At Microsoft, Windows 11 has been powering the 225,000 devices our employees and vendors use to do their work since it was released in the fall of 2021. Since then, the addition of many new features and the integration of AI have made it even more useful to us.

Like other enterprises, we’re benefitting from how AI is being woven into every part of the technology sector, including with Windows, where we’re using Copilot+ PCs, Microsoft 365 Copilot, and the rest of the broad range of AI-powered tools and features that we’re using across the company to get more out of our longtime, signature operating system today, while also preparing for how it will continue to power everything we do in the future.

According to our 2024 Work Trend Index (WTI) annual report, 79% of US business leaders believe their company needs to adopt AI to remain competitive. Yet, the numbers suggest that those that are just now starting to get ready for AI are already behind. Users say AI is saving them time now (90%), allowing them to focus on their work (85%, be more creative (84%), and enjoy their work more (83%).

The AI era is already here, and organizations must seize every opportunity to catch up and get ready for the future.

At Microsoft Digital, our internal IT organization, we’re harnessing Windows 11 and Copilot+ PCs to give our business and our employees a foundation to build on for future developments in AI. AI interactions are happening at the desktop, in the browser, across apps, and, with Windows 11 and Copilot+ PCs, right in the local operating system.

With Windows 10 end-of-support approaching in October 2025, every organization needs to assess their PC inventory and create a plan to move forward. Outdated PCs put users and businesses at risk, and the security and functionality updates that come with Windows 11 provide the best protection and productivity for Microsoft customers.

Learning from our own deployment of Windows 11

Our own first internal rollout of Windows 11 was the smoothest and quickest operating system upgrade in the history of the company. During the key phase of the rollout, we deployed Microsoft 11 to more than 190,000 devices in five weeks.

Starting small and growing from there is an essential part of the way we deploy any solution or tool, Windows 11 included.

“We followed a ring-based approach, which is pretty typical,” says Markus Gonis, a service engineer and deployment lead with Microsoft Digital. “The initial feature testing happened with a small group of Microsoft Digital users who were close to the feature sets and understood their key implications.”

The testing team subjected Windows 11 to an initial test process to ensure it met our organization’s internal standards, the same standards that we apply to any new software or solution, whether it was developed by Microsoft or by another provider.

Following initial testing, we deployed Windows 11 to a small, specifically selected proof of concept group to ensure that its overall functionality met our expectations and requirements. Pilot-testing followed, and then full implementation. This phased approach ensured that any potential issues were identified and addressed early, and that we could perform the majority of the deployment with few issues.

“We had a minimal number of standard incidents, and no major incidents reported through support channels directly related to the Windows 11 update nor the deployment itself,” Gonis says. “Despite the complexities of hardware eligibility and app compatibility with a new operating system being a typical challenge, we were able to execute the deployment with minimal disruption.”

Moving forward with deploying subsequent versions of Windows 11, we have refined the deployment process to include many more devices, now exceeding 225,000 with the 24H2 update, both by having users update their devices on their own and through pushed deployment.

Improving deployment with Windows Autopatch

The deployment process used several new features, including Windows Autopatch (which now includes Windows Update for Business).

“Windows Autopatch has been a game-changer for us,” says Harshitha Digumarthi, a senior product manager at Microsoft Digital. “It allows us to manage our updates more effectively and to ensure our devices are running the latest and most secure versions of Windows.”

Digumarthi’s team used Windows Autopatch to manage and control Windows 11 updates throughout the deployment. By using device group membership and a few deployment parameters, they had full control over when and how they deployed major updates to the entire organization. This approach allowed for a more streamlined and efficient update process, ensuring our devices received the updates without causing disruptions.

The team also integrated Windows Autopatch into the deployment process to further enhance the efficiency of updates. This feature keeps our devices patched and up to date, reducing the need for manual intervention as it reinforces our security posture and Zero Trust strategy.

Deploying Windows 11 with security and compliance

Feature testing, especially new features included in later builds, is an important part of the ongoing security and compliance practices at Microsoft Digital.

“When a new feature comes out, we need to ensure that we can deploy and govern it securely,” says Yulia Evgrafova, a principal security engineer with Microsoft Digital. Her team helps to ensure new features are ready for enterprise deployment at Microsoft.

Evgrafova points out the extra responsibility and privilege that comes with testing Microsoft products.

“With Windows 11, it’s a Microsoft product, but we’re also using that product as a customer,” Evgrafova says. “We call ourselves Customer Zero.”

Our Customer Zero relationship at Microsoft is a special one.

We in Microsoft Digital usually adopt products like Windows 11 before any other customer. Then, as part of the relationship, we test, use, and offer feedback on the product. It’s an internal feedback mechanism that we use for most of our products, and it leads to better, more complete products that are enterprise tested and enterprise ready.

“Our feature testing is comprehensive,” Evgrafova says. “We start with the basics: what is the scope of this feature and what’s the enterprise readiness of this feature for the rollout? Our goal is to understand not only the immediate risks that a feature might pose, but also the potential risks of that feature as it matures.”

However, deploying Windows 11 wasn’t simply testing and upgrading the operating system on existing hardware.

Windows 11 has specific hardware requirements, which meant not every device at Microsoft would be part of the deployment. Most of our devices were eligible, but communicating hardware requirements was an early step.

“Communicating with our employees about the requirements and how we would handle new devices was important,” Gonis says. “Since Windows 10 and Windows 11 can be managed side-by-side with no additional overhead, we could co-manage both upgraded and non-upgraded devices until all the older Windows 10 devices were replaced.”

