At Microsoft, we’re deploying a spectrum of agents to fulfill different needs, from acting as knowledge sources for our individual employees, to helpers that handle specific tasks for our teams, organizations, and for the full company.

Of the different kinds of agents, the easiest to implement are retrieval agents, which employees can build using Microsoft Copilot Studio agent builder or SharePoint. After a few quick steps, the agents they create retrieve information for them from data grounded in our Microsoft 365 tenant, like a SharePoint library or collection of libraries, reason over it, summarize it, and answer their questions.

As one of the first enterprise IT organizations to deploy this capability to our employees, we’re starting to see their impact first-hand, and along the way, we’re learning lessons that our customers can use to unlock their own agentic abilities.

Copilot + retrieval agents: A new way to drive enterprise AI value

So, what are retrieval agents?

First, it’s important to understand where these Microsoft 365 Copilot extensions fit within the emerging agentic environment.

Copilot agents expand Copilot’s knowledge and skills, and they can even operate autonomously to complete tasks or automate processes. Retrieval agents operate at the simplest end of the agentic spectrum and are the easiest for employees to create.

Types of agents

“Retrieval agents wrap around knowledge sources and data sets, and they include system prompts so they behave the way their creators want,” says Aisha Hasan, Power Platform and Copilot Studio product manager for Microsoft Digital. “They’re AI helpers that our employees can create to find what they want without having to search around manually.”

“If we think of Copilot as the UI for AI, retrieval agents are a further layer on that UI, that can access and reason over their organization’s data.”

Mykhailo Sydorchuk, Customer Zero lead for Microsoft 365 integrated apps, Microsoft Digital

A retrieval agent is essentially Copilot, plus its creator’s instructions, plus grounding in a particular data set. These extensions can accomplish a wide variety of jobs, from acting as an event planning assistant to sourcing insights into business optimizations to surfacing internal guidance around leadership best practices.

“If we think of Copilot as the UI for AI, retrieval agents are a further layer on that UI, that can access and reason over their organization’s data,” says Mykhailo Sydorchuk, Customer Zero lead for Microsoft 365 integrated apps at Microsoft Digital. “They can also address other data sets and systems using Copilot, without the need to build custom connectors or orchestration.”

At Microsoft, retrieval agents are accelerating our AI journey by enabling employees to tailor Copilot’s capabilities to their own work and specific knowledge sources. Their value comes from creating micro-experiences that meet specialized needs to enhance productivity and information discoverability.

“With Copilot Studio agent builder and retrieval agents, we’re empowering our employee citizen developers to experiment freely and create agents easily, then share them out, all surrounded by the right governance and management process.”

Amy Rosenkranz, principal product manager for Customer Zero Extensibility, Microsoft Digital

Creating retrieval agents couldn’t be easier. One option is through Microsoft Copilot Studio agent builder, accessible through Copilot Chat within Microsoft Teams. Employees can use natural language prompts and a simplified configuration process to provide custom instructions, tell their agents how to behave, and provide specific data and knowledge sources.

SharePoint agents are another opportunity to add AI assistance into everyday work. These enable users to turn SharePoint sites and documents into scoped agents that are subject matter experts for your business needs. Site owners or admins simply customize their SharePoint agent’s branding and purpose, specify the sites, pages, and files it should get information from, and define customized prompts tailored to its purpose and scope.​​​​​​​

“We’re targeting our core enterprise professional developer scenarios with more advanced tooling,” says Amy Rosenkranz, principal product manager for Customer Zero Extensibility in Microsoft Digital. “But with Copilot Studio agent builder and retrieval agents, we’re empowering our employee citizen developers to experiment freely and create agents easily, then share them out, all surrounded by the right governance and management process.”

Enabling retrieval agents while ensuring our organization’s integrity

While agents represent a leap forward in AI-powered productivity, capturing that value means balancing the freedom to explore with the need to protect our company.

Microsoft is one of the first and largest organizations to extend Microsoft 365 Copilot by enabling agents. As a result, our team here in Microsoft Digital, the company’s IT organization, has been hard at work ensuring those agents don’t put the company at risk.

“The beauty of retrieval agents is that, for the most part, they’re grounded in Microsoft 365 data, so they provide a single-pane view within Teams, instead of forcing users to go from one source to another to seek out information.”

Aisha Hasan, Power Platform and Copilot Studio product manager, Microsoft Digital

The level of risk an agent presents largely depends on its access to data sources and the actions it can take. More advanced task and autonomous agents need to cross Microsoft 365 tenant boundaries to enable actions. But retrieval agents are much simpler.

Retrieval agents typically only access data within tenant boundaries through graph connectors. Although they occasionally need to connect with information outside the tenant, they only retrieve data and don’t transmit it externally. As a result, administrating and governing these agents is much simpler.

“The beauty of retrieval agents is that, for the most part, they’re grounded in Microsoft 365 data, so they provide a single-pane view within Teams, instead of forcing users to go from one source to another to seek out information,” Hasan says. “Whatever your window of productivity might be, you can interact with the information you need without constantly switching context.”

We started small, experimenting with retrieval agents with trusted stakeholders and reviewing each one to ensure they didn’t present unacceptable risks to the company. Through what we learned during that process and the data safety controls we maintain across our tenant, we’ve minimized the scenarios where agents require reviews, which only come into play for more complex agents that build on bespoke graph connectors, API plugins, or custom orchestration to access external knowledge sources and take actions.

Our confidence in retrieval agents’ safety comes from a few key factors.

Administration and configuration

Retrieval agents’ simplicity also helps us keep the risk of data overexposure low. Unlike more complex agents that require security assessments, threat modeling, privacy assessments, and Responsible AI reviews, we’re able to define our policies for retrieval agents at the agent builder environment level.

We empower tenant administrators and our partners on the Microsoft Security team to apply data loss prevention policies that configure what individual employees can enable for their retrieval agents. At this level, everyone in the company has the same configuration and tools available, and automation largely handles agent reviews and assessments. We based these pre-configured settings on the same security, privacy, and regulatory compliance standards we apply to any internally built application.

Approved graph connectors

Graph connectors increase the discoverability of external data by integrating it into an agent’s grounding. At Microsoft, we’ve onboarded a series of approved connectors that creators can use to incorporate additional data for their agents to reason over. They include connectors for external websites as well as tools like Azure DevOps and ServiceNow.

Our criteria and review process for connectors ensure that agents don’t put our tenant at risk. As long as a connector is approved, employees are free to use it to create their agents.

Ensuring Responsible AI standards at the platform layer

Microsoft has been at the forefront of establishing Responsible AI principles: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. To ensure we enabled retrieval agents that would respect Responsible AI standards, we needed to translate those concepts into concrete policies we could apply at the platform level.

Microsoft’s Office of Responsible AI has been an indispensable resource during this process. They maintain a comprehensive and evolving list of policy statements around restricted uses for AI capabilities. Those include things like using AI to infer emotions or personal characteristics, assess employee performance, or social scoring.

As our implementation of retrieval agents matured, we instituted controls at the platform layer to block these restricted uses for AI, identifying what kinds of information an agent can retrieve. Now, Copilot Studio agent builder knows how to evaluate responsibility against a wide array of parameters and make determinations based on the parameters we’ve set out.

For example, if a manager attempted to create a retrieval agent that would assess employee performance based on meeting attendance, guardrails at the platform layer would curtail that ability. Naturally, as we develop our policies around responsible AI further, the parameters of Responsible AI will shift and grow, and we’ll continue to nuance our configurations.

Thanks to these foundations, we’re now at the point where we feel comfortable giving every Microsoft employee access to Microsoft Copilot Studio agent builder and the freedom to create retrieval agents. It’s all part of our principle of employee self-service with guardrails.

“It’s a constant evaluation,” says Hasan. “Our goal is to allow as much freedom as we can with retrieval agents so employees can increase productivity without going down the path of greater customization that requires more intensive review.”

Different organizations are at different stages of their AI maturity journey. As you experiment with Copilot extensibility, it will be important to define your organization’s level of experience implementing AI tools, your employees’ state of readiness and training, key risk areas, and sensitive scenarios.

“Users who want to build agents with no code can select from premade templates using natural language, or they can fill out a few fields.”

Brian Moran, senior product manager, Employee Experiences team, Microsoft Digital

From there, you’ll be able to use out-of-the-box configuration capabilities in Copilot Studio agent builder to establish guardrails that work for you. It will take careful collaboration across security, privacy, legal, and IT teams, but we’re already learning that the benefits are worth the effort.

Ease and access drive creativity and new ways to work

Now that we’ve empowered our employees to build retrieval agents organization-wide, examples of creativity and innovation are popping up all over the company. Ease of use and freedom have a lot to do with this proliferation.

Using Copilot Studio agent builder

“Users who want to build agents with no code can select from premade templates using natural language, or they can fill out a few fields,” says Brian Moran, senior product manager on the Employee Experiences team at Microsoft Digital. “They can get their agents up and running in minutes.”

Creative examples of the ways that employees and teams are using retrieval agents include:

• IDEAS Copilot democratizes access to our Insights, Data, Engineering, Analytics, AI, and Systems (IDEAS) knowledge base to help users act on crucial usage information without the need for technical expertise. The agent fully integrates with Microsoft Teams, so employees can dig into data across sales, marketing, finance, operations, and more using natural language queries in their familiar working environment.
• Security Comms Agent helps our communications team create blog posts by providing a prompt that includes the content’s purpose and context. It accesses internal documents about business objectives, positioning frameworks, voice guidelines, and our Microsoft Digital communications and marketing plan, as well as the internet and specific Microsoft-owned learning sites for added context. From there, the agent creates a first draft that aligns with our Microsoft Digital positioning, objectives, and voice.

“Empowering our people to create retrieval agents in a responsible environment is the ideal combination of human creativity and AI capabilities, and we’re confident it will unlock a new era of innovation.”

Nathalie D’Hers, corporate vice president, Employee Experience

• Know Your Customer leverages AI to provide a comprehensive view of customer profiles. It accesses an overview of a customer’s tenant, usage metrics for Copilot, service incident reports, and more to provide usage statistics and health data for Microsoft 365 apps, email, meetings, Microsoft Viva, and other products to enhance customer engagement and support. The agent can even generate a tenant-specific Microsoft PowerPoint dossier for ease of use.
• Prompt Buddy Agent helps employees discover ready-to-use prompts that eliminate the need for experimentation and prompt engineering. Employees use natural language queries to discover AI prompts their colleagues have shared across industries, roles, personas, and topics, all without leaving Copilot Chat. As a result, they can save valuable time by streamlining AI-assisted workflows.
• Communications Plan Assistant accesses a library of prompts our Microsoft Viva communications team has developed to quickly draft content. The team communicates with the agent conversationally, providing feedback and selecting from the options it provides, then populates pre-defined sections in their communications plan template. At the end of the interaction, they can request a summary with all the final content that will go into the plan.

“By trusting our employees to imagine and create their own extensions for Microsoft 365 Copilot, we’re making it possible to personalize enterprise AI like never before,” says Nathalie D’Hers, corporate vice president of Employee Experience. “Empowering our people to create retrieval agents in a responsible environment is the ideal combination of human creativity and AI capabilities, and we’re confident it will unlock a new era of innovation.”

