Category: News
Track Sensitivity Label Downgrades and Removals with Audit Log Data
Sensitivity Label Downgrades and Removals Could be Potentially Suspicious User Behavior
The publication of message center notification MC934733 on November 15, 2024 (Microsoft 365 roadmap item 466742) provoked some thought. The notification is about an update to Purview Insider Risk Management, a compliance solution to detect activities that might potentially expose the organization to risks like IP theft or data leakage. The solution is part of Microsoft’s E5 Compliance Suite and is also included in Office 365 E5/Microsoft 365 E5.
In this case, the update covers the detection of risk that might be indicated if people downgrade or remove sensitivity labels from files stored in SharePoint Online sites. This kind of behavior could indicate that a user is preparing to exfiltrate files from the organization, perhaps when they leave in the near future.
By removing sensitivity labels from files, they remove the block that Microsoft Information Protection would otherwise place on people who cannot prove their right to access the files. Normally, proof is secured by authentication, which is then compared against the set of rights defined for a file. Downgrading a label can have the same effect if the chosen label allows free access to files through a right like “any authenticated user.”
The ability to remove or change a sensitivity label for a file is governed by the rights assigned to a user in a label. If the user can edit the rights for a file, they can change or remove a sensitivity label. This right is included in the co-author role that is sometimes assigned to everyone in the organization or everyone in a group.
Use the Audit Log to Track Sensitivity Label Downgrades and Removals
This kind of check is very useful, but it might not be enough for an organization to invest in license add-ons or upgrades. If your tenant has Purview Audit Standard (check this PDF for product licensing information), then you can use PowerShell to analyze the events captured in the unified audit log to track and report sensitivity label downgrades and removals.
The idea is simple. Here’s what has to happen in a script.
- Connect to Exchange Online.
- Connect to the compliance endpoint.
- Run the Get-Label cmdlet to fetch details of the sensitivity labels used with files and store them in a hash table. In fact, two hash tables are used for fast lookup. One resolves label identifiers to return label display names. The other resolves label identifiers to return the label priorities. Each label has a priority number from 0 (least sensitive) up. By comparing the priority numbers when a label update occurs, you know if the update is a downgrade or an upgrade.
- Run the Search-UnifiedAuditLog cmdlet to look for FileSensitivityLabelRemoved and FileSensitivityLabelChanged events over whatever lookback period seems appropriate. See this article for more information about reporting sensitivity label events.
- Process each event to decide what happened and capture details in a PowerShell list.
- Do some analysis to figure out if an abnormal number of label downgrades or removals have happened and which accounts are involved.
- Report the details.
I put together a script to illustrate the principles involved in finding and analyzing the audit event information. You can download the script from GitHub. Figure 1 shows the results reported by the script when I ran it in my tenant. Clearly, the tenant administrators only have to worry about me…
Container Management Labels Are Changed Too
The sensitivity labels discussed so far are information protection labels that can apply rights management encryption to protect files. The other type are container management labels, which are used to apply settings to “containers” (teams, sites, and groups). Unhappily, just like someone can change a sensitivity label for a file, a container owner can change the assigned container management label. There’s no way for an organization to lock a label for a container.
However, you can monitor container label changes using the audit log using audit events and reapply the original label if a change is detected. The original article uses Exchange Online management PowerShell, and it’s also possible to monitor container management changes with the Graph APIs, albeit in a more complicated arrangement because of the need to store original label assignments for containers in a Graph-accessible location.
Detecting Sensitivity Label Downgrades Proves the Value of the Audit Log
Being able to track sensitivity label changes and removals for files is another example of how audit log information can prove useful for tenant administration. If you know what’s happening inside a tenant, there’s probably an audit log event captured for the action, and once you can find the audit log event, you can analyze it.
Learn about using the unified audit log and the rest of Microsoft 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.
Ignite 2024: Alasan mengapa hampir 70% Fortune 500 sekarang menggunakan Microsoft 365 Copilot
Read in English here.
Dua hal bisa sama-sama benar pada waktu yang sama.
Dalam konteks AI, benar bahwa industri bergerak pesat dan berkembang sangat cepat. Benar bahwa terdapat ratusan ribu pelanggan menggunakan teknologi AI Microsoft saat ini, dan dengan menggunakan platform ini sejak dini, mereka sekarang melihat manfaat besar serta memastikan kapabilitas mereka untuk menerima manfaat dari adanya gelombang penyempurnaan AI selanjutnya.
Microsoft Ignite adalah acara tahunan kami yang menyoroti pembaruan serta kreasi yang memungkinkan para pelanggan, mitra, dan developer untuk menunjukkan potensi penuh teknologi Microsoft, serta mengubah cara kita bekerja.
Tahun ini, kami mengumumkan sekitar 80 produk dan fitur baru, termasuk kapabilitas baru pada Microsoft 365 Copilot, penambahan pada Copilot + AI stack, serta penawaran perangkat baru Copilot+. Di balik setiap inovasi tersebut, ada komitmen kami terhadap keamanan. Sejak meluncurkan Secure Future Initiative (SFI) setahun yang lalu, kami telah menjadikan keamanan sebagai pekerjaan Nomor 1 bagi setiap karyawan di Microsoft, mendedikasikan 34.000 engineer untuk fokus pada keamanan. Di Ignite, kami akan mengumumkan inovasi yang berakar pada prinsip SFI kami: secure by design, secure by default, dan secure operations.
Lebih dari 200.000 orang telah mendaftar untuk bergabung dengan kami di Ignite tahun ini, dengan lebih dari 14.000 peserta menghadiri acara kami secara langsung di Chicago. Peserta dapat memilih lebih dari 800 sesi, demo, dan lab yang dipandu oleh para ahli Microsoft dan mitra kami. Sebagian besar konten seputar Ignite akan tersedia secara on demand bagi mereka yang tidak dapat menghadiri acara secara langsung
Momentum Copilot
Microsoft 365 Copilot adalah asisten AI untuk membantu Anda bekerja. Kami telah melihat momentum yang terus berkembang seiring dengan semakin banyaknya organisasi yang beralih ke Copilot, dan bagaimana mereka menggunakannya dengan sukses. Secara keseluruhan, hampir 70% Fortune 500 kini menggunakan Microsoft 365 Copilot.
Hal tersebut mencerminkan suatu tren industri: di mana sebuah studi IDC terbaru menunjukkan bahwa penerapan AI generatif sedang meningkat, dengan tingkat adopsi di antara perusahaan yang disurvei pada tahun 2024 mencapai 75%. Selain itu, perusahaan memperoleh pengembalian sebesar $3,70 dari setiap $1 yang diinvestasikan. Berdasarkan studi tersebut, para pemimpin perusahaan mengatakan mereka mendapatkan pengembalian hingga sebesar $10.
Investasi yang Microsoft lakukan terhadap Copilot telah membuahkan hasil yang menguntungkan bagi pelanggan kami.
Kami baru-baru ini menyoroti lebih dari 200 kisah pelanggan tentang percepatan Transformasi AI dengan Copilot, yang membantu banyak pelanggan untuk menghadirkan inovasi dan mengubah organisasi mereka menjadi lebih baik. Beberapa contoh meliputi:
- Eaton, sebuah perusahaan di bidang manajemen daya, menggunakan Microsoft 365 Copilot untuk menyederhanakan dan mengotomatisasi operasional, meningkatkan akses data, memusatkan pengetahuan, serta memperkuat tim pekerja untuk fokus pada pekerjaan yang bernilai tinggi. Copilot membantu pengelolaan keuangan Eaton dalam mendokumentasikan lebih dari 9.000 prosedur operasi standar (SOP), menghasilkan penghematan waktu sebesar 83% untuk setiap SOP yang didokumentasikan.
- Firma konsultan McKinsey & Company menciptakan agen untuk mempercepat proses onboarding klien. Pilot agen tersebut menunjukkan bahwa masa pemrosesan (lead time) dapat berkurang hingga 90% dan pekerjaan administratif bisa berkurang hingga 30%. Agen ini mengotomisasi proses-proses yang kompleks, seperti mengidentifikasi kemampuan tenaga ahli yang tepat dan penempatan tim, serta bertindak sebagai wadah satu-satunya di mana karyawan dapat bertanya dan meminta penindakkan lebih lanjut. Dengan menyederhanakan tugas serta mengurangi input secara manual, agen ini dapat memungkinkan penghematan waktu bagi konsultan, membuat mereka bisa menghabiskan waktu lebih banyak bersama klien.
Meningkatkan Produktivitas dengan Microsoft 365 Copilot
Microsoft terus meningkatkan produktivitas melalui kapabilitas baru pada Microsoft 365 Copilot yang dirancang untuk membantu menyederhanakan pekerjaan sehari-hari.
Copilot Actions, kini dalam mode private preview, memungkinkan siapapun untuk mengotomatisasi pekerjaan sehari-hari dengan prompt sederhana, baik untuk mendapatkan rangkuman harian dari hasil rapat di Microsoft Teams, menyusun laporan mingguan, atau menerima email yang merangkup rapat, diskusi obrolan, dan pesan email yang terlewat selepas kembali dari liburan.
Siapa saja dapat dengan mudah mengatur Actions langsung di aplikasi Microsoft 365 mereka, memungkinkan pengguna untuk fokus pada pekerjaan yang lebih berdampak, menghemat waktu, dan meningkatkan produktivitas.
Agen baru di Microsoft 365 dirancang untuk membantu meningkatkan dampak individu dan mengubah proses bisnis. Di Ignite, kami akan memperkenalkan:
- Agents in Sharepoint: Asisten AI dengan kapabilitas natural language ini mendasarkan kecerdasan mereka pada situs, file, dan folder Sharepoint terkait untuk memudahkan menemukan jawaban dari konten tersebut, serta membuat keputusan yang lebih cepat. Kini tersedia untuk umum, setiap situs Sharepoint akan menyertakan agen yang disesuaikan dengan kontennya. Pengguna juga dapat membuat agen khusus untuk memilih file, folder, atau situs Sharepoint hanya dengan sekali klik.
- Interpreter: Agen di dalam Teams ini membantu pengguna mengatasi hambatan bahasa dengan memungkinkan interpretasi transkrip dalam rapat secara real-time. Tersedia dalam mode public preview pada awal 2025, peserta rapat juga akan memiliki opsi untuk membuat agen dengan menirukan suara masing-masing peserta.
- Employee Self-Service Agent: Agen yang tersedia dalam mode private preview di Business Chat ini dapat mempercepat pemberian jawaban atas pertanyaan terkait kebijakan paling umum, serta menyederhanakan pekerjaan divisi HR dan IT yang penting – seperti membantu karyawan memahami benefit yang mereka dapatkan atau meminta unit laptop baru. Ini dapat disesuaikan di Copilot Studio untuk memenuhi kebutuhan organisasi yang lebih spesifik.
- Agent lainnya dalam mode preview public membuat catatan rapat secara langsung di Teams dan mengotomatisasi manajemen proyek dari awal hingga akhir di Planner.
Copilot + AI Stack
Copilot Stack memberdayakan penggunanya untuk membuat produk yang lebih ambisius dengan memanfaatkan teknologi canggih pada setiap lapisan stack. Untuk menciptakan pengalaman terpadu di mana pelanggan dapat merancang, menyesuaikan, dan mengelola aplikasi serta agen AI, kami memperkenalkan Azure AI Foundry, yang memberikan pelanggan akses ke semua layanan dan alat Azure AI yang sudah ada, ditambah kemampuan baru seperti:
- Azure AI Foundry SDK, yang kini tersedia dalam mode preview, menyediakan toolchain terpadu untuk merancang, menyesuaikan, dan mengelola aplikasi serta agen AI melalui kontrol dan penyesuaian di perusahaan. Dengan tools yang membantu organisasi meningkatkan skala aplikasi mereka secara bertanggung jawab, Foundry juga menyediakan 25 template aplikasi siap pakai dan pengalaman coding sederhana yang dapat diakses dari tools yang sudah dikenal seperti GitHub, Visual Studio, dan Copilot Studio.
