When it became clear that Microsoft was going to ask its employees to work remotely, Kimberly Nafziger knew she would need to move quickly.

She was organizing an in-person, all-hands meeting for the 5,500 employees in Microsoft Digital. A large room was secured, a film crew was ready to broadcast to those who would attend remotely, and breakfast was ordered for those who would be there in person. The “Ask Me Anything” meeting with Kurt DelBene, executive vice president of Corporate Strategy and Microsoft Digital, was set to occur the next day.

Then DelBene decided to convert the meeting to online, out of an abundance of caution over the worsening COVID-19 situation.

“At 1:00 PM on Monday, March 2, we made the decision to make the meeting virtual,” Nafziger says. The changeover was completed in just hours, she says, explaining that it wasn’t that difficult because the meeting was already scheduled to be broadcast on Microsoft’s large meeting platform, live events in Microsoft 365. “We were ready to go by Tuesday, at 9:00 AM, when the meeting was scheduled to start.”

Leaders at Microsoft use live events in Microsoft 365 to run large internal and external meetings with connected video streaming, conversations, and content sharing. Depending on their needs, the meeting host can choose between simple do-it-yourself events using Microsoft Teams or Yammer, to large-scale professional events using Yammer or Microsoft Stream. The live events capabilities are available to all customers—go here to learn more about how to select the right live event experience for your event.

Like many Microsoft products and services, live events in Microsoft 365 enable company employees to stay connected as they work remotely during the COVID-19 pandemic.

“We’re not working from home in isolation,” says Andrew Wilson, Microsoft’s chief digital officer and corporate vice president of Microsoft Digital. “This is about our digital platforms empowering us to make human connections at a time when coming together and supporting each other is super important—it’s allowing us to be a fluid workforce that is staying productive in tough circumstances.”

Wilson says Microsoft leaders are using live events and other company technology to support their teams.

“There is an absolute need for leaders to be accessible, social, interactive, and communicative during times like these,” he says. “Even if there wasn’t a crisis, using technology to stay connected with your employees is a table-stakes requirement for any leader to be effective today.”

As for DelBene’s “Ask Me Anything” meeting?

“At first, it felt like a scary decision to go all virtual because there were a lot of logistics that needed to come together, but it went very well,” Nafziger says. “Having the meeting already set up to leverage the live events capabilities was pivotal.”

She says DelBene and his leadership team gathered in the conference room because the video crew was already set up to shoot there.

“We had all of our speakers attend in person,” she says, explaining that Microsoft had not yet made the decision to have all non-essential employees work remotely. “They did great even though there wasn’t an audience in the room.”

Nafziger says it ended up being the largest online audience they ever had for DelBene’s “Ask Me Anything” meeting. Additionally, the virtual attendees weren’t shy—they used Yammer’s conversation feature to ask DelBene, Wilson, and the rest of the leadership team questions about how the company was responding to COVID-19.

“Using Yammer allowed us to draw our employees into the meeting,” Nafziger says. “They could see each other’s questions and comments pop up while watching the presentation. It was fun to see them answering questions and engaging with each other even though we were all in separate locations.”

To include the audience even more, the team appointed a moderator to read questions coming through on Yammer to DelBene and his leadership team. The moderator sparked the conversation with pre-submitted questions and then switched to live questions as they appeared on the Yammer feed.

After the event, the video was automatically published in Stream as an on-demand recording. “We posted the recording to our organization’s SharePoint site for employees to watch at their convenience,” Nafziger says.

Usage of live events has spiked across Microsoft as the entire company has moved exclusively to remote working. No matter the scale of the meeting, leaders are using it to replicate the human connection that happens when they meet with their teams in person.

That was certainly true for the Field Engagement and Delivery (FED) and Global Support teams, which count on its in-person global meeting held every two years to bring together its 258 employees across 46 countries and 80 cities.

“Our teams are very dispersed across the globe,” says Belinda Deverson, from Global Support based in Sydney, Australia. “We all look forward to this conference to connect with each other in person.”

Due to COVID-19, the team made the tough decision to switch to a virtual-only meeting just days before it was scheduled to start. They used the live events capabilities to broadcast the leadership team’s presentation to everyone at all their dispersed locations and used Microsoft Teams and Yammer to engage with their team members.

“On February 19, our leadership team sent an email announcing that we were moving to a virtual conference,” Deverson says. “We made the change in five business days.”

It was a change that required coordination by many people in many different countries and time zones. The leadership team made the decision to make their presentations at two different times so that employees could watch it live at a time that was convenient for them. Additionally, smaller groups of employees met via a series of Microsoft Teams meetings to reconnect, bond, and participate in fun team-building exercises.

“Shifting to virtual still felt inclusive because we were interacting together in the moment,” says Deverson. Being intentional about connecting with each other and making sure everyone’s cameras were on helped. “Even though we were thousands of miles away from each other, we were able to use our technology to create a collaborative and productive virtual environment while building a stronger community.”

[Read this case study on how Microsoft uses live events in Microsoft 365.]

Interest in live events is spiking

“At times like these, you need to be pumping out your readiness material,” says Eva Etchells, a business program manager in Microsoft Digital who shows employees how to get the most out of using Microsoft 365 products. “We have been pulling together all our existing content and combining it in new ways to reflect the new remote working world that we are in,” she says.

Microsoft customers are facing the same situation as Microsoft employees. They need to connect with colleagues who suddenly feel disconnected and isolated.

“Just like us, they’re trying to figure it out, and they find it really useful to see how we’re doing it here at Microsoft,” says Alex Vo, a senior services engineer in Microsoft Digital who shows external companies how Microsoft uses live events in Microsoft 365. “A lot of them are heavy users of Microsoft 365 who are using our older product, Skype Meeting Broadcast. They want us to tell them what they’ll get out of upgrading to live events in Microsoft 365.”

Vo is hearing from a variety of customers. Some have large offices of people that are used to working together and are now working from home, and others have small teams of employees dispersed across the country and the world.

“In both cases, they want to have better engagement with their employees,” Vo says.

Most companies he talks to have just a few people who are responsible for figuring out how to run the remote meetings, who their companies are suddenly relying on.

“They want high-end, production-quality video so that they can get their people to participate. But their budgets are tight, so they’re looking for something that doesn’t cost a lot of money,” he says. “They also want to know how hard it is to set up and how to get started.”

Vo walks them through how Microsoft uses live events and lets them know that it’s something that they likely already have or can easily add to their Microsoft 365 subscription. He also connects them with product group managers like Ashwin Appiah and Kasia Krzoska, who show customers how to use live events (Appiah from the point of view of Microsoft Teams, and Krzoska with a focus on Yammer).

Both Appiah and Krzoska say interest in the live events capabilities has surged, with many customers asking how to run their own events. They, like Vo, say the way Microsoft is using the product really helps them show customers what it can do.

“It’s really great to see, during times of crisis, how well everyone at Microsoft has been able to transition from an offline or hybrid experience to working exclusively online,” Appiah says. “We have provided tools for them to do that, but they are the ones who are running with it and making it work.”

Krzoska agrees, saying it’s great to see Microsoft employees use these tools to get work done during the crisis, but it’s even more impressive how they’re supporting each other on a human level.

