Microsoft has confirm what many were expecting. They are holding a Surface event next month (October 12th).
Being held and streamed online also, the event, which is officially dubbed “Microsoft Fall 2022 Event,” is being hosted the day before its global Ignite Event. October also marks the 10 year anniversary of Surface! Wow.
What to expect
As is usual this time of year, the rumour mill and noise around the event is on fire.
It is “expected” that Microsoft will be annoucing the Surface Pro 9 which will have the option of Arm or Intel processors, update to Surface Laptop and a new (but different) Surface Studio.
There is also rumour of new Surface accessories coming too, and knowing Microsoft there will also be a couple of suprises..
To find out first hand what is new and what to get excited about, you can register and watch live by registering here.
Microsoft now claims that they handle, process and act upon more than forty-three trillion daily threat signals.
This blog, however, does not go into the specific features and security across Microsoft 365 and Azure, but instead explores the fact that despite the extensive array of security services, tools, and products that Microsoft offer, Microsoft report that only about a quarter of their customers are actively using the core security products they’ve invested in.
This of course can mean that organisation might:
Have unnecessary security gaps, protection weaknesses and risk exposure
Be wasting money (through Microsoft protection services bought but not enabled)
Be buying twice (or more) through duplicate tools and services.
Have a more complex protection strategy than is necessary
Not be aware of Microsoft’s comprehensive multi-cloud security offerings
This blog shares some of the collective thoughts, and discussions I had with my customer advisory panel in our September fireside chat which focussed on the pros, cons, questions, and concerns around embracing the end-to-end protection across Microsoft 365 and beyond vs using point products and third-party security add-ons.
I’ve also included some (hopefully) useful links and content at the end of this blog.
Here’s the summary of the discussion points from my recent fireside chat.
1. Microsoft Security – What is in the SKU?
Speaking to the panel on my recent Fireside Chat, I believe that most organisations don’t know enough about the breadth and depth of the Microsoft 365 Security Stack they have bought and invested in.
This is due, in part, to the constant change, enhancements and investment [$4b a year in R&D] with regards the changing threat landscape and the death and breadth of tools of available within Microsoft 365 E5. Add to this the renaming of Microsoft products (they do far too much IMO).
2. Does having too many different security vendors lead to unnecessary complexity?
The Cyber Security market is huge. In a recent KPMG survey of 500 CEOs, 18% said that cyber security When I was first an IT consultant in the early noughties, security was always about having strong passwords and the best “black box device” to protect on-premises stuff! Be it, firewalls, mail security, web filters, VPN, IPS etc that protect aspects of an organisation’s internal network or Data Centre environment.
As the world has, and continues to shift to a perimeter less, multi-cloud and distributed workforce (with home working creating thousands of “offices of one”), many organisations now struggle with not only the ever-expanding threat landscape and increasing talent shortage, but the growing number of vendor solutions, their associated mounting costs, cross over of product, and features.
Complexity is the new enemy, meaning that silos and multi-vendor point products are the bane of Security Operations. Not only are they costly, but their features also overlap, they don’t necessarily integrate and in most cases, there is no single pane of glass or “intelligence” across the platforms.
This not only causes complexity and cost, but above all does not provide a holistic view of security and threats across their organisation without the use of yet more expensive tools and connectors into a SEIM platform.
We see this quite often with our customers too – particular in the case where Microsoft 365 has been organically deployed. We often see that customers, whilst heavily invested in Microsoft 365 continuing to invest and use a plethora of third-party tools and thus are not realising the true value and protection of the extensive and integrated Microsoft 365 Security Suite.
This is not just about cost either. Having too many tools addressing point solutions, combined with no holistic view of security can cause too much “noise” and alerts meaning real potential threats are ignored or get lost. This is the primary reason Microsoft cite for why “only one quarter of their customers are actively using the core security products they’ve purchased“.