- Azure AI Foundry Portal (sebelumnya Azure AI Studio), yang kini tersedia dalam mode preview, merupakan visual user interface yang komprehensif untuk membantu developer menemukan model, layanan dan tools AI. Dengan experience pusat manajemen baru yang menghadirkan informasi langganan penting dalam satu dashboard, portal ini juga membantu admin IT, tim operasional, dan tim Compliance untuk mengelola aplikasi AI dalam skala besar.
- Azure AI Agent Service, segera hadir dalam mode preview, akan memungkinkan developer profesional untuk mengatur, menerapkan, dan memperluas agen enterprise siap pakai untuk mengotomatisasi proses bisnis.
Kami juga terus mendukung komitmen Trustworthy AI kami dengan tools terbaru. Hari ini, kami mengumumkan laporan AI dan evaluasi risiko serta keselamatan untuk gambar, guna membantu organisasi memastikan aplikasi AI aman dan patuh. Laporan AI akan membantu organisasi meningkatkan kemampuan observasi, kolaborasi dan tata kelola bagi aplikasi AI dan model yang telah disesuaikan, sementara evaluasi untuk konten gambar akan membantu pelanggan menilai frekuensi dan keberatan konten berbahaya pada output yang telah dihasilkan oleh aplikasi AI mereka.
Perangkat Copilot+
Saat organisasi memindahkan lebih banyak beban kerja ke cloud untuk meningkatkan keamanan dan fleksibilitas, Microsoft memperluas solusi Cloud PC-nya dengan memperkenalkan kelas perangkat baru yang dirancang khusus untuk terhubung dengan aman ke Windows 365 dalam hitungan detik.
Windows 365 Link adalah perangkat yang sederhana, aman, dan dibuat khusus untuk perangkat Microsoft 365. Perangkat ini sekarang dalam mode preview dan akan tersedia secara umum untuk pembelian mulai April 2025 di market tertentu dengan MSRP $349, memungkinkan pengguna untuk bekerja dengan aman di desktop Windows yang sudah dikenal di Microsoft Cloud, dengan pengalaman yang responsif dan berkualitas tinggi.
Windows 365 Link aman secara desain. Perangkat ini tidak memiliki data lokal, tidak memiliki aplikasi lokal, dan admin-less users, sehingga data perusahaan tetap terlindungi di dalam Microsoft Cloud.
Kemampuan baru lainnya pada Copilot+ PCs untuk pelanggan komersial mencakup pemanfaatan kekuatan unit pemrosesan asli (NPU) bawaan, guna menghadirkan AI secara lokal. Dengan Improved Windows Search, dan Recall (mode pratinjau) yang baru, menemukan apa yang dibutuhkan di PC Anda lebih mudah dari sebelumnya, hanya dengan mendeskripsikan apa yang Anda cari. Fitur-fitur ini dirilis pertama kali untuk komunitas Windows Insider kami di Copilot+ PCs, sebelum diluncurkan lebih luas kepada pelanggan kami.
Momentum BlackRock
Empat tahun lalu, BlackRock, salah satu perusahaan manajemen aset terkemuka di dunia, membentuk aliansi strategis dengan Microsoft untuk memindahkan platform Aladdin-nya ke Microsoft Azure. Dengan fondasi di Azure, BlackRock meluncurkan tools AI generatif untuk klien global dengan Aladdin Copilot. Melalui AI generatif, Aladdin Copilot berfungsi untuk memperkuat konektivitas di seluruh platform, memanfaatkan teknologi Microsoft untuk membantu pengguna secara instan, guna membuka efisiensi baru dan menemukan wawasan bisnis penting dengan lebih cepat. Aladdin Copilot membuat platform Aladdin BlackRock menjadi lebih pintar dan responsif. Hal ini menghasilkan produktivitas yang lebih baik, memungkinkan peningkatan skala yang lebih besar, dan membuat penggunanya tetap terinformasi.
Langkah BlackRock ke Azure dan peluncuran Aladdin Copilot hanyalah dua dari sekian banyak pencapaian yang sedang berlangsung dalam kemitraan jangka panjang, yang juga mencakup kesepakatan untuk 24.000 akun Microsoft 365 Copilot di seluruh perusahaan. Saat ini, ada sekitar 60% pengguna Copilot BlackRock yang memanfaatkan Copilot setiap minggunya. Ditambah lagi, BlackRock juga baru-baru ini memutuskan untuk memindahkan solusi CRM on-premise ke cloud menggunakan Dynamics 365, mengutip integrasi aslinya dengan Teams dan Outlook sebagai salah satu faktor pengambilan keputusan yang utama.
Kekuatan pada Keamanan
Kami tahu bahwa lanskap ancaman berkembang sangat cepat, sehingga sangat penting bagi kami untuk tetap berada di garda terdepan dalam menghadapi para pelaku kejahatan. Di Microsoft, kami percaya bahwa keamanan adalah pekerjaan bersama. Kami menjadi lebih kuat ketika bermitra sebagai komunitas keamanan utuk berbagi informasi, berkolaborasi, dan menghentikan para pelaku kejahatan.
Dalam semangat itu, dan juga sebagai bagian dari Secure Future Initiative (SFI), kami akan mengumumkan acara riset keamanan publik terbesar dalam Sejarah: Zero Day Quest, di acara Ignite. Acara ini, yang berfokus pada keamanan AI dan cloud, akan menawarkan hadiah terbesar di industri ini sebesar $4 juta, di samping hadiah tahunan kami yang sudah ada sebesar $16 juta. Kompetisi ini bertujuan untuk menarik para ahli keamanan terbaik di dunia untuk menangani skenario yang berdampak bagi keamanan pelanggan kami, dengan penghargaan multiplier, mulai hari ini.
Seiring perubahan lanskap ancaman, kami melihat adanya perkembangan metode penyerang siber dalam mengeksploitasi kelemahan dalam sistem – khususnya dengan menavigasi grafis hubungan antara identitas, file, dan perangkat untuk mengungkap jalur serangan. Penyerang yang berpikir dalam grafik menyebabkan kerusakan yang lebih luas dari titik pertama penyusupan. Produk keamanan tradisional, dengan penglihatan yang terbatas ke dalam hubungan grafik, seringkali lebih cocok melindungi perangkat atau media tertentu – seperti laptop atau kotak masuk – daripada cakupan penuh dari potensi permukaan serangan.
Peluncuran Microsoft Security Exposure Management hari ini merupakan langkah penting dalam mengubah keamanan siber dengan data mumpuni dan strategi berbasis AI. Dalam konteks terkait data dari tools keamanan pihak ketiga milik pelanggan lainnya, kekuatan penggabungan data grafik Microsoft menciptakan satu panel kaca yang kuat untuk memvisualisasikan jalur serangan sebelum pelaku melakukannya. Dengan kekuatan komputasi dan kinerja berskala cloud untuk menyaring pemetaan aset dan risiko yang akurat secara real-time, Exposure Management membantu tim keamanan dalam mencegah gangguan dan menyediakan data real-time kepada pimpinan divisi IT, operasional, serta manajemen risiko untuk mendukung pengambilan keputusan risiko siber.
Ini hanyalah sebagian kecil dari banyaknya fitur dan pembaruan menarik yang akan kami umumkan di Ignite. Untuk diingat, Anda dapat melihat sesi keynote dari para eksekutif Microsoft termasuk Satya Nadella, Rajesh Jha, Scott Guthrie, Charlie Bell, dan Vasu Jakkal, baik secara langsung maupun secara on-demand.
Selain itu, Anda dapat memperoleh informasi lebih dari semua pengumuman ini dengan menjelajahi Book of News, ringkasan resmi semua berita hari ini, dan blog produk di bawah ini.
###
Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot
Two things can be true at the same time.
In the case of AI, it is absolutely true that the industry is moving incredibly fast and evolving quickly. It’s also true that hundreds of thousands of customers are using Microsoft AI technology today and, by making early bets on the platform, are seeing big benefits now and future-proofing their ability to benefit from the next big wave of AI improvements.
Microsoft Ignite is our annual event that spotlights the updates and creations that enable customers, partners and developers to unleash the full potential of Microsoft’s technology and change the way we approach work.
This year, we are announcing about 80 new products and features, including new capabilities in Microsoft 365 Copilot, additions to the Copilot + AI stack and new Copilot+ devices offerings. Underpinning each of these innovations is our commitment to security. Since launching our Secure Future Initiative (SFI) one year ago, we have made security the No. 1 job of every employee at Microsoft, dedicated 34,000 engineers to this focus and, at Ignite, we will announce innovations that are rooted in our SFI principles: secure by design, secure by default and secure operations.
More than 200,000 people have registered to join us for this year’s Ignite, with more than 14,000 attendees at our in-person events in Chicago. Attendees can choose from more than 800 sessions, demos and expert-led labs from Microsoft and our partners. Most of the Ignite content will be available on demand for those who can’t attend the live event.
Copilot momentum
Microsoft 365 Copilot is your AI assistant for work, and we have seen the momentum grow as more organizations are moving to Copilot and deploying it to great success. All up, nearly 70% of the Fortune 500 now use Microsoft 365 Copilot.
That echoes an industry trend: A recent IDC study showed that generative AI is on the rise, with 75% adoption among companies surveyed in 2024. In addition, for every $1 invested, companies are realizing a return of $3.70, and leaders are saying they are realizing as much as a $10 return, according to the study.
The investments that Microsoft has made in Copilot are paying dividends for our customers.
We recently highlighted some of the more than 200 customer stories of accelerated AI Transformation, with Copilot helping many of them spark innovation and transform their organization for the better. Several examples include:
- Power management company Eaton used Microsoft 365 Copilot to streamline and automate operations, improve data access, centralize knowledge and empower teams to focus on higher-value tasks. Copilot helped Eaton’s Finance operations document over 9,000 standard operating procedures (SOPs), an 83% time savings for each SOP documented.
- Consulting firm McKinsey & Company is creating an agent to speed up the client onboarding process. The pilot showed lead time could be reduced by 90% and administrative work reduced by 30%. The agent automates complex processes, such as identifying the right expert capabilities and staffing teams and acts as a single place where colleagues can ask questions and request follow-ups. By streamlining tasks and reducing manual inputs, this agent could potentially save consultants many hours, allowing them to spend more time with clients.
Boosting productivity with Microsoft 365 Copilot
Microsoft is continuing to supercharge productivity with new capabilities in Microsoft 365 Copilot designed to help simplify the workday.
Copilot Actions, now in private preview, enable anyone to automate everyday tasks with simple, fill-in-the-blank prompts, whether it’s getting a daily summary of meeting actions in Microsoft Teams, compiling weekly reports or getting an email upon return from vacation that summarizes missed meetings, chats and emails.
Anyone can easily set up Actions right in their Microsoft 365 app, allowing users to focus on more impactful work, save time and boost productivity.
New agents in Microsoft 365 are designed to help scale individual impact and transform business process. At Ignite we will introduce:
- Agents in SharePoint: These natural language AI assistants are grounded on relevant SharePoint sites, files and folders to make it easy to find answers from that content, and to make quicker decisions as a result. Now generally available, every SharePoint site will include an agent tailored to its content. Users can also create customized agents scoped to select SharePoint files, folders or sites with as little as one click.
- Interpreter: This agent in Teams helps users overcome language barriers by enabling real-time, speech-to-speech interpretation in meetings. Available in public preview in early 2025, meeting participants will also have the option to have the agent simulate their personal voice.
- The Employee Self-Service Agent: An agent available in private preview in Business Chat expedites answers for the most common policy-related questions and simplifies action-taking on key HR and IT-related tasks — like helping employees understand their benefits or request a new laptop. It can be customized in Copilot Studio to meet an organization’s unique needs.
- Other agents in public preview take real-time meeting notes in Teams and automate project management from start to finish in Planner.