Replacing Windows 10 devices with new hardware created an opportunity for us to examine our hardware refresh policy, assess the hardware options, and finally make Copilot+ PCs our device refresh of choice.

Turning to Copilot+ PCs

Integrating Copilot+ PCs into the mix was a very natural next step for us.

“Copilot+ PCs were the obvious choice to replace unsupported Windows 10 hardware,” says Pandurang Savagur, a senior product manager with Microsoft Digital. “Copilot+ PCs bring an entirely new level of hardware support and acceleration of Windows 11 capabilities, in AI and beyond.”

Copilot+ PCs offer a new hardware feature set that goes beyond the traditional PC. Those features are headlined by the neural processing unit (NPU) present in every Copilot+ PC.

Neural Processing Units (NPUs) have become a crucial component in modern computing, especially with the advent of AI-driven applications. Initially, devices like the Microsoft Surface Laptop Studio Two were introduced with NPUs primarily for Windows Studio effects. These NPUs offloaded processing tasks from the CPU, enhancing device performance and battery life.

With the introduction of Copilot+ PCs, the role of NPUs has expanded significantly. Copilot+ PCs can run AI features and processing locally on the device, using the NPU. The NPUs in these devices enable faster and more efficient on-device AI processing (they support over 40 TOPS, which means they can perform more than 40 trillion operations per second). For instance, tasks like natural language translation and generative AI features can be processed locally, reducing the need for cloud-based processing and accelerating processing times.

Built-in features that support NPU offloading are coming to Windows 11, including improved Windows search, across local and cloud-based files. With improved Windows search, Windows 11 will be able to use NPU-powered search capabilities to understand the context of each file, including contents, and return more accurate and complete results.

There is now no need to remember file names, settings locations, or even worry about spelling; just type your thoughts to find what you need on a Copilot+ PC. You can even locate photos in OneDrive by describing their content in the same way. With the over 40 TOPS NPU in Copilot+ PCs, it works even when you’re not connected to the internet. Improved search will initially be available in File Explorer and will later extend to Windows Search and Windows Settings. This means searches in Windows 11 for files will become faster and more intelligent.

Copilot+ PCs also will make Microsoft 365 Copilot better. Microsoft 365 apps will soon be able to use the NPU for AI-based tasks, so the same Microsoft 365 Copilot capabilities that work in the cloud also will be available offline and with lower latency.

This also happens in apps that might surprise you. For example, Microsoft Teams has several AI-based features including face tracking and voice isolation that can use the NPU directly, freeing up CPU resources, increasing performance, and improving battery life.

Boosting ARM-based Windows 11 mobility

We’ve found significant performance improvements from NPU integration, especially from ARM Copilot+ PCs. The reduction in CPU usage has provided significantly better overall performance across Windows 11. Many of our users with ARM-based Windows 11 devices are reporting battery life exceeding 20-22 hours of active usage.

Other benefits of the ARM-based Windows 11 Copilot+ PCs include cellular data connection, providing continuous network connectivity for a new generation of ultra mobile Windows laptops. ARM-based Windows 11 devices also support instant-on power capability, just like your mobile phone or tablet.

Our employees are seeing huge benefits.

“Windows 11 Copilot+ PCs have been a huge difference-maker for our employees,” Gonis says. “Their laptops have become truly mobile devices, and it changes how they use them and where they can take them.”

The deployment of Copilot+ PCs has also highlighted the importance of app compatibility. While many apps that we use run natively on ARM-based devices—including Microsoft 365 and a large percentage of our first party apps—some still use x64 emulation. We’re working to achieve 100 percent compatibility by the end of 2025, ensuring that all our tools can fully take advantage of the capabilities of NPUs and the ARM platform.

It’s a bright feature for hybrid AI, and we’re ready for it with Windows 11 Copilot+ PCs.

Looking forward

We’re continually evaluating and implementing new Windows 11 features as they come available in each release. We’re currently testing hotpatching in Windows 11 to allow updates without system reboots. We aim to reduce the number of required reboots to one per quarter, improving efficiency and maintaining system stability.

We’re also testing the Recall experience. Recall creates an explorable timeline of a Windows 11 PC’s past using snapshots and natural language queries. It helps users find past content on their PC by responding to natural language prompts with images, text, or even the exact location of the item you’re searching for.

Of course, we’re excited about the next generation of Copilot+ PCs and the hardware and software improvements coming to Windows 11. As AI continues its rapid evolution, we’ll be working alongside the Windows 11 team to bring advancements in productivity, accessibility, and security.

We believe that hybrid AI is the future and Windows 11 with Copilot+ PCs is the platform that will support it.

Here are some tips on getting started evolving your Windows ecosystem with Copilot+ PCs:

• Adopt Copilot+ PCs as the hardware platform of choice for Windows 11 devices.
• Explore the enhanced performance and battery life of ARM-based Windows 11 Copilot+ PCs.
• Use Windows Autopatch to manage your Windows 11 deployment.
• Consider the benefits of upcoming Windows 11 features, such as Hotpatch for Windows and Recall for improved efficiency and user experience.

Prepare to deploy Windows 11 at your company.

• Learn more about how hardware-backed Windows 11 is empowering us with secure-by-default baseline.
• Look back at our deployment of Windows 11 at Microsoft.
• Check out how we’re boosting Business Chat in Microsoft 365 Copilot with smart enterprise content management.