As well as the advantages of a joined up and integrated security portfolio, any organisation that has, or is embracing the Microsoft Cloud, can recognise cost savings of over 52% and see ROI of 92% (according to Microsoft & Gartner) by adopting the vast array of security services within their Microsoft 365 subscription and/or by displacing legacy point products.
3. “In my opinion” Microsoft Security is world class
It doesn’t have to be this way though, and once there is joint awareness, understanding and trust in the Microsoft security portfolio – this complexity and silo approach to security can be a thing of the past.
Microsoft (as any end to end security provider) would say that that Microsoft can secure and protect the entire digital footprint for every enterprise customer, however the reality is for any organisation that has, or is embracing Microsoft Cloud, significant cost advantages (>52% according to Microsoft & Gartner) can be achieved in security alone by enabling the services they have bought and displacing all or most of their legacy point security products.
Joining us on the Fireside chat this month was Jose Lazaro Pinos, a Security Architect at Microsoft. He said that:
Many of the clients we work are onboard and committed to leveraging Microsoft Cloud and Microsoft Security across the board. This extends to beyond basic hygiene services such as Azure AD, Conditional Access, Identity Protection and Privilege Identity Management, into the more advanced compliance and protection services such as Defender for Office 365, Identity and Endpoint, DLP and Purview (formerly Microsoft Information Protection) for compliance and data protection and Sentinel for SEIM and XDR.
L&Q, like many organisations have a hugely diverse workforce and the tight integration of the Microsoft Security products have enabled them to have confidence that their employees, devices, and data are well protected wherever they are. Paul also said in the chat, that with the Exec board are on-top of Security and it’s very much front and centre so Paul and his team need to top of their game and trying to ensure they continue to get value from the new things coming to Microsoft Security is top of mind and again enforces what we hear about point one above.
4. What are the downsides of a single vendor approach?
In short, the consensus from the panel was “probably none” – not anymore.
Go back just 5 years and I’d say most IT and security teams had a negative (or empty) view of Microsoft as a “security company”. Even as their reputation improved, it was still commonplace to see many organisations that were accepting of just how extensive Microsoft’s security offering has become still question “what if one vendor gets compromised, you need protection from the other vendor that hadn’t been compromised“.
More recently, this view is changing, as my customer panel confirmed. Zero Trust is all about defense in depth and having multiple layers of protection. The key principle is not necessary about a single or multi-vendor, but more important is the need for seamless join up and integration between the service layers – whether this is a mix of vendor products connected via API driven integration into a SEIM, or the integration and consistency (which is key) through using a joined-up suite of products which provides multi-layer protection.
Its critical of course that whatever you use can see and protect all your applications, services and infrastructure including services which sit outside the Microsoft Cloud.
The panel also agreed that managing multiple security tools creates unnecessary workload for their IT and SecOps team as they have multiple products dashboards to check and consolidate and the terminology signals don’t always align.
Rowland Hills said that the reality here is that for any smaller business, where you are struggling to have a couple of people in IT and in which case have one or sometimes no dedicated security focussed person. The impact of attack of course is no different no matter how big or small you are, but one of the things about leveraging cloud for security means that the smallest or largest organisations benefit from the power of Microsoft Cloud which has some impressive threat protection stats (which they asked me to share).
Microsoft Security On-Ramp – where to start
Firstly, you don’t have to spend loads of money to get some increased awareness – you can work with your Microsoft Cloud Security partner and/or leverage some of the free tools, assessments, workshops, and training available to you as a Microsoft 365 customer.
Collaborate to Sharing Best Practice
We also find more recently that organisations are starting to form security alliances where they share best practice methodologies, observations and even training and workshops with their peers in similar organisations.
This can be a great way to reduce the burden on stretched IT resources as well as reduce cost when they are paying for or attending security assessments and workshops, much in the same way we do with our customer panel on our monthly Fireside Chats.
Do it yourself withMicrosoft Secure Score
Microsoft Secure Score enables your IT or Security Operations team to review, score and benchmark your organisation’s secure posture. Secure Score works by representing your security metric across the entire digital estate irrespective of whether you’re using a Microsoft or third-party tools.