Copilot + AI Stack
The Copilot stack empowers users to build more ambitious products by leveraging advanced technology at each layer of the stack. To create a unified experience where customers can design, customize and manage AI applications and agents, we are introducing Azure AI Foundry, which gives customers access to all existing Azure AI services and tooling, plus new capabilities like:
- Azure AI Foundry SDK, now available in preview, provides a unified toolchain for designing, customizing and managing AI apps and agents with enterprise-grade control and customization. With tools that help organizations responsibly scale their applications, Foundry also provides 25 prebuilt app templates and a simplified coding experience they can access from familiar tools like GitHub, Visual Studio and Copilot Studio.
- Azure AI Foundry portal (formerly Azure AI Studio), now available in preview, is a comprehensive visual user interface to help developers discover AI models, services and tools. With a new management center experience that brings essential subscription information into a single dashboard, the portal also helps IT admins, operations and compliance teams manage AI applications at scale.
- Azure AI Agent Service, coming soon to preview, will enable professional developers to orchestrate, deploy and scale enterprise enterprise-ready agents to automate business processes.
We also continue to back up our Trustworthy AI commitments with new tools. Today we’re announcing AI reports and risk and safety evaluations for images to help organizations ensure AI applications are safe and compliant. AI reports will help organizations improve observability, collaboration and governance for AI apps and fine-tuned models, while evaluations for image content will help customers assess the frequency and severity of harmful content in their app’s AI-generated outputs.
Copilot+ devices
As organizations move more workloads to the cloud to enhance security and flexibility, Microsoft is expanding its Cloud PC solution by introducing the first in a new class of devices purpose-built to connect securely to Windows 365 in seconds.
Windows 365 Link is the simple, secure, purpose-built device for Windows 365. It is in preview now and will become generally available for purchase starting in April 2025 in select markets with an MSRP of $349, allowing users to work securely in a familiar Windows desktop in the Microsoft Cloud with responsive, high-fidelity experiences.
Windows 365 Link is secure by design. The device has no local data, no local apps and admin-less users so corporate data stays protected within the Microsoft Cloud.
Other new capabilities for Copilot+ PCs for commercial customers include harnessing the power of inbuilt native processing units (NPUs) to deliver local AI. With improved Windows Search, and the new Recall experience (preview), finding what you need on your PC is easier than ever by just describing what you are looking for. These features are releasing first to our Windows Insider community on Copilot+ PCs before rolling out more broadly to our customers.
BlackRock momentum
Four years ago, BlackRock, one of the world’s pre-eminent asset management firms, formed a strategic alliance with Microsoft to move its Aladdin platform to Microsoft Azure. With this foundation on Azure, BlackRock rolled out generative AI tools for global clients with Aladdin Copilot. Through generative AI, Aladdin Copilot serves to strengthen the connective tissue across the platform, leveraging Microsoft technology to help users receive answers instantly to unlock new efficiencies and discover important business insights even faster. Aladdin Copilot makes BlackRock’s Aladdin platform even more intelligent and responsive. That results in enhanced productivity, enables scale and keeps users more informed.
BlackRock’s move to Azure and launch of Aladdin Copilot are just two of the many ongoing milestones in a long-term partnership that also includes an enterprise-wide deal for 24,000 seats of Microsoft 365 Copilot. Today, about 60% of BlackRock’s Copilot user population is leveraging Copilot on a weekly basis. Additionally, BlackRock also recently made the choice to move its on-prem CRM solution to the cloud with Dynamics 365, citing its native integration with Teams and Outlook as one of its primary decision-making factors.
Strength in security
We know that the threat landscape is rapidly evolving, and it’s imperative that we stay ahead of bad actors. At Microsoft we believe that security is a team sport, and we are stronger when we partner as a security community to share information, collaborate and stop bad actors.
In that spirit, and as part of our Secure Future Initiative (SFI), at Ignite we are announcing the largest public security research event in history: the Zero Day Quest. This event, which focuses on AI and cloud security, will offer the largest award pool in the industry at $4 million, in addition to our existing $16 million annual bounty program. This competition aims to attract the world’s best security minds to tackle high-impact scenarios critical to our customers’ security, with award multipliers, starting today.
As the threat landscape has changed, we have seen rapid evolution in the way attackers exploit weaknesses within systems — particularly by navigating graph relationships between identities, files and devices to uncover attack paths. Attackers thinking in graphs cause wider damage from the first point of intrusion. Traditional security products, with limited visibility into these graph relationships, are often better suited to protect specific devices or mediums — like laptops or inboxes — rather than the full scope of potential attack surface.
Today’s Microsoft Security Exposure Management launch is a pivotal step in transforming cybersecurity with savvy data and AI-based strategies. The power of incorporating Microsoft graph data, in context with data from customers’ other third-party security tools, creates a powerful single pane of glass to visualize attack paths before threat actors do. With computing power and cloud-scale performance to distill powerful real-time mapping of assets and evolving risks, Exposure Management assists security teams in preventing intrusions and provides IT, operations and risk leaders with real-time data to support cyber risk decision-making.
This is only a small section of the many exciting features and updates we will be announcing at Ignite. As a reminder, you can view keynote sessions from Microsoft executives including Satya Nadella, Rajesh Jha, Scott Guthrie, Charlie Bell and Vasu Jakkal, live or on-demand.
Plus, you can get more on all these announcements by exploring the Book of News, the official compendium of all today’s news.
The post Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot appeared first on The Official Microsoft Blog.
Two things can be true at the same time. In the case of AI, it is absolutely true that the industry is moving incredibly fast and evolving quickly. It’s also true that hundreds of thousands of customers are using Microsoft AI technology today and, by making early bets on the platform, are seeing big benefits…
The post Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot appeared first on The Official Microsoft Blog.Read More
Microsoft Details Progress Towards a More Secure Exchange Online
Exchange Online Security Updates Focus on EWS, Public Folders, Mail Transport, and More
On November 18, as interest in the Microsoft community turned to the marketing fest at the Ignite conference in Chicago, Microsoft released an interesting technical community post covering security updates for Exchange Online. Given the fundamental role that email plays within Microsoft 365, this is a topic that every tenant needs to pay attention to.
Many of the items listed are restatements of previous news, like the February 2025 deprecation of the App Impersonation RBAC role (I covered this point as a footnote in yesterday’s article). Basically, this is a role that allows Exchange Web Services (EWS) apps to access mailboxes. Microsoft wants to remove the role because it can be a vector to potential mailbox compromise. The problem is that tenants might be unaware that the role is used by an app or script. Microsoft has a PowerShell script to locate accounts that hold the role. It’s worth running the script, just in case.
It’s worth noting that equivalent Graph permissions are available to access content in user mailboxes. Microsoft answer is that tenants should use RBAC for Applications to restrict app access to the set of mailboxes that need to be processed. I agree.
Microsoft restated the plan to remove EWS from Exchange Online in October 2026, noting that the change will break any app based on EWS. Originally, Microsoft originally planned to implement an exception to allow their own EWS-based apps to continue running, but now they say that they’ll phase out EWS well before October 2026.
Gaps in Graph Coverage for EWS Functionality
More interestingly, Microsoft points to known gaps where Microsoft Graph APIs are not capable of taking over from EWS today. They say that they are working to support access to archive mailboxes, but don’t have a delivery date. I imagine that the Exchange admin center will need this API to perform tasks like enabling archives, reporting archive mailbox size, and so on.
Microsoft also noted that they will soon release Graph support for Application settings for Exchange client applications to cover user configuration and folder associated information (FAI). User configurations and FAIs are stored in mailboxes and used to hold settings needed by applications. I imagine that this work involved an extension of the current Graph support for mail items.
The big news in the announcement is that Microsoft says that they cannot deliver Graph support for “several admin features that are available to developers via EWS,” such as setting folder permissions or managing delegates for user mailboxes. Once EWS is deprecated, developers who implement these features in their apps will have to find a different way, perhaps by calling PowerShell using Azure functions.
Exchange Online Management – After much investigation, we have concluded we are unable to provide Graph API access to several admin features that are available to developers via EWS. Once Microsoft removes EWS from Exchange Online, to perform tasks such as setting folder permissions or managing delegates for a user, you will need to call PowerShell in code or use alternative ways to deliver this functionality.
The Final Demise of Public Folders
In addition, Microsoft says that they will no longer provide APIs to programmatically manage public folders after the removal of EWS in October 2026. I assume Microsoft thinks it’s simply not worthwhile to recreate public APIs for public folders because of low usage. Public folders were hot technology when Exchange 4.0 appeared in 1996 and have been on a downhill slope ever since. Despite suitable efforts to eradicate public folders over many years, use persists in a small number of Exchange Online tenants. Microsoft will continue to provide access via “supported” Outlook clients and for bulk import/export.
I presume that the new Outlook for Windows will support public folders. An option is available to add one or more public folders to Outlook favorites but the button to actually add the folder is missing. Maybe Copilot for Outlook didn’t like it. No doubt the button will show up before Microsoft removes for support for Outlook classic sometime after 2029.
I’m not sure if tenants will take the news as a broad hint that they should get off public folders (they should). It’s just sad that the tools to analyze the data in public folders and move what needs to be kept to a more modern alternative are so weak.
Exchange Online Security Updates in Mail Transport
Rounding out the post, Microsoft covers a bunch of recent improvements around DNSSEC and DANE. The news is that Mandatory Outbound SMTP DANE is coming in May 2025 with per-tenant and per-domain settings. Microsoft didn’t cover other efforts to increase the security of the Exchange Online email service, like the introduction of the external recipient rate limit (due on January 1, 2025) or the continuing effort to force hybrid tenants to upgrade on-premises servers to a supported version before email can flow across a connector to Exchange Online.
Finally, Microsoft notes that they recently added OAuth support to the preview of the High Volume Email feature (HVE). This summer, I spent some time working with HVE and ECS, the Azure Email Communication service. Both can do a job for tenants that needs to send bulk email, with HVE a better option for internal-focused email and ECS more suitable for outbound communications. You can read more, including sample PowerShell to send email via HVE and ECS, on Practical365.com.
Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
Indonesian Teachers Won AI TEACH Regional Hackathon with Generative AI-Powered Learning Applications
Two teacher groups from Indonesia—the AI-ASIS (student assistant) team from Sorong, West Papua and AI MISS YOU team from Probolinggo, East Java have secured 1st place and 2nd runner up of AI TEACH Regional Hackathon, an event held by ASEAN Foundation. Both groups earned triumph for their generative AI projects, created after learning about AI through the AI TEACH programme held by Yayasan Plan International Indonesia (Plan Indonesia) in collaboration with Microsoft Indonesia.
Dini Widiastuti, Executive Director of Plan Indonesia, explained that the participation of the Indonesian groups in this event serves as a proof of the teachers’ and students’ proficiency in using generative AI.
“Plan Indonesia is proud of the achievements of the three AI TEACH groups in this regional event. We hope that the development of AI can help improve workforce absorption, so that vocational students and educators can enjoy the same benefits. This is crucial, considering that vocational graduates, especially alumni of Vocational High Schools, still contribute the highest share to the Open Unemployment Rate in Indonesia, at 9.01 percent (BPS, 2024). After the competition, it is expected that teachers and students can share their knowledge with even more people,” said Dini.
AI TEACH is a program to improve generative AI fluency for vocational educators and students in the ASEAN region. AI TEACH is implemented in Indonesia by Plan Indonesia, in Malaysia by the Biji-Biji Initiative, and is monitored regionally by the ASEAN Foundation. This initiative is fully supported by Microsoft, aimed at shaping the region’s tech future where AI proficiency is a cornerstone of success.
“Empowering individuals through AI skilling is at the heart of Microsoft’s mission, ensuring everyone has the tools and knowledge to thrive in a digital future. By equipping teachers with AI skills, we enable them to inspire and guide the next generation in navigating an increasingly complex technological landscape. We are both thrilled and grateful to see the teachers’ enthusiasm in learning and innovating with AI,” said Supahrat Juramongkol, Philanthropies Lead, Microsoft ASEAN.
Indonesian Educators Transforming Learning with AI
First-place winner, the AI-ASIS team, leveraged the usage of generative AI[1] in creating a learning application that will automatically answer student questions about specific school subjects based on the teachers’ curated learning materials. Markus Dwiyanto Tobi, teacher-chief of the team explained how the idea came from the will to help students learning more independently, while also enabling teachers to become facilitators, as required by the Merdeka curriculum.
