As Customer Zero for Microsoft 365 Copilot, we embedded the technology into our employees’ daily workflows and carefully monitored the results. That journey from early experimentation to broad adoption of the tool across our organization continues to guide the company as we explore what comes next.

Today, that’s agents.

“Copilot changes how our employees work. Agents are changing how the work gets done. Our focus is to make the technology practical and valuable, so people want to use it daily.”

Stephan Kerametlian, senior director, business program management, Microsoft Digital

We’ve reached a level of maturity with Copilot that allows us to move from individual productivity to systems that can reason and collaborate on our behalf. Our focus now is on driving the adoption of agents across the company, grounding them in our workflows to solve problems.

“Copilot changes how our employees work,” says Stephan Kerametlian, a senior director in Microsoft Digital. “Agents are changing how the work gets done. Our focus is to make the technology practical and valuable, so people want to use it daily.”

Adoption doesn’t happen without trust

As we’ve empowered employees with more capable AI tools that can help automate tasks and make decisions, we’ve been equally focused on making sure the right safeguards are in place.

Innovation and safety are extremely important—the challenge is to enable both at the same time. And this is where governance comes in.

“We’ve spent a lot of time getting governance right. This means giving people confidence, not slowing them down. When employees know the guardrails are there, they feel empowered to experiment and innovate safely.”

David Johnson, principal PM architect, Microsoft Digital

At Microsoft, good governance is what makes innovation sustainable. It’s how we protect the company, our data, and our customers, while still giving employees the freedom to build and push boundaries with AI.

“We’ve spent a lot of time getting governance right,” says David Johnson, a principal PM architect in Microsoft Digital. “This means giving people confidence, not slowing them down. When employees know the guardrails are there, they feel empowered to experiment and innovate safely.”

If you go

Attend our Microsoft 365 Community Conference sessions.

How Microsoft does IT: Managing and governing agents—empower with risk-aligned oversight

Session description: See how Microsoft Digital empowers employees with tools to build and manage agents. From agent management with Microsoft Agent 365, to securing our environment with Microsoft Defender, to managing our productivity estate with Microsoft Purview, this session offers broad insights into how we use our own technology to accelerate agentic innovation while mitigating risk.

Speakers: David Johnson, Naveen Jangir, and Mike Powers

David Johnson leads our internal Microsoft 365 and productivity services with responsibility for tenant strategy, architecture, and governance. He manages how we empower employees with guardrails and manages our capability onboarding and tenant configuration.

Naveen Jangir is a principal architect in Microsoft Digital. He drives Microsoft 365 security and compliance strategy and leads tenant architecture and capability onboarding, while overseeing secure adoption of services across the enterprise.

Mike Powers is a senior service engineer and AI administrator in Microsoft Digital who manages Copilot features, Agent 365, and enterprise AI operations. He partners with internal product groups and security stakeholders to make sure AI tools and agents are deployed responsibly and governed effectively.

Sign up for the session

“How Microsoft does IT: Managing and governing agents—empower with risk-aligned oversight.”

More on AI agents and governance at Microsoft

• Read the guide to how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• See how we’re embracing the agentic future to become a Frontier Firm.
• Learn how we deployed the Employee Self-Service Agent at Microsoft. 

Inside Microsoft: Reclaiming engineering time with AI in Azure DevOps

Session description: AI tools embedded directly into Azure DevOps (ADO) are changing how engineering teams work, eliminating manual tasks without creating separate tools or increasing cognitive load. This session explores how ADO AI Chat and the AI Work Item Assistant accelerate coding workflows at Microsoft. You’ll learn how to improve your backlog quality, sprint hygiene, and downstream effectiveness of GitHub Enterprise and Copilot, helping your teams reclaim capacity and focus on the work that moves products forward.

Speakers: Gopal Panigrahy and Sumit Dutta

Gopal Panigrahy is a product leader and member of our product management team in Microsoft Digital. He’s an advocate for our customer-first approach to product development and is passionate about helping people overcome challenges in the era of AI.

Sumit Dutta is a product-minded technology leader working at the intersection of AI, enterprise platforms, and scalable product design. Offering a strong blend of engineering knowledge and product strategy, he focuses on building systems that are not just functional but also extensible and reliable.

Sign up for the session

“Inside Microsoft: Reclaiming engineering time with AI in Azure DevOps.”

More on AI and IT engineering at Microsoft

• Learn how we’re reclaiming engineering time with AI in Azure DevOps at Microsoft.
• Read about powering the new age of AI-led engineering in IT at Microsoft.
• Discover how we’re streamlining engineering at Microsoft with Azure DevOps.

How Microsoft does IT: Microsoft 365 governance in the age of Copilot and agents

Session Description: Microsoft 365 Copilot and Copilot agents are powerful tools, but without proper governance, you could be putting your company at risk. In this lightning talk, you’ll learn how Microsoft Digital protects our enterprise while enabling employee innovation with Copilot and agents.

Speaker: David Johnson

Johnson brings hands-on experience operating Copilot and AI-powered agents inside Microsoft, with a focus on identity, permissions, data boundaries, and real-world misuse prevention. He takes real-world lessons and makes them practical for others.

Sign up for the session

“How Microsoft does IT: Microsoft 365 governance in the age of Copilot and agents.”

More on governance at Microsoft

• Learn about how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Check out our guide to deploying Microsoft 365 Copilot in five chapters.
• Read how we’re powering data governance with Purview Unified Catalog.

Accelerating AI adoption with Copilot controls: Lessons from Microsoft Digital

Session description: Microsoft 365 Copilot and AI agents unlock productivity gains, but without careful oversight they can also introduce security and compliance risks. The session covers how the Copilot Control System helps scale AI safely, including adoption insights and satisfaction signals. You’ll also see demos of popular agents, including the Employee Self-Service Agent and the Admin agent.

Speakers: Amy Ceurvorst and Reshma Kapoor

Amy Ceurvorst is a director of business programs In Microsoft Digital. She’s worked extensively with Copilot controls and evangelizes a unified way to view Copilot health reports that help administrators understand Copilot health.  

Reshma Kapoor is a senior product manager in Microsoft Digital with 20 years of experience leading and shipping products at scale. She is customer‑obsessed, grounding product decisions in real customer signals to deliver intuitive, high‑impact experiences.

Sign up for the session

“Accelerating AI adoption with Copilot controls: Lessons from Microsoft Digital.”

More on AI and Copilot adoption and deployment

• Read how we’re shaping AI management at Microsoft with Agent 365 and Copilot controls.
• Explore our five-chapter guide to deploying Microsoft 365 Copilot internally.
• Learn how we deployed Microsoft 365 Copilot in Viva Engage at Microsoft.

How Microsoft does IT: Driving adoption of Microsoft 365 Copilot and agents across Microsoft

Speakers: Cadie Kneip and Stephan Kerametlian

Session description: Our team at Microsoft Digital led the first enterprise-scale deployment of Microsoft 365 Copilot, launching to more than 300,000 employees and vendors worldwide. Learn how the team drove adoption using change management strategies to encourage employees to thread Copilot into their daily work. Now we’re doing the same for agents across the enterprise. Learn best practices for accelerating adoption and maximizing value while guiding your own journey with Copilot and AI agents.

Cadie Kneip is a senior business program director and the Copilot Champs community lead in Microsoft Digital. She specializes in turning complex AI initiatives into confidence-building pathways that help employees thrive in an AI-powered workplace. 

Stephan Kerametlian is a senior director in Microsoft Digital, where he leads our global change management efforts for Copilot and agents. He thrives on learning how people use AI and on finding ways to get more people to embrace the technology.

Sign up for the session

“How Microsoft does IT: Driving adoption of Microsoft 365 Copilot and agents across Microsoft.”

More on adoption and deployment of Copilot and agents

• Explore our guide on how we deployed Microsoft 365 Copilot internally.
• Find out how we’re skilling up for the future of work at Microsoft with Agent Launchpad.

Real-world adoption stories: A fireside chat with a key customer

Session description: Pull back the curtain on the customer experience with Copilot adoption. Join this fireside chat with a Microsoft customer to hear about lessons learned and the real impact that Copilot is delivering across their organization. You’ll glean practical insights you can apply immediately at your own company. 

Speakers: Karuana Gatimu and Sam Crewdson

Karuana Gatimu is a director of Customer Advocacy – AI & Collaboration in Microsoft Digital and a solution architect driven by a passion for people, storytelling, and leadership. With 30 years of experience at the intersection of technology and human impact, she turns complex innovation into compelling narratives that help organizations adopt change and deliver business value.

Sam Crewdson, a principal product manager in Microsoft Digital, is passionate about turning user insights into product improvements. His work focuses on driving adoption of the latest SharePoint features and helping users take advantage of the power of both SharePoint and OneDrive. Working at the intersection of IT, users, feedback, and strategy, he translates real‑world business needs into collaborative experiences that scale.  

Sign up for the session

“Real-world adoption stories: A fireside chat with a key customer.”

More insights on Copilot adoption

• Learn about how we’re tackling Microsoft 365 Copilot governance internally at Microsoft
• Check out our guide for deploying Microsoft 365 Copilot in five chapters.
• Read our executive-level guide covering our Copilot deployment.

Try it out

• Explore the Microsoft 365 Community Conference official site.
• Start using Microsoft 365 Copilot.
• Learn how to build your own AI-powered agents and workflows.

Related links

• Find out more about the 2026 Microsoft 365 Community Conference.
• See how we’re serving as Customer Zero at Microsoft in the era of AI.
• Read about Copilot Control System security and governance.
• Learn about deploying Microsoft Agent 365: How we’re extending our infrastructure to manage agents at Microsoft.
• Discover how the Employee Self-Service Agent helps employees quickly complete IT and HR tasks.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Unfolding our AI in IT story: What to expect at the 2026 Microsoft 365 Community Conference appeared first on Inside Track Blog.

Moving forward, the winners will be the companies that prioritize technological and operational excellence. Microsoft Digital, our company’s IT organization, is seizing this moment by reinventing processes for agentic workflows powered by continuous improvement (CI).

We believe that AI-powered agents, Microsoft 365 Copilot, and human ambition are the key ingredients for unlocking opportunity across every industry.

“Continuous improvement is a natural, formal extension of our culture that applies rigor, structure, and methodology to enacting a growth mindset through understanding waste and opportunities for optimization.”

David Laves, director of business programs, Microsoft Digital

By combining our AI capabilities with continuous improvement, we’re executing initiatives that increase our productivity and improve our performance. We’re forging a new path for how companies operate in the era of AI.

Welcome to the age of AI-empowered continuous improvement.

Our vision for continuous improvement, turbo-charged by AI

At Microsoft Digital, we’re embracing continuous improvement to unlock greater operational excellence and better employee experiences.

“One of the main tenets of our culture at Microsoft is a growth mindset, and that involves experimentation and curiosity,” says David Laves, director of business programs within Microsoft Digital. “Continuous improvement is a natural, formal extension of our culture that applies rigor, structure, and methodology to enacting a growth mindset through understanding waste and opportunities for optimization.”

Our capacity to drive process improvements has been crucial to our AI transformation as a company. We’ve adopted a “CI before AI” approach to ensure that we don’t end up automating inefficient processes. By engaging in activities that focus on continuous improvement, our teams can better identify which problems to address with AI and prioritize meeting customer needs.

“Continuous improvement is really about understanding your business, its needs, and where you can find value,” says Matt Hansen, a director of continuous improvement at Microsoft. “It gives us the language to scale our efforts out across everything we do.”

This process isn’t just another way to enable AI. In fact, AI is essential to enabling continuous improvement itself.

“When leaders stay actively engaged and partner through these Centers of Excellence, we can create alignment, accelerate decisions, and ensure both CI and AI help to deliver measurable business outcomes.”

Don Campbell, senior director, Microsoft Digital

Operationalizing continuous improvement and AI

Operationalizing continuous improvement and AI enablement is a leadership imperative at Microsoft, and one that doesn’t just happen organically. As an organization, we are deliberate about turning business strategy into measurable outcomes through clear sponsorship, disciplined prioritization, the right resourcing, and sustained investment in change management and employee skilling.

“The difference between strategy and real business impact is execution,” says Don Campbell, a senior director in Microsoft Digital. “That execution requires strong leadership sponsorship and clearly designed continuous improvement efforts and AI Centers of Excellence (CoEs), which translate business strategy into operational reality. When leaders stay actively engaged and partner through these CoEs, we can create alignment, accelerate decisions, and ensure both CI and AI help to deliver measurable business outcomes.”

To support leadership’s vision, we’ve put organizational resources in place to manage our continuous improvement investments, guide practices, and support teams. There’s an overarching continuous improvement CoE within Microsoft Digital, which works in close partnership with the AI CoEs, forming an integrated model which connects enterprise priorities with frontline execution.

Together, these CoEs establish shared standards, provide clarity on where to invest, and help us move faster with confidence, turning ambition into sustained business impact.

“Continuous improvement is about process, but it’s also about people.”

Becky West, lead, Continuous Improvement Center of Excellence, Microsoft Digital

Continuous improvement and people

As we build out the organizational structures that underpin our investment in continuous improvement, we’re approaching the people side of change with intention.

Currently, we’re undertaking skilling efforts and communicating with every employee about how their role fits into core continuous improvement tools, including bowler cards, Gemba walks, Kaizen events, and monthly business reviews. We’re also demonstrating how “CI + AI” is a powerful combination.

The roadmap is there, the structure is in place, and we’re already seeing progress.

“Continuous improvement is about process, but it’s also about people,” says Becky West, lead for the Continuous Improvement CoE within Microsoft Digital. “A guiding hand like the Continuous Improvement CoE is how you make sure those two components align.”

Three Microsoft Digital continuous improvement initiatives

As we negotiate the early days of the company’s continuous improvement journey, Microsoft Digital is becoming a proving ground for the larger CI framework we want to deploy across the company. Our teams are spearheading projects to bring this framework to diverse functions like asset management, incident response (with a designated responsible individual), and third-party software licensing.

Enterprise IT asset management

Microsoft Digital’s Enterprise IT Asset Management team oversees the 1.6 million devices that power the company, from servers and IoT devices to labs, networks, and 800,000 employee endpoints. Safeguarding this vast landscape is critical to enterprise cybersecurity.

Three security pillars form the foundation of our security efforts: protect, detect, and respond. All of these depend on a complete, accurate device inventory.

Unified visibility enables proactive protection through enforced security controls, improves detection by spotting anomalies and misconfigurations, and accelerates responses by reducing investigation and remediation time. Without this foundation, security teams lack the precision to execute effectively.

To reach the goal of a unified inventory, the team initiated a continuous improvement initiative to build a consolidated source of truth for Microsoft Digital IT assets. Grounded in the principle of “progress over perfection,” the team initially narrowed its focus to Microsoft Lab Services (MLS) and IoT devices, with a vision to eventually expand to networks, employee devices, conference rooms, and printers. The ultimate goal is to move toward a truly comprehensive inventory.

This foundation will not only enhance security but also deliver enterprise-wide value through consistent policy enforcement, more resilient infrastructure, and comprehensive lifecycle management. By applying continuous improvement processes to help prioritize high-impact opportunities and using AI to accelerate outcomes, the program is enhancing Microsoft’s operational excellence and security posture.

“It’s better to do step A than wait until you’re ready to do steps A, B, C, and D,” says Aniruddha Das, a principal PM in Microsoft Digital.

As the team progressed from Gemba walks to Kaizen events under the guidance of the Continuous Improvement CoE, they dug deeper into areas of waste. Then they identified potential actions, breaking them down into “value-add,” “non-value-add-but-essential,” and “non-value-add.”

“For every action item, we were always asking ourselves how we could make these things better through AI. We’re looking for ways to expedite our core outcomes with minimal human involvement.”

Ashwin Kaul, senior product manager, Microsoft Digital

This exercise helped them prioritize their activities and land on a starting point: A device security index that would provide an overview of our hardware environment’s security posture. Essentially, it would represent a list of device security statuses.

The team identified distinct improvement areas for IoT and Microsoft Lab Services (MLS) devices. For IoT devices, they needed to build the inventory from the ground up. MLS already had a fairly complete inventory of devices, so the team set a goal to improve data quality. Although each of these challenges is different, they’re excellent opportunities for AI-empowered continuous improvement.

Now that the project is underway, the team plans to use an AI agent to automate device registration for IoT devices, which currently relies on manually uploaded spreadsheets. It’s a prime example how streamlining a process with continuous improvement enables AI to automate and accelerate our work.

On the MLS side, the team is creating an AI-driven normalization tool to automate the de-duplication and correction of inaccuracies in device data. The goal is to get from less than 50% data quality to 100%, dramatically improving our security posture through greater accuracy.

“For every action item, we’re always asking ourselves how we can make these things better through AI,” says Ashwin Kaul, a senior product manager within Microsoft Digital. “We’re looking for ways to expedite our core outcomes with minimal human involvement.”

Continuously improving the designated responsible individual experience

On the Digital Workspace team, designated responsible individuals (DRIs) are in charge of maintaining the health of our production systems. When technical emergencies arise, they’re the rapid-response point people who take the lead.

“We asked ourselves, ‘How can AI elevate the designated responsible individual (DRI) experience to the next level?’”

Ajeya Kumar, principal software engineer, Microsoft Digital

That process itself can be incredibly stressful, and time is of the essence. When every moment counts, efficiency is key. Meanwhile, a big part of a DRI’s work is just finding out what’s gone wrong so they can fix the incident.

But their job isn’t just about crisis management. When there are no active incidents, they work on engineering enhancements to improve the efficiency of production systems and clear backlog projects.

There’s also a handover process that takes place when one DRI finishes their rotation and another goes on-call. That involves a report about any incidents that have occurred, active issues, actions taken, key metrics, and other important information.

With these two priorities in mind, our Digital Workspace team initiated a continuous improvement process review. Their Gemba walk provided a crucial starting point.

“The planning stage is all about figuring out what the process is, what it should be, and what we can do to improve it,” says Ajeya Kumar, a principal software engineer on the Digital Workspace team within Microsoft Digital. “We asked ourselves, ‘How can AI elevate the designated responsible individual (DRI) experience to the next level?’”

Collectively, the team decided to tackle these challenges with a multifunctional AI agent they call the Smart DRI Agent. This agent’s primary role would be synthesizing and presenting information to its human counterparts to help them save time in context-heavy situations.

The AI elements that the team has planned can be broken out into the following capabilities:

• Text summarization: Going through logs and identifying key insights.
• Data correlation: Tracking and collating error logs.
• Automation: Updating the status of issues, keeping abreast of communications, and providing point-in-time, daily, and weekly summaries of system health.
• Identifying patterns: Building troubleshooting guides based on frequency patterns.

The Smart DRI Agent is already in its pilot phase and producing results. It conducts four main activities:

• AI-generated summaries of DRI actions.
• Proactive notifications with AI-generated insights.
• Chat support to assist with all kinds of DRI queries.
• AI-generated handover reports.

