceleration. Whether you’re just beginning your journey or ready to scale enterprise-wide adoption, this guide is built to empower you to make informed decisions, sidestep common pitfalls, and unlock the full promise of AI-driven transformation.

“We’ve learned so many lessons over the past few years building AI-powered solutions and driving an AI-forward culture,” says Brian Fielder, vice president of Microsoft Digital. “We’re excited to share them with our customers and partners so they can learn from our journey.”

Read on to discover how we moved from AI vision to AI reality here in Microsoft Digital. You’ll learn how you can drive measurable business outcomes while building a culture that’s ready for what’s next.

The five stages of AI-powered transformation

We have led Microsoft through five stages of AI maturity—from initial exploration to becoming an AI-driven enterprise. This has been a three-year journey, and you and your digital leaders will need to be prepared to take time to fully experience each of these stages to truly unlock the potential of AI to transform your enterprise.

What follows is a stage-by-stage summary of how we achieved our transformation, followed by a list of empowering actions you can take to help you on your own journey.

Mapping our journey to AI maturity

Stage 1: Awareness and foundation

Set a bold vision for your AI journey, anchored in clear business outcomes—avoid implementing “AI for AI’s sake.” Engage your executive sponsors early and form an AI Center of Excellence (CoE) to foster cross-functional collaboration and empower experimentation. Establish Responsible AI principles alongside your organization’s ethics team and assess your data readiness from the start—remember, “no AI without data.” By building these foundations, you’ll position your teams to confidently launch AI initiatives and drive meaningful transformation.

Target outcomes

A foundational strategy, governance principles, and leadership buy-in to kickstart AI projects.

Learn more

Learn how we’re responding to the AI Revolution with an AI Center of Excellence.

“At the Microsoft Digital AI Center of Excellence, we’ve learned that combining strong governance, data readiness, and a continuous-improvement mindset transforms AI pilots into enterprise-scale solutions,” says Nitul Pancholi, the AI CoE lead in Microsoft Employee Experience. “This guide distills our three-year journey into clear, actionable steps to accelerate responsible AI adoption, mitigate risk, and drive measurable business impact.”

Stage 2: Active pilots and skill building

To accelerate your AI journey, start by launching targeted pilot projects across diverse areas of your organization—think automated support chatbots or network analytics. Encourage experimentation and leverage hackathons to surface a broad range of ideas. Narrow these down to your most promising initiatives by evaluating business value against implementation effort and focus resources on a select group of high impact “big bets.”

Empower your teams by investing in upskilling: offer discipline-aligned learning paths, issue digital credentials, and celebrate progress to foster a culture of continuous learning and knowledge-sharing. Establish early-stage governance by requiring all pilots to undergo Responsible AI and architectural reviews. By following these steps, you’ll create early momentum, build internal expertise, and identify the AI solutions most likely to drive meaningful impact at scale.

Target outcomes

The first tangible benefits of AI: efficiency gains, time and cost savings, and quality improvements, and an internal talent pool emerging, paving the way to scale successful solutions.

Learn more

Find out how we’re embracing AI at Microsoft with new AI certifications.

Stage 3: Operationalize and govern

To scale and integrate AI solutions across your organization, move beyond pilot projects by deploying AI solutions directly into production and embedding them within core business workflows.

Strengthen your data and AI infrastructure—consider implementing a unified data platform and robust Machine Learning Operations (MLOps) pipelines—to support this transition. Formalize enterprise governance with clearly defined steering teams: empower your AI Center of Excellence to accelerate implementation and establish a Data Council to ensure data quality and “AI-ready” assets and a Responsible AI Office to oversee ethical use and compliance. Encourage collaboration among these groups and designate domain leads to ensure your AI initiatives consistently deliver tangible business value.

By putting these practices in place, you can drive successful scaling and operationalization of AI throughout your enterprise.

Target outcomes

Multiple AI use cases running at enterprise scale under robust oversight with cross-functional alignment on AI objectives and the business value they’re delivering.

Learn more

Read our guide for tackling Microsoft 365 Copilot governance your company.

Stage 4: Enterprise-wide adoption

To consolidate your gains and achieve AI adoption across the enterprise, make AI a core consideration in every new project and process.

Ask where AI-driven intelligence can deliver real impact, whether by boosting efficiency, enhancing user experiences, or unlocking new business value. Align AI initiatives with your organization’s strategic goals by empowering business leads to synchronize efforts and continuously update your AI roadmap. Cultivate a data-driven culture through ongoing, large-scale training and make AI tools a natural part of everyday work. Establish rigorous impact tracking with clear metrics for value delivered—such as time savings, cost reduction, and quality improvements—and review these outcomes regularly at the leadership level to maintain accountability.

By integrating these practices, you can drive AI adoption throughout your organization and ensure sustained, measurable impact.

“What’s unique about our approach is that every agent is engineered for responsible action. We design agents to operate within enterprise workflows, guided by policy-aware controls, telemetry integration, and human oversight,” says Faisal Nasir, the AI CoE and Data Council lead in Microsoft Employee Experience.

Through the AI Center of Excellence and the Data Council, we ensure agents are grounded in AI-ready data and undergo comprehensive architecture and governance reviews.

“This ensures our AI solutions are not only intelligent, but also accountable, governable, and fully production-ready,” Nasir adds.

Target outcomes

AI is a pillar of your operational strategy, backed by a data-driven culture and continuous monitoring of business impact.

Learn more

Learn how we’re approaching Microsoft 365 Copilot change management at Microsoft.

Stage 5: Transform your business with agentic AI

To drive a lasting AI-powered business transformation, organizations must embed AI into every aspect of their operations and culture.

Start by leveraging the expertise of your AI CoE to foster innovation, drive continuous improvement, and keep your AI initiatives evolving. Use structured mechanisms like a Kaizen funnel to crowdsource, prioritize, and advance ideas that extend the impact of AI across the enterprise.

Strengthen governance to address the advanced challenges of agentic applications, including responsible scaling of generative AI and effective mitigation of AI hallucinations. Focus on refining human-AI collaboration so your teams are empowered to offload routine tasks to AI agents and concentrate on higher-value work.

Another tactic that’s been highly successful in Microsoft Digital is “Fix, Hack, Learn” weeks, where employees are encouraged to identify opportunities to improve our services. Multi-disciplinary teams are empowered to innovate with AI to improve our organizational effectiveness, yielding multiple AI-powered breakthroughs that are already in production.

“In Microsoft Digital, continuous improvement is a driving force behind our AI transformation,” says Don Campbell, principal product manager within Microsoft Digital and member of our AI Center of Excellence. “By embedding it and AI into every layer of our operations, we’re not only optimizing how we work today, but we are also strategically preparing our processes to become agentic tomorrow. This disciplined approach ensures that when we make a process agentic, it’s not just automated—it’s intelligent, secure, and purpose-built to scale across the enterprise.”

Target outcomes

An organization transformed by AI, achieving significant efficiency gains and innovations, and recognized as a leader in enterprise AI adoption.

Learn more

Guiding hands: take a look inside the councils steering AI projects here at Microsoft.

What our experts have to say:

“In Microsoft Digital, continuous improvement is a driving force behind our AI transformation. By embedding it and AI into every layer of our operations, we’re not only optimizing how we work today, but we are also strategically preparing our processes to become agentic tomorrow.”

Don Campbell, principal product manager and CoE member, Microsoft Digital

“At the Microsoft Digital AI Center of Excellence, we’ve learned that combining strong governance, data readiness, and a continuous-improvement mindset transforms AI pilots into enterprise-scale solutions. This guide distills our three-year journey into clear, actionable steps to accelerate responsible AI adoption, mitigate risk, and drive measurable business impact.”

Nitul Pancholi, AI Center of Excellence lead, Microsoft Employee Experience

 “What’s unique about our approach is that every agent is engineered for responsible action. We design agents to operate within enterprise workflows, guided by policy-aware controls, telemetry integration, and human oversight.”

Faisal Nasir, AI CoE and Data Council lead, Microsoft Employee Experience

Enabling success—lessons from our journey as the company’s IT organization

Achieving AI maturity is dependent on a combination of technological, organizational, and cultural factors. These enablers support the successful adoption and integration of AI within the organization.

For IT decision-makers charting the course to enterprise-scale AI, the journey is about far more than technical implementation—it’s about activating the right enablers to unlock both rapid and sustainable business impact.

Successfully scaling AI means orchestrating executive vision, robust governance, responsible innovation, resilient data foundations, and a culture of empowered talent—all working in harmony. Each of these levers is crucial not only for accelerating the path from pilot to production, but also for ensuring that every AI initiative delivers measurable outcomes, mitigates risk, and creates lasting organizational value.

By prioritizing these foundational pillars, IT leaders can fast-track value realization, embed accountability, and transform AI from a promising experiment into a strategic engine for competitive advantage. The following items explore the essential enablers that drive AI maturity at pace and why they matter now more than ever for organizations determined to lead in the age of intelligent transformation.

Seven enablers of enterprise AI transformation

Executive sponsorship and governance

To accelerate AI maturity within your organization, start by securing strong executive sponsorship and establishing clear governance structures. Appoint dedicated AI leaders and form cross-functional teams such as an AI Center of Excellence and supporting councils with well-defined roles and responsibilities. Maintain alignment with your business strategy through regular steering meetings and roadmap reviews. This approach will ensure your AI initiatives remain focused, impactful, and strategically integrated across the enterprise.

Responsible AI by design

To embed ethics and effectively manage risk in every AI project, integrate Responsible AI principles from the outset. Establish a Responsible AI Council or similar oversight group to ensure all solutions are rigorously reviewed for ethical standards before launch. By instituting mandatory Responsible AI assessments, you’ll foster trust, safeguard your organization, and address potential issues proactively—setting a strong foundation for sustainable AI adoption. This not only reduces reputational and regulatory risk, it also enables faster adoption, strengthens stakeholder confidence, and ensures AI initiatives deliver lasting value aligned with your business goals.

Data foundation, architecture reviews, and technical readiness

Treat data as a strategic asset by establishing a unified data strategy—start with a Data Council to catalogue key sources, improve data quality, and implement robust governance and access controls. Build AI-readiness across your enterprise by embedding architecture reviews and design validation into your engineering lifecycle, ensuring every solution is scalable, composable, and compliant by design. Leverage architecture forums to crowdsource feedback, align on technical standards, and promote reusable patterns that accelerate delivery. With secure cloud environments, ML Ops pipelines, and standardized AI platforms in place, your teams will be equipped to develop and scale AI solutions quickly, safely, and consistently.

Talent, skills, and culture

To build an AI-ready workforce and foster a culture of innovation, prioritize company-wide training and upskilling programs that elevate AI literacy at every level. Establish a Center of Excellence and empower “AI champions” within teams to drive adoption and celebrate meaningful impact. Encourage open collaboration—share code, best practices, and project outcomes across your organization—to accelerate learning and scale success. By breaking down silos and enabling employees to experiment with intelligent solutions, you’ll create the environment needed for sustained growth and enterprise-wide transformation. In Microsoft Digital, we are not just training our employees to use AI, we are empowering them to co-create the future of their roles. When employees are empowered to build and govern their own agents, that is when transformation truly scales.

Impact tracking and accountability

To drive meaningful business impact with AI, start by defining clear, measurable success metrics—think hours saved, cost efficiencies, and quality improvements—that can be rolled up into an organizational AI scorecard. Review these outcomes regularly at the leadership level to keep the focus on what matters. For every major AI initiative, assign an accountable owner who champions the solution, communicates the business story, and manages performance reporting.

Foster transparency by consistently comparing targets to actual results and openly sharing lessons learned when goals are missed. By embedding accountability into your rhythm of business, you’ll enable agile decision-making, concentrate your efforts where AI delivers the most value, and nurture a culture of continuous improvement. In Microsoft Digital, we’ve defined an AI value measurement framework with six dimensions of value that you can use as benchmarks to determine the impact of your own investments.

Change management and communication

To drive successful AI adoption, treat it as a people-first transformation—not just a technology deployment. Start by developing robust deployment and adoption plans for your key solutions: invest in training, craft clear communications, and establish dedicated support channels such as FAQs and help desks. Maintain a steady pulse of communication with your stakeholders—consider newsletters, interactive town halls, and a centralized library of AI success stories to celebrate impact and progress. By prioritizing transparency and providing ongoing support, you’ll smooth the path to change, encourage enthusiastic adoption, and sustain momentum throughout your organization.

Continuous improvement, innovation, and partnerships

To drive continuous improvement and innovation with AI, keep a dynamic backlog of opportunities and support each with a clear value case and refresh your pipeline regularly. Adopt structured forums such as continuous improvement and Kaizen events to identify, evaluate, and prioritize new AI use cases that deliver tangible business outcomes. Use a robust prioritization framework to ensure focus on initiatives with the greatest impact.

Identify partner teams who can serve as early adopters and provide feedback to inform your continuing journey. By building a disciplined innovation pipeline and fostering a collaborative ecosystem, you create a foundation for ongoing experimentation, accelerated learning, and sustainable AI innovation across your organization.

Advancing your organization into the frontier of AI

To embrace the next era of AI, it’s time to look beyond traditional automation and prepare your organization for agentic AI frameworks and autonomous, interoperable agents. These advanced systems aren’t just digital assistants—they’re designed to plan, act, and collaborate across workflows with minimal intervention, offering the potential to fundamentally transform how work gets done.

Start by identifying areas where agentic AI can drive real business value. Empower domain experts within your teams to become Agent Leaders—individuals who can design, oversee, and govern agent ecosystems at scale. Align your AI strategy with forward-looking industry insights and best practices—sources like the 2025 Annual Work Trend Index: The Frontier Firm Is Born offer invaluable guidance for responsible AI adoption and organizational transformation.

