Microsoft 365 Security vs Point Solutions

TL;DR

Microsoft now claims that they handle, process and act upon more than forty-three trillion daily threat signals.

This blog, however, does not go into the specific features and security across Microsoft 365 and Azure, but instead explores the fact that despite the extensive array of security services, tools, and products that Microsoft offer, Microsoft report that only about a quarter of their customers are actively using the core security products they’ve invested in.

Only about a quarter of our customers are actively using the core Microsoft security products that they have invested in.

Microsoft (& Forrester)

This of course can mean that organisation might:

  • Have unnecessary security gaps, protection weaknesses and risk exposure
  • Be wasting money (through Microsoft protection services bought but not enabled)
  • Be buying twice (or more) through duplicate tools and services.
  • Have a more complex protection strategy than is necessary
  • Not be aware of Microsoft’s comprehensive multi-cloud security offerings

This blog shares some of the collective thoughts, and discussions I had with my customer advisory panel in our September fireside chat which focussed on the pros, cons, questions, and concerns around embracing the end-to-end protection across Microsoft 365 and beyond vs using point products and third-party security add-ons.

I’ve also included some (hopefully) useful links and content at the end of this blog.


if you’d rather watch / listen to the show, you can find the recording below:
Fireside Chat: Microsoft 365 vs muti point security

Here’s the summary of the discussion points from my recent fireside chat.

1. Microsoft Security – What is in the SKU?

Speaking to the panel on my recent Fireside Chat, I believe that most organisations don’t know enough about the breadth and depth of the Microsoft 365 Security Stack they have bought and invested in.

We use a variety of Microsoft 365 licenses but need a better understanding of what is included in, and what are we might be missing by not investing and adopting the wider Microsoft 365 E5.

Rowland Hills | COO | Leathwaite Human Capital Limited.

This is due, in part, to the constant change, enhancements and investment [$4b a year in R&D] with regards the changing threat landscape and the death and breadth of tools of available within Microsoft 365 E5. Add to this the renaming of Microsoft products (they do far too much IMO).

There’s a plethora of tools within the Microsoft 365 E5 licence. Understanding what those tools do, what is included, what they can replace and how they fit together is the biggest challenge for us. The stack is constantly changing, and new products are added or renamed so it is hard to keep up.

Jas Bassi | Head of Solutions Delivery | Gately Legal

2. Does having too many different security vendors lead to unnecessary complexity?

The Cyber Security market is huge. In a recent KPMG survey of 500 CEOs, 18% said that cyber security When I was first an IT consultant in the early noughties, security was always about having strong passwords and the best “black box device” to protect on-premises stuff! Be it, firewalls, mail security, web filters, VPN, IPS etc that protect aspects of an organisation’s internal network or Data Centre environment.

The average organisation has over seventy security products from thirty-five different vendors.

Gartner | 2021

As the world has, and continues to shift to a perimeter less, multi-cloud and distributed workforce (with home working creating thousands of “offices of one”), many organisations now struggle with not only the ever-expanding threat landscape and increasing talent shortage, but the growing number of vendor solutions, their associated mounting costs, cross over of product, and features.

In a world of highly distributed data and disappearing perimeters, today’s enterprises are struggling not only with the expanding threat landscape, but the growing solutions landscape and their associated complexity and mounting costs.

Forrester

Complexity is the new enemy, meaning that silos and multi-vendor point products are the bane of Security Operations. Not only are they costly, but their features also overlap, they don’t necessarily integrate and in most cases, there is no single pane of glass or “intelligence” across the platforms.

This not only causes complexity and cost, but above all does not provide a holistic view of security and threats across their organisation without the use of yet more expensive tools and connectors into a SEIM platform.

We see this quite often with our customers too – particular in the case where Microsoft 365 has been organically deployed. We often see that customers, whilst heavily invested in Microsoft 365 continuing to invest and use a plethora of third-party tools and thus are not realising the true value and protection of the extensive and integrated Microsoft 365 Security Suite.

This is not just about cost either. Having too many tools addressing point solutions, combined with no holistic view of security can cause too much “noise” and alerts meaning real potential threats are ignored or get lost. This is the primary reason Microsoft cite for why “only one quarter of their customers are actively using the core security products they’ve purchased“.

As well as the advantages of a joined up and integrated security portfolio, any organisation that has, or is embracing the Microsoft Cloud, can recognise cost savings of over 52% and see ROI of 92% (according to Microsoft & Gartner) by adopting the vast array of security services within their Microsoft 365 subscription and/or by displacing legacy point products.

Organisations can typically save 52% on their security by using Microsoft 365 E5 Security compared to point products and solutions.

2021 Microsoft Zero Trust Solutions – Total Economic Value Report

3. “In my opinion” Microsoft Security is world class

It doesn’t have to be this way though, and once there is joint awareness, understanding and trust in the Microsoft security portfolio – this complexity and silo approach to security can be a thing of the past.

Microsoft (as any end to end security provider) would say that that Microsoft can secure and protect the entire digital footprint for every enterprise customer, however the reality is for any organisation that has, or is embracing Microsoft Cloud, significant cost advantages (>52% according to Microsoft & Gartner) can be achieved in security alone by enabling the services they have bought and displacing all or most of their legacy point security products.

Joining us on the Fireside chat this month was Jose Lazaro Pinos, a Security Architect at Microsoft. He said that:

Our solutions deliver comprehensive protection across your entire digital estate – Identity, Data, Apps, Endpoints, and Infrastructure Network. Where we differentiate is that security is built into our products rather than bolted on.

We have a building block approach to security and compliance and provide protection in over fifty security categories.

We are investing $20b in security over next 5 years.

Jose Lazaro Pinos | Security Architect | Microsoft

Many of the clients we work are onboard and committed to leveraging Microsoft Cloud and Microsoft Security across the board. This extends to beyond basic hygiene services such as Azure AD, Conditional Access, Identity Protection and Privilege Identity Management, into the more advanced compliance and protection services such as Defender for Office 365, Identity and Endpoint, DLP and Purview (formerly Microsoft Information Protection) for compliance and data protection and Sentinel for SEIM and XDR.

We use Microsoft Security for most things. We also use Microsoft Information Protection and DLP and were an early adopter for Azure Sentinel.

Paul Clark | Director Security & Services | London & Quadrant Housing

L&Q, like many organisations have a hugely diverse workforce and the tight integration of the Microsoft Security products have enabled them to have confidence that their employees, devices, and data are well protected wherever they are. Paul also said in the chat, that with the Exec board are on-top of Security and it’s very much front and centre so Paul and his team need to top of their game and trying to ensure they continue to get value from the new things coming to Microsoft Security is top of mind and again enforces what we hear about point one above.

The Microsoft ecosystem is our primary security stack, but if the business is not educated and engaged, it can be easy to be sold multiple products that overlap or do the same thing. We have a drive to consolidate where we can with Microsoft 365.

Alex Taylor | Group IT Director | AWIN

4. What are the downsides of a single vendor approach?

In short, the consensus from the panel was “probably none” – not anymore.

Go back just 5 years and I’d say most IT and security teams had a negative (or empty) view of Microsoft as a “security company”. Even as their reputation improved, it was still commonplace to see many organisations that were accepting of just how extensive Microsoft’s security offering has become still question “what if one vendor gets compromised, you need protection from the other vendor that hadn’t been compromised“.

Our security team used to preference a multi-vendor approach, but the benefits of a single vendor approach are recognised – single pane of glass, consolidated reporting and joined up protection across the digital estate

Lee Phipps | Strategic Enterprise Architect | East Riding of Yorkshire Council

More recently, this view is changing, as my customer panel confirmed. Zero Trust is all about defense in depth and having multiple layers of protection. The key principle is not necessary about a single or multi-vendor, but more important is the need for seamless join up and integration between the service layers – whether this is a mix of vendor products connected via API driven integration into a SEIM, or the integration and consistency (which is key) through using a joined-up suite of products which provides multi-layer protection.

Its critical of course that whatever you use can see and protect all your applications, services and infrastructure including services which sit outside the Microsoft Cloud.

Zero Trust Security Architecture

Previously we used to use third-party multi-vendor products for monitoring and DLP, but we took the decision to remove these and move them to Microsoft and to configure the ruleset in Azure Sentinel to give us a seamless view and dashboard.

Mudassar Ulhaq | CIO| Waverton Investment Management

The panel also agreed that managing multiple security tools creates unnecessary workload for their IT and SecOps team as they have multiple products dashboards to check and consolidate and the terminology signals don’t always align.

Rowland Hills said that the reality here is that for any smaller business, where you are struggling to have a couple of people in IT and in which case have one or sometimes no dedicated security focussed person. The impact of attack of course is no different no matter how big or small you are, but one of the things about leveraging cloud for security means that the smallest or largest organisations benefit from the power of Microsoft Cloud which has some impressive threat protection stats (which they asked me to share).

Microsoft Infographic showing extent of Microsoft Security Graph and Signals.
(c) Microsoft -43Trillion daily threat signals include data seen through Risk IQ acquisition

Microsoft Security On-Ramp – where to start

Firstly, you don’t have to spend loads of money to get some increased awareness – you can work with your Microsoft Cloud Security partner and/or leverage some of the free tools, assessments, workshops, and training available to you as a Microsoft 365 customer.