“The continuous improvement framework that enables these pieces is the key to unlocking value,” says Aizaz Mohammad, principal software engineering manager on the Digital Workspace team. “It may seem process-heavy, but once you work through it, you’ll see the value.”

That value is apparent in their results.

In the first 30 days of the Smart DRI Agent’s pilot, there were 301 incidents, and the agent provided insights on 101 of them. That led to an approximate 100 hours of time savings for DRIs and a 40% improvement in our key network performance metric.

Third-party software license audits

Within Microsoft Digital, the Tenant Integration and Management team is responsible for a range of services, including third-party software licensing. This space is all about managing liability from both a security operations and an auditing perspective.

“It takes a tremendous amount of data and traversals through multiple sources to get us to the actionable data we need. The goal for this project is to reduce that time to increase operational efficiencies.”

Anahit Hovhannisyan, principal group product manager, Microsoft Digital

Without the proper security insights, the company could find itself with risks associated with third-party software vulnerabilities. And without thorough auditing, we might experience license overuse and contractual issues that can lead to waste or expensive license reconciliations.

“It takes a tremendous amount of data and traversals through multiple sources to get us to the actionable data we need,” says Anahit Hovhannisyan, a principal group product manager within Microsoft Digital. “The goal for this project is to reduce that time to increase operational efficiencies.”

“It’s tough to be honest about what isn’t working, because it ties into people’s personal value and worth, but it’s essential to the process.”

Kathren Korsky, team lead, Software Licensing, Microsoft Digital

The team decided to target the auditing process first. Currently, the software licensing team performs audits manually by looking at entitlements, contracts, purchase orders, and more while liaising with suppliers and our Compliance and Legal teams. That’s incredibly time-consuming.

During the software licensing team’s planning phase, they developed an ambitious goal of reducing the time to insights on third-party software license data from 154 days down to 15 minutes. During their continuous improvement Kaizen event, the team uncovered opportunities for AI-powered process improvements that eliminate waste.

“It required a lot of courage as we were identifying waste,” says Kathren Korsky, Software Licensing team lead within Microsoft Digital. “People are very invested. It’s tough to be honest about what isn’t working, because it ties into people’s personal value and worth, but it’s essential to the process.”

Now, they’re building and implementing solutions, including an AI and data platform that provides business intelligence with custom reporting abilities, an AI agent that provides audit support and ticket creation, and another that automatically generates audit reports. The team has been using Azure Foundry and Azure AI services to create their agents because these tools have the flexibility to switch between different models and fine-tune their parameters.

As these agents emerge, they’ll take the most tedious and error-prone aspects of the process out of human auditors’ hands, freeing them up to focus on solving problems, not endlessly searching for them.

Realizing continuous improvement at scale

These are just a small selection of the many continuous improvement initiatives underway within Microsoft Digital and the company as a whole.

“What continuous improvement gives us is the macro vision and the micro actions we can do to accomplish our goals.”

Kirkland Barret, senior principal PM manager, Microsoft Digital

At Microsoft, most of our continuous improvement initiatives are in their initial stages. As they progress through the measurement and adjustment phases, two benefits will emerge.

First, we’ll iterate and improve the value that each individual initiative provides. Second, we’ll continue to build our discipline and cultural maturity around a growth mindset we’re operationalizing through continuous improvement.

“What continuous improvement gives us is the macro vision and the micro actions we can do to accomplish our goals,” says Kirkland Barrett, senior principal PM manager for Employee Experience in Microsoft Digital. “It’s about knowing our objectives, identifying upstream root causes, and rippling them throughout a mechanism of progress.”

Key takeaways

These tips for implementing a continuous improvement framework come from our own experiences at Microsoft Digital:

• Be inclusive: Have the right subject matter experts at the table from the start. Sponsors need to be present as well.
• Cultivate maturity and transparency: Objective analysis about how things are going requires honesty.
• Sponsorship matters: Make sure you have sponsorship at the highest levels. This is a cultural change, and leadership is the core of culture.
• No half-measures: If you’re going to identify opportunities for continuous improvement, commit to having budget and resources in place.
• Process, then technology: Focus on what you need to simplify processes first, then apply AI. This will keep you from automating waste and inefficiency into your operations.

Try it out

Create and deploy an agent.

Related links

• Discover how we’re building an AI-powered continuous improvement culture at Microsoft.
• How being Customer Zero in an AI-powered world works internally at Microsoft.
• Read about how we unleashed API-powered agents at Microsoft in this step-by-step guide.
• Learn more about how we measure the impact of Microsoft 365 Copilot and AI at Microsoft.
• Supercharge your business transformation with Microsoft Viva.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Accelerating transformation: How we’re reshaping Microsoft with continuous improvement and AI appeared first on Inside Track Blog.

Maybe you’re a product manager with a backlog that you can’t ever get to. Perhaps you’re a designer who can never seem to get engineering resources assigned to you. Or maybe you’re a program manager who routinely gets stuck copying data between systems by hand.

These are common challenges knowledge workers face everywhere, including here at Microsoft. A year ago, AI enthusiasts knew agents with tools could fix these problems—they just didn’t know where to start.

Some of our employees in Microsoft Digital, the company’s IT organization and Customer Zero for the company, took a grassroots approach to solving this problem. They built something called the Frontier Forge, our pro‑code “harness” that enables our less-technical employees to get work done with agents. They use it to quickly build agentic instructions and instantly share their solutions with peers, which accelerates our productivity across the company.

The Frontier Forge represents a cultural shift in how our product managers, designers, program managers and other “I’m not an engineer but I want to build stuff” employees now apply AI tools directly to their work.

What first began as a hackathon experiment has evolved into a thriving Microsoft-internal community with nearly 100 engaged contributors, an active Teams channel, and a GitHub repository filled with templates, learning modules, and ready-to-use AI agents. The impact is measurable: Forecasting, backlog grooming and communication tasks that collectively took weeks now take hours or minutes.

“I saw myself and others spending too much of our time on data wrangling and admin tasks when we wanted to be strategizing. Nobody was building what felt truly agentic. So, we did it ourselves.”

Brett Reifers, senior product manager, Microsoft Digital

Employees who never saw themselves as technical are now building sophisticated data visualizations, automating workflows, creating prototypes, and generating learning modules. These were capabilities previously reserved for specialized engineering teams.

The “Forge” is where it’s all happening now.

From a hackathon to a movement

In early 2025, Brett Reifers, a senior product manager in Microsoft Digital, spotted a problem he couldn’t ignore. His peers, smart and driven product managers, kept asking the same question: “How do I use agents for my actual work?”

Beginner tutorials about prompt engineering felt trivial. Advanced agents with tools assumed engineering expertise. The middle ground, where AI meets real jobs, didn’t exist.

“I saw myself and others spending too much of our time on data wrangling and admin tasks when we wanted to be strategizing,” Reifers says. “Nobody was building what felt truly agentic. So, we did it ourselves.”

So, Reifers partnered with colleague Humberto Arias, a senior product manager in Microsoft Digital whose work explores the intersection of AI and productivity. Arias had been independently researching agentic solutions that could click through interfaces, open applications, and complete tasks autonomously.

The insight that unlocked everything came from a deceptively simple observation:

“Everything on the internet is a form—every site, mobile app, every click,” Reifers says. “If agents could fill out my forms in Azure DevOps, they could handle any web-based task.”

They pitched the concept of Copilot fulfilling form-based processes as an entry for Microsoft’s annual hackathon to Sean MacDonald, partner director of product management in Microsoft Employee Experience. MacDonald immediately recognized its potential.

“My reaction was simply, ‘This sounds amazing,’” MacDonald says. “This solution was exactly what we needed.”

The event proved agents could automate PM workflows: managing Azure DevOps items, generating summaries, and querying data systems. After the hackathon validated the concept, Arias suggested pushing the project to GitHub for wider exposure. Reifers then used GitHub Copilot itself, recursively using the very tools they were building, to open source the first Frontier Forge repository in 15 minutes.

A pro-code environment with natural language accessibility

The Forge combines GitHub Copilot, Visual Studio Code (VS Code), and MCPs into a framework that makes professional development tools easily accessible to non-engineers.

“The Frontier Forge is a place where you can learn regardless of your skill level. You can adopt what’s out there, even if you don’t know where to start.”

Sean MacDonald, partner director of product management, Microsoft Employee Experience

The core idea: Give employees a workspace seeded with community-created templates, learning modules, and custom agents tailored to Microsoft Digital contexts. Then let them build from there.

For MacDonald, the Forge has proven to be an accessible entry point for almost anyone, regardless of experience.

“The Frontier Forge is a place where you can learn regardless of your skill level,” MacDonald says. “You can adopt what’s out there, even if you don’t know where to start.”

An architecture for context-first AI

The technical architecture of The Frontier Forge leverages three layers simultaneously:

• VS Code provides the enterprise managed workspace where everything happens.
• GitHub Copilot offers chat functionality and AI assistance, with access to multiple models including Claude, GPT, and Gemini.
• Tools like Model Context Protocols (MCPs) act as standardized connectors that let agents access tools, data, and services locally. This unlocked what Copilot could decide and do with user approval.

“With GitHub Copilot and MCPs, there are literally no boundaries. It’s hard to explain just how transformational this can be for a product manager. Whatever you ask is transformed into code with a purpose, allowing you to do something you couldn’t before.”

Humberto Arias, senior product manager, Microsoft Digital

The MCPs connect to services like Azure DevOps (for roadmap planning and backlog management), Microsoft Documentation, Figma (for design work), and dozens of other platforms that are essential to product manager workflows. New MCPs appear daily, expanding capabilities organically as the community builds them.

Employees can even ask GitHub Copilot to build custom MCPs for services lacking official integrations. When Arias needed a PowerPoint creator that didn’t exist, he asked GitHub Copilot to create one.

“With GitHub Copilot and MCPs, there are literally no boundaries,” Arias says. “It’s hard to explain just how transformational this can be for a product manager. Whatever you ask is transformed into code with a purpose, allowing you to do something you couldn’t before.”

The shift from prompt engineering towards context engineering is another reason why the Forge works. Its workspace settings, agent instructions, skills and hooks provide a harness with guardrails that help colleagues adopt and use this.

The Forge provides a curated starting point: Microsoft Digital-specific templates, governance frameworks, security guidelines grounded in Microsoft’s Responsible AI framework, and working examples employees can immediately use and modify.

Transformational impact

The productivity gains generated by The Frontier Forge are very real. Our employees report saving weeks or even months on certain projects, especially those that previously required extensive manual work or specialized technical skills.

Case in point: Laura Oxford, a senior content program manager in Microsoft Digital, had four years’ worth of Excel files and communication metrics reports. She had always intended to use the data to create marketing forecasts, but she could never find the necessary time or resources to perform the analysis.

“The key to creating the agent was going deep into the context. It was an iterative conversation, going back and forth to fine-tune the agent until I was consistently getting the output I wanted. But it truly was just a conversation—no tech skills needed.”

Laura Oxford, senior content program manager, Microsoft Digital

Through iterative, conversation-based prompting, Oxford’s agent analyzed patterns, created projections, and produced visualizations. Oxford now has a robust historical analysis that enables prediction of future campaign performance.

“The key to creating the agent was going deep into the context,” Oxford says. “It was an iterative conversation, going back and forth to fine-tune the agent until I was consistently getting the output I wanted. But it truly was just a conversation—no tech skills needed.”

Drafting clear, executive-ready communications for complex initiatives was what brought Mark Stratford, a senior product manager with the email and calendaring service team in Microsoft Digital, to the Forge.

Before the Forge, communicating status updates to leadership meant he had to manually synthesize data from CSVs, track several approval chains at once—often in messy emails—and iterate on visualizations for what seemed like days and days.

Put more succinctly, these tasks are time-consuming chores that are perfect for AI.

“The Forge’s architecture changes how you think about the problem,” Stratford says. “Instead of iterating on prompts, you declare intent and desired outcome. The Forge’s architecture handles the rest.”

Using this pattern, Stratford created:

• Over a dozen interactive dashboards for portfolio roadmaps, migration tracking, and service health monitoring.
• Approval matrix visualizations mapping multi-stakeholder sign-off dependencies.
• Data analysis pipelines transforming raw telemetry into executive-ready narratives.

“I didn’t need to fight ambiguity or handhold the model. The architecture gave the agent a stable, skills-driven foundation from the start, which dramatically accelerated development time and improved clarity.”

Mark Stratford, senior product manager, Microsoft Digital

The Forge’s clean separation between intent, constraints, tools, and data inputs eliminated the prompt-tuning loop. Stratford mapped his objectives into the agent framework once, relying on built-in structure and guardrails.

His analysis and drafting time dropped from days to minutes. Outputs like roadmaps and data visualizations went directly into decision workflows with no manual cleanup required.

“I didn’t need to fight ambiguity or handhold the model,” Stratford says. “The architecture gave the agent a stable, skills-driven foundation from the start, which dramatically accelerated development time and improved clarity.”

Building community and sharing knowledge

A simple continuously improving repository has grown into something larger: a community of nearly 100 enthusiasts. Contributors are building templates, learning modules, and specialized MCPs tailored to their job functions. Teams are sharing wins and unlocked achievements.

“At its core, The Frontier Forge is an open-source, community‑driven experience. It’s a safer environment that will help people learn and apply Microsoft’s AI at work.”

Brett Reifers, senior product manager, Microsoft Digital

The Forge succeeds because of its emphasis on community and knowledge sharing. Its GitHub repository serves as collaborative workspace where employees contribute agents, templates, and learning resources.

This sharing culture creates a compounding cycle. One employee’s outcome becomes another’s starting point. Contributors share useful agents immediately, without lengthy approvals. This grassroots approach lets innovation spread at the pace of curiosity.

“At its core, The Frontier Forge is an open-source, community‑driven experience,” Reifers says. “The Forge is a safer environment that will help people learn and apply Microsoft’s AI at work.”

Building a safe-to-fail path

For IT leaders looking to replicate something like the Forge, MacDonald’s guidance starts with reframing the challenge.

“Find the people who are super curious and who want to learn. They will be the ones who drive innovation with AI agents and other newly developed tools.”

Sean MacDonald, partner director of product management, Microsoft Employee Experience

The barrier to agent adoption for non-engineering roles isn’t access to tools. It’s all about giving them the confidence needed to build them and then put them to work. Providing a safe, hands-on environment where people can learn at their own pace, regardless of skill level, has been an essential key to success.

Another key has been to empower the people in your organization who are eager to innovate and try new things. The Forge began with two curious product managers who decided to experiment and then shared their idea with peers.

“Find the people who are super curious and who want to learn,” MacDonald says. “They will be the ones who drive innovation with AI agents and other newly developed tools.”

For IT leaders currently trying to prepare their organizations for an AI-driven future, the story shows that the answer isn’t to wait around for perfect tools or comprehensive employee training.

“The leaders that create safe spaces for non-engineers to build with AI now will compound that advantage for years,” Reifers says. “The ones that wait will spend 2027 trying to catch-up.”

Our knowledge workers don’t need to wait for help any longer, now they can forge their own path with an agent or other AI tool they build themselves.

Key takeaways

Here are some insights your leaders can use to build grassroots-led, AI-forward communities in your organization:

• Start with volunteers, not mandates. The Forge grew to 100 contributors with zero top-down requirements. Organic growth from curious employees creates sustainable adoption.
• Highlight your quick wins. Reifers’ and Arias’ live demos of MCPs, Oxford’s 90-minute forecast and Stratford’s 20-minute drafts became the recruiting pitch for the next wave of adopters. Show your people results like these, then hand them the tools.
• Lower barriers without lowering standards. Accessibility and quality aren’t mutually exclusive. Governance and security are non-negotiable. Configure it all into the harness.
• Prioritize knowledge sharing and attribution. When one person solves a problem and shares it, dozens benefit immediately. Reward provenance.
• Ship fast, improve later. The Forge repo was built in 15 minutes. Four months later, it contained 50+ templates and agents. As much of 80% what is produced in the Forge is rewritten every other week as tools evolve. Ship MVPs and evolve based on real usage.
• Reframe outcomes > tools. Shifting from “developer tool” to “Copilot workspace” helps knowledge workers see they belong.

Try it out

Start building and sharing AI agents today with GitHub Copilot.

Related links

• See how we enable Microsoft employees to build AI agents that help them complete important tasks.
• Learn more about GitHub Copilot for Azure.
• Discover how we’re transforming our employee experience with AI. 
• Take a course on building AI agents for beginners in GitHub Copilot.
• Follow our step-by-step guide to building API-powered agents. 
• Find out how continuous improvement helps us identify agentic opportunities, and how it can help your company, too. 

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post The Frontier Firm: How knowledge workers are forging their own AI tools at Microsoft appeared first on Inside Track Blog.

Generative AI has captured the world’s attention, and businesses are taking notice.

According to our annual Microsoft Work Trends report, 70% of people would delegate as much work as possible to AI to lessen their workloads.

Capitalizing on this trend will mean the difference between surging ahead or getting left behind, including here at Microsoft, where we were the first enterprise to fully deploy Microsoft 365 Copilot.

“I’m inspired by the transformative power of AI,” says Andrew Osten, general manager of Business Operations and Programs in Microsoft Digital, the company’s IT organization. “I’ve been impressed with how quickly our employees have put it to work for them.”

He would know. His team is responsible for driving usage and adoption of Copilot and any new features to more than 300,000 employees and vendors across the world.

“Customers are looking to us to share what we’ve learned as the first enterprise to deploy Copilot. Our team has a unique opportunity to help them deploy and get to value as quickly as possible.”

Andrew Osten, general manager, Microsoft Digital

Our mission in Microsoft Digital is to empower, enable, and transform the company’s digital employee experience across devices, applications, and infrastructure. We provide a blueprint for our customers to follow as Customer Zero for the company, and as such, we’ve created this guide for deploying and adopting Microsoft 365 Copilot that’s based on our experience here at Microsoft.

“Customers are looking to us to share what we’ve learned as the first enterprise to deploy Copilot,” Osten says. “Our team has a unique opportunity to help them deploy and get to value as quickly as possible.”

Are you an IT pro?

View the full version of this deployment and adoption guide here.

Chapter 1: Getting your governance right

Before you even begin your Microsoft 365 Copilot implementation, you’ll want to consider how this tool impacts your data. Copilot uses Large Language Models (LLMs) that interact with data and content across your organization and uses information your employees can access to transform user prompts into personalized, relevant, and actionable responses.

Giving your employees this level of access means proper data hygiene is a priority. At Microsoft Digital, we use sensitivity labeling to empower our employees with access while also protecting our data. Microsoft 365 Copilot was designed to respect labels, permissions, and rights management service (RMS) protections that block content extraction on relevant file labels. That ensures private or confidential information stays that way.