• Want more information? Email us and include a link to this story and we’ll get back to you.
• Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post AI in action: Unpacking our internal journey with Windows 11 and Copilot+ PCs appeared first on Inside Track Blog.

Underneath those broad strokes, we serve very specific, complex customers.

One set of such customers is in the federal sector, where the specific regulatory requirements of sovereign entities—such as the Department of Defense (DoD) in the US—require that we create highly secure environments that adhere to the Cybersecurity Maturity Model Certification (CMMC) standard. (CMMC is an intermediate cybersecurity certification for defense contractors that focuses on protecting controlled unclassified information through enhanced cyber hygiene practices.)

Building environments that meet the CMMC standard presents unique opportunities and challenges, especially when it comes to managing complex collaboration scenarios at scale while also ensuring the security of our customers’ confidential information.

To help us get this right, we build environments for our customers that employ our Zero Trust security model, which means operating on a “never trust, always verify” principle. This enables us to deliver secure platform tools, networks, elastic computing, and storage options. It also helps provide our customers with better collaboration and business operations tools.

This works for governments, their military and intelligence agencies, and goes beyond the high standards of our usual customers.

To specifically address these unique needs within Microsoft, we have created a specialized IT environment, called the Federal Government Operating Environment or Microsoft FedNet. Powered by Azure for Government and Microsoft 365 Government, this environment is carefully designed to match the complex requirements of our US Federal and US Defense Industrial Base clients.

Serving as Customer Zero

In this story, we’ll explain some of the unique challenges we faced internally as we implemented this “company within a company” to allow our employees to work easily across both our traditional corporate environment (CorpNet) and the more highly regulated environment (FedNet) that we use to support our US Federal customers.

We have a strong value around being Customer Zero for our products, so much so that we implement them the way we would suggest our customers use them, so we can experience the customer reality firsthand. While living on the edge of this innovation knife can be unsettling at times, it allows us to be first to encounter challenges our customers might face. As such, we become a valuable feedback loop back to our product teams, which speeds up the innovation cycle and lowers barriers to entry for actual customers.

It was absolutely essential that we deliver a product for our federal customers that met or exceeded the experience that our own team expected. This is the critical benefit of our Customer Zero approach to engineering—we live and breathe the product long before it reaches an external user. That gives us time to explore and refine the customer experience to be as good as can be.

— Jason Zander, executive vice president, Strategic Missions and Technologies

Cross function, cross company

At Microsoft, our commitment to creating a dedicated environment for highly regulated workloads was not just about establishing a separate space; it was about embodying a cloud-first and deeply integrated approach across our entire business spectrum. This strategic decision was pivotal in aligning our expansive scale with the nuanced demands of compliance-focused sectors.

To get this right, our comprehensive, multi-disciplinary strategy coalesced around rethinking our sales pipeline management, financial systems, modernizing commerce tools, refining our support services, and evolving our internal engineering practices. This cross-organizational synergy was crucial to ensure that every aspect of our business supported and benefited from this new initiative.

“It was absolutely essential that we deliver a product for our federal customers that met or exceeded the experience that our own team expected,” says Jason Zander, our executive vice president of Strategic Missions and Technologies. “This is the critical benefit of our Customer Zero approach to engineering—we live and breathe the product long before it reaches an external user. That gives us time to explore and refine the customer experience to be as good as can be.”

Embracing a growth mindset, we aimed to merge the insights gained from operating a $3 trillion-dollar company with our profound understanding of servicing compliance-intensive customers. This fusion of scale and specialization was geared not only toward meeting existing needs but also toward innovating in novel and impactful ways.

Our workday began by signing in to this secure environment, using Microsoft 365 applications for our daily tasks, and collaborating through Teams. This wasn’t just a separate project; it was a complete shift in our work environment. We effectively isolated ourselves within a secure bubble, distinct from the rest of Microsoft, to ensure we could operate seamlessly as an independent entity.

— Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital

Through this transformative journey, we have not only tailored our offerings to meet the stringent requirements of highly regulated sectors, but we have also significantly enhanced our overall business intelligence. By internalizing and refining our products early in their lifecycle, we ensure that our services not only align with but surpass the expectations of our most compliance-conscious customers, continuing our legacy as a global leader in technology solutions.

What does this mean in the real world?

In our journey to develop a more secure platform for internal use at Microsoft, we took an unconventional and immersive approach; we essentially created a new federal entity within our larger corporate organization, where the creators and users of this platform merged into one. Our team, dedicated to building this secure environment, began to experience their daily work lives within FedNet, taking meetings on Microsoft Teams and using document collaboration across Microsoft 365 and ensuring its functionality and reliability firsthand.

“Our workday began by signing in to this secure environment, using Microsoft 365 applications for our daily tasks, and collaborating through Teams,” says Dwight Jones, a principal product manager on the Microsoft Federal team in Microsoft Digital (MSD), our IT division. “This wasn’t just a separate project; it was a complete shift in our work environment. We effectively isolated ourselves within a secure bubble, distinct from the rest of Microsoft, to ensure we could operate seamlessly as an independent entity.”

This shift represented a significant change in our corporate experience.

By establishing secure Microsoft tenants in the Azure Government Community Cloud’s high-security environment, we created what we call “Microsoft Federal”—a company within a company. This bold move came with its own set of challenges, but it was essential. It enabled us to not just theorize but practically test and enhance our FedNet solution in real-world conditions, ensuring its effectiveness for our sovereign customers.

Such an approach was pivotal in validating the reliability and security of our solution. It allowed us to experience the potential challenges our customers might face and address them proactively. Ultimately, this real world experiment was more than just a test; it was a commitment to delivering a product that we ourselves could rely on and trust, setting a new standard in our offerings to highly regulated sectors.