Key takeaways

Here are some tips for getting started with retrieval agents at your company:

• Establish early communication and collaboration with members of your security, legal, compliance, IT, and any other teams who can help you define ways to configure Copilot Studio agent builder safely.
• Agents rely on data, so ensure your enterprise data is clean, well-governed, and accessible through scalable pipelines.
• Start slowly. Enable retrieval agents for smaller, select groups to work through any configuration issues or concerns before widening access. Plan to review everything you do at each step, and use those learnings as a basis for configuration and automation as time progresses.
• Balance employee empowerment with organizational safety. That balance will evolve as your organization’s AI maturity progresses.
• Use simple retrieval agents as a springboard to more complex extensions that require a structured review process.

Try it out

Want to explore the possibilities for creating agents with Microsoft Copilot Studio? Try it free here.

Related links

• Witness AI-powered agents in action to see how we’re embracing this new ‘agentic’ moment at Microsoft.
• Learn how we’re finding deeper AI value at Microsoft with Microsoft 365 Copilot extensibility.
• Discover ways we’re unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
• Check out how we’re riding the wave of AI agents washing over Microsoft using good governance.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post How our employees are extending enterprise AI with custom retrieval agents appeared first on Inside Track Blog.

Microsoft Digital stories

Editor’s note: This story was created with the help of artificial intelligence. To learn more about how Inside Track is using the power of generative AI to augment our human staff, see our story, Reimagining content creation with our Azure AI-powered Inside Track story bot.

The choices we make today regarding technology platforms shape the success or failure of critical projects in the future.

For our Employee Productivity Engineering (EPE) team within Microsoft Digital, the company’s IT organization, the challenge of choosing between Microsoft Dataverse, our low-code data platform that is part of the Microsoft Power Platform, and Microsoft SQL Server, our relational database management system (RDBMS) used for storing and retrieving data as requested by other software applications, was more than a technical decision.

It was a balancing act between empowering business users, meeting operational demands, and aligning with our company’s strategic vision for scalable, secure, and high-performing solutions.

Faced with competing priorities, the EPE team embarked on a journey to evaluate these two powerful platforms, ultimately uncovering lessons and strategies that would guide their work and inspire our enterprise customers.

The Crossroads: Business needs and technical demands

The challenge of choosing between Dataverse and SQL Server wasn’t a simple one.

“Our project requirements pulled us in two very different directions,” says Urvi Sengar, a senior software engineer on the EPE team here in Microsoft Digital. “On one hand, we wanted the low-code, rapid development capabilities of Dataverse to empower business users. On the other hand, our backend demanded high-performance querying, advanced reporting, and seamless integration with other systems.”

The team’s decision wasn’t purely technical, it was rooted in six key dimensions: low-code development, security, extensibility, cost, governance, and performance. These considerations reflected the immediate needs of the projects and the long-term goals of enabling innovation while adhering to the company’s rigorous standards for compliance and scalability.

Mapping needs to capabilities

To navigate the complexity of the decision, the EPE team adopted a structured approach. They mapped their requirements across the six dimensions and evaluated Dataverse and SQL Server based on their unique strengths:

• Low-code development: Dataverse emerged as the clear winner for user-facing applications, thanks to its seamless integration with the Power Platform. Business users can use its low-code capabilities to build apps and automate workflows without relying heavily on engineering resources. The native connectors and templates further accelerate development timelines.
• Security and compliance: While both platforms offered robust controls, Dataverse’s role-based access and encryption—tightly integrated with the Microsoft cloud ecosystem—simplified compliance for business-centric apps. SQL Server, however, provided the granular control needed for systems handling sensitive or regulated data.
• Extensibility: The team found that Dataverse worked best for apps staying within the Power Platform ecosystem, while SQL Server excelled in complex backend operations and external integrations.
• Cost and governance: Dataverse’s licensing model was cost-effective for smaller-scale applications but became expensive at scale. SQL Server, with its mature governance models, offered predictable costs and reduced operational overhead when integrated into existing infrastructure.
• Performance and scalability: For data-intensive applications requiring real-time exports and complex joins, SQL Server’s ability to handle large datasets and optimize queries made it the superior choice.

The team didn’t rely on a single framework to evaluate the platforms—they blended the power of several tools together.

“We combined internal benchmarks, stakeholder interviews, and scenario-based analysis,” Sengar says. “The decision wasn’t binary—it was contextual, tailored to the unique needs of each project.”

Context-driven choices in action

The team’s thoughtful evaluation process came to life in two key projects, each showcasing the strengths of one platform over the other.

Dataverse was chosen as the data backbone for the Customer Validation Power App—a user-facing Power App designed to validate customer data. Its low-code capabilities and seamless integration with the Power Platform means that business users can use it to validate customer data, synchronize updates, and maintain compliance with Microsoft’s policies. They can also use the app to independently manage app features, which helps accelerate development cycles and reduce reliance on engineering resources.

“Dataverse is a game-changer for business-centric, low-code solutions, while SQL Server remains a cornerstone for high-performance, data-intensive applications.”

Urvi Sengar, senior software engineer, Microsoft Digital

In contrast, SQL Server proved indispensable for backend systems requiring high-performance querying and advanced analytics. By using SQL Server’s structured data control, computed columns, and user-defined functions, the team delivered real-time analytics and secure access management for sensitive data.

“SQL Server handled complex workloads with predictable performance, enabling us to integrate with external systems and legacy applications seamlessly,” Sengar says.

It came down to having to choose between two good options.

Looking ahead: A balanced approach to innovation

The EPE team’s work demonstrates the power of a contextual, thoughtful approach to technology selection. By understanding the strengths and trade-offs of both Dataverse and SQL Server, they not only delivered successful projects but also established a model for future decisions.

“The key takeaway for us was that the right choice depends on the specific context,” Sengar says. “Dataverse is a game-changer for business-centric, low-code solutions, while SQL Server remains a cornerstone for high-performance, data-intensive applications.”

As we continue to innovate here in Microsoft Digital and across the company, the lessons from our journey can serve as a guide for other teams navigating the complexities of platform decisions. By sharing their story, the EPE team hopes to inspire our enterprise customers to embrace a balanced approach to innovation, using the best of both worlds to achieve their goals.

Key takeaways

The EPE team’s journey revealed key lessons and best practices that other IT teams can apply:

• Context is everything: Dataverse and SQL Server serve different purposes, so your choice between the two should align with the specific needs of your application, user base, and operational goals.
• Don’t underestimate governance complexity: While Dataverse simplifies some aspects of governance, SQL Server offers granular controls that are critical for compliance-heavy systems.
• Integration isn’t always seamless: Testing real-time data flows early is essential to avoid surprises later, particularly when integrating Dataverse with external enterprise systems.
• Developer readiness matters: A successful transition to Dataverse requires investments in training and community engagement to ensure smooth adoption.
• Evaluate, align, and pilot: Among the best practices, Urvi highlights the importance of using a decision tree or framework to evaluate platform fit, aligning stakeholders early to surface hidden requirements, and running pilots before scaling to validate assumptions and uncover edge cases.

Try it out

• Get started with Dataverse and sign up for a free trial of Microsoft Copilot.
• Learn more about SQL Server 2025.

Related links

• Explore the Microsoft Dataverse documentation.
• Learn more about the Microsoft Power Platform.
• Explore educational SQL resources.
• Read more on SQL Server technical documentation.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post How our team chose between Dataverse and SQL Server appeared first on Inside Track Blog.

Windows Hello was easy to implement within our existing identity infrastructure and is compatible for use within our remote access solution. We in Microsoft Digital, the company’s IT organization, streamlined the deployment of this feature as an enterprise credential to improve our user sign-in experience and to increase the security of accessing corporate resources.

Using this feature, users can authenticate to a Microsoft account, an Active Directory account, or a Microsoft Entra ID account (formerly known as a Microsoft Azure Active Directory account).

The Windows Hello for Business feature is a public key or certificate-based authentication approach that goes beyond passwords. This form of authentication relies on key pairs that can replace passwords and are resistant to breaches, thefts, and phishing.

Other benefits of this feature include:

• It supports our Zero Trust security model. Emphasizes an identity-driven security solution by centering on securing user identity with strong authentication as well as eliminating passwords.
• It uses existing infrastructure. We configured Windows Hello to support smart card-like scenarios by using a certificate-based deployment. Our security policies enforce secure access to corporate resources with phishing-resistant authentication, including smart cards and passkeys. Windows Hello biometric authentication is currently enabled, but optional for all users.
• It uses a PIN. Replace passwords with stronger authentication. Users can now sign in to a device using a PIN that is backed by a trusted platform module (TPM) chip.
• It provides easy certificate renewal. Certificate renewals automatically occur when a user signs in with their PIN before the lifetime threshold is reached.
• It permits a single sign-in. After users sign in with their PIN, they have access to email, SharePoint sites, Microsoft 365, and business applications without being asked for credentials again.
• It is compatible with remote access. When using Hello for Business, users can connect remotely using a Microsoft Digital VPN without the need for additional authentication.
• It supports Windows Hello. If users have compatible biometric hardware, they can set up biometrics sign-in to swipe their finger or take a quick look at the device camera. This is optional for all users.

Our deployment environment for the Windows Hello for Business feature includes:

• Server: Microsoft Entra ID subscription and Microsoft Entra Connect to extend on-premises directory to Entra ID
• For certificate enrollment: Active Directory Certificate Services (AD CS), Network Device Enrollment Service (NDES), and Microsoft Intune
• Client: Windows 10 or Windows 11 device with an initialized and owned TPM

For more information about integrating on-premises identities with Microsoft Entra ID, see What is hybrid identity with Microsoft Entra ID?

Enrollment and setup

Windows Hello for Business user enrollment steps vary, based on our deployed scenarios. For all scenarios, users will need to use another form of phishing-resistant authentication or a Temporary Access Pass to complete the enrollment.

The Windows Hello for Business feature supports the following enrollment scenarios:

• On-premises Active Directory hybrid domain–joined devices. Users sign in with their domain account, the device is registered with Entra ID and scoped for Intune management, Intune policies are delivered and then the user creates a PIN.
• Entra ID–joined devices managed by Microsoft Intune. Users must enroll in device management through Microsoft Intune. After their device is enrolled and the policies are applied, the PIN credential provisioning process begins, and users receive the prompt to create their PIN.

Requirements

• Phishing-resistant authentication is required for PIN creation using one of the existing methods: smart card, passkey, or TAP (Temporary Access Pass).
• A PIN that has at least six characters.
• A connection to the internet or Microsoft corporate network.

Physical architecture

Our Windows hybrid domain–joined devices were already synchronized with Entra ID through Microsoft Entra Connect, and we already had a public key infrastructure (PKI) in place. Already having a PKI reduced the amount of change required in our environment to enable the Windows Hello for Business feature.

To deploy user certificates based on Windows Hello keys, we used Intune, NDES, and AD CS.