“We have tested this application in three different schools, including those in the most remote part of Indonesia (3T), and saw how it helped the teachers and the students. We hope to extend the use of this application, so it may benefit more Indonesian students, including those with disabilities,” said Markus at the ASEAN Secretariat on Thursday (14/11).
Meanwhile, Suci Romadani, teacher-representative of the AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning) team explained, her team explored the probability of teaching generative AI to high school students, while also still incorporating teachers’ guidance. The AI MISS YOU team and its students utilized several AI tools to research, experiment, and finally create a beverage called ‘The Dahaga’ from mango leaves—known as Probolinggo’s special delicacy. “We created the AI MISS YOU project so the students will not take suggestions by AI blindly, but to observe them critically. Our team believe that the future is not controlled by AI, but by those who master the AI,” Suci said.
The hackathon was carried out just in time, especially as Microsoft and LinkedIn’s Work Trend Index 2024 shows that as many as 92 percent of knowledge workers[2] in Indonesia already use generative AI at work, surpassing global (75 percent) and Asia Pacific (83%) averages. Meanwhile, Kearney predicts that AI can contribute to increasing Indonesia’s GDP by up to 12 percent or around 366 billion US dollars by 2030.
After the regional hackathon event, the AI TEACH program will enter its final round of implementation in Indonesia. Up to November 2024, this program has reached 2,500 teachers and students from across Indonesia.
—
[1] Prompt-based AI tool used to generate visual, text, or audio instantly based on machine repository.
[2]Those who typically work at a desk (whether in an office or at home). This group includes those who are in person or working remotely in some capacity.
__
Indonesian Team Profile – Participants in the AI TEACH Regional Hackathon
Group 1
“Implementation of AI ASIS (Student Assistant) to Improve Assessment and Learning in the Independent Curriculum in Vocational High Schools”
Main Teacher/Group Leader: Markus Dwiyanto Tobi Sogen
Region of Origin: Sorong, West Papua
Markus Dwiyanto and his team developed AI ASIS to automatically answer student questions. Its use is considered easy, because the application is integrated into existing devices, so teachers do not need to switch applications.
Although students are more involved as users and not developers, this project is considered ready to be implemented more widely. The total duration of application development is 6 months, with trials on 50 students.
Group 2
“AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning)”
Main Teacher/Group Leader: Fafan Adisumboro
Region of Origin: Probolinggo, East Java
Fafan and his team created the AI MISS YOU project to teach students not to immediately accept information obtained through AI, but to process and think about its contents first. This process is considered important so that students remain critical and creative in gaining knowledge.
The AI MISS YOU team succeeded in creating an interesting project concept by actively involving students. Their presentation was also clear, easy to understand, and very relevant to current learning.
Group 3
“Team-Based Learning (TBL) Assisted by AI”
Main Teacher/Group Leader: M. Elfin Noor
Region of Origin: Jepara, Central Java
Starting from the concerns of students and teachers, Elfin Noor and a team consisting of teachers and students created TBL Assisted by AI to facilitate the teaching and learning process in schools. The team utilizes effective collaboration between teachers and students to complete the project, starting from the ideation stage to prototyping and testing.
Elfin Noor and his team’s project use the Team-Based Learning (TBL) method, which is a type of learning that involves both teachers and students to form a learning team to strengthen each student’s hard and soft skills. By combining the TBL method and the use of AI, this project aims to make it easier for teachers to teach, as well as help students find achievements, learning styles, and provide healthy competition to achieve learning targets. This grouping allows provision of materials and assignments that are suitable for each group’s level of abilities. In addition, the project provides flexibility and versatility that allows usage of AI-assisted TBL across various levels of education and subjects.
Guru Indonesia Memenangkan Hackathon Regional AI TEACH melalui Aplikasi Pembelajaran Berbasis AI Generatif
Read in English here.
Dua kelompok pendidik dari Indonesia—tim AI-ASIS (student assistant) dari Sorong, Papua Barat dan tim AI MISS YOU dari Probolinggo, Jawa Timur—berhasil meraih posisi juara 1 dan juara 3 dari ajang hackathon regional AI TEACH, acara yang diselenggarakan oleh ASEAN Foundation. Kedua kelompok ini meraih kemenangan melalui penciptaan proyek pembelajaran berbasis kecerdasan buatan (Artificial Intelligence atau AI) Generatif—sebuah kemampuan yang didapat melalui program AI TEACH yang diselenggarakan oleh Yayasan Plan International Indonesia (Plan Indonesia) dengan dukungan Microsoft Indonesia.
Dini Widiastuti, Direktur Eksekutif Plan Indonesia menjelaskan, keikutsertaan kelompok Indonesia dalam ajang regional ini merupakan bukti dari kefasihan para guru dan murid dalam menggunakan alat AI Generatif di bidang pendidikan vokasi.
“Plan Indonesia turut berbangga atas pencapaian ketiga kelompok AI TEACH di ajang regional ini. Kami berharap, perkembangan AI dapat membantu meningkatkan penyerapan tenaga kerja, sehingga pelajar dan pendidik vokasi dapat menikmati manfaat yang sama. Ini penting, mengingat lulusan vokasi, khususnya alumni Sekolah Menengah Kejuruan, masih menjadi penyumbang Tingkat Pengangguran Terbuka tertinggi di Indonesia, yaitu sebesar 9,01 persen (BPS, 2024). Setelah perlombaan, diharapkan para guru dan murid dapat berbagi pengetahuan kepada lebih banyak pihak lagi,” ujar Dini.
AI TEACH merupakan program peningkatan kemampuan penggunaan AI generatif agar pendidik dan murid vokasi di wilayah ASEAN dapat meningkatkan pengalaman mereka. AI TEACH di Indonesia dilaksanakan oleh Plan Indonesia, di Malaysia oleh Biji-Biji Initiative, dan dipantau secara regional oleh ASEAN Foundation. Inisiatif ini didukung penuh oleh Microsoft, sebagai bentuk dukungan pemerataan kemampuan AI di wilayah Asia Tenggara.
“Mendukung pemberdayaan individu melalui kemampuan AI adalah inti dari misi Microsoft. Terutama, agar semua orang memiliki alat dan pengetahuan yang diperlukan untuk meraih kesuksesan di masa depan. Dengan membekali para guru dengan kemampuan AI, kita mendukung mereka untuk menginspirasi dan membimbing generasi penerus dalam mengarungi lanskap teknologi yang kian kompleks ini. Kami sangat senang dan berbangga karena dapat melihat antusiasme para pengajar dalam mempelajari dan berinovasi dengan AI,” ujar Supahrat Juramongkol, Philanthropies Lead, Microsoft ASEAN.
Transformasi Pendidikan melalui AI oleh Para Guru Indonesia
Pemenang pertama hackathon regional AI TEACH, tim AI-ASIS, memanfaatkan penggunaan AI generatif[1] dalam membuat aplikasi pembelajaran yang secara otomatis akan menjawab pertanyaan murid berdasarkan materi pembelajaran yang telah dipilih oleh guru mereka. Markus Dwiyanto Tobi, guru sekaligus ketua tim AI-ASIS, menjelaskan bahwa ide ini berasal dari keinginan untuk membantu murid belajar lebih mandiri, sekaligus memungkinkan guru untuk menjadi fasilitator, seperti prinsip kurikulum Merdeka.
“Kami telah menguji aplikasi ini di tiga sekolah yang berbeda, termasuk yang berada di bagian paling terpencil di Indonesia (3T), dan melihat bagaimana aplikasi AI-ASIS membantu para guru dan murid. Kami berharap dapat memperluas penggunaan aplikasi, sehingga dapat bermanfaat bagi lebih banyak murid Indonesia, termasuk para murid dengan disabilitas,” kata Markus di Gedung Sekretariat ASEAN, Kamis (14/11).
Sementara itu, Suci Romadani, perwakilan dari tim AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning) menjelaskan, timnya mengeksplorasi kemungkinakan mengajarkan AI generatif kepada murid SMA, sambil tetap memastikan adanya bimbingan guru. Tim AI MISS YOU dan para murid yang berpartisipasi menggunakan beberapa alat AI untuk meneliti, bereksperimen, dan akhirnya membuat minuman yang disebut ‘Teh Dahaga’ dari daun mangga—yang dikenal sebagai buah khas Probolinggo. “Kami membuat proyek AI MISS YOU agar murid tidak akan menerima saran AI mentah-mentah, tetapi agar mereka juga bias menilai informasi yang ada dengan kritis. Tim kami percaya bahwa masa depan tidak dikendalikan oleh AI, tetapi oleh mereka yang menguasai AI,” kata Suci.
Ajang hackathon regional ini dapat dikatakan dilakukan tepat waktu, terutama karena Microsoft dan LinkedIn Work Trend Index 2024 menunjukkan bahwa sebanyak 92 persen Pekerja Berpengetahuan[2] di Indonesia sudah menggunakan AI generatif di tempat kerja mereka. Angka ini melampaui rata-rata global (75 persen) dan Asia Pasifik (83 persen). Sementara itu, Kearney memprediksi AI dapat berkontribusi dalam meningkatkan PDB Indonesia hingga 12 persen atau sekitar 366 miliar dolar AS pada tahun 2030.
Setelah ajang hackathon regional, program AI TEACH memasuki fase implementasi terakhirnya di Indonesia. Hingga November 2024, program ini telah menjangkau 2.500 orang pendidik dan murid dari berbagai wilayah di Indonesia.
—-
Profil Tim Nasional –Partisipan Hackathon Regional AI TEACH
Kelompok 1
“Implementasi AI ASIS (Asisten Siswa) untuk Meningkatkan Asesmen dan Pembelajaran dalam Kurikulum Merdeka di SMK”
Guru Utama/Ketua Kelompok: Markus Dwiyanto Tobi Sogen
Asal Daerah: Sorong, Papua Barat
Markus Dwiyanto dan tim mengembangkan AI ASIS untuk menjawab pertanyaan murid secara otomatis. Penggunaannya tergolong mudah, karena aplikasi ini diintegrasikan ke dalam perangkat yang sudah ada, sehingga guru tidak perlu berganti-ganti aplikasi.
Meskipun murid terlibat lebih sebagai pengguna dan bukan pengembang, proyek ini dinilai sudah siap diterapkan lebih luas. Total durasi pengembangan aplikasi adalah selama 6 bulan, dengan ujicoba kepada 50 murid.
Kelompok 2
“AI MISS YOU (Artificial Intelligence untuk Meningkatkan Bernalar Kritis Siswa Yang Original dan Unik)”
Guru Utama/Ketua Kelompok: Fafan Adisumboro
Asal Daerah: Probolinggo, Jawa Timur
Fafan dan tim membuat proyek AI MISS YOU untuk mengajarkan murid agar tidak langsung menerima informasi yang diperoleh lewat AI, melainkan mengolah dan memikirkan isinya terlebih dulu. Proses ini dinilai penting agar murid tetap kritis dan kreatif dalam memperoleh ilmu.
Tim AI MISS YOU berhasil menciptakan konsep proyek yang menarik dengan melibatkan murid secara aktif. Presentasi mereka juga jelas, mudah dipahami, serta sangat relevan bagi pembelajaran saat ini.
Kelompok 3
“Team-Based Learning (TBL) Berbantuan AI”
Guru Utama/Ketua Kelompok: M. Elfin Noor
Asal Daerah: Jepara, Jawa Tengah
Berangkat dari keresahan murid dan guru, Elfin Noor dan tim yang terdiri dari guru dan murid membuat TBL Berbantuan AI untuk mempermudah proses belajar-mengajar di sekolah. Hal ini dilakukan dengan kolaborasi yang efektif antara guru dengan murid, mulai dari tahap ideasi hingga prototyping dan testing.