Recognize that the impact will be significant. Industry analysts such as Gartner predict that by 2028, about a third of enterprise applications will feature agentic AI capabilities and over 15% of daily work decisions will be handled by AI agents.

Evolving from large language models to agents

To get ahead, foster a culture of experimentation. Host hackathons, pilot agentic AI prototypes, and develop governance frameworks that ensure responsible management of these emerging technologies. Treat your AI journey as a continuous process—a growth mindset and incremental progress are key. As AI evolves, so should your practices: be ready to adapt your governance, refine human-AI collaboration, and embrace new paradigms like fully autonomous agents.

Each stage of this journey unlocks new possibilities. Ensure your organization remains at the forefront of AI maturity by committing to continuous improvement and innovation. The future of work isn’t a destination—it’s a dynamic path. Evolve your strategy, cultivate expertise, and enable your teams to thrive in the rapidly advancing digital landscape, powered by AI innovation and continuous improvement.

Key takeaways

To help your organization progress on its AI journey, consider the following strategies:

• Invest in data infrastructure and AI platforms. Building robust data infrastructure ensures your organization is prepared to leverage AI, supporting scalable, innovative, and secure AI-driven solutions.
• Foster a culture of innovation and collaboration. Champion an AI-forward culture where innovation and collaboration drive the adoption of agentic AI.
• Develop AI expertise through training and development. Upskilling your teams empowers them to navigate the rapid advances of AI, drive innovation, and ensure your organization stays competitive as agentic AI transforms workflows and business outcomes across every industry.
• Align AI initiatives with strategic business goals. Ensuring AI initiatives align with business goals maximizes impact and positions your organization to succeed in the rapidly evolving world of agentic AI.
• Implement ethical AI practices based on Microsoft’s Responsible AI Principles. Adopting ethical AI practices builds trust, ensures responsible innovation, and prepares your organization to navigate the evolving landscape as AI becomes central to business operations and decision-making.

Try it out

Read our guide for deploying and driving adoption of Microsoft 365 Copilot.

Related links

• Learn how we’re using good governance to ride the wave of agents washing over Microsoft.
• Check out how we’re embracing this new ‘agentic’ moment at Microsoft.
• Take a look inside the councils steering AI projects here at Microsoft.
• Find out how we’re unlocking enterprise AI extensibility at Microsoft with Copilot Studio.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Enterprise AI maturity in five steps: Our guide for IT leaders appeared first on Inside Track Blog.

To meet these demands, many of our teams within Microsoft Digital, the company’s IT organization, have been experimenting with API-based agents. This approach combines the best of two worlds: accessing diverse apps and data repositories and eliminating the need to build an agent from the ground up.

We want to empower every organization to unlock the full power of agents through APIs. The lessons we’ve learned on our journey can help you get there.

The need for API-based agents

The vision for Microsoft 365 Copilot is to serve as the enterprise UX. Within that framework, agents serve as the background applications that streamline workflows and save our employees time.

For many users, the out-of-the-box access Copilot provides to Microsoft Graph is enough to support their work. It surfaces the data and content they need while providing a foundational orchestration layer with built-in capabilities around compliance, responsible AI, and more.

But there are plenty of scenarios that require access to other data sources.

“Copilot provides you with data that’s fairly static as it stands in Microsoft Graph,” says Shadab Beg, principal software engineering manager on our International Sovereign Cloud Expansion team. “If you need to query from a data store or want to make changes to the data, you’ll need an API layer.”

By using APIs to extend agents built on the Copilot orchestration layer, organizations can apply its reasoning capabilities to new data without the need to fine-tune their models or create new ones from scratch. The possibilities these capabilities unlock are driving a boom in API-based agents for key functions and processes.

“Cost is one of the most critical dimensions in how we design, deploy, and scale our solutions. Declarative API-driven agents in Microsoft 365 Copilot offer a path to unify agentic experiences while leveraging shared AI compute and infrastructure.”

Faisal Nasir, AI Center of Excellence and Data Council lead, Microsoft Employee Experience

In many ways, IT organizations like ours are the ideal places to implement API-based agents. Our teams are adept at creating and deploying internal solutions to solve technical challenges, and IT work is often about enablement and efficiency—exactly what agents do best.

“Cost is one of the most critical dimensions in how we design, deploy, and scale our solutions,” says Faisal Nasir, AI Center of Excellence and Data Council lead in Microsoft Employee Experience. “Declarative API-driven agents in Microsoft 365 Copilot offer a path to unify agentic experiences while leveraging shared AI compute and infrastructure. By aligning with core architectural principles such as efficiency, scalability, and sustainability, we can ensure these agents not only drive intelligent outcomes but also maximize value across service areas with minimal overhead.”

{Learn more about our vision and strategy around deploying agents internally at Microsoft.}

The Azure FinOps Budget Agent

Our Azure FinOps Budget Agent is a perfect example of a scenario for API-based agents.

The team responsible for managing our Microsoft Azure budget for IT services was looking for ways to reduce costs by 10–20 percent. To do that effectively, service and finance managers needed the ability to track their spending quickly, accurately, and easily.

The conventional approach to solving this problem would be creating a dashboard with access to the relevant data. The problem with a UI-based approach is that it tends to cater to more specific personas by providing data only they need while oversaturating others with information that’s irrelevant to their work.

“Azure spend is basically the lifeline for our services,” says Faris Mango, principal software engineering manager for infrastructure and engineering services within Microsoft Digital. “Getting the information you need in a concise format that provides a nice, holistic view can be challenging.”

With the advent of generative AI and Microsoft 365 Copilot, the team knew that a natural language interface would be much more intuitive. The result was the Azure FinOps Budget Agent.

The team created the agent and the necessary APIs using Microsoft Visual Studio Code. Its tables and functions run on Azure Data Explorer, allowing the APIs and their consumers to access data almost instantaneously, thanks to its low latency and rapid read speeds.

The tool retrieves data by running Azure Data Factory pipelines that pull and transform data from three sources:

• Our SQL Server for service budget and forecast data
• Azure Spend for the actual spending amounts
• Projected spending, a separate service stored in other Azure Data Explorer tables

Processing the information relies on our business logic’s join operations, followed by aggregations by fiscal year and service tree levels. These summarize the data per service, team group, service group, and organization.

After the back end processes the day’s data, it ingests the information into our Azure Data Explorer tables, which the agent accesses by calling via Kusto functions (the query language for Azure Data Explorer). The outcome is very low latency. Typically, the agent returns results in under 500 milliseconds.

For users, the tool is stunningly simple. They simply access Copilot and navigate to the Azure FinOps Budget Agent.

The agent provides three core prompts at the very top of the interface: “My budgets,” “Service budget information,” and “Service group budget information.” Clicking on one of these pre-loaded prompts returns role-specific information around budget, forecasts, actuals, projections, and variance, all at a single glance. The interface even includes graphs to help people track spending visually.

If users are looking for more specific information, they can input their own queries. For example:

• “Get me the monthly breakdown of service Azure Optimization Assessment analytics.”
• “Find me the service in this tree with the highest budget.”
• “Show me the Azure budget for our facilities reporting portal.”
• “Which service deviates most from its budget forecasts?”

The Azure FinOps Budget Agent primarily serves two groups: service managers who directly oversee spend for Azure-based services and FinOps managers responsible for larger budget silos.

Mango is responsible for the internal UI that helps network employees access parts of the Microsoft network. With 18–20K users per month, budgeting and forecasting are highly dynamic due to traffic fluctuations and the resourcing that supports them. He also oversees the internal portal that helps service engineers manage our networks. The tool is growing rapidly as we onboard more teams, so forecasting is anything but linear.

For both of these services, keeping close track of spending is essential. Mango finds himself checking the Azure FinOps Budget Agent about twice a month to gauge how his services are trending.

“It’s taking me less time to do analysis and come up with accurate numbers. And the enhanced user experience just feels more natural, like you’re asking questions conversationally rather than engaging with a dashboard.”

Faris Mango, principal software engineering manager for infrastructure and engineering services, Microsoft Digital

For FinOps managers, the value is more high-level. They are responsible for overseeing tens of services featuring vast volumes of Azure usage across storage and compute while managing strict budgets. That requires constant vigilance.

Switching context from one dashboard to another to track different Azure management groups was a constant hassle for them. Now, they use the Azure FinOps Budget Agent to get an up-to-date view of the overall spend picture. It gives them a place to start. From there, they can drill down if he sees any abnormalities.

“It’s taking me less time to do analysis and come up with accurate numbers,” Mango says. “And the enhanced user experience just feels more natural, like you’re asking questions conversationally rather than engaging with a dashboard.”

The arrival of the Azure FinOps Budget Agent is just one example of how agents take your context and get your people the answers they care about faster at less cost.

Benefits like these are spreading across teams throughout Microsoft. Overall, we’ve been able to save 10–12 percent of our overall Azure cost footprint for Microsoft Digital, and individual users are thrilled at the amount of time and effort they’re saving.

“Now the info is at people’s fingertips. The advantage of an agent is that users don’t have to understand a complex UI, so they can get quick answers and get back to work.”

Shadab Beg, principal software engineering manager, International Sovereign Cloud Expansion

Five key strategies for building an API-based agent

After seeing what we’ve accomplished with API-based agents, you might be wondering how to put them into action at your organization. This step-by-step guide can help you get there.

Building an API-based agent needs to fulfill multiple requirements. It has to expose APIs, align with real user needs, integrate seamlessly with Microsoft 365 Copilot, and work reliably, efficiently, and scalably. Achieving those outcomes depends on five key strategies.

Start with user intent, not the API

Start by asking a simple but powerful question: What will users actually ask your agent? Instead of designing the API first, flip the process:

• Gather real user queries to understand actual use cases.
• Refine the queries using prompt engineering techniques to align them with expected AI behavior.
• Design the API to provide structured responses to those refined queries.

By starting with user intent, you ensure your agent answers real user questions directly, avoids over-engineering unnecessary endpoints, and delivers meaningful results without excessive back-end processing.

“Now the info is at people’s fingertips,” Beg says. “The advantage of an agent is that users don’t have to understand a complex UI, so they can get quick answers and get back to work.”

The advantage of an agent is that users don’t have to understand a complex UI, so they can get quick answers and get back to work.”

Design APIs for Microsoft 365 Copilot Integration

It’s important to build an API schema that returns precise and structured data to make it easy for Copilot to consume. This ensures your APIs return data in a format that directly answers user queries. Copilot expects responses in under three seconds, so focus on optimizing API responses for low latency.

Once you have your list of key questions, design your API schema to return the exact data you need to answer those questions. Your goal should be to ensure every API response has a structure that makes it easy for Copilot to understand.

Teach Microsoft 365 Copilot to call your API

Copilot needs to know how to call your API. Manifests and OpenAPI descriptions accomplish that training.

Create detailed OpenAPI documentation and plugin manifests so Copilot knows what your API does, how to invoke it, and what responses to expect. You’ll likely need to adjust to these files through a process of trial and error.  

Scale APIs for performance and reliability

Once you have your schema and integration in place, it’s time to move on to the primary engineering challenge: making your API scalable, efficient, and reliable.

Prioritize the following goals:

• Fast response times: Copilot expects quick answers.
• High scalability: This ensures seamless performance at scale.
• Reliable uptime: The system needs to remain robust.

We recommend setting a very strict latency limit while implementing your API to retrieve data, since Copilot needs time to generate its response. Existing API endpoints often involve complex data joins rather than simply returning rows from data tables. This complexity can lead to longer processing times, particularly with intricate queries that involve multiple data stores.

To address these potential delays, pre-cache results to significantly enhance performance. This can help overcome the latency requirements imposed by Copilot.

At this point, you’ll see why starting with user intent and iteratively refining API design is important. By grounding your work in user behaviors, you’ll align with the following best practices:

• Structure your response to directly address user queries.
  Instead of just returning raw data, the API should provide meaningful insights Copilot can interpret. Prompt engineering marries user intent with the most understandable API schema.
• Keep your API flexible enough to adapt to evolving business needs.
  Real-world workflows change over time, and an API should be able to support those changes without massive refactoring.
• Avoid performance bottlenecks caused by unnecessary complexity.
  Understanding the exact data requirements up front prevents heavy joins, excessive filtering, and inefficient data retrieval logic.
• Optimize for Copilot’s real-time response constraints.
  With a strict limit on latency, consider pre-optimization techniques like pre-caching results and simplifying query logic from the very beginning of your API implementation.

If you attempt to build a scalable, reliable API without first understanding how users will interact with your agent, you’ll spend months reworking the schema, debugging inefficiencies, and struggling with integration challenges.

Consider compliance and responsible AI

Unlike custom agents or OpenAI API integrations, knowledge-only agents require far less effort to meet Microsoft’s Responsible AI Standard. Microsoft tools’ built-in compliance capabilities handle much of the complexity. As a result, you can focus on efficiency and optimization rather than regulatory hurdles.

“Agent-based automation must balance speed with responsibility,” Nasir says. “We embed compliance, cost control, and telemetry from the start, so our systems don’t just scale, they mature.”

APIs and the agentic future

Building API-based agents is more than just an integration exercise. It’s about creating scalable, intelligent, and compliant AI-driven workflows. By aligning your API design with user intent, you set Microsoft 365 Copilot free to retrieve and interpret information accurately. That leads to a seamless AI experience for your employees.

Thanks to Copilot’s built-in security and compliance features, API-based Copilot agents are some of the most efficient, compliant, and enterprise-ready ways to deploy AI solutions. They represent another step into an AI-first future tailored to your employees’ and organization’s needs.

Tools like API-based agents democratize the information we all need to do our jobs better, because we’re all getting the same data from the same place. This is why an AI-first mindset is actually human-first.

Key takeaways

Here are some things to keep in mind when designing agent-powered experiences that are fast, reliable, and aligned with user expectations.