Server roles and services

In our implementation, the following servers and roles worked together to enable Windows Hello as a corporate credential:

• Entra ID subscription with Microsoft Entra Device Registration Service to register devices with Entra ID.
• Intune is used to manage Hello for Business policies for all enrolled devices.
• PKI includes NDES servers (with Certificate Connector for Microsoft Intune) and certificate authorities (with smart card EKU—enhanced key usage—template), used for the issuance, renewal, and revocation of Windows Hello for Business certificates.

Hybrid domain–joined service workflow

The following workflow applies to any Windows 10 of Windows 11 computers joined to our AD DS domain.

• Our hybrid domain–joined devices are automatically registered with Entra ID via a group policy and enrolled in Intune management.
• Intune Policies—including Hello enablement, configuration, and NDES information—are delivered to the device.
• During the next sign-in, the user is prompted to configure Windows Hello for Business, confirm their identity using phishing-resistant authentication, and create a PIN. A private key is created and registered in Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.

• On the next Intune sync, the device contacts the internet-facing NDES server using the URL from the Intune policy and provides the challenge response. The NDES server validates the challenge with the Certificate Connector for Microsoft Intune and receives a “true” or “false” to challenge verification.
  • If the challenge response is “true,” the NDES server communicates with the certificate authority (CA) to get a certificate for the device. Appropriate ports need to be open between the NDES server and the CA for this to happen.
• The NDES server delivers the certificate to the computer.

Entra ID–joined service workflow

• On device join, Intune pushes a device policy to Microsoft Entra ID devices that contains the Windows Hello for Business policies as well as the URL of the NDES server and the challenge generated by Intune.
• During the device join flow, the user is prompted to configure Hello for Business, confirm their identity using phishing-resistant authentication, and create a PIN. A private key is created and registered in Entra ID. The user can also initiate the Windows Hello setup process from the Settings app at any time.
• On the next Intune sync, the device contacts the internet-facing NDES server using the URL from the Intune policy and provides the challenge response. The NDES server validates the challenge with the Certificate Connector for Microsoft Intune and receives a “true” or “false” to challenge verification.
  • If the challenge response is “true,” the NDES server communicates with the certificate authority (CA) to get a certificate for the device. Appropriate ports need to be open between the NDES server and the CA for this to happen.
• The NDES server delivers the certificate to the computer.

Setting policies

Windows Hello for Business policies for both hybrid domain–joined and Entra ID–joined Windows 10 and Windows 11 devices are managed by Intune. We also use these policies to define the complexity and length of the PIN that our users generate at registration and to control whether Windows Hello was enabled.

We chose to enable Hello for Business with a hardware-required option, which means that keys are generated on the TPM. Additionally, we chose to issue a certificate to all Hello for Business credentials to enhance the usability of the credential throughout the corporate infrastructure.

Policy management

We set the Windows Hello for Business policy settings with Intune in two different places. First, setting them via the Tenant Policy ensures that the policies are delivered during the device-enrollment flow. The Tenant Settings can be found in Microsoft Intune Manager Admin Center under Devices > Windows > Windows Enrollment > Windows Hello for Business. However, Tenant Polices are only delivered one time on device join.

We also configure the settings using the Intune Settings Catalog to ensure that they are continuously enforced on all devices. This allows us to update the policies on devices that are already joined. In these policies, we have configured the following options:

• Enable Windows Hello for Business
• Require use of a Trusted Platform Module (TPM)
• Allow biometric authentication
• PIN complexity:
  • Minimum length: 6 characters
  • Allow uppercase letters
  • Allow lowercase letters
  • Allow special characters

For more details on these policy configuration options, check out our documentation page on the Microsoft Learn site.

To enable the Windows Hello for Business certificate issuance, configure the certificate profile (Assets & Compliance > Compliance Settings > Company Resource Access > Certificate Profiles). Select a template that has smart card sign-in extended key usage. Note that to set the minimum key size set, this certificate template should be configured in the Simple Certificate Enrollment Protocol (SCEP) Enrollment page; then you can use the Windows Hello for Business and Certificate Properties page to set the minimum key size set to 2048.

User enrollment experience

All Windows 10 and Windows 11 devices in the Microsoft environment receive the Windows Hello for Business policies from Intune. For hybrid domain–joined devices, these policies are delivered after device registration with the Entra ID tenant. For Entra ID–joined devices, the policies are delivered as part of the device join flow.

PIN creation

On hybrid domain–joined devices, the user is prompted to create their Hello for Business PIN when they unlock or log into the device after the policy settings are applied and the prerequisites, such as TPM availability and state, are met.

Entra ID–joined devices prompt the user to create their Hello for Business PIN during the device join workflow, assuming that the device meets all of the prerequisites.

Certificate enrollment process

After a PIN is successfully created, a certificate is automatically requested on behalf of the user during the next Intune policy sync operation.

Certificate renewal behavior

We have configured PIN credential certificates to have a lifetime of 90 days from when they are issued. Renewals will happen approximately 30 days before they expire. When a user enters their Windows Hello for Business PIN within the 30 days prior to its expiration, a new certificate will be automatically provisioned on their device.

Certificate renewal is governed by Intune policies. The system checks for certificate lifetime percentage and compares it against the renewal threshold. If it’s beyond the set threshold, a certificate renewal starts.

Service management

We manage identity as a service at Microsoft and are responsible for deciding when to bring in new types of credentials and when to phase out others. When we were considering adding the Windows Hello for Business feature, we had to figure out how to introduce the new credential to our users, and to explain to them why they should use it.

Measuring service health

We’re in the process of creating end-to-end signals to measure the service health of Windows Hello for Business. For now, we’re monitoring the performance and status of all our servers. We’re also expanding the service, so adoption and usage numbers are very important metrics that demonstrate the success of our service. We also track the number and types of help desk issues that we see.

We use custom reports created from certificate servers and custom service metrics to collect prerequisites, and key and certificate issuance times for troubleshooting. Detailed reports about other aspects of the service can also be generated from Intune.

We configure a user’s certificate to expire, and certificate renewals are issued with the same key. When necessary, the certificates can be revoked directly through Intune, which provides easier administration. Additionally, certificates are automatically revoked by the Intune service when a user or device is de-provisioned from the environment.

Key takeaways

Here are some tips for getting started with Windows Hello for Business at your company:

• OEM BIOS initialization instructions and TPM lockout policies are OEM-specific. We performed steps to identify and document the potential issues for each hardware provider. We also communicated to our users that clearing a TPM will cause their private key to not work in Windows Hello for Business.
• Some of the common issues we saw with users creating their PINs could have been avoided with better communication. These issues include users not understanding the prerequisites, or the expected delays in onboarding scenarios. To help avoid this issue, we created a productivity guide to walk users through the steps.
• Windows Hello for Business relies on several underlying services: Entra ID, Intune, NDES, and AD CS. All of these services need to be healthy and available.
• Certificate issuance delays can be hard to troubleshoot, but monitoring the health and performance of the supporting services can help.

Try it out

Explore Windows Hello for Business.

Related links

• Learn how we keep our in-house optical network safe with a Zero Trust mentality.
• Read about phishing-resistant authentication in Microsoft Entra ID.
• Discover how we’re implementing a Zero Trust security model at Microsoft.
• Explore improving security by protecting elevated-privilege accounts at Microsoft.
• Unpack hybrid identity with Microsoft Entra ID.  

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Implementing strong user authentication with Windows Hello for Business appeared first on Inside Track Blog.

Today, we’re using Kanban to drive improvement and streamline workflows within some of our engineering teams. The process shows great potential to encourage innovation and increase engineering excellence.

In its simplest form, Kanban involves creating a set of cards that track manufacturing or other step-by-step processes. These cards, tacked to a corkboard, can be used to highlight trouble spots and avoid overcapacity. That latter quality helps Kanban users resist loading up a job with too many side tasks.

“I learned about Kanban when I was in the Marine Corps,” says Ronald Klemz, a senior software engineer manager on our Microsoft Commerce and Ecosystems team. “When I joined Microsoft, I could see how it applied to software engineering.”

Less meetings, more flexibility

Although Kanban has gradually grown in popularity at Microsoft, many engineers still rely on the scrum development framework (part of the agile software development methodology). Scrums consist of regular planning meetings, followed by two-week to month-long sprints that are designed to complete a particular stage of work.

While plenty of good work has come out of scrums and agile, they are not always ideal for driving engineering improvement. The regular scrum meetings can be time-consuming; even though they are designed to break big jobs into manageable pieces, teams can still become overwhelmed if customers add new requirements on the fly.

“At the start of each two-week scrum cycle, you’re expected to know everything that you’re going to do in those two weeks,” says Snigdha Bora, an engineering lead with Microsoft Digital, the company’s IT organization. “But there are things that will happen in those two weeks that you can’t know in advance. All of that goes away with Kanban, because it has no artificial boundaries or time limitations.”

Klemz agrees.

“We’d spend so much time in meetings, planning and replanning to ensure our commitments were falling in the sprint window,” Klemz says. “That would result in large work items sitting in the Active column for days or weeks, making it really difficult to visualize the state of the work. To reduce the meeting load and free up our engineers, we decided to give Kanban a try—and we’ve never looked back.”

Balancing workloads and resources

Whether built with simple paper materials or using more sophisticated software versions, a Kanban board shows rows of cards arranged in columns that represent stages of a project’s workflow. Each card contains a specific task and who is responsible for it.

“When you have a small team responsible for many downstream systems, there are bound to be unknowns that surface and suddenly become top priority. By leveraging Kanban, we’re able to break our work into smaller tasks, so that an engineer can switch projects to focus on an urgent issue.”

Ronald Klemz, senior software engineer manager, Microsoft Commerce and Ecosystems

One of Kanban’s most valuable aspects is that each column is designed to self-limit work in progress. If an extra card is added that exceeds the agreed upon limit of tasks, the column heading might light up red, indicating a possible bottleneck that could delay work.

“It helps to simplify the workflow, so people aren’t getting hit with all kinds of sudden, ad hoc projects,” Klemz says. “They’re able to focus on the agreed-upon workflow.”

Kanban also helps engineers easily shift gears as priorities change and challenges arise.

“Kanban really helps us have the flexibility to tackle urgent work without entirely disrupting the state of our planning cycle,” Klemz says. “When you have a small team responsible for many downstream systems, there are bound to be unknowns that surface and suddenly become top priority. By leveraging Kanban, we’re able to break our work into smaller tasks, so that an engineer can switch projects to focus on an urgent issue.”

Virtual Kanban board at Microsoft

That last point underscores another advantage of how Kanban drives engineering improvement at Microsoft: Its visual nature makes it easy for someone who is a newcomer to a team, has been on vacation, or is a part-timer to look at the Kanban board and immediately see what needs to be done.

“With a Kanban board, an employee can pick up any unassigned task without having to consult the project manager on the priority,” Bora says. “This is much easier and more efficient.”

This feature is especially helpful as more Microsoft engineers are working remotely in today’s increasingly hybrid workforce, frequently across various time zones. By checking the Kanban boards, many of which are created with Microsoft Azure DevOps, they can quickly grasp the status of a project at any time.

Enabling greater collaboration and transparency

The Microsoft Commerce and Ecosystem team owns the tools, processes, and controls to ensure that Microsoft’s preferred suppliers and partners are paid in a timely way once invoices are approved. They also ensure that tax and other statutory laws are followed globally, provide tax and statutory compliance information, and report payments to the Internal Revenue Service.