Microsoft Federal is a prime example of the potential in public-private partnerships. We bring our expertise to key government organizations, offering them advanced, secure solutions to succeed in their missions. Together, we’re shaping the future of network security.

— Jason Zander, executive vice president, Strategic Missions and Technologies

Getting security right

The key distinction between our traditional business and our new Federal sector business model lies in the stringent regulatory constraints from agencies like the US Department of Defense, adhering to CMMC level 2. Our FedNet environment is designed to not just meet but exceed these standards. In fact, our FedNet implementation has achieved a perfect score (Microsoft Federal Successfully Completes Voluntary CMMC Assessment), reflecting our security team’s commitment to the highest standards, covering a broad range of customer requirements.

“Microsoft Federal is a prime example of the potential in public-private partnerships,” Zander says. “We bring our expertise to key government organizations, offering them advanced, secure solutions to succeed in their missions. Together, we’re shaping the future of network security.”

To align with our Zero Trust principles in FedNet, we started by enhancing device endpoint security using a combination of Microsoft Conditional Access and Microsoft Azure Virtual Desktop (AVD). This provides our teams with secure and controlled virtual access to standard collaboration and productivity capabilities, a shift from the traditional physical machine setup in our corporate environment.

While aligning with our cloud-first strategy, this transition posed challenges.

The virtual environment offered less flexibility than a commercially managed machine, particularly in terms of software installation control. In our commercial environments, users can install a variety of first- and third-party applications to enable them to be productive. To comply with more stringent regulations, we highly regulate what applications can be installed on the virtual client—each piece of software has to be security cleared by our Security Portal for Assessment, Consulting and Engineering (ACE) tool—we had to create controlled processes to qualify each piece of software we deployed in our FedNet environment.

Teams is the lifeblood of collaboration at Microsoft, even a few-second delay in a Teams call hosted in our AVD environment can significantly disrupt the experience for our users in Microsoft Federal, just as it would for any other user.

— Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital

Getting to product parity

Getting back to our internal team charged with deploying a version of this platform inside the company, our internal users at Microsoft Federal need more than just robust compute platforms and Zero Trust technology—they require the same modern communication and productivity tools as any of our other employee to manage daily operations effectively. Despite differing security protocols, essential tools like Microsoft Teams and Microsoft Outlook must function just as reliably for our Microsoft Federal users as they do for our CorpNet users.

Take Microsoft Teams meetings, for example.

“Teams is the lifeblood of collaboration at Microsoft, even a few-second delay in a Teams call hosted in our AVD environment can significantly disrupt the experience for our users in Microsoft Federal, just as it would for any other user,” Jones says.

Such technical issues, if unresolved, could hinder business operations and negatively impact user perception of our products. We recognized the need for improvement in how Teams integrated within AVD highlighting key opportunities to accelerate quality of service features across both products that, once implemented, would quickly trickle down to all users of these services.

The complexity of managing change

Not surprisingly, we found that managing change and expectations was as significant a challenge as the technical blockers. The biggest hurdle became managing the cognitive shift when moving between environments, rather than addressing technical gaps. For instance, implementing data loss prevention strategies via document labeling was optional in our commercial environment but mandatory in FedNet to comply with CMMC regulations. This necessitated a new approach to data handling and required significant adjustments from our users. Training users on the rational and procedures for data handling was critical to overcome this barrier to entry for new users.

Our Microsoft Federal environment, while more secure, should not lack any functionality or features compared to the civilian version.

— Dwight Jones, principal product manager, Microsoft Federal team, Microsoft Digital

Experiment, learn, adjust, grow

After establishing the basic functionality needed for our Microsoft Federal employees to most closely match the experience of their counterparts in the larger Microsoft organization, our focus shifted to optimizing the environment. This entailed refining existing solutions and introducing the latest innovations Microsoft is known for.

It was all about feature parity.

“Our Microsoft Federal environment, while more secure, should not lack any functionality or features compared to the civilian version,” Jones says.

A standout feature attracting global corporate interest in FedNet is Microsoft Teams Rooms. This innovative setup combines built-in screens, modern video cameras, eye-tracking technology, and Zero Trust security to revolutionize meeting experiences in Microsoft Teams, specifically tailored for our Microsoft Federal product.

Serving some of the world’s most security-conscious customers grants us unique experiences and insights that benefit our entire business. With exciting features and products, many fueled by Microsoft’s AI innovations, we’re charting a bright future for all our customers, including those in Microsoft Federal. This is how we fulfill our mission to empower every person and organization on the planet to achieve more.

— Jason Zander, executive vice president, Strategic Missions and Technologies

“Secure Teams Rooms is exactly what our internal Microsoft Federal users, and indeed any organization, would desire,” Jones says.

Following this, we began a pilot rollout of Microsoft Teams Rooms in select secure locations, with plans to extend this enriched experience to all employees in the Microsoft Federal environment. By using the same technologies they provide to customers, our employees gain valuable insights and experiences, enhancing their ability to support customers deploying Microsoft Teams Rooms in their organizations.

“Serving some of the world’s most security-conscious customers grants us unique experiences and insights that benefit our entire business,” Zander says. “With exciting features and products, many fueled by Microsoft’s AI innovations, we’re charting a bright future for all our customers, including those in Microsoft Federal. This is how we fulfill our mission to empower every person and organization on the planet to achieve more.”