• Response time is key. Choose single APIs that have low latency to facilitate both the technical requirements of Copilot and users’ needs.
• Consider the source. Data has to be high-quality on the backend. It’s worth reviewing your data and ensuring the hygiene is good.
• Agents and APIs need to align. Design with task-centric, well-structured agents. Determine your high-level goals, then use the OpenAI standard, OpenAPI, or graph schemas to describe task endpoints. Define each API’s capability, input schema, and expected outcome very clearly.
• Plan ahead to avoid surprises. Design your APIs to minimize potential side effects, especially through enabling natural-language-to-API mapping, because that’s the biggest change in methodology.
• Design for visibility. Agents need to be observable and explainable, so implement metrics-driven monitoring. Having API-level telemetry in addition to Copilot-level telemetry enables continuous improvement.

Try it out

Create and deploy an agent in Microsoft Copilot Studio.

Related links

• Learn how we’re enabling modern support at Microsoft with AI.
• Find out how we’re embracing this new ‘agentic’ moment at Microsoft.
• Check out how we’re riding the wave of agents washing over Microsoft with good governance.
• Discover ways our employees are extending enterprise AI with custom retrieval agents.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Unleashing API-powered agents at Microsoft: Our internal learnings and a step-by-step guide appeared first on Inside Track Blog.

At Microsoft, the Total Rewards Portal (TRP) is the mechanism by which this value proposition is communicated and shared worldwide to our 220,000-plus global employees on an individual level.

The TRP has been on a journey since it first launched over a decade ago, undergoing several iterations, including initially being hosted by a third-party vendor. In 2021, it was brought in-house and hosted on Microsoft Azure, giving us more control and flexibility to further enhance the experience. As part of this continual improvement, hearing from employees and managers about their usage and satisfaction with the tool has been critical to its overall success and further development. 

“We took a three-phased approach to help us inform the most recent design, as well as guide the objectives, goals, and principles for the future state of this tool,” says Nur Sheikhassan, a principal group engineering manager on the Rewards and Compensation team in Microsoft Digital, the company’s IT organization.

Phase 1—Understand TRP usage 

The goal of phase one was to establish a baseline understanding of usage and gather insights into what was working and what wasn’t. One-on-one interviews were conducted with both employees and managers to obtain feedback. Our key findings included: 

1. Integration of tangible and intangible total rewards: Understanding that total compensation and benefits are often comprised of both tangible elements (such as money) and intangible elements (such as culture and work/life balance), we found it’s important to surface both in order to clearly communicate the total value of the compensation and benefits package and highlight it in a way that provides clarity rather than clutter. 
2. Make TRP more discoverable: The discoverability of TRP, particularly outside of rewards season, had been particularly low. Clearly and consistently branding the site and situating it within areas employees commonly use could help them discover employee tools and content related to rewards more easily.
3. Optimize for the complete task flow: The tool needed to fully consider the complete flow of a potential task. We identified all the information one might be in search of to learn about their total compensation to ensure users do not feel the need to seek out additional resources on other sites and tools.
4. Consider surfacing contextual data: We needed to think critically about the contextual data brought in to TRP, and to use data that will only enhance employees’ understanding of the value of the Microsoft compensation and benefits packages. Focusing on common scenarios—such as hiring, managers’ rewards conversations with directs, and modeling future rewards—would help provide a clearer picture of what data should be included.

Phase 2—Develop common TRP scenarios 

The next phase was designed to build on the learnings from phase one, leveraging common TRP scenarios to help us understand what’s working and what’s not. Exploring these scenarios uncovered opportunities for consideration and started to light up themes around the need to get to overall rewards understanding faster, to drive meaning through contextual data, and to seamlessly connect related tools and sites. The three key themes that came out of this phase were: 

1. Clearly communicate the value of total rewards opportunity: We wanted to display total rewards clearly, succinctly, and comprehensively, indicating relevant timeframes and breaking out cash base value and bonus. We looked at utilizing data visualizations (i.e., charts) more strategically to help give users a clearer view of changes and trends; otherwise, more detailed data in a table was considered to increase usability.
2. Empower rewards conversations: We needed to provide more conversation starters or pointers within the tool to help managers be prepared and have more meaningful rewards conversations with their teams.
3. Optimize rewards workflows: Better access to related content and websites to enable task completion across the tools in the HR ecosystem was evaluated. This helps managers traverse the fragmented manager-tool ecosystem by providing relevant links, on-ramps, and off-ramps to related tools and information for a more seamless experience that improves workflow.

“It was abundantly clear the immediate appeal the new TRP design had on employees and managers alike.”

Jennifer Hugill, principal program manager, Rewards and Compensation team

Phase 3—Optimize TRP design

Building on the learnings captured from the first two phases, a redesigned user experience was developed, including a high-fidelity prototype. The goal of phase three was to assess the usability of the new site and ultimately ensure that user needs and pain points were addressed with the new design.

“It was abundantly clear the immediate appeal the new TRP design had on employees and managers alike,” says Jennifer Hugill, a principal program manager on the Rewards and Compensation team. “The clean, welcoming visuals and the ability to see more detail on each page in an easy-to-understand layout were all enhancements that were very well-received.”

Total Rewards Portal: Employee view

Key benefits of the newly configured site include: 

1. Seamless task completion and delightful moments: Core tasks were easily completed, with participants noting the ability to see multiple pieces of information in a single view. Calculations that had real impact were already done for the user, and thoughtful additions like talking points and personal notes are considered both helpful and delightful. 
2. Continued focus on aggregation of information as a key value-add: Bringing together information from disparate systems and tools is important to users. For individual contributor (IC) views, it means showing all compensation-related information in TRP, including hourly wages for hourly workers and revenue and/or commitment-based incentives for sales employees. For managers, it’s bringing together information on direct reports into a single table. 
3. System “insights” that help fulfill business and user goals: Providing system-derived “insights” in both manager and IC views allows employees to spend less time connecting the dots between pieces of information and more time making decisions and taking action. For managers, it provides team insights to ensure fair compensation and talent retention. In an IC view, it showcases opportunities to take advantage of additional benefits left on the table. 

“Ultimately, the goal of the TRP is to show the value of an employee’s individual rewards, while empowering rewards conversations for managers and providing a complete data set to inform decisions.”

Nur Sheikhassan, principal group engineering manager, Rewards and Compensation team

“The Total Rewards Portal provides seamless access to information about my team’s comprehensive rewards and compensation, allowing me to have meaningful discussions with my employees and leadership during Connect season and beyond,” says Michelle Huenink, a Microsoft manager and global enablement leader in Customer Service and Support.

Total Rewards Portal: Manager view

Vision and future state

Putting all the user research findings together leads to clear business objectives and user experience goals for the future state of the TRP solution. These foundational elements ensure the right principles are in place for the product team, providing the guideposts to stay true to the product objectives and goals. 

“Ultimately, the goal of the TRP is to show the value of an employee’s individual rewards, while empowering rewards conversations for managers and providing a complete data set to inform decisions,” Sheikhassan says. “Keeping these core objectives at the heart of our future enhancements enables us to continue to have a tool that provides a consistent experience that our employees will use and enjoy as part of their overall Microsoft employee experience journey.”

Key takeaways

Here are some of our top learnings from our experience with the Totals Rewards Portal:

• In a competitive talent market, having a tool like the TRP helps clearly represent the value of Microsoft compensation and benefits and reminds employees of the company’s investment in them.
• By using multiple micro-services, we can build a better experience to represent employee compensation at various stages of an employee’s journey with Microsoft.
• Developing and using the Total Rewards Portal is providing us with a strong return on investment (ROI) over time, especially because it was developed in-house and is now hosted on Microsoft Azure. 
• Our sensitive compensation information for 220,000-plus employees stays securely within the control of Microsoft while still informing our employees of their compensation value. 

Try it out

Learn more about the benefits of Microsoft Azure and how you can try it out for free.

Related links

• Read about the ways Microsoft HR is empowering employees with Microsoft Viva and Microsoft 365 Copilot.
• Discover how we’re enabling advanced HR analytics and AI with Microsoft Azure Data Lake.
• Explore how Microsoft Viva became a business transformation engine at Microsoft.
• Find out how AI is revolutionizing the way we support corporate functions at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Helping Microsoft employees understand their value with the Total Rewards Portal appeared first on Inside Track Blog.

As one of the first global enterprises to implement Microsoft 365 Copilot and other AI tools at scale, we entered the AI era with a mix of boldness and caution. That meant striving to capture the opportunities of AI fully while protecting our employees, customers, and company.

Throughout that process, we’ve relied on a series of employee-led councils to help us guide our strategy, drive our transformation, and shape our AI-forward culture. These bodies have been crucial for driving implementation excellence, maintaining an AI-ready data estate, and ensuring that we infuse this new technology with responsibility.

This is the story of how Microsoft Digital, the company’s IT organization, established the AI Center of Excellence (CoE), the Data Council, and a team of responsible AI champions connected to the company’s overarching Responsible AI Council, and how these three groups are leading the way on effective, secure AI. Sharing these responsibilities across three different councils helps employees apply their specialized expertise and passion to challenges around implementation, data, and responsibility.

Different methods and structures will work for different organizations, but learning from the ways our AI councils operate can inspire your own efforts as you explore and implement AI projects.

The need for a guiding hand in AI

AI is a fast-moving technology. In just the last couple of years, the world has progressed through the advent of generative AI, the release of enterprise-grade AI solutions like Microsoft 365 Copilot, and the emergence of agents.

That velocity has meant that some companies have adopted AI with insufficient governance, security, data infrastructure, or strategies for aligning initiatives with their business priorities. That isn’t just risky. It also doesn’t drive effective impact.

“At Microsoft, we knew we couldn’t just implement AI for its own sake,” says Don Campbell, senior director of Employee Experience Success at Microsoft Digital. “Just like any other technology, the core challenge for AI is determining the right solutions to deliver on concrete, measurable business outcomes in the best, quickest, most responsible way.”

A clear vision detailing how AI will support your business is essential, but the technical and talent foundations also need to be in place. With technology as revolutionary as AI, that’s a substantial challenge.

Any organization adopting AI for the first time will have plenty of questions, and Microsoft was no different. In the past year, we’ve had to wrestle with some foundational ideas:

• What should our strategy be, and how do we get there?
• How do we enable employees through skilling and infuse AI into our culture?
• How can we organize our company’s data to support effective AI?

Answering those questions required insights across multiple disciplines.

Finally, the question of implementing AI responsibly was critical. Creating AI that’s safe, fair, and accessible to all ensures the AI revolution is a truly human movement.

A wide coalition came together from across Microsoft Digital and the company as a whole to contribute their expertise and tackle these challenges. Three AI councils have been instrumental in leading this work.

AI councils in action at Microsoft Digital

At Microsoft Digital, we have a long history of forming virtual teams that help us unlock agility.

Virtual teams are units composed of different disciplines and sponsored by senior leadership to help guide strategy for an area or initiative. Whether they’re mandated by the organization or arise organically through employees’ passion and initiative, they’ve become essential to the company’s fabric.

Not every organization will have the resources or staffing capacity to guide their AI initiatives in the same way as ours. But we’ve found that separate teams that reflect their members’ unique passions and skill sets help us zero in on specialized challenges across implementation, data, and responsibility.

The AI Center of Excellence

The AI CoE was Microsoft Digital’s first internal team dedicated to enabling AI. In fact, it formed before generative AI captured the world’s imagination.

At first, the team was simply a diverse group of professionals connecting over a shared passion for AI. But as our AI-powered transformation accelerated, they took on the responsibility for designing and championing how our organization uses this technology in the enterprise.

The AI CoE includes experts across Microsoft working in diverse fields. It’s a group of data scientists, machine learning engineers, business intelligence developers, research scientists, behavioral psychologists, and program managers.

This action-oriented team grounds its efforts in four workstreams underpinned by the company’s responsible AI principles.

As the maturity of AI-powered solutions has increased, the AI CoE’s role has also changed. At first, much of its work centered on ideation, education, and foundational architecture.

As AI initiatives have progressed, the team often showcases stories and learnings both internally and externally.

“Because we’ve connected our technical baselines and business priorities, we’re able to move faster,” says Faisal Nasir, principal architect with Microsoft Digital serving on the AI CoE’s leadership team. “Between strategy, technical architecture, implementation, and education, the AI CoE has been instrumental in finding the right direction for our community.”

One of the AI CoE’s current priorities is thinking through problems we’ve identified along our journey—issues like regulatory compliance issues or hallucinations. Combating these challenges relies on extensive collaboration with other teams, so their oversight and coordination are essential.

The AI CoE’s efforts also include retrospectives to help Microsoft Digital position itself for the successful execution of our AI roadmap’s next phase, helping to advance AI-powered transformation and adapt to new opportunities like agentic AI.

The Data Council

Our Data Council is a multidisciplinary team that includes professionals across several internal organizations, including Microsoft Digital, Human Resources, and Corporate, External, and Legal Affairs (CELA).

This team shapes a cohesive, scalable data strategy throughout Microsoft Digital that empowers cross-organizational insights and aligns with business goals. It was instrumental in implementing our data mesh architecture to enable domain-oriented data ownership, unlocking greater agility while maintaining security.

Much of the Data Council’s work is about resolving the challenges that massive quantities of enterprise data create. Of course, that mandate reaches beyond just AI, but good data is essential for AI to be trustworthy.

“Enterprise data management is a process that takes years, but AI moves fast, and organizations need to be efficient and enable teams with agility,” says Miguel Uribe, principal product manager lead responsible for coordinating Data Council workstreams in Microsoft Digital. “You can’t just live in the future, so you have to think about what to prioritize in the now to enable AI.”