“This just shows what a great company culture we have,” she says. “What has been remarkable is seeing how employees are using our products to cultivate togetherness and keep their conversations going.”

How to use live events in Microsoft 365

Microsoft Digital uses live events in Microsoft 365 to create, run, and share events of different types, audiences, and budgets, says Frank Delia, a senior program manager in Microsoft Digital. Those range from global all-hands meetings with thousands of participants to team

“This is how our leaders from around the company connect with their people,” Delia says. “It’s how they drive employee engagement, share information, and get feedback.”

So how do live events work?

Depending on the needs of the event, Microsoft Teams, Stream, and Yammer work together to create an event. But it goes beyond that, Delia says. They all combine audio and video and have recordings available in Stream. Here’s how they each contribute:

• Microsoft Teams events allow for external attendees and moderated Q&A, relying on a seamless event-production environment that provides screen sharing and video without the need for third-party apps or services.
• Stream brings video streaming that works live and on-demand on many different viewers and devices. It includes video recording, automatic transcription, closed captioning, rich-text video search, and segment broadcast clips that work across all live events in Microsoft 365. You can also embed Stream into a SharePoint site.
• Yammer brings rich conversations and a dedicated event page to drive engagement before, during, and after the event. You can produce events hosted in Yammer using Microsoft Teams or with a third-party encoder, but the events are not available to external attendees.

Microsoft uses Yammer for company town halls that require open discussion, Microsoft Teams for one-to-many scenarios and events with partners and customers, and Stream for events that will be embedded and viewed on the company intranet.

When high-end video production is needed, live events in Yammer and Stream can connect to a third-party encoder, which gives event managers and production teams more tools to manage the meeting broadcast. These tools range from managing video quality, to choosing what to show their audience, to producing the flow of the presentation.

Delia says that leaders across Microsoft are clearly using live events much more—usage has gone up by about 300 percent—now that most employees are working remotely. “It’s really holding up well,” he says. “It’s teaching us a lot about what we can do when it comes to remote working.”

Microsoft is learning from the recent uptick in usage and is working hard to add features and additional scalability to support larger events, including a new live events resource site dedicated to helping customers understand how to host and manage live events, Appiah says.

“We think we can learn from this,” he says. “We can learn how to build a better product.”

Launching live events in Microsoft 365

• Get a primer on getting started on live events.
• Watch this live events primer video.
• Go here to get a detailed overview of live events.
• Get assistance running your live event.
• Go here for a primer on how admins can get started with both Microsoft Teams and live events meetings.

Here are additional resources to learn more about how Microsoft uses live events internally:

• Read this case study on how Microsoft uses live events in Microsoft 365.
• Chasing the sun with live events in Microsoft Teams.
• IT expert roundtable: Migrating to live events in Microsoft 365 from Skype Meeting Broadcast.

The post How Microsoft moved its large meetings online with live events in Microsoft 365 appeared first on Inside Track Blog.

Microsoft’s cloud-first strategy enables most Microsoft employees to directly access applications and services via the internet, but remote workers still use the company’s virtual private network (VPN) to access some corporate resources and applications when they’re outside of the office.

This became increasingly apparent when Microsoft prepared for its employees to work remotely in response to the global pandemic. VPN usage increased by 70 percent, which coincides with the significant spike in users working from home daily.

So then, how is Microsoft ensuring that its employees can securely access the applications they need?

With split tunneling and a Zero Trust security strategy.

As part of the company’s Zero Trust security strategy, employees in Microsoft Digital Employee Experience (MDEE) redesigned the VPN infrastructure by adopting a split-tunneled configuration that further enables the company’s workloads moving to the cloud.

“Adopting split tunneling has ensured that Microsoft employees can access core applications over the internet using Microsoft Azure and Microsoft Office 365,” says Steve Means, a principal cloud network engineering manager in MDEE. “This takes pressure off the VPN and gives employees more bandwidth to do their job securely.”

Eighty percent of remote working traffic flows to cloud endpoints where split tunneling is enabled, but the rest of the work that employees do remotely—which needs to be locked down on the corporate network—still goes through the company’s VPN.

“We need to make sure our VPN infrastructure has the same level of corporate network security as applications in the cloud,” says Carmichael Patton, a principal security architect on Microsoft’s Digital Security and Resilience team. “We’re applying the same Zero Trust principles to our VPN traffic, by applying conditional access to each connection.”

[Learn how Microsoft rebuilt its VPN infrastructure. Learn how Microsoft transitioned to modern access architecture with Zero Trust. Read how Microsoft is approaching Zero Trust Networking.]
For a transcript, please view the video on YouTube: https://www.youtube.com/watch?v=bleFoL0NkVM, select the “More actions” button (three dots icon) below the video, and then select “Show transcript.”

Securing remote workers with device management and conditional access

Moving most of the work that employees require to the cloud only became possible after the company adopted modern security controls that focus on securing devices.

“We no longer rely solely on the network to manage firewalls,” Patton says. “Instead, each application that an employee uses enforces its own security management—this means employees can only use an app after it verifies the health of their device.”

To support this transformed approach to security, Microsoft adopted a Zero Trust security model, which manages risk and secures working remotely by managing the device an employee uses.

“Before an employee can access an application, they must enroll their device, have relevant security policies, and have their device health validated,” Patton says. “This ensures that only registered devices that comply with company security policies can access corporate resources, which reduces the risk of malware and intruders.”

The team also recommends using a dynamic and scalable authentication mechanism, like Azure Active Directory, to avoid the trouble of certificates.

While most employees rely on our standard VPN infrastructure, Microsoft has specific scenarios that call for additional security when accessing company infrastructure or sensitive data. This is the case for MDEE employees in owner and contributor roles that are configured on a Microsoft Azure subscription as well as employees who make changes to customer-facing production services and systems like firewalls and network gear. To access corporate resources, these employees use Privileged Access Workstations, a dedicated operating system for sensitive tasks, to access a highly secure VPN infrastructure.

Phil Suver, a principal PM manager in MDEE, says working remotely during the global pandemic gives employees a sense of what the Zero Trust experience will be like when they return to the office.

“Hardened local area networks that previously accessed internal applications are a model of the past,” Suver says. “We see split tunneling as a gateway to prepare our workforce for our Zero Trust Networking posture, where user devices are highly protected from vulnerability and employees use the internet for their predominant workload.”

It’s also important to review your VPN structure for updates.

“When evaluating your VPN configuration, identify the highest compliance risks to your organization and make them the priority for controls, policies, and procedures,” Patton says. “Understand the security controls you give up by not flowing the connections through your internal infrastructure. Then, look at the controls you’re able to extend to the clients themselves, and find the right balance of risk and productivity that fits your organization.”

Keeping your devices up-to-date with split tunneling

Enterprises can also optimize patching and manage update compliance using services like Microsoft Endpoint Manager, Microsoft Intune, and Windows Update for Business. At Microsoft, a split-tunneled VPN configuration allows these services to keep devices current without requiring a VPN tunnel to do it.

“With a split-tunneled configuration, update traffic comes through the internet,” says Mike Carlson, a principal service engineering manager in MDEE. “This improves the user experience for employees by freeing up VPN bandwidth during patch and release cycles.”