Secure Score does four things
Provides a tool to help you assess the state of your security posture across identity, devices, information, apps, and infrastructure. You can also benchmark your organisation’s status over time and compare it to other organisations.
Evaluate each recommendation using embedded guidance to determine which vectors of attack are a priority and how they can be mitigated. Can also be used to help identity and add improvement actions to your posture improvement plan.
Help determine potential user impact using integrated workflow capabilities to and identify the procedures necessary to implement each recommendation in your environment.
Use historical reports to track and maintain progress, identify regressions, and report to leaderships teams. Using measurable data, clearly demonstrate the progress you’re making to better secure your environment.
Leverage Free* Cloud Security Workshops
Cisilion are one of a handful of trusted Microsoft Cloud Security partners that can deliver free (*funded – subject to approval by Microsoft) workshops, threat assessments and awareness workshops to help organisations understand, test drive, and prove the value of Microsoft Security whether they have already invested int he product suites or not.
These provide an overview, deep dive, and hands on exposure to help you understand key areas and aspects of key areas of threat protection including:
Securing corporate identities and access
Defending against threats with SEIM plus XDR
Securing Azure and multi-cloud environments
Mitigating compliance and privacy risks including “insider risk”
Protect and govern sensitive data
Defense and visibility in depth with Azure Sentinel
All paying Microsoft 365 commercial and public sector organisations will have entitlement to Microsoft Fast Track Services. This is a free consultative and guidance service delivered by Microsoft or their trusted Fast Track partners and provides free guidance and assistance for the enablement and adoption of Microsoft Cloud Technology.
Public Webinars and News
There is lots of useful content, webinars and new on the Microsoft Security Pages:
Microsoft has just launched Microsoft Teams Pro which is, in their words, “designed to provide an integrated experience and bridge the gap between physical and digital workspaces“. In short, the Teams Room Pro license combines the previous Microsoft Teams Standard and Microsoft Teams Rooms Premium licenses. There is also a new free license, Teams Room Basic – which provides limited Teams Room functionality.
As of Sept 1st, 2022, organisations can no longer purchase new Teams Room Standard or Teams Room Premium licenses – they need to buy Pro or use the “free” basic license.
Teams Room Pro vs Basic – What is the difference?
Teams Room Basic
Teams Room Basic license is really designed for small businesses (there’s a limit of twenty-five meeting rooms) and is £0 / FREE. It supports single screen and provides foundational Teams meeting experiences like scheduling and joining meetings as well as wireless content sharing but lacks many of the things that were included in Teams Room Standard. Teams Rooms Basic is included with the purchase of any certified Teams Rooms device at no additional cost, purchased on or after September 1, 2022. Customers can apply up to 25 Basic licenses to their tenant.
For small customers or those that just need basic book and join meetings, this provides a potential cost saving of ~£180 a year per room.
Teams Room Pro
For most organisations (and any that have over twenty-five rooms), Teams Pro is what organisations will want and need. With Microsoft Teams Rooms Pro, users will get to access all the existing Teams Rooms features they have been used to with Teams Room Standard, but they also get new innovations, and the Teams Rooms Managed Service platform. This costs $40 per room per month – about £30 and organisations can use this license (or purchase) with their Teams Room partner to provide a comprehensive Managed Meeting Room experience with the additional value-added service being provided by expert Teams Rooms Partners which includes Cisilion and several others.
Microsoft Teams Rooms Pro provides all the enhanced in-room meeting experiences such as intelligent audio and video, content capture, front row and large galleries, and multi-screen support as well as support for Teams Phone. The Teams Rooms Pro licenses also provides advanced management features like remote device management, auto-updates and patching, conditional access policies, and detailed device analytics, problem diagnosis and vendor hardware updates which is not included on Teams Room Basic. Teams Room Pro also allows IT to connect the Teams Room environment into their IT Service Management (ITSM) platforms like Service Now and Science Logic for example.