Proyek Elfin Noor dan tim ini menggunakan metode Team-Based Learning (TBL), yaitu jenis pembelajaran yang melibatkan sekelompok murid untuk membentuk tim belajar guna memperkuat hard skill dan soft skill setiap murid. Dengan menggabungkan metode TBL dan pemanfaatan AI, proyek ini bertujuan memudahkan guru dalam mengajar, serta membantu murid menemukan prestasi, gaya belajar, dan memberikan persaingan yang sehat untuk mencapai target belajar. Pengelompokan ini memungkinkan pemberian materi dan tugas yang sesuai dengan tingkat kemampuan masing-masing kelompok. Selain itu, fleksibilitas dan keserbagunaannya memungkinkan penggunaan TBL berbantuan AI di berbagai tingkat pendidikan dan mata pelajaran.
[1] Teknologi AI yang menggunakan teknik prompting untuk membuat visual, teks, hingga audio secara instan berdasarkan repositori mesin yang ada.
[2] Pekerja yang biasanya bekerja di balik meja, baik di kantor maupun di rumah.
8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society
As fans of books, especially in their physical format, it is our great pleasure to launch 8080 Books, an imprint of Microsoft. Our first title, No Prize for Pessimism, is authored by Sam Schillace, deputy chief technology officer at Microsoft, and is available today. Our second title, Platform Mindset, by Marcus Fontoura, will be available later this year.
Computing has become an essential ingredient to almost every endeavor on our planet, and, as students of both Microsoft and technology, our goal with 8080 Books is to publish original research, ideas and insights at the intersection of science, technology and business, and, in doing so, to help advance discourse on this important landscape.
The name of our imprint takes its inspiration from the 8080 microprocessor — a foundation for the company’s earliest software breakthroughs. Not coincidentally, 8080 is also the last four digits of Microsoft’s corporate headquarters phone number.
With a combined tenure of, well, let’s just say a long time, we’re both acutely aware of the rich well of talent at Microsoft from which we can draw upon and publish under the 8080 Books imprint over time. However, our intention is that we will seek to use this not just as a platform for Microsoft authors but also to showcase minds and ideas from outside of the company.
While we are not currently accepting unsolicited manuscripts, our website does provide more details about our plans, such as evaluating out of print titles that we feel remain relevant to today’s leaders, and why we feel the time is right to launch this imprint.
We hope you enjoy our launch title, which is available here, and we look forward to hearing your feedback, questions and ideas as we embark on this new adventure.
For anyone in the Puget Sound area, we invite you to Schillace’s first reading and signing at Brick & Mortar Books, on Wednesday, Dec. 11 in Redmond, Washington. Check here for details. Space is limited.
The post 8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society appeared first on The Official Microsoft Blog.
As fans of books, especially in their physical format, it is our great pleasure to launch 8080 Books, an imprint of Microsoft. Our first title, No Prize for Pessimism, is authored by Sam Schillace, deputy chief technology officer at Microsoft, and is available today. Our second title, Platform Mindset, by Marcus Fontoura, will be available…
The post 8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society appeared first on The Official Microsoft Blog.Read More
Mandatory MFA Requirement for Microsoft 365 Admin Center
Mandatory MFA for Microsoft 365 Admin Center Connections from February 3, 2025
After their communications triumph around the announcement of the imposition of an MFA requirement to sign into Azure administrative endpoints like the Entra admin center earlier this year, Microsoft is moving to its next target. According to a Microsoft Technical Community post of November 11, 2024, they will roll out the requirement for connections to the Microsoft 365 admin center to pass a mandatory multifactor challenge beginning on February 3, 2025.
Rolling out a change like this to hundreds of thousands of Microsoft 365 tenants can’t be done overnight. Microsoft says that tenant administrators will receive notification 30 days before the restriction commences.
The last time round, people panicked when they assumed that all connections to Azure, including those from non-privileged user accounts, would need to use MFA. However, the set of affected endpoints featured sites that few “normal users” go near simply because they have no need to connect to administrative portals like the Intune admin center or PowerShell modules like Azure.
The same rules apply here. Only accounts holding administrative roles that need to connect to the Microsoft 365 admin center are affected. There’s probably a broader set of roles involved, and the new restriction means that staff like help desk personnel might be required to use MFA for the first time. But here’s the thing: anyone accessing the Microsoft 365 admin center to perform administrative tasks for a tenant should already be using MFA. Those who don’t are inviting compromise of their accounts by attackers that leads to potential compromise of the entire tenant depending on the roles held by the account.
Figuring Out Who Might be Affected by the Mandatory MFA Requirement
If you have Entra P1 licenses, you can use PowerShell to analyze Entra Audit sign-in logs to determine the set of accounts that use MFA. Audit logs only go back 30 days, but it’s enough to have a good idea. Alternatively, you could use PowerShell to interrogate the sign-in logs to find successful connections to the app used by the Microsoft 365 admin center (the app name reveals its roots), reduce the set to find unique user accounts, and check each user account to validate if it uses MFA. In this example, I use the Get-MgServicePrincipal cmdlet to find the identifier of the app. You could also scan the sign-in logs in the Entra admin center to find a record for a connection to the Microsoft 365 admin center. The beta version of the Get-MgAuditLogSignIn cmdlet is used to fetch sign-in records because it returns information about authentication requirements. Here’s some code to do the job (available from GitHub):
Connect-MgGraph -Scope AuditLogs.Read.All $M365AdminCenterId = (Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Office 365 Portal'").AppId Write-Host "Checking for sign-ins to the Microsoft 365 Admin center..." [array]$M365PortalSignIns = Get-MgBetaAuditLogSignIn -Filter "AppId eq '$M365AdminCenterId' and status/ErrorCode eq 0" -All -PageSize 500 [array]$UniqueUsers = $M365PortalSignIns | Sort-Object UserPrincipalName -Unique $Report = [System.Collections.Generic.List[Object]]::new() ForEach ($User in $UniqueUsers) { $MFA = "Not enabled" If ($User.authenticationRequirement -eq 'multifactorauthentication') { $MFA = "Enabled" } $ReportLine = [PSCustomObject] @{ User = $User.UserDisplayName 'MFA Status' = $MFA 'Last sign-in' = $User.createdDateTime } $Report.Add($ReportLine) } $Report User MFA Status Last sign-in ---- ---------- ------------ Hans Geering (Project Management) Enabled 09/11/2024 20:50:47 Ken Bowers Enabled 16/11/2024 13:20:40 Lotte Vetler (Paris) Enabled 15/11/2024 13:23:06 Paul Robichaux (Office 365 for IT Pros) Not enabled 29/10/2024 19:46:04 Tony Redmond Enabled 03/11/2024 15:30:24
Another approach is in the user passwords and authentication report script, which generates a comprehensive report about user accounts, passwords, sign-ins, and registered MFA methods. You can check this report to make sure that the users detected using the Microsoft 365 admin center have suitable MFA methods registered.
Another helpful script generates a report about accounts holding administrative role assignments. You can use the information in the report (and the CSV file generated by the script) to focus on the accounts that will be affected by the new mandatory MFA requirement. For example, accounts holding the user administrator role (Figure 1) will need to satisfy the mandatory MFA requirement to connect to the Microsoft 365 admin center after Microsoft deploys the change to your tenant.
Essentially, PowerShell is your friend when it comes to finding out who uses MFA in a tenant.
The Ongoing Need to Accelerate the Adoption of MFA
According to a Microsoft research report, MFA reduces the risk of account compromise by 99.22% across all accounts and by 98.56% for leaked account credentials (usernames and passwords). The last figures shared by Microsoft said that only 38% of Entra ID monthly active users use MFA (February 2024). Microsoft is on a campaign to get that number to at least 80% and enforcing mandatory requirements for MFA to connect to different sites is a good way to drive that message home.
One thing’s for sure. Microsoft is not going to stop imposing mandatory MFA requirements to connect to Microsoft 365. I expect the campaign to continue and spread to user-focused applications like Teams and Outlook. Quite when that will happen is anyone’s guess, but the important thing is to get ahead of the game by accelerating the adoption of MFA to protect Microsoft 365 user accounts, preferably using strong authentication methods like the Microsoft Authenticator app, FIDO2 keys, or software passkeys.
Another Big Change Coming in February 2025
Another big thing that will happen in February 2025 is the deprecation of the ApplicationImpersonation role in Exchange Online. This might not seem important to you, but it might be. Many bespoke and third-party tools use this role with Exchange Web Services (EWS) to access mailboxes. If you don’t check now, you might have an unpleasant surprise early in 2025. The Microsoft post references some tools to help check a tenant. It’s worth taking the time to do so.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across the Microsoft 365 ecosystem. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.
GovAI Hackathon Produces Five Generative AI Solutions to Improve the Quality of Government Services in Indonesia
The Ministry of Finance, in collaboration with the Ministry of Foreign Affairs and the Ministry of Health, along with Microsoft Indonesia, Association of State-Owned Banks (Himbara/Himpunan Bank Negara), and Telkom Indonesia, have successfully concluded the 2024 GovAI Hackathon series. The innovative competition, open to all Indonesians, aimed to drive AI breakthroughs in artificial intelligence (AI) – especially generative AI – across four critical themes in government services. This year’s event attracted 191 teams comprising 495 participants, an increase of more than 100 percent compared to the previous year’s event with 93 teams from 271 participants.
The four themes addressed during the competition included: (1) stunting prevention and improving school children’s nutrition, (2) integrated and responsive digital public services, (3) economic diplomacy and empowerment of MSMEs for exports, as well as (4) transparent and accountable state financial management. Additional institutions, such as MoF-DAC, BPS, BRAIN IPB, KORIKA, University of Indonesia, and PKN STAN, also played active roles in organizing the 2024 GovAI Hackathon.
Agus Rofiudin, OBTI Expert Staff and CIO of the Ministry of Finance said, “Indonesia has entered the digital era at an accelerated pace. With internet penetration exceeding 72%, the potential for leveraging technology, especially AI, in the public sector to enhance the quality of life is immense. That’s why we organized the GovAI Hackathon—to gather innovative, AI-driven ideas from Indonesia’s brightest talents to assist the government in delivering higher-quality public services.”
The event series, which began in October 2024, was inaugurated with AI training open to the public. These included seven online classes led by speakers from Microsoft and Nawatech, attended by over 1,000 participants. Armed with the training, a total of 147 teams submitted their generative AI solution ideas, with 10 selected teams receiving further assistance from Microsoft, the Ministry of Finance – Data Analytics Community (MoF-DAC), and other Ministries and Institutions to create Minimum Viable Products (MVPs)[1] for their ideas, using Microsoft Azure technology. Of the 10 MVPs, 5 have now been selected, and their MVPs will be realized in government programs.
Acep Somantri, Expert Staff for Management of the Ministry of Foreign Affairs said, “The highest appreciation for the participants of the GovAI Hackathon 2024 who have provided inspiration for various improvements to government services based on generative AI technology. The ideas with a complete technology architecture from the participants are proof of the great potential of AI in Indonesia. We believe that collaboration between the government, the private sector, and academia will drive greater progress in Indonesia’s digital transformation, for the well-being of the Indonesian people.”
Five Selected Solutions for Indonesia
Here are the five selected solutions, which have realized their ideas into the form of MVPs:
UINNOVATOR with NuSantap, an innovative solution that integrates generative AI technology and computer vision. By utilizing AI algorithms, NuSantap is able to provide menu recommendations that are tailored to the nutritional needs of each individual and the availability of local food resources. Computer vision technology is used to accurately detect signs of nutritional deficiencies.
AI network with DIPLOMAT-AI, a generative AI for market intelligence analysis, mapping MSME export potential and foreign market penetration. The platform provides a one-stop solution with various analysis tools and AI-based prediction models, which are used to estimate market potential in various accreditation countries. In addition, DIPLOMAT-AI also offers comprehensive trade indicators, covering the role and direction of trade, trade structure, applicable regulations, and trade barriers in the destination country. DIPLOMAT-AI is equipped with a Retrieval-Augmented Generation (RAG)-based interactive chatbot generate Market Intelligence Report feature. This feature allows users to get market reports automatically compiled in PDF format as an easily accessible reference, as well as an interactive chatbot service that can answer questions about regulations, tariffs, and market opportunities in real time.