At Microsoft, device updates fall into two categories: feature updates and quality updates. Feature updates occur every six months and encompass new operating system features, functionality, and major bug fixes. In contrast, monthly quality updates include security and reliability updates as well as small bug fixes. To balance both user experience and security, Microsoft’s current configuration of Windows Update for Business prompts Microsoft employees to update within 48 hours for quality updates and 7 days for feature updates.

“Not only can Windows Update for Business isolate update traffic from the VPN connection, but it can also provide better compliance management by using the deadline feature to adjust the timing of quality and feature updates,” Carlson says. “We can quickly drive compliance and have more time to focus on employees that may need additional support.”

Evaluating your VPN configuration

When your enterprise evaluates which VPN configuration works best for your company and users, you must evaluate their workflows.

“Some companies may need a full tunnel configuration, and others might want something cloud-based,” Means says. “If you’re a Microsoft customer, you can work with your sales team to request a customer engagement with a Microsoft expert to better understand our implementation and whether it would work for your enterprise.”

Means also said that it’s important to assess the legal requirements of the countries you operate in, which is done at Microsoft using Azure Traffic Manager. For example, split tunneling may not be the right configuration for countries with tighter controls over how traffic flows within and beyond their borders.

Suver also emphasized the importance of understanding the persona of your workforce, suggesting you should assess the workloads they may need to use remotely and their bandwidth capacity. You should also consider the maximum number of concurrent connections your VPN infrastructure supports and think through potential seasonal disruptions.

“Ensure that you’ve built for a snow day or a pandemic of a global nature,” Suver says. “We’ve had to send thousands of customer support agents to work from home. Typically, they didn’t use VPN to have voice conversations with customers. Because we sized and distributed our infrastructure for a global workforce, we were able to quickly adapt to the dramatic shift in workloads that have come from our employees working from home during the pandemic. Anticipate some of the changes in workflow that might occur, and test for those conditions.”

It’s also important to collect user connection and traffic data in a central location for your VPN infrastructure, to use modern visualization services like Microsoft Power BI to identify hot spots before they happen, and to plan for growth.

Means’s biggest piece of advice?

Focus on what your enterprise needs and go from there.

“Identify what you want to access and what you want to protect,” he says. “Then build to that model.”

Tips for retooling VPN at your company

Azure offers a native, highly-scalable VPN gateway, and the most common third-party VPN and Software-Defined Wide Area Network virtual appliances in the Azure Marketplace.

For more information on these and other Azure and Office network optimizing practices, please see:

• Office Connectivity Principles
• Network considerations for Teams
• Azure OpenVPN client
• Azure VPN Gateways
• Azure Point-to-site VPN
• VPN Network Virtual Appliances in the Azure Marketplace
• Publishing web applications using Azure Active Directory’s Application Proxy
• VPN split tunneling for Office 365
• How-to guides for common VPN platforms
• Updates for improving work-from-home employee access

• Here are some alternative ways for security professionals and IT to achieve modern security controls in remote work scenarios.
• Check our best practices and guidelines for security professionals on how to work remotely and stay secure.

Here are additional resources to learn more about how Microsoft applies networking best practices and supports a Zero Trust security strategy:

• Learn how Microsoft rebuilt its VPN infrastructure.
• Learn how Microsoft transitioned to modern access architecture with Zero Trust.
• Read how Microsoft is approaching Zero Trust Networking.

The post Using a Zero Trust strategy to secure Microsoft’s network during remote work appeared first on Inside Track Blog.

[Editor’s note: This content was written to highlight a particular event or moment in time. Although that moment has passed, we’re republishing it here so you can see what our thinking and experience was like at the time.]

Within Microsoft, there are some entrenched employee habits that make the company what it is, like living in email, dressing casually, and project managing a solution for every problem.

Also high on that list?

Saving files locally, a habit that has stuck with a company that grew up around Windows and its system of using folders to store and organize files.

Now, the company wants its employees to store everything in the cloud on OneDrive for Business, where it’ll be more secure and easy to access, plus several other reasons that will be shared below.

But first, about changing the entrenched habit of clicking File, Save As, and then navigating to your favorite folder on drive C.

“We thought about asking our employees to change their behavior, but then we asked ourselves, ‘Why? This is how our employees like to work,’” says Anne Marie Suchanek, a program manager on the team that manages OneDrive for Business internally in Microsoft Digital.

Instead, Microsoft Digital worked with the Microsoft OneDrive Sync team to deploy a feature called Known Folder Move (also available to external customers) that makes it possible for employees to save documents, and pictures to their file folder system the same way they always have. The only difference when they save their content via that familiar local drive file path is that their content also will automatically save to OneDrive for Business.

“Why change a good thing?” asks Suchanek, who is currently leading a rollout of the file-saving experience within Microsoft in North America. “We decided to go to them with a solution that will allow them to keep doing things the way they like to do them.”

Known Folder Move very specifically mimics the exact motions that employees (and all Windows users) have used for decades to save files—the only difference is now Microsoft and its employees enjoy the security and convenience of having their content automatically saved in the cloud.

Suchanek’s Microsoft Digital team is currently rolling out the feature via an email announcement that encourages employees to adopt early. After the opt-in phase finishes, the team will—after letting them know that it’s coming—silently deploy the system to everyone in North America (except those employees whose complex folder workflows would be disrupted by such a move). When North America is finished, the plan is to expand to the rest of the world.

It’s all part of the company’s journey to the cloud.

“We want to be a cloud-first company,” Suchanek says. “That means doing everything we can to embrace all the different features of the cloud, and part of that is getting our corporate data on the cloud.”
For a transcript, please view the video on YouTube: https://www.youtube.com/watch?v=okOXBixpmZs, select the “More actions” button (three dots icon) below the video, and then select “Show transcript.”

Getting employees on board

Saving to the cloud is something most employees are already doing, given that OneDrive for Business has been an option for employees for quite a while, says Eva Etchells, a program manager on Microsoft Digital’s End User Readiness and Communications team. She also said many of them are accustomed to backing up their personal data on the version of OneDrive that supports their personal Microsoft email accounts.

“Mostly I’m just raising awareness about it so that they’re not surprised when it pops up as an alert,” says Etchells, who has the role of answering employee questions about deployments of new features like this. “I let them know it’s not malware.”

The main challenge is for developers who use intricate systems of folders to store their code on their individual PCs—a system that needs to stay intact to work correctly.

“We’re allowing those employees to opt out,” Suchanek says. “The product group is working on improvements that will improve the experience for engineers who migrate their PC folders to the cloud.”

Etchells says she’s mainly talking to employees about the benefits of moving their files to the cloud, which include being able to access files from any approved device; having everything backed up if something happens to your PC; being able to collaborate and share any file, even those on your desktop or in your documents folder; and better security.

That’s not the biggest benefit, however.

“The thing that wins them over is finding out that they’re going to get five terabytes of storage space,” says Etchells, who communicates openly with employees on Yammer. “Why would I put anything on my dev box if I’m going to have that much space? There is literally no reason to not do this.”

Suchanek says moving to the cloud brings a whole set of benefits regarding coauthoring.

“We want people to work in the cloud and to collaborate in the cloud,” she says. “When they do, this problem of creating many versions of the same document and then trying to merge them all together goes away. Once a document is saved into OneDrive, everyone is automatically working out of the same version.”