This council addresses several data challenges:

• In an enterprise environment where there may be multiple copies of data, it’s important to determine which information is authoritative and surface that content through AI channels.
• Data drifts over time, and many people don’t yet have the knowledge or practices in place to keep AI systems in line with the most up-to-date information. Maintaining data freshness helps combat this drift.
• To surface the proper data, the data needs to be discoverable. In an enterprise environment like Microsoft, with no less than 19 enterprise data lakes, that can be a challenge.
• Effective governance ensures ownership over data, determines whether AI should be able to access it, and what policies or regulations apply to different kinds of data. Establishing proper governance requires extensive planning, implementation, and ongoing work.

“At the heart of our enterprise Data Council strategy is a bold commitment to unifying people, process, and technology to power AI with purpose,” Nasir says. “By aligning governance, data quality, and culture, we’re not just managing data—we’re also turning it into a trusted foundation for intelligent insights, ethical innovation, and enterprise-wide transformation.”

Our vision for our data council is to build and employ a cohesive data strategy across Microsoft Digital that enables descriptive, predictive, and prescriptive analytics while delivering intelligent insights through connected and scalable data capabilities and platforms. Our team tackles these challenges by prioritizing the five following strategic pillars that work across the four workstreams that follow.

The Data Council’s most recent focus is accelerating our AI journey at Microsoft Digital through “AI-ready data. That means secure, compliant, and reliable enterprise data we can use to enable the AI applications and services we create to boost our enterprise processes.

“Thanks to AI, we’re in the era where data is a part of every role,” says Diego Baccino, principal software engineering manager leading the Technology Strategy workstream for Microsoft Digital. “The world isn’t siloed into ‘data analysts’ and ‘everyone else’ anymore, so it’s our job to present data in a way that works for everybody.”

The Responsible AI Council

The Responsible AI Council is part of a fabric that reaches into every organization across Microsoft.

Responsible AI is a top priority at the company, and it requires both internal policymakers to develop its underlying principles and operational leaders to infuse those principles into all the work we do. With a discrete council covering responsible AI, we can provide better oversight for AI projects and support for the employees creating them.

Microsoft established the Office of Responsible AI (ORA) in 2019. It determined that every AI initiative at the company should receive an impact assessment to make sure it’s properly envisioned, scoped, and secured. These reviews ensure our internal AI projects align with the Microsoft Responsible AI Standard, our rulebook for people developing or using AI.

At the same time, members of different teams across Microsoft were already forming communities of practice around responsible AI. Organic virtual teams within Microsoft Digital and other business groups with a natural interest in technology, law, and governance were already exploring ways to use AI responsibly. Responding to ORA’s AI’s directive around impact assessments, these volunteer groups became official teams of champions operating under the Responsible AI Council who act as guides and reviewers for AI initiatives within their respective organizations.

Over time, we formalized this process into a critical internal workflow tool. This portal logs every project. It pulls in champions to review AI projects and provide direction or education where necessary. And crucially, it guides AI developers through initial impact assessments and final release assessments.

As members of the company’s IT organization, Microsoft Digital’s champion team was instrumental in helping create this tool. It’s now in operation across the company and helps instill responsible AI standards into the software development lifecycle behind AI projects.

“We didn’t want this to be just a compliance step,” says Jamian Smith, principal product manager and Responsible AI co-lead at Microsoft Digital. “We wanted it to be an opportunity for reflection and guidance to really incorporate responsible AI thinking into the product lifecycle.”

As representatives of the Responsible AI Council within Microsoft Digital, our champion team carries the torch for six core principles and includes members working across several key areas.

Aside from managing the assessment and review portal, Microsoft Digital’s responsible AI leaders meet regularly with ORA to keep both groups aligned as our transformation progresses. They also release quarterly newsletters to reinforce the impact assessment process and highlight changes to responsible AI policy, all while connecting with the teams creating AI projects to provide guidance and check progress.

Aligning our efforts with Microsoft’s vision for AI

As our AI councils have grown and matured, we’ve looked for ways to align their work even more closely with Microsoft Digital’s vision. That vision depends on leadership.

To help coordinate the councils’ efforts horizontally, we created a set of pillars and a corresponding team of leaders to own accountability for those areas. That team aligned on three core priorities:

• Transform and secure our network and infrastructure to infuse operations with data-driven insights, improve reliability, and revolutionize productivity and compliance by preemptively addressing potential disruptions.
• Revolutionize user services across tenant management, collaboration services, and support, with the goal of making Microsoft employees the most connected, efficient, and productive in the industry.
• Accelerate corporate functions growth by streamlining processes, ensuring compliance, and transforming actionable insights into real-world outcomes to equip function-specific roles with the tools and insights they need to excel.

A complementary team of executive sponsors and leads is accountable for supporting each of these pillars horizontally across the company. Together, these roles shape and influence the vision, strategy, and execution of our AI-powered digital experiences. While pillar sponsors provide support and direction to align outcomes with Microsoft Digital’s overall vision, pillar leads are accountable for driving the work forward and ensuring it matches our business goals.

As the councils’ roles have evolved, there’s been greater collaboration between them. Their collective efforts make for rich, organic cooperation and strong connections across priorities. Both the AI CoE and Data Council meet regularly with the pillar leads as the Responsible AI Councils work in parallel. All of this provides a way to synchronize different workstreams with Microsoft’s vision for AI.

“The closer we work together, the more effective we are at addressing our priorities,” Uribe says. “At the end of the day, it’s all about delivering on our strategy with agility by continuously adjusting our plans to what’s most needed right now.”

Microsoft’s scale and sophistication make discrete but collaborative councils necessary. If you’re operating on a leaner basis, the exact structure isn’t important. What matters is prioritizing strategic implementation, AI-ready data, and responsibility, then putting the right people in place as custodians of those crucial components.

Our experience can act as a guide as you consider how to organize your own AI guiding hands.

Empowering AI initiatives to drive business impact

As each of these teams works within their purview to guide Microsoft Digital’s AI initiatives, they’re committed to continuous improvement.

“Organizational teams naturally operate at varying speeds of innovation and adoption,” says Nitul Pancholi, principal and director of the AI Center of Excellence. “While each group makes meaningful, incremental progress, the true value lies in creating forums where we can openly share our diverse experiences and insights. Enabling this cross-pollination of ideas accelerates collective learning and drives strategic alignment across the enterprise.”

The systems that the AI CoE, Data Council, and Responsible AI Council have established are weaving vision, AI readiness, and high standards of behavior into every project we undertake. That means we’re progressing steadily toward an AI-powered future, complete with robust infrastructure and solutions that meet the demands of a rapidly changing enterprise.

One of the most important developments is the introduction of a framework for tracking our AI initiatives’ value and impact. It’s a way for us to identify our big bets and evaluate them across six dimensions of impact:

• Revenue impact: Direct contributions to revenue generation and business growth
• Productivity and efficiency: Efficiency gains while completing tasks and processes without a reduction in quality
• Security and risk management: Improvements in identifying, preventing, and managing security vulnerabilities and risks
• Employee and customer experience: The impact of AI initiatives on employee satisfaction, engagement, and productivity
• Quality improvement: Enhancements in the quality of deliverables, services, and processes
• Cost savings: Reduction in operational costs and resource allocation efficiencies

From there, we zero in on specific metrics to measure their value. The goal is to attune our AI projects with Microsoft’s overarching business objectives so they drive the greatest impact.

This measurement framework is laying the foundation for the insights necessary to empower a continuous improvement mindset. As a result, we’re looking ahead to a virtuous cycle of implementation, insights, and improvement for all AI initiatives.

All of this depends on the diligent work that our council members perform day in and day out. As we progress into greater AI maturity and move from enablement to impact, the groundwork these teams have laid will be the foundation for our continued innovation in the AI era.

Here are some tips for using an employee-based AI council at your company:

• Coordinate closely with leadership to align your councils’ work with your organization’s vision, prioritize projects, select the right stakeholders, and provide clear lines of communication.
• Seek progress over perfection: Best practices and successes will emerge over time. Collaborative councils will help you push forward together.
• Prioritize multidisciplinary teams with representatives from different business domains to account for diverse knowledge bases, skill sets, and perspectives. Ensure you include technical experts.
• When councils begin prioritizing projects, start with incremental, attainable initiatives rather than massive implementations.

Learn more about deploying Microsoft 365 Copilot at your company.

• Learn more about responsible AI and how we’re infusing it into our internal AI projects at Microsoft.
• Read more about our AI Center of Excellence.
• Find out more about how our Data Council is powering our unified data strategy at Microsoft.
• See how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Guiding hands: Inside the councils steering AI projects at Microsoft appeared first on Inside Track Blog.

• Introduction: Governance in the age of AI
• Chapter 1: Enable self-service
• Chapter 2: Establish container labels and set well-scoped, intuitive defaults
• Chapter 3: Derive file labels from parent containers
• Chapter 4: Train employees
• Chapter 5: Trust employees, but verify their work
• Chapter 6: Implement lifecycle management and attestation
• Chapter 7: Enable company-sharable links
• Chapter 8: Extract inventory to detect and report oversharing
• Conclusion: The way forward
• Appendix: More resources for you

Governance in the age of AI

Unlocking the next generation of productivity tools

Microsoft 365 Copilot combines the power of large language models (LLMs) with your organization’s data to turn employees’ words into some of the most powerful productivity tools on the planet—all within the flow of work. It suffuses the Microsoft 365 apps your people use every day, including Word, Excel, PowerPoint, Outlook, Teams, and more, to provide real-time intelligent assistance.

Initial results from our Microsoft Digital team, the company’s IT organization, and early adopters speak for themselves.

Source: What can Copilot’s earliest users teach us about AI at work?

Getting governance right

With all the opportunities AI presents, your organization might be in the process of implementing Microsoft 365 Copilot. But it’s important to do that safely.

Copilot combs through your organization’s entire data estate in the blink of an eye, so the old method of security through obscurity doesn’t cut it. You need to assert control over where data flows throughout your tenant so Copilot knows what it can and can’t access or display.

To ensure that proper data hygiene extends to AI-powered workflows, Microsoft designed Copilot to respect the sensitivity labels and data loss prevention (DLP) controls that organizations configure in their Microsoft Azure environment. That way, administrators can be confident that the right people and apps have access to the data they need, and it doesn’t appear where it shouldn’t.

 {Download the eBook version of this Governance in the age of AI readiness guide.}

Our team in Microsoft Digital implemented a company-wide governance strategy to address this issue. In the process, we learned valuable lessons that will be useful to any organization using Copilot.

This guide outlines our process for implementing a governance strategy that delivers the benefits of Copilot to Microsoft employees while minimizing the risks and entryways into our data estate. It shares our internal learnings so our customers can get up and running while avoiding pitfalls or surprises.

Follow along to find out how you can safely and effectively deploy Copilot at your organization—backed by rock-solid governance.

Principles for effective AI governance

Use this set of tips to ground yourself as you read through this guide.

Enable self-service

Give employees the ability to create new workspaces across your Microsoft 365 applications. By maintaining all data on a unified Microsoft 365 tenant, you ensure that your governance strategy applies to any new workspaces.

Limit the number of information protection labels

Limit your taxonomy to a maximum of five parent labels and five sub-labels. That way, employees won’t feel overwhelmed by the volume of different options.

Use intuitive labels that mean what they say

Make your labels simple and legible. For example, a “business-critical” label might imply confidentiality, but every employee’s work feels critical to them. On the other hand, there’s very little doubt about what “highly confidential” or “public” mean.

Capture container labels for groups and sites

Label your data containers for segmentation to ensure your data isn’t overexposed by default. Consider setting your container label defaults to the “Private: no guests” setting.

Derive file labels from parent containers

Classify files according to their parent containers. That consistency boosts security at multiple levels and ensures that deviations from the default are exceptions, not the norm.

Train employees

Train your employees to handle and label sensitive data to increase accuracy and ensure they recognize labeling cues across your productivity suite.

Trust employees, but verify their work

Trust your employees to apply sensitivity labels, but also verify them. Check against DLP standards and use auto-labeling and quarantining through Microsoft Purview automation.

Implement lifecycle management and attestation

Use strong lifecycle management policies that require employees to attest containers, creating a chain of accountability.

Enable company-sharable links

Limit oversharing at the source by enabling company-shareable links rather than forcing employees to add large groups for access. For highly confidential items, limit sharing to employees on a need-to-know basis.

Extract inventory to detect and report oversharing

Use Microsoft Graph Data Connect extraction in conjunction with Microsoft Purview to catch and report oversharing after the fact. When you find irregularities, contain the vulnerability or require the responsible party to repair it themselves.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Find out how we governed our deployment of Microsoft 365 Copilot.
• View our condensed, CIO version of our Microsoft 365 Copilot deployment guide.
• Learn how we’re responding to the AI revolution with a Center of Excellence.

More guidance for you

Here are more assets that we found useful.

• Get an overview of pre-deployment preparation for Microsoft 365 Copilot.
• Learn about our Copilot Success Kit, a one-stop shop for most of our Copilot deployment and adoption resources.
• Watch a presentation from the Microsoft 365 Community Conference about governance and administration at Microsoft in the era of Copilot.

Chapter 1: Enable self-service

Applying self-service principles to the way we manage labeling and governance emerged as a crucial step for us. 

Secure self-service that empowers employees

Self-service is a core tenet of employee empowerment here at Microsoft. We want to give every employee the independence to create the resources they need without engaging IT. But that level of freedom relies on ensuring our Microsoft Digital governance team identifies and protects valuable data. As a result, our employees can implement and own the containers, workspaces, and content they need to do their work productively. 

Self-service forms the foundation of our entire governance strategy. Employees can create workspaces and content across many of the Microsoft tools they use for their day-to-day work, including SharePoint, OneDrive, Teams, and Power Platform. That freedom enables a culture of innovation and agility, where people can work together across teams and geographies without encountering “IT gating,” the need for IT to get involved in enabling day-to-day activities.