This chapter outlines the highly robust, best-case scenario we created for Microsoft, but we know not every organization has a fully deployed data governance strategy. If you’re in that position, don’t worry! You can use Restricted SharePoint Search to provide instant value and protection without exposing Copilot to all of your internal SharePoint sites.

Laying the groundwork with proper labeling

We’ve developed four data labeling practices that make up our foundation for appropriate policies and settings.

Responsible self-service

Enable your employees to create new workspaces like SharePoint sites, ensuring your company data is on your Microsoft 365 tenant. That enables your people to take full advantage of Copilot in ways that align with your organizational data hygiene while you keep your company’s information safe.

Top-down defaults

Label containers for data segmentation by default to ensure your information isn’t overexposed. At Microsoft, we default our container labels to “Confidential\Internal Only.” We use Microsoft Purview to manage this process.

Consistency within containers

Derive file labels from their parent containers. Consistency boosts security and reduces the administrative burden on your employees for labeling every file they create. Copilot will reflect file labels in chat responses so employees know the level of confidentiality of each portion of AI-created responses.

Employee awareness

We train our employees to understand how to handle and label sensitive data. By making your employees active participants in your data hygiene strategy, you increase accuracy and improve your security posture.

Self-service with guardrails

The data hygiene practices above form a foundation for compliance and security, but backstopping those efforts through Microsoft 365 features adds an extra layer of protection. Here’s how:

Trust, but verify
Empower self-service with sensitivity labels, but verify by checking against data loss prevention standards, then use auto-labeling and quarantining when necessary. We’ve configured Microsoft Purview Data Loss Prevention to detect and control sensitive content automatically.

Expiry and attestation
Put strong lifecycle management protocols in place that require your employees to attest containers to keep them from expiring. We don’t keep items that don’t have an accountable employee or that might not be necessary for our work.

Controlling the flow
Limit oversharing at the source by enabling company-shareable links instead of forcing employees to grant access to large groups. To enforce these behaviors, you can set default link types based on labels through Purview.

Oversharing detection
Even under the best circumstances, accidents happen. When one of our employees does overshare sensitive data, we use Microsoft Graph Data Connect extraction in conjunction with Microsoft Purview to catch and report oversharing.

International compliance: No size fits all

Europe has extra requirements in the form of EU Data Boundary regulations and works councils, organizations that provide employee co-determination on workers’ rights or regulatory issues. Our Microsoft 365 Copilot deployment meant we needed to partner closely with our Microsoft works councils to address complex data and privacy implications.

Your experience will vary depending on your industry and where you operate, but we’ve learned that it’s best to work closely with local subsidiaries to ensure you have a complete picture of a region’s regulatory situation. Local insiders are poised to liaise with works councils or other bodies through direct relationships. Start the process early so you can manage feedback cycles effectively and resolve any concerns through configurations that work for your employees.

Learning from our governance, security, and compliance practices

Bring the right people into the conversation

Don’t keep this conversation in the IT sphere alone. Bring in all the relevant security, legal, and compliance professionals.

Build a foundation for automation

Microsoft Purview Data Loss Prevention has powerful intelligent detection, but it relies on establishing good defaults.

Think about how your employees will use Copilot

Determine the primary use cases. The kinds of collaboration and access employees need will affect your labeling architecture.

Take this opportunity to train employees

If you’ve been looking for an excuse to refresh employee knowledge around data privacy, let this moment be your milestone.

Don’t overwhelm your users

Make labeling easy and intuitive and ensure it isn’t overwhelming.
Employees should have a limited set of choices to keep things simple.

Key takeaways

Use these tips to tackle governance, security, and compliance at your company. It’s based on what we learned deploying Copilot internally here at Microsoft.

• Establish a clear labeling framework that defines classification levels, maps labels to the right policies (such as access control, encryption, DLP, and storage rules), sets container defaults, and ensures employees understand how to apply labels correctly.
• Implement comprehensive data loss prevention controls by configuring Microsoft Purview DLP standards and quarantines, defining lifecycle and attestation processes, and using Microsoft Graph Data Connect to identify and remediate oversharing.
• Engage globally to meet international compliance needs by partnering with local subsidiaries and works councils, addressing regional requirements and concerns, and determining where segmented or region‑specific deployments are necessary.

Key actions

How we did it at Microsoft

• Read our guide to governing Microsoft 365 Copilot. This step-by-step resource, based on our internal experience at Microsoft, will help you adapt your existing governance standards to reflect the new realities of AI.

Further guidance for you

• Conduct the Microsoft 365 Copilot Optimization Assessment to understand your level of AI adoption and chart your course.

Chapter 2: Implementation with intention

At the time of our deployment, we were the first company to roll out Microsoft 365 Copilot and agents at scale, and our implementation team had to choose from different licensing strategies. We’ve learned from experience that it makes sense to start with pilot groups who can validate the experience and enable the rest of your organization. For us, that looked like:

Phase zero

We provided early access to our Copilot engineering team to test-drive the tool from an insider’s perspective. 

• Product engineers

Phase one

We issued a limited number of on-demand licenses in core scenarios to get validation and feedback for key use cases.

• Sales
• Marketing

Phase two

We extended licenses to teams who needed to understand and support Copilot or provide approval for use.

• Support
• HR
• Legal
• Security
• Works councils

Phase three

We deployed Copilot and started working on adoption across the entire company.

• Advancing in phases, we deployed Copilot to more than 300,000 Microsoft employees and external staff.

Scaling out your licenses

After you decide on the general shape of your rollout, you can begin building your licensing strategy. In Microsoft Digital, we started with individual licenses at the single-user level. As our implementation scaled, we tied licensing automation to Microsoft 365 groups to implement targeted licensing changes at scale. Those groups could include subsets of employees or entire organizations within Microsoft, and we keyed our automation logic to their expanding and contracting eligibility.

We highly recommend defining a phased rollout strategy and structuring your groups accordingly. That creates accountability and gives your IT admins a crucial point of contact for understanding the licensing needs of different groups within your organization.

There are three primary benefits to using groups:

Optimize licensing costs: Create groups that reflect your business needs and goals that align with your respective business sponsors. Sync your licensing status changes with your group membership changes. That way, you can assign the right licenses to the right users and adjust easily if you require frequent changes (e.g., in your early initial validation phase) and avoid paying for licenses you don’t need or use.

Refine admin costs: Group-based licensing enables your admins to assign one or more product licenses to a group. This depends on your rollout strategy and progress—your admins will be able to streamline your group setup at scale, reducing your admin overhead, which is helpful considering all the licenses you likely need to manage.

Enhance compliance and security: This ensures that only authorized users are licensed and have access to resources, enhancing your security and compliance. Your admins can use audit logs and other Microsoft Entra services to monitor and manage your group-based licensing activities.

Pre-adoption communications

Given the excitement around AI, one of the biggest challenges during our phased implementation was support requests from employees not within our initial pilot groups. Most of our support requests at this stage were essentially asking, “When do I get access?”

You can easily avoid the issue through clear and honest communication. For example, when you alert your initial implementation groups about their Copilot access, you could simultaneously deploy “Coming soon” emails to the rest of your organization. That will help you avoid any confusion while simultaneously generating excitement.

Your IT implementation team can’t work in isolation. Communication, especially with organizational leadership, is a key part of your licensing and implementation strategy.

Learning from our implementation

Design for the “who”

When you determine your initial cohorts, base your decisions on which roles have the largest coverage and will provide the most relevant feedback.

Get your groups in place

Be thoughtful about your Microsoft 365 groups and make sure everyone knows who owns them and who’s responsible.

Engage your support team from the start

This is a new technology, so your support teams will receive requests. Ensure they’re ready by giving them early access.

Manage expectations to minimize blowback

Proactively help users understand why they have licenses or don’t. Note that your rollout strategy might be subject to change.

Bring leadership on board early

Executive sponsorship isn’t just useful for adoption. Leaders will also help you identify the key use cases within their organizations.

Product feedback at every level

Encourage feedback for employees in your early implementation phases because that will guide your wider adoption efforts.

Key takeaways

Use these tips to help you with your internal implementation and admin process. They are based on our experience here at Microsoft.

• Prepare your organization for Copilot by performing the Microsoft 365 Copilot optimization assessment, defining implementation phases and audience groups, securing leadership sponsorship, and mapping your rollout plan to a clear licensing strategy.
• Onboard users and activate your environment by assembling the right security groups, building an automated licensing workflow, enabling roles for Copilot reports and dashboards, assigning and configuring licenses, and gathering early signals from pilot usage and feedback.
• Drive engagement through targeted communication by analyzing in‑app and qualitative pilot feedback, reviewing usage data, and delivering clear, ongoing communications aligned with your adoption strategy.

Key actions

How we did it at Microsoft

• Learn about the councils steering our AI projects here at Microsoft.
• Find out how we’re unlocking the value of Microsoft 365 Copilot at Microsoft.

Further guidance for you

• Use the Copilot Success Kit to accelerate your implementation with templates, onboarding guides, and technical readiness resources.

Chapter 3: Driving adoption to accelerate value

The fact that your employees are excited about trying out Copilot isn’t enough. We found that you need strategic, coordinated change management to drive usage and adoption.

To do this effectively, you will need to empower change agents in your organization. These are not part-time roles; they are dedicated resources across your company who are responsible for the change management function, including creation of a deployment and adoption plan, facilitating principled change management practices, communicating and engaging with employees, preparing employee readiness and learning opportunities, and then measuring the success of your deployment across the enterprise. At a high level, your strategy should consist of the following five steps.

Microsoft 365 Copilot change management

How we drove adoption in Microsoft Digital

At Microsoft, we broke our company-wide adoption efforts into cohorts, for example, subsidiaries or business groups. Depending on the size of your enterprise, you may benefit from this approach as well. We divided our adoption along two vectors: internal organizations like legal or sales and marketing, and regions like North America or Europe. Different cohorts have different focuses, but the strategy is similar. At Microsoft, we did this in four phases:

Get ready

Effective change management requires careful planning. Begin by identifying and then working with company-wide change management leads. Next, identify members of your target cohorts who will support the adoption, including change managers, leadership sponsors, and employee champions.

Champions will be crucial to your adoption by filling several powerful roles:

• Pinpointing key usage scenarios for Copilot based on their cohort’s culture or processes.
• Providing insights that help adoption leaders build out their rollout plans.
• Most importantly, demonstrating the value of Copilot and showing their peers how powerful this tool can be in their day-to-day work.

When champions socialize their tips and tricks, our experience at Microsoft Digital has revealed that it’s best to share specific prompts and the value they provided as a concrete entry point for users. For example, a champion could say, “I saved three hours drafting this sales script in Microsoft Word using this prompt,” then share their Copilot prompt as a place for peers to start.

Works councils also play a key role at this stage. They offer the benefit of local cultural expertise and can help you identify the challenges employees face in their jurisdiction. Even something as simple as understanding proper modes of address helps smooth the road to adoption through effective communication.

Each of these sets of stakeholders has a role to play in leading your own rollout. We recommend using Microsoft 365 Copilot adoption resources to build out your own adoption plan.

Onboard and engage

At Microsoft, we implemented this phase across each adoption cohort. Because every group will have its own champions and leadership sponsors, it’s important to treat each of them as its own organization, with its own unique adoption needs.

In advance of our general rollout, we created “jump-start” communications with links to learning opportunities:

Localized training took the form of Power Hours in different languages and time zones. These training sessions demonstrated key Copilot scenarios across Microsoft 365 apps.

Self-learn assets included user quick-start guides, demo videos, and Microsoft Viva Learning modules to accommodate different learning styles and preferences.

Pre-rollout communications fulfill two needs. First, this messaging is a great opportunity to launch your champion communities. Second, these communications build your employee population’s desire and excitement for their incoming Copilot licenses, then prepare them to hit the ground running when they get access.

After your Copilot licenses are live, your launch-day welcome comms are straightforward. Invite employees to access Copilot and to start experimenting with how it can fit into their work. There are many possible vectors for deploying these communications, but a multi-pronged effort that includes Microsoft Viva Amplify will deliver the maximum impact.

For support in building out your own communication plan, our adoption team has created a user onboarding kit for Copilot. These ready-to-send emails and community posts can help you onboard and engage your users.

Deliver impact

After everyone has access, it’s time to promote Copilot usage and ensure all employees are having the best possible experience and gaining the most value. For our cohorts, employee champions and leadership sponsors were essential levers.

It’s important to remember that Copilot isn’t just another tool. It introduces a whole new way of working within employees’ trusted apps. At Microsoft, we took great care to encourage employees to adapt a mindset to see it as part of their daily work—not just something they play with when there’s time.

Microsoft Viva Engage, or a similar employee communication platform, is a helpful forum for peer community support. In our case, it provided an organic space for champions to share their expertise and change managers to provide further recommendations and adoption content. For employees who explore best on their own, Copilot Lab provides in-the-flow learning opportunities to build their prompt skills.

Meanwhile, leadership sponsors diversified our communications strategy by deploying and amplifying messaging through executive channels like org-wide emails or Viva Engage Leadership Corner posts.

Extend and optimize

Understanding overall usage patterns and impact is crucial to optimizing usage. Our Microsoft Digital team used a combination of controlled feature rollout (CFR) technology while tracking usage through Microsoft 365 admin center and the Copilot Dashboard in Viva Insights. Together, these tools gave us the visibility and tracking we needed to establish and communicate adoption patterns.

Meanwhile, IT admins and user experience success managers can access simple in-app feedback through Microsoft 365 admin center. And to really maximize value, our Microsoft Digital employee experience teams conducted listening sessions and satisfaction surveys.

All these insights are helping us establish a virtuous cycle to drive further value and better adoption for future rollouts, extend usage to new and high-value scenarios, incorporate Copilot into business process transformation, and understand custom line-of-business opportunities.

Driving user enablement with Microsoft Viva

Our team in Microsoft Digital used Microsoft Viva to help enable our 300,000-plus global users. Microsoft Viva is an Employee Experience Platform that brings together communication and feedback, analytics, goals, and learning in one unified solution. Our team used Viva across a range of change management scenarios, including building awareness, communicating with our employees, providing access to readiness and learning resources, and measuring the impact of our deployment.

You can see a few of the specific ways we used Viva to accelerate employee adoption below.

Accelerating Microsoft 365 Copilot with Viva

Viva Connections

Sharing key news related to deployment and enablement, generating “buzz,” and tying Copilot to Microsoft culture.

Viva Amplify

Producing and efficiently distributing employee communications to build awareness and excitement.

Viva Learning

Courses and training for our employees on how to maximize value from Copilot, inclusive of building effective prompts.

Viva Engage

Actively engaging employees, providing leader updates, listening to feedback, and enabling Champs community.

Viva Insights

Using the Microsoft 365 Copilot Dashboard beta to identity actionable insights and usage trends.

Viva Pulse

Instant feedback from employees on their Copilot experience to fine-tune our landing and adoption approach.

Viva Glint

Understanding employee sentiment and gauging the overall effectiveness of our Copilot deployment effort.

Learning from our adoption of Copilot

Cascade adoption efforts through localization

Regional differences, priorities, even time zones—they can all block your centralization efforts. Your insider adoption leaders within each adoption cohort can help.

Empower your employee champions with trust

Monitor your user-led adoption communities at the start to provide support. As this community of power users becomes product experts, they’ll take over.

Empower employees as innovators

You’ll be surprised by what your employees dream up. Provide every opportunity for them to share their favorite tips and usage scenarios.

Create excitement, but set expectations

Encourage a healthy mindset around what Copilot can accomplish and where it fits. Don’t overpromise.

Gamify learning to build engagement and experience

Friendly competitions or cooperative challenges like prompt-a-thons generate excitement and invite creativity.

Understand that for many, AI is emotional

Overcome AI hesitancy by encouraging employees to tackle easy tasks with Copilot assistance. That will help minimize reluctance.

Use Microsoft Viva to accelerate time to value

Viva supports user enablement through learning, effective communication, usage tracking, and employee sentiment.

Key takeaways

Use these tips as your guide as you build out and implement your adoption plan. They are based on our own experience internally at Microsoft.

• Prepare your organization for adoption by identifying your adoption lead, building a cross-functional cohort-based team, defining personas and key usage scenarios, establishing communication preferences and success metrics, completing enablement training, and creating a localized communications and asset library.
• Engage your cohorts and activate readiness by deploying targeted onboarding communications, launching champion communities, running live and self-paced learning experiences, and elevating visibility with digital materials that help employees understand how Copilot improves their daily work.
• Drive measurable impact across cohorts by promoting usage through internal channels, reporting on KPIs at planned intervals, gathering employee sentiment through surveys and listening sessions, spotlighting success stories, applying learnings to refine adoption activities, and nurturing champions through deeper technical training.
• Extend and optimize your deployment by exploring new high‑value scenarios, identifying opportunities for business process transformation with agents, Copilot Studio, plugins, and connectors, and sourcing custom line‑of‑business use cases that advance your organization’s Copilot maturity.

Key actions

How we did it at Microsoft

• Learn how we boosted our Copilot adoption with a companywide expo.
• Explore how we created a Center of Excellence to guide our adoption and use of AI.

Further guidance for you

• Access the Copilot scenario library to understand different user needs and opportunities.
• Deepen Copilot engagement through the Microsoft Modern Collaboration Architecture (MOCA).

Chapter 4: Building a foundation for support

Empowering employees means making sure they have access to the right support channels. The fact that Copilot operates across a wide spectrum of Microsoft 365 apps adds complexity to support scenarios. As a result, it’s important to get your support teams early access along with your earliest pilot implementations.

For us in Microsoft Digital, four principles define high-quality support:

Available

Highly available and in-context support should deliver both self-help and assisted experiences wherever and however the user needs it.

Consistent

Coherent and seamless access to support across the entire journey eliminates frustration and keeps the experience consistent.

Contextual

Base your support experience on where the user is and what they’re trying to accomplish.

Personal

Anchor support in a user’s goals and preferences.

Strategizing for support

Building experience and knowledge is one thing, but coming up with your approach to support requires planning and a strong idea of your users’ ideal experience. At Microsoft Digital, we take a “shift-left” approach. That means we save our human support staff time by attempting to create excellent self-service options for our users.

Shift-left principles can apply to many different support contexts, but with Copilot, we’ve found that the most important upfront action is ensuring your employees have accessible self-service support channels and communicating their availability. Work with your adoption teams to ensure they include self-service support options in their rollout communications.

Seven things we learned prepping to support Microsoft 365 Copilot

Preliminary access

Select your initial support specialists. Include people with different Microsoft 365 app focuses, support tiers, and service audiences.

Communication hub

Establish a community space where your support team can connect and collaborate on issues. Invite non-support professionals as needed.

Knowledge base

Start a collaborative document and add learnings. This will eventually evolve into your knowledge base for internal support.

Widen access

Host information sessions with the wider support team and extend access so all relevant support professionals can ramp up.

Rehearse

Conduct role-playing and shadowing sessions so support teams can build practical knowledge and confidence.

Support go-live

Get your support resources and processes ready and push them live in advance of your Copilot deployment. Consider a dry run.