Project Ember with an AI-based solution that assesses carbon sequestration potential using satellite imagery. Data from satellite imagery that contains visual information about specific areas, such as vegetation and land conditions, is used as a raw material to map areas that have the potential to absorb carbon. Furthermore, the AI works to identify areas of interest by classifying which areas of vegetation and non-vegetation are highly accurate. Once the area of interest is identified, the analysis continues with the calculation of carbon potential based on plant type and area. Then adjustments will be made based on the density and health of the vegetation so that the resulting values are close to the actual conditions. The results of the analysis were converted into economic value estimates based on carbon price information in the current market.
AI4Indonesia with Trace.AI (Transparent Review and Cost Evaluation Powered by Gen-AI), an innovative generative AI-based solution to review and evaluate budgets effectively and transparently. This solution is automatically able to check proposal documents, as well as compare prices with internal and external data to detect indications of markup (adjusted to Government Regulation Number 12 of 2021 concerning the procurement of goods and services). Furthermore, the systems in this solution will provide data-driven recommendations and necessary actions, increasing efficiency, transparency, and accountability in every step of the procurement process.
Timses AITIES with Ainara, an innovative solution that integrates blockchain technology, smart contracts, and generative AI to create real-time transparency and accountability in village fund management. Every transaction is permanently recorded on the blockchain and smart contracts; ensuring that the disbursement of funds only occurs when conditions are met, thereby reducing the risk of corruption. With LaporNara, project progress reports are automatically compiled and can be accessed by the public through the PantauNara dashboard to facilitate monitoring. In addition, AwasNara detects expenditure anomalies that ensure funds are used according to standards. Ainara supports more open and participatory oversight and contributes to building a transparent and accountable future for villages.
In addition to the five selected solutions, special appreciation was also given to the other five finalists, namely:
- Sigma with the development of multi-agent AI in providing harmonized system code recommendations
- Sasyaditomonica with GARDA, Generative AI for Risk and Threat Detection
- Tomodachi with Mool Intelligence, a generative AI-powered government services marketplace
- NUTRI TEAM with NutriCare 1000, nurturing the first 1,000 days with AI
- Treasury Data Lab with FORTRESS-ID, Forecasting Overseas Risks and Threat Responses
Maya Arvini, Director of Public Sector at Microsoft Indonesia, stated, “We are honored to participate in the 2024 GovAI Hackathon. The surge in the number of participants this year indicates the rapid adoption of generative AI technology in Indonesia. This speed is in line with the findings of the 2024 Work Trend Index from Microsoft and LinkedIn, where 92% of knowledge workers in Indonesia are recorded to have used generative AI in the workplace, surpassing global (75%) and Asia Pacific (83%) figures. It is not only about speed; the ideas in the proposal and recommendations for a comprehensive technological architecture reflect real solutions to various critical issues in Indonesia. These ideas will create strong pillars to support Indonesia’s journey towards a Golden Indonesia 2045.”
###
[1]An early version of the product with the most basic features needed to meet the needs of early users. The goal of an MVP is to test business assumptions and get feedback from users quickly, so that developers can iterate and make improvements based on real data.
GovAI Hackathon Cetak Lima Solusi Generative AI untuk Tingkatkan Kualitas Layanan Pemerintahan di Indonesia
Read in English here
Kementerian Keuangan bersama Kementerian Luar Negeri dan Kementerian Kesehatan, dalam kerja sama dengan Microsoft Indonesia, Himbara (Himpunan Bank Negara), dan Telkom Indonesia, baru saja menyelesaikan rangkaian GovAI Hackathon 2024. Kompetisi penciptaan solusi inovatif yang terbuka bagi seluruh masyarakat Indonesia dengan tujuan membuat terobosan AI–terutama generative AI–di empat tema besar layanan pemerintahan ini berhasil menarik 191 tim yang terdiri dari 495 peserta. Jumlah tersebut meningkat 100 persen lebih dibandingkan penyelenggaraan tahun sebelumnya dengan 93 tim dari 271 peserta.
Keempat tema besar yang dikompetisikan yakni: (1) pencegahan stunting dan peningkatan gizi anak sekolah, (2) pelayanan publik digital terintegrasi dan responsif, (3) diplomasi ekonomi dan pemberdayaan UMKM untuk ekspor, (4) serta pengelolaan keuangan negara yang transparan dan akuntabel. Dalam prosesnya, sejumlah lembaga lain juga mengambil peranan aktif dalam penyelenggaraan GovAI Hackathon 2024, seperti MoF-DAC, BPS, BRAIN IPB, KORIKA, Universitas Indonesia, dan PKN STAN.
Agus Rofiudin, Staf Ahli OBTI dan juga CIO Kemenkeu mengatakan, “Indonesia telah menapaki era digital dengan laju yang sangat pesat. Dengan penetrasi internet mencapai lebih dari 72%, potensi pemanfaatan teknologi, khususnya AI, di sektor pemerintahan untuk meningkatkan kualitas hidup masyarakat sangatlah besar. Itulah sebabnya kami menyelenggarakan GovAI Hackathon, untuk mengumpulkan ide inovatif berbasis AI dari para talenta terbaik di Indonesia yang dapat membantu pemerintah meningkatkan kualitas layanan publik”.
Rangkaian kegiatan yang dilakukan sejak Oktober 2024 tersebut diawali dengan pelatihan AI untuk umum melalui tujuh kelas online bersama pembicara dari Microsoft dan Nawatech, dengan total peserta mencapai lebih dari seribu orang. Berbekalkan pelatihan yang diperoleh, sebanyak 147 tim mengumpulkan ide solusi generative AI mereka, dengan 10 tim terpilih mendapatkan pendampingan lanjutan dari Microsoft, Kementerian Keuangan – Komunitas Analisis Data (MoF-DAC), serta Kementerian Lembaga lain untuk menciptakan Minimum Viable Products (MVP)[1] atas ide mereka, dengan menggunakan teknologi Microsoft Azure. Dari 10 MVP tersebut, kini terpilih 5 yang MVP-nya akan diwujudkan dalam program pemerintah.
Acep Somantri, Staf Ahli Bidang Manajemen Kemenlu mengatakan, “Apresiasi tertinggi untuk para peserta GovAI Hackathon 2024 yang telah memberikan inspirasi ide akan berbagai peningkatan layanan pemerintahan berbasis teknologi generative AI. Ide dengan arsitektur teknologi yang lengkap dari para peserta menjadi bukti akan besarnya potensi AI di Indonesia. Kami percaya bahwa kolaborasi antara pemerintah, sektor swasta, dan akademisi akan mendorong kemajuan yang lebih besar dalam transformasi digital Indonesia, demi kesejahteraan rakyat Indonesia.”
Lima Solusi Terpilih untuk Indonesia
Berikut adalah kelima solusi terpilih, yang telah merealisasikan ide mereka ke dalam bentuk MVP:
UINNOVATOR dengan NuSantap, solusi inovatif yang mengintegrasikan teknologi generative AI dan computer vision. Dengan memanfaatkan algoritma AI, NuSantap mampu memberikan rekomendasi menu yang disesuaikan dengan kebutuhan gizi setiap individu serta ketersediaan sumber daya pangan lokal. Teknologi computer vision digunakan untuk mendeteksi tanda-tanda defisiensi nutrisi secara akurat.
Network AI dengan DIPLOMAT-AI, suatu generative AI untuk analisis market intelligence pemetaan potensi ekspor UMKM dan penetrasi pasar luar negeri. Platform ini menyediakan one-stop solution dengan berbagai alat analisis dan model prediksi berbasis AI, yang digunakan untuk memperkirakan potensi pasar di berbagai negara akreditasi. Selain itu, DIPLOMAT-AI juga menawarkan indikator perdagangan yang komprehensif, meliputi peran dan arah perdagangan, struktur perdagangan, regulasi yang berlaku, dan hambatan perdagangan di negara tujuan. DIPLOMAT-AI dilengkapi dengan dengan fitur generate Market Intelligence Report dan chatbot interaktif berbasis Retrieval-Augmented Generation (RAG). Fitur ini memungkinkan pengguna untuk mendapatkan laporan pasar yang disusun secara otomatis dalam format PDF sebagai referensi yang mudah diakses, serta layanan chatbot interaktif yang dapat menjawab pertanyaan seputar regulasi, tarif, dan peluang pasar secara real time.
Ember Proyek dengan solusi berbasis AI yang melakukan penilaian potensi serapan karbon menggunakan citra satelit. Data dari citra satelit yang berisi informasi visual mengenai wilayah tertentu seperti vegetasi dan kondisi lahan digunakan sebagai bahan mentah untuk memetakan area yang berpotensi menyerap karbon. Selanjutnya, AI bekerja untuk mengidentifikasi area of interest dengan mengklasifikasikan mana area vegatasi dan non-vegetasi berakurasi tinggi. Setelah area of interest teridentifikasi, analisis dilanjutkan dengan perhitungan potensi karbon berdasarkan jenis tanaman dan luas. Kemudian akan dilakukan penyesuaian berdasarkan kerapatan dan kesehatan vegetas sehingga nilai yang dihasilkan mendekati kondisi yang sebenarnya. Hasil analisis dilakukan konversi estimasi nilai ekonomi berdasarkan informasi harga karbon di pasar saat ini.
AI4Indonesia dengan Trace.AI (Transparent Review and Cost Evaluation Powered by Gen-AI), sebuah solusi inovatif berbasi generative AI untuk meninjau dan mengevaluasi anggaran secara efektif dan transparan. Solusi ini secara otomatis mampu memeriksa dokumen proposal, serta membandingkan harga dengan data internal dan eksternal untuk mendeteksi indikasi mark-up (disesuaikan dengan PP Nomor 12 Tahun 2021 tentang pengadaan barang dan jasa). Selanjutnya, sistem dalam solusi ini akan memberikan rekomendasi berbasis data dan tindakan yang diperlukan, meningkatkan efisiensi, transparansi, dan akuntabilitas dalam setiap langkah proses pengadaan.
Timses AITIES dengan Ainara, solusi inovatif yang mengintegrasikan teknologi blockchain, smart contracts, dan generative AI untuk menciptakan transparansi dan akuntabilitas real time dalam pengelolaan dana desa. Setiap transaksi dicatat permanen di blockchain dan smart contracts; memastikan penyaluran dana hanya terjadi saat syarat terpenuhi, sehingga mengurangi risiko korupsi. Dengan LaporNara, laporan progres proyek disusun otomatis dan dapat diakses publik melalui dashboard PantauNara untuk memudahkan pemantauan. Selain itu, AwasNara mendeteksi anomali pengeluaran yang memastikan dana digunakan sesuai standar. Ainara mendukung pengawasan yang lebih terbuka dan partisipatif serta berkontribusi dalam membangun masa depan desa yang transparan dan akuntabel.
Selain kelima solusi terpilih tersebut, apresiasi khusus juga diberikan kepada lima finalis lainnya, yaitu:
- Sigma dengan pengembangan multi agent AI dalam memberikan rekomendasi kode harmonized system
- Sasyaditomonica dengan GARDA, Generative AI untuk Risiko dan Deteksi Ancaman
- Tomodachi dengan Mool Intelligence, sebuah generative AI-powered government services marketplace
- NUTRI TEAM dengan NutriCare 1000, nurturing the first 1.000 days with AI
- Treasury Data Lab dengan FORTRESS-ID, Forecasting Overseas Risks and Threat Responses
Maya Arvini, Direktur Sektor Publik Microsoft Indonesia mengatakan “Kami merasa terhormat dapat berpartisipasi dalam penyelenggaraan GovAI Hackathon 2024. Lonjakan jumlah peserta tahun ini mengindikasikan cepatnya tingkat adopsi teknologi generative AI masyarakat Indonesia. Kecepatan ini selaras dengan temuan Work Trend Index 2024 dari Microsoft dan LinkedIn, di mana 92% knowledge workers di Indonesia tercatat sudah menggunakan generative AI di tempat kerja; lebih tinggi dibandingkan angka global (75%) dan Asia Pasifik (83%). Tidak hanya soal kecepatan, ide-ide yang ada di dalam proposal, berikut rekomendasi arsitektur teknologinya yang komprehensif, juga menujukkan solusi nyata dari berbagai isu kritikal di Indonesia. Berbagai ide tersebut akan menciptakan pilar kuat untuk mendukung perjalanan Indonesia menuju Indonesia Emas 2045.”