Making OneDrive better

The OneDrive product team rolled out the Known Folder Move feature 18 months ago to help deliver a modern desktop experience and drive engagement with OneDrive by allowing users to sync where they are accustomed to saving their files, says Gaia Carini, a principal PM manager on the OneDrive and SharePoint Team.

“We think of deploying this feature as a critical step toward having a modern desktop experience,” Carini says. “We are recommending that all of our customers take the necessary steps to make sure their important files are in OneDrive.”

She says Microsoft is no exception, and that she’s happy to see the company using Known Folder Move.

“We are excited to partner with Microsoft Digital to leverage some of those same benefits within Microsoft,” Carini says.

She says getting feedback and adoption from Microsoft employees helps the product group improve features before they are rolled out to customers—something that’s very useful to the product and the company at large.

For example, many customers have been waiting on the ability to deploy the Known Folder Move for users with local OneNote notebooks saved in their documents folder.

“If you have one of those notebooks, you can’t use Known Folder Move to move it to the cloud,” she says. “Fixing that has been a major request by some of our external customers. Microsoft Digital has been helping us validate our solution within the Microsoft deployment rings, which has been a big help.”

• Learn more about using the Known Folder Move feature at your company.

The post OneDrive for Business feature shifts how employees save files within Microsoft appeared first on Inside Track Blog.

Search is part of our everyday life. It’s useful—we all know that—but how can you quantify that impact?

That was the challenge faced by Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital. “There’s an obvious value, we can see that by the existence of Bing,” Willingham says. “But how do you put it in numbers?”

Lots of searches happen in a company, but when asked to demonstrate the business impact as part of justifying more investment, Willingham had an epiphany. He could use telemetry to make the argument for him.

Click the image to learn how Microsoft is using Microsoft Search internally to dramatically improve the finding experience for company employees.

Microsoft Search is unifying search for Microsoft 365 customers across Microsoft Outlook, Microsoft 365 apps on Windows, Microsoft OneDrive for Business, Microsoft SharePoint, and Microsoft Bing. More specifically, the Microsoft Search team strives to bring complete, company-wide results to each individual, no matter where they’re searching from. No longer should they need to search in separate products to ensure that they search all possible content.

Internally at Microsoft, this shift is proving to be very powerful.

“Employees no longer need to change platforms to get the results they’re looking for,” Willingham says. “They do a single search and get all the results they need.”

Within the company, Microsoft Digital manages the internal deployment of search across the company. “The purpose of active search administration is to deliver the most complete search results, with good relevancy and good quality,” Willingham says. “These improvements to search are helping us do that.”

One crucial way that Willingham and his team help deliver better search results is through corporate bookmarks that allow internal teams like Corporate Communications and Human Resources to select the top results employees get when they search specific sets of keywords.

These bookmarks aren’t the kind used to save your favorite sites—they’re curated results that search administrators can use to point people to content located someplace that can’t be indexed. They highlight authoritative sources of content, and ensure popular content is accessible.

Bookmarks boost employee productivity because they get employees the right results very quickly.

Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital

And they’re fast.

“Bookmarks boost employee productivity because they get employees the right results very quickly,” Willingham says.

The business value of search

Including telemetry in the overall improvements to internal corporate searching—a feature built into Microsoft Enterprise SharePoint—allowed Willingham and his team to measure how much time employees spend on a search.

And what story is the data telling?

“We found that bookmarks net a direct benefit of 6,250 hours a month and 17,160 hours in indirect benefits,” Willingham says. “Combined, 23,410 hours of benefits are being realized each month.”

How did Willingham come to these numbers?

“Forty-five percent of all searches click on a bookmark,” Willingham says. That percentage is across the 1.6 million monthly searches that take place internally at Microsoft within Microsoft Bing and Microsoft SharePoint Enterprise Search.

Scaled to an enterprise level, the business value of bookmarks quickly became apparent.

“Conservatively, our basic measurement of search success was yielding results of 60 seconds per search using a bookmark versus an average of 115 seconds across all searches,” Willingham says. “That’s one whole minute of productivity re-captured for every bookmark-backed search.”

Multiplied across Microsoft’s population and search usage, that one minute of search time netted 6,250 hours a month in productivity. But it’s not just time gained from quick search results, it’s also about getting the right answers.

There’s a measurement based on telemetry of whether a search succeeded or failed to find useful content. Using that metric, Willingham found that a person who uses a bookmark appears to be successful 98 percent of the time. By contrast, searches without a bookmark average 72 percent for the same calculation.

“The absolute calculation [of search success] is kind of meaningless; what’s important is that it moved by a significant margin,” Willingham says. “It suggests that with bookmarks, more people find the content they need faster.”

In direct benefits, you’re gaining 6,000 hours at the cost of 300. When you include indirect, you can triple that. The return on investment is 2,000 percent, and that’s using conservative estimates.

Dodd Willingham, principal program manager and internal search administrator in Microsoft Digital

Faster is a direct productivity gain. Getting the right content to the right person at the right time is an indirect benefit. But the biggest insight is that delivering these benefits only requires investing less than 300 hours per month, spread across several staff.

“In direct benefits, you’re gaining 6,000 hours at the cost of 300. When you include indirect, you can triple that,” Willingham says. “The return on investment is 2,000 percent, and that’s using conservative estimates.”

How Microsoft uses bookmarks

With new practices in hand and telemetry to chart impact, Willingham and his team set out to optimize using bookmarks in search.

“Over the course of three years, we took the volume of bookmarks from around 1,100 to a peak of 1,800,” he says. “We’re currently sitting at around 1,200.”

Bookmarks were already being used before Microsoft Search was rolled out.

“We didn’t do anything revolutionary, we just opened up the guidelines so that more bookmarks could be added when appropriate,” Willingham says. “We then tuned them based on actual usage so that only those being used were kept.”

The technology for bookmarks had previously been part of Microsoft SharePoint and Microsoft OneDrive, made visible in the employee portal for Microsoft SharePoint Enterprise, MSW. Bookmarks had a set of configuration rules and standards for what could and couldn’t be a bookmark, but that’s it.

Librarians from the Microsoft Library Services team create and manage the company’s search bookmarks.

“It’s a multifaceted role,” says Beck Keller, also a member of the Microsoft Digital Enterprise Search team. “My responsibilities as a librarian at the Microsoft Library are far broader—bookmarks are just a small part of my job. This doesn’t take up my entire work week.”

What does she do for search administration?

Every month, Keller pulls search query metrics and analyzes them for areas of interest that currently lack a bookmark or good naturalized results. From this analysis, Keller can update the enterprise bookmarks across Microsoft.

“Sometimes this means removing or changing bookmarks that don’t currently meet our standards,” Keller says. “I also review proposed bookmarks and offer guidance to Microsoft teams looking to create bookmarks for their own sites, outside of Enterprise Search.”

This is the administrative work Willingham is talking about—bookmarks can be added, removed, or updated with ease. But the impact can be bigger than recapturing lost productivity.

“A year ago, there were no searches for COVID-19,” Willingham says. “We now get hundreds and thousands of searches a month. We went from zero to around 200 [between October and February]. There was no way to surface relevant results about COVID-19 because there were so few of them.”

But this was the trait the administrative search team was looking for—how to get better and proactive insights on Microsoft Search. Informed by current events, the team sought to anticipate which results users would be looking for.