“[Kanban] is an effective approach to delivering software iteratively. It brings so much transparency for the team by providing better visualization to track progress.”

Snigdha Bora, engineering lead, Microsoft Digital

Those multiple workflows often led to siloed work, with different members of the team unaware of what co-workers were doing, or how their work affected others.

Kanban has helped the team create a more collaborative work environment while still giving engineers plenty of freedom for innovation, which has positively impacted both business needs and the customer experience.

“It’s an effective approach to delivering software iteratively,” Bora says. “It brings so much transparency for the team by providing better visualization to track progress.”

The increased agility plays well with Microsoft customers, who have become accustomed to rapid and seamless product improvements. The same goes for internal business changes, such as the expansion of Microsoft Azure and data center launches and announcements.

According to team leaders, Kanban allows them to quickly respond to these strategic shifts, enabling real-time transparency and close tracking of OKRs (Objectives and Key Results). The Kanban dashboards also allow them to more easily give global stakeholders insight into project progress, which builds stronger trust among all parties.

Kanban also helps the organization more effectively manage global statutory laws and compliance processes, which can change rapidly (including predefined timelines that in most cases are non-negotiable).

Adopting Kanban continues to be a learning process for Microsoft engineers, and the discipline is gradually becoming more widely accepted in the tech industry. It shows great potential for making software development faster and more trouble-free, while helping teams work together more flexibly and effectively.

Key takeaways

Here are some of the advantages that Kanban can bring to help improve workflow processes at your organization:

• It elevates flexibility over rigid frameworks. Unlike scrums, Kanban doesn’t enforce strict timeboxes (like sprints). This flexibility helps teams adapt to unexpected changes and evolving requirements without disruption.
• Visual workflow = instant clarity. Kanban’s visual boards help engineers and stakeholders easily see the state of work at any time. This is especially useful for remote, hybrid, or globally distributed teams.
• The work-in-progress limits prevent bottlenecks. The columns on a Kanban board can be set to limit the number of active tasks. This helps teams stay focused, avoid burnout, and reduce delays in the workflow.
• It enables better collaboration and reduces siloed work. Kanban promotes shared visibility and team-wide alignment while eliminating siloed efforts, ensuring that everyone is moving toward common business outcomes.
• It increases agility at scale. Kanban has helped Microsoft adjust to increasingly faster business cycles, supporting major product rollouts, organizational changes, and statutory compliance across global markets with speed and confidence.

Try it out

Sign up for Azure Boards, a web-based service that enables teams to plan and track their work across the entire development process.

Related links

• Learn more about using Kanban boards with Microsoft Azure DevOps.
• Get started with Azure Boards.
• Four ways to create Kanban boards in Microsoft 365.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Deploying Kanban at Microsoft leads to engineering excellence appeared first on Inside Track Blog.

While that might sound like corporate jargon, I can personally attest to its effectiveness. Power Automate has indeed helped my organization save time and focus on what matters most. By “my organization,” I’m referring to Microsoft itself—specifically, the Microsoft Charlotte Campus and the Blacks at Microsoft (BAM) Employee Resource Group.

“Power Automate has been a game-changer in helping me maintain what I call ‘work-life-volunteering balance.’ It allows me to stay focused on my primary work duties, keep a healthy personal life, and actively engage in my passion for service.”

Segun Akinyemi, senior software engineer, Microsoft Charlotte

Power Automate has been essential in planning, organizing, and running our community service events, thereby amplifying their impact and continued viability.

As a senior software engineer at Microsoft, I specialize in data engineering, working on the systems that power Microsoft’s financials through big data analytics, revenue reporting, and product insights. Beyond my technical role, I’m also deeply passionate about giving back to the community through volunteerism. At the Charlotte campus, I’ve channeled this passion into organizing outreach and volunteer events, specifically focusing on STEAM (science, technology, engineering, arts, and math) education.

Power Automate has been a game-changer in helping me maintain what I call “work-life-volunteering balance.” It allows me to stay focused on my primary work duties, keep a healthy personal life, and actively engage in my passion for service.

Burnout, especially in tech, is a very real thing. By automating tasks that would have otherwise been overwhelming, Power Automate has helped me avoid burning out, ensuring I can excel at my actual job while still having an impact in my community. I’d like to share how it can help you do the same. But first, story time.

Building community through service

I joined Microsoft in 2020, right in the middle of the COVID-19 pandemic. At the time, I was living in St. Louis, Missouri, but decided to relocate to Charlotte, North Carolina, where Microsoft has an office and was looking to expand. (Fun fact: It’s the oldest Microsoft office outside of Redmond, established in 1990!)

Relocating during the pandemic presented its own set of challenges. COVID had essentially shut down the city’s social scene and the Charlotte office, making it difficult to meet new people and my coworkers.

Having spent my first year in Charlotte mostly isolated, I was eager for opportunities to get out and connect with people, both at the office and in the city at large. Knowing that volunteering is an effective way to build community, I quickly sought out opportunities to get involved, both through local nonprofits and at Microsoft.

It didn’t take long to find calls for volunteers throughout the city. My first step was volunteering with a local nonprofit called the Carolina Youth Coalition, which focuses on propelling high-achieving, under-resourced high school students to and through college.

As a mentor and writing tutor with the organization, I began looking for ways to connect the students—many of whom were interested in technology—with Microsoft’s presence in Charlotte.

Discover Days: The first big step

I started by investigating the possibility of bringing the students to the Microsoft Charlotte campus for a field trip. My hope was for a fun and informative day complete with a campus tour, networking opportunities, a hearty meal, and some cool swag for them to take home.

When I reached out to Chemere Davis—Charlotte Campus Community Lead and BAM North Carolina Chairperson—to see if such a visit would be possible, I was met with an emphatic yes. At the time, it surprised me, still being new to Microsoft. But now, after four years with the company, I see it as a reflection of Microsoft’s genuine commitment to empowering local communities.

“When we used Power Automate to ping employees directly in Teams and remind them 1:1 to sign up for our Charlotte software engineering Day of Learning event, we saw registrations double overnight—even though we had already sent several emails to the members.”

James Bolling, principal group engineering manager, Microsoft Charlotte

That fall, 50 Carolina Youth Coalition students visited Microsoft Charlotte, sparking an annual tradition and an ongoing series of similar events with other local schools known as Discover Days. Since then, my involvement in STEAM education events in Charlotte through Microsoft and BAM has only grown.

As my volunteer commitments grew, finding a more efficient way to plan, run, and manage events became essential; Power Automate provided the perfect solution. This year, it was crucial in elevating our Discover Days series from isolated single-school visits to something even more impactful.

“When we used Power Automate to ping employees directly in Teams and remind them 1:1 to sign up for our Charlotte software engineering Day of Learning event, we saw registrations double overnight—even though we had already sent several emails to the members,” says James Bolling, a principal group engineering manager and Microsoft Charlotte campus director. “It’s clear to me that our team is living and working in Teams Chat and not email these days.”

Every year, the many worldwide chapters of the Blacks at Microsoft Employee Resource Group host an event called BAM Minority Student Day. The event provides a one-day, conference-like experience for underrepresented high school students, engaging them in activities that introduce them to STEAM careers. In 2024, I had the privilege of leading the BAM Charlotte edition of this event, which brought together 400 students and 40 educators from 21 high schools across the region.

Making it happen with Power Automate

While I was excited to take on the challenge of leading the event, I was concerned about how I’d be able to balance my work responsibilities, personal life, and volunteer efforts in a healthy way. Power Automate became key to making it all possible.

Here are some ways that Power Automate enabled us, as the BAM Charlotte chapter, to pull off our incredibly impactful 2024 Minority Student Day.

• Streamlining volunteer coordination: We integrated Power Automate with Microsoft Forms, Lists, Teams, and Outlook to automate the management of over 100 volunteers, streamlining role assignments, calendar invites, and communications. This ensured that each volunteer was informed of their responsibilities and schedule with minimal manual oversight. By doing so, the administrative burden on leads was greatly reduced, ensuring smooth coordination and a successful event.
• Reporting in real time: We linked Power Automate with Microsoft Forms, Lists, Planner, and Excel to generate and distribute reports on registration numbers, volunteer assignments, and task completion statuses. This gave our planning team the crucial data needed to make informed decisions as the event date neared, allowing us to adjust plans and resources to stay within capacity and budget constraints.
• Efficient task management: Through integration with Microsoft Planner, we were able to automate task assignments, progress tracking, and reminders. Tasks were assigned to the appropriate team members based on their roles, and automated notifications ensured that deadlines were met. This was crucial in managing the many moving parts of the event.
• Automating document handling: Power Automate worked in tandem with SharePoint, OneDrive, Outlook, and Adobe Sign to manage the flow of important documents, such as signed consent forms and event materials. We were able to automatically save documents to the correct folders, update relevant lists, and notify the appropriate team members, significantly reducing the risk of lost or misplaced documents and simplifying the administrative workload.
• Enhanced event promotion and engagement: We used Power Automate alongside Teams and Outlook to boost event promotion. Personalized messages were sent to Microsoft employees via the Teams workflow bot, creating a more engaging and direct line of communication. This approach increased overall engagement compared to previous years.

“I am incredibly impressed with Segun’s meticulous attention to detail and innovative use of Power Automate to streamline the planning and running of our Employee Resource Group programs, and especially our Minority Student Day and our summer mentorship program,” says Chemere Davis, a senior business program manager and chairperson of Blacks at Microsoft North Carolina. “His efforts significantly increased our efficiency, allowing us to focus on enhancing the experience and impact for almost 600 students in the past year.”

Check out some of our LinkedIn posts to learn more about the BAM Minority Student Day experience, Microsoft Charlotte’s community outreach at the annual Give Fair, and day-to-day life at the Charlotte campus.

Key takeaways

Check out the Power Automate template gallery for ready-to-use, customizable workflows that offer a wide range of automation possibilities. Here are things to keep in mind when considering the impact that Power Automate and the Microsoft Power Platform can have on your organization:

• Empowering citizen and pro developers. Citizen and professional developers alike within your organization can use Power Automate to develop no-code or low-code solutions that can be applied to a variety of technical tasks and challenges.
• Driving digital transformation. Encourage your employees to identify repetitive, manual processes that can be automated. This allows you to streamline workflows and reduce operational overhead while making the most of precious staffing resources.
• Promoting a culture of innovation. Provide training, recognition, and support for your employees to foster a low-code culture that drives innovation from the ground up.
• Aligning automation with your goals and KPIs. It’s important to ensure that automation initiatives are tied to measurable outcomes—cost savings, time reductions, or improved client satisfaction ratings.
• Staying ahead of the curve. Make sure to stay informed about new Power Platform capabilities, AI integrations (such as Copilot), and industry trends to get the most out of your automation solutions.

Try it out

If you don’t already have a license, go here to sign up for a free trial of Power Automate.

Related links

• Explore our official documentation for Microsoft Power Automate.
• Discover how our employees are extending enterprise AI with custom retrieval agents.
• Check out how we’re empowering our employees with Microsoft Power Platform.
• Learn the ways our citizen developers get the most out of the Microsoft Power Platform.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Simplifying nonprofit volunteering at Microsoft with Power Automate appeared first on Inside Track Blog.