Track

Determine a tracking cadence and gather data on Copilot issues that arise so support teams can identify trending issues and tickets.

Common questions, issues, and resolutions

We’re getting questions about why particular employees don’t have licenses.

Use employee change management communication waves to solve for this issue by alerting employees when they’ll have access to licenses.

Users are coming to us with questions that would be better served by adoption and employee material, and that isn’t our role as support.

Work with your adoption team to preempt these issues with proactive communications. Update your self-help content and provide your support agents with ready access to different employee education resources.

Teams are looking for integration support. Where do I send them?

Share this list of pre-built connectors to help your users integrate various data sources to Microsoft Graph. This list shares the types of content supported.

Can employees put confidential information into Copilot?

If employees are signed into Copilot with their Entra ID, they can enter confidential information.

My organization has concerns about who owns the IP that Copilot generates. Does the Microsoft Customer Copyright Commitment apply to Copilot?

Microsoft does not own the IP generated by Copilot. Our universal terms state “Microsoft does not own customers’ output content.”

What’s the best way to verify the accuracy of the information Copilot provides?

Copilot is transparent about where it sources responses. It provides linked citations to these answers so the user can verify further.

Key takeaways

Use these tips to manage your Copilot support efforts. They are based on our experience here at Microsoft.

• Enable and align your support team by starting with a core group of support leaders, establishing shared communication spaces and a collaborative knowledge base, expanding access to the full Copilot support team, training them through information sessions and role‑playing exercises, defining escalation paths, and partnering with internal communications to finalize user‑facing support materials.
• Deliver meaningful user impact by signaling support availability across employee communities, publishing a clear and accessible user-facing knowledge base, and standing up self-service automations where appropriate to empower users and reduce friction.
• Optimize and mature your support services by reviewing ongoing support issues and product feedback, and continually refining support workflows to drive efficiency, accuracy, and a better user experience.

Key actions

How we did it at Microsoft

• Read how we’re using AI to transform our Support business at Microsoft. This article shares how our Support team in Microsoft Digital is using AI to overhaul the business from end to end.
• Learn how we deployed the Employee Self-Service Agent here at Microsoft. This blog post shares how we’re using this agent to help our employees with their support needs in the flow of where they work in Copilot.

Further guidance for you

• Follow the Microsoft IT admin guide for Copilot onboarding, enablement, and support resources to ensure a smooth rollout.
• Access the Copilot Success Kit for launch day assets, support templates, and troubleshooting guides.

Chapter 5: Extending Copilot through agents

As organizations and employees have matured with respect to AI, agentic extensibility is expanding the frontiers of this technology. By using and even creating agents that surface knowledge, take actions, and reinvent workflows, employees can personalize AI’s capabilities to fulfill more specific needs.

At Microsoft, our goal has been to provide access and enable agents at appropriate levels for our employees and the company as a whole. To make that happen, we’ve adopted a maturity model for agentic AI deployment. Early phases focus on using Copilot, grounded in enterprise data, to enhance knowledge discovery and retrieval. Later phases will enable our employees to act on that knowledge and even fully automate business workflows.

Agentic AI at Microsoft

Each of these levels of agentic capability requires different tools to create and depends on different policies to govern. Because retrieval agents don’t require special tooling, we allow employees to create them at will through Copilot Chat and simplified agent builders in Copilot Studio and SharePoint.

For more complex agents intended to meet enterprise needs across lines of business or the company as a whole, our developers use more full-featured tools like Copilot Studio or Azure AI Foundry. For these kinds of agents, we apply the same rigor, reviews, and software development lifecycle (SDL) we use as part of our standard internal app development.

As you explore the different kinds of agents available to your users and decide how and where to enable them, adoption.microsoft.com provides an excellent place to start. It provides three different approaches to creating agents: Microsoft 365 Copilot Chat, Azure AI Foundry, and Copilot Studio.

All of this choice adds complexity, so maintaining visibility and control over the agents your employees create can be a challenge. As a result, we take a matrixed approach to creating and governing agents based on different parameters. They include the type of agent, how the user creates it, its knowledge sources, the need for custom tooling, sharing and publishing permissions, and more.

Keeping agents safe and effective through good governance

At Microsoft, we incorporated elements of our tenant’s minimum bar for governance into our policies for managing agents. These measures include Microsoft Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.

To govern agentic capabilities, we introduced further controls like sharing limits, breadth of knowledge sources, agent metadata, and information about an agent’s behaviors. The result is a proactive approach to governance backstopped by reactive structures that catch any issues.

As you think about governing your own agents, consider the four core principles we’ve established at Microsoft Digital.

We empower employees to create and share simple, low-risk agents

 We provide a safe space and personal flexibility that allows individual employees to experiment without implicating company data or content users don’t own.

We capture and vet sensitive data flows at the enterprise level 

More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation.

We protect data designated confidential or higher 

We contain data flows to tenant mandates and only trust suitable storage destinations for content.

We honor the enterprise lifecycle 

We treat agents that individual employees own like any other user-created app and delete them when that individual leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the SDL, and accountability confirmations.

Once you have your governance policies and procedures in place, you can begin your rollout to users through many of the same strategies and processes we’ve discussed in this guide.

Learning from our experience with agents

Connect with relevant stakeholders

Establish early communication and collaboration with members of your security, legal, compliance, IT, and other teams who can help you define ways to configure Copilot Studio agent builder safely.

Trust and empower

Provide safe spaces with appropriate guardrails for individual employees to experiment with simple agents. Copilot Studio agent builder is a great place to start.

Expand enterprise capabilities

Empower a small number of trusted creators to experiment with more powerful agent-building tools under the close watch of IT, Governance, Security, Privacy, Data, and HR teams. This will reveal gaps in process and policy and inform future reviews.

Solidify labeling and data

Revisit your labeling structures and data flows. It will be important to have these structures in place to support this new agentic environment. Start by learning from our experience governing Copilot at Microsoft.

Extend your review process

Adapt any review processes you already have in place to agents, including security, privacy, and accessibility. Embed those reviews into your publishing workflow for agents operating above the individual level. Consider adding reviews for Responsible AI.

Prevent agent sprawl

Establish a reasonable enterprise lifecycle for agents that includes attestation. That will keep agents from sprawling or remaining in place after employees have left your organization or simply no longer need a particular agent.

Key takeaways

Use these tips to manage your Copilot support efforts. They are based on our experience here at Microsoft.

• Plan and refine your governance approach by aligning with Security, Legal, Compliance, HR, and IT; updating existing governance and labeling policies for agents; defining your review process; building a matrix that maps agent capabilities to governance controls; and determining how your SDL procedures apply to agents.
• Pilot with targeted teams to validate your controls by selecting groups such as Security, HR, and IT; establishing clear feedback and monitoring channels; and iterating on your review and remediation procedures based on insights from early adopters.
• Enable agents responsibly across the organization by ensuring foundational protections like Purview DLP and Microsoft Information Protection are in place, deploying adoption and change‑management communications, enabling simple agent‑builder capabilities for broad users, and unlocking advanced agent development scenarios for IT and line‑of‑business developers.

Key actions

How we did it at Microsoft

• Read about how embracing the agentic future is enabling us to become an AI-first Frontier Firm. This article shares our vision for using agents to transform the workplace.
• Find out more about our deployment of Microsoft Agent 365 at Microsoft. This post shows how we’re using this new platform to manage our agent ecosystem. 

Further guidance for you

• Follow the Microsoft 365 Copilot Agents Deployment Blueprint to enable agents at scale with security, governance, and measurement strategies.
• Learn about the Responsible AI policies and practices that we use to guide our use of AI at Microsoft.

Applying our lessons to your own Copilot deployment

Embarking on your Microsoft 365 Copilot deployment and agentic extensibility journey might seem daunting, but by capitalizing on the lessons that Microsoft Digital has learned from our internal deployment, you can both speed up the process and avoid any pitfalls.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience.”

Stephan Kerametlian, business program management senior director, Microsoft Digital

By anchoring your work in careful planning and making use of the steps and resources provided in this guide, you can unleash a new era of productivity through Copilot.

We’ve learned a lot on our journey with Copilot, and we’re happy that we get to share our experiences with you—hopefully they help you on your journey.

“Deploying Copilot internally has inspired us to dive deeper into the power of AI assistance, which is enabling us to enhance our employee experience,” says Stephan Kerametlian, a business program management senior director in Microsoft Digital.

You’re not in this alone. If you’re looking for support or knowledge on any aspect of your deployment, reach out to our customer success team.

Key takeaways

This guide reflects our learnings and the processes we followed during our internal rollout of Microsoft 365 Copilot. This last set of tips summarizes the major actions you can take to get started with Copilot at your company. 

• Start with strong governance: Build a clear labeling and data protection strategy before deploying Copilot to safeguard sensitive information and meet compliance needs.
• Pilot, then scale: Roll out Copilot in phases, beginning with pilot groups to gather feedback and refine your approach before expanding companywide.
• Communicate early and often: Proactive communication and leadership sponsorship are essential for managing expectations and driving successful adoption.
• Empower champions: Identify and enable employee champions to share best practices, tips, and real-world scenarios that help others get value from Copilot.
• Invest in training: Provide tailored learning resources and support to help users build confidence and skills with Copilot in their daily workflows.
• Measure and optimize: Track usage, collect feedback, and continuously refine your deployment to maximize impact and uncover new opportunities.
• Plan for support: Set up self-service and human support channels early so employees can get help quickly and keep momentum going.
• Extend with agents: As your organization matures, explore agentic AI to automate workflows and unlock even greater productivity gains.

Key actions

How we did it at Microsoft

• Read our IT playbook for becoming a Frontier Firm in the era of AI.
• Review our five-step AI maturity guide for IT leaders.
• Learn how our IT organization is powering our companywide digital transformation.
• View the full, detailed version of this guide.

Further guidance for you

• Read the Microsoft Work Trend Index Annual Report.
• Find the best overall Copilot deployment and adoption guidance at adoption.microsoft.com.

Try it out

• Learn how to get ready for Microsoft 365 Copilot at your company.

We’d like to hear from you!

• Want more information? Email us and include a link to this story, and we’ll get back to you.

The post Microsoft 365 Copilot for executives: Sharing our deployment and adoption journey at Microsoft appeared first on Inside Track Blog.

To help us and all enterprises respond to this new opportunity, the company just announced Microsoft Agent 365 at Microsoft Ignite. This product serves as the control plane for AI agents—a new evolution of the existing systems that organizations like ours use to manage people and apps.

“We’re empowering our employees and teams to build agents with guardrails. We have governance structures in place to ensure our internal agents are useful, safe, and properly scoped.”

David Johnson, principal program manager architect, Microsoft Digital

Our team—Microsoft Digital, the company’s IT organization—is now using Agent 365 to track agents that employees and teams from across the company are building and deploying. We’re also using it to access the dashboard that allow us to manage and govern agents companywide. We plan to utilize the new platform to comprehensively manage our agent workload.

Agent 365 will enable Microsoft Digital to help our employees, teams, and organizations to build and deploy agents safely and effectively, according to David Johnson, principal program manager architect for governance for the organization.

“We’re empowering our employees and teams to build agents with guardrails,” says Johnson, who notes that we have more than 100,000 agents on the Microsoft tenant today. “We have governance structures in place to ensure our internal agents are useful, safe, and properly scoped.”

Agent 365 is the control plane for AI agents and will play a key role in accelerating our journey toward becoming an AI-powered Frontier Firm. Whether your agents are created with Microsoft platforms, open-source frameworks, or third-party tools, Agent 365 helps you deploy, organize, and govern them securely.

“Agent 365 delivers unified observability across your entire agent fleet through telemetry, dashboards, and alerts,” says Charles Lamanna, president of Business Apps & Agents for Microsoft. “IT leaders can track every agent being used, built, or brought into the organization, eliminating blind spots and reducing risk.”

Here in Microsoft Digital, we’re planning to use Agent 365 for multiple purposes, including:

• Filtering our agent inventory on specific criteria, such as the type of agent or how it was built
• Enhancing governance-specific actions we can take with agents in areas like ownership and quarantining
• Gaining visibility into trends like agent usage
• Ingesting agent blueprints and defining policy templates

If you are unfamiliar with an agent blueprint, it’s a portable specification for an AI agent’s identity, capabilities, constraints, data access, and lifecycle.

Agent 365 is part of our Frontier Firm organizational blueprint, which we’re using to blend machine intelligence with human judgment to create agents that are AI-operated but human-led.

Boosting governance with Agent 365

Agent 365 maximizes the value of agents while minimizing tenant risk. These are capabilities that play well with the data governance foundation that we’ve already laid here in Microsoft Digital, in which we use data sensitivity labels and data loss prevention controls to govern the data that agents use in our environment.

We incorporated elements of our tenant’s minimum bar for governance into how we secure agents. Those include Microsoft Purview Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.

Our intention is always to act as proactively as possible while putting reactive structures in place to catch any issues that arise. After all, this is a new technology, and there are bound to be some surprises. By combining all of these elements, we’ve landed on six core principles for governing agents:

1. We built a data hygiene foundation: This enables you to trust your data estates with which employees build and use agents.
2. We empower employees to create and share simple, low-risk agents: We provide a safe space and personal flexibility that allows individual employees to experiment, without implicating company data or content that users don’t own.
3. We capture and vet sensitive data flows at the enterprise level: More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation.
4. We protect data designated confidential or higher: We contain data flows to tenant mandates and only trust suitable storage destinations for content. This depends on the ability to gate which connectors can work with which particular source data and sensitivity labels.
5. We enable internal teams and organizations with a smooth path to develop agents: This provides them with all of the services and sources they need along a path to release to the company.
6. We honor the enterprise lifecycle: Both user-based and attestation-based lifecycles come into play. We treat agents that individual users own like any other user app, and delete them when the employee leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the software development lifecycle, and accountability confirmations.

“We want and need feedback from our own IT team. It will help ensure all our customers are able to move quickly to deploy the platform with speed and safety.”

Charles Lamanna, president, Business Apps & Agents

Customer Zero for Agent 365

In our role as Customer Zero for Microsoft, our team in Microsoft Digital shares our insights on Agent 365 and our suite of agentic AI products with Lamanna and the product team. This makes the products more effective for our customers.

“We want and need feedback from our own IT team,” Lamanna says. “It will help ensure all our customers are able to move quickly to deploy the platform with speed and safety.”

While it’s still early days for Agent 365, the potential for transformative impact is significant.

“I meet with many of our top enterprise customers, and some of their primary questions are around how Microsoft manages agents to prevent sprawl, allows agent enablement against company data, and governs those agents,” Johnson says. “Agent 365 gives us a powerful new tool to manage our agentic estate, ensuring that our agents are delivering the transformative impact we expect while also enabling us to manage and secure our environment more effectively. Enabling self-service agent creation at scale necessitates enterprise observability and governance.” 

We’re excited to share more about our Customer Zero journey with Agent 365 on Inside Track soon.

Key takeaways

Here are five ways you can use Agent 365 to unlock agent observability and management at your company:

• Registry: Get the complete view of all agents in your organization, including agents with agent ID, agents you register yourself, and shadow agents.
• Access control: Bring agents under management and limit their access to only the resources they need. Prevent agents from being compromised with risk-based conditional access policies.
• Visualization: Explore connections between agents, people, and data, and monitor agent behavior and performance in real time to assess their impact on your organization.
• Interoperability: Equip any agent with apps and data to simplify human-agent workflows. Connect them to Work IQ to provide context for the work to onboard them into business processes.
• Security: Protect agents from threats and vulnerabilities, and detect, investigate, and remediate attacks that target agents. Protect data that agents create and use from oversharing, leaks, and risky agent behavior.  

Try it out

Get started with Microsoft Agent 365 at your company.

Related links

• Read the official blog post announcing Microsoft Agent 365.
• Learn how we’re powering agentic AI adoption at Microsoft through our ‘Customer Zero’ story.
• Explore how we’re becoming an AI-first frontier firm in the agentic future.
• See AI-powered agents in action and discover how we’re embracing this new ‘agentic’ moment at Microsoft.
• Check out how we’re riding the wave of agents washing over Microsoft with strong governance.
• Discover how we unlocked enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
• Find out how we powered AI value with Microsoft 365 Copilot extensibility at Microsoft.
• See how our employees are extending enterprise AI with custom retrieval agents.
• Learn about our strategy and vision for deploying the Employee Self-Service Agent internally at Microsoft.
• Dive into how we’re reimagining campus support at Microsoft with the Employee Self-Service Agent.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Deploying Microsoft Agent 365: How we’re extending our infrastructure to manage agents at Microsoft appeared first on Inside Track Blog.

At Microsoft Digital, the company’s IT organization, we’re embracing this as Customer Zero for the company.

What does that mean?

It means that we’re testing and shaping new Windows 11 features before they ship to customers. And as such, we’re helping the company reimagine what the OS can do for enterprise users in an AI-first world. We’re also helping the company transform the tools and processes we and our customers use to manage the Windows devices that our employees use to do their work.

“Windows 11 is our foundation for the future of work. We’re helping to build an OS that’s not just reactive—it’s predictive. It understands context, adapts to users, and helps IT teams stay ahead of the curve.”

Sean MacDonald, partner director of product management, Microsoft Digital

When we rolled out Windows 11 across Microsoft in 2021, we wanted to modernize the Windows experience for our global workforce. That meant moving beyond the legacy of Windows 10 and building a platform that’s smarter, more secure, and easier to manage. It also meant working closely with engineering teams to ensure that what we deploy internally reflects what customers need externally.

“Windows 11 is our foundation for the future of work,” says Sean MacDonald, partner director of product management at Microsoft Digital. “We’re helping to build an OS that’s not just reactive—it’s predictive. It understands context, adapts to users, and helps IT teams stay ahead of the curve.”

This transformation isn’t happening in isolation. It’s part of a broader organizational commitment to AI across Microsoft. From the integration of Copilot into dozens of Microsoft products to intelligent device management, we’re aligning every layer of the stack to deliver smarter experiences.

And we’re doing it because the time is right. The end of Windows 10 support is here, and Windows 11 is the essential solution for organizations seeking the enhanced productivity, security, and personalized experiences that AI makes possible.

Embracing a secure and efficient update environment

Keeping Windows 11 secure and up-to-date has evolved into a streamlined, intelligent process.

With Windows Autopatch, we’ve automated the deployment of updates across our enterprise.

But automation doesn’t mean losing control. The management tools available across Microsoft Intune and Windows allow us to exercise complete control over updates. We can leave Autopatch to make patching decisions, or we can dictate how any part of the process works—evaluate and select which updates to perform, define the rollout structure and schedule, and monitor the updates.

“Autopatch update readiness takes us to a new level with Windows 11 updates. It allows us to be proactive, rather than reactive in ensuring our Windows devices are in a ready state to seamlessly update, which minimizes disruptions and distractions to our employees.”