Collaborate to Sharing Best Practice

We also find more recently that organisations are starting to form security alliances where they share best practice methodologies, observations and even training and workshops with their peers in similar organisations.

We work with other housing associations in a collective intelligence forum where we share information around cyber awareness and best practice and if any of us have an issue, we have others to lean in and help each other out.

Paul Clark | London & Quadrant Housing

This can be a great way to reduce the burden on stretched IT resources as well as reduce cost when they are paying for or attending security assessments and workshops, much in the same way we do with our customer panel on our monthly Fireside Chats.

Do it yourself with Microsoft Secure Score

Microsoft Secure Score enables your IT or Security Operations team to review, score and benchmark your organisation’s secure posture. Secure Score works by representing your security metric across the entire digital estate irrespective of whether you’re using a Microsoft or third-party tools.

Secure Score does four things

  1. Provides a tool to help you assess the state of your security posture across identity, devices, information, apps, and infrastructure. You can also benchmark your organisation’s status over time and compare it to other organisations.
  2. Evaluate each recommendation using embedded guidance to determine which vectors of attack are a priority and how they can be mitigated. Can also be used to help identity and add improvement actions to your posture improvement plan.
  3. Help determine potential user impact using integrated workflow capabilities to and identify the procedures necessary to implement each recommendation in your environment.
  4. Use historical reports to track and maintain progress, identify regressions, and report to leaderships teams. Using measurable data, clearly demonstrate the progress you’re making to better secure your environment.
Microsoft Secure Score(r)

Leverage Free* Cloud Security Workshops

Cisilion are one of a handful of trusted Microsoft Cloud Security partners that can deliver free (*funded – subject to approval by Microsoft) workshops, threat assessments and awareness workshops to help organisations understand, test drive, and prove the value of Microsoft Security whether they have already invested int he product suites or not.

These provide an overview, deep dive, and hands on exposure to help you understand key areas and aspects of key areas of threat protection including:

  • Securing corporate identities and access
  • Defending against threats with SEIM plus XDR
  • Securing Azure and multi-cloud environments
  • Mitigating compliance and privacy risks including “insider risk”
  • Protect and govern sensitive data
  • Defense and visibility in depth with Azure Sentinel
  • Securing the endpoint

We have created a quick guide/overview to the funded workshops. To register for one of these, speak to us, contact us, or get a referral to Cisilion from your friendly Microsoft Account Team.

Microsoft Fast Track Services

All paying Microsoft 365 commercial and public sector organisations will have entitlement to Microsoft Fast Track Services. This is a free consultative and guidance service delivered by Microsoft or their trusted Fast Track partners and provides free guidance and assistance for the enablement and adoption of Microsoft Cloud Technology.

Public Webinars and News

There is lots of useful content, webinars and new on the Microsoft Security Pages:

Join Our Security Community – Microsoft Tech Community


Microsoft Teams Rooms Pro and Basic

TL;DR

Microsoft has just launched Microsoft Teams Pro which is, in their words, “designed to provide an integrated experience and bridge the gap between physical and digital workspaces“. In short, the Teams Room Pro license combines the previous Microsoft Teams Standard and Microsoft Teams Rooms Premium licenses. There is also a new free license, Teams Room Basic – which provides limited Teams Room functionality.

As of Sept 1st, 2022, organisations can no longer purchase new Teams Room Standard or Teams Room Premium licenses – they need to buy Pro or use the “free” basic license.


Teams Room Pro vs Basic – What is the difference?

Teams Room Basic

Teams Room Basic license is really designed for small businesses (there’s a limit of twenty-five meeting rooms) and is £0 / FREE. It supports single screen and provides foundational Teams meeting experiences like scheduling and joining meetings as well as wireless content sharing but lacks many of the things that were included in Teams Room Standard. Teams Rooms Basic is included with the purchase of any certified Teams Rooms device at no additional cost, purchased on or after September 1, 2022. Customers can apply up to 25 Basic licenses to their tenant.

For small customers or those that just need basic book and join meetings, this provides a potential cost saving of ~£180 a year per room.

Teams Room Pro

For most organisations (and any that have over twenty-five rooms), Teams Pro is what organisations will want and need. With Microsoft Teams Rooms Pro, users will get to access all the existing Teams Rooms features they have been used to with Teams Room Standard, but they also get new innovations, and the Teams Rooms Managed Service platform. This costs $40 per room per month – about £30 and organisations can use this license (or purchase) with their Teams Room partner to provide a comprehensive Managed Meeting Room experience with the additional value-added service being provided by expert Teams Rooms Partners which includes Cisilion and several others.

Microsoft Teams Rooms Pro provides all the enhanced in-room meeting experiences such as intelligent audio and video, content capture, front row and large galleries, and multi-screen support as well as support for Teams Phone. The Teams Rooms Pro licenses also provides advanced management features like remote device management, auto-updates and patching, conditional access policies, and detailed device analytics, problem diagnosis and vendor hardware updates which is not included on Teams Room Basic. Teams Room Pro also allows IT to connect the Teams Room environment into their IT Service Management (ITSM) platforms like Service Now and Science Logic for example.

Microsoft would like to point customers to their partner pages for any organisation who is seeking additional help managing and supporting their meeting rooms, via partners like Cisilion who have strong technical expertise and deep customer success focus.

License and Feature Comparisons

Teams Room BasicTeams Room Pro
Max no. Licenses25Unlimited
CostFree$40 (~£30)
Microsoft Teams Licence✔️✔️
Audio Conferencing ✔️✔️
Whiteboard✔️✔️
Teams Phone✔️
Microsoft Intune✔️
Azure AD Premium P1✔️
AvailabilityWorldwideWorldwide
ProcurementWeb Direct or NCE via PartnerWeb Direct, NCE (via Partner), EA, EAS, CSP,

Feature Comparison – Meeting Join

Teams Room BasicTeams Room Pro
Join meetings with 1-touch, proximity, meeting ID✔️✔️
Start ad-hoc meetings from Teams Room✔️✔️
Direct Guest Join (Zoom & Webex)✔️✔️
Room check-in via Teams Panel✔️
Join meetings across Teams Cloud✔️

Feature Comparison – Engagement and Collaboration

Teams Room BasicTeams Room Pro
Share and view all Teams content types✔️✔️
Front Row✔️
Together Mode✔️
Large Gallery Support (up to 50 videos)✔️
Split Gallery (Dual Screen)✔️

Feature Comparison – Calling

Teams Room BasicTeams Room Pro
Make and receive peer to peer and group calls✔️✔️
Microsoft 365 Phone System (PSTN Calling)✔️

Feature Comparison – Intelligent audio and video

Teams Room BasicTeams Room Pro
Support for intelligent speakers with live
transcription and speaker identification
✔️
Multi-Camera Support✔️
Panoramic Room View✔️
AI noise suppression ✔️
People counting / occupancy✔️

Feature Comparison – Device Management

Teams Room BasicTeams Room Pro
Teams Admin Centre enrollment & inventory✔️✔️
Automatic software updates✔️✔️
Detailed system and configuration info✔️
Peripheral health management✔️
Remote configuration✔️
Device history and activity✔️
ITSM integration✔️
Custom health alerts✔️
Device and usage analytics✔️

Feature Comparison – Security & Compliance

Teams Room BasicTeams Room Pro
Secure Operating System✔️✔️
System Level Security✔️✔️
Azure AD conditional access policies✔️

I’ve already got licenses – what does this mean to me?

For most organisations, they will need to make the shift to Teams Room Pro at the end of their license term or reduce the license to Teams Room Basic if they feel they do not need any of the advanced features.

For customers who don’t have an enterprise agreement (usually a 3-year term), and that buy Web Direct (on a credit card) or via a CSP partner, you will no longer be able to buy new Microsoft Teams Rooms Standard or Premium licences; for all new rooms, you will have to use either Teams Room Basic or Pro licences. Once your existing licence term expires for your existing licences, you must make the shift to Teams Pro (or down grade to basic).

Whilst the cost increase will frustrate many users that buy Teams Room Standard today, the price for Teams Room Pro is still very much in line with how much, and the way in which the other providers like Zoom and Cisco also charge for their Room licenses. Microsoft have added a plethora of new features to Teams and Teams Room over the past few years and these price increases are there to support these and future enhancements.

Mix and match – it is also possible, if you wany/need to mix Pro and Basic licenses but bear in mind that the functionality will be different for the different rooms which users will find confusing especially if they use any of the advanced meeting features listed above. might be confusing. More importantly, the management and admin experience will also be different for the Rooms. Remember this is a tenant level limit of 25 Basic Rooms/devices.

Microsoft Documentation

Pricing Information: Microsoft Teams Room Basic and Pro

Support from Partners: Microsoft would like to point customers to their partner pages for any organisation who is seeking additional help managing and supporting their meeting rooms, via partners like Cisilion who have strong technical expertise and deep customer success focus.

Windows 11 22H2 Update is here. What’s new and changed.

Windows 11 version 22H2 is the next major update coming to Windows 11 was released yesterday (20th Sept 2022).