Microsoft would like to point customers to their partner pages for any organisation who is seeking additional help managing and supporting their meeting rooms, via partners like Cisilion who have strong technical expertise and deep customer success focus.
License and Feature Comparisons
Teams Room Basic
Teams Room Pro
Max no. Licenses
Microsoft Teams Licence
Azure AD Premium P1
Web Direct or NCE via Partner
Web Direct, NCE (via Partner), EA, EAS, CSP,
Feature Comparison – Meeting Join
Teams Room Basic
Teams Room Pro
Join meetings with 1-touch, proximity, meeting ID
Start ad-hoc meetings from Teams Room
Direct Guest Join (Zoom & Webex)
Room check-in via Teams Panel
Join meetings across Teams Cloud
Feature Comparison – Engagement and Collaboration
Teams Room Basic
Teams Room Pro
Share and view all Teams content types
Large Gallery Support (up to 50 videos)
Split Gallery (Dual Screen)
Feature Comparison – Calling
Teams Room Basic
Teams Room Pro
Make and receive peer to peer and group calls
Microsoft 365 Phone System (PSTN Calling)
Feature Comparison – Intelligent audio and video
Teams Room Basic
Teams Room Pro
Support for intelligent speakers with live transcription and speaker identification
Panoramic Room View
AI noise suppression
People counting / occupancy
Feature Comparison – Device Management
Teams Room Basic
Teams Room Pro
Teams Admin Centre enrollment & inventory
Automatic software updates
Detailed system and configuration info
Peripheral health management
Device history and activity
Custom health alerts
Device and usage analytics
Feature Comparison – Security & Compliance
Teams Room Basic
Teams Room Pro
Secure Operating System
System Level Security
Azure AD conditional access policies
I’ve already got licenses – what does this mean to me?
For most organisations, they will need to make the shift to Teams Room Pro at the end of their license term or reduce the license to Teams Room Basic if they feel they do not need any of the advanced features.
For customers who don’t have an enterprise agreement (usually a 3-year term), and that buy Web Direct (on a credit card) or via a CSP partner, you will no longer be able to buy new Microsoft Teams Rooms Standard or Premium licences; for all new rooms, you will have to use either Teams Room Basic or Pro licences. Once your existing licence term expires for your existing licences, you must make the shift to Teams Pro (or down grade to basic).
Whilst the cost increase will frustrate many users that buy Teams Room Standard today, the price for Teams Room Pro is still very much in line with how much, and the way in which the other providers like Zoom and Cisco also charge for their Room licenses. Microsoft have added a plethora of new features to Teams and Teams Room over the past few years and these price increases are there to support these and future enhancements.
Mix and match – it is also possible, if you wany/need to mix Pro and Basic licenses but bear in mind that the functionality will be different for the different rooms which users will find confusing especially if they use any of the advanced meeting features listed above. might be confusing. More importantly, the management and admin experience will also be different for the Rooms. Remember this is a tenant level limit of 25 Basic Rooms/devices.
Windows 11 version 22H2 is the next major update coming to Windows 11 was released yesterday (20th Sept 2022).
Can you believe that Windows 11 has been with us for almost a year? Since then, Microsoft has been continually working with Windows Insiders to add more polish and refinement that is now making their way into this latest update, as well as continuous enhancements and improvements based on feedback and media.
The initial release last year, was the major new release of Windows which built on the success of Windows 10, but with a major new Start menu, modern UI, enhancements to security, a brand-new, modern sounds and animations, and a bunch of new features all centred around enhancing the hybrid work and play experience.
As a Windows Insider, I’ve been using and testing the Windows 11 22H2 update for some time, and this blog aims to summarise the key changes and experience from my point of view.
There’s lots of polish, improvements and changes coming in this update, the key ones worthy of mention are listed below and discussed in more detail within this blog… Enjoy!
Start menu now has App Folders
Taskbar finally support Drag and Drop
Focus Assist integrates to Notification Center
Snap Assist gets snappier and smarter.