Dave Rodriguez, principal product manager, Windows team, Microsoft Digital

Autopatch lets us tailor rollouts to match our business structure. We’ve created custom Autopatch groups of up to 50 rings so we can deploy updates to the right people at the right time.

This flexibility is critical. It means we can schedule around sensitive periods like year-end close, define grace periods, and even choose which updates to deploy—feature, driver, or quality.

But the real magic happens behind the scenes.

With Windows 11 and Autopatch, we’re not just reacting to issues—we’re anticipating them. That’s where the Autopatch update readiness (AUR) comes in. It adds a new layer of resilience to our update management strategy.

Update readiness continuously monitors device health and update compliance across the enterprise.

By analyzing real-time telemetry, update readiness flags irregularities early and recommends targeted fixes.

“Autopatch update readiness takes us to a new level with Windows 11 updates,” says Dave Rodriguez, a principal product manager on the Windows team in Microsoft Digital. “It allows us to be proactive, rather than reactive in ensuring our Windows devices are in a ready state to seamlessly update, which minimizes disruptions and distractions to our employees.”

“Hotpatching has been a game-changer for keeping our devices secure without disrupting work. Security updates take effect immediately—no reboot required. That’s a big deal.”

Harshitha Digumarthi, senior product manager, Windows team, Microsoft Digital

One of the biggest wins?

Hotpatch, which allows us to apply most of our monthly security updates without our employees needing to restart their devices, which has been huge for our productivity.

“Hotpatching has been a game-changer for keeping our devices secure without disrupting work,” says Harshitha Digumarthi, a senior product manager on the Windows team in Microsoft Digital. “Security updates take effect immediately—no reboot required. That’s a big deal.”

Hotpatch works by modifying in-memory code to silently apply updates in the background. It’s especially valuable for operations that require high availability.

“We’re seeing a shift from device-centric recovery to user-centric personalization. It’s not just about getting the machine back—it’s about getting the person back to work.”

Markus Gonis, senior service engineer, Microsoft Digital

Together, hotpatch, update readiness, and Autopatch are helping us transform how we manage updates. We’re not just deploying tools—we’re reshaping business critical processes.

Protecting data using Windows Backup and Restore for Organizations

With Windows 11, we’ve redefined what backup and restore means for enterprise users with Windows Backup and Restore for Organizations. It’s not just about getting a device back online—it’s about restoring the user’s experience.

When a user signs into a new device with their Entra ID, they can select a backup to automatically restore their Microsoft Store app configurations, settings, and preferences. It’s seamless. It’s secure. And it’s fast.

“We’re seeing a shift from device-centric recovery to user-centric personalization,” says Markus Gonis, a senior service engineer on the Windows team in Microsoft Digital. “It’s not just about getting the machine back—it’s about getting the person back to work.”

This matters. Especially in large organizations where device turnover is constant and downtime is costly.

With Entra ID, we can automatically enroll devices into Microsoft Intune for management. That means IT policies, security configurations, and compliance settings are applied instantly. No manual setup. No waiting.

And because the restore process is tied to the user’s identity, it works across devices. Whether it’s a laptop refresh, a lost device, or a hardware upgrade, users get their familiar environment back—apps, layout, even their desktop background.

“Windows 11 is designed for fast deployment and compatibility,” Gonis says. “We’ve seen up to 25 percent faster deployment times compared to Windows 10. That’s a huge win for IT teams.”

This isn’t just about convenience. It’s about resilience.

By combining Entra ID with modern device management, we’ve built a recovery system that’s secure by default. Data is encrypted. Access is conditional. And IT retains full control over who can restore what, when, and where.

Capturing the power of AI-enabled apps and experiences

Windows 11 is bringing intelligent experiences to the forefront, and we’re seeing it firsthand at Microsoft Digital. From productivity to security, AI is transforming how our people work.

Windows Recall is an opt-in AI-powered feature built directly into Copilot+ PCs with Windows 11. It’s designed to solve a problem every person knows too well: Finding something you’ve already seen.

Recall allows you to search across time to find the content you need. Just describe how you remember it, and Recall retrieves the moment you saw it. Once opted-in snapshots are taken periodically while content on the screen is different from the previous snapshot. The snapshots of your screen are organized into a timeline. Snapshots are locally stored and locally analyzed on your PC. Recall’s analysis allows you to search for content, including both images and text, using natural language.

Here are its core capabilities:

• Semantic AI-powered search. No need to recall exact filenames. Just describe what you remember—like “blue sustainability slide from last meeting”—and Recall uses on-device AI to surface images or text that match the description.
• Full user control and privacy. IT admins have a full set of controls to manage security and privacy when enabling the Recall feature for the enterprise. Once enabled by enterprise admins, you as the end user then have the choice to opt in to enable snapshots on your machines.
• Explore content with a visual timeline. Recall periodically captures screenshots of your active window and displays them in an interactive, chronological timeline. When you need to revisit something, you can simply scroll through your past activity or jump directly to the specific moment you remember seeing it.
•  Granular snapshot management. You choose which apps and websites to include or exclude. You can pause snapshot capture, delete past captures, and set retention limits (e.g., 30, 60, 90, or 180 days) to manage storage and privacy. And IT admins can control how these capabilities work for the entire organization.
• All snapshots, indexing, and AI processing occur on-device. Recall runs completely locally—no data leaves your PC.It never shares your data with Microsoft or third parties, nor across different user accounts on the same device.

Recall doesn’t just remember—it protects. IT admins can control snapshot storage, retention policies, and even filter which apps and websites are recorded.

That’s where enterprise-scale controls come in.

“We helped define these controls. We tested them to validate they worked as expected.”

John Philpott, principal product manager at Microsoft Digital

Microsoft Digital partnered with the Purview and Intune product teams to help build a rich set of controls that give IT full visibility and governance over Recall’s data store. That includes sensitivity labels, data loss prevention (DLP) policies, and tenant trust reviews—all designed to keep enterprise data safe.

Purview and Intune provide the level of control that IT admins need to ensure that Recall respects the security and privacy concerns of the enterprise and the end user.

If a document is labeled “Highly Confidential,” Recall won’t index it. If a meeting is tagged “Recipients Only,” it won’t be captured. Purview admins can decide exactly which sensitivity levels are allowed in Recall and which are excluded.

Recall’s content redaction feature automatically detects and removes highly confidential information from screen snapshots based on Purview sensitivity labels. Users can work with both sensitive and non-sensitive documents on the same screen without risk of accidental exposure.

“We helped define these controls,” says John Philpott, a principal product manager within Microsoft Digital. “We tested them to validate they worked as expected.”

Implementing Windows 11 for the enterprise

Windows 10 support officially ended on October 14, 2025. Still, many companies have not yet made the needed move, something that Microsoft would like them to do as soon as possible.

At Microsoft Digital, we’ve already made the leap. We’ve deployed Windows 11 across our internal fleet, and we’ve learned what works and what doesn’t.

The most important thing? Have a plan and a phased approach.

“We didn’t try to do everything at once,” Digumarthi says. “We went slow, monitored help desk calls, and paused when needed. It wasn’t about speed—it was about getting it right.”

That phased approach helped us avoid surprises. We used security groups to segment users, deployed in waves, and ran parallel communication campaigns to keep everyone informed. “We built tech web pages, sent individual emails, and used Viva Engage for direct outreach,” Gonis says. “We wanted users to know what was coming and why.”

Organizations have options. They can upgrade to Windows Pro to Windows Enterprise. They can subscribe to Windows 365, which provides access to Windows 11 in the cloud. And they can extend the life of Windows 10 devices with Extended Security Updates (ESU).

Windows 365 lets you keep older hardware while giving users a modern experience. You get ESUs at no extra cost, and you don’t have to manage license keys or deploy images.

With tools like Autopatch and Intune, deployment is faster and easier. Compatibility is strong. And support is built in.

Looking ahead

We’re just getting started.

At Microsoft Ignite, we’re unveiling new capabilities that push the boundaries of what’s possible with AI and automation. Expect deeper integration between Windows and Microsoft Defender, new agentic workflows, and expanded support for AI-driven security operations.

We’re expanding the update readiness initiative, introducing carbon-aware updates in Autopatch, and expanding privacy capabilities in Recall.

Baseline Security Mode is growing, too, with more features, better reporting, and stronger baselines coming soon.

And we’ll keep telling the story. Start with the tools. Lean on the community. And let us help you make the leap to a more intelligent and secure enterprise powered by AI and Windows 11.

Key takeaways

Here are several practical steps you can take right now to maximize your transition to Windows 11 and harness the full potential of its AI-powered capabilities:

• Understand Windows 11’s AI-driven transformation. Learn how Windows 11 leverages artificial intelligence to enhance productivity, security, and user experiences across your organization.
• Discover new enterprise features and deployment strategies. Explore the latest tools and best practices for rolling out Windows 11 efficiently, including advanced management and security capabilities tailored for businesses.
• Learn from Microsoft Digital’s role as Customer Zero. Benefit from Microsoft Digital’s firsthand insights and lessons learned as the initial adopter of Windows 11 within a large enterprise environment.
• Explore migration options. Review your choices for upgrading to Windows 11, such as moving to Windows 11 Pro or Enterprise, subscribing to Windows 365, or leveraging Extended Security Updates for legacy devices.
• Prepare for what’s next. Stay ahead by planning for upcoming features, security enhancements, and innovations that will continue to shape the future of Windows in the enterprise.

Try it out

• Learn more about moving to Windows 11 and download our onboarding kit.
• Start using Windows Autopatch.

Related links

• Check our Microsoft Ignite Windows news announcements.
• Learn more about AI improvements to Windows that we’re announcing at Microsoft Ignite.
• Learn how we’re accelerating workplace productivity at Microsoft with Windows Recall.
• Find out more on how we’re transforming security and compliance at Microsoft with Windows Hotpatch.
• Check out how we’re hardening our defense at Microsoft with Baseline Security Mode.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Supercharging our enterprise with Windows 11 and AI PCs appeared first on Inside Track Blog.

Recall on Copilot+ PCs can help. It uses whatever details you remember about the missing item to find it for you.

Our team in Microsoft Digital, the company’s IT organization, has deployed Recall, giving our employees access to its AI-powered memory in a secure and managed environment. Recall now integrates with Microsoft Purview, which layers enterprise-grade security and compliance controls on top of Recall’s local AI capabilities.

How Windows Recall works

Windows Recall is an AI-powered feature built directly into Copilot+ PCs with Windows 11. It’s designed to solve a problem every person knows too well: Finding something you’ve already seen.

Here are its core capabilities:

• Explore content with a visual timeline. Recall captures periodic screenshots of your active window and visualizes them in an explorable, chronological timeline. When you need to revisit something, you can scroll through your activity or jump straight to the moment you remember seeing it.
• Semantic AI-powered search. No need to recall exact filenames. Just describe what you remember—like “blue sustainability slide from last meeting”—and Recall uses on-device AI to surface images or text that match the description.
• Full user control and privacy. IT admins have a full set of controls to manage security and privacy when enabling the Recall feature for the enterprise. Once enabled by enterprise admins, you as the end user then have the choice to opt in to enable snapshots on your machines. Only your device stores them, and they’re encrypted locally via BitLocker or Device Encryption. Access requires Windows Hello biometrics (your face or fingerprint), which ensures only you can view them.
•  Granular snapshot management. You choose which apps and websites to include or exclude. You can pause snapshot capture, delete past captures, and set retention limits (e.g., 30, 60, 90, or 180 days) to manage storage and privacy. And IT admins can control how these capabilities work for the entire organization.
• All snapshots, indexing, and AI processing occur on-device. Recall runs completely locally—no data leaves your PC.It never shares your data with Microsoft or third parties, nor across different user accounts on the same device.
• Jumping back in. Windows Recall doesn’t just help you find something you saw before, it helps you pick up where you left off, getting right back to the page, slide, or chat in Word, Excel, PowerPoint, and Teams, as well as in an app, document, or webpage.

It’s like having a photographic memory for your digital life. Recall is a productivity booster. But it’s also a security-first, enterprise-ready feature.

“We’ve been working for over a year with Microsoft Digital to understand how Windows Recall will function best in the enterprise environment. They helped us get it ready for our customers.”

Adam Wayment, principal product manager, Windows product team

To ensure security, privacy, and governance, the Windows product team turned to our team in Microsoft Digital, the company’s IT organization, to test Windows Recall. This happened after early users of the feature suggested that better controls needed to be put in place. Our team helped the product group design and deploy better enterprise controls.

This collaboration helped shape Recall into a feature that works for everyone—from individual users to global enterprises.

“We’ve been working for over a year with Microsoft Digital to understand how Windows Recall will function best in the enterprise environment,” says Adam Wayment, a principal program manager lead for Windows Recall. “They helped us get it ready for our customers.”

Establishing security and privacy for the enterprise

Recall doesn’t just remember what you’ve seen. It remembers what it should—and forgets what it shouldn’t.

That’s where enterprise-scale controls come in.

Comprehensive controls are at the center of deploying Recall to the enterprise.

Microsoft Digital partnered with the Purview and Intune product teams to help build a rich set of controls that give IT full visibility and governance over Recall’s data store. That includes sensitivity labels, data loss prevention (DLP) policies, and tenant trust reviews—all designed to keep enterprise data safe.

Purview and Intune provide the level of control that IT admins need to ensure that Recall respects the security and privacy concerns of the enterprise and the end user.

“We helped define these controls. We tested them to validate they worked as expected.”

John Philpott, principal product manager at Microsoft Digital

If a document is labeled “Highly Confidential,” Recall won’t index it. If a meeting is tagged “Recipients Only,” it won’t be captured. Purview admins can decide exactly which sensitivity levels are allowed in Recall and which are excluded.

That means no screenshots of HR portals. No copies of credentials. No risk of sensitive data lingering on a user’s device.

Recall’s content redaction feature automatically detects and removes highly confidential information from screen snapshots based on Purview sensitivity labels. Users can work with both sensitive and non-sensitive documents on the same screen without risk of accidental exposure. Only permitted content is captured during multitasking or collaborative activities. That Excel document with employee salary information? It never becomes part of the snapshot.

IT admins also have policy controls to manage access to Recall. They can set retention limits. They can restrict access by role, ensuring Recall is only available to the right people. And they can block specific apps and websites from being captured.

“We helped define these controls,” says John Philpott, a principal product manager within Microsoft Digital. “We tested them to validate they worked as expected.”

“Security is at the center—data is encrypted on the device. Recall uses the latest technology for security, from all the controls on the backend right up to user authentication, including Windows Hello with face or fingerprint recognition required to access the data.”

Adam Wayment, principal product manager, Windows product team

This wasn’t just about building features. It was about building trust.

We worked to identify the key scenarios and apps—including Word, Excel, PowerPoint, Outlook, Teams, and Edge—to prioritize what needed protection. We made sure Recall could handle the real-world complexity of enterprise data.

It was a massive undertaking, requiring collaboration between Microsoft Digital, the Recall product team, and the products teams from all the apps with which Recall interacts. It came down to creating useful functionality while protecting our data.

“Security is at the center—data is encrypted on the device,” Wayment says. “Recall uses the latest technology for security, from all the controls on the backend right up to user authentication, including Windows Hello with face or fingerprint recognition required to access the data.”

These controls were built in collaboration with the product team, with our Microsoft Digital team acting as Customer Zero. We helped define tenant trust requirements and test every scenario—credentials, certificates, internal portals, and more. And now Recall is stronger because of it.

Moving forward

Our team in Microsoft Digital learned a lot helping the Windows product team build and test Recall.

Some lessons were technical. Some were strategic. All of them made the product better.

One of the first challenges we tackled was credential protection. We wanted to make sure passwords, certificates, and other sensitive data wouldn’t be captured. The product team agreed, and we helped them build the exclusion logic that ensures Recall ignores credential-related content.

Another lesson came from deployment.

Recall is disabled by default in enterprise builds. That meant we had to work through IT policy hurdles to get it up and running. We hit race conditions. We found bugs. But we fixed them. And we made the deployment smoother for everyone.

We also learned the value of centering enterprise needs early in the deployment.

When Recall first launched, we focused on consumers. But customer feedback reinforced how powerful the tool could be for information workers in enterprises like ours. We built tenant trust requirements. We ran evaluations. We created a checklist of what needed to be done. And we did it.

That process changed the conversation, and we’re not done. We’re still listening, still improving, still building.

Key takeaways

Here are four actions you can take right away as you consider deploying Windows Recall in your organization:

• Test at scale. Roll out Windows Recall to a wide group to uncover complex issues—especially those that don’t show up in smaller test environments.
• Start with enterprise needs and roles. Engage enterprise stakeholders early review which roles should have access and shape feature requirements such as tenant trust and data-handling policies.
• Collaborate for improvement. Test controls early to ensure that they are configured to provide the level of security and privacy required by your organization.
• Build confidence for adoption. Use thorough evaluations and checklists to ensure readiness, leading to greater trust among users, partners, and teams.

Try it out

Retrace your steps with Windows Recall.

Related links

• Learn more about Windows Recall.
• ‘Click to Do’ in Recall: find out how to do more with what’s on your screen.
• Ensure privacy and control over your Windows Recall experience.
• Learn how the NPU is paving the way toward a more intelligent Windows.
• Learn how we’re supercharging our enterprise with Windows 11 and AI.
• Check our Microsoft Ignite Windows news announcements.
• Learn more about AI improvements to Windows that we’re announcing at Microsoft Ignite.  
• Find out more about our Microsoft Purview-related news from Microsoft Ignite. 

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Accelerating workplace productivity at Microsoft with Windows Recall appeared first on Inside Track Blog.

As threats grow more varied, widespread, and sophisticated, enterprises need to rethink how they protect their environments. That’s why we, in Microsoft Digital, the company’s IT organization, took a necessary step forward and deployed Microsoft Baseline Security Mode internally across the company.

Baseline Security Mode is a new approach to endpoint protection that enforces secure-by-default configurations across our enterprise. And it’s not just about locking things down—it’s about doing so in a way that’s scalable, manageable, and respectful of user experience.

This is a story for every organization trying to balance usability with security. Baseline Security Mode is designed to help IT teams enforce protections without breaking productivity. It’s a shift toward proactive defense with standardized secure settings.

Understanding the need for Microsoft Baseline Security Mode

Security must evolve with the environment.

At Microsoft Digital, we’ve built a strong foundation of endpoint protection over the years. But as our ecosystem expanded—more devices, more workloads, more diverse user needs—we saw an opportunity to take our security posture to the next level.

Our existing configurations were effective, but they reflected the natural complexity of a large enterprise. Different teams had different requirements. Some relied on legacy technologies that had served them well. Others needed flexibility to support specialized workflows. Over time, this led to variation in how security policies were applied.

We wanted to unify that approach.

Baseline Security Mode emerged as a way to streamline and strengthen our defenses. It was about building on what worked. We started by identifying areas where legacy protocols and configurations could be modernized. That included technologies like ActiveX controls and older authentication flows, which we carefully evaluated and phased out where appropriate.