Can you believe that Windows 11 has been with us for almost a year? Since then, Microsoft has been continually working with Windows Insiders to add more polish and refinement that is now making their way into this latest update, as well as continuous enhancements and improvements based on feedback and media.

The initial release last year, was the major new release of Windows which built on the success of Windows 10, but with a major new Start menu, modern UI, enhancements to security, a brand-new, modern sounds and animations, and a bunch of new features all centred around enhancing the hybrid work and play experience.

As a Windows Insider, I’ve been using and testing the Windows 11 22H2 update for some time, and this blog aims to summarise the key changes and experience from my point of view.

TL;DR

There’s lots of polish, improvements and changes coming in this update, the key ones worthy of mention are listed below and discussed in more detail within this blog… Enjoy!

  • Start menu now has App Folders
  • Taskbar finally support Drag and Drop
  • Focus Assist integrates to Notification Center
  • Snap Assist gets snappier and smarter.
  • File Explorer gets Tabs
  • OneDrive gets more integrated with the OS
  • Touch enhancements and new gestures
  • New Task Manager app
  • New Video Editing / Authoring App
  • Enhanced Accessibility Features
  • Numerous UI improvements

Version 22H2 will be offered as a free update for all Windows 11 users and is part of the life cycle updates that we are used to with Windows.

Note: Windows 10 (which is supported and serviced until 2025), will also soon be getting its 22H2 update.

Start Menu Updates

With the first version of Windows 11, Microsoft introduced an innovative new design for the Start menu that had been rebuilt from the ground up with simplicity in mind. This was led with some criticism but has been generally well received and is a nice modern touch on what was an aging look and feel.

The biggest news with this update is that users can now create app folders. Creating app folders is simply and intuitive. By simply dragging one app icon over the other, then letting go, Windows will create the app folder, which can then be named re organised and moved around move the folder around in the pinned area of the Start menu. This helps a lot with making the Start menu feel less cluttered and is similar to what we are used too on android and iOS.

Taskbar and Action Centre

Unfortunately, no…. You still cannot move the taskbar from the bottom of the screen to the sides or the top. There has been lots of feedback around this as it’s been possible to move it in all previous versions of Windows. It looks like it’s staying at the bottom (at least for now). Remember you can move the alignment of the start button to the left though!

The biggest criticism filed in feedback hub around Windows11 has been about the Taskbar and the inability to be able to drag and drop files between apps using the Taskbar. This has been resolved and is back in Windows 11 22H2 which makes multitasking with the Taskbar far easier and restores functionality that was previously part of the Taskbar in previous versions of Windows…. Shame it’s taken a year to put it back!

The Action Center has also received a bunch of updates too, including the “focus assist” button, which has moved from Quick Settings into the Notification panel where it makes more sense. As part of the move, it’s also been renamed to “do not disturb.” which also makes more sense. Microsoft has also added a new “focus” timer under the calendar flyout.

The focus timer is now also paired with the Windows 11 Clock app, which can also synchronise with your Microsoft To-Do lists and to Spotify. In this latest update users can now start a do not disturb session (with music) straight from the notification center, whereas previously this had to be launched from the Clock app.

Finally, the Bluetooth action in the Quick Settings panel has been updated with the ability to view and manage Bluetooth devices without having to launch the Settings app first. This brings it in line with other Quick Setting actions like the Wi-Fi and accessibility toggles.

Snap Assist Updates

One the best new features that hit Windows 11 was Snap Assist, which provides a simple and intuitive way of aligning Windows across your display(s).

This update brings and additional way of initiating snap assist. With this update, and in addition to the drop-down snapping menu that appears when you hover a window at the top of the screen, and the ability to drag app windows to the far left or right of your screen, the 22H2 update adds a new “snap bar” menu that drops down from the top middle of your display when you grab an app window to move it.

Snap Assist in Windows 11


The snap bar “peeks” out at the top of your screen when you begin to move an app window (rather than having to take it all the way to the top) and allows you to drag your app window into any of the snapping layouts available.

As before, the number of snap grid options is based on the size and resolution of your display.

File Explorer

File Explorer has received a fair amount of attention in this 22H2 update.

First up, Tabs…. Yes, Microsoft is adding tabs to the File Explorer app, something that have been requested in feedback hub for ages. Just like a Web Browser, you can now open new tabs and switch between them directly from File Explorer without having to open multiple windows.

File Explorer – with Tabs in Windows 11 22H2

Next, there is a new “Home” page that is now shown by default when you open the File Explorer. The layout is still familiar but has some subtle differences such as a new “favourites” and “recent” area that appears below your quick-access folders.

The Home page give you the ability to pin files to the favorites area, which will keep them front and center for ease of access. Additionally, the recents area works similarly to the recommended feed in the Start menu and shows. A history of the most recent opened files. This can be turned off if you don’t want to use it.

Microsoft has also moved personal folders out from the “This PC” section – this now only shows storage and network drives. This means if you want to access your user folders, you need to go to the Home page or the sidebar. Whilst this was tested with Windows Insiders, I suspect some users will find this an odd change, but I guess it does make sense.

The sidebar interface in File Explorer has also been updated slightly. Microsoft have repositioned the Home page and OneDrive folders at the top of the side bar, followed by pinned and most used folders, “This PC” and “Network drives” are at the bottom of the side bar.

OneDrive has become even more integrated into File Explorer with 22H2. It is now possible to set your OneDrive directory as the default home page for File Explorer. This is useful as more people are using OneDrive over personal local storage. File Explorer also now includes a new sync activity indicator in the top right which shows available cloud storage as well as what files are syncing or have recently been synced.

Finally, there is an updated “open with” dialog design too which is more in line with the rest of the Windows 11 design. It works in the same way as the old one, just like looks like it was built for Windows 11.

Touch Enhancements

The Touch Experience has also been improved for users with touch-first devices like Surface Pro. Windows 11 removed the dedicated “tablet mode” interface that touch users were used to on Windows 10 last year and replaced it with enhancements to the desktop interface to make it easier to use with touch. With the 22H2 updat3, there are new gestures that enable access to common system areas such as the Start menu and Control Center with the swipe of a finger as well as new gestures for things like switching, closing, and snapping apps.

  • Start menu: Swipe up from the bottom middle of the screen.
  • All Apps: Swipe right in the Start menu.
  • Control Centre: Swipe up from the bottom right of the screen.
  • Switch between open apps: Three finger swipe left or right in the middle of the screen.
  • Task View: Three finger swipe up in the middle of the screen.
  • Minimise all apps: Three finger swipe down in the middle of the screen

New Native Apps

A number of the stock apps have also been updated and a major new one added.

Task Manager has been updated for the first time since Windows 8 and brings with it a brand-new design that brings it in line with the rest of the Windows 11 design language.

New Task Manager in Windows 11 22H2

The updated Task Manager introduces a new sidebar along the left which is home to all the different tabs that Task Manager has always featured. From here you can access system processes, performance, app history, start-up apps, users, details, and services tabs right from the hamburger menu.

Common actions such as “end task” and “run new task” have been moved to the top right corner, just below the window controls and Microsoft has also updates the graphs in the performance tab match your system accent colour.

Microsoft has also added two brand new apps with the also the 22H2 update.

Clipchamp is a new video editing tool that Microsoft acquired last year that is now a Stock Windows 11 app. The app is good IMO and provides good video editing tools. It is simple and intuitive to use to create videos, tutorials etc., for corporate, home, or social media. There’s is a paid tier and free tier, with the paid option offering many more stock video, music and animated effects as well as free cloud storage.

Clipchamp App in Windows 11 22H2

Secondly, the Family Safety (also available on iOS and Android) is now available as an app on Windows 11. This is a web app, which simply points to the online Microsoft Family Safety services where you can add family members, track their location, approve purchase requests, share Office subscriptions, and monitor usage and activity across all apps and services including Xbox games.

Enhanced Accessibility Features

Microsoft is now stranger to accessibility features across their products and services.

22H2 update brings live captions, which can be enabled on any content. The live captions work across all Windows and with any app and even works without an Internet connection.

Microsoft has added a new voice access feature that enables full control your Windows PC using just your voice and is powerful, simple to use and accurate (in my testing anyway).

When voice access is enabled, a narration bar appears along the top of the screen, which then let’s you use your voice to navigate all of Windows. Key commands such as “open Start” or “scroll Edge”, “Open Word”. You can also use your voice to move the cursor to specific points on the screen, type sentences into text boxes and much more.

Summary

In all a solid bunch of updates to mark the One Year Anniversary of Windows 11. For me there is still (as there was in Windows 10) many UI inconsistencies to work on, but Microsoft are getting there and the enhancements to Start Menu and Taskbar are very much welcomed.

If you have feedback on anything in Windows 11, then I encourage you to file your feedback in the Feedback Hub. The engineers and programme managers take the feedback seriously and it is reviewed and listened to. You can get to Feedback Hub, from Windows 11 by pressing 🪟and F.


If you like what you read, please subscribe to my blog to be notified each time I update or release a new one- NO SPAM EVER!

Microsoft launches Adoption Score to help businesses get the best from their Microsoft 365 investment.