###
[1]Versi awal produk dengan fitur paling dasar yang diperlukan untuk memenuhi kebutuhan pengguna awal. Tujuan MVP adalah menguji asumsi bisnis dan mendapatkan umpan balik dari pengguna dengan cepat, sehingga pengembang dapat melakukan iterasi dan perbaikan berdasarkan data nyata.
Use the Audit Log to Find the Last Accessed Date for Documents
Exploit File Operations Audit Events to Find Who Accessed a Document Last
I’m speaking about how to master the unified (Microsoft 365) audit log at the European SharePoint Conference (ESPC) event in Stockholm in early December. At this point in the proceedings, the normal panic about putting together a presentation is in full swing, and I’ve been busy creating slides and examples.
In May 2024, I published an article about how to use the Microsoft Graph PowerShell SDK to create a report of files in a SharePoint Online document library. The idea is that it’s hard to understand everything that’s in a document library by scrolling through file details in the SharePoint browser app. Sometimes it’s just easier to see things in a report, and it’s definitely easier to figure out which files can be removed to clean up the document library. The temptation to leave well alone is deep in us all, but cleaning out old files from SharePoint has two benefits: it returns some storage quota, and it eliminates some of the potential for digital rot that can affect AI results.
A reader asked if the SharePoint files report could include the last accessed date for documents. The Graph API to List children of a drive item (folder) or the equivalent SDK Get-MgDriveItemChild cmdlet doesn’t return a last accessed date as far as I can see, so some other method must be used.
Analyzing SharePoint Online File Operations Audit Events
The unified audit log is a feature available to all tenants with Office 365 E3 or higher licenses. SharePoint Online creates a profusion of audit events that the audit log ingests on an ongoing basis. In this case, we’re interested in the FileAccessed event, which is logged when someone opens a file. Other events are logged for creation (FileUploaded), modification (FileModified), downloaded (FileDownload), and so on. You might be surprised at how many file operation events are logged for a busy SharePoint Online site. Figure 1 shows the count of file operations for some of documents used to generate the Office 365 for IT Pros eBook over the last six months.
Scripting a Solution Based on File Operations Audit Events
The outline of the PowerShell script to answer the request is:
- Connect to Exchange Online with an administrator account.
- Run the Search-UnifiedAuditLog to find SharePoint file operations audit events for the target site over whatever period is required. Office 365 E3 tenants store audit events for 180 days. E5 tenants store events for 365 days. Remove any duplicates that might have been fetched from the audit log. You could also interrogate the audit log with the Graph AuditLog Query API, but richer information is fetched by Search-UnifiedAuditLog.
- Filter out file events logged by human users. SharePoint Online has many background processes to do things like clean out the recycle bin, preserve files for retention, and so on. We’re not interested in system events.
- The full set of file operation events can be used to generate statistics, such as the count of user activity over the period, or the number of operations for individual files. We’re interested in file access events only, so the script populates a separate array with those events.
- By grouping the file access events by file name and sorting the events by date, we can easily extract the last accessed date for each file. The result is something like this:
File User Timestamp ---- ---- --------- 01 Introduction and Overview.docx paul.robichaux@office365itpros.com 31-Oct-2024 12:34:06 02 Managing Identities.docx tony.redmond@office365itpros.com 31-Oct-2024 14:12:54 03 Tenant Management.docx paul.robichaux@office365itpros.com 31-Oct-2024 20:21:47 04 User Management.docx paul.robichaux@office365itpros.com 31-Oct-2024 20:21:48 05 Managing Exchange Online.docx Andy.Ruth@office365itpros.com 29-Oct-2024 20:45:03 06 Managing Mail Flow.docx James.ryan@office365itpros.com 29-Sep-2024 15:07:31 07 Managing SharePoint Online.docx tony.redmond@office365itpros.com 14-Oct-2024 13:00:56 08 Managing Tasks.docx paul.robichaux@office365itpros.com 29-Oct-2024 19:40:47 09 Managing Video.docx paul.robichaux@office365itpros.com 29-Oct-2024 19:40:47 10 Managing Microsoft 365 Groups.docx brian.weakliamoffice365itpros.com 20-Oct-2024 17:49:23 11 Teams Architecture and Structure.docx tony.redmond@office365itpros.com 16-Oct-2024 15:02:20 12 Managing Teams.docx Lotte.Vetler@office365itpros.com 04-Nov-2024 19:01:57
Two odd user identifiers for bdc6105c-4e11-4050-82e6-6549f9b99b89 and eba15bfd-c28e-4433-a20e-0278888c5825 can appear in file operation events. I assume these identifiers belong to background SharePoint Online processes, so the script filters these events from the set.
You can download the complete script from GitHub.
Good Example of the Power of the Audit Log
Finding who last accessed SharePoint Online documents and when that access occurred is a good example of why the unified audit log is a great repository of information for tenant administrators and forensic investigators alike. If you’re at ESPC 24 in Stockholm, come along to my session on Decoding the Microsoft 365 Audit Log on Tuesday, December 3 at 10:30am. I’ll share more useful tips about exploiting the audit log there.
Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data
Every day, NASA’s satellites orbit Earth, capturing a wealth of information that helps us understand our planet. From monitoring wildfires to tracking climate change, this vast trove of Earth Science data has the potential to drive scientific discoveries, inform policy decisions and support industries like agriculture, urban planning and disaster response.
But navigating the over 100 petabytes of collected data can be challenging, which is why NASA has collaborated with Microsoft to explore the use of a custom copilot using Azure OpenAI Service to develop NASA’s Earth Copilot, which could transform how people interact with Earth’s data.
Geospatial data is complex, and often requires some level of technical expertise to navigate it. As a result, this data tends to be accessible only to a limited number of researchers and scientists. As NASA collects more data from new satellites, these complexities only grow and may further limit the potential pool of people able to draw insights and develop applications that could benefit society.
Recognizing this challenge, NASA embarked on a mission to make its data more accessible and user-friendly. As part of its Transform to Open Science initiative, the agency seeks to democratize data access, breaking down technical barriers to empower a diverse range of audiences, from scientists and educators to policymakers and the general public.
The challenge: Navigating the complexity of data
NASA’s Earth Science Data Systems Program is responsible for collecting an incredible variety of data from spaceborne sensors and instruments. This data spans everything from atmospheric conditions to land cover changes, ocean temperatures and more. However, the sheer scale and complexity of this information can be overwhelming. For many, finding and extracting insights requires navigating technical interfaces, understanding data formats and mastering the intricacies of geospatial analysis — specialized skills that very few non-technical users possess. AI could streamline this process, reducing time to gain insights from Earth’s data to a matter of seconds.
This issue isn’t just a matter of convenience; it has real-world implications. For example, scientists who need to analyze historical data on hurricanes to improve predictive models, or policymakers who want to study deforestation patterns to implement environmental regulations, may find themselves unable to easily access the data they need. This inaccessibility affects a broad array of sectors, including agriculture, urban planning and disaster response, where timely insights from spaceborne data could make a significant difference.
Moreover, as new satellites with new instruments continue to launch and collect more data, NASA is constantly faced with the challenge of building new tools to manage and make sense of this growing repository. The agency explored emerging technologies that could not only streamline data discovery but also broaden accessibility, enabling more people to engage with the data and uncover new insights.
The solution: AI-powered data access through Microsoft Azure
To address these challenges, NASA IMPACT worked with Microsoft to develop an AI-driven customer copilot, called Earth Copilot, which could simplify data access and encourage a wider range of users to interact with its Earth Science data. Together, they built the proof of concept AI model that leverages Microsoft’s Azure cloud platform and advanced AI capabilities to transform how users can search, discover and analyze NASA’s geospatial data.
The key to NASA’s Earth Copilot lies in the integration of cloud-based technologies like Azure OpenAI Service, which provides access to powerful AI models and natural language processing capabilities that enable developers to integrate intelligent, conversational AI into their applications. This approach allows NASA to integrate AI into its existing data analysis platform — VEDA. These technologies together make it easier for users to search, discover and analyze Earth Science data
By combining these technologies, Earth Copilot enables users to interact with NASA’s data repository through plain language queries. Instead, they can simply ask questions such as “What was the impact of Hurricane Ian in Sanibel Island?” or “How did the COVID-19 pandemic affect air quality in the US?” AI will then retrieve relevant datasets, making the process seamless and intuitive.
“Azure’s robust suite of services, including machine learning, data analytics and scalable cloud infrastructure, powers this AI prototype,” said Juan Carlos López, former NASA engineer and current Azure Specialist at Microsoft. “We’ve designed the system to handle complex queries and large datasets efficiently, ensuring that users can quickly find the information they need without getting bogged down by technical complexities. Our goal was to create a seamless, scalable solution that could evolve as NASA’s data, tools and applications grow.”
Democratizing data for open science
The collaboration between NASA IMPACT and Microsoft has resulted in a solution that democratizes access to spaceborne data, enabling a broader range of users to engage with NASA’s science data. This has significant benefits for the scientific community, as researchers can now spend less time on data retrieval and more on analysis and discovery. For example, climate scientists can quickly access historical data to study trends, while agricultural experts can gain insights into soil moisture levels to improve crop management.
Educators and teachers can use real-world examples to engage students in Earth Science, fostering curiosity and encouraging the next generation of scientists and engineers. Policymakers can leverage the data to make informed decisions on critical issues like climate change, urban development and disaster preparedness, ensuring they have the most accurate information at their fingertips.
“The vision behind this collaboration was to leverage AI and cloud technologies to bring Earth’s insights to communities that have been underserved, where access to data can lead to tangible improvements,” said Minh Nguyen, Cloud Solution Architect at Microsoft. “By enabling users to interact with the data through simple, plain language queries, we’re helping to democratize access to spaceborne information.”
The development of this AI prototype aligns with NASA’s Open Science initiative, which aims to make scientific research more transparent, inclusive and collaborative. By removing barriers to data discovery, NASA and Microsoft are setting the stage for a new era of discovery, where insights are not confined to a select few but can be explored and expanded by anyone curious about the world.
Looking ahead: Bridging the gap between data and insights
At the moment, the NASA Earth Copilot is available to NASA scientists and researchers to explore and test its capabilities. Any responsible deployment of AI technologies requires rigorous assessments to ensure the data and outputs cannot be misused. After a period of internal evaluations and testing, the NASA IMPACT team will explore the integration of this capability into the VEDA platform.
This collaboration exemplifies how technology can empower people, drive innovation and create positive change. Solutions like this will be essential in ensuring the benefits of data are shared widely, enabling more people to engage with, analyze and act upon information that shapes our world.
The post From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data appeared first on The Official Microsoft Blog.
Every day, NASA’s satellites orbit Earth, capturing a wealth of information that helps us understand our planet. From monitoring wildfires to tracking climate change, this vast trove of Earth Science data has the potential to drive scientific discoveries, inform policy decisions and support industries like agriculture, urban planning and disaster response. But navigating the over…
The post From questions to discoveries: NASA’s new Earth Copilot brings Microsoft AI capabilities to democratize access to complex data appeared first on The Official Microsoft Blog.Read More
Manage PIM Role Assignments with the Microsoft Graph PowerShell SDK
Add Eligible and Active PIM Role Assignment Requests
I recently wrote about Microsoft’s recommendation to use the UnifiedRoleDefinition Graph API instead of the older DirectoryRole API. In that article, I show how to use the Microsoft Graph PowerShell SDK to make role assignments to user accounts. Assignments made in this manner are effective immediately. The assignments are permanent and last until an administrator removes them from accounts.
In many Microsoft 365 tenants where a limited set of administrators run operations, permanent role assignments work well. However, in larger tenants, some additional control is often desirable. Microsoft’s answer is Entra ID Privileged Identity Management (PIM), designed to enable administrators “manage, control, and monitor access to important resources in your organization.” PIM assignments can be permanent, but more commonly the assignments are time-limited to allow administrators to perform tasks on a just-in-time basis without their account needing elevated permissions on an ongoing basis. PIM is not part of the basic Entra ID license granted with Microsoft 365 and administrators need a license like Entra ID P2 to use PIM. See this page for more licensing information.