We also improved how we gather and use telemetry. Initially, we had limited visibility into how certain features were used. That made it harder to predict the impact of changes. So, we ran pilots, collected feedback, and refined our approach. Baseline Security Mode was a game changer here, providing built-in reports that gave us the visibility we needed to observe the impact of applying settings in our environment. For example, when we reviewed blocking legacy file formats, we discovered that some workflows depended on them. We responded quickly, offering alternatives and guiding users through the transition.

Ease of use was a priority.

We built intuitive controls into the Microsoft 365 admin center, allowing IT admins to manage policies with just a few clicks. No more manual scripts. No more guesswork. We also introduced exception handling to support specialized needs, ensuring that security didn’t come at the cost of productivity.

We worked closely with internal stakeholders, including compliance teams and work councils, to validate every step and build trust. We made sure the experience was smooth, the tools were reliable, and the changes were clearly communicated.

This wasn’t just a technical upgrade—it was a cultural shift.

Baseline Security Mode gave us a way to unify our security posture while honoring the diversity of our environment. It’s a smarter, more scalable way to protect our endpoints, and it reflects everything we’ve learned from years of experience.

Putting consistent security configuration into practice

Baseline Security Mode establishes a new standard, enabling organizations to be secure by default.

It is the result of a collaborative effort of multiple product teams at Microsoft, building on their security and incident-handling expertise.  It’s designed to simplify and strengthen endpoint protection across Windows and Microsoft 365. The feature lives in the Microsoft 365 admin center, where IT admins can enforce modern security policies with just a few clicks.

“When we blocked certain file formats, users were confused by the error messages and thought they were blocked from saving the file. So, we ran pilots, gathered feedback, and helped the product team build an improved error experience to save blocked formats to safe, newer formats.”

Harshitha Digumarthi, senior product manager, Microsoft Digital

The product teams delivered 20 features across five workloads: Office, OneDrive and SharePoint, Teams, Substrate, and Identity. Each one targets a specific risk—blocking legacy authentication, disabling insecure protocols, restricting ActiveX, and more.

When we deployed Baseline Security Mode as Customer Zero at Microsoft Digital, our job was to validate these features and controls in real-world enterprise conditions.

We pushed for exception handling.

Some users still relied on legacy formats or protocols. Certain teams, for example, needed access to older Office features. So, we worked with the product team to ensure exceptions could be built into the UI.

That flexibility was key. We knew from experience that without it, customers might hesitate to adopt the feature.

“When we blocked certain file formats, users were confused by the error messages and thought they were blocked from saving the file,” says Harshitha Digumarthi, a senior product manager at Microsoft Digital. “So, we ran pilots, gathered feedback, and helped the product team build an improved error experience to save blocked formats to safe, newer formats.”

We also pushed for better telemetry.

“When we heard about Baseline Security Mode, it was still in ideation. There were no tools in the Microsoft 365 admin center yet. We had to figure out how to enable this internally while the product team built the capabilities in parallel.”

Markus Gonis, senior service engineer, Microsoft Digital

At first, we had only a few days of data. That wasn’t enough to understand how features were used or what impact they would have. So we worked with the product team to expand telemetry, improve error reporting, and reduce false positives, including identifying bugs that skewed metrics and made troubleshooting harder.

We ran the deployment through our Tenant Trust Program and work council reviews to ensure global compliance. That gave us—and our customers—confidence.

Baseline Security Mode isn’t just a feature. It’s a shift in how we think about security, and we’re proud to have helped shape it.

Deploying Baseline Security Mode at Microsoft Digital

Rolling out Baseline Security Mode wasn’t just a technical exercise—it was a cross-team effort that demanded precision, patience, and partnership.

Microsoft Digital took the lead on deployment. We acted as Customer Zero, testing every feature in real-world conditions before it reached customers. That meant working closely with the product team to validate functionality, identify bugs, and shape the user experience.

“When we heard about Baseline Security Mode, it was still in ideation,” Gonis says. “There were no tools in the Microsoft 365 admin center yet. We had to figure out how to enable this internally while the product team built the capabilities in parallel.”

Telemetry was limited. We had only 30 days of data to work with. That made it hard to predict how changes would affect users, so we ran pilots with internal user acceptance testing cohorts and we deployed in phases.

“It was a great Customer Zero experience. Our security teams stood to benefit from Baseline Security Mode features, and we helped the product team find bugs and the issues that just hadn’t come up in early testing or at a large scale. It was a win-win situation”

John Philpott, principal product manager at Microsoft Digital

For some legacy protocols, usage was low. In these cases, the features being deployed made removing these protocols seamless. Where usage was higher or unclear, a more detailed approach was required.

First, a few thousand users. Then 50,000. Then 100,000. Eventually, the entire Microsoft tenant. We paused between each wave to monitor help desk tickets, gather feedback, and confirm that our mitigation strategies were working.

Communication was critical.

We ran targeted campaigns, sent individual emails, and published technical reports explaining what was changing, why it mattered, and how users could adapt. We even used Viva Engage to notify users directly. It was important to explain to users why longstanding functionalities were being removed. We had to explain what we were doing and how to mitigate any impact.

We did a lot of work with the product team to ensure the user experience and the IT pro experience both exceeded expectations.

“It was a great Customer Zero experience,” says John Philpott, principal product manager within Microsoft Digital. “Our security teams stood to benefit from Baseline Security Mode features, and we helped the product team find bugs and the issues that just hadn’t come up in early testing or at a large scale. It was a win-win situation.”

We flagged inconsistencies in policy syntax, pushed for better error handling, and worked with the product team to align deployment tools across workloads.

But we didn’t stop at deployment. We tracked progress, validated telemetry, and signed off on each feature before it moved into broader rollout. We even helped pave the way for the next iterations, identifying features that needed more design work or deeper telemetry before they could be deployed.

This was a true partnership. The product team built the features. We tested them, validated them, and helped make them better.

Baseline Security Mode is now live across Microsoft. And it’s ready for the world.

Capturing real benefits

Baseline Security Mode is more than a set of policies—it’s a platform for proactive defense.

The product team built it to reduce legacy risks and enforce modern security standards across Microsoft 365 workloads. Microsoft Digital validated it in production, surfacing bugs, shaping telemetry, and confirming that the features worked as intended.

We tested 22 features across Office, OneDrive & SharePoint, Substrate, Identity, and Teams. Each one targeted a specific vulnerability—like blocking ActiveX controls, disabling Exchange Web Services, or enforcing phishing-resistant authentication for admins.

We flagged critical ActiveX dependencies in third-party apps —something the product group hadn’t found—which enabled them to initiate removal. That kind of early detection helped fix issues before the features reached customers.

We found regressions in PowerShell and legacy authentication flows. The OneDrive and SharePoint team caught a high-impact bug and worked with the product team to resolve it.

That validation mattered.

We also helped shape the admin experience.

Exception handling was built into the UI. Admins could create security groups, assign users, and manage exclusions directly in the Microsoft 365 admin center.

“There’s no need to handle everything manually,” Philpott says. “Simply click here and then here to disable. It’s a much simpler process.”

Extending benefits to Microsoft customers

Baseline Security Mode is ready for enterprise.

We’ve tested it. We’ve hardened it. And we’ve made it easier to adopt.

Microsoft Digital’s deployment journey helped shape the product into something customers can trust. We didn’t just validate features—we made sure they worked in real-world environments, across diverse teams, and under the pressure of scale.

 The product team designed the features to be enterprise-ready. We ran them through our Tenant Trust Program and work council reviews to ensure compliance across global regions. That gave us confidence—and gave customers confidence too.

The benefits are clear. We’ve reduced our attack surface. We’ve improved compliance. We’ve made it easier for IT teams to enforce security without disrupting workflows. And we’ve laid the groundwork for secure-by-default computing across Microsoft.

 Customers can do the same.

Start small. Run pilots. Monitor impact. Use the tools in the Microsoft 365 admin center to deploy policies, manage exceptions, and guide users through the change. And don’t be afraid to ask for help—our journey has shown that collaboration between deployment teams and product teams makes all the difference.

Baseline Security Mode is ready, and we’re ready to help others adopt it.

Looking ahead

The first wave of Baseline Security Mode—BSM 2025—delivered 22 features across five major workloads. Microsoft Digital helped validate and deploy those features across the enterprise. And the next wave of features is already in motion.

And it’s bigger, with 46 features, more than double what we had in the first round. The product team is expanding coverage to include deeper protocol restrictions, broader app controls, and more granular authentication policies.

We’re also preparing for broader industry adoption.  

Governments, regulators, and enterprise customers are asking for secure-by-default configurations. Baseline Security Mode is our answer. And the next version will make it even easier to adopt.

We’ll continue to lead as Customer Zero. We’ll test new features, validate insights surfaced by telemetry, and share feedback with the product team. We’ll run pilots, monitor impact, and guide users through the change. And we’ll keep pushing for simplicity, scalability, and trust.

Because security isn’t a one-time project— It’s a mindset, and it’s Microsoft’s highest priority.

Key takeaways

Ready to adopt Baseline Security Mode? Here’s some actions we recommend based on our deployment experience:

• Start with a pilot: Test Baseline Security Mode with a small group of users to identify legacy dependencies and gather feedback before scaling.
• Use the Microsoft 365 admin center for deployment: Apply policies and manage exceptions directly through the UI—no scripting required.
• Identify and plan for exceptions early: Work with business units to understand where legacy formats or protocols are still needed and create security groups for exclusions.
• Communicate proactively with users: Launch campaigns to explain upcoming changes, their impact, and how users can adapt.
• Validate telemetry and error reporting: Ensure your environment captures enough data to monitor the impact of new policies and troubleshoot effectively.
• Engage your compliance and governance stakeholders: Review new policies with internal governance teams to ensure alignment with organizational and regional standards.
• Treat security as an ongoing journey: Continue to monitor, iterate, and evolve your security posture as new threats and features emerge.

Try it out

Learn more about Baseline Security Mode.

Related links

• Learn how we’re supercharging our enterprise with Windows 11 and AI.
• Find out how we’re accelerating workplace productivity at Microsoft with Windows Recall.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Hardening our digital defenses with Microsoft Baseline Security Mode appeared first on Inside Track Blog.

Engage with our experts!

Customers or Microsoft account team representatives from Fortune 500 companies are welcome to request a virtual engagement on this topic with experts from our Microsoft Digital team.

Here at Microsoft and at workplaces around the world, OneNote is used for everything from record keeping and note-taking to collaborating across teams. And with Microsoft 365 Copilot making work easier and more efficient across all Microsoft 365 applications, OneNote should be no exception.

However, before we in Microsoft Digital, the company’s IT organization, could fully integrate Copilot into OneNote, we first needed to make it more secure. We recently accomplished this internally at Microsoft by deploying labeling that makes our OneNote notebooks and files more secure. This allowed us to start using Copilot in OneNote without compromising our sensitive or classified data.

“We realized that notebook oversharing was happening significantly and that we were keeping a lot of sensitive data in our notebooks,” says David Johnson, a principal product manager with Microsoft Digital. “OneNote was the only Microsoft 365 program that didn’t support labeling, a gap that we needed to address.”

“OneNote is designed to be the ultimate collaboration tool. So, you can have OneNote as your own personal notebook, or you can share it out with other people and collaborate. People use OneNote for a lot of different things, but at Microsoft especially, it is used for things like troubleshooting guides, post-incident reviews and other very sensitive things that require a high degree of seamless collaboration.”

Faye Harold, principal product manager, Information Protection team, Microsoft Security

Our diverse and heavy use of OneNote throughout Microsoft made closing that gap a critical need.

“OneNote is designed to be the ultimate collaboration tool,” says Faye Harold a principal product manager within the Information Protection Team in Microsoft Security. “So, you can have OneNote as your own personal notebook, or you can share it out with other people and collaborate. People use OneNote for a lot of different things, but at Microsoft especially, it is used for things like troubleshooting guides, post-incident reviews and other very sensitive things that require a high degree of seamless collaboration.”

And the idea that “it’s fine” because no one will ever find your notes in OneNote?

That’s no longer a thing, if it ever was.

In the age of AI, security through obscurity is effectively gone.

“Now the construct is, ‘AI can show you everything you have access to, no matter where it is, including in your colleague’s OneNote notebooks,’” Johnson says. “Without labeling, Copilot can and will show you information that you’re not supposed to see.”

“Bringing sensitivity labels to OneNote marks a major step forward in helping tenant admins safeguard organizational data. It enables consistent enforcement of security policies across the Microsoft 365 suite, giving admins greater confidence that sensitive information in OneNote is protected and governed just like in other Office apps.”

Daniel Beade, senior product manager, OneNote product group

Permissions versus labeling

The current security measures in OneNote are permission-based, determining who can access content at a specific point in time. Labeling adds encryption and policy enforcement to ensure content is protected regardless of where it is stored or shared. And when it comes to AI, labeling establishes confidentiality and security requirements that Copilot must respect. Labeling also helps users understand the sensitivity of content used by Copilot, ensuring they handle the generated responses with appropriate care.

“Bringing sensitivity labels to OneNote marks a major step forward in helping tenant admins safeguard organizational data,” says Daniel Beade, a senior product manager with the OneNote product group. “It enables consistent enforcement of security policies across the Microsoft 365 suite, giving admins greater confidence that sensitive information in OneNote is protected and governed just like in other Office apps.”

Johnson used the analogy of a poisoned apple pie to explain further.

“Imagine if Copilot was baking you a nice apple pie and you weren’t told that the apples it used to make the pie were poison,” he says. “You probably should know that before you take a bite of that pie. Same basic idea here. You’ve got highly confidential content in use that Copilot is using to generate a response. You should be aware of it.”

A triangle deployment model

Security labeling for OneNote was deployed internally to our 300,000 Microsoft employees and vendors in April 2025, and we have updated the Microsoft 365 product roadmap to reflect our plan to make this capability generally available by January 2026 with more information to be shared in the coming months.

“The user awareness aspect of labeling is absolutely critical. When you think about labeling, it’s about user awareness of how sensitive a piece of content should be and the applicability of policies to make sure that the content doesn’t go beyond whatever limits are imposed.”

David Johnson, principal product manager, Microsoft Digital

Our internal deployment happened in two stages. The first stage enabled labeling in the user interface. The second stage rolled out a default policy that labeled all content with a protected label, with options for users to adjust based on the sensitivity of the content.

“The user awareness aspect of labeling is absolutely critical,” Johnson says. “When you think about labeling, it’s about user awareness of how sensitive a piece of content should be and the applicability of policies to make sure that the content doesn’t go beyond whatever limits are imposed.”

“It’s super important to have a labeling capability in OneNote, because down the road labeling is going to help enable more capabilities of Copilot that will allow users to increase their productivity.”

Humberto Arias, senior product manager, Microsoft Digital

The internal deployment strategy involved a triangle model where one organization focused on security requirements, another on tenant management, and his team focused on employee experience.

The model ensured that security measures did not hinder productivity.

“Because Copilot extracts and surfaces content from various sources, it is essential for it to know the sensitivity of the content it uses to generate responses,” says Humberto Arias, a senior product manager in Microsoft Digital. “So that’s why it’s super important to have a labeling capability in OneNote, because down the road labeling is going to help enable more capabilities of Copilot that will allow users to increase their productivity.”

As for those future capabilities, Beade from the product group listed three that will further enhance security within OneNote.

The first, user-defined permissions labels, or UDP, will allow tenants to define permissions at the user level. This means one of our employees could set up a UDP label and then use it to grant edit permissions to one person and read-only access to another. This is similar to what currently exists in Word, PowerPoint and Excel.

The second feature Beade mentioned is auto-labeling. This will allow OneNote to automatically label information based on criteria defined by the tenant admin. Flagging certain content automatically will help prevent Copilot from surfacing sensitive information.

Another security feature coming soon to OneNote is dynamic watermarking.

“Not only will the labeling protection be added into the file, but also watermarking will be added that will ensure everyone knows that the information is confidential,” Beade says. “All three will compliment security labeling and add more protection to OneNote.”

Adding new features to OneNote will now be much easier.

“Labeling is going to make it very seamless for us to deploy new Copilot features in the future,” Arias says. “This was an important step for us to bring OneNote up to par with the rest of the Microsoft 365 apps.”

Key takeaways

When sensitivity labels become publicly available in OneNote in January 2026, here are some of things you will be able to do with them:

• Use OneNote features with confidence. OneNote is a powerful tool for collaboration, and security labeling makes sure Copilot does not surface sensitive information from your notebooks.
• Foster collaboration without the risk of exposing sensitive data. Permission-based security determines who can access content at a specific point in time. Security labeling adds encryption and policy enforcement, protecting your content regardless of where it is stored or shared.
• Be AI-aware when it comes to security. Security labeling ensures Copilot respects confidentiality and security requirements while also helping users understand the sensitivity of content used by Copilot so they handle the generated responses with appropriate care.
• Set location label defaults. We set an encrypted protection label, limiting data to tenant members only for all our employees’ OneDrive. That made it so simply rolling out OneNote with labeling resulted in a high percentage of active sections having that default label applied.

Try it out

Try out Microsoft OneNote.

Related links

• Learn about our migration from the Windows 10 version of OneNote to the Desktop app.
• Here are our top 10 tips for using Microsoft 365 Copilot every day.
• Check out these 10 things you may not know about OneNote.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Confidential by design: How we’re securing OneNote for the age of AI at Microsoft appeared first on Inside Track Blog.

Technology is constantly transforming the way we work—and AI is driving that evolution faster than ever. At Microsoft, the launch of Microsoft 365 Copilot is a powerful example of this shift.

However, launching an innovation of this scale inside the world’s largest software company came with its own set of challenges. The mission to embed Microsoft 365 Copilot into the fabric of our daily operations was spearheaded by Alexandra Jones, director of business programs, and Sandra Hausfelder, a global adoption lead for Copilot.

Together, the duo who work in Microsoft Digital, company’s IT organization, led a multi-disciplinary effort to ensure a smooth, impactful rollout—one that could serve as a blueprint for customers worldwide.

Jones, Hausfelder and their colleagues understood early on that rolling out Copilot and integrating it into the enterprise’s daily operations would require more than a one-size-fits-all approach.

“We have created a wealth of metrics and usage numbers in order to analyze the organizations, where employees are based, what their role is, and their current usage levels.”

Alexandra Jones, director of business programs, Microsoft Digital

Every team and role at Microsoft have unique needs, and the success of Copilot hinged on understanding and addressing those differences. Subsequently, the duo and their teammates worked with their IT colleagues across Microsoft Digital and partner teams from across the company to develop a change management and skilling strategy grounded in data and tailored by role and organization.

To ensure our adoption strategy was rooted in actionable insights, the team developed a robust data framework to understand user behavior across the organization. By analyzing factors such as geographic location, job function, and Copilot usage patterns, they surfaced high-value opportunities—what they referred to as adoption “hotspots,” or clusters of employees with shared roles and training needs.