“We asked if there should be a bookmark for the right COVID-19 link,” Keller says.

Willingham and Keller reached out to Corporate Communications about where to direct Microsoft users searching for information on COVID-19. That team was putting together a landing page for employees dedicated to content on the topic, including a FAQ. The bookmark was quickly built and deployed.

This was February 2020.

“The next month, the volume of searches for COVID-19 went up 40-fold,” Willingham says. “Maybe users would have found the info on their own, but as search volume was growing, 8,000 times a month they would nearly always find what they were looking for quickly, thanks to the bookmark.”

That’s the main goal of a search administrator.

Bright future for bookmarks

So, what’s next for Microsoft Search and bookmarks?

“More telemetry,” Willingham says. “The custom telemetry that we created is something any customer can do. It’s a capability within SharePoint.”

Having even more metrics will also help to further quantify Willingham’s findings.

“We erred on the low side for our productivity numbers, but it shows what’s possible for a medium or large company.”

Both Willingham and Keller are excited to see others adopt bookmarks as a way of improving Microsoft Search.

“Bookmarks are easy to put in,” Keller says. “The owner of the content tells us what the URL is, and some basic info such as a preliminary title and description. We figure out the appropriate keywords, update the basic info where needed, and then say ‘Go.’”

It all adds up to a better experience for employees when they need to go looking for something.

“The same tools we use to optimize bookmarks are available to everyone,” Willingham says. “That’s why they’re so useful for productivity. When combined with telemetry, you can really gain some unexpected insights into the productivity of your organization.”

• Read this guide on how to create and manage bookmarks at your company.
• Getting to ‘search completeness’ internally at Microsoft.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Internal search bookmarks boost productivity at Microsoft appeared first on Inside Track Blog.

Once you see how your idea was interpreted from requirements and provide feedback on the prototype, you have to wait again. This time it’s for the engineering team to wade through their backlogged change requests. Even the best idea can fall short, run over budget, or fail when business-focused teams are only peripherally plugged into the process of building the solutions they need to solve their business problems.

Enter citizen development.

Citizen development—the creation of business applications and features by the employees who use them—is an opportunity for business users to stretch beyond their day-to-day activities with innovative ways to improve their own business processes. Citizen development is not small groups of developers across the company creating an unmanageable amount of shadow IT applications; when done properly, it’s a mutually beneficial partnership—a win-win proposition for both business users and IT.

To show you how this works, here’s the story of how three launch program managers at Microsoft dreamed up an idea to get their work done more efficiently. They imagined an intelligent launch assistant app that would provide convenient access to quick tasks, centralize some satellite workflows, and provide more user-friendly views of their product launch data. Armed with only their business knowledge and some prior experience with HTML and design, they decided—on their own—to learn Microsoft Power Apps to try and build the app they envisioned. Power Apps turned out to be the right choice, as it was designed to give business users the tools they need to drive innovation and create new applications—with no coding skills required.

The team leveraged their expertise and, after doing some reading, Power Apps tutorials, and a little research, felt much less intimidated by the prospect of developing their own intelligent launch assistant. The launch managers had unknowingly begun their journey toward becoming citizen developers. In just over a month, they went from having an early prototype to a feature-rich application that more than a hundred other launch managers now use daily!

[Learn how to build connected business solutions with Microsoft Power Automate. Discover how to redesign business applications at Microsoft using Power Apps. Find out how to transform payroll processes with Microsoft Power Automate.]

Building an intelligent launch assistant app

The Launch team at Microsoft oversees all launches of Microsoft products and devices, including system changes and compliance projects. The launch managers, being change agents who drive consistency and process simplification, had already identified some ongoing challenges in their processes. Launch workflows spanned multiple tools, and the team needed to reference data stored in different locations to get a full view of their projects.

After deciding on key features for their proof of concept, the launch managers took part in a company hackathon to kickstart prototype development of the launch assistant app. By the end of that immersive, collaborative event, the team had built their first prototype and was feeling more confident about what they could accomplish as citizen developers using Power Apps.

Microsoft Digital Employee Experience (MDEE) supports every employee and team at Microsoft—including these launch managers—by deploying and managing the products and solutions they use to get work done. That includes managing the development, governance, and lifecycle for line-of-business applications. One of our core charters is to empower users to do more. In that vein, through technology and collaboration, we support efforts like citizen development.

In MDEE, we were excited to see the progress that was made in such a short time, but we were navigating relatively new territory. While the prototype was promising, it still represented a culture shift, and we had a little trepidation about using citizen development for apps that support essential business functions.

A few factors in this project helped us decide to cautiously continue along the citizen-development path. One, the existing launch workflows and tools were still in place, so there would be no disruption of operations. And two, the citizen developers were making progress, very quickly. Their velocity was outpacing any lingering concern, and we determined that whether they created something that could be rolled out broadly, or a prototype of something we would build for them, either outcome would be a step forward.

More nimble than agile

Our engineering teams generally use agile development methods while building out apps and solutions for the different business groups at Microsoft. With discovery, development, and iterating, even in two-week sprint cycles, it can still take months for us to develop a functioning app that the business users will adopt and continue to use. No matter how much time our engineers spend with a team learning about a businesses’ processes, only a business user truly understands the context, relationships, and flow of every scenario.

As illustrated in this graphic, some of the benefits we saw while working in cooperation with the Launch team’s citizen developers included improved engineering resource allocation, reduced development backlogs, and a greatly accelerated application-building process.

In 40 days, the citizen developers released more than 250 iterations that evolved the app from an early prototype that only the citizen developers were using to a fully functioning app that has been widely adopted by the other launch managers at Microsoft. They were truly nimble. When something they built or changed didn’t come out quite right, they fixed it immediately themselves, or rolled back to a prior iteration in Power Apps and started over. They didn’t need to request a change or log a bug and wait for our engineers to resolve it during the next sprint.

The first 100 or so iterations happened very quickly—sometimes dozens in a day. However, as the app grew more complex and was being more widely adopted, the iteration cadence slowed down accordingly. As more features in the app were connecting to our Microsoft Dynamics 365 platform and the Microsoft SharePoint lists that they created to centralize the data from other workflows, it made sense to begin meeting regularly to discuss guardrails and risks before each iteration was released. The citizen developers started giving our engineers weekly demos of the prototype and talking about their planned features, providing us an opportunity to provide guidance and answer questions.

A fully functional app and a living prototype

The phone and tablet versions of the intelligent launch assistant app pulled together views of all the information pertaining to a launch, including key dates and other information about the launch manager’s project, including the risks that are managed daily.

Roughly 50 percent of the information displayed in the launch assistant home page comes from data in the Microsoft Dynamics 365-based platform that serves as the “single version of truth” for all work activities across the operations teams at Microsoft. The citizen developers enhanced the experiences of several tracking and management features that weren’t in Dynamics 365 by creating SharePoint lists as a backend for the related data. Using Microsoft Power Apps, it was easy to connect to both Dynamics 365 and the SharePoint lists to create consolidated views and tasks.

As this next graphic shows, the app experience is intuitive, and the citizen developers can continually adjust the UI to mirror more optimized versions of their business processes.