By encouraging collaboration in place, our tenant structure frees employees from resorting to email attachments or working in overly broad and open workspaces. As an IT team ourselves, we understand the value of eliminating IT gating for minimizing the time and effort our professionals need to invest in keeping employees productive.

This kind of data hygiene isn’t just about Microsoft 365 Copilot. It maintains data security and compliance wherever employees access company content and information. But because Copilot depends on the ability to access an organization’s data estate, good governance is essential for keeping it within bounds—especially in a self-service culture.

Pillars of our asset governance

Empower employees

Support self-service creation

Use lifecycle management

Identifying valuable and vulnerable content

Require classification for containers

Scan with Microsoft Purview Data Loss Prevention (DLP)

Protect assets

Limit reach

Enforce policy

Use conditional access or multi-factor authentication

Microsoft Purview Information Protection

Ensure accountability

Manage group or site ownership

Review external membership

Generate reports

Microsoft Digital’s asset governance strategy rests on four pillars: Empowering employees, identifying valuable and vulnerable content, protecting our assets, and ensuring accountability.

Responsible self-service

Self-service container creation has abundant benefits, but it also poses some challenges for content governance and security—things like oversharing, unneeded asset sprawl, and data leakage. To address these challenges, our Microsoft Digital governance team has established self-service principles that balance the needs of employees and the company.

As we in Microsoft Digital have worked to improve the company’s overall governance posture, we’ve learned several important lessons. When you consider self-service container creation, there are a few questions to ask yourself:

When you’ve settled on degrees of autonomy and where to apply it, you can begin your AI governance journey. Find out how to configure containers for self-service here.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• dCheck out our guide for deploying Microsoft 365 Copilot.
• View our condensed, CIO version of our Microsoft 365 Copilot deployment guide.

More guidance for you

Here are more assets that we found useful.

• Get an overview of pre-deployment preparation for Microsoft 365 Copilot.
• Learn about our Copilot Success Kit, a one-stop shop for most of our Copilot deployment and adoption resources.

Chapter 2: Establish container labels and set well-scoped, intuitive defaults

We developed healthy baseline practices to ensure both our employees and the resources that they work with are protected.

Balancing freedom with trust through an easy-to-use labeling taxonomy

Self-service container creation forms the foundation of our employee-centric governance strategy. As part of that freedom, our Microsoft Digital governance team has established baseline protections inherent to all containers, and those protections depend on sensitivity labels. Microsoft 365 Copilot respects labels, so establishing effective labeling practices extends data security into our employees’ AI usage.

Baseline labeling habits

Employees need to label every container or workspace they create using Purview Information Protection (PIP) container labels. It’s a matter of policy at Microsoft: If it isn’t labeled, we delete it. We use container labeling for data delineation and to apply consistent protection and governance policies to containers based on their sensitivity and purpose. Microsoft labels break out into four different categories.

Container labels provide two things:

• First, they drive user awareness over how to handle content. For example, if something is highly confidential, employees shouldn’t talk about it in the café.
• Second, they illustrate what data is appropriate for which container. In other words, they signal to an employee that they shouldn’t store highly confidential documents on a general site.

Our Microsoft Digital governance team predefines and centrally manages labels to align them with broader MIP sensitivity levels used for email, files, meetings, and containers. Those include the same four categories: “highly confidential,” “confidential,” “general,” and “public,” although we don’t use the latter for containers.

Matching labels with policies and protections

Each label we’ve defined has a set of protection settings that include policies around characteristics like guest allowance and membership openness. They also drive inherited file labeling, which we use for encryption.

At its core, container classification communicates four things:

• Privacy level: Labels determine whether the workspace is broadly available internally or it’s a private site.
• External permissions: We administer guest allowance via the group’s classification, allowing specified partners to access teams when appropriate.
• Sharing guidelines: We tie important governance policies to the container’s label. For example, can employees share this workspace outside Microsoft? Is this group limited to a specific division or team? Or is it restricted to specific people? The label establishes these rules.
• Conditional access: While not implemented at Microsoft, tying identity and device verification to container labels introduces additional governance controls.

After extensive experimentation, we arrived at our current schema for how container sensitivity labels align with MIP policies. Your organization might make different choices about your labels’ relationships with information protection policies, but this can give you an idea of what a healthy governance ecosystem looks like.

Information protection container sensitivity labels

Building a process around employee ownership

The labeling process works like this: When employees create a new container, they’re responsible for selecting a container label that matches the sensitivity and purpose of the content they intend to store and share. By default, we lock new containers, which means that only the owner and members can access them. Locked containers prevent unauthorized or accidental access to their content.

Container owners can unlock the container if they need to share content with a broader audience within the organization or external partners. Container owners can also change the container label if the sensitivity or purpose of the content changes over time.

At Microsoft, this process provides the right combination of flexibility and protection while empowering employees with effective self-service.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Learn how we create self-service sensitivity labels in Microsoft 365.
• Find out how we’re using sensitivity labels to make Microsoft more secure.

More guidance for you

Here are more assets that we found useful.

• Find information about getting started with sensitivity labels.

Chapter 3: Derive file labels from parent containers

We’re using default file-labeling based on container labels to help our teams stay consistent with how they create and store resources that they work on. Here’s how that looks for our employees:

Understanding our sensitivity labels

By defaulting file labels to their container labels, you can ensure that every item and collaborative space will align with both its context in your organization and your information protection policies. As a result, Copilot will respect those labels and their corresponding information protection policies.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Find out how we’re using sensitivity labeling as a new layer of security for Microsoft Teams Premium meetings.
• Learn how we’re using sensitivity labels to make Microsoft more secure.

More guidance for you

Here are more assets that we found useful.

• Learn more about configuring default sensitivity labels in SharePoint libraries.

Chapter 4: Train employees

Training your employees on how to handle and label sensitive data was and continues to be a critical step on our governance journey. 

Empowering our employees: A joint effort between IT and users

Establishing a robust labeling strategy is only part of good governance. When it comes to getting employees on board, culture is as critical as policy.

At Microsoft, employee learning and development are how we move sensitivity labeling from the administrative sphere into day-to-day practice. It helps us increase the accuracy of how our labels are used and ensures that our employees recognize labeling cues when they appear across our productivity suite.

Every incoming Microsoft employee takes our Standards of Business Conduct and security trainings. As part of that process, we created an internal SharePoint resource dedicated to educating employees about their responsibilities for labeling and adhering to our governance policies. It educates employees about the philosophy behind our policies, shares a simplified overview of our sensitivity label structure, and provides practical, app-specific guidance for self-service labeling.

Use this decision tree to determine the sensitivity label needed on your document” to “Using sensitivity label decision trees

Effective learning and development assets

As you build out your employee education assets, consider emulating our content with the following elements.

Aside from laying a solid foundation as an IT team, the most effective way to promote good governance is by bringing your workforce on board. Robust learning and development content is a powerful lever for establishing a culture of data security.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Find out how we’re deploying Microsoft 365 Copilot with the help of—you guessed it—Copilot.
• Check out how we’re embracing AI at Microsoft with AI certifications.

More guidance for you

Here are more assets that we found useful.

• Learn more about sensitivity labels.

Chapter 5: Trust employees, but verify their work

Trusting your employees while also verifying that what that their actions are secure via automation is a crucial step. 

Self-service with guardrails: How we’re backstopping our employee efforts with technology

Thanks to our education efforts and intuitive labeling interfaces, we trust employees to apply sensitivity labels. But we also verify their work. It’s how we catch the 1% of edge cases where problems might arise.

We accomplish that by checking files against our DLP standards and using auto-labeling and quarantining when we need them. Swiftly tying up any loose ends eliminates wayward items that Microsoft 365 Copilot might scoop up during the course of its work.

At Microsoft Digital, we use Purview DLP policies to define the rules and actions for detecting and protecting sensitive data across Microsoft 365, SharePoint, OneDrive, and Teams.

DLP policies support vulnerable data types and scenarios that require protection. They include any kind of information that might introduce inappropriate access to company data or intellectual property:

• Access credentials like keys or tokens
• Personally identifying information
• Financial data
• Non-public source code
• Sign-in information

Reports and dashboards are available via Purview to help our team monitor and analyze content activity and compliance across the organization. They also provide insights into the volume, location, and usage of sensitive data, as well as any incidents and alerts that indicate potential data breaches or violations.

For example, an employee might label something as “General,” but it contains credentials or other sensitive end-user identification information (EUII). In those instances, Purview will automatically block the file from access beyond its owner or reapply a more appropriate label.

Automation and escalation

We’ve configured Purview to automatically remediate these kinds of issues or escalate them to our Microsoft Digital governance team for resolution when an issue is more complex. DLP remediation and escalation processes can involve several different groups of stakeholders depending on the severity and impact of the incident or alert:

• Content owners
• Content champions
• The MIP team
• Our legal team
• Security

We use Microsoft 365 Purview to run DLP remediation operations at scale.

Fortunately, all these features and functionalities are available out of the box through Microsoft 365 and Purview. After you’ve established your labeling strategy and policies, it’s just a matter of adding guardrails to your self-service environment. By automating information protection through quarantining content or rightsizing its label, you can keep Copilot from making sensitive information available where it shouldn’t.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Learn how we’re empowering our employees with generative AI while keeping the company secure.
• Check out how we’re transforming our data culture with AI-ready data.

More guidance for you

Here are more assets that we found useful.

• Find out how Microsoft Purview Data Loss prevention can help you automate remediation.

Chapter 6: Implement lifecycle management and attestation

We focused on strong lifecycle management policies and employee attestation to help us get our lifecycle management right. 

Pairing trust with accountability: How we’re maintaining our data hygiene with attestation

Attestation and self-service go hand-in-hand. In simple terms, it means employees can create what they need, but they’re accountable for its upkeep. In turn, that chain of accountability makes sure Copilot only accesses clean and appropriate data.

At Microsoft, we follow the principle of data minimization. That means only content that’s necessary and relevant for the company’s operations and objectives should exist in storage. Data minimization reduces the risk of oversharing content that isn’t cared for by employees, minimizes asset sprawl, halts data leakage, and improves quality and usability.

To implement this principle, Microsoft Digital requires that every existing container has attestation. By extension, we delete information that doesn’t have a full-time employee to care for it or that has become stale or irrelevant.

At Microsoft, we require attestation from a full-time employee every six months to confirm several aspects of their containers:

• It’s correctly labeled.
• Users actually care about its ongoing existence.
• The roster of people with access is accurate and necessary.
• Sharing capabilities are appropriately restrictive or permissive.
• It complies with corporate retention guidelines.

If a container or an item doesn’t have attestation, we consider it orphaned or abandoned, and it’s subject to deletion. You don’t want to be too draconian about these policies. We configure our Microsoft Entra group expiration policies and SharePoint Premium inactive sites attestation to give container owners 60 days to take action. That’s followed by a final notice at deletion time with a link to restore and resolve for another 30 days. We also archive deleted items for recovery over an extended period if employees decide they need them after the fact.

Managing exceptions

If a container is subject to a retention or hold for our legal team, that supersedes any deletion event. Generally speaking, containers where the legal team is the accountable owner aren’t subject to re-attestation because we handle those life cycles more granularly based on Purview retention policies.

Ultimately, every organization will have to decide what makes the most sense for them. Applying these principles will help you maintain organization-wide data hygiene, which prevents over-access from Copilot.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Check out our guide for deploying and driving adoption of Microsoft 365 for executives.
• Find out how using sensitivity labels is enabling us to give our employees the access they need to do their work.

More guidance for you

Here are more assets that we found useful.

• Find out how to configure the expiration policy for Microsoft 365 groups.
• Learn about managing site lifecycle policies.

Chapter 7: Enable company-sharable links

We’re finding that the best way to reduce oversharing is by addressing it at the source.

Enabling fluid, secure collaboration: How we’re extending access with company-shareable links

At Microsoft Digital, we recognize that content sharing is essential for collaboration and productivity. Employees need to share content with both internal and external audiences. But that also poses a risk of content oversharing when employees expose material to more people or for longer than necessary. It might also mean they’ve shared content without proper protection or classification.

In many cases, employees need to share content outside its container. That might include simply sharing a specific file outside of the container’s roster to enable collaboration in place without resorting to making a copy of the file. On the other hand, someone might need to email the file as an attachment.

Using company-shareable links

Microsoft Digital limits oversharing at the source by enabling company-shareable links (CSLs) for all containers and items except ones labeled “highly confidential.” A CSL is a type of link that allows anyone who receives it within our organization to access the content. CSLs are convenient and easy to use, and they promote a culture of openness and transparency.

Before CSLs, employees resorted to sharing with large security groups because they didn’t know which groups contained everyone who needed access, and manually adding every unique user was too cumbersome. That behavior leads to oversharing because anyone with access can stumble on the content in Microsoft Search or get answers from Copilot. Any Microsoft 365 discovery scenario will security-trim results, so it’s important that users can’t directly access things they don’t need.

While employees can pass a CSL around within the company, it isn’t discoverable in Microsoft Search or Copilot because only users who received the link directly via email or chat will have pre-granted access. It might seem counterintuitive that a CSL is more secure, but it eliminates the need for standing access to content and provides greater protection.

Finally, we allow content owners to modify or revoke CSLs if their sensitivity or purpose changes, or if sharing is no longer necessary. The content owner can also set an expiration date or a password for their link to enhance security and control.

Extra protection for highly confidential items

Our governance team at Microsoft Digital determined that we should enable CSLs by default for all containers and items labeled “public,” “general,” or “confidential.” As a result, employees can share content with their colleagues without having to grant individual permissions or manage access requests.

There are some kinds of content that employees absolutely shouldn’t share through a CSL. The risk emerges if someone copies the link into an open location like a broadly accessible document or community. You’ll have to decide where to draw that line for your organization. At Microsoft, we’ve elected to disable CSLs for all containers and items that are labeled “highly confidential.”