Microsoft has released another analytics dashboard for the Microsoft 365 admin centre called Adoption Score. This latest AI driven insights dashboard is designed to assist IT and Customer Success Teams to ensure their employees are making the most from the core productivity and collaboration tools across Microsoft 365. Adoption Score replaces the  Productivity Score dashboard whilst adding a bunch of new features and controls that are designed to help enhance effectiveness and efficiency.

The anonymised metrics in Adoption Score help IT admins understand and optimize Microsoft 365 usage patterns in support of their digital transformation journey. The new name reflects the new product truth and provides clearer differentiation from other solutions that offer insights for business leaders and managers.

Microsoft.

Microsoft also indicated that they plan to add more functionality over time with the long term of aim of helping  IT (and / or their support partners or MSPs) ensure they are making the most out of their Microsoft 365 investment. Also included are lots of privacy controls to ensure organisations can adhere to their user-level privacy commitments which helps ensure it isn’t used as a spying or workplace surveillance tool.

Adoption Score shows how Microsoft 365 software gets used in an organisations and then offers “recommended actions” for more efficient use of those products. It also has a scoring service across eight categories that can be compared with similar sized organisations.

Microsoft 365 Adoption Score

Data is obtained and anonamises using Microsoft 365 application use data from activity across “Exchange, SharePoint, OneDrive, Teams, Word, Excel, PowerPoint, OneNote, Outlook, Yammer and Skype.

Privacy

Microsoft claims that Adoption Score only shows “anonymised metrics.” The announcement stated that “Adoption Score is backed by Microsoft’s continued commitment to user-level privacy — meaning no one in a customer’s organisation can use Adoption Score to access data about how an individual user is using apps and services in Microsoft 365”, meaning you can’t identity individuals in the reports.

New Features

One of the new features is called “Time Trends” which will also soon be part of the Adoption Score Tool, which will help organisations better  understand historical data insights across the business and departments. This new “Time Trends will be added to each people experience category across Content Collaboration, Meetings, Teamwork, Mobility and Communication. Data will now be analysed from up to 180 days of historic data (but can be customised).

The tools will enable IT to better understand how a particular behaviour or insight, such as the response rate for new email responses, @mentions and Comms via Teams for example has evolved over the last 30, 90 or 180 days which enables IT or success mangers to understand the meaning behind the tends, helping them see whether they are close to achieving set goals for the adoption of modern comms tools (over just reply to all type email chains).

Availability

The Adoption Score tool is available now (rolling out) to all commercial Microsoft 365 subscriptions and can be accessed by Global admins (and then delayed as needed). On initial access, IT are required to approve both Adoption Score analytics and the people experiences category in order to access the Time trend data.

Viva Engage aims to improve company culture and human connector at work.

During Inspire 2022, Microsoft announced that they were intending to expand Microsoft Viva with a new Engage module. As of now, Viva Engage is generally available and rolling out.

What is Microsoft Viva

Viva Engage is the latest component of Microsoft’s Employee Experience platform, Viva. Viva brings together communications, knowledge, learning, sales, company goals, resources, and insights in the flow of work to foster a culture that empowers employees and teams to be their best from anywhere. It consists of Viva Insights, Viva Learning, Viva Topics, Viva Goals and now Viva Engage.

What is Viva Engage?

In short, Viva Engage is an Enterprise Social experience that allows employees to interact,  share news, ideas and stories as well as to develop relationships, establish internal connections, and at the same time provide an opportunity for people to learn from each other all from within Microsoft Teams,  helping to foster a better company culture

The purpose of Viva Engage is to “Connect everyone at your organisation through employee communities and conversations using Viva Engage, a Microsoft Teams app powered by Yammer“.

Viva Engage from Microsoft

Microsoft Viva Engage is not entirely new, but the name is! It is an modern version of the Yammer Communities app that’s been around for sometime.  It builds upon the social and communication capabilities of Yammer and Microsoft 365 apps and services, Viva Engage also beings new features and capabilities designed to make the experience more seamless than before. 

Viva Engage has a personalised Home page feature the brings users into a social landing page, where they can see news and posts from their connections. Like Facebook and Linked In for example, the feed learns and shows content that is most relevant based on machine learning and personal preferences.

Also within Viva Engage is a Communities Hub along with a list of recommended communities (if you are sed to using Yammer this will be familiar).

Viva Engage Stories

So what’s the connection between Viva Engage and Yammer?

Viva Engage is a new app, integrated in Teams, that surfaces existing and new employee experiences powered by Yammer services. Viva Engage delivers high-value employee experiences including community building, leadership engagement, knowledge sharing, and self-expression. The Viva Engage app integrates these experiences into Teams, and introduces new features including storyline and stories.

This means that for organisations that use Yammer today, these new Viva Engage features will also appear in Yammer web, desktop and mobile apps. So whether a user visits to Yammer.com, uses one of the popular Yammer mobile apps for iOS or Android, or experiences the Viva Engage app in Teams, they will see the same content and generally access effectively the same feature set.

New features coming too.

New to Viva Engage (and coming in the next few weeks) is the Storyline and Stories features, which have been built to enhance engagement among employees. With this, employees will be able to share their thoughts widely with colleagues through conversations and videos, similar to the experience in Instagram Stories.

The dedicated Storylines tab will get populated with content from colleagues but also features popular and trending posts from across the network. Employees can also use the ‘follow’ feature to follow other employees making simple to get updates and news from persons of interest.

Licensing and Costs

The new Viva Engage app, storyline and stories, are available to any organisation/user with a Yammer license, which is on by default for all Microsoft 365 commercial customers.

Conclusion

Viva Engage is not a new application, it is instead a partial re-brand of Yammer for Microsoft Teams with new modern features and deeper integration across Microsoft 365 apps and services.

Since Teams apps are the universal apps for the Microsoft 365 ecosystem Viva Engage will also replace the Yammer Communities app that is available for Outlook and Teams making Yammer more available from a variety of locations inside Microsoft 365.


To find out more about Viva Engage follow the link to Microsoft’s dedicated page.

Should every organisation be considering Windows 365?

Windows 365 has just celebrated its first birthday – but what is it and why is Microsoft betting big on Windows 365 to help improve the employee experience, tighten security, and provide better agility for employees?

Businesses globally are once again being hit head on with challenges unrivalled in recent business history. Employee churn-rates are at record levels presenting unique business challenges, whilst the continuing shift in the workforce from centralised offices to home working has increased the number of “work locations” exponentially. Combined with the on-going global supply chain shortages, and logistical difficulties in procuring, preparing, and shipping new devices to employees makes onboarding new employees more challenging than ever. The continuing need to provide employees with a secure, professional, corporate desktop environment is pressuring IT to make decisions that can impact process, security, governance and above all employee satisfaction.

Microsoft are betting big with Windows 365, since it can help organisations significantly reduce the time it takes to provide new employees with access to their corporate desktop environment from days or weeks to minutes without compromising security. What’s more, unlike traditional on-premises Virtual Desktop Infrastructure (VDI) environments, Windows 365 (which is a new category of cloud computing, known as Cloud PC, simplifies the entire provisioning process and user experience.

In conjunction with the Enterprise Security Group, Microsoft recently carried out a TEI study which found that by leveraging Windows 365 Cloud PC, organisations can significantly lower the cost of providing access to an organisation’s end user computing environment whilst improving security and employee satisfaction. The ESG report also revealed that Windows 365 can provide a “typical organisation” with an overall annual benefit of up $7,271 per user for small businesses and up to $6,765 per user for companies with over 1,000 employees.

What is Windows 365?

In short, Windows 365 unlocks a new category of hybrid personal computing, called “Cloud PC” that delivers Windows from the cloud. It aims to provide a hybrid approach to providing client computing by utilising a cloud service that is not tied to any specific hardware.

Image (c) Microsoft

Windows 365 combines the power and security of Windows 10 or Windows 11 with the scalability and versatility of cloud to provide a personal, reliable, and familiar work/desktop environment on any supported physical device. If want to see it in action, you can head over to Microsoft’s YouTube video here.

Similar in concept, but different to VDI technology, Cloud PCs are one of the newest Microsoft cloud solutions to come to market. Cloud PCs are optimised for business and user agility, are highly secure, persistent to the user and are billed on a per-user, per-month model that simplifies the cost and infrastructure complexity of client computing environments and on-premises VDI solutions.

The report by ESG validated that Windows 365 provides capabilities that address nine of the ten business challenges identified by IT leaders.

Source: ESG Complete Survey Results, End-user Computing Trends, February 2022.

SIMPLE, COST EFFECTIVE, POWERFUL, SECURE – Windows 365 works by giving each user a dedicated Cloud PC (of a chosen specification) that runs their own individual Windows 10 or Windows 11 desktop environment while providing an extremely simple-to-manage ecosystem all managed via Microsoft’s Endpoint Manager toolset which is used to manage the rest of the physical desktop or laptop estate. For users, this means they can bring their existing device and instantly be presented with a familiar and powerful end-user computing experience either while they “wait” for their replacement or physical device or instead of waiting for IT to procure, provision, and image a new corporate device. In turn the ESG report finds that Cloud PC technology provides an effective solution for organisations of any size and sector, which are working to meet the complex needs of a hybrid or remote workforce.