The app, now broadly available to all launch managers at Microsoft, also serves as a living prototype. Launch managers enjoy a transformed workflow, while we see the impact of new features as they are being used in the production environment. We evaluate those features and experiences before investing money in engineering resources to build or integrate them into the Microsoft Dynamics 365 platform.

Lessons learned and best practices

We have spent years refining our application-development processes, and we expected to face challenges and learn new things as the traditional processes were disrupted by empowering more business-focused individuals to develop the solutions they need. This effort has been successful and educational, so we’re sharing a few of our learnings and best practices.

Partnering helps set everyone up for success

With open communication and a growth mindset, a strong partnership between the business and engineering teams is crucial in helping ensure the success of a citizen development program. For example, we learned that we didn’t start discussing risks and guardrails for each team and role soon enough. As a result, we were initially very reactionary, addressing issues as we encountered them rather than taking a more holistic approach. As we got further into the process, we were better able to determine which changes need to be monitored more closely, and to be more mindful about where test data in the production environment was being stored. In one case, we almost sent a report to executive leadership that included test data from one of our intelligent launch assistant experiments.

It’s also important to communicate early with engineers about the benefits that come with this shift in paradigm. They need to understand that citizen development isn’t intended to replace traditional development, nor does it suggest that they aren’t doing a good job. It’s just an effort to better align activities with core skillsets.

Some traditional development processes still apply

In the early phases, most of the launch assistant app users were citizen developers who could make and publish every change as a new iteration. As the user base grew, and the app features became more complex, every iteration and change required more consideration. The team moved to a role-based model in which only a few citizen developers who fully understood how the changes would impact users of the app could publish new iterations.

Not being professional developers, the citizen developers did not start keeping meticulous version notes until they realized why they were useful. More than once during the 250 iterations, they needed to roll back to a prior version after a change didn’t go as planned. Having notes that explained what changed in each iteration helped in identifying which version introduced the change.

Use Power Apps to create living prototypes that can speed engineering decisions

Citizen developers know inherently how they want to use an application within the framework of their processes, and that insight provides a high-value impact when it complements engineering’s efforts.

When business users become citizen developers and build Microsoft Power Apps solutions to address their business problems without code, it can ultimately be a benefit for engineers. We can see how a feature or functionality performs in production, how quickly users adopt it, and verify its continued use—while we plan and weigh the benefits of integration into our platform. Ultimately, when we do invest in hardening a feature for scalability, we anticipate no noticeable impacts to the user, other than performance or planned UI improvements.

Now, are you wondering how to become a citizen developer at your company? Here are some suggestions on how you can get started:

• You don’t need to wait for someone to build you a platform—with Power Apps and a little coaching from someone who’s tried it, you can define, build, and adopt a solution without the need for dedicated engineering help.
• Because you know your business so well, you can get right to building your solution—saving time and money. Your knowledge of the challenge will reduce the iterations required to transform your idea into a proven prototype.
• Read this ”What is Power Apps?” overview to get more tips on getting started and, when you’re done with that, complete our introduction.
• Find additional learning resources at Microsoft Power Platform: Learning Resources.

• Find tutorial resources in the Power Apps blog.
• Check out Power App documentation here.
• Learn how to build connected business solutions with Microsoft Power Automate.
• Find out how to transform payroll processes with Microsoft Power Automate.
• Discover how to redesign business applications at Microsoft using Power Apps.

The post Citizen developers use Microsoft Power Apps to build an intelligent launch assistant appeared first on Inside Track Blog.

Most people don’t give much thought to printing.

In the best-case scenario, you select a button and your paper comes out. Other times, you might have to fiddle with locating printers, driver installations, and of course, the occasional paper jam. There are good reasons why this most humble of office essentials is also a common symbol of office frustrations.

IT administrators like Kathren Korsky think about printers a lot more than most.

As a senior service engineering manager for End User Services at Microsoft, Korsky oversees their organization’s printing strategy and infrastructure. That means maintaining print servers, ensuring connectivity, managing security permissions, and staying on top of compatibility issues with a broad network of third-party hardware partners.

It also means dealing with the security risk printer servers create.

How do printers create such challenges?

Before, anyone who wanted to print in a Microsoft office had to connect to Microsoft’s corporate network. That meant giving them VPN access just so they could print something.

“Corpnet is a very precious corporate asset, and VPN access ends up being a security liability,” Korsky says. “We must eliminate our print service dependency on VPN to achieve our strategic Zero Trust goals.”

Adding to these acute pains were the everyday aches of Microsoft branch offices without corpnet connections at all, where employees were severely constrained when attempting to print to a shared printer, not to mention the maintenance and high energy costs that physical servers consume.

Then about four years ago, Microsoft Digital began migrating all of its internal servers to the cloud, a project that transitioned 95 percent of its physical servers to Microsoft Azure virtual machines (VMs).

[Learn how Microsoft used Azure to retire hundreds of physical branch-office servers. Find out how Microsoft enabled secure and compliant engineering with Azure DevOps. Unpack seamless and secure cloud printing with Universal Print.]

Connecting printers to the cloud

Korsky’s team joined that cloud migration, and over four years they reduced the company’s 320 on-premises print servers around the world to around 80 Microsoft Azure print server VMs. The team benefited from Microsoft Azure’s security and management capabilities while achieving a print server uptime improvement to nearly 100 percent.

Korsky says the 70 hours per month their team formerly spent patching servers has been reduced to seven.

While the move to Infrastructure as a Service (IaaS) delivered great benefits for the print service, that was not enough. The team needed a solution that could work completely in the public internet space and draw on the advantages of becoming a Platform as a Service (PaaS) approach, which was going to be the next step in the print service transformation.

Working together with Microsoft’s Azure + Edge Computing team, they experimented with a previous offering, Hybrid Cloud Print, but felt that more was needed to simplify the administrator’s experience.

Seeing an opportunity, Korsky and their team knew the moment was ripe for a major transformation that would not only greatly reduce their administrative overhead, but also eliminate those pesky corpnet dependencies while enabling public internet connectivity in a safe and secure way.

Working together, Microsoft Digital and Azure + Edge Computing teams built in robust management capabilities and easily accessible data insights and reporting, and a new printing experience called Universal Print was born.

As Universal Print began to roll out to groups across Microsoft, beginning with the Azure + Edge Computing team, one of the challenges was the wide variety of different brands, makes, and models of printers that would need to integrate with the service.

“We as a product group wanted to support a broad set of currently available printers in market, and some of them are quite old,” says Jimmy Wu, a senior program manager for Azure + Edge Computing who worked with Korsky’s team to deploy Universal Print into the Microsoft infrastructure. “The challenge was how do we do that when our service isn’t even publicly available at the time.”

As a solution, they created a piece of connector software that served as a communication proxy between the physical printer and the cloud service. It’s now available to customers as part of their Universal Print subscription.

With the migration and product rollout complete, Universal Print was validated in private preview by Microsoft customers who also saw a need for a cloud print service. It then moved into public preview in July.

Printers are now being published in Microsoft Azure Active Directory through a centralized portal, with little need for on-premises infrastructure or maintenance.

What’s more, the elimination of on-premises servers and all the physical space, energy consumption and cooling systems that go with it help support Microsoft’s commitment to achieve carbon negativity by 2050.