Adopting rigorous design standards is helping Microsoft get better at something very important to the company—getting accessibility right inside its own walls.

Microsoft’s journey to transform its approach to accessibility started when Microsoft CEO Satya Nadella took the helm in 2014, says Tricia Fejfar, partner director of user experience in Microsoft Digital, the organization that powers, protects, and transforms Microsoft. Nadella sharpened the company’s focus on accessibility in 2017, when he penned a moving essay describing his experience raising a child with cerebral palsy.

“That really got us thinking about accessibility internally,” Fejfar says. “Employees are more productive and engaged when they have simple, easy-to-use tools, and accessibility is a very important part of that DNA.”

More than 1 billion people on the planet identify as having some form of a disability, so building experiences that are accessible to all Microsoft employees makes a difference every day.

“Being able to do my job at Microsoft based on my skills and not be blocked by my blindness has made a big difference in my life,” says Manish Agrawal, a senior program manager for the Accessibility team within Microsoft Digital.

Agrawal, who is blind, works to make Microsoft products more accessible to people with disabilities. It’s about creating an inclusive work environment where everyone can succeed.

“For me, it’s not just about making products accessible for Microsoft employees to help them get their work done,” he says. “It’s also about supporting employees with disabilities and ensuring that Microsoft builds a diverse and inclusive workforce across the spectrum of abilities.”

Fejfar adds, “Designing for and building experiences that reflect the diversity of the people who use them makes sure we put our people at the center of our work. Until people recognize that, and honor it in the work they do, they can’t begin to make sure what they build will take care of everyone’s needs.”

It’s about understanding why you build something and who will use it. Microsoft calls it being human-centric and customer obsessed.

“Building accessible experiences is not a compliance effort or a checklist of guidelines,” Fejfar says. “It’s about thinking of the user at all stages of the development process so you build usable, delightful, and cohesive end-to-end experiences.”

Hiring and supporting people with disabilities makes good sense for the company and helps attract top talent.

“Millennials choose employers who reflect their values, and diversity and inclusion are at the top of their list,” Fejfar says. “They make up 75 percent of the global workforce.”

Making a difference in the lives of people like Agrawal is what brings people to the Accessibility team, Fejfar says. “We’re here because we want to make sure the internal products that our employees use every day are accessible,” she says.

[Find out how building inclusive, accessible experiences at Microsoft is a catalyst for digital transformation. Learn how Microsoft enables remote work for its employees.]

Adopting a coherent design system

Nadella sharing his story led to a company-wide pivot toward accessibility and improving employability for people with disabilities at Microsoft. One of the initiatives connected to this goal was creating a set of coherence design standards that teams can use each time they builds new tools and services for employees.

“Using a coherent design language reduces engineering costs while increasing engineering efficiency,” Fejfar says. “That makes what we build predictable to our users, which increases engagement and builds trust.”

Microsoft Digital’s design system is built on top of Fluent, Microsoft’s externally facing design language, which makes it feel more like Microsoft.

“Building coherently means something very specific to us,” Fejfar says. “It means designing and coding accessible and reusable UI components, interaction patterns, brand, and other guidelines to build predictable experiences for our employees.”

These design standards have allowed Microsoft to not only consider accessibility as part of every internal project. They also consider accessibility at every step along the way, from idea, to construction, to release. That makes its products accessible to as wide a range of people as possible, which creates new opportunities and better experiences for everyone who works at Microsoft.

Accessible design benefits everyone

Agrawal cites closed captioning as an example of a widely useful accessibility tool that is now used for far more than helping people with hearing impairments watch TV or follow a presentation. Creative uses of the capability include helping audiences understand someone with a heavy accent, following along on TVs placed in loud environments like airports and bars, or allowing someone to watch TV while their partner sleeps.

In fact, closed captions or subtitles are so popular with the general population that game maker Ubisoft reported that more than 95 percent of the people who play their popular Assassin’s Creed Odyssey game keep subtitles turned on. “When you build for accessibility, you end up building a much more compelling product,” Agrawal says.

Moreover, it’s simply good business sense to ensure that talented people such as Agrawal are empowered to make a significant contribution to companies such as Microsoft.

“We need to make sure all the applications and experiences that we build empower everyone who works here to not only do their work, but to have full, rich experiences while they’re at work,” Fejfar says. “Without accessible tools, people can’t do their best work, and if people can’t do their best work, our company, our culture, and our customers are directly impacted.”

For a transcript, please view the video on YouTube: https://www.youtube.com/watch?v=XhN1tnBcYLo, select the “More actions” button (three dots icon) below the video, and then select “Show transcript.”

Designing new employee experiences

One telling example of Microsoft Digital’s coherent design approach to accessibility is Microsoft MyHub, a new one-stop shop for employees to get their “at work” stuff done at work, like getting worksite access, taking time off, checking stock rewards, and finding out what holidays are upcoming.

It was also vital to make sure the app experience would be fully accessible, says Bing Zhu, principal design manager in Microsoft Digital’s Studio UX team.

“Before we built the app, our employees had to deal with as many as five to eight different tools almost every day,” Zhu says. “Each experience was different than the last one, and not all of them were as accessible as we needed them to be.”

This fragmented experience was difficult for everyone to navigate and very hard to keep accessible for people with disabilities.

“We used our coherent design system to build a unified, consistent, and accessible experience for our employees,” Zhu says. “Using that as our guide, we were able to design an application that all Microsoft employees can use.”

Not only is Microsoft MyHub compliant with Web Content Accessibility Guidelines (WCAG), but it also received a strong usability grade by employees with a spectrum of vision disabilities.

Crucially, the new app was built with accessibility in mind at every stage of its development cycle, Agrawal says.

“We reviewed the design for every feature for accessibility and beta tested the app’s accessibility every time a new feature was implemented,” he says. “We made sure it was accessible for all of our users at each step in the development process.”

One example of how the team that built Microsoft MyHub was guided by Microsoft Digital’s coherence design system was in how it made every interaction and visual element accessible.

“Our coherence design system—which is an extension of Microsoft’s Fluent design system—alongside the accessibility guidance that we provide, helped the MyHub team start incorporating accessibility into their app from the get-go,” says Anna Zaremba, a senior designer on Microsoft Digital’s Coherence team. “Our coherence design system provides components with built-in accessibility that Microsoft Digital’s product teams, like the team that built MyHub, use to create their experiences.”

Work that makes a difference

It’s striking to hear employees in Microsoft Digital talk about the deep satisfaction they take from making products more accessible.

“The greatest reward is hearing from people who have benefitted from our work,” Zaremba says. “I really like the fact that we are doing work that helps the entire company and drives a greater awareness of accessibility.”

Though Microsoft is among the companies pushing hard to build accessibility into everything it does, there is still much work to do. One in 10 people who identify as having some form of disability don’t have the assistive technology they need to fully participate in work and society.

Going forward, Microsoft Digital will continue designing with accessibility as a top priority, using the developmental model it uses to build solutions like Microsoft MyHub as a template for creating the company’s next generation of employee tools.

“We’re still learning this process ourselves,” Zhu says. “We’re figuring out how to make accessibility and design work with program managers and engineers to create even more opportunities for access. It’s an exciting challenge.”

And one that will open doors for Microsoft employees—and others.

“I really love building software anyway,” Agrawal says. “But it’s great to be part of a team that is working to make Microsoft a more inclusive place to work. It has a real impact on people’s lives.”

• Learn more about creating an accessibility training program for your team.
• Dive into the latest accessibility fundamentals training course on Microsoft Learn.
• October is National Disability Employment Awareness Month 2020—learn more about the 75th anniversary of this event in the US here.
• Read how Microsoft is sharing how many of its employees identify as having some form of disability.
• Read how people with disabilities shape technology people use every day.
• Find out how building inclusive, accessible experiences at Microsoft is a catalyst for digital transformation.
• Learn how Microsoft enables remote work for its employees.

The post Microsoft’s fresh approach to accessibility powered by inclusive design appeared first on Inside Track Blog.

In today’s fast-paced business world, customer support is more important than ever. However, repetitive activities can take up valuable time and resources, leaving us little to focus on high-priority work.That’s where Microsoft Dynamics 365 and some strong doses of automation come in.

By using our first-party technology, we’re revolutionizing customer support within our Finance organization by automating repetitive work, allowing our customer service agents to focus on more important tasks.

“Digital transformation of Finance is a top priority for Microsoft,” says Vidya Sagar Mandapaka, a senior technical program manager on our Commerce Financial Services team. “Today we want to show you a good example of how we’re using our own technology to fuel that transformation.”

Up to now, our agents have had to hop on several different tools to gather data before they could respond to a customer inquiry about how much they might owe us for an outstanding bill. Around 40 percent of our agents’ time was spent on non-support activities.

Moving forward, all such repetitive customer inquiries will be handled automatically. No more manual preparation or delays. By using Microsoft Dynamics 365 to integrate with ERP systems like SAP, we’re improving both our internal and external stakeholders’ experiences.

“This automation not only improves our agent’s experience but also boosts overall productivity,” Vidya Sagar Mandapaka says. “We’re using technology to improve the customer experience and make our agents’ jobs easier. It’s a win-win for everyone involved.”

Click through to watch our demo to see how we’re doing this.

Try Microsoft Dynamics 365 at your company.

• Discover Microsoft Sentinel and how we use it to protect our SAP workload.
• Explore how our Finance team combines feedback and sentiment analysis.
• Unpack how we used SQL Azure and Azure Service Fabric to rebuild a key internal app.

Share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Watch our demo: Automating repetitive tasks with Microsoft Dynamics 365 appeared first on Inside Track Blog.

We are in the business of building the future of technology. And more often than not, our software is built using Microsoft Azure DevOps.

Microsoft is undergoing a mission to transform the way we work. There are three key pillars to this strategy: tools, processes, and people.

—Heather Pfluger, general manager of Infrastructure & Engineering Services in Microsoft Digital Employee Experience

Microsoft Azure DevOps was designed to support enterprise teams who need a collaboration and product management tool with organizational structures and robust security controls that meet the real world of how teams are actually run. With Microsoft Azure DevOps we can smartly plan our projects, improve collaboration, and ship our products faster with increased visibility, security, and efficiency.

“Microsoft is undergoing a mission to transform the way we work. There are three key pillars to this strategy: tools, processes, and people,” says Heather Pfluger, general manager of Infrastructure & Engineering Services in Microsoft Digital Employee Experience (MDEE), the company’s IT organization. “But the operative change is to our culture.”

We take pride in developing our software through the real-world use of our global teams. We refer to ourselves in these cases as “Customer Zero,” where we effectively are the launch customer for our product engineering teams. This allows our employees to use leading-edge solutions before our customers to improve our products based on our real-world usage.

Shifting left: building a tool for the modern engineering environment

This story begins with the launch of Windows Azure in 2008, which became Microsoft Azure in 2010 and really started to come of age by 2014. That’s when MDEE, and nearly every other team at Microsoft, began migrating their legacy workloads to Azure. The team that became MDEE team was faced with a momentous leap forward due to the cloud, enabling an opportunity to revolutionize our engineering processes.