Benefits of Windows 365 Cloud PC

Cost Predictability

The ESG report, concludes that Windows 365 delivers a combination of lowered costs, eliminated costs, and a predictable fixed cost model which can provides significant financial benefit in several areas.

  • Lower costs: Shifting to Windows 365 lowers and eliminates costs in several areas, including VDI licensing, server operating systems, remote desktop licensing, storage, management, power and cooling, license management, VDI management, procurement, and end-of-life costs.
  • Fixed-price model: Windows 365 Cloud PC pricing is based on a simple per-user, per-month model which that allows organisations to match computing and storage needs to individual user requirements. There is value in being able to project costs in business. Most VDI pricing models are based on consumption, which, while this may initially seem like an advantage, most organisation often find that their monthly charges extend far beyond projections when usage spikes unexpectedly.
  • Ability to cross-charge services: Organisations that charge internal or external business groups fees for licenses, hardware, or services will find that the Windows 365 predictable cost model makes it much easier to allocate specific costs in a granular and predictable way, especially when compared to the capital-intensive purchases needed to facilitate on-premises VDI or DaaS.

Business and User Agility

With employee churn-rates are at record levels, continuing delays in supply chains and with more employees, contractors and temporary staff being permanently remote, getting new employees up and running as quickly as possible is a big challenge. Windows 365 allows companies to provide highly secure Cloud PCs running Windows 11 on their device within minutes verses hours, days, or weeks.

  • Time to employee enablement: The time from when a new employee, temporary worker, or contractor is hired to when they are fully onboarded with their corporate device often takes time, leads to the employee getting a second-hand device, or means it delays their onboarding time. Leveraging Cloud PC technology can, however, means that organisations can now provide new starters with a new Windows desktop is under an hour, allowing them to security access their work environment from any supported device that the new worker wishes to use, even if it is only a temporary situation.
  • Enablement of temporary/seasonal workers – The cost in both money and time to empower short-term workers with a company work environment is often high, and either inhibits an organisation’s willingness to employ temporary works or worse, means they are forced to compromise on security due to the time to procure and provision a device. With Windows 365, temporary workers can quickly be provisioned so they have immediate access to the corporate environment while safe in the knowledge that all intellectual property stays secured within the corporate environment, and that the Cloud PC can be immediately removed at the end of the contract period.
  • Efficient IT Management – When compared to the effort required in procuring, preparing, and delivering laptops to users or even configuring and deploying virtual desktops with traditional VDI platforms, deployment of Cloud PC technology like Windows 365 can result in a 46% reduction in IT effort.
  • Ability to use any device – Windows 365 allows IT to provide workers with a highly secure, Windows 11 desktop on any supported device even though the host device may not be capable of natively running the OS. This is also great for “Bring Your Own Device” (BYOD) scenarios for employees who may just be starting or have shifted to working from home or short-term workers such as interns, contractors, and consultants.
  • Increased ability to react quicky to seasonal demand – The ability to get a secure, corporate desktop to users quickly is one of the barriers to rapid enablement. Windows 365 Cloud PCs empower businesses to immediately create and decommission desktops to react to opportunities that might be ignored in other DaaS or VDI environments.
  • Equality with the employees – The mindset of the workforce has changed from “May I have a job?” to an attitude of “What are you willing to do to keep me as an employee?”. Treating all employees as equals and providing them with a premium, professional-grade work environment is two of the key criteria for ensuring employee satisfaction. With Windows 365, employees can access a highly secure, personalized Windows 11 work experience through their Cloud PC, regardless of location or available device.
  • Merger and acquisition (M&A) scenarios – Mergers and acquisition events take months, even years, to align the separate work environments that result in an M&A to the same access and security postures. This limits potential cooperation between the entities and delays the full realization of value for the event. The ability to rapidly assimilate the new entities to the existing EUC solution accelerates the time to value and reduces the cost and risk of running parallel environments. The time to combine these two work environments into one can be significantly reduced by using Windows 365 Cloud PC.

Improved Security Posture

Employees and contractors today are working outside conventional environments and often on hardware that was never intended to be on corporate networks. The result is an increased risk of security breaches and data loss and, in many cases, missed business opportunities. ESG has found that organizations that adopt Windows 365 can help enhance their security posture in the following areas.

  • Inclusive, Secure, yet Flexible remote work – Cloud PCs can enable a hybrid workforce in a highly secure manner, even if those workers sometimes or always do their work on devices that aren’t expected to have direct access to corporate networks. Windows 365 Cloud PCs offer a layer of isolation that provides strong protection for the work environment and helps prevent data leakage or loss, with configurable options for how the Cloud PC interact with available physical device.
  • Business continuity and governance – As we know, COVID-19 forced almost every business to suddenly rethink, re-shift and re-prioritise their approach to remote work in a matter of days – doing all they could to get devices, repurpose old kit, leverage employee’s personal devices and ramp up VDI deployments, VPN and remote access tech to enable their people to work, often at the expense of usability, security and governance. As the future of this now unfolds into the hybrid workplace we see before us, technology like Windows 365 becomes a viable BC/DR solution. In short, Windows 365 could now be a vital cornerstone of a business continuity strategy and one that minimises disruption, maintains security and governance and provides a smooth transition for users.
  • Immediate on-boarding and offboarding of employees/contractors – The cost of PC recovery in the event of an offboarded employee or contractor is high and can take weeks in today’s expanded work environment. Interestingly, IBM estimates that 44% of breach events are caused intentionally by disgruntled employees who have been terminated but still have access to company hardware and resources. One of the benefits of Windows 365 is that as well as near instant provisioning, it also allows for the immediate removal of access to the Cloud PC along with all company data.
  • Protection of company data – the FBI estimate that 1 in 10 laptop devices will be lost or stolen during their lifetime, with the risk and financial exposure per event estimated to be between £25,000 and £45,000. Since Windows 365 Cloud PC devices store no data on the host device, a lost or stolen Cloud PC can be limited to the cost of the hardware and can be instantly accessed on another device, meaning no loss of productivity and no risk or loss or theft or corporate data.

What’s your experience of Windows 365?

As always, I’d love to hear your experiences, thoughts, and feedback on this – please leave a comment in the boxes below.


To read more about Windows 365, you can also check out Microsoft’s official FAQ

Surface Laptop Go 2 – “Hands on” Review

Last year, I reviewed the Microsoft Surface Laptop Go. Now, after a couple of weeks of use as my “temporary” daily machines, this is my review of the updated, 2022, Microsoft Surface Laptop Go 2 which starts from just £600 in the UK (about $US 700).

You can also check out my video review here:

TL;DR

So – in short, the 2022 edition of the Surface Laptop Go 2 is a fantastic device for anyone in an admin role, those who travels a lot, work in education, front-line, sales etc., that needs a “good” overall performer (for email, web, office apps, bit of Netflix or Paramount+, etc.) but isn’t a “power user”. Laptop Go 2 is sleek, fast, affordable, portable, and easily powerful enough for most productivity tasks at home or work.

Image of Surface Laptop Go 2
Surface Laptop Go 2

INTRODUCING “LAPTOP GO 2”

Version 2 of the Surface Laptop Go 2 – is every bit similar in shape, size, look at feel than the original but improves on it in several ways (under the hood). Inside, we now get an 11th Generation Intel Core processor alongside Intel Iris Xe graphics [last year’s model had the 10th Gen processors and Intel UHD graphics).

Microsoft say that the battery life in this model has also been slightly increased, partly owing to new Operating System Efficiencies in Windows 11 along with the lower power consuming 11th Gen chipsets.

LOOK AND FEEL

Laptop Go 2 weighs in at just 1.13kg and measures just 278.2mm x 206.2mm x 15.7mm – making it beautifully compact and lightweight and ideal for both students or anyone who travels or commutes a lot who are looking for something small, light but functional to take back and forth on the daily commute.

As you come to expect with a Surface Device, Laptop Go 2 is sleek and stylish. It comes in four colours including the standard Platinum, Ice Blue, Sage, and Sandstone. The model I tested was the Platinum model which is made of lightweight aluminium and has the familiar mirrored Microsoft logo on the lid.

When you open the clam-shell lid, you are presented with a full-size rubberised plastic keyboard, which Microsoft claims “provides 30% more key travel than the MacBook Air and a large trackpad. Being a more “budget friendly” device, there is no backlighting on the keyboard and the trackpad doesn’t have haptic feedback like the new Surface Laptop Studio debuted.

The power button (which does light up), also serves as a fingerprint sensor which you can use with Windows Hello to unlock the laptop.

Connectivity-wise, you get the same ports as on the Surface Laptop and last year’s Laptop Go 1 – a Single USB-C port (which supports 4K video), Single USB-A port, 3.5 mm headphone jack and the Surface Connect port which it uses for charging. You also get Wi-Fi 6 and Bluetooth 5.1.

Note: the USB-C port doesn’t support charging like many new laptops, so you’ll need to keep using the Surface Connect Port charger which comes in the box.

The screen on the Surface Laptop Go 2 has a 12.4-inch PixelSense touchscreen display with a resolution of 1536 x 1024p and a 3:2 aspect ratio like that found on most of the newer Surface family. The display is bright, clear, and sharp with great colours and black blacks – event in direct sunlight. Don’t get me wrong, Surface Laptop Go 2 is not intended for professional-level graphics or artwork, but it is more than good for viewing documents, web pages or watching videos. It also doesn’t support use of the Surface Pen, which is of course another cost saving thing.