At Microsoft, highly confidential items require need-to-know access for specific people. For these files, employees use links they designate for specific people, which allows access to only individuals the content creator or owner explicitly identifies. In those situations, large security groups aren’t appropriate in any case.

Our policy compels employees to think about who needs access to content and take deliberate action before sharing. In some ways, it acts as an extra gate or prompt to keep our people security-conscious during the sharing process.

At Microsoft Digital, we tailored our policies to the company’s specific needs, but it provides a blueprint for other organizations to build a CSL strategy. Deciding what should be sharable and how will help you ensure robust information protection that’s still flexible enough to foster collaboration and productivity.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Learn how we’re transforming our enterprise IT infrastructure with AI.
• Check out how we’re using Microsoft Sentinel to reduce oversharing Power BI reports.

More guidance for you

Here are more assets that we found useful.

• Find out how  company-shareable links work in Microsoft 365 environments.

Chapter 8: Extract inventory to detect and report oversharing

When oversharing does slip through, it’s important to have systems in place to catch it. 

Remediating oversharing errors when they occur: How we’re reporting on broad-access files and sites with Microsoft Graph Data Connect

In spite of our Microsoft Digital governance team’s best efforts to limit oversharing at the source, it can still occur. In some ways, it’s inevitable.

Organizations are made up of people, and so will always experience human error. Left unchecked, content oversharing can have negative consequences for an organization, including data breaches, compliance violations, or reputational damage. It will also give employees access to that content through Copilot when it isn’t appropriate.

To detect and mitigate content oversharing, we use Microsoft Graph Data Connect to report on every broad-access file or site with more sensitive labels. It helps us access and analyze data from Microsoft 365, SharePoint, OneDrive, and Teams using Azure Data Factory, Azure Synapse Analytics, or Azure Machine Learning. We then connect those datasets in our data estate using Azure Synapse Spark and track how many SharePoint sites and items are currently overshared based on our business rules.

One of the principal benefits of Microsoft Graph Data Connect is accessing the information we need through each of these technologies in a secure and scalable way, with control governed by our tenant admins.

Using Microsoft Graph Data Connect for oversharing remediation

Reporting for accountability

Our tenant’s data team uses Microsoft Graph Data Connect to generate reports on every file or site on the tenant with a broad access level, like a CSL or link that can be shared with anyone. It also monitors any item with a sensitive label like “confidential” or “highly confidential.”

These reports provide information and insights on the content’s owners, recipients, activity, and content protection and compliance status. They also help identify and prioritize potential cases of content oversharing.

At Microsoft, this output is helpful for several groups of stakeholders:

• We share the reports with the content champions responsible for reviewing and validating any cases of content oversharing.
• We use the reports to contact and educate the content owners on how to resolve oversharing issues and comply with our governance and security policies.
• We share the reports with the legal and security teams responsible for investigating and responding to cases of content oversharing that involve legal or security risks and incidents.
• We track our improvement over time as we enforce policies on our assets.

To help customers benefit from this kind of visibility, we’ve created a freely available reporting template. We encourage you to use this tool to track oversharing.

Beyond weaving your Microsoft Graph data connect and data export into your own data estate, you can now also use SharePoint Advanced Management in SharePoint Premium to get a list of sites that meet a set of criteria that you select. We use this capability to find all our sites that share Highly Confidential data to more than 5,000 users. We then use the same capabilities to selectively require our site owners to fix any anomalies we discover.

Go here to get more information on this data access functionality in SharePoint.   

With the right controls and policies in place, you can minimize the number of oversharing errors your employees commit. But when errors do occur, a proactive detection strategy quarantines the risk from Copilot, even as your staff stays connected and collaborating.

How we did it at Microsoft

Use these assets to guide you our own journey—they represent how we did things here in Microsoft Digital.

• Check out how we’re deploying Microsoft 365 Copilot internally at Microsoft.
• Find out how we’re powering a generational shift in IT at Microsoft with AI.

More guidance for you

Here are more assets that we found useful.

• See how you can set up your Microsoft Graph Data Connect reporting appartus.

The way forward

Getting governance right in the age of AI

The advent of AI tools like Microsoft 365 Copilot is a once-in-a-generation development. At this point, we’re still learning all the ways that these tools can be used to unlock creativity, productivity, collaboration, and innovation. But we can be sure of one thing: implementing them securely and effectively should be priority one.

If you’re deploying Copilot to your organization, the lessons we’ve learned at Microsoft Digital can act as a roadmap for your own journey. Ultimately, the most important thing is to consider the data implications of AI assistance and plan accordingly. Diligence and forethought will make sure your employees get all the benefits of next-generation AI technology while your organization stays protected.

Welcome to the age of AI.

 {Download the eBook version of this Governance in the age of AI readiness guide.}

Appendix

This the full list of related resources shared with you in this readiness guide. 

How we did it at Microsoft with Microsoft 365 Copilot deployment and adoption

More guidance for you

Get your organization and data ready for Microsoft 365 Copilot.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post How we’re tackling Microsoft 365 Copilot governance internally at Microsoft appeared first on Inside Track Blog.

IT organizations—at Microsoft and companies around the world—will never be the same thanks to AI.

For all the benefits that AI and machine learning offer, one element we and companies like ours need to get right is data. After all, data is what’s powering the AI revolution.

Here in Microsoft Digital, the company’s IT organization, getting our data to an AI-ready state is a fundamental imperative. As such, we’re focused on four key areas of data management: quality, governance, compliance, and infrastructure.

Understanding AI-ready data

AI-ready data is data that’s available, complete, accurate, and high quality. With AI-ready data, our data scientists and engineers are better equipped to locate, process, and govern the enterprise data that drives our organization.

Our days of assembling, cleaning, and massaging data each time we launch a data-driven project are gone. Using guidance from our Microsoft Digital Data Council, a multi-disciplinary team that’s responsible for defining data quality standards for Microsoft Digital, and our Microsoft Digital AI Center of Excellence (CoE), we enhance our data discoverability and documentation before we launch any new AI-powered product or experience.  

“Our customers understand that data is the fuel that powers IT,” says Patrice Pelland, partner engineering manager for Microsoft Digital. “By ensuring our employees have access to data that is complete and accurate and prioritizing good governance, Microsoft is embracing the generational change brought on by AI.”

AI is already having transformative impact globally. In Microsoft Digital, we’re driving internal adoption of Microsoft 365 Copilot in every division of the company to increase productivity, enhance creativity, and improve efficiency. The benefits are already being realized, but the fact remains that Copilot and other AI tools are only as good as the data that supports them. The last thing we want our employees to experience is inaccurate or incomplete answers from AI-generated content. Powering tools like Copilot with AI-ready data allows our employees to work confidently, knowing that they can trust the information they’re working with.

{Learn more about how we’re responding to the AI Revolution with an AI Center of Excellence.}

Enhancing data management with AI

Before we truly realized the benefits of tools like Copilot, we needed to incorporate AI-ready data into the same data management and governance tools that many of you use: Microsoft Fabric and Microsoft Purview. For decades, the challenge of data analysts and engineers was maintaining a consistently reliable “source of truth” despite inconsistent data quality, insufficient governance, and years of collecting data in siloes. Fabric and Purview help to resolve these issues.

Fabric is our unified data and AI platform that combines the best of Microsoft Power BI, Azure Synapse Analytics, and Azure Data Factory to create a single, unified software as a service (SaaS) solution. Part of our AI-ready data strategy includes embracing data-mesh architecture. By using Fabric’s data lake, OneLake, to connect to data from anywhere and work from the same copy across platforms, our data scientists and engineers are executing that strategy. Fabric’s ability to unify data sources provides data professionals with the AI-ready data they need, all in one SaaS experience.

“There is no good AI without a solid, curated data stack,” says Delphine Clement, a principal product manager for the Microsoft Purview product team. “Democratizing data unlocks the power of enterprise data by cataloging, curating, and certifying it, then making it available to employees.”

Purview is our primary tool for data governance and ensures the security and compliance of Microsoft’s data assets. Purview has been reimagined to provide an integrated SaaS solution to the practice of data governance for enterprise-wide users. Delivering AI-ready data is a priority for maximizing the effectiveness of Purview and tools like it.

In addition to providing a unified data catalog that helps us classify and identify defects in our enterprise data, Purview enables Microsoft Digital to safely manage our data estate by applying data sensitivity labels to all the digital assets that comprise our Microsoft 365 content estate. Copilot uses sensitivity labels, file permissions, and rights management services to ensure that private or sensitive data isn’t reasoned over and overexposed. Purview also helps us maintain an effective chain of custody for our digital assets with strong data loss protection (DLP) capabilities to help us catch the 1% case when sensitive data leaks from our environment. An effective data governance strategy powered by Microsoft Purview is essential to enabling Microsoft Digital to support Responsible AI at Microsoft.

Our everyday corporate functions like Microsoft HR and Corporate, External, and Legal Affairs (CELA) depend on Purview to provide accurate data to complete projects, whether they’re smaller in scope or large-scale initiatives. For example, the accuracy of legal data required to complete a brief for a court filing is essential. With Purview, our CELA teams know the information they’re working with is high quality, accurate, and complete.

{Explore how we’re transforming our data governance at Microsoft with Purview and Fabric.}

Accelerating time to value with powerful AI models

AI-ready data can fast-track value realization by leveraging powerful AI models. On Microsoft platforms, AI data model options for information retrieval and custom engine agents offer varying levels of flexibility and control.

Agents focused on knowledge or information retrieval are built using tools like Microsoft Copilot Studio and operate on our pre-configured AI models and orchestrators, which are the software layers that manage and coordinate the execution of tasks and services across multiple systems. This approach simplifies development by eliminating the need for organizations to manage their own AI infrastructure, as these agents utilize the Copilot engine to handle prompts and leverage foundational models. Additionally, retrieval agents have native access to indexed Microsoft Graph data, such as SharePoint and OneDrive files, enhancing their integration capabilities.

{Find out how we’re unlocking deeper AI value at Microsoft with Microsoft 365 Copilot extensibility.}

In contrast, custom agents provide organizations with the ability to. integrate their own AI models, including models from Azure OpenAI or Azure AI Foundry These agents—built using tools like the Teams Toolkit, Azure AI, and Microsoft Copilot Studio—can be tailored to specific domains or workflows. This approach allows for the use of custom foundational models and orchestrators, enabling specialized experiences that align closely with their unique requirements. However, this increased flexibility necessitates a greater level of security and compliance oversight, as organizations are responsible for managing and maintaining their custom AI infrastructure. 

{Learn how we’re embracing this new ‘agentic’ moment at Microsoft.}

AI-ready data + Copilot

Microsoft Dynamics for Sales (MSX) and Microsoft Sales are our principal platforms for managing customer and sales data. MSX is the pipeline through which we manage the sales of Microsoft products. Microsoft 365 Copilot for Sales is already being used to improve the data quality and hygiene of MSX. Instead of sellers needing to manually update sales each month or clean up duplicate data, Copilot for Sales can do the work automatically, freeing employees to focus their time more strategically.

“There is a great opportunity for AI-ready data to help with data hygiene in tools like MSX and Microsoft Sales,” says Edith Dubuisson, senior business program manager for Employee Experience Success. “It can quickly organize account data to reflect the correct hierarchies and account parenting.”

Microsoft Sales is the database of all purchases from Microsoft. The amount of information is massive, and data quality is critical. Thanks to AI-ready data, in the future Copilot will assist with organizing the data associated with thousands of accounts, updating hierarchies and maintaining account contact information.

{See how we’re simplifying our sales with AI-powered Microsoft 365 Copilot for Sales.}

Accelerating corporate functions growth

All corporate functions are being asked to do more with less because they can no longer afford to grow operational costs linearly with top-line revenue or employee count. AI tools, powered by AI-ready data, will play a fundamental role in transforming corporate functions’ workflows while improving operational efficiency, user productivity, regulatory and corporate compliance, and data-driven decision making.

Human Resources agents will be empowered to summarize support cases, find answers to user inquiries, and craft email responses faster and more effectively using AI tools backed by AI ready data. Legal professionals in CELA will exploit AI-ready data within CELA’s workflows to provide swift access to legal findings by consolidating trusted knowledge assets across diverse data sources. Global Workplace Services (GWS), our facilities management team, will use AI-ready data to forecast occupancy and make real-estate portfolio recommendations based on complete and accurate information.

{Learn how AI is revolutionizing the way we support corporate functions at Microsoft.}

Democratizing access to enterprise data, powered by AI, is a strategic imperative for Microsoft. We’re focused on delivering a strong data culture that prioritizes data quality, infrastructure, and governance. Emphasizing AI-ready data to power our data and AI solutions ensures that Microsoft meets the needs of the company, customers, and employees.

Here are some tips for getting started with getting your data AI-ready:

• Identify and assign enterprise data owners to implement and oversee the processes that guarantee data quality.
• Verify and document existing data sources to understand where datasets need to be connected across domains.
• Ensure strategic governance by using tools like Microsoft Purview to focus on the origin, sensitivity, and lifecycle of your enterprise data.
• Enterprise data is one of your most valuable assets. Form a data council to help promote a data culture to ensure your data is AI-ready.

Ready to experience Microsoft 365 Copilot? Get started here.

• Learn more about Microsoft Purview and Microsoft Fabric.
• Discover how we’re transforming the employee experience at Microsoft with AI.
• Read our guide for deploying and driving adoption of Microsoft 365 Copilot.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Transforming our data culture with AI-ready data appeared first on Inside Track Blog.

When our employees look for content internally here at Microsoft, they go to Microsoft 365 Copilot Chat first. With Copilot Chat, they can easily get answers to questions, catch up on missed work, generate new ideas, and more by tapping into the work data that they have access to via Microsoft Graph.

An employee might ask, “Can you tell me how I can learn more about AI in health care and who the experts are in the company?”