Based on these adoption hotspots, they could design skilling activities for those specific groups, catering to their needs for more targeted and effective engagement.

“We have created a wealth of metrics and usage numbers in order to analyze the organizations, where employees are based, what their role is, and their current usage levels,” Jones says.

For example, one such hotspot identified was our Cloud Operations and Innovation (CO+I) organization, specifically employees in that organization working in data centers. The team designed targeted training events for these employees, using examples and skilling activities that resonated with their daily tasks and challenges. By mirroring real-world scenarios, Jones, Hausfelder and the team ensured that skilling felt relevant and immediately applicable—an approach that proved highly effective in driving usage.

From exploration to acceleration—building a culture of adoption

Hausfelder characterized the initial phase of Copilot deployment as a time of discovery and rapid learning.

“When I got engaged to drive adoption of Copilot at Microsoft, it was early days—some experiences were still basic, and all of us had to learn how to efficiently use it to support us,” Hausfelder says. “In fact, we were the first large, global enterprise to apply AI at scale. So initially we all were in a kind of explorer mode—discovering what it can do today, how we can bring all employees along on this journey, and how we can help envision the future of Copilot by collecting rich feedback.”

To support this journey, they launched an early adopters’ program, equipping engineers, support teams, and other strategic roles with Copilot licenses. As confidence and capability grew, the rollout expanded to include key areas such as legal, HR, marketing, and sales. Additionally, there were efforts to target employees working in specific roles, like change management, PM, software engineering, and so on.

Their multi-pronged enablement strategy included:

• Power hours: Guided sessions showing how to use Copilot across Microsoft 365 apps like Teams and Outlook.
• “Get Engaged” sessions: Interactive workshops—some hosted in local languages—to explore Copilot’s capabilities, gather live feedback, and surface feature requests.
• Surveys and analytics: Quantitative and qualitative feedback was gathered through in-app reporting, enterprise-wide surveys, and focused research activities.

These feedback loops weren’t just about fine-tuning internal adoption—they played a vital role in shaping the evolution of the product itself. User insights were prioritized and funneled directly to the Copilot product group, fueling a continuous improvement cycle.

Measuring success at scale and sustaining momentum

No transformation effort is complete without accountability.

“We could see exactly which organizations were thriving and where we had opportunities to re-engage.”

Sandra Hausfelder, a global Copilot adoption lead, Microsoft Digital

The team used Microsoft Viva to track progress and set measurable targets. Using aggregate data, they monitored monthly active usage—which consistently stayed in the 90% range—as well as net satisfaction (NSAT) scores, which offered insight into how users were responding to Copilot, and where there was room to improve.

This data allowed the team to pinpoint which change management strategies worked and where further engagement was needed.

“We could see exactly which organizations were thriving and where we had opportunities to re-engage,” Hausfelder says.

As Copilot continues to evolve, so does the need for ongoing learning and awareness. Features that may have underwhelmed users in the early days have since been enhanced—making it crucial to reintroduce them with a fresh perspective.

 “Copilot has completely changed the way I work,” Hausfelder says. “I’m excited to help others unlock the same kind of productivity gains—and to see where Copilot takes us next.”

To keep the momentum going without overwhelming users, we’re leveraging gamification, organic peer-to-peer learning, and an active internal community that shares role-specific use cases and favorite scenarios. We’re also expanding our Customer Zero efforts, identifying new “hero scenarios” that showcase transformative use cases and sharing those insights with both internal stakeholders and customers.

A playbook for the future of AI-assisted work

Our successful deployment of Copilot offers a pragmatic blueprint for organizations embarking on their own AI transformation. By grounding its strategy in data, tailoring adoption efforts to specific roles, and cultivating a culture of continuous feedback and exploration, As a company, we’re actively shaping the future of work—and setting a precedent others can learn from.

As Copilot evolves alongside the workforce, our approach highlights a practical reality—transformation isn’t a one-time milestone, but an ongoing journey of learning, adaptation, and innovation.

Key takeaways

Here are some top learnings you can adopt from our experience rolling out Copilot:

• Prepare for change: Accelerate the adoption of Copilot by designing a change management and skilling strategy based on organizations and roles.
• Meet people where they are: Identify groups of employees in specific roles and design skilling activities specific to their roles.
• Encourage ownership: Drive widespread adoption of Copilot by conducting sessions to engage employees and collect feedback.
• Measure the impact: Monitor usage and feedback to understand how Copilot is being used.
• Look ahead: As you deploy Copilot, stay alert to new opportunities for continuous learning, awareness, and productivity enhancement.

Try it out

• Experience the future of productivity with Microsoft 365 Copilot—your intelligent assistant for seamless work and collaboration.
• Discover the power of employee engagement and well-being with Microsoft Viva—transform your workplace today.

Related links

• Read our guide for deploying Microsoft 365 Copilot.
• Learn how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Find out how we’re unlocking the value of Microsoft 365 Copilot at Microsoft.
• Check out how we’re working to perfect Microsoft 365 Copilot localization.
• Discover how we’re deploying Copilot in Microsoft Viva Engage.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Driving the future of work: How we’re approaching Microsoft 365 Copilot change management at Microsoft appeared first on Inside Track Blog.

But how do you move into the agentic future without putting your organization and employees at risk? How do you encourage citizen developers to create agents freely while maintaining security, privacy, and compliance?

At Microsoft Digital, the company’s IT organization, we’re putting practical governance structures in place to ensure our internal agents are useful, safe, and properly scoped. Through employee empowerment with guardrails, we’re unlocking the potential of the agentic era.

New frontiers, new challenges

Plenty of organizations are still getting used to the idea of AI in the workplace. Adding agents on top of that can ignite fears for IT practitioners, security teams, privacy experts, and other professionals whose job it is to keep their organizations functioning safely and smoothly.

“We’re now putting generative AI capabilities into the hands of people with little to no technical background, and that’s incredible from a productivity and innovation standpoint.”

Aisha Hasan, Power Platform and Copilot Studio product manager, Microsoft Digital

Most of those fears are around a new territory of unknowns. Organizations want to understand if and how agents will exacerbate existing vulnerabilities and violate policies. They’re unsure whether centralized governance is enough to secure agents at scale. And they’re worried about agent sprawl—too many agents shared too freely, with too little oversight.

The democratic nature of agent building plays a major role.

“We’re now putting generative AI capabilities into the hands of people with little to no technical background, and that’s incredible from a productivity and innovation standpoint,” says Aisha Hasan, Power Platform and Copilot Studio product manager for Microsoft Digital. “But it also makes it simpler for people to do potentially risky things, because AI lets them do it that much faster and easier.”

To address these risks, our governance team at Microsoft Digital has identified the greatest challenges facing the company and our customers. They include:

• Ensuring users and apps don’t get access to privileged information and effectively applying controls
• Keeping employees from creating agents that violate company policies
• Balancing between the freedom for employees to share their creations and the need to prevent agent sprawl
• Delineating which agents are authoritative, safe, and centralized for enterprise functions
• Inventorying agents to provide lifecycle management

Managing all of these challenges comes down to a delicate balancing act.

“The key is to achieve an equilibrium between innovation and governance,” Hasan says. “A strong policy framework is the foundation of good governance.”

Applying our existing governance groundwork to agents

At Microsoft Digital, our approach to governing agents has grown out of years of practices and policies that we’ve already matured with other products, including AI-powered tools like Microsoft 365 Copilot. We’re also learning as we build, identifying new issues and edge cases as they emerge.

“You have to learn from what you’ve already successfully worked into your tenant. What are your core governance principles, and what’s your risk tolerance for different capabilities like openness to external systems or high-compliance environments?”

Amy Rosenkranz, principal product manager, Copilot Extensibility team, Microsoft Digital

We prioritize three chief categories to keep our employees and organization safe:

1. Security: We’ve established standards for data classification, policies on handling confidential information, and other security measures to protect data from unauthorized access, misuse, and disclosures. Microsoft Purview powers these capabilities through data labeling, rights management, and data loss prevention.
2. Privacy: Privacy compliance measures keep personal data protected and ensure agents adhere to regulatory frameworks in regions where we operate. We conduct regular privacy assessments for all applications, and that applies to high-impact agents as well.
3. Regulatory compliance: Regulatory compliance assessments ensure agents meet legal standards. To keep us up to speed, our Legal and Compliance teams carefully monitor AI guidelines, regulations, and laws as they evolve so we can understand and incorporate them into our assessments.

Expanding these priorities to agents is an unfolding process for our Microsoft Digital Governance and Security teams.

“You have to learn from what you’ve already successfully worked into your tenant,” says Amy Rosenkranz, principal product manager responsible for Copilot extensibility with Microsoft Digital. “What are your core governance principles, and what’s your risk tolerance for different capabilities like openness to external systems or high-compliance environments?”

We incorporated elements of our tenant’s minimum bar for governance into how we secure agents. Those include Microsoft Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.

Although our all-up strategy is to govern at the container level, the added functionality of agents demands that we also introduce further controls like sharing limits, breadth of knowledge sources, agent metadata, and information about an agent’s behaviors.

“We’re focused on what we allow for our employees, what governance means in this environment, and expanding these principles out to cover individual agents.”

David Johnson, tenant and compliance architect, Microsoft Digital

Our intention is always to act as proactively as possible while putting reactive structures in place to catch any issues that arise. After all, this is a new technology, so there are bound to be some surprises. By combining all of these elements, we’ve landed on four core principles for governing agents:

1. We empower employees to create and share simple, low-risk agents: We provide a safe space and personal flexibility that allows individual employees to experiment without implicating company data or content that users don’t own.
2. We capture and vet sensitive data flows at the enterprise level: More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation. Builders need to demonstrate that they’ve thought through the security and privacy implications of their agents, so these projects go through approval process flows similar to any other professionally developed apps before we trust them with potentially sensitive data.
3. We protect data designated confidential or higher: We contain data flows to tenant mandates and only trust suitable storage destinations for content. That depends on the ability to gate which connectors can work with particular source data and sensitivity labels.
4. We honor the enterprise lifecycle: Both user-based and attestation-based lifecycles come into play. We treat agents that individual users own like any other user app and delete them when the employee leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the software development lifecycle (SDL), and accountability confirmations.

“It all goes back to our core principles, to what we’re trying to achieve,” says David Johnson, tenant and compliance architect with Microsoft Digital. “We’re focused on what we allow for our employees, what governance means in this environment, and expanding these principles out to cover individual agents.”

Covering the full spectrum of agents with a toolkit of policies and protections

Because agents are so diverse, generalized governance will only get you so far. There’s an entire matrix of different parameters that apply to any agent, and they all require different policies. Those parameters include:

• Different types of reach: Personal agents, limited sharing like dev environments, or broad sharing
• The agent-building tool: Microsoft 365 Copilot agent builder, SharePoint agent builder, Microsoft Copilot Studio, or tools geared to more professional developers
• Knowledge sources: Public sites, SharePoint and OneDrive, directly uploaded files, enterprise apps and systems, and third-party products
• Enterprise sanctioning: Whether we promote agents into officially published internal tools that represent authoritative applications

Each of these parameters creates a pivot that we need to manage through governance, and we’ve painstakingly assembled a set of policies and controls to account for them. As our understanding and use of agents advances, we’re continually updating how we match their characteristics and capabilities with relevant policies and any applicable reviews.

“Well-established application policies help us drive adoption and management for agents.”

Mykhailo Sydorchuk, Customer Zero lead, Microsoft 365 integrated experiences, Microsoft Digital

In addition to mapping out our policies for governing agents, this chart illustrates how we see their relative utility across our organization. From left to right, it demonstrates an escalation from personally useful to organizationally useful agents. Their governance policies and controls escalate accordingly.

“Well-established application policies help us drive adoption and management for agents,” says Mykhailo Sydorchuk, a Customer Zero lead for Microsoft 365 integrated experiences at Microsoft Digital. “Fortunately, most organizations have well-defined security, privacy, and other governance mechanisms in place, so it shouldn’t be too difficult to extend those to agents.”

Managing agent sprawl in the enterprise environment

Our governance structures, practices, and policies also prevent sprawl that comes from unnecessary, duplicative, or unused agents. For example, if more than one team were to create an agent that points to HR information, the employee experience would suffer because our users wouldn’t be sure which agent presents the authoritative source of truth.

Most importantly, Microsoft Digital partners with other internal organizations to ensure they target agent development to avoid sprawl. Ideally, these engagements take place before teams start building their agents so we can avoid wasted effort or rework.

Microsoft Digital acts as a resource for teams who create agents in three ways:

1. Before we set a team free to create an agent, we conduct early consultations that empower teams to identify the right scenarios. If a pre-existing agent fits their scenario, we encourage them to use that agent instead of creating another, redundant solution.
2. We actively partner with teams to lend technical assistance and ensure they only build relevant, uniquely useful solutions that don’t overlap with other, already-authoritative enterprise agents. Additionally, we encourage creators to build the simplest possible solution to meet their needs so they can deliver agents with minimal custom investment and iterate quickly.
3. Members of Microsoft Digital operate as an “Agent Center of Excellence.” They conduct internal engagements, acting as educators and coaches for teams who want to build agents.

We also combat sprawl in other ways. First, user-based lifecycles and periodic attestation help us keep agents from getting out of hand by making sure employees take accountability for them. Requiring attestation means that agents cease to exist once they’re no longer useful or their owner leaves the company.

In-product controls are very helpful. For example, our policies around how widely individuals or teams can share their agents restrict the degree they overlap with each other.

IT administration helps us control the many surface areas for creating and publishing agents. Because we have a firm minimum bar founded in our overall tenant, that provides a good policy framework for consistency among admins.

Finally, user education has an important role to play. Like agent creation capabilities themselves, our employee knowledge-building efforts are still relatively new. We’re prioritizing education to ensure everyone can use these tools safely and keep them scoped to their needs.

“The biggest part of managing sprawl is that we clean house regularly,” Johnson says. “We make sure we tie every agent to some sort of accountability policy to confirm it’s still compliant, effectively managed, and secure, and if all of that is in place, the agent can continue its work.”

Lessons learned from our agent governance efforts

As your organization dives deeper into the new era of AI-empowered work, agents will become an essential part of your employees’ day-to-day lives. But your IT, Security, Privacy, Data, and other teams may have concerns about ensuring the new agentic frontier doesn’t turn into the Wild West.

Although every organization is unique, the lessons you learn from our experience can help you start unlocking the power of agents. Here are five steps you can take today:

1. Provide safe spaces with appropriate guardrails for individual employees to experiment with simple agents. Copilot Studio agent builder is a great place to start.
2. Empower a small number of trusted creators to experiment with more powerful agent-building tools under the close watch of IT, Governance, Security, Privacy, Data, and HR teams. This will help you see where the gaps appear in existing processes and policies, and it will provide visibility into what you need to review as these processes become more widely available.
3. Revisit your labeling structures and data flows. It will be important to have these structures in place to support this new agentic environment. Start by learning from our experience governing AI internally at Microsoft.
4. Adapt your review process to the new world of agents. It’s highly likely you have robust security, privacy, and accessibility reviews in place. Without too much work, you can add reviews into the publishing workflow for agents you intend to use at the line of business or company-wide level. Also consider adding reviews for Responsible AI.
5. Establish a reasonable enterprise lifecycle for agents that includes attestation. That will keep agents from sprawling or remaining in place after employees have left your organization or simply no longer need a particular agent.

As AI continues to evolve and agents become essential assistants for every employee, developing structures to guide their creation and use will only become more important.

“We definitely want to prevent sprawl and promote safety, but we also want to encourage all employees at Microsoft to build agents,” Hasan says. “We accomplish that by standardizing the ‘what’ and the ‘why’ around agents and the policies that govern them.”

We’re just at the beginning of this journey, but our core principle will remain the same: We empower employees while providing guardrails.

Key takeaways

Below, you’ll find essential guidelines for successfully governing agents within your organization, covering everything from policy frameworks and environment strategies to leveraging Copilot Studio and adhering to global regulations.

• The complexity of governing agents depends on the maturity of your organization and where you are in your adoption journey. Start slowly to let that maturity build.
• A strong policy framework is the foundation. Lean on existing app governance policies, then layer agent-specific structures on top.
• Figure out your building environment strategy. Decide on what scenarios match up with specific environments and make the relevant environments available to the relevant employees.
• Don’t forget that Copilot Studio is part of Power Platform. Use what you’ve learned empowering citizen developers in Power Platform to guide your work with agents.
• Global regulations around categories like privacy, security, and responsibility provide a good baseline for establishing governance policies. Set relevant teams to work thinking through these regulations and incorporate their insights into your agent governance.

Try it out

Find out how to set up Microsoft 365 Copilot and assign licenses at your organization.

Related links

• Learn about how we’re embracing this new ‘agentic’ moment at Microsoft.
• See how we’re getting more value out of AI with Microsoft 365 Copilot extensibility.
• Explore ways we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Discover our process for unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Riding the wave of agents washing over Microsoft with good governance appeared first on Inside Track Blog.

Engage with our experts!

Customers or Microsoft account team representatives from Fortune 500 companies are welcome to request a virtual engagement on this topic with experts from our Microsoft Digital team.

The digital transformation of Microsoft spans the entire personal computing revolution, from the days of DOS and early Windows desktops, through our journey to the Azure cloud, to our modern engineering era highlighted by the rise of AI.

Today, the company has grown into a global organization with more than 220,000 employees. They all rely on us in Microsoft Digital—the company’s IT organization—to provide the tools, technologies, and solutions that empower them to accomplish more every day.

The need for digital transformation

The history of information technology is one of constant evolution, and the pace of change has never felt greater than it does right now. The AI capabilities and other groundbreaking innovations unveiled in the last few years show the potential to radically transform our world and change the way we think about and operate all IT services.

When the world pivoted to remote online work and collaboration because of the COVID-19 pandemic, it was just one example of how digital transformation doesn’t always happen in a straight line or on a predictable schedule. Our company’s history of shaping and adapting its IT organization to the latest challenges faced by employees and partners is no different; marked by bold decisions and strategic shifts that reflect our ever-changing world.

Mapping our IT journey

Today, Microsoft Digital is the team that powers, protects, and transforms the digital employee experience across all devices, applications, and hybrid infrastructure at the company. Using our deep knowledge and experience in enterprise IT, we’re pivoting to help lead the company’s AI transformation while enabling our customers to take advantage of this generational opportunity to reshape their businesses and IT operations.

To understand where we’re going, it helps to take a look at where we’ve been. This article explores the details of the major eras of our IT history, and the shifts to examine the trendlines and technological innovations that are shaping Microsoft Digital today.

On-Premises IT era (founding to 2009)

It’s useful to break the history of our IT operations into different eras. For the first three decades or so from its founding in 1975, Microsoft operated with on-premises IT systems. This era was characterized by the setup, operation, and maintenance of onsite physical technology—servers, datacenters, and other hardware infrastructure.