For branch office managers grappling with whether to invest in costly corporate network setups, Korsky says, “it solves for some real business decisions that companies have to make about branch office locations.”

And the employee who just needs to print? They can think about it even less.

“What’s really great is that our users benefit from a seamless, familiar print experience,” Korsky says. Users click a button and their paper comes out—without all the interference of printer discovery, network permissions and driver installations standing in their way.

Universal Print in a remote world

The ability to print via the cloud has proven to be an unexpected boon to businesses and organizations who have had to quickly adapt to operating remotely.

Alan Meeus, a product marketing manager for Microsoft 365 Modern Work, says that of the more than 2,000 external customers currently testing Universal Print, many have accelerated their adoption amid COVID-19.

“Even with people working remotely, there are many use cases for why print is still important,” Meeus says. “There’s a lot of printing going on in critical industries like healthcare, manufacturing, distribution and education. In schools, some kids don’t have access to computers and they still rely a lot on printed materials.”

Universal Print has also helped enable Microsoft 365 users to perform work functions at home that they previously couldn’t.

“If our HR or payroll department needs to run checks, they can do that from home,” says Scott Hetherington, a senior systems analyst for the Wild Rose School Division in Alberta, Canada. “Being able to give them Universal Print right now has been a lifesaver. And it’s been able to help keep people safe in the face of a pandemic by keeping them home as much as possible.”

As more organizations ramp up adoption, the Universal Print team and their partners are looking forward to cultivating a circular feedback loop where they’re gathering feedback from the community and delivering the kinds of improvements customers want. They’re also working towards a longer-term vision of evolving from the IaaS cloud service model for the connector software to going completely serverless, requiring no infrastructure management at all.

For Korsky, it’s all about the growth mindset.

“This has been an amazing journey of experimentation to learn what works well and where changes are required. And we’re partnering in a more collaborative way,” Korsky says. “We took our learnings from Hybrid Cloud Print and came up with this whole new approach that is even better than we originally envisioned, and we’re having great success.”

The printing transformation is making a difference with Korsky’s peers across Microsoft.

“My team’s amazing partnerships with engineering teams across Microsoft allow us to develop impactful internal solutions that also benefit our customers,” says Dan Perkins, a principal service engineering manager in Microsoft Digital’s End User Services. “Universal Print simplifies how we manage our work and reduces the time we spend maintaining our infrastructure. It also improves the security of our print service. We are excited about what the future holds for this transformational offering.”

• Unpack seamless and secure cloud printing with Universal Print.
• Learn how Microsoft used Azure to retire hundreds of physical branch-office servers.
• Find out how Microsoft enabled secure and compliant engineering with Azure DevOps.

The post Jamming to a new tune: Transforming Microsoft’s printing infrastructure with Universal Print appeared first on Inside Track Blog.

Bret Arsenault, corporate vice president and chief information security officer at Microsoft, and security experts from his DSR team at Microsoft attended RSAC 2020 to share how they are responding to security challenges, lessons learned, and proven practices that you can use in your organization.

[Learn how Microsoft transitioned to modern access architecture with Zero Trust. Learn how Microsoft implemented a Zero Trust security model.]

Zero Trust for the real world

There are seven billion devices connected to the internet, and 60 percent of organizations have a formal bring-your-own-device (BYOD) program in place.

“The way we work has also changed,” says Nupur Goyal, a Zero Trust product marketing lead at Microsoft. “With the emergence of a mobile workforce, cloud technology, and ubiquitous access to information, it has become more and more challenging to protect corporate data.”

Coined by the security industry, Zero Trust is a modern approach to security that Microsoft and other enterprises are adopting—don’t assume trust, verify it. The Zero Trust security model treats all requests and every access attempt as though they originate from an untrusted network. However, employees should still have a seamless experience when accessing the resources they need without impeding productivity.

“We have to validate an employee’s identity and device health before giving them access to the files they need,” says Carmichael Patton, a principal program manager in DSR. “As threats evolve, we have to pivot to protect customer data.”

Goyal and Patton shared Microsoft’s implementation strategy, which is geared to ensure that data and application access is specific to an employee’s job function. Organization policy is automatically enforced at the time of access and continuously throughout the session when possible. All devices are enrolled and managed in a device management system, and the network access is routed based on the user’s role. Finally, all controls and policies are backed by rich data insights that reduce the risk of unauthorized lateral movement across the corporate network.

[Check out the slide deck from this RSA session about Zero Trust for the real world.]

Cloud-powered compromise blast analysis

Hackers don’t break in—they log in. To combat this, the security operations center (SOC) at Microsoft operates on a massive scale to support 250,000 active users with even more active devices and Azure user accounts.

“When it comes to protecting identity, our people are our biggest asset and our biggest liability based on how they act,” says Sarah Handler, a program manager at Microsoft. “Our goal is to take the systems and tools we have and use them to nudge user behavior in a way that won’t compromise our systems.”

Kristina Laidler, the senior director of Security Operations and Incident Response at Microsoft, has worked with the SOC to protect Microsoft from adversaries. One challenge is the high volume of data and signals. To address this, the SOC team filters billions of events using machine learning and behavioral analytics to approximately 100 cases a day that the SOC team can triage, investigate, and remediate.

“We have to make sure that the SOC team isn’t looking at false positives, and the things getting through are high fidelity,” Laidler says. “We want to work at the speed of attack. We know attackers are moving fast, and we have to work faster.”

Laidler and Handler have also implemented new analysis methods for identity compromise using cloud logs, security information and event management tools, and advanced telemetry. To prevent future identity threats, Laidler also discussed some technical controls for identity protection such as filters to prevent users from creating predictable passwords with seasons, years, or regional sports teams.

“Using user entity behavioral analytics, we have developed a lot of contextual knowledge about how our users and adversaries act, and we’ve built detections based on those patterns,” Laidler says.

Laidler and Handler also shared their lessons learned. A salient piece of advice is to ask for more from your cloud provider.

“We have such a huge focus on making sure we’re getting feedback and the story from the trenches,” Handler says. “That’s how we build better solutions.”

[Check out the full RSA session on how Microsoft’s Identity Security and Protection team collaborated with Microsoft Digital to implement new blast analysis methods for identity compromise.]

Breaking password dependencies: Challenges in the final mile at Microsoft

Director of Identity Security Alex Weinert and Lee Walker, a principal program manager in DSR Identity and Access, shared the lessons learned of Microsoft’s journey to eliminate passwords and practical guidance to help with yours.

Weinert’s team worked with Walker’s team to eliminate legacy authentication at Microsoft, and they’re currently blocking 1.5 million legacy authorization attempts per day. Getting to this point didn’t happen overnight. The company has been using multi-factor authentication (MFA) using smartcards, phone authorization, Windows Hello for Business, and FIDO2. In 2019, Microsoft required MFA for all employees, but some employees still used legacy authentication. Disabling legacy authentication was a process, and Walker’s team needed to talk to the owners of applications that used legacy authorization, keep 90 days of history to track where owners signed in with legacy authorization, and simulate policies to predict breaking scenarios.

Weinert advised attendees to capture logs of when users sign in, find legacy traffic, and talk to business owners in those organizations.

“You have to figure out what application is behind that sign-in, understand how and why it’s used, and work to replace it or contain it,“ Weinert says. “Recognize that your plan will evolve based on these conversations.”