Whether they ask in Microsoft Teams or another Microsoft 365 app, or right in their browser, they likely will get a helpful, accurate response very specific to the health care sector. The answer could refer to an AI industry PowerPoint presentation, articles on responsible AI strategies, Microsoft Research publications, or a list of employees who are experts on the topic.

But how does Copilot know how to reference the AI industry PowerPoint presentation for health care? How does it know which versions of the responsible AI strategies for health care articles to use? How does it identify experts in the company?

It’s because Copilot connects to all the content on the topic available through Microsoft Graph.

“Our internal Microsoft content is the content Copilot uses to generate its results,” says Dodd Willingham, a principal program manager and internal search administrator in Microsoft Digital, the IT organization at Microsoft. “How Copilot consumes and uses our content determines the success—or failure—of Copilot for our employees.”

Enabling useful results

When it comes to returning the right content with Copilot, context is key.

Copilot uses the capabilities of Microsoft Graph to power its AI-generated results. For Microsoft Digital—like most organizations—that includes the content our users store and work with in our Microsoft 365 tenant. Results from Copilot directly depend on the quality of the content it uses. There’s an enormous opportunity to increase the capabilities of Copilot-based solutions because the underlying content is of such high quality. We’re seizing that opportunity to get this right internally at Microsoft.

“You hear a lot of people talking about Copilot, but few address the importance of improving content quality,” says Stan Liu, a senior product manager and knowledge management lead with Microsoft Digital. “The quality of an organization’s content management must be considered in every implementation of Copilot, and we’re doing some great things at Microsoft Digital to ensure Copilot returns accurate, relevant, and up-to-date responses.”

It’s an exciting time to be in content management, and we’re excited to share how our team in Microsoft Digital has met and addressed the challenges of preparing our content for a bright future with Microsoft 365 Copilot.

Curating enterprise content for Microsoft 365 Copilot

There’s an urgency for organizations to bring advanced AI tools to their employees, but it must be done thoughtfully and with good intentions. One of the fundamental challenges in implementing generative AI technologies like Copilot is balancing the desire to move quickly with the need for caution with technology possessing potential risks that haven’t been fully revealed.

“A lot of what we do lies in managing our content in a way that aligns with company strategy, and Copilot isn’t any different in that respect,” says David Johnson, a tenant and compliance architect in Microsoft Digital who ensures that the company’s content is well governed. “It’s important that Microsoft employees understand why content management is important and how they can help do it well.”

To be effective, we must lean into our ongoing culture shift to embrace knowledge sharing. We’ve been fostering a knowledge-sharing culture at Microsoft for years, and our adoption of Copilot has magnified the importance of that culture and the need to continue driving awareness and education for Microsoft employees.

Liu and his team are prioritizing this culture transformation.

“You need to build and encourage a culture that embraces user-driven content management,” Liu says. “Teams that document their knowledge, follow a content lifecycle in their workflows, and manage content consistently across the company are contributing hugely to what we’re trying to accomplish.”

It’s a two-fold challenge that involves encouraging and supporting our employees in collaboration and sharing and ensuring that the tools they use—including Copilot—provide results they can trust and use confidently.

“We’ve set goals within our organization to make Copilot a daily habit,” Liu says. “Community engagement and participation is a significant part of Copilot adoption, and we’ve been identifying use cases and success stories across Microsoft to share as success stories to inspire our employees and encourage adoption and innovation.”

Next generation content management with SharePoint

Microsoft SharePoint is a critical part of our content management strategy to get the most out of Copilot. We’re using the AI capabilities in SharePoint to give employees access to simple and capable content management tools.

SharePoint helps our Microsoft Digital enterprise content team ensure the right capabilities are in place to help people manage content. Missing metadata is a common issue with content management, and SharePoint now makes it easier for users and administrators to add metadata and classify and organize content.

SharePoint now brings AI, automation, and added security to our content experiences, processing, and governance. The product delivers new ways to engage with our most critical content and prepare it for Copilot, helping us manage and protect it throughout its lifecycle.

Automating metadata extraction with document processing

The document processing capabilities in SharePoint simplify and automate the process of extracting important information from existing content. Liu’s team helped deploy the document processing capabilities across Microsoft to enable teams to automate processing of important content, such as contracts, invoices, and statements of work.

Document processing uses machine learning models to recognize documents and the structured information within them. Using optical character recognition (OCR) combined with deep learning models, it identifies and extracts predefined text and data fields common to specific document types, including contracts, invoices, and receipts. It also supports the detection and extraction of sensitive data such as personal and financial identification.

Liu’s team is using prebuilt and custom document processing models to automatically populate metadata columns in SharePoint for many different document types. The metadata this processing provides improves search and creates a more complete understanding of what the files contain, so Copilot can recognize and return relevant information that was previously incomplete or unavailable.

“We’re capturing information across a plethora of documents automatically and almost none of it was recorded previously,” Liu says. “Some of our business groups were entering the metadata manually, but it was a time-consuming and expensive process. For most documents, it just wasn’t done. It’s a massive difference-maker in finding information about a specific contract or invoice that would have been close to impossible. By combining SharePoint with the power of Copilot, it’s a simple question away.”

Standardizing content creation with content assembly

Liu’s team enabled the content assembly feature of SharePoint across the company to simplify document creation and ensure that new documents follow metadata and structure guidelines.

Content assembly creates modern templates that can be easily maintained and used to generate repetitive documents quickly. This feature is particularly useful for departments like finance, where templates for partner letters or contracts are frequently needed. By using content assembly, teams can reduce the time spent on template management and document generation, as it allows for the creation of documents with just the key parts needing changes.

While the time-saving benefits of content assembly don’t directly affect Copilot results, they do encourage users to create better documents, eliminating the need to rewrite entire documents or repeatedly upload the same document. These documents—created using modern templates—are significantly more discoverable and classifiable and lead to more authoritative answers in Copilot.

Taxonomy tagging

Liu oversees a team that has been managing the company’s corporate taxonomy in the SharePoint term store for many years, maintaining a hierarchy of terms that can be reused throughout the SharePoint environment. The term store helps ensure that SharePoint metadata is consistent across the organization, and it provides employees with a standard set of choices when populating commonly used metadata such as products, job roles, or departments.

Taxonomy tagging in SharePoint automatically tags documents in SharePoint libraries with terms configured in the term store using AI. As at other companies, we face the ongoing challenge of getting employees to tag content. Most times, even when you have managed metadata set up in your document library, employees often don’t use it. This means the content is never further enriched with that metadata.

With taxonomy tagging, you set it and forget it. Uploaded content is automatically tagged, which does the job that a person would typically do, but often never does. This automated process ensures that documents get one or more metadata columns populated with standard terms from the term store based on the document content. This leads to more complete metadata for documents and more authoritative results for Copilot results when referencing data in those documents.

Using generative AI to help generative AI with autofill columns

Autofill columns in SharePoint takes content management to the next level by harnessing AI LLMs to automatically extract, summarize, and generate content from files uploaded to your SharePoint document library. This feature allows users to set up a simple natural language prompt on a column in SharePoint that extracts specific information or generates content from files. The extracted information is then displayed in the columns of the library, making it easier to manage and analyze data.

Liu has a lot to say about how his team is transforming document processing with autofill columns in SharePoint.

“Autofill columns are a game-changer for enhancing productivity in Copilot,” Liu says. “They also ensure that our documents have the necessary context for efficient retrieval and use. Autofill’s impact on our metadata within SharePoint document libraries is huge.”

Teams within Microsoft have started setting up new and existing columns with prompts to identify the types of information to extract from a file. These prompts can be customized and tested to ensure that they provide the desired results. After the autofill columns are set up, any new files uploaded to the library are automatically processed (and existing documents can be manually processed), and the result of the prompt is saved to the corresponding columns.

This approach not only streamlines document processing workflows but also enhances the overall efficiency and accuracy of their data management practices, making Copilot even more powerful and effective.

Continuing to grow with SharePoint

Liu’s team continues to drive SharePoint as a crucial part of their content management toolkit.

“We’re seeing immediate and significant benefits from using SharePoint and its AI features to manage our content,” Liu says. “In the first half of 2024, we estimated that our employees saved more than 120,000 hours in processing documents, pages, and images across the company for over 1,000,000 content items in our environment. It’s a great start, and we’re targeting even greater improvements across more content soon.”

Protecting content with Microsoft Purview Information Protection

Microsoft Purview Information Protection provides a wide range of content governance capabilities that help us discover, classify, and protect sensitive information wherever it stays or moves in the Microsoft tenant.

We use Purview Information Protection tools to identify sensitive content using expressions, functions, and trainable classifiers. With these tools, our enterprise data teams and employees can use corroborative evidence like keywords, confidence levels, and proximity to identify sensitive information types. They can also use examples of sensitive content to train recognition engines on expected patterns. All of this helps to better inform Copilot regarding the relevance of our Microsoft 365 content.

We use sensitivity labels in Purview to apply flexible protection actions that include encryption, access restrictions, and visual markings. This capability ties in nicely with SharePoint, which also uses and applies sensitivity labels.

Purview sensitivity labels provide a single labeling solution across apps, services, and devices to protect content as it travels inside and outside our organization. Purview sensitivity labels can be applied to Microsoft Office documents, third-party document types, meetings, chats, and the broader Microsoft 365 environment.

The sensitivity labels that we use to protect our content are recognized and used by Copilot to provide an extra layer of protection. For example, in Copilot Chat conversations, which can reference content from different types of items, the sensitivity label with the highest priority (typically, the most restrictive label) is visible to users. If the labels apply encryption from Microsoft Purview Information Protection, Copilot checks the usage rights for the user and only returns content that the user has access rights to.

Looking forward

Our enterprise content management transformation is ongoing. Our teams are looking at new content management capabilities across the company to ensure Copilot continues to provide current, accurate, and relevant results for our employees.

We’re continually evaluating our enterprise content management to identify new ways to create a Copilot-assisted workday for Microsoft employees. We’re also evaluating new technology, organizational practices, and industry standards as we strive to set the standard for how an organization can capture maximum value from its content using Copilot.

We’re currently working with the SharePoint product team to grow the AI-based capabilities for content management and classification. We’re experimenting with our own solutions and capabilities in SharePoint that will lead to the next generation of AI-supporting features that drive innovation and creativity here at Microsoft and for our customers.

Are you looking to prepare your enterprise content for Copilot and AI? Here are a few suggestions:

• Pursue content quality. Ensure that the content is current, accurate, and relevant. This is crucial for Copilot to provide authoritative answers and maintain user trust.
• Promote knowledge sharing. Foster a culture of knowledge sharing within the organization. Encourage teams to document their knowledge, follow a content lifecycle in their workflows, and manage content consistently across the company.
• Use SharePoint. The AI capabilities in SharePoint can help you simplify and automate content management processes.
• Implement Purview Information Protection Use Purview Information Protection tools to apply sensitivity labels to ensure content is protected as it travels inside and outside the organization.
• Prepare for future enhancements. Stay updated with ongoing transformations in enterprise content management and Copilot capabilities.

Try Microsoft 365 Copilot.

• Here’s how you can get started with Microsoft SharePoint.
• Learn how AI is already changing work—including here at Microsoft.
• Explore Microsoft Purview.
• Check out how we’re reimagining content management at Microsoft with SharePoint.
• Discover getting to ‘search completeness’ internally at Microsoft.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Boosting Microsoft 365 Copilot Chat with smart enterprise content management appeared first on Inside Track Blog.

This article is the first in a series dedicated to showing how our team in Microsoft Digital, Microsoft’s internal IT organization, is collaborating with our internal partners to use AI to accelerate growth and radically improve operational efficiencies, specifically for corporate functions such as HR, legal, and real estate. The hope is that by providing concrete examples and outcomes, we can provide our customers with inspiration, a blueprint, and in some cases, a solution, to do the same.

Within Microsoft Digital, the organization that powers, protects, and transforms the digital experience here at Microsoft, we have the pleasure of working day in and day out with our corporate function partners across the company. From HR and legal, to our real estate team, all are being asked to do more with less, with a focus on keeping operational costs down while maintaining or improving productivity. As a partner to these organizations, it’s our job to find ways to allow them to do just that!

“With AI, we have so many new ways to innovate. We have incredible potential to make our corporate functions more efficient and impactful.”

Patrice Pelland, partner software group engineering manager, Microsoft Digital

And we’re sure it comes as no surprise that AI has been at the center of all this, playing a fundamental role in transforming business workflows while improving operational efficiency, user productivity, regulatory and corporate compliance, and data-driven decision making.

Over the last year, we’ve seen how it can revolutionize the way our internal corporate functions operate by automating repetitive and time-consuming operational tasks. Let’s look at our internal project, an AI-powered document lifecycle management platform, as one of the first examples of this. 

“With AI, we have so many new ways to innovate. From saving valuable time for our legal professionals, to optimizing building occupancy, to helping our HR professionals support employees in the hybrid workplace, to enabling many self-service experiences for our employees; we have incredible potential to make our corporate functions more efficient and impactful,” says Patrice Pelland, a partner software group engineering manager for HR & CELA in Microsoft Digital.

Document management gets a major makeover

Our new AI-powered platform aims to empower our corporate functions teams by revolutionizing end-to-end document management. From crafting templates, authoring documents, and facilitating collaboration to orchestrating seamless workflows, offering secure storage, and managing records, this system uses AI enriched capabilities to bring operational efficiencies, reduce costs, and ensure accurate compliance to any document-based process.

“This platform was developed to address the critical need for end-to-end document management across various verticals within Microsoft,” says Mohit Chand, a principal group engineering manager in Microsoft Digital. “It was created to streamline processes like digitizing documents and address the common pain points that typically makes this activity take months to complete.”