Microsoft Federal and our experience building a company within a company exemplifies our commitment to empowering customers with secure, compliant, and innovative solutions. By harnessing technologies like Microsoft Teams, Azure, and Microsoft 365, we’re setting new standards for collaboration and security in government and beyond.

Here are some things to think about as you consider beefing up your security with a product like our FedNet solution:

• Zero Trust is now relevant to everyone: Hybrid work, cloud migration, and increased threats make taking a Zero Trust approach to security a prudent consideration in every organization.
• Lack of leadership alignment is the biggest obstacle to driving Zero Trust agendas: Leadership alignment is critical to driving Zero Trust agendas. It’s important to ensure that all stakeholders are aligned with the Zero Trust vision and understand how it fits into the broader security strategy. This includes executive leadership, IT teams, security teams, and other business units.
• Zero Trust architecture requires holistic, integrated thinking: Zero Trust architecture requires a holistic, integrated approach that spans people, processes, and technology. It’s important to have a clear understanding of your organization’s assets, data flows, and user behaviors in order to design an effective Zero Trust architecture.

Learn more about our Microsoft Federal program and offerings.

• Explore implementing a Zero Trust security model at Microsoft.
• Unpack culture, the cloud, and security: learning from Microsoft’s digital transformation.
• Discover enhancing Microsoft’s security posture with Microsoft Azure Firewall Manager.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Sharing what we learned deploying our secure federal environment appeared first on Inside Track Blog.

We’re accelerating our digital transformation with an enterprise data platform built on Microsoft Purview and Microsoft Fabric. Our solution addresses three essential layers of data transformation:

• Unifying data with an analytics foundation
• Responsibly democratizing data with data governance
• Scaling transformative outcomes with intelligent applications

As a result, we’re creating agile, regulated, and business-focused data experiences across the organization that accelerate our digital transformation.

[Unpack how we’re deploying a modern data governance strategy internally at Microsoft. Explore how we’re providing modern data transfer and storage service at Microsoft with Microsoft Azure. Discover how we’re modernizing enterprise integration services at Microsoft with Microsoft Azure.]

Accelerating responsible digital transformation

Digital transformation in today’s world is not optional. An ever-evolving set of customer expectations and an increasingly competitive marketplace prohibit organizations from operating with static business practices. Organizations must constantly adapt to create business resilience, improve decision-making, and increase cost savings.

Data is the fuel for digital transformation. The capability of any organization to transform is directly tied to how effectively they can generate, manage, and consume their data. These data processes—precisely like the broader digital transformation they enable—must also transform to meet the organization’s needs.

The Enterprise Data team at Microsoft Digital builds and operates the systems that power Microsoft’s data estate. We’re well on our way into a journey toward responsibly democratizing the data that drives global business and operations for Microsoft. We want to share our journey and give other organizations a foundation—and hopefully a starting point—for enabling their enterprise data transformation.

Seizing the opportunity for data transformation

Data transformation focuses on creating business value. Like any other organization, business value drives most of what we do. As Microsoft has grown and evolved, so has our data estate.

Our data was in silos. Various parts of the organization were managing their data in different ways, and our data wasn’t connected.

—Damon Buono, head of enterprise governance, Microsoft

At the genesis of our data transformation, we were in the same situation many organizations find themselves in. Digital transformation was a top priority for the business, and our data estate couldn’t provide the results or operate with the agility the business required.

We felt stuck between two opposing forces: maintaining controls and governance that helped secure our data and the pressure from the business to move fast and transform our data estate operations to meet evolving needs.

“Our data was in silos,” says Damon Buono, head of enterprise governance for Microsoft.  “Various parts of the organization were managing their data in different ways, and our data wasn’t connected.”

As a result, a complete perspective on enterprise-wide data wasn’t readily available. It was hard to implement controls and governance across these silos, and implementing governance always felt it was slowing us down, preventing us from supporting digital transformation at Microsoft at the required pace.

“We needed a shared data catalog to democratize data responsibly across the company,” Buono says.

Transforming data: unify, democratize, and create value

Transforming our data estate fundamentally disrupted how we think about and manage data at Microsoft. With our approach, examining data at the top-level organization became the default, and we began to view governance as an accelerator of our transformation, not a blocker. As a result of these two fundamental changes, our data’s lofty, aspirational state became achievable, and we immediately began creating business value.

Our enterprise data platform is built on three essential layers of data transformation: unifying data with an analytics foundation, responsibly democratizing data with data governance, and scaling transformative outcomes with intelligent applications.

Unifying data with an analytics foundation

Unified data is useful and effective data. Before our data transformation, we recognized the need to unify the many data silos present in the organization. Like many businesses, our data has evolved organically. Changes over the years to business practices, data storage technology, and data consumption led to increased inefficiencies in overall data use.

Analytics are foundational to the remainder of the data transformation journey. Without a solid and well-established analytics foundation, it’s impossible to implement the rest of the data transformation layers. A more centralized source of truth for enterprise data creates a comprehensive starting point for governance and creating business value with scalable applications.

With Microsoft Fabric at the core, our analytics foundation unifies data across the organization and allows us to do more with less, which, in turn, decreases data redundancy, increases data consistency, and reduces shadow IT risks and inefficiencies.

“It connects enterprise data across multiple data sources and internal organizations to create a comprehensive perspective on enterprise data,” Buono says.

Microsoft Fabric ensures that we’re all speaking the same data language. Whether we’re pulling data from Microsoft Azure, multi-cloud, or our on-premises servers, we can be confident that our analytics tools can interpret that data consistently.