During this time, IT roles were narrowly defined. IT team members functioned primarily as “order-takers,” with limited influence over strategic decisions.

Because funding was inconsistent, our IT organization had limited growth opportunities and relied on vendors for development work. Gaps were filled in with “shadow IT” efforts, where other internal teams would procure their own hardware without formal IT approval or standards.

We established security as an early priority for the company. Co-founder Bill Gates launched the Trustworthy Computing initiative more than two decades ago, an effort emphasizing the importance of security, privacy, and reliability across Microsoft products and services both internally and externally.

Our On-Premises IT era established the foundation that would become crucial to the company’s future digital transformations.

All in on the cloud: The Cloud and Culture era (2010-2018)

Cloud computing marked the next significant shift in the history of digital transformation at Microsoft. This transition, which began in 2010 under the leadership of CEO Steve Ballmer, signaled a major break with the previous era of physical IT infrastructure and an important step toward today’s distributed-computing world.

The launch of the cloud computing solution then known as Windows Azure heralded this new era, as we transitioned away from an IT philosophy focused on the Windows desktop client toward a more platform-agnostic view. Cloud computing infrastructure offered extensive advantages for the customer and for our own IT networks. (Azure was one of the earliest examples of our Customer Zero philosophy, a linchpin concept that continues to drive innovation here at Microsoft Digital.)

We started our journey by moving productivity workloads (Exchange and SharePoint) to the cloud. Then, we shifted new development to Azure and optimized modern applications to run in the cloud. We also moved existing applications targeted for migration to virtual machines. Today, 98.5% of our IT systems supporting employees run on Azure.

Cultural transformation

Another important shift during this era was the profound cultural transformation at Microsoft sparked by new CEO Satya Nadella, who rose to the top job at the company in 2014. (Nadella had previously run the Microsoft cloud computing and enterprise group, so he was already steeped in the idea of transformational change at the company.)

“Achieving our mission requires us to evolve our culture. It all starts with a growth mindset—a passion to learn and bring our best every day to make a bigger difference in the world.”

Satya Nadella, CEO, Microsoft

Before Nadella’s ascension, Microsoft had long been known for its extremely competitive, “know-it-all” culture. Employees succeeded by showcasing their own individual achievements and how their accomplishments exceeded their peers.

Nadella changed this ethos by championing a growth mindset, encouraging employees to be “learn-it-alls” rather than “know-it-alls.” The shift included placing new importance on how employees contributed to the success of others, a value that was incorporated into individual performance reviews. Nadella made this transformation his personal mission and directed leadership to propagate the new philosophy at all levels across the organization.

“Achieving our mission requires us to evolve our culture,” Nadella says. “It all starts with a growth mindset—a passion to learn and bring our best every day to make a bigger difference in the world.”

Some of the key principles that made up this new culture had a direct impact on our ongoing digital transformation journey. These included:

• Being willing to try new things and being unafraid to fail fast
• Obsessing over what matters to customers
• Seeking collaboration across teams rather than working in silos
• Making a difference in the world

The combination of the shift to cloud computing infrastructure and overhauling the company culture helped set the stage for the major technological innovations to come.

A new vision: The Modern Engineering era (2018-2023)

For years, IT at Microsoft had been order takers, doing what the business requested with limited ability to impact strategic priorities. That changed as we shifted to become a modern engineering organization. With support from our executive leadership, IT was elevated to primary engineering function at Microsoft. Rather than simply taking orders, the team was empowered to lead with a strong vision for the future on information technology. In fact, leading with vision is the primary hallmark of our Modern Engineering era. As we moved into this new era, we needed a clearly articulated view of our goals as an IT organization and the resources needed to achieve them.

Aligning our goals with the larger company vision pushes us beyond our day-to-day work and comfortable routines and enables us to deliver high-value work for the company. Every group within Microsoft Digital has its own clear, targeted vision grounded in what our customers need and the larger goals of the organization.

Role transformation

After the transition from the old model of traditional IT to cloud computing was fully underway, we tackled the next challenge: adapting the IT roles in our engineering organization to this new paradigm.

The Modern Engineering era

Operating an engineering organization in a cloud environment meant new roles, new skills, and a new mindset. With no need to manage hardware or server space, our modern IT professionals often worked more closely with business groups, which required higher-level strategic business chops. There was an increased emphasis on DevOps skills, Agile program management, and user-centric design principles.

In many cases, we were able to help our employees gain the skills required to work in this new environment—a product of the company’s emphasis on continuous learning and a growth mindset. At the same time, we looked for new hires who had these newer network-engineering skills and would be able to work alongside existing team members, helping them adapt to their new roles.

User-centric, coherent design

Our design philosophy puts the user—an employee or guest—at the heart of every decision we make at Microsoft Digital. This helps us align all facility services (both physical and digital) with the needs of our people and our company culture.

The goal of this approach is to make tasks that might have previously caused friction in an employee’s day simpler and easier. Instead of dealing with disconnected systems, user-centric design introduces consistent and logical flow between services. This makes it easier for people to access services, learn how to use them, and then put them to good use.

Microsoft also embraces coherent design across all our products. A similar look and feel, along with familiar usage patterns, accelerates employee usage and adoption. 

Embracing work-from-anywhere capability

During the pandemic, when our workforce was still fully remote, our organization was already starting to think about what the new hybrid workplace would look like when people started returning to the office. We identified three key dimensions of the employee experience:

• Physical spaces: We partner with Global Workplace Services to create spaces that support an inclusive approach to hybrid productivity.
• Digital capabilities: We keep employees productive and the environment safe and secure no matter where they’re located or how they connect.
• Culture: A strong partnership with HR ensures the digital employee experience connects with and embodies our aspirational company culture.

Customer Zero at Microsoft

Customer Zero

Our term for employee obsession with Microsoft products is “Customer Zero.” At Microsoft Digital we take pride in being the first customer for a wide variety of Microsoft products and services, obsessing over our own employee experience in order to create products that enable every person on the planet to be more productive.

Being Customer Zero means forging a deep partnership between our IT organization and product engineering groups to envision the right experiences, co-develop innovative solutions, and then listen to and act on insights gathered from our employees. We work together to stay grounded in the way our employees use our products every day, so your employees can benefit from our insights.

{Read about how we’re improving our employee experience through our Customer Zero focus.}

Managing shadow IT with a culture of trust

Shadow IT is the unknown and unmanaged set of applications, services, and infrastructure that are developed and managed outside standard IT policies. Shadow IT typically crops up when engineering teams are unable to support the needs of non-engineering partners, a situation that could arise from a lack of available engineering capacity or the need for specialized domain solutions. 

While earlier eras of our IT history focused on trying to prevent shadow IT, we are now concentrating on managing it. We use Azure best practices to optimize shadow IT and Microsoft 365 governance policies to ensure that our corporate security, privacy, and accessibility standards are being met.

{Learn how optimizing our Microsoft Azure usage is helping us manage our Shadow IT.}

The AI era (2023 to present)

The latest chapter in the history of our organization’s digital transformation is defined by the integration of AI into all our operations. AI is revolutionizing how Microsoft approaches IT and business processes, driving efficiency and innovation across the board.

“The potential for transformation through AI is nearly limitless. We’re evaluating every service in our portfolio to consider how AI can improve outcomes, lower costs, and create a sustained competitive advantage for Microsoft and for our customers.”

Nathalie D’Hers, corporate vice president, Employee Experience

In the last several years, we’ve demonstrated our commitment to completely rethinking every dimension of IT. From the apps, workflows, and services that power our employee experience to the network, infrastructure and devices that enable employee productivity, our AI-focused investments provide a solid foundation for the innovations that are coming fast.

“The potential for transformation through AI is nearly limitless,” says Nathalie D’Hers, corporate vice president of Employee Experience at Microsoft. “We’re evaluating every service in our portfolio to consider how AI can improve outcomes, lower costs, and create a sustained competitive advantage for Microsoft and for our customers.”

As we look at the future of Microsoft Digital, we’re focusing on three high-level priorities: security, service fundamentals, and corporate functions growth. We’ll work to excel in all three areas with the help of our industry-leading AI tools and technologies.

“Our mission is to power and protect Microsoft, and that starts with an unwavering commitment to the Secure Future Initiative.”

Brian Fielder, vice president, Microsoft Digital

Securing our future

Security is our highest priority at Microsoft Digital. Spearheaded by Nadella, the Secure Future Initiative brings together every part of Microsoft to ensure the highest level of cybersecurity protection across the company in all our products. 

“Prioritizing security above all else is critical to our company’s future,” Nadella says. “Every task we take on—from a line of code to a customer or partner process—is an opportunity to help bolster our own security and that of our entire ecosystem. If you’re faced with a tradeoff between security and another priority, your answer is clear: Do security.”

The Secure Future Initiative is built on three core principles: Secure by design, secure by default, and secure operations. As the company’s IT organization, we work relentlessly to fulfill the key pillars of the Secure Future initiative across all our systems, including:

• Safeguarding identities and secrets
• Protecting tenants and isolating production systems
• Securing networks and engineering systems
• Enhancing threat detection
• Expediting response and remediation

“Our mission is to power and protect Microsoft, and that starts with an unwavering commitment to the Secure Future Initiative,” says Brian Fielder, vice president of Microsoft Digital.

Secure Future Initiative | Microsoft

Transforming and securing our network and infrastructure

We’re focused on using AI to infuse data-driven intelligence into every part of our infrastructure and network operations. This allows us to optimize network operations and increase security while simultaneously improving outcomes.

Examples include:

• Network observability and governance: Ensuring data accuracy, eliminating non-compliant hardware and software, and real-time updates
• Securing endpoints: Device management, asset management, and patching
• Zero Trust networking: Isolating device classes and limiting attacker’s movements across the network
• Network access: Azure VPN, identity management, and Secure Access Workstation (SAW) infrastructure security

{Learn more about implementing a Zero Trust security model at Microsoft.}

Device management

We manage a vast network of more than 1 million interconnected employee devices, including more than 264,000 Windows devices. Managing these devices requires significant time and resources, generating more than 12,000 support tickets weekly.

To manage this enormous set of devices, we’re investing in a range of new AI-powered device capabilities that span the entire device lifecycle. These include:

• Integrated employee device procurement
• AI-powered predictive maintenance and intelligent troubleshooting
• Advanced insights and data-driven device administration
• Device security and vulnerability management
• Remote worker device experience
• Meeting rooms and calling

{Check out how we’re rethinking device management internally at Microsoft with AI.}

Foundations: Service fundamentals

The second pillar of our three major Microsoft Digital priorities is to maintain the highest standards of service fundamentals. These are the essential capabilities and practices that enable us to deliver reliable, secure, and compliant services. Adhering to the highest standards of service fundamentals ensures that our organization continues to play a critical role in running the company’s business, enabling innovation, agility, and resilience in a fast-changing and competitive environment.

Solid foundations

We’ll accomplish this by focusing on the following areas: 

• Compliance: In addition to regulatory compliance, where we’ll align with the requirements of all global jurisdictions that apply to us, we’ll continue to improve our security posture by deploying all patches and new releases as required. 
• Privacy: We’ll maintain privacy controls in accordance with company policies and complete privacy reviews as appropriate. This priority will assume even greater significance as we develop new AI capabilities. 
• Accessibility: We’ll continue investing in making our services accessible to all users. This includes using the latest accessibility tools and trainings, following all Microsoft standards, and conducting accessibility testing.
• Resilience: We’ll ensure the resilience of our services through sound service excellence practices that minimize business impact due to service outages. These include safe change management to minimize disruptions due to code or configuration changes, automated certification management, and best-in-class incident management. 
• Engineering fundamentals: In addition to our ongoing focus on adopting AI capabilities that enable more efficient and higher-quality development of solutions, we’ll continue to follow best practices for securing code repositories, software supply chains, build and release pipelines, and dev and test environments.
• Tenant management: With the help of AI, we’re building a coherent asset management solution across Microsoft 365 and Power Platform to serve both admins and users. We’ll prioritize securing the tenant, limiting reach and access, and applying zero trust principles to make our systems secure by default.

Defragmenting our employee experience

Our vision is to deliver a unified, connected, and personalized experience where users can access employee data, tools, and insights from one place.

“We see AI as the key to unlocking the full potential of our employees. It delivers personalized experiences that empower us all to work smarter, faster and happier—unleashing the innovation and collaboration necessary for our success.”

Sean MacDonald, partner director of product management, Microsoft Digital

One of the key ways we’re doing this is with Microsoft 365 Copilot, which functions as a “UI for AI” across our employee services and tools. An example is our Employee Self-Service Agent in Microsoft 365 Copilot, an AI-driven tool that helps employees more efficiently find context-specific answers to their questions using natural-language queries.

“We see AI as the key to unlocking the full potential of our employees,” says Sean MacDonald, partner director of product management in Microsoft Digital. “It delivers personalized experiences that empower us all to work smarter, faster and happier—unleashing the innovation and collaboration necessary for our success.”

To achieve our vision, we’re building a workplace where AI defragments the employee experience by:

• Providing contextual support in the flow of work.
• Reducing the number of sites and apps an employee must remember.
• Using Microsoft 365 Copilot as the “UI for AI,” making it simple for employees to find information, to take action, and even to fully automate certain repeatable tasks.

Tenant management

We manage one of the most complex tenants anywhere. Governance today is a somewhat fragmented experience, with no clear mechanism for IT to safely enable self-service asset creation for sites, Teams, groups, Power Apps, and so on. These unmanaged assets increase the risk of over-sharing sensitive data and compromise the health and security of our IT environment.

In the world of AI, security through obscurity is no longer a viable option. This means data hygiene, permission management, and data protection are essential to providing trustworthy AI tools that don’t overexpose sensitive content, while still providing quality responses.

{Read about one way we’re improving security by protecting elevated-privilege accounts at Microsoft.}

Transforming our support experience

We’re using generative AI to transform the way our employees interact with our support services. IT issues will be either auto-remediated or resolved remotely and instantly through conversational, personalized, and contextualized solutions, often without agent intervention.

We’ll accomplish this with a focus on the following:

• User experience: Self-help will use Copilot for Helpdesk (a declarative agent tool) to provide personalized, accurate, and cost-effective issue resolution. Notably, a seamless transition to human agents can occur even while the user stays within Copilot.
• Agent experience: Operational efficiency and automation powered by Copilot for Service will be integrated into the Service Operations Workspace. The service includes chat and incident summarization that recommends next-best actions and drafts contextual answers to queries.

{Find out how we’re modernizing our internal Help Desk experience with ServiceNow.}

Corporate functions growth

Our third major priority in Microsoft Digital is to improve how we support the company’s corporate functions organizations, including HR, legal, and building services.

“With AI, we have so many new ways to innovate. From saving valuable time for our legal professionals, to optimizing building occupancy, to helping our HR professionals support employees in the hybrid workplace, we have incredible potential to make our corporate functions more efficient and impactful.”

Patrice Pelland, partner engineering manager, Microsoft Digital

This is a particular challenge, as all these teams are being asked to do more with less today; Microsoft can no longer afford to grow operational costs at the same rate as in the past.

AI will play a fundamental role in transforming the business workflows of our corporate functions partners while improving operational efficiency, user productivity, regulatory and corporate compliance, and data-driven decision making. It will revolutionize the way they operate by automating repetitive and time-consuming operational tasks.

“With AI, we have so many new ways to innovate,” says Patrice Pelland, a partner engineering manager in Microsoft Digital. “From saving valuable time for our legal professionals, to optimizing building occupancy, to helping our HR professionals support employees in the hybrid workplace, we have incredible potential to make our corporate functions more efficient and impactful.”

Some of the corporate functions areas that we hope to grow by taking advantage of AI capabilities and related increased efficiencies include:

• Human Resources: We’ll advance the mission of the company’s HR organization by using AI-driven workflow scenarios such as enhanced communications support and intelligent recruiting throughout the candidate experience.

{Learn more about how we boosted HR services with our new Employee Self-Service Agent.}

• Legal: Our vision for integrating AI into Corporate, External, and Legal Affairs (CELA) includes more discoverable legal findings, better corporate document management with the Docufy platform, enhanced engagement with Microsoft Philanthropies, and accelerated support for business-critical functions such as immigration, contracting, and insider trading compliance.

{Read how AI is revolutionizing the way we support corporate functions at Microsoft.}

• Global Workplace Services: In supporting the technology needs for more than 570 company buildings worldwide, we are poised to use AI and related innovations to implement cost savings in the areas of workspace management, facilities management, and financial systems for GWS operations.

{Find out more about using AI to enhance flexible work at Microsoft.}

• Travel and expense: Our plan is to work for near elimination of the traditional expense reporting process through AI-based and touchless experiences, driving simplification and productivity gains.

{Check out how OneExpense transformed our employee expense reporting.}

A catalyst for change and growth

Microsoft’s digital transformation is a story of evolutionary change, resilience, and adaptation across multiple eras of information technology. From our origins as a traditional IT organization to becoming a modern engineering organization focused on driving AI-powered innovation, we in Microsoft Digital remain a catalyst for change within the company and our industry.

With our insights borne of customer and employee obsession, we’re committed to streamlining IT operations while prioritizing security, revolutionizing user services, and facilitating corporate functions growth and development. All with the overarching goal of making Microsoft employees everywhere more productive while showing our customers and partners what’s possible as we move forward together into the future of IT.

“We’ve been through many eras of IT at Microsoft, and I’m so excited to lead Microsoft Digital during this era of AI,” D’Hers says. “The future of IT has never been so exciting!”

Key takeaways

Our IT digital transformation story offers valuable lessons for organizations in the midst of their own IT journey. They include:

• Be vision-led: A clear, articulated vision is crucial for driving transformation.
• Foster a growth mindset: Encourage continuous learning and adaptability among employees (a “learn-it-all” culture).
• Invest in people: Upskill and reskill your workforce to keep pace with technological advancements and emphasize diversity of skills and experience.
• Insist on security: Prioritize security in all aspects of operations to safeguard data and maintain trust.
• Focus on collaboration and partnership: Create successful hybrid work environments to foster strong partnerships across functions.
• Seek continuous improvement: Learn from the past and use those lessons to shape the future.
• Embrace AI: Take advantage of AI tools and technologies to drive efficiency, innovation, and security.

Try it out

Visit our Microsoft Digital Inside Track website to learn more about how we’re transforming the way we do IT at Microsoft.

Related links

• Read about how we’re becoming a Frontier Firm through the power of AI at Microsoft.
• Discover how we boosted employee support with the new Employee Self-Service Agent in Microsoft 365 Copilot.
• Learn how we power agentic AI adoption internally with our Customer Zero approach.
• Access our guide for executives that walks through how to deploy Microsoft 365 Copilot at your company.
• Check out the ways we’re reshaping Microsoft with continuous improvement and AI..  

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Digitally transforming Microsoft: Our IT journey appeared first on Inside Track Blog.