The Microsoft Digital team set out to develop the document lifecycle management platform with six core principles in mind:

1. Automation empowerment: Automate document management to enhance productivity and efficiency.
2. Seamless integration: Integrate with Microsoft 365 and Azure for a seamless user experience.
3. AI-driven innovation: Use cutting-edge AI technology to enhance functionalities in search and analysis.
4. User-centric design: Focus on intuitive interfaces that simplify complex functionalities.
5. Scalable flexibility: Adapt to the needs of different organization sizes and processes.
6. Cost efficiency: Reduce operational costs through optimized document processes.

Transforming our document lifecycle

“Our intention after aligning on the core principles and key platform capabilities was to reduce the digitization process from three to six months to less than fourteen days. It was a North Star goal that I’m happy to say has now been achieved for all of our onboarded processes thus far.”

Andrew Voss, senior product manager, Microsoft Digital

The team used Microsoft 365, Azure Open AI, Azure Cognitive Services, and Microsoft Purview to create the following system capabilities:

• Template digitization and management: Digitize and manage templates by creating and modifying snippets and operational data fields.
• Secure and controlled editing: Easily manage and update templates and snippets with controlled workflows to ensure only approved and published templates are used.
• Efficient document drafting: Start with standard templates and dynamically assemble documents, incorporating required metadata and content snippets seamlessly in Word.
• Streamlined approval processes: Automate review and approval workflows, integrate eSignatures, and keep everyone updated with real-time notifications and status changes.
• Smart ingestion and storage: Automatically ingest documents, perform validation checks, and securely store them while keeping track of all changes and updates.
• Intelligent content analysis: Extract and use metadata and content snippets for enhanced document classification, improving search capabilities and document retrieval using both keyword and natural language processing (NLP) techniques.
• Automated compliance enforcement: Apply retention labels, manage document lifecycles, and enforce policies to ensure compliance with legal and regulatory standards.

“Our intention after aligning on the core principles and key platform capabilities was to reduce the digitization process from three to six months to less than fourteen days,” says Andrew Voss, a senior product manager in Microsoft Digital. “It was a North Star goal that I’m happy to say has now been achieved for all of our onboarded processes thus far.”

No gaming around: The results speak volumes

One of the first internal organizations to put the new platform to the test was Xbox. They were looking to automate one of their most frequent contract types, a critical process for onboarding new games into the Xbox ecosystem.

Historically this process was done manually, involving non-digitized templates and redundant data entry across multiple systems. The process typically consumed about 1,800 hours of staff time annually.

“Our collaboration with Xbox showcases the effectiveness of this solution for optimizing complex business processes. As Xbox continues to expand their use across a wider range of contract types, we are committed to introducing new technical advancements that will contribute to the platform’s growing autonomy, adaptability, and sophistication.”

Alpa Jain, senior product manager, Microsoft Digital

This manual contract creation process was more than just time-consuming; it could also be error-prone, significantly delaying the onboarding of new content and impacting service level agreements (SLAs).

In fact, the solution has saved the Xbox team over 1,600 hours resulting in an 88% time savings in the contract generation process, reducing the time it takes for these contracts from 1,800 hours to just 158 hours annually!

“The amount of business impact and return on investment that we’ve been able to deliver by partnering with the Microsoft Digital team has been outstanding,” says Hoss Hostetler, a senior service engineer in Xbox. “The ability to automate initial contract generation from configured templates through to sending out signatures and getting notified of fully signed contracts via application programming interfaces (APIs) has been absolutely game-changing for our team.”

Xbox has been so encouraged by the initial outcome of their results that they are preparing to extend the solution to automate two more of their standard contracts. By doing this, the team is anticipating an additional 600+ hours per year in time savings.

“Our collaboration with Xbox showcases the effectiveness of this solution for optimizing complex business processes,” says Alpa Jain, a senior product manager in Microsoft Digital. “As Xbox continues to expand their use across a wider range of contract types, we are committed to introducing new technical advancements that will contribute to the platform’s growing autonomy, adaptability, and sophistication.”

Making its way to our customers through SharePoint Premium

While the AI-powered platform started as an end-to-end document management solution for our internal Microsoft Corporate Functions teams, many of its capabilities will be showing up in SharePoint Premium. 

“This represents a unique case where Microsoft Digital, as Customer Zero, developed a product to solve the needs and challenges that our internal corporate function customers face, and that solution is now being incorporated into an external customer-facing product.”

Bidyadhar Patra, principal software engineering manager, Microsoft Digital

SharePoint Premium is Microsoft’s advanced content management and experiences platform for customers and brings AI, automation, and added security to content experiences, processing, and governance.

This collaboration with the SharePoint team exemplifies Microsoft Digital’s internal innovation being leveraged for external product development. The transfer of knowledge, capabilities, and insights from the internal document management product and Microsoft Digital team is sure to make the SharePoint Premium product much more effective for our customers from the get-go.

“This represents a unique case where Microsoft Digital, as Customer Zero, developed a product to solve the needs and challenges that our internal corporate function customers face, and that solution is now being incorporated into an external customer-facing product,” says Bidyadhar Patra, a principal software engineering manager in Microsoft Digital. “For us, this approach highlights a new way of leveraging internal needs for broader product development.”

Key takeaways

Here are some points to keep in mind as you contemplate transforming your content lifecycle with AI at your company:

• AI is accelerating corporate functions growth across HR, legal, and real estate through operational efficiency, automated compliance, data-driven insights, and productivity for individuals. 
• By using AI and natural language processing, corporate function leaders can digitize templates for any business process, streamline reviews with AI-assisted analysis, and more easily govern their documents, with considerable time savings. The document lifecycle management platform, developed within Microsoft Digital, is a great example of this.
• Don’t fall behind when it comes to AI. The time is now to start experimenting with and using these technologies to improve business results and maximize return on investment.

Try it out

Get started with Microsoft SharePoint today.

Related links

• Learn how we’re reimagining content management at Microsoft with SharePoint.
• Read how we’re supercharging our SharePoint sites at Microsoft with Microsoft 365 Copilot.
• Check out how we’re empowering employee self-service with guardrails with sensitivity labels.
• Explore how we’re leveraging the power of AI agents to improve employee self-service at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post AI is revolutionizing the way we support corporate functions at Microsoft appeared first on Inside Track Blog.

With more than 600 physical worksites around the world, Microsoft has one of the largest network infrastructure footprints on the planet.

Managing the thousands of devices that keep those locations connected demands constant attention from a global team of network engineers. It’s their job to monitor and maintain those devices. And when outages occur, they lead the charge to repair and remediate the situation.

To support their work, our Real Time Telemetry team at Microsoft Digital, the company’s IT organization, has introduced new capabilities that help engineers identify network device outages and capture data faster and more extensively than ever before. Through real-time telemetry, network engineers can isolate and remediate issues in minutes—not hours—to keep their colleagues productive and our technology running smoothly.

Immediacy is everything

Conventional network monitoring uses the Simple Network Management Protocol (SNMP) architecture, which retrieves network telemetry through periodic, pull-based polls and other legacy technologies. At Microsoft, that polling interval typically ranges between five minutes and six hours.

SNMP is a foundational telemetry architecture with decades of legacy. It’s ubiquitous, but it doesn’t allow for the most up-to-date data possible.

“The biggest pain point we’ve always heard from network engineers is latency in the data,” says Astha Sinha, senior product manager for the Infrastructure and Engineering Services team in Microsoft Digital. “When data is stale, engineers can’t react quickly to outages, and that has implications for security and productivity.”

Serious vulnerabilities and liabilities arise when a network device outage occurs. But because of lags between polling intervals, a network engineer might not receive information or alerts about the situation until long after it happens.

We assembled the Real Time Telemetry team as part of our Infrastructure and Engineering Services to close that gap.

“We build the tools and automations that network engineers use to better manage their networks,” says Martin O’Flaherty, principal product manager for the Infrastructure and Engineering Services team in Microsoft Digital. “To do that, we need to make sure they have the right signals as early and as consistently as possible.”

The technology that powers these possibilities is known as streaming telemetry. It relies on network devices compatible with the more modern gRPC Network Management Interface (gNMI) telemetry protocol and other technologies to support a push-based approach to network monitoring where network devices stream data constantly.

This architecture isn’t new, but our team is scaling and programmatizing how that data becomes available by creating a real-time telemetry apparatus that collects, stores, and delivers network information to service engineers. These capabilities offer several benefits.

The advantages of real-time network device telemetry

“Devices are proactively sending data without having to wait for requests, so they function more efficiently and facilitate timely troubleshooting and optimization,” says Abhijit Vijay, principal software engineering manager with the Infrastructure and Engineering Services team in Microsoft Digital. “Since this approach pushes data continuously rather than at specific intervals, it also reduces the additional network traffic and scales better in larger, more complex environments.

At any given time, Microsoft operates 25,000 to 30,000 network devices, managed by engineers working across 10 different service lines. Accounting for all their needs while keeping data collection manageable and efficient requires extensive collaboration and prioritization.

We also had to account for compatibility. With so many network devices in operation, replacement lifecycles vary. Not all of them are currently gNMI-compatible.

Working with our service lines, we identified the use cases that would provide the best possible ROI, largely based on where we would find the greatest benefits for security and where networks offered a meaningful number of gNMI-compatible devices. We also zeroed in on the types of data that would be the most broadly useful. Being selective helped us preserve resources and avoid overwhelming engineers with too much data.

We built our internal solution entirely using Azure components, including Azure Functions and Azure Kubernetes Service (AKS), Azure Cosmos DB, Redis, and Azure Data Lake. The result is a platform that network engineers can use to access real-time telemetry data.

With key service lines, use cases, and a base of technology in place, we worked with network engineers to onboard the relevant devices. From there, their service lines were free to experiment with our solution on real-world incidents.

Better response times, greater network reliability

Service lines are already experiencing big wins.

In one case, a heating and cooling system went offline for a building in the company’s Millennium Campus in Redmond, Washington. A lack of environmental management has the potential to cause structural damage to buildings if left unchecked, so it was important to resolve this issue as quickly as possible. The service line for wired onsite connections sprang into action as soon as they received a network support ticket.

With real-time telemetry enabled, the team created a Kusto query to compare DOT1X access-session data for the day of the outage with a period before the outage started. Almost immediately, they spotted problematic VLAN switching, including the exact time and duration of the outage. By correlating the timestamps, they determined that the RADIUS registrations of the device owner had expired, which caused the devices to switch into the guest network as part of the zero-trust network implementation.

As a result, the team was able to resolve the registration issues and restore the heating and cooling systems in 10 minutes—a process that might have taken hours using other collection methods due to the lag-time between polling intervals.

“This has the potential to improve alerting, reduce outages, and enhance security,” says Daniel Menten, senior cloud network engineer for site infrastructure management on the Site Wired team. “One of the benefits of real-time telemetry is that it lets us capture information that wasn’t previously available—or that we received too slowly to take action.”

It’s about speeding up how we identify issues and how we then respond to them.  

“With this level of observability, engineers that monitor issues and outages benefit from enhanced experiences,” says Aayush Dave, a product manager on the Infrastructure and Engineering Services team in Microsoft Digital. “And that’s going to make our network more reliable and performant in a world where security issues and outages can have a global impact.”

The future is in real time

Now that real-time telemetry has demonstrated its value, our efforts are focused on broadening and deepening the experience.

“More devices mean more impact,” Dave says. “By increasing the number of network devices that facilitate real-time telemetry, we’re giving our engineers the tools to accelerate their response to these incidents and outages, all leading to enhanced performance and a more robust network reliability posture.”

It’s also about layering on new ways of accessing and using the data.

We’ve just released a preview UI that provides a quick look at essential data, as well as an all-up view of devices in an engineer’s service line. This dashboard will enable a self-service model that makes it even easier to isolate essential telemetry without the need for engineers to create or integrate their own interfaces.

That kind of observability isn’t only about outages. It also enables optimization by helping engineers understand and influence how devices work together.

The depth and quality of real-time telemetry data also provides a wealth of information for training AI models. With enough data spread across enough devices, predictive analysis might be able to provide preemptive alerts when the kinds of network signals that tend to accompany outages appear.

“We’re paving the way for an AIOps future where the system won’t just predict potential issues, but initiate self-healing actions,” says Rob Beneson, partner director of software engineering on the Infrastructure and Engineering Services team in Microsoft Digital.

It’s work that aligns with our company mission.

“This transformation is enhancing our internal user experience and maintaining the network connectivity that’s critical for our ultimate goal,” Beneson says. “We want to empower every person and organization on the planet to achieve more.”

Here are some tips for getting started with real-time telemetry at your company:

• Start with your users. Ask them about pain points, what scares them, and what they need.
• Start small and go step by step to get the core architecture in place, then work up to the glossier UI and UX elements.
• Be mindful of onboarding challenges like bugs in vendor hardware and software, especially around security controls.
• You’ll find plenty of edge cases and code fails, so be prepared to invest in revisiting challenges and fixing problems that arise.
• Make sure you have a use case and a problem to solve. Have a plan to guide your adoption and use before you turn on real-time telemetry.
• Make sure you have the proper data infrastructure in place and an apparatus for storing your data.
• Communicate and demonstrate the value of this solution to the teams who need to invest resources into onboarding it.
• Prioritize visibility into the devices and data you’ve onboarded through pilots and hero scenarios, then scale onboarding further according to your teams’ needs.
• Integrate as much as possible. Consider visualizations and pushing into existing network graphs and tools to surface data where engineers already work.

Learn more about Microsoft Azure Kubernetes Service monitoring and Microsoft Azure Functions.

• Learn more about implementing Microsoft Azure cost optimization internally at Microsoft.
• Find out how we’re moving our network to the cloud with Microsoft Azure.
• Check out how we’re using AI to reinvent network security at Microsoft.
• Explore how we’re enhancing network reliability with AIOps and Network Infrastructure Copilot.

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Finding and fixing network outages in minutes—not hours—with real-time telemetry at Microsoft appeared first on Inside Track Blog.