Functionally, this reduces integration and operation costs and creates a predictable and transparent operational model. The unity and visibility of the analytics foundation then provide the basis for the rest of the transformation, beginning with governance.

Responsibly democratizing data with data governance

Data can be a transformative asset to the organization through responsible democratization. The goal is to accelerate the business through accessibility and availability. Democratizing data is at the center of our governance strategy. Data governance plays an active role in data protection and complements the defensive posture of security and compliance. With effective governance controls, all employees can access the data they need to make informed decisions regardless of their job function or level within the organization. Data governance is the glue that combines data discovery with the business value that data creates.

It’s critical to understand that governance accelerates our digital transformation in the modern data estate. Governance can seem like a burden and a blocker across data access and usage scenarios, but you cannot implement effective and efficient governance without a unified data strategy. This is why many organizations approach data governance like it’s a millstone hanging around their neck. Many organizations struggle with harnessing the power of data because they don’t have a data strategy and they lack alignment across the leadership teams to improve data culture.

In the Microsoft Digital data estate, governance lightens the load for our data owners, administrators, and users. Microsoft Purview helps us to democratize data responsibly, beginning with our unified analytics foundation in Microsoft Fabric. With a unified perspective on data and a system in place for understanding the entire enterprise estate, governance can be applied and monitored with Purview across all enterprise data, with an end-to-end data governance service that automates the discovery, classification, and protection of sensitive data across our on-premises, multi-cloud, and SaaS environments.

“The governance tools that protect and share any enterprise data are transparent to data creators, managers, and consumers,” Buono says. “Stakeholders can be assured that their data is being shared, accessed, and used how they want it to be.”

Our success begins with an iterative approach to data transformation. We started small, with projects that were simple to transform and didn’t have a critical impact on our business.

—Karthik Ravindran, general manager, data governance, Microsoft Security group

Responsible democratization encourages onboarding and breaks down silos. When data owners are confident in governance, they want their data on the platform, which drives the larger unification and governance of enterprise-wide data.

Scaling transformative outcomes with intelligent applications

The final layer of our data transformation strategy builds on the previous two to provide unified, democratized data to the applications and business processes used every day at Microsoft. These intelligent applications create business value. They empower employees, reduce manual efforts, increase operational efficiencies, generate increased revenue, and contribute to a better Microsoft.

How we transformed: iteration and progression

While the three layers provide a solid structure for building a modern data platform, they provide value only if implemented. Actual transformation happens in the day-to-day operations of an organization. We transformed by applying these layers to our business groups, data infrastructure, and even our cultural data approach at Microsoft Digital.

“Our success begins with an iterative approach to data transformation,” says Karthik Ravindran, a general manager who leads data governance for the Microsoft Security group. “We started small, with projects that were simple to transform and didn’t have a critical impact on our business.”

These early projects provided a testing ground for our methods and technology.

“We quickly iterated approaches and techniques, gathering feedback from stakeholders as we went, Ravindran says. “The results and learnings from these early implementations grew into a more mature and scalable platform. We were able to adapt to larger, more complex, and more critical sections of our data estate, tearing down larger data silos as we progressed.”

To understand how this worked, consider the following examples of our transformation across the organization.

Transforming marketing

The Microsoft Global Demand Center supports Microsoft commercial operations, including Microsoft Azure, Microsoft 365, and Dynamics 365. The Global Demand Center drives new customer acquisition and builds the growth and adoption of Microsoft products.

The Global Demand Center uses data from a broad spectrum of the business, including marketing, finance, sales, product telemetry, and many more. The use cases for this data span personas from any of these areas. Each internal Microsoft persona—whether a seller, researcher, product manager, or marketing executive—has a specific use case. Each of these personas engages with different customers to provide slightly different outcomes based on the customer and the product or service. It’s an immense swath of data consumed and managed by many teams for many purposes.

The Global Demand Center can holistically manage and monitor how Microsoft personas engage with customers by converging tools into the Microsoft Digital enterprise data platform. Each persona has a complete picture of who the customer is and what interactions or engagements they’ve had with Microsoft. These engagements include the products they’ve used, the trials they’ve downloaded, and the conversations they’ve had with other internal personas throughout their lifecycle as a Microsoft customer.

The enterprise data platform provides a common foundation for insights and intelligence into global demand for our products. The platform’s machine learning and AI capabilities empower next actions and prioritize how the Global Demand Center serves personas and customers. Moving the Global Demand Center toward adopting the enterprise data platform is iterative. It’s progressive onboarding of personas and teams to use the toolset available.

The adoption is transforming marketing and sales across Microsoft. It’s provided several benefits, including:

• More reliable data and greater data quality. The unification of data and increased governance over the data create better data that drives better business results.
• Decreased data costs. Moving to the enterprise data platform has reduced the overall cost compared to managing multiple data platforms.
• Increased agility. With current and actionable data, the Global Demand Center can respond immediately to the myriad of daily changes in sales and marketing at Microsoft.

Improving the employee experience

Employee experience is paramount at Microsoft. The Microsoft Digital Employee Experience team is responsible for all aspects of the employee experience. They’re using the enterprise data platform to power a 360-degree view of the employee experience. Their insights tool connects different data across Microsoft to provide analytics and actionable insights that enable intelligent, personalized, and interconnected experiences for Microsoft employees.