One way that we describe this culture shift internally is “shifting left.” We are moving our engineering focus closer to our dev teams by giving them more tools and more power to efficiently drive their progress right at the early stage of development.

They have what they need to do their job at hand while at the same time introducing efficiencies in team structure, organization, and security. What used to take a large team of engineers and testers to accomplish is now taken care of by leaner, more agile developer teams themselves with the aid of automations and Microsoft Azure’s inherent security features.

Microsoft Azure DevOps is all about productivity for developers, and over many years of refining our processes we’ve increased both the quality and velocity of our output. We have the entire MDEE organization running on a single Azure DevOps instance, which gives unprecedented visibility and accountability for our processes.

In an organization our size, which has been creating software for as long as we have, a recurring concern is the long-term traceability and maintenance of our code. Today, we have new processes in place to better organize our output and make it easier for future Microsoft engineers to understand what we’ve built.

“Using area paths, we mapped out the entire organization and created a hard chain of custody for every line of code, in every repo,” says Martin O’Flaherty, principal PM manager of the MDEE Engineering Systems team. “If you create something, it will be tied to a repo, which will be tied to a team. No longer will there be code that can’t be accounted for – it’s all hard-wired in the backend. If something goes wrong, we immediately have a point of contact for the person who is accountable to remediate the issue.”

[However] the journey never ends, as technology is always evolving.

—Martin O’Flaherty, principal PM manager of the MDEE Engineering Systems team

On our single Microsoft Azure DevOps instance, we have thousands of daily active users, thousands of repos, and more than 20,000 build and release pipelines. We’ve shown that Azure DevOps, right out of the box, can not only handle our scale but it excels at it. Azure DevOps is propelling us forward and accelerating our progress.

Get clean and stay clean

A significant opportunity we had with moving our entire engineering team to a common deployment of Microsoft Azure DevOps was cataloging and consolidating all our services. This process, which started five years ago, led to the retirement of nearly 30 percent of our legacy applications, while enabling us to deploy what remained rest to the cloud. By carefully selecting the applications and processes to continue and others to sunset, we quickly improved our security posture. We refer to this era as “getting clean.”

“[However] the journey never ends, as technology is always evolving,” O’Flaherty says. “What we considered secure in 2017 is so rudimentary to how we approach things now. This is why we must ‘stay clean’ by continually monitoring the guardrails we put in place for our developers.”

Pursuing the mission of maintaining a strong security posture throughout our Microsoft Azure DevOps instance supports a simple imperative: if our primary tool for developing code isn’t secure, nothing we produce will be secure.

To accomplish “staying clean,” we have designed, enacted, and maintained a clear security and compliance framework within Microsoft Azure DevOps. We’ve streamlined our pipelines and deployed common protocols to all our teams, which ensures all our releases are held to the same high security standards.

Security, across the board

We have also “shifted left” our application security posture. We’ve moved our security focus closer to the developer by utilizing breakthroughs in technology and strategy like GitHub Advanced Security for Microsoft Azure DevOps. This new tool, currently in public preview, automatically scans new code to ensure there are no secret leaks or exposures in your Microsoft Azure repos.

This is a powerful advance in security technology that pushes the boundary of our security posture to the code itself, right as it is being written. It alerts the developer in real time to potential errors or security concerns. By moving security and testing earlier in the development process we further enhance security during product development and reduce the risk of errors being released.

The security revolution powered by Microsoft Azure DevOps and running on a single instance is paying dividends for MDEE. Now, we universally apply and monitor security policies rather than relying on each team to set their own parameters. By utilizing common guardrails, we are able to monitor and apply policies across the board. We’ve baked in security early in the development cycle, and it’s done automatically and consistently.

Mature software that is enterprise ready

New customers to Microsoft Azure DevOps gain from all of the efficiencies and learnings MDEE has pioneered as customer zero. It’s now a mature product with a lengthy track record, and it works right out of the box.

“If I was advising a new enterprise just starting out with Azure DevOps, I would tell them to not just copy our way of doing things,” says Damon Gray, principal group engineering manager for Optimization, Engineering & Networking Services in MDEE. “They can smartly set up their instance themselves and add the guardrails that fit their organization over time. Within the day, right out of the box, they’ll be securely submitting and releasing code to the cloud.”

Companies of our scale require robust and customizable solutions to allow teams to build with the freedom to push the envelope of what’s possible. Microsoft Azure DevOps was designed, built, tested, and optimized to make our teams as efficient and secure as they need to be. We build the future of software at Microsoft, and this software is built with Azure DevOps.

“Azure DevOps is the tool that we utilize company-wide to allow our teams to build the future, wherever in the world they are working,” Pfluger says.

Here are some tips you can use to help you get started with Microsoft Azure DevOps:

• Azure DevOps is a powerful productivity and security tool right out of the box. You can release code the same day you set up your instance and you will be able to dial in your security guardrails over time.
• Azure DevOps scales with you, whether you’re a small team or a large enterprise, or a small team with dreams of becoming much larger. Build with confidence.
• “Get Clean/Stay Clean” is an operative philosophy that produced immediate security gains for our team.

Try Microsoft Azure DevOps by signing up for a Microsoft or GitHub account.

• Explore the learnings, pitfalls, and compromises of Microsoft’s expedition to the cloud.
• Discover transforming modern engineering at Microsoft.
• Unpack Microsoft’s Zero Trust networking lessons for leaders.

The post Streamlining engineering at Microsoft with Azure DevOps appeared first on Inside Track Blog.

Adopting Microsoft Viva was, and continues to be, an enormous effort that requires the thoughtful coordination of multiple teams across Microsoft to be successful.

“The change management plan that we implemented was a collaboration between IT, HR, and partners from each business unit,” says Keith Boyd, senior director of business programs in Microsoft Digital Employee Experience. “We found that the relationship between IT and HR throughout this deployment was key.”

In the early stages of Microsoft Viva deployment we paid particular attention to highlighting the platform’s value for employees, while simultaneously listening for their feedback on the experience. Executive sponsors and internal product champions were key to driving usage and awareness.

“By shining a spotlight on the utility of each Viva module, listening and acting on employee and customer feedback about the experience, then building a strong network of global champions, we were able to accelerate adoption of the suite, which is propelling our culture globally,” says David Laves, director of business programs in Microsoft Digital Employee Experience.

If you are considering adding Microsoft Viva to your company’s employee experience, we recommend you have a look at our complete guide to Driving Adoption of Microsoft Viva, where we share our approach to driving Viva adoption and usage at Microsoft. The guide highlights many voices from across the company in different roles, who share their perspective and best practices on how we ensured Viva became a critical tool that’s helping our employees to thrive in the hybrid workplace.

• Viva la Vida! Work life is better at Microsoft with Viva

The post Best practices and tips from Microsoft’s own internal adoption of Microsoft Viva appeared first on Inside Track Blog.

Software engineers at Microsoft and other companies love that they get to teach their craft in high schools across the United States and in parts of Canada.

The grassroots program—which is now more than 10 years old—has been so successful that the people who manage it had to rebuild the infrastructure they use to operate it from the ground up. The program was bumping its proverbial head and needed to scale.

Thankfully, they wouldn’t have to go far to get what they needed; the solution could be built upon Microsoft Azure.

Microsoft’s Technology Education and Learning Support (TEALS) program helps prepare high schoolers for careers in computer science.

We’ve finally got the scale that we’ve been looking for. Technology is no longer a limiting factor for us.

—Ganesh Shankaran, principal software engineering lead, Microsoft Digital

“The growth of our program has gone far beyond what we could have ever imagined,” says Ganesh Shankaran, a principal software engineering lead with Microsoft Digital, the organization that powers, protects, and transforms the company. “It got so popular that we couldn’t keep up.”

In response Microsoft recently revamped TEALS’ Operational Platform, known as TOP for short. Built on Microsoft Azure, the new TOP allows regional managers of TEALS to incorporate many more schools, which will allow the company to get many more Microsoft and other software engineer volunteers into classrooms.

“We’ve finally got the scale that we’ve been looking for,” Shankaran says. “Technology is no longer a limiting factor for us.”

With the improvements to TOP, Microsoft can now achieve its philanthropic goals, opening doors to careers in technology for students in STEM (Science, Technology, Engineering, and Mathematics) fields from all over the United States and British Columbia.

The need for TEALS

Since the nascent stages of the Information Age, there has been a deficit in computer science professionals. Plenty of colleges offer the right degrees, but there’s a scarcity of pre-college computer science education.

In the USA, there are even state laws mandating that every student needs to take a computer science class to graduate, yet there are few resources in place to ensure that teachers can successfully deliver the instruction. Microsoft’s TEALS program strives to address this ever-growing need.

—Emily Fishkind, senior product manager, Microsoft Digital

Qualified experts who could teach high school computer science courses usually opt for higher paying jobs. Especially in rural areas and in schools where students are predominantly Black and African American, finding adequate computer science educators is a major obstacle.

There are efforts across the United States to turn the tide, and we’re happy to be a part of that effort here at Microsoft.

“In the USA, there are even state laws mandating that every student needs to take a computer science class to graduate, yet there are few resources in place to ensure that teachers can successfully deliver the instruction,” says Emily Fishkind, a senior product manager in Microsoft Digital Employee Experience. “Microsoft’s TEALS program strives to address this ever-growing need.”

Eleven years ago, the Microsoft Philanthropies team at Microsoft adopted TEALS, a potent, tiny project piloted in a single school. The dream was to help bring computer science education to as many high schools as possible. However, the tool to manage such a prodigious expansion didn’t exist.

Building scalability on Microsoft Azure

Kip Fern, now a senior program manager lead in the Microsoft Philanthropies Operations team, was one of the original TEALS classroom volunteers. He got tapped with driving the design of TOP, a highly customized solution built on Microsoft Azure for regional managers to run TEALS. Over the next few years, new features and improvements would continue to be implemented by the team itself.

“The program would change and add new requirements, which made us add new features on a continuous basis,” Fern says.

But there came a point at which modification wouldn’t suffice—the program was growing too fast, and TOP needed to be reinvented.

“This growth paired with our inability to scale within our legacy system, posed significant risk to the overall efficiency of our regional managers’ day-to-day operations,” Fishkind says. “Shifting to the new architecture not only addresses compliance issues, but it also helps our primary customers—the folks who make the TEALS program run—more efficient.”

Three years ago, Microsoft leadership called to extend the reach of TEALS to over 600 new school focused on African American students, but, for multiple reasons, legacy TOP couldn’t support the directive.

TOP was about to be outdated and out of support; it had more than 500 bugs, and accessibility improvements were needed. Furthermore, it couldn’t perform well with all the data it was handling.

“The TOP legacy system was at risk of breaking down, posing significant risk to the program’s operations along with system security, reliability, and availability,” Fishkind says.

Importantly, it couldn’t scale.

The original TOP that had enabled the program’s early development was now holding it back from further growth and impact.

Architecting TOP vNext

The latest version, called TOP vNext, was designed with microservices architecture, a style in which each service is separated based on its need. With this structure, Microsoft Digital is building scalability on Microsoft Azure for each service independently. The admin service, the school service, and the volunteer service, as examples, are deployed on cloud and have their own backend database within Microsoft Azure Cosmos DB. Within a fraction of a millisecond, they can scale to multiple regions and maintain 100 percent availability.