File Explorer gets Tabs
OneDrive gets more integrated with the OS
Touch enhancements and new gestures
New Task Manager app
New Video Editing / Authoring App
Enhanced Accessibility Features
Numerous UI improvements
Version 22H2 will be offered as a free update for all Windows 11 users and is part of the life cycle updates that we are used to with Windows.
Note: Windows 10 (which is supported and serviced until 2025), will also soon be getting its 22H2 update.
Start Menu Updates
With the first version of Windows 11, Microsoft introduced an innovative new design for the Start menu that had been rebuilt from the ground up with simplicity in mind. This was led with some criticism but has been generally well received and is a nice modern touch on what was an aging look and feel.
The biggest news with this update is that users can now create app folders. Creating app folders is simply and intuitive. By simply dragging one app icon over the other, then letting go, Windows will create the app folder, which can then be named re organised and moved around move the folder around in the pinned area of the Start menu. This helps a lot with making the Start menu feel less cluttered and is similar to what we are used too on android and iOS.
Taskbar and Action Centre
Unfortunately, no…. You still cannot move the taskbar from the bottom of the screen to the sides or the top. There has been lots of feedback around this as it’s been possible to move it in all previous versions of Windows. It looks like it’s staying at the bottom (at least for now). Remember you can move the alignment of the start button to the left though!
The biggest criticism filed in feedback hub around Windows11 has been about the Taskbar and the inability to be able to drag and drop files between apps using the Taskbar. This has been resolved and is back in Windows 11 22H2 which makes multitasking with the Taskbar far easier and restores functionality that was previously part of the Taskbar in previous versions of Windows…. Shame it’s taken a year to put it back!
The Action Center has also received a bunch of updates too, including the “focus assist” button, which has moved from Quick Settings into the Notification panel where it makes more sense. As part of the move, it’s also been renamed to “do not disturb.” which also makes more sense. Microsoft has also added a new “focus” timer under the calendar flyout.
The focus timer is now also paired with the Windows 11 Clock app, which can also synchronise with your Microsoft To-Do lists and to Spotify. In this latest update users can now start a do not disturb session (with music) straight from the notification center, whereas previously this had to be launched from the Clock app.
Finally, the Bluetooth action in the Quick Settings panel has been updated with the ability to view and manage Bluetooth devices without having to launch the Settings app first. This brings it in line with other Quick Setting actions like the Wi-Fi and accessibility toggles.
Snap Assist Updates
One the best new features that hit Windows 11 was Snap Assist, which provides a simple and intuitive way of aligning Windows across your display(s).
This update brings and additional way of initiating snap assist. With this update, and in addition to the drop-down snapping menu that appears when you hover a window at the top of the screen, and the ability to drag app windows to the far left or right of your screen, the 22H2 update adds a new “snap bar” menu that drops down from the top middle of your display when you grab an app window to move it.
The snap bar “peeks” out at the top of your screen when you begin to move an app window (rather than having to take it all the way to the top) and allows you to drag your app window into any of the snapping layouts available.
As before, the number of snap grid options is based on the size and resolution of your display.
File Explorer has received a fair amount of attention in this 22H2 update.
First up, Tabs…. Yes, Microsoft is adding tabs to the File Explorer app, something that have been requested in feedback hub for ages. Just like a Web Browser, you can now open new tabs and switch between them directly from File Explorer without having to open multiple windows.
Next, there is a new “Home” page that is now shown by default when you open the File Explorer. The layout is still familiar but has some subtle differences such as a new “favourites” and “recent” area that appears below your quick-access folders.
The Home page give you the ability to pin files to the favorites area, which will keep them front and center for ease of access. Additionally, the recents area works similarly to the recommended feed in the Start menu and shows. A history of the most recent opened files. This can be turned off if you don’t want to use it.
Microsoft has also moved personal folders out from the “This PC” section – this now only shows storage and network drives. This means if you want to access your user folders, you need to go to the Home page or the sidebar. Whilst this was tested with Windows Insiders, I suspect some users will find this an odd change, but I guess it does make sense.