The employee experience involves many data points and internal departments at Microsoft. Previously, when data was managed and governed in silos, it was difficult to build data connections to other internal organizations, such as Microsoft Human Resources (Microsoft HR). With the enterprise data platform, the Employee Experiences team can access the data they need within the controls of the platform’s governance capabilities, which gives the Microsoft HR department the stewardship and transparency they require.

The enterprise data platform creates many benefits for the Employee Experiences team, including:

• Coordinated feature feedback and implementation. All planned software and tools features across Microsoft align with employee feedback and practical needs obtained from the enterprise data platform.
• Better detection and mitigation of issues. Intelligent insights help Employee Experiences team members identify new and recurring issues so they can be mitigated effectively.
• Decreased costs. The efficiencies created by using the enterprise data platform reduce engineering effort and resource usage.

Creating greater sustainability in operations

Microsoft Sustainability Operations supports efforts to increase global sustainability for Microsoft and minimize environmental impact. Sustainability Operations is responsible for environmental efforts across the organization, including waste, water, and carbon management programs.

Their internal platform, the Microsoft Cloud for Sustainability, is built on the enterprise data platform. It leverages the unified analytics and governance capabilities to create important sustainability insights that guide Sustainability Operations efforts and programs.

These insights are combined in the Microsoft Environmental Sustainability Report. This report contains 20 sections detailing how Microsoft works to minimize environmental impact. The report includes sections for emissions, capital purchases, business travel, employee commuting, product distribution, and managed assets, among others.

To provide the data for this report, Sustainability Operations has created a data processing platform with the Microsoft Cloud for Sustainability that ingests and transforms data from Microsoft Operations into a data repository. The unified data enables the team to create reports from many different perspectives using a common data model that enables quick integration.

Governance is central to the effective democratization of data, and when data is adequately democratized—safely accessible by everyone who should access it—transformation is accelerated. Modern governance is achievable using automated controls and a self-service methodology, enabling immediate opportunity to create business value.

—Damon Buono, head of enterprise governance, Microsoft

The Microsoft Environmental Sustainability Report supports decision-making at the enterprise and business group level, which enables progress tracking against internal goals, forecasting and simulation, qualitative analysis of environmental impact, and compliance management for both perspectives. These tools allow Microsoft Sustainability Operations to discover and track environmental hotspots across the global enterprise with greater frequency and more precision. Using these insights, they can drive changes in operations that create more immediate and significant environmental impact reductions.

Implementing internal data governance

Governance has been a massive part of our journey. Realizing governance as an accelerator of transformation has radically changed our approach to governance. Understanding who is accessing data, what they’re accessing, and how they’re accessing is critical to ensuring controlled and measured access. It also creates the foundation for building transparency into the enterprise data platform, growing user confidence, and increasing adoption.

“Governance is central to the effective democratization of data, and when data is adequately democratized—safely accessible by everyone who should access it—transformation is accelerated,” Buono says. “Modern governance is achievable using automated controls and a self-service methodology, enabling immediate opportunity to create business value.”

Our governance strategy uses data standards and models with actionable insights to converge our entire data estate, which spans thousands of distinct data sources. We built our approach to data governance on some crucial learnings:

• Evidence is critical to driving adoption and recruiting executive support.
• Automated data access and a data catalog are critical to consolidating the data estate.
• Data issue management can provide evidence, but it doesn’t scale well.
• A centralized data lake, scorecards for compliance, and practical controls help create evidence for governance in large enterprises.

We continue to drive the adoption of the enterprise data platform at Microsoft. As we work toward 100 percent adoption across the enterprise, we generate efficiencies and reduce costs as we go. The iterative nature of our implementation means we’ve been able to move quickly and with agility, improving our processes as we go.

We’re really very excited about where we are now with Purview, Fabric, and the entire suite of tools we now have to manage our data here at Microsoft. They are helping us rethink how we use data internally here at Microsoft, and we’re just getting started.

—Karthik Ravindran, general manager, data governance, Microsoft Security group

We’re also supporting organizational alignment and advocacy programs that will increase adoption. These programs include an internal data governance management team to improve governance, an enterprise data education program, and a training program for the responsible use of AI.

As our enterprise data estates expand and diversify, tools like Microsoft Purview and Microsoft Fabric have become indispensable in ensuring that our data remains an asset, not a liability. These tools offer a compelling solution to the pressing challenges of governing and protecting the modern data estate through automated discovery, classification, and a unified approach to hybrid and multi-cloud deployments.

“We’re really very excited about where we are now with Purview, Fabric, and the entire suite of tools we now have to manage our data here at Microsoft,” Ravindran says. “They are helping us rethink how we use data internally here at Microsoft, and we’re just getting started.”

• Go here to try out Microsoft Purview if you’re using Microsoft 365 E3.
• Click through here to try out Microsoft Fabric.

• Unpack how we’re deploying a modern data governance strategy internally at Microsoft.
• Explore how we’re providing modern data transfer and storage service at Microsoft with Microsoft Azure.
• Discover how we’re modernizing enterprise integration services at Microsoft with Microsoft Azure.

Your feedback is valued, take our user survey here!

The post Transforming data governance at Microsoft with Microsoft Purview and Microsoft Fabric appeared first on Inside Track Blog.

When Microsoft moved to Microsoft Teams for all communications, it needed a good plan.

More than 250,000 employees and licensed vendors would be affected by the shift, as would 600,000 guests that the company collaborates with on a regular basis.

The one thing we had to get right to make sure our company-wide transition to Teams was successful was to deploy the governance framework that comes with Microsoft 365.

~David Johnson, principal program manager, Microsoft 365 product strategy and development for Microsoft Digital

Too much was at stake to allow anything to go wrong.