The Webcam – is tiny and located between two small spatial microphones on the top edge of the screen. Unlike the “bigger” versions of Surface, this does not support Windows Hello and is only a 720p. This is the one area I wish Microsoft hadn’t “saved money” on as webcam quality is important in the new world of hybrid and remote work. I’m also so used to the Windows Hello Camera and personally prefer it over the fingerprint reader. Microsoft say that the camera on the Laptop Go 2 is an upgrade on last year’s model and features a “new camera module providing improved brightness, contrast and colour balance“.

Image taken from Teams Call on Surface Laptop Go 2
Image taken from Teams on Surface Laptop Go 2

Low light and bright backlight quality was handled well, but the image did feel a little grainy at full screen – I think I’d still prefer at 1080p webcam though – feels like a compromise we don’t need.

SPECS, PEFORMANCE & BATTERY

SPECIFICATIONS
The device I’ve had on loan, is powered by a Quadcore, 11th Gen Intel Core i5-1135G7 processor, the Intel Iris Xe graphics chipset and 16GB RAM along with a 256GB SSD.

Like all Surface’s Laptop Go 2 is available in both consumer and business editions. The business version ships with Windows 11 Professional and providing enhanced secure features including Secured-Core   security features, which includes a dedicated physical TPM 2.0 chip (rather than virtual TPM in firmware which the consumer model has).  
Choices are otherwise limited in these more budget friendly devices, and Microsoft simply give you options over how much RAM and SSD storage you need.

The entry level unit has 128GB SSD, but only 4GB RAM and no fingerprint reader.

PERFORMANCE
Spoiler
– Laptop Go 2 is not designed to compete with the bigger members of the Surace family like the Surface Laptop, Surface Pro or Studio when it comes to raw power, and graphics performance, but it did do a decent job of everything I threw at it. Throughout my week of testing, I had multiple apps open, including Teams, Word, PowerPoint, and Outlook and used it a few evenings for watching a few films and even tried out Clipchamp to edit one of my son’s YouTube “clips” he’d made all without feeling like I was using an under-powered device. I even managed a bit of Minecraft on the device as well as playing TrainSimWorld 2 and Forza Horizon using Xbox Streaming – more on that later!!

BATTERY LIFE
Microsoft states that Laptop Go 2 provides up to 13.5 hours of ‘typical device usage’, but my loan device lasted about 25% less than that – 9hrs 16mins in fact of constant use in my usual home working test scenario:

  • Connected via Wi-Fi.
  • Screen Brightness set to auto.
  • Bluetooth connected headset, keyboard, and mouse.
  • Mix of normal daily use – no special tests – 8-10 Teams Video Calls (camera on), Core Office desktop apps and some social media apps and web browsing.
  • Connected to 4K Ultrawide screen via Surface Dock v1.

This is, I would say the main area of disappointment compared to the advertised specs – as I think you’d still want to take a power adapter out with you – “just in case”.

9 hrs isn’t awful but it’s nowhere near the “up to 13.5hrs”.

One day Microsoft will get this bit right and maybe when (if) they shift to ARM based chipsets for Laptop Go and Surface Go we will see battery life closer to what Apple manage to squeeze out their “M” chip-based devices. performance out of the battery.

XBOX GAME STREAMING

So – this was never going to be the best experience, but while on holiday on the Isle of Wight (if you haven’t been – you should go by the way), I wanted to test Xbox remote play on our Xbox One X (I know I know, where’s the Series-X!). My first test was done running on NowTV broadband (70Mbps or so).

On returning home yesterday, I then recreated the scenario from my desk, streaming from the same Xbox (which is in the same house). The experience was pretty much the same.

In summary, for fast framerate games like this, I’d say “it works pretty well”. Game play was surprisingly good. It did struggle with the odd refresh glitch and jittery in places on high frame-rate games (I was testing it with Forza Horizon 4) but overall and given the spec of the Surface Laptop Go 2, was more impressed than I thought I’d be. The video below show’s how this played out.

Xbox Cloud Streaming – Forza Horizon 4

ROUNDING IT ALL UP

Battery life aside – Microsoft’s Surface Laptop Go 2 is a great all-rounder device for students, consumers or business users that are on more of a budget or than need something new and modern, gorgeous, and premium in feel that is both ultra-portable, and good enough for everything a “typical user” needs.

If you are big into gaming, (see above) big graphics/design and art, or you are a number crunching, coding, power-user then, you’ll want to look at the high-end devices like the Surface Laptop Studio or Surface Book 3 – though you can “get buy” when travelling if you need a game-fix and want to play remote or cloud play with the Xbox App.

Check on the hands-on video review here:


Want to be notified whenever a new blog is published?

Microsoft Defender “top of the class” for ransomware detection and blocking.

Microsoft Defender for Endpoint has just received top marks for the latest Advanced Threat Protection Test carried out by AV-Test in Feb 2022.

The report (which tested many of the top products including Microsoft Defender in both the home and commercial space) found that it was best-in-class in terms of its ransomware detection and blocking.

The Advanced Threat Protection tests provide vendors and users with substantial findings as to how securely a product can protect against ransomware in real-life scenarios.

… All the products have to successfully defend against ransomware in 10 real-life scenarios under Windows. The test involves threats such as files containing hidden malware in archives, PowerPoint files with scripts or HTML files with malicious content.

AV-TEST

Top Marks

The tests were carried out amongst 14 of the top anti virus and endpoint protection products in the consumer and commercial space including:

  • Acronis
  • AVG
  • Avast
  • Bitdefender
  • Kaspersky
  • F-Secure
  • McAfee (Trellix)
  • Microsoft
  • Symantec

Whilst Microsoft came out joint top for all the tests in the corporate space, the lowest of the scores were McAfee / Trellix who AV-TEST claim were unable to fully block ransomware attacks in multiple different attack scenarios:

Microsoft Defender AV-TEST ransomware tests 02-22
McAfee AV-TEST ransomware tests 02-22

You can access the full reports from AV-TEST here.

Good news for consumers and corporate

In short this should be good news for corporate customers that use Microsoft Defender (which is built into Windows 10 and Windows 11) as well as consumers.

Consumers in particular are often sold additional third party antivirus and anti ransomware products when they buy a new computer, buy software or through advertising and whilst there may be good reasons to buy additional products, these results should demonstrate just how good Microsoft are at protecting consumers and corporate clients who use their products.

Defender is part of a much bigger family

In the corporate space at least, Microsoft Defender is a an entire multiplatform, multi vendor platform suite of. Integrated services for protecting corporate systems and data from attack, breach, ransomware and theft. Their product suite extends across Identity (Defender for Identity), Cloud, Endpoint, IoT and Office 365 to name just a few.

You can find out more about the Microsoft Defender suite of products for corporate customers here.

Microsoft also annouced last month the release of Microsoft Defender for individuals which provides enterprise grade protection for Microsoft 365 consumers and family users. Microsoft Defender is a cross-device security app that helps individuals and families protect their data and devices, and stay safer online with malware protection, real-time security notifications, and security tips. You can read more here.

Microsoft Viva Sales: Aims to provide seamless integration from any CRM into Office 365 and Teams.

With the annoucement the Viva Sales platform, Microsoft aims to help organisations harness the power of their existing CRM platform and seamless expose this within and across Microsoft Teams and Office 365 without third party apps, plug-ins, or data exchange tools. Microsoft’s goal is a native, common and familiar experience regardless of an organisations choice of CRM system.

Viva Sales will connect customer data across from any CRM into Teams and Office.
Image: (c) Microsoft

This approach is not unique to Microsoft. Salesforce’s acquisition of Slack last year was in part to enable them to ramp up their communications tools for sales teams. Microsoft, however, is not looking to compete directly with Salesforce or any specific CRM vendor. Microsoft’s goal here is more around “filling gaps” left behind by legacy and traditional CRM systems that done provides the “smarts” that systems like Salesforce and Dynamics 365 provide for example.

In the official announcement of Viva Sales, Microsoft said:

We definitely think people benefit from a CRM system, the difficulty is, a lot of what’s happening between a customer and a salesperson is actually never recorded in the CRM system, because it’s just too tedious.”.

Jared Spataro | Corporate VP for Microsoft 365

What does Viva Sales do?

Due for release in Q4 2022, Viva Sales will allow sales and marketing teams to automatically synchronise data between any, and all, of their communications applications such as Microsoft Teams and Outlook, and their CRM system which does not have to be Dynamics 365 either. This is like the Salesforce’s Sales Cloud and Slack integration, and what Microsoft have done natively with Dynamics 365 and Teams.

In their official blog, Microsoft describe Viva Sales as a intelligent service which enables sellers to capture insights from across Microsoft 365 and Teams, eliminate manual data entry, and receive AI-driven recommendations and reminders – while staying in the flow of work. Viva Sales promises to streamline the seller experience by surfacing the insights with the right context within tools people already use, without them needed to dip in and out of their CRM therefore saving time and ensuring that the CRM becomes part fo the core workflow without compromise on the productivity tools the teams use across the wider organisation.