The sidebar interface in File Explorer has also been updated slightly. Microsoft have repositioned the Home page and OneDrive folders at the top of the side bar, followed by pinned and most used folders, “This PC” and “Network drives” are at the bottom of the side bar.
OneDrive has become even more integrated into File Explorer with 22H2. It is now possible to set your OneDrive directory as the default home page for File Explorer. This is useful as more people are using OneDrive over personal local storage. File Explorer also now includes a new sync activity indicator in the top right which shows available cloud storage as well as what files are syncing or have recently been synced.
Finally, there is an updated “open with” dialog design too which is more in line with the rest of the Windows 11 design. It works in the same way as the old one, just like looks like it was built for Windows 11.
The Touch Experience has also been improved for users with touch-first devices like Surface Pro. Windows 11 removed the dedicated “tablet mode” interface that touch users were used to on Windows 10 last year and replaced it with enhancements to the desktop interface to make it easier to use with touch. With the 22H2 updat3, there are new gestures that enable access to common system areas such as the Start menu and Control Center with the swipe of a finger as well as new gestures for things like switching, closing, and snapping apps.
Start menu: Swipe up from the bottom middle of the screen.
All Apps: Swipe right in the Start menu.
Control Centre: Swipe up from the bottom right of the screen.
Switch between open apps: Three finger swipe left or right in the middle of the screen.
Task View: Three finger swipe up in the middle of the screen.
Minimise all apps: Three finger swipe down in the middle of the screen
New Native Apps
A number of the stock apps have also been updated and a major new one added.
Task Manager has been updated for the first time since Windows 8 and brings with it a brand-new design that brings it in line with the rest of the Windows 11 design language.
The updated Task Manager introduces a new sidebar along the left which is home to all the different tabs that Task Manager has always featured. From here you can access system processes, performance, app history, start-up apps, users, details, and services tabs right from the hamburger menu.
Common actions such as “end task” and “run new task” have been moved to the top right corner, just below the window controls and Microsoft has also updates the graphs in the performance tab match your system accent colour.
Microsoft has also added two brand new apps with the also the 22H2 update.
Clipchamp is a new video editing tool that Microsoft acquired last year that is now a Stock Windows 11 app. The app is good IMO and provides good video editing tools. It is simple and intuitive to use to create videos, tutorials etc., for corporate, home, or social media. There’s is a paid tier and free tier, with the paid option offering many more stock video, music and animated effects as well as free cloud storage.
Secondly, the Family Safety (also available on iOS and Android) is now available as an app on Windows 11. This is a web app, which simply points to the online Microsoft Family Safety services where you can add family members, track their location, approve purchase requests, share Office subscriptions, and monitor usage and activity across all apps and services including Xbox games.
Enhanced Accessibility Features
Microsoft is now stranger to accessibility features across their products and services.
22H2 update brings live captions, which can be enabled on any content. The live captions work across all Windows and with any app and even works without an Internet connection.
Microsoft has added a new voice access feature that enables full control your Windows PC using just your voice and is powerful, simple to use and accurate (in my testing anyway).
When voice access is enabled, a narration bar appears along the top of the screen, which then let’s you use your voice to navigate all of Windows. Key commands such as “open Start” or “scroll Edge”, “Open Word”. You can also use your voice to move the cursor to specific points on the screen, type sentences into text boxes and much more.
In all a solid bunch of updates to mark the One Year Anniversary of Windows 11. For me there is still (as there was in Windows 10) many UI inconsistencies to work on, but Microsoft are getting there and the enhancements to Start Menu and Taskbar are very much welcomed.
If you have feedback on anything in Windows 11, then I encourage you to file your feedback in the Feedback Hub. The engineers and programme managers take the feedback seriously and it is reviewed and listened to. You can get to Feedback Hub, from Windows 11 by pressing 🪟and F.
If you like what you read, please subscribe to my blog to be notified each time I update or release a new one- NO SPAM EVER!