“The one thing we had to get right to make sure our company-wide transition to Teams was successful was to deploy the governance framework that comes with Microsoft 365,” says David Johnson, who leads Microsoft 365 product strategy and deployment governance inside Microsoft Digital. “Governance was critical.”

Mission accomplished.

Microsoft Teams has been the company’s collaboration platform for more than two years. With a full set of communications capabilities, including chat, voice and video meetings, and calling, Microsoft Teams has become the place where employees work all the time, especially as they work remotely due to COVID-19.

Governance refers to the policies, roles, responsibilities, and processes that a company like Microsoft uses to help ensure their IT resources are being effectively deployed and managed, and that data security and compliance standards are in place while still allowing employees get their work done. An effective governance framework can streamline deploying solutions like Microsoft Teams, ensure all systems are secure and compliant, and generally make sure its technology does what it’s supposed to do.

“Our foundation for Microsoft 365 and Microsoft Teams governance within Microsoft is tied to how we manage and govern Microsoft 365 Groups inside the company,” Johnson says. “Groups are the common layer under Teams, SharePoint team sites, Yammer Communities, Outlook groups, and a lot more.”

Put simply, governance is setting things up so people can be their most productive selves.

“We want to let our employees do their thing, but we want to make sure we give them guardrails and watch for things that could get them in trouble,” Johnson says.

Click the video to watch Johnson’s “How Microsoft manages Microsoft 365 Groups for its employees” presentation at Microsoft Ignite.

The deployment of Microsoft Teams was a success in large part because the Microsoft Digital team relied on the governance framework they designed for the Microsoft 365 workloads they had already deployed internally, says Emily Kirby, who was a program manager on Microsoft Digital’s Microsoft Teams deployment team when rolling it out across the company.

“Because we had previously established governance for Microsoft 365 services, such as SharePoint, OneDrive, OneNote, Word, and other apps, those policies and guidelines were able to smoothly carry over to Teams,” Kirby says. “What makes Teams unique within Microsoft 365 and as a platform overall is that, during our deployment, it worked like an intelligent shell. Teams automatically inherited the permissions and policies set for the other services so that, for example, when people work on files in Teams, or use other Microsoft 365 services within Teams, they work within the governance parameters of those other services.”

[Learn more how Microsoft Digital used Microsoft Azure’s governance toolset to enable enterprise-scale governance design and compliance enforcement across the company’s entire Azure environment.]

Governing collaborative employees

Microsoft Teams is a hub for teamwork that enables people to work together by bringing chat, calling, meetings, files, and Microsoft 365 and third-party apps together in one place, Johnson says. Because it’s built on Microsoft 365, Microsoft Teams is part of a common underlying data graph that unifies all Microsoft 365 products and services. This ultimately enables AI and machine learning to help people easily accomplish tasks and focus on what matters most.

However, making this kind of unfettered collaboration work while also protecting the company requires security measures smart enough to control access based on need, that recognize and disable broad access when a team no longer needs a set of information anymore, and that help Microsoft Digital quickly identify and fix security issues when they pop up.

Microsoft Digital has partnered with the Microsoft 365 product group to inform the development of Microsoft 365 governance capabilities for all customers.

The partnership between the two has helped simplify the company’s thinking.

“Our thinking around governance is evolving,” Johnson says. “We’ve seen first-hand the difference it makes to have a well-developed governance framework in place for every service we roll out.”

One of the big insights was that delivering a unified approach to governance that runs across all Microsoft 365 services would simplify and strengthen the company’s overall approach, he says. When you handle the security of Microsoft Teams, Microsoft OneNote, Microsoft Word, and all the other Microsoft 365 products in exactly the same way on top of the same underlying graph, there are far fewer breakdowns, seams exposed, or other ways for things to go wrong.

“All of the things employees do at work are coming together in a common construct,” Johnson says. “It makes it so we only need to secure everything once, whether it be bridge auditing, establishing policies to protect data, labeling groups, and so on.”

That’s the beauty of it. We got to take all of the goodness of SharePoint governance, all the security inside OneDrive, all of the learnings that have been applied to the entire Microsoft graph—we got to absorb all of that into Teams.

~Emily Kirby, program manager on Microsoft Digital’s Microsoft Teams deployment team

It’s that kind of thinking that grounded the team that deployed Microsoft Teams across the company, Kirby says.

“That’s the beauty of it,” she says. “We got to take all of the goodness of SharePoint governance, all the security inside OneDrive, all of the learnings that have been applied to the entire Microsoft graph—we got to absorb all of that into Teams.”

Smart search needs good governance

Giving employees access to create and collaborate with others is core to Microsoft Digital’s mission, and protecting the company’s assets go hand in hand with that, Johnson says.

He says the team has been working to optimize legal and retention capabilities, so data is preserved for only as long as needed while not losing things that will be needed in the future.

Microsoft also wants to work on making it easier for employees to collaborate with customers and partners outside of the company, on onboarding new products and processes, and on transforming search so employees can find whatever information they’re looking for no matter where it resides. This includes using AI and machine learning to do things like suggest and rank relevant search results that the employee might not otherwise come across.

“If you don’t have good governance, then you can’t do these things,” Johnson says.

• Learn more how Microsoft Digital used Microsoft Azure’s governance toolset to enable enterprise-scale governance design and compliance enforcement across the company’s entire Azure environment.

The post Deploying Microsoft Teams across Microsoft hinged on good governance appeared first on Inside Track Blog.