The adoption of microservices architecture in TOP vNext protects TEALS from the risk of total system breakdown, offering a more resilient and stable system. Shankaran describes legacy TOP as an outdated system posing security risks by comparison.

“The traditional monolithic architecture, where a single malfunction could cause a complete system failure, has become obsolete,” Shankaran says. “With microservices, TEALS is now immune to total system breakdowns as each component operates independently and can continue functioning even if one component experiences issues. This independence not only increases system reliability but also facilitates efficient testing and maintenance processes.”

With its robust utilization of Microsoft Azure Service Bus and other cutting-edge internal message handlers, TOP vNext creates an impermeable bridge between the system and external platforms like WordPress TEALSK12. This convenient and intuitive application serves as the central hub for regional managers, empowering them to effortlessly monitor, update, and access critical information in real-time, all through a seamless exchange of data facilitated by seamless message communication across all systems.

It is absolutely better; it is faster; it is more resilient. It has a cleaner user interface now.

—Kip Fern, senior program manager lead, Operations, Microsoft Philanthropies

The sheer size of the TEALS data set requires optimal performance when loading on the grid. TOP vNext meets this demand by leveraging the power of Microsoft Azure Cognitive Search, which delivers lightning-fast API response times in under a millisecond. This ensures seamless and efficient access to the vast amounts of data at the heart of the TEALS system.

With Microsoft Azure DevOps, they also achieved zero-touch deployment for these resources, including Microsoft Azure Cosmos DB, IT, app services, and all the microservices.

Benefits of the new TOP

Everything about the new program is better.

“It is absolutely better; it is faster; it is more resilient,” Fern says. “It has a cleaner user interface now.”

Scalability for TEALS is more possible than ever. With improved UI, performance, and efficiency, TOP vNext gives regional managers more time to incorporate new schools and enhance curricula, and the new TOP can handle the increase in data.

“It’s blazing fast,” Shankaran says.

The substantial and ever-increasing data doesn’t bog down the speed of the tool. Now that TOP is faster and has better UI, regional managers can spend less time on tooling, and the time savings translates to more students benefiting from the program.

Today, TEALS has a steady state of over 500 schools with 1,500 volunteers every single year. There are around 40 regional managers around the United States supporting between 15 to 30 schools apiece including the classroom teachers, school principals, volunteers, and summer training for the volunteers.

“If a regional manager can do one more school, that means on average we’ll impact 2,425 more students each year,” Fern says.

TOP is engineered to meet our scaling needs. It’s now a high performing system that simplifies our regional manager experience.

—Ganesh Shankaran, principal software engineering lead, Microsoft Digital

As TOP vNext can handle more data, regional managers can now support as many schools as they want.

Over time, Microsoft Digital and TEALS will be able to add new features to TOP in harmony with the feedback received from stakeholders. There’s an ever-flowing possibility for iteration with the new TOP platform, which includes a feedback mechanism between TEALS volunteers, regional managers, and stakeholders.

“TOP is engineered to meet our scaling needs,” Shankaran says. “It’s now a high performing system that simplifies our regional manager experience.”

It’s a great example of what you can do with Microsoft Azure, he adds.

“Its cognitive capability is playing a big part in bringing these experiences alive.”

• Legacy programs often fail to keep up with program needs, especially as new features and capacities are added. Moving to the cloud empowers you to scale efforts while also giving your solution extensibility.
• Microservices architecture is a prevalent style for building applications that are independently deployable, immensely scalable, and easy to test and modify.
• Including users in your feedback loop is the only way to ensure a solution is empowering productivity and creating impact.
• Feature parity takes time. But if you’ve identified core capabilities, it’s possible to roll out a new solution without creating a lot of disruption.

• • Learn more about microservices architecture design.
  • Explore the TEALS site to become inspired or get involved.
  • Design your own microservices architecture.

  

  Want more information? Email us and include a link to this story and we’ll get back to you.

  The post Turning to Microsoft Azure to put software engineers in high school classrooms appeared first on Inside Track Blog.

  ]]> 9682 http://approjects.co.za/?big=insidetrack/blog/enabling-advanced-hr-analytics-and-ai-with-microsoft-azure-data-lake/ Thu, 02 Feb 2023 17:00:00 +0000 http://approjects.co.za/?big=insidetrack/blog/?p=9548 We periodically update our stories, but we can’t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time. We’re on a mission to transform our human resources systems here at Microsoft. To make […]

  The post Enabling advanced HR analytics and AI with Microsoft Azure Data Lake appeared first on Inside Track Blog.

  ]]>

  We periodically update our stories, but we can’t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time.

  We’re on a mission to transform our human resources systems here at Microsoft. To make it happen, we’re upgrading the way we use analytics and AI.

  Our digital transformation has been a twofold journey.

  First, we upgraded our core processes, providing efficient and effective self-service portals for our employees and powerful tools for our HR team using SAP SuccessFactors. Those processes include the nuts-and-bolts applications associated with human capital management (HCM): the employee portal, rewards, payroll, and other essential HR functions.

  With the core processes in place, our team at Microsoft Digital—the company’s IT organization—had everything they needed to revolutionize the data at the center of HR.

  The architecture we chose? Microsoft Azure Data Lake.

  Building a modernized HR data estate

  

  When data is scattered across disparate systems, it’s difficult to provide agility, insights, and advanced analytics through AI. In today’s world of big data and predictive intelligence, these capabilities aren’t just a luxury. They drive talent conversations, workforce planning, and an improved employee experience that affects business outcomes.

  But when an enterprise’s data is siloed or fragmented, those outcomes are out of reach.

  “What happens when you don’t have a modern data architecture?” asks Harsh Raj Singh Thakur, principal software engineering manager on the MDEE HR Data and Insights team. “You have a tedious and drawn-out process before you can retrieve your metrics. It’s a cumbersome task, it’s expensive, it’s not easy to maintain, and there’s a lot of cost to get it all done.”

  To make HR insights more accessible and insightful, we first had to assemble a unified and accessible data estate. Our SAP SuccessFactors implementation for core HR processes helped lay the groundwork by streamlining external and operational data to make them more organized and available for processing.

  With modern core processes in place, Microsoft Digital engineers could turn their attention to data.

  The journey to data transformation

  Like all large-scale transformations, this one involved a great deal of complexity and multiple touchpoints. Microsoft Azure Data Lake provided the modern analytics platform that would not only enable the team to ingest, store, transform, and analyze the data, but also deliver simpler data discoverability, maintain data security, and ensure compliance.

  HR Data Lake business coverage

  

  Unifying the data

  Considering the wide array of HR systems at Microsoft, it was important to bring all the data together to give HR an end-to-end view of the employee lifecycle and the moments that matter in an employee’s journey. At the same time, the team took efforts to reduce redundant data copies across the enterprise.

  “Enabling connected insights which are trusted and secure through a modern data platform in Azure Cloud was a key goal as we set out to drive the digital data transformation in the HR ecosystem,” says Johnson Samuel, principal group engineering manager for Microsoft Digital’s HR Data and Insights team.

  Multiple systems make up the HR ecosystem: Employee Central for core HR, iCIMS for applicant tracking, listening systems, rewards, CRM, employee learning, and more. While each of these systems serves an important purpose, the potential to unlock insights by unifying all of their data is immense.

  “The ease of use from actually having everything collocated in an Azure Data Lake makes it easy to build out connected insights,” Raj Singh Thakur says. “It’s the foundation of our modernization journey.”

  Azure Data Lake Storage Gen2 serves as the common storage layer, which ingests data through Azure Data Factory, messaging systems, and other sources. By properly defining storage structures and models, the team had made the first step toward a more modern data platform.

  Expanding the data footprint with new metrics and scorecards

  Ever-increasing volumes of data illustrated the need for advanced analytics. They were no longer a choice—they were a necessity.

  “There are many lines of businesses within HR, like Global Talent Acquisition, Talent and Learning, and HR Services who manage HR operations,” Samuel says. “We’ve enabled new capabilities for each of these different HR functions.”

  Key metrics across the ecosystem include the recruiting funnel, workforce, headcount, employee engagement, learning and development, and other functions across HR. The analytics apparatus uses a combination of Azure Synapse Analytics, Azure Analysis Services, and Power BI Shared Datasets, while Microsoft Power BI is responsible for visualization.

  This powerful combination of technologies helped build complex analytics and drove consistency across teams. It also unlocked the ability to bring disparate metrics together to help determine correlation and causation between different factors.

  Data governance

  Next, the team needed to ensure that engineers and end users could access data in the lake safely and securely. Good governance keeps data access compliant because users can only request information that’s relevant to their roles. Driven by the HR Privacy team and enabled by a home-grown security and governance platform, Microsoft Digital established column-level security (CLS) on the Data Lake.

  “When an HR team requests data, they get access to only the specific data set,” Raj Singh Thakur says. “So if you’re looking for an employee’s name and alias but your role doesn’t require you to know their salary, gender, or other aspects of their identity, you won’t get access.”

  This approach makes sure we respect our employees’ privacy and that we comply with local laws that regulate how we use our data. Data governance also includes data discoverability, quality, and lineage functionality, which the team established through Microsoft Purview and in-house solutions to support more complex scenarios.

  Modern engineering

  Microsoft Digital also developed key platform capabilities that ensure high-quality and trustworthy data across the estate and drive engineering efficiency.

  

  Whether the metric is headcount, performance management, employee learning, or any other area, each of them follows the architectural pattern of a Data Lakehouse, a system where all information resides in the Data Lake, without the need to build separate data marts. It allows our engineers to scale storage and compute independently for greater efficiency.

  Between telemetry dashboards that help engineers understand system health and continuous optimization across code and infrastructure, this new architecture has helped save significant Azure costs—a reduction of around 50% over two years. Meanwhile, enabling agile development and DevOps is helping the team deliver iteratively and realize business value faster.

  But the real value lies in the insights that unified, normalized data empowers.

  “We’ve normalized the data by leveraging a company-wide taxonomy that we can use across other projects very easily,” says Mithun Manganahalli Goud, principal software engineer on our HR Data and Insights team. “So from a data-delivery service standpoint, we can provide information to a wide range of downstream systems and data consumers.”

  Building a platform for the future

  While the new architecture is actively meeting current reporting needs, Microsoft Digital also looked toward the future.

  The platform is capable of enabling deep insights that leverage machine learning. While today’s focus is on descriptive and diagnostic functions, the team is working toward predictive and prescriptive analytics through AI and machine learning.

  “We’ve created a rich content system where we can manage emerging requirements with the current data and metadata, so it’s future-ready,” Manganahalli Goud says. “We already have the process in place, so we won’t have to go back and reinvent the wheel.”

  When our HR team takes the next step into AI-driven insights, the foundations will already be in place.

  Driving human-centered innovation with Microsoft Azure Data Lake

  Our modernized data architecture has enhanced the HR teams’ capabilities. Better data immediacy means data pulls that used to take 24 hours now get done in a fraction of the time—around four to six hours. Similarly, the time it takes to enable self-service access for bring-your-own-compute data processing is rapidly falling.