Microsoft say that Viva Sales will work with any CRM to automate data entry and brings AI-powered intelligence to sellers in Microsoft 365 and Microsoft Teams.

The key benefit for organisations using Viva Sales is that is that Viva is already (naturally) integrated with Microsoft Teams and Outlook which are used and adopted.

The launch of Viva Sales isn’t just about sales however. What!!!?, Well, Microsoft has a much broader vision with Viva to provide a layer of intelligence across its entire Office 365 suite and Teams. This strategy is demonstrated by the incredible reach and integration available through the Microsoft Graph – a major part of strategy for moving beyond the underlying enterprise resource planning tools and more towards the type of workflow play displayed and respected by the likes of ServiceNow.

A Change of Approach

This approach is a strategic shift for Microsoft. In the past, Microsoft’s go-to-market strategy was to require their customers to choose their products such as Teams and Dynamics 365 over the say WebEx, Zoom and then Salesforce or HubSpot. With Viva Sales, this is now about choosing what products work for you and then leveraging the intelligence services through Viva and the Microsoft Graph to bridge them together and provide data intelligence on top.

“The most significant thing about this announcement is we are saying … choose whatever you want to choose — what we actually think will be most valuable over time will be the layer of intelligence that binds it all together.”.

Microsoft

Microsoft have compared the enterprise software industry to that of a city, where it is built from the ground up. For example, If Azure, AWS and GCP are the city’s foundations, then SaaS applications and workflow are its roads and buildings.

“People will keep putting money into sewers and roads and stuff like that,” he said, “but a lot more money goes into the hardware put on top.”

What do you think?

What do you think of the announcement? Is this a good move for Microsoft or are sellers better off just working in their native CRM?




Like what you read, why not subscribe?

Microsoft ends support for their once-dominant web browser Internet Explorer.

Today (June 15th 2022), what was once the “king of the web browsers” has officially retired after 27 years, marking the end of an era. As of now Internet Explorer is officially “end of life”.

Bill Gates and Microsoft Internet Explorer Logo
Bill Gates – Showcases Internet Explorer (c)

Microsoft Internet Explorer was released in 1995 and quickly became the dominant browser, almost instantly wiping out the previous dominant player Netscape. Internet Explorer was the dominant web-browser for more than a decade as it was bundled with the Windows operating system (similar to how Edge is today) that came pre-installed on billions of computers.

What does “End-of-life” mean?

In short, just that – it’s dead. Officially, “End of life” refers to the point in time when an application is no longer supported by the software company that makes it. In this case, Microsoft’s end of life for Internet Explorer means continued use of the browser after today is still allowed, but Microsoft will no longer update it, patch it or support it if something goes wrong.

This is important since new computer viruses, malware, and ransomware attacks are developed daily, and the web-browser is a major window into many of the apps that employees, customers, consumers use every day. Users should therefore stop using Internet Explorer use their modern Chromium-based Edge browser (or other 3rd party choice) since no more security updates will be provided by Microsoft as of now.

It has been a while coming

This has been a while coming, ever since Internet Explorer’s market share continued to be dominated by Google Chrome and others and Microsoft announced, and launched it’s new Edge Browser which built on the open source Chromium framework which Google uses within it’s Chrome browser.

Microsoft had already ended support for Internet Explorer for their Teams web app back in 2020, shortly followed by removing support across their other key web apps and services including OneDrive, Dynamnics, PowerApps, Outlook and Office from August 2021.

“Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10,”

Microsoft

Microsoft will continue to be supported in very few situations including with customers running the Windows 10 long term services branch (ltsb).

The Future is Edge

Microsoft Edge, was released in 2015 and was upgraded in 2019 to include the Chromium open-source code which Microsoft is now a major contributor along side Google and others. The move was done to compete with more popular browsers like Google Chrome, which has (and still does in part) dominated the market.

Microsoft Edge is a modern open-source browser and offers improved compatibility, streamlined productivity, and hugely better browser security.

As new apps and software products are released onto the market by other companies, old software versions can’t keep up. Microsoft Edge Chromium-based browser can now support a wider variety of platforms, which makes it more useful for the modern era. IE 11, in comparison, held limitations preventing it from updating alongside newer technologies.

What about legacy web apps and sites?

For older websites and services, Microsoft Edge provides a built-in “Internet Explorer mode”, making the use of using older web browsers like Internet Explorer unnecessary.

Microsoft recognise that many larger organisations “may have a surprisingly large set of legacy Internet Explorer-based websites and apps, built up over many years.” As such Microsoft have promised to support legacy web apps via it’s Internet Explorer mode until at least 2029, which gives web developers 8 full years to modernise their legacy apps and eventually remove the need for IE mode.

Legacy Support and Help is available

Users shifting from Internet Explorer to Edge can easily transition their passwords, favourite websites, and other browsing data from to Edge.

Microsoft recommends that any organisation that still has concerns or needs to support Internet Explorer (and therefore need legacy support) do the following.


Like what you read? Feel free to subscribe

Windows Autopatch is now available for public preview

Microsoft Autopatch

Windows Autopatch, a service to automatically keep Windows and Microsoft 365 up to date in enterprise organisations, has now reached public preview. When officially released (GA), it will be included Microsoft commercial customers with a Windows Enterprise E3 license or higher.


In short, Windows Autopatch automatically allows organisation to shift the management and deployment of Windows 10, Windows 11 and Microsoft 365 Apps including quality and feature updates, drivers, firmware to Microsoft.

What’s the purpose?

Essentially this aims to take the nightmare out of the age-old “patch Tuesday” and promises to be a great time saver for IT admins. With Autopatch, IT can continue to use their existing tools and processes for managing and deploying updates to devices OR can look to phase in or replace this in entirety and with this new “hands off” approach and let Windows Autopatch take care of security, driver and firmware updates.

“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations. By joining the public preview, you’ll be able to get comfortable with Windows Autopatch and ready your organisation to take advantage of the service at scale”.

Lior Bela | Senior Product Marketing Manager | Microsoft


The main purpose of Windows Autopatch is moving the update orchestration burden from the IT department to Microsoft. Once deployed, configured and tested, Autopatch should allow the entire effort around planning and managing the Windows Update process (sequencing and rollout) to be taken away from IT freeing up time and resources.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate,” Bela added.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate.”

Lior Bela | Senior Product Marketing Manager | Microsoft

How to enable Autopatch

Windows Autopatch devices must be managed by Microsoft Intune for this to work and Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

As you’d expect, there are a handful of steps needed to enable the preview and to enrol your Microsoft 365 tenant into the Windows Autopatch public preview:

  • Log on to Endpoint Manager as a Global Admin and navigate to the Windows Autopatch blade which is under the Tenant Administration menu – this will only be visible if you have the right licenses deployed.
  • Using an InPrivate browser window, redeem your Autopatch preview code
  • Run the readiness assessment, add the required admin contact, and add the devices you want to enrol in the service.
  • Tick the box, to allow Microsoft to manage updates on behalf of your organisation.
Allowing Microsoft to manage updates for your organisation

Microsoft provides regularly updated instructions on how to add devices to your test ring and how to resolve common errors such as “tenant not ready,” “device not ready” or “device not registered.”

Microsoft also provides detailed instructions (and video) on how to add devices to your test ring and how to resolve the status of “tenant not ready,” or a status of “device not ready” or “device not registered.”

Microsoft YouTube video on enabling Windows Autopatch

How Autopatch works

The Windows Autopatch service automatically splits your organisation’s device estate into four groups of devices described by Microsoft as “testing rings”.

  • Test Ring: Contains a minimum number of devices for test purposes
  • First Ring: Contains ~1% of all endpoints (think of this like the early adopter ring)
  • Fast Ring: Contains ~9% of devices
  • Broad Ring: Contains the rest of the devices.

The updates are deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period in which the system and IT can monitor device performance and compare it to pre-update metrics through End Point Analytics.

Autopatch rings. Image (c) Microsoft

Autopatch also features a nifty, feature called “Halt and Rollback” that block updates from being applied to higher test rings or rolled back automatically. This is key for critical dates or projects which may be impacted by updates or where quality errors are detected in the Test Ring updates.

What about Patch Tuesday and Critical Updates?

Microsoft will continue to deliver monthly security and quality updates for supported versions of the Windows on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date. These will be delivered by Autopatch also.

For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.

Any updates addressing a critical vulnerability, such as Zero Day threats, will be expedited by Windows Autopatch with a aim to patch all devices immediately.


Microsoft provides further info in the Windows Autopatch support documentation, including details on service eligibility, prerequisites, licensing and features.

Viva Goals promises to bring ‘purpose and alignment’ to the employee experience

Microsoft Viva Goals has just been annouced and has entered a closed private preview. It will be included in the current Microsoft Viva suite subscription from Q3.

What will this bring?

Viva Goals is based heavily upon Microsoft’s 2021 aquisition Ally.io, who are a world leader in the realm of objectives and key results (OKR) platform which will find its way into Viva and gradually across the rest of Microsoft 365 and Teams. Viva Goals promises to help aligns teams to an organisation’s strategic priorities and will bring them together around an organisations’ company mission and purpose and values.