Weinert also encouraged attendees to decide not if, but when to start, especially because Microsoft Exchange is removing support for basic authorization in October 2020.

“You don’t need to be faster than the bear, but you don’t want to be the slowest runner either,” Weinert says. “Learn from our painful mistakes. You can flip the switches, but the hard part is the humans.”

[Check out the slide deck from this RSA session on Microsoft’s journey to move away from passwords.]

Microsoft’s security team changes the employee training playbook

All Microsoft employees are accountable for keeping the company’s data and customers safe. Ken Sexsmith, director of Security Education and Awareness in DSR, and his team are changing the way that Microsoft approaches training by making it approachable and fun for employees through enterprise-wide training, behavioral campaigns, and phishing simulations.

“We are on the frontlines of driving digital transformation through behavior and culture change,” Sexsmith says. “We saw an opportunity to take an innovative approach to security training, and we had full support from leadership.”

The team takes a multi-pronged approach to change employee behavior by motivating, reinforcing, and applying behavior changes. Sexsmith’s team does this through awareness campaigns and security training, which strengthen security and privacy best practices.

“Within an hour, you lose 50 percent of the information that you were just told,” Sexsmith says. “Within 24 hours, 70 percent of that information has escaped. As adult learners, we have to continue to reinforce that knowledge.”

For companies or teams who are trying to change their approach to security education, Sexsmith suggests that attendees start by identifying listening systems to understand the biggest risks at the company, and finding engaging ways to communicate them to employees. The team has also been sharing the impact of their training and continue to solicit feedback that informs future versions.

• Learn how Microsoft transitioned to modern access architecture with Zero Trust.
• Learn how Microsoft implemented a Zero Trust security model.

The post How Microsoft is transforming the way it fights security threats appeared first on Inside Track Blog.

Ken Sexsmith recalls waiting quietly outside a conference room for a meeting about a new approach for promoting the annual security training at Microsoft. Earlier that day, his team, which is responsible for enterprise-wide digital security education, training, and awareness, was running a company-wide phishing simulation. While waiting for his meeting, Sexsmith overheard some employees questioning the validity of the phishing email.

One of them recalled a recent training and said, “Maybe we need to report it?”

“It was a lightbulb moment,” says Sexsmith, director of Security Education and Awareness in Microsoft Digital. “It was so encouraging to see how employees started talking about the email and knew precisely what to do. It was a highlight of our year.”

Getting to the point where employees recognize phishing emails did not occur overnight. Although Microsoft’s sophisticated anti-phishing technology helps protect customers and employees from targeted phishing campaigns, Microsoft employees still need to stay one step ahead of evolving security threats. To help them get there, Sexsmith set out to change how employees think and learn about security.

“We are on the frontlines of driving digital transformation through behavior and culture change,” says Sexsmith, who says lessons Microsoft learns internally are shared externally with the company’s customers.

[Learn how Microsoft implemented a Zero Trust security model.]

Sexsmith’s team wants to start a movement where everyone wants to be a part of the company’s security story; their goal is to make security personal and change ingrained behaviors.

“We had to win over the hearts and minds of employees,” Sexsmith says. “We had to flip traditional compliance training on its head to make security more engaging, relatable, and fun, but also emphasize the importance of employees using best practices and being responsible for security.”

Employees seeking out new security training

Sexsmith’s team created an engaging, interactive Security Foundations training that uses real-life examples of security threats that have affected Microsoft employees and teams. The training also features a local well-known actor and podcast host that employees can relate to. In its first year, nearly 63 percent of employees across the company took the training. Some employees thought the training was so great that they asked if they could share it with their family and friends.

“A lot of effort and energy was put into making training a more enjoyable experience while helping people not only build the proper skills, but retain the skills they learned,” says Erin Csonaki, an education and awareness program manager in Microsoft Digital who runs enterprise-wide training.

Coupled with phishing simulations and ongoing digital campaigns that highlight the digital security team’s strategy to keep the company and its data safe, the training helps employees learn about security risks and build skills that they can apply on a day-to-day basis.

Proof that it’s working? The once-optional Security Foundations training is now required for all Microsoft employees. The revamped training received an extremely positive response from employees and even won an external Telly Award.

“Because we had favorable feedback, we’ve gained credibility and can continue to push the envelope around the way we launch training this year,” Csonaki says.

Whether the team is running a highly technical training for engineers or an awareness campaign for Cybersecurity Awareness Month, Csonaki says that it’s important to communicate the relevance of this training in their day-to-day work. For example, the Security Foundations training emphasizes never letting your guard down when handling email, posting on social media, or connecting to a public wireless network.

“A key for us is making it personal,” Sexsmith says. “The same things you do at home to secure your family are the same things you do at Microsoft. Your technology is vulnerable, and it only takes one minute for someone to take control of your device.”

Reinforcing learning year-round

Along with trainings, the team creates employee awareness about what phishing and other security threats could look like and provides guidance on how employees should respond. For example, Sexsmith’s team creates phishing simulations that are based on real, previously reported incidents.

Blythe Price, an education and awareness program manager on Sexsmith’s team, is responsible for the Phishing Education and Awareness program, which exposes employees to the experience of being phished and provides prevention education and reporting guidance.

“If an employee falls for the simulation and enters data or opens an attachment, an education moment is served up,” Price says. “This reinforces the best practices for spotting phishing, which is discussed in the Security Foundations training.”

The phishing scenario also teaches employees how to respond to security risks using the “Report Message” button in Outlook or in Microsoft’s internal security reporting channel.

“If it’s not quick and easy to report, a user may decide it’s not worth their time and abandon ship,” Price says. “You also have to make sure that the reporting mechanisms are where they are meant to be, whether it’s on a desktop or mobile browser.”

Learning moments from simulations and trainings are reinforced through ongoing awareness campaigns that align with events like National Cybersecurity Awareness Month or certain holidays. This ensures that the conversation about security is front and center for employees.

“You don’t have to know everything,” Sexsmith says. “You just have to know when to pause before entering your credentials and ask, ‘Am I moving too fast?’ That’s the change that we’re driving.”

Understanding the culture of an organization

For other teams or organizations interested in changing the way they approach security training, Price suggests evaluating what resonates with employees and adjusting accordingly. Price also attributes her team’s success to their emphasis on the “why” behind each training or awareness campaign. This has helped employees understand the importance of their participation.

“Instead of snapping to a model, it’s important to know the culture,” Price says. “Don’t be afraid to take chances if something isn’t working.”

Regardless of how you educate employees about security, it should be a two-way dialogue.

“It can be challenging, but it’s also a good opportunity to listen to what’s resonating with employees, and balance it with what’s needed from a security perspective,” Price says.

Sexsmith knows that his team’s approach to security training and awareness can’t rest on its laurels.

“I have a vision of continued evolution,” Sexsmith says. “I often challenge people to think differently, and that’s what got us here.”

• Check out the agenda for RSA, which includes Sexsmith’s session on how Microsoft is taking a different approach to security training.
• Listen to Sexsmith’s Ignite 2019 session about how Microsoft trains employees to be data stewards.
• Learn how Microsoft implemented a Zero Trust security model.

The post How Microsoft is transforming its approach to security training appeared first on Inside Track Blog.