  But the most powerful outcomes are the cross-category, cross-disciplinary insights that unified and accessible data provides for HR leaders.

  “One of the most unique and forward-thinking outcomes is that we’ve been able to combine qualitative with quantitative data,” says Dawn Klinghoffer, vice president of People Analytics at Microsoft. “We’re able to create data models with our survey information as well as more quantitative data like attrition and diversity, then combine them in an aggregated, de-identified way to understand broad insights.”

  For example, by combining sentiment data with de-identified calendar and email metadata, we’ve been able to quantify the impact of blocking focus time on employees’ perception of work-life balance.

  

  “Making data available to all people in a self-service, consumable way gives them the opportunity to ask the questions they don’t even know they have,” says Patrice Pelland, partner group engineering director for Microsoft Digital. “The more people interact with the data, the more it will lead to deeper questions and better insights to drive their business or Microsoft as a whole.”

  Those questions and insights have already led to human-centered improvements and innovations. One example is the wide adoption of team agreements that empower employees to collectively self-determine the work modes that serve them best. HR’s work has even informed some of the “nudge” product features for employee experience tools like Microsoft Viva, which recommends focus blocks to improve productivity and overall work-life balance—a metric that’s currently on the rise across Microsoft.

  Ultimately, the more people who have access to high-quality, trustworthy data, the more we can provide a world-class experience for all employees.

  “There’s a lot of envisioning based on the services that we’ve been building that people didn’t even think could exist,” Pelland says. “We’re building the foundational layers to offer things that will be truly transformational for the HR business. Whatever size your organization is, and whichever HCM you use, with Azure, you can do what we’re doing right now.”

  

  Here are suggestions for using Microsoft Azure Data Lake to do more with your HR data at your company.

  • The gold standard should be unity between transactional tools and data tools.
  • Start from an understanding that it’s about people and ground your work in that.
  • Think big but think holistically; start with a goal and work toward it iteratively.
  • Consider the experiences that will delight your end users.
  • Start from how you’re going to use the data, then work backward.
  • Collaborate early and often. Otherwise, preconceived notions can creep in.

  

  Learn more about Microsoft Azure Data Lake and how you can try out Azure for free.

  

  • Find out how we’re digitally transforming Microsoft in this AI world.
  • Learn how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
  • Read about our new Employee Self-Service Agent and how it boosts HR services at Microsoft.

  

  • Want more information? Email us and include a link to this story and we’ll get back to you.

  The post Enabling advanced HR analytics and AI with Microsoft Azure Data Lake appeared first on Inside Track Blog.

  ]]> 9548 http://approjects.co.za/?big=insidetrack/blog/modernizing-enterprise-integration-services-at-microsoft-with-microsoft-azure/ Mon, 11 Apr 2022 16:00:41 +0000 http://approjects.co.za/?big=insidetrack/blog/?p=9398 We periodically update our stories, but we can’t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time. Our Platform Engineering team in Microsoft Digital Employee Experience (MDEE) wanted to improve the capabilities, […]

  The post Modernizing enterprise integration services at Microsoft with Microsoft Azure appeared first on Inside Track Blog.

  ]]> We periodically update our stories, but we can’t verify that they represent the full picture of our current situation at Microsoft. We leave them on the site so you can see what our thinking and experience was at the time.

  Our Platform Engineering team in Microsoft Digital Employee Experience (MDEE) wanted to improve the capabilities, performance, and resiliency of our on-premises integration platform. To do this, the team used Microsoft Azure Integration Services to build a cloud-based integration platform as a service (iPaaS) solution that increased data-transaction throughput and integration capabilities for our enterprise data footprint and improved platform reliability.

  Business-to-business (B2B) and app-to-app (A2A) integration are imperatives in modern software solutions. Integration services use middleware technology that helps secure communication between integration points and data exchange between diverse enterprises and business applications. At Microsoft, our business demands integration across multiple independent software systems with diverse message formats such as EDIFACT, X12, XML, JSON, and flat file. Modern integration requires many modes of connectivity and data exchange, and includes the ability to connect:

  • Two or more internal applications.
  • Internal applications to one or more business partners.
  • Internal applications to software as a service (SaaS) applications.

  Building on a foundation of enterprise integration

  For decades, we as a company have worked to integrate our business data internally and in business-to-business scenarios with partners, vendors, and suppliers. BizTalk Server has been a standard for integration services for us and our partners, providing a foundation for dependable, easy-to-configure data integration.

  Our ongoing digital transformation is driving cloud adoption to move business resources out of datacenters. As data storage and application development has evolved, cloud-native solutions based on SaaS and PaaS models have predominated among enterprise applications in most industries. To meet the growing need to supply increased scalability, reduce maintenance overhead for infrastructures, and decrease total cost of ownership, our Platform Engineering team has increasingly moved toward cloud-based solutions for enterprise integration.

  Transforming integration with Microsoft Azure

  Our Platform Engineering team began investigating Microsoft Azure Integration Services as a potential solution for scalable, cloud-based enterprise integration. Integration Services combines several Microsoft Azure services, including Logic Apps, API Management, Service Bus, Event Grid, and Azure Functions. These services provide a complete platform that companies can use to integrate business applications and data sources. Our team began working with Integration Services to gauge feasibility, test integration scenarios, and plan for enterprise-scale integration capabilities on the platform.

  Collaborating to improve Microsoft Azure Integration Services

  Throughout the development process, our Platform Engineering team worked closely with the Integration Services product group to enhance and build connectors. This collaboration allowed us to suggest improvements to existing Integration Services functionality. This effort prompted the creation of two new Logic Apps connectors—SAP with Secure Network Communication (SNC) and Simple Mail Transport Protocol (SMTP)—and enhancements to two existing Logic Apps connectors (EDIFACT and X12).

  Examining our Azure Integration Services architecture

  We in MDEE use all Microsoft Azure Integration Services components in its architecture to support end-to-end integration. Each component supplies an important part of the larger solution, including:

  • API Management for APIs, policies, rate limiting, and authentication.
  • Logic Apps for business workflows, orchestration, message decoding and encoding, schema validations, transformations, and integration accounts to store B2B partner profiles, agreements, schemas, and certificates.
  • Microsoft Azure Event Grid for event-driven integration to publish and subscribe to business events.
  • Microsoft Azure Functions for writing custom logic tasks, including metadata and config lookup, data lookup, duplicate check, replace namespace, and replace segments.
  • Microsoft Azure Data Factory for processing low volume, large payload messages, ETL processes, and data transformation.

  We used Microsoft Azure Front Door as the entry point for all inbound traffic and helped secure endpoints by using Microsoft Azure Web Application Firewall configured with assignment permissions for allowed IP addresses. Additionally, API Management enabled us to abstract the authentication layer from the processing pipeline to help increase security and simplify processing of incoming data.

  We deployed the entire solution to an integration service environment, which supplied a fully isolated and dedicated integration environment and other benefits, including autoscaling, increased throughput limits, larger storage retention, improved availability, and a predictable cost model.

  The following figure illustrates our solution’s architecture using Microsoft Azure Integration Services.

  

  The solution architecture adheres to several important design principles and goals, including:

  • Pattern-based workflows that enable dynamic decisions using partner information.
  • Self-contained extensible workflows that can be modified and improved without affecting existing components.
  • A gateway component to store and forward messages.
  • Publish and subscribe services for data pipeline output.
  • Complete B2B and A2A pipeline processing with 100 transactions per second throughput and message handling up to 100 megabytes (MB) per message.

  Designing dataflow pipelines

  Our dataflow pipelines perform processing for most of our business-data transformation and movement tasks. We designed the B2B and A2A processing pipelines using Logic Apps and Microsoft Azure Functions, processing documents in their native format and delivering them to line of business (LOB) or enterprise resource planning (ERP) systems such as Finance, HR, Volume Licensing, Supply Chain, and SAP.

  • B2B pipeline. Electronic data interchange (EDI) documents such as purchase orders are brought in using AS2, processed using X12 standards, transformed, decoded and encoded using Logic Apps and Azure Functions, and then sent to the LOB app using the Logic Apps HTTP adapter.
  • A2A pipeline. Documents such as XML/JSON come in using one of the built-in adapters including SAP, File, SQL, SSH File Transport Protocol (SFTP), or HTTP. The documents are debatched, transformed, decoded, and encoded using Logic Apps and Azure Functions, and then sent to the line-of-business system using the appropriate Logic Apps adapter.

  Our integration solution used these pipelines in practical business scenarios across many lines of business at Microsoft, such as for volume licensing. A hardware manufacturer that includes Windows or Microsoft Office in their laptops submits an order for Windows or Office license to Microsoft’s ordering system, which sends the order details to our integration suite. The suite validates the messages, transforms them to IDoc format, and routes the IDoc to SAP using a data gateway for taxation and invoice generation. SAP generates an order acknowledgement in IDoc format and then passes it to the integration suite, which transforms the IDoc message into a format that the Microsoft ordering system will recognize.

  Here’s another example from Microsoft Finance. An employee incurs an expense using a corporate credit card and the issuing financial institution sends a transaction report to the integration solution, which validates the message and performs currency conversion before sending it to Microsoft’s expense-management system for further approvals. After it’s approved in the expense-management system, the remittance transaction flows through the integration suite back to the banking system for payment settlement.

  Capturing end-to-end messaging telemetry

  We designed our solution to monitor message flow across the pipeline. Every transaction injects data into the telemetry pipeline using Microsoft Azure Event Hubs. The pipeline synthesizes and correlates that data to identify end-to-end processing status and recognize runtime failures. We built a custom tracking service that monitors and tracks important metrics for end-to-end workflows by using visual indicators on a dashboard. Accurate and readily available telemetry creates a more robust and reliable integration environment and improves the customer experience across pipelines.

  

  We’ve realized several benefits across our integration environment, including:

  • Increased scalability. Our integration solution processes millions of monthly transactions, including 10 million B2B, 2.5 million A2A, and 74 million hybrid cloud transactions.
  • Improved quality of service. We used cross-region deployment with active-active configuration and thorough handling of faults to help achieve 99.9 percent in availability and reliability metrics.
  • Reduced total cost of ownership. We’ve reduced monthly costs in Microsoft Azure by more than 40 percent with this iPaaS solution.
  • Increased customer engagements. We’re working toward increasing Microsoft Azure Integration Services adoption by promoting this solution to our partners, vendors, and suppliers.

  Microsoft Azure Integration Services has created an improved and more efficient integration environment for Microsoft. The increased scalability, reliability, and cost-effectiveness of Azure Integration Services has moved our business into a better position to actively collaborate with and operate alongside our partners, suppliers, and vendors. We’re continuing to transform our integration services landscape with Azure Integration Services to keep pace with the rapidly changing modern business environment.

  

  • Discover streamlining vendor assessment with ServiceNow VRM at Microsoft.
  • Explore shining a light on how Microsoft manages Shadow IT.
  • Unpack implementing a Zero Trust security model at Microsoft.

  The post Modernizing enterprise integration services at Microsoft with Microsoft Azure appeared first on Inside Track Blog.

  ]]> 9398