According to Microsoft’s latest work trend index report, more than half of all managers say they feel leadership is ‘out of touch’ with employee expectations around work life, hybrid work, and workload commitments. This new Viva Goals module is designed to address this by bringing purpose and alignment into Viva alongside the other core purposes the focus on culture and communications, wellbeing and engagement, growth and development, as well as knowledge and expertise.

Viva Goals (image (c) Microsoft

“Viva Goals brings business goals into the flow of everyday work, making it easier to stay up to date with connected data and automated reminders as well as to share OKRs and their progress across the organization with customized dashboards and quick links. It integrates with Microsoft Teams, Azure DevOps, etc.—and has more integrations to come with Microsoft Viva, Power BI, and other Microsoft 365 apps and services”.

Vetri Vellore |Corporate VP |Microsoft Viva Goals

Vellore states that (according to the work trend index report) 77% of employees say it’s important or very important for their employer to provide a sense of purpose and meaning at work, and 69% say its important or very important to be rewarded for impact instead of hours worked.

Want to see Viva Goals in action

Viva Goals is Private Preview, but to learn more about the wider Microsoft Viva suite, visit the Microsoft Viva website and check out the video below.

Viva Goals in action (YouTube)

Microsoft announces new Managed ‘Security Experts Services’ to ramp up fight against cybercrime

Microsoft’s security business is growing faster than any of their other mainstream products and services, and today they announced they will be adding three new services designed to help organisations spot and respond to cybersecurity incidents.

Here’s the TL;DR version.

  • Microsoft are bolstering their security services offerings to go along with its technology products and partners.
  • Security is the fastest-growing broad product category for Microsoft.
  • Microsoft are increasing annual research and development spend in cybersecurity from $1 billion to $4 billion (more than any other security vendor anywhere).

The new services will see Microsoft’s own cyber security experts providing hands-on, proactive threat hunting for organisations unable to fully build out their own SOC due to the global security skills shortage and cost.

Keep reading to learn more…

This new announced investment comes as we see increasing reports from industry analysts on the continued increase in cyber security budgets globally as organisation continue to invest in protecting against the ever-increasing threat of ransomware attacks, identity theft and network hacks. 

Attacks are getting smarter and more targeted

Cybercrime attacks are continuing to rise and get increasing sophisticated, costing the world’s businesses $6 trillion USD last year, with that number expected to rise to $10.6 trillion in 2025.

According to Microsoft, “most human-operated ransomware attacks share some common traits, as attackers take advantage of an organization’s reliance on legacy software configurations or poor “credential hygiene” to gain entry into systems, and once in to find privilege escalation points to move through systems and carry out attacks.“.

Whilst identity hygiene is improving many organisations still do not get the basics right with poor identity protection, lax controls, no (or patchy) MFA and a disjointed and fragmented approach to security rather than a Zero Trust ‘defence in depth mindset’

Guarding single points of entry is not enough anymore, and a system or systems of managed extended detection and response (MXDR) is helping to help companies take a step back and look to guarding overall systems rather than focusing on locking down network ports or domains etc. “, Microsoft said in their latest security blog.

What is Microsoft Security Experts?

Microsoft Security Experts is a newly announced set of human, AI and software led services they will offer to organisations which will provide managed security services without them needing to build everything in house.

Microsoft Security Expert Services

Whilst just the start, the three new security managed services include Defender Experts for Hunting, Defender Experts for XDR, and Security Services for Enterprise.

  • Microsoft Defender Experts for Hunting.
    • This involves Microsoft Security engineers hunting and altering organisations of issues they proactive hunt in clients’ devices, Office 365 productivity software installations, cloud apps and identity platforms programs.
    • This will put Microsoft into a more direct competition with pure-play security software companies such as CrowdStrike.
    • Cost is circa $3 pupm.
  • Microsoft Defender Experts for XDR.
    • This is a more people intense service that will see Microsoft Security Experts helping organisations act on threats. Microsoft say that this type of work is typically done by a variety of different organisations today, including the big four accounting firms.
    • Cost is $14 pupm.
  • Microsoft Security Services for Enterprise
    • This service includes an even broader set of people-driven services.
    • It aims to be more specific and customised to the needs of large enterprise organisations.
    • It’s set to help elevate the global security skills and people challenge which affecting almost every organisation.
    • Costs are bespoke to each organisation.

Microsoft and Security

Security is already a $15 billion annual business for Microsoft, and in 2021/22 it has increased faster than any other significant product or service that Microsoft sold – up 45% YoY.

Microsoft is of course no new kid on the block when it comes to cyber defence, and last year blocked over 9.6 billion malware threats and 35.7 billion malicious emails as well taking down several huge state nation attacks.

Microsoft believe that they are uniquely positioned to help their customers and partners do more to meet today’s security challenges. “We secure devices, identities, apps, and clouds—the fundamental fabric of our customers’ lives – with the full scale of our comprehensive multicloud, multiplatform solutions. At Microsoft, we understand today’s security challenges because we live this fight ourselves every single day“.

Microsoft’s CEO Satya Nadella had already announced last year that their annual cyber security research and development spending is increasing to a staggering $4 billion, up from an already huge $1 billion.

What about the role of the Microsoft Partner?

Details are still emerging about how partners that sell security consultancy, enablement, training and of course managed extended detections and response (XDR) will be able to leverage these and build on their services.

Microsoft has said in their Yammer partner community site that they will be making a whole new set of investments in partners to help advance (or build) their managed extended detection and response (XDR) services business.

Growth and demand for Managed Security Services

According to Gartner, demand is on a fast growth trajectory, and more than 50 percent of organizations will be using managed detection and response (MDR) services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities by 2025.

Microsoft say that their Partners will play a critical role in addressing this incredible customer demand.

Microsoft FY22 Q3: Big increases across Azure, Microsoft 365, Security Windows, Surface & Xbox

Microsoft’s Q3 2022 financial results we annouced last night, and once again they have annouced double-digit growth. Here’s the headlines.

  • Revenue $49.4 Billion (up 18%)
  • Net Income $16.7 Billion
  • Profit increase of 8% year on year

Much of this quarter’s growth is related to the cloud, with server and cloud services revenue up 29%  and Microsoft Cloud up 32% to $23.4 billion. Here’s a summary of the results.

Microsoft 2022 Q3 results

More Personal Computing

Up 11% to $14.5Billion was Microsoft’s “more personal computing” division which includes Windows and Xbox.

Up 11% also was “Windows OEM revenue growth,”.  Satya Nadella said that “Companies are adopting Windows 11 at a faster pace than any previous release.”

Xbox had its best sales in 11 years (up 14%), easily beating the relatively limited PS5 in terms of supply.

Cloud, Office 365, Business Processes

Office 365 revenue was up 17% in commercial and 12% in consumer with them now boasting 58.4 million consumer subscribers, up 2 million from last quarter and 8 million from this time last year.

Intelligent Cloud (Azure) revenue increased 46% in the quarter, and Microsoft said that the number of Azure deals worth at least $100million in the quarter more than doubled

LinkedIn continues to see huge growth, up 34% this quarter, which follows growth of 37%, 42% and 46% respectively in the previous three quarters.

Security was up 45% and was a huge call out, with revenue growth from security products and services across of Microsoft’s three segments.

Devices / Surface

Microsoft’s Surface devices also has a good quarter, up 13% increase in revenue despite the ongoing chip shortage. 2022 is Surface’s 10th anniversary, and I expect some big announcements this year to mark the date later this year.

Aquisition and Other Stuff

Microsoft announced a plan during this quarter to acquire video-game publisher Activision Blizzard for $68.7 billion, the largest transaction in Microsoft’s 47-year history.

Microsoft also closed its Nuance Communications acquisition and laid out a strategy for expanding in health care, an industry Nuance focuses on.

Full report and annoucement

You can read the full report and analysis here.

https://news.microsoft.com/2022/04/26/microsoft-cloud-strength-fuels-third-quarter-results-2/

Microsoft Authenticator adds ability to generate Secure Passwords for you.

To mark the one year anniversary since Microsoft launched their Autofill feature on Authenticator, they have just updated the service with the ability to auto generate strong, unique passwords for you.

Microsoft Autofill (like a password manager) allows you to (for personal and corporate use) unites all of your passwords and stores them security in Azure AD via your Microsoft Account (or Azure AD account) for use across Microsoft Edge and Google Chrome (via an extension) as well as across your smart phone. Furthermore, the Microsoft Authenticator app can be used for managing all your passwords and this new feature helps you be even more secure online by generating secure and unique passwords that you don’t even need to worry about remembering (which is traditionally what leads to weak passwords).

Microsoft Authenticator App

To access this new feature, you need to be running the latest version of Authenticator on iOS or Android.

Authenticator will prompt you to use the feature when ever you create a new password for a website or cloud service or when you change the password of an existing one.

The app has slightly different behaviour across iOS and Android at the moment.

  • Android – tap the Passwords section, then click the (+) button, and choose Generate Password. You can save any passwords with the save icon and even name or copy them.
  • iOS – clickthe ellipses button at the top right of the app, and choose password generator.

What do you think. Do you use Microsoft Authenticator for password management today? What do you think of this new feature.