Microsoft’s Recommendation to use Entra Admin Center to Manage PIM Role Assignments
The PIM overview contains the interesting recommendation that tenants should use “PIM to manage active role assignments over using the unifiedRoleAssignment or the directoryRole resource types to manage them directly.” In other words, Microsoft thinks it better to use the GUI built into the Entra admin center to create and manage PIM role assignments. The reason for this might be that the GUI includes guardrails to stop administrators from making mistakes, which is something to avoid when assigning privileged roles.
In any case, PIM organizes role assignments into two categories:
- Eligible assignments are roles granted to users, groups, or service principals (apps) that are not active. These assignments must be activated by the holder (principal) before they can perform the privileged tasks enabled by the role. By default, eligible assignments are activated for a maximum of 8 hours, after which the activation can be extended or renewed.
- Active assignments are roles that are currently available for use. An active assignment can be permanent, but more often in PIM it is time-limited.
Both categories have a schedule, and Graph APIs and SDK cmdlets are available to add requests to add, update, and remove assignments from the schedules.
Creating an Eligible PIM Role Assignment
Here’s the PowerShell code to create a new eligible assignment schedule request to add a user account to the User administrator role. Before the New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest cmdlet can run, a certain amount of setup is necessary to fetch the identifiers for the account and role and define the period during which the assignment is eligible. You also need to decide whether the assignment is for the entire directory or an administrative unit.
$User = Get-MgUser -UserId Lotte.Vetler@office365itpros.com [array]$DirectoryRoles = Get-MgRoleManagementDirectoryRoleDefinition | Sort-Object DisplayName $UserAdminRoleId = $DirectoryRoles | Where-Object {$_.DisplayName -eq "User administrator"} | Select-Object -ExpandProperty Id [string]$StartAssignmentDate = Get-Date -format "yyyy-MM-ddTHH:mm:ssZ" [string]$EndAssignmentDate = (Get-Date).AddDays(30).ToString("yyyy-MM-ddTHH:mm:ssZ") $ScheduleInfo = @{} $ScheduleInfo.Add("startDateTime", $StartAssignmentDate) $ExpirationInfo = @{} $ExpirationInfo.Add("type", "afterDateTime") $ExpirationInfo.Add("endDateTime", $EndAssignmentDate) $ScheduleInfo.Add("expiration", $ExpirationInfo) $AssignmentParameters = @{} $AssignmentParameters.Add("action", "adminAssign") $AssignmentParameters.Add("justification", "Assign User administrator role to user") $AssignmentParameters.Add("roleDefinitionId", $UserAdminRoleId) $AssignmentParameters.Add("directoryScopeId", "/") $AssignmentParameters.Add("principalId", $User.Id) $AssignmentParameters.Add("scheduleInfo", $ScheduleInfo) $Status = New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $AssignmentParameters If ($Status.Id) { Write-Host ("Assignment for user administrator role for {0} added to eligibility schedule" -f $User.displayName) }
The values in the hash table holding the parameters for the new assignment looks like this:
$AssignmentParameters Name Value ---- ----- justification Assign User administrator role to user scheduleInfo {[startDateTime, 2024-11-12T17:51:03Z], [expiration, System.Collections.Hashtable]} directoryScopeId / roleDefinitionId fe930be7-5e62-47db-91af-98c3a49a38b1 principalId ce0e26f8-da88-4efa-90ad-d16df1d9500d action adminAssign
The result of a successful assignment as seen in the Entra admin center looks like the example shown in Figure 1.
The assigned user receives email about the assignment and can use the link in the message to activate their assignment (Figure 2). See this article about approval workflows that you might like to use to control activations.
Accounts holding the Privileged Role Administrator or Global Administrator role also receive email to inform them about the new assignment.
Creating an Active PIM Role Assignment
The code to create a PIM active role assignment request is like that used for the PIM eligible role assignment request. In this example, we create an active role assignment schedule request for the Groups administrator role and limit the assignment to a six hour period from now. The duration is expressed in ISO8601 duration format, so PT6H means six hours.
$GroupsAdminRoleId = $DirectoryRoles | Where-Object {$_.DisplayName -eq "Groups administrator"} | Select-Object -ExpandProperty Id [string]$StartAssignmentDate = Get-Date -format "yyyy-MM-ddTHH:mm:ssZ" $ScheduleInfo = @{} $ScheduleInfo.Add("startDateTime", $StartAssignmentDate) $ExpirationInfo = @{} $ExpirationInfo.Add("type", "afterDuration") $ExpirationInfo.Add("duration","PT6H") $ScheduleInfo.Add("expiration", $ExpirationInfo) $AssignmentParameters = @{} $AssignmentParameters.Add("action", "adminAssign") $AssignmentParameters.Add("justification", "Assign Groups administrator role to user") $AssignmentParameters.Add("roleDefinitionId", $GroupsAdminRoleId) $AssignmentParameters.Add("directoryScopeId", "/") $AssignmentParameters.Add("principalId", $User.Id) $AssignmentParameters.Add("scheduleInfo", $ScheduleInfo) $Status = New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $AssignmentParameters If ($Status.Id) { Write-Host ("Assignment for Groups administrator role for {0} added to active schedule" -f $User.displayName) }
To remove a role assignment from a schedule, create another role assignment schedule request and state the action to be “adminRemove” rather than “adminAssign.” For example, the request to remove the assignment request created above is:
$AssignmentParameters = @{} $AssignmentParameters.Add("action", "adminRemove") $AssignmentParameters.Add("justification", "Remove Groups administrator role to user") $AssignmentParameters.Add("roleDefinitionId", $GroupsAdminRoleId) $AssignmentParameters.Add("directoryScopeId", "/") $AssignmentParameters.Add("principalId", $User.Id) $Status = New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $AssignmentParameters# If ($Status.Status -eq "Revoked") { Write-Host "Active assignment revoked" }
Required Permissions for PIM
Adding role assignments requires the RoleManagement.ReadWrite.Directory permission. If you’re only reading role information, the RoleManagement.Read.Directory permission is sufficient. In addition, when using delegated permissions, read operations are only possible when the signed-in account holds one of the Global Reader, Security Operator, Security Reader, Security Administrator, or Privileged Role Administrator roles. Write operations, like adding a new role assignment to a schedule, require the signed-in account to hold the Privileged Role Administrator (or Global administrator) role.
Most Will Use the Entra Admin Center
Although it’s straightforward to create and manage PIM role assignment schedule requests with PowerShell, it’s easier to use the Entra admin center. Microsoft has done the work to create and refine the GUI and create the necessary checks to make sure that administrators don’t do something silly. I suspect that most administrators will interact with PIM through the Entra admin center, but it’s nice to know that the option to automate with PowerShell exists too.
Need more advice about how to write PowerShell for Microsoft 365? Get a copy of the Automating Microsoft 365 with PowerShell eBook, available standalone or as part of the Office 365 for IT Pros eBook bundle.
Microsoft introduces new adapted AI models for industry
Across every industry, AI is creating a fundamental shift in what’s possible, enabling new use cases and driving business outcomes. While organizations around the world recognize the value and potential of AI, for AI to be truly effective it must be tailored to specific industry needs.
Today, we’re announcing adapted AI models, expanding our industry capabilities and enabling organizations to address their unique needs more accurately and effectively. In collaboration with industry partner experts like Bayer, Cerence, Rockwell Automation, Saifr, Siemens Digital Industries Software, Sight Machine and more, we’re making these fine-tuned models, pre-trained using industry-specific data, available to address customers’ top use cases.
Underpinning these adapted AI models is the Microsoft Cloud, our platform for industry innovation. By integrating the Microsoft Cloud with our industry-specific capabilities and a robust ecosystem of partners, we provide a secure approach to advancing innovation across industries. This collaboration allows us to create extensive scenarios for customers globally, with embedded AI capabilities — from industry data solutions in Microsoft Fabric to AI agents in Microsoft Copilot Studio to AI models in Azure AI Studio — that enable industries to realize their full potential.
Introducing adapted AI models for industry
We’re pleased to introduce these new partner-enabled models from leading organizations that are leveraging the power of Microsoft’s Phi family of small language models (SLMs). These models will be available through the Azure AI model catalog, where customers can access a wide range of AI models to build custom AI solutions in Azure AI Studio, or directly from our partners. The models available in the Azure AI model catalog can also be used to configure agents in Microsoft Copilot Studio, a platform that allows customers to create, customize and deploy AI-powered agents, which can be applied to an industry’s top use cases to address its most pressing needs.
- Bayer, a global enterprise with core competencies in the life science fields of healthcare and agriculture, will make E.L.Y. Crop Protection available in the Azure AI model catalog. A specialized SLM, it is designed to enhance crop protection sustainable use, application, compliance and knowledge within the agriculture sector. Built on Bayer’s agricultural intelligence, and trained on thousands of real-world questions on Bayer crop protection labels, the model provides ag entities, their partners and developers a valuable tool to tailor solutions for specific food and agricultural needs. The model stands out due to its commitment to responsible AI standards, scalability to farm operations of all types and sizes and customization capabilities that allow organizations to adapt the model to regional and crop-specific requirements.
- Cerence, which creates intuitive, seamless and AI-powered user experiences for the world’s leading automakers, is enhancing its in-vehicle digital assistant technology with fine-tuned SLMs within the vehicle’s hardware. CaLLM Edge, an automotive-specific, embedded SLM, will be available in the Azure AI model catalog. It can be used for in-car controls, such as adjusting air conditioning systems, and scenarios that involve limited or no cloud connectivity, enabling drivers to access the rich, responsive experiences they’ve come to expect from cloud-based large language models (LLMs), no matter where they are.
- Rockwell Automation, a global leader in industrial automation and digital transformation, will provide industrial AI expertise via the Azure AI model catalog. The FT Optix Food & Beverage model brings the benefits of industry-specific capabilities to frontline workers in manufacturing, supporting asset troubleshooting in the food and beverage domain. The model provides timely recommendations, explanations and knowledge about specific manufacturing processes, machines and inputs to factory floor workers and engineers.
- Saifr, a RegTech within Fidelity Investments’ innovation incubator, Fidelity Labs, will introduce four new models in the Azure AI model catalog, empowering financial institutions to better manage regulatory compliance of broker-dealer communications and investment adviser advertising. The models can highlight potential regulatory compliance risks in text (Retail Marketing Compliance model) and images (Image Detection model); explain why something was flagged (Risk Interpretation model); and suggest alternative language that might be more compliant (Language Suggestion model). Together, these models can enhance regulatory compliance by acting as an extra set of review eyes and boost efficiency by speeding up review turnarounds and time to market.
- Siemens Digital Industries Software, which helps organizations of all sizes digitally transform using software, hardware and services from the Siemens Xcelerator business platform, is introducing a new copilot for NX X software, which leverages an adapted AI model that enables users to ask natural language questions, access detailed technical insights and streamline complex design tasks for faster and smarter product development. The copilot will provide CAD designers with AI-driven recommendations and best practices to optimize the design process within the NX X experience, helping engineers implement best practices faster to ensure expected quality from design to production. The NX X copilot will be available in the Azure Marketplace and other channels.
- Sight Machine, a leader in data-driven manufacturing and industrial AI, will release Factory Namespace Manager to the Azure AI model catalog. The model analyzes existing factory data, learns the patterns and rules behind the naming conventions and then automatically translates these data field names into standardized corporate formats. This translation makes the universe of plant data in the manufacturing enterprise AI-ready, enabling manufacturers to optimize production and energy use in plants, balance production with supply chain logistics and demand and integrate factory data with enterprise data systems for end-to-end optimization. The bottling company Swire Coca-Cola USA plans to use Factory Namespace Manager to efficiently map its extensive PLC and plant floor data into its corporate data namespace.
We also encourage innovation in the open-source ecosystem and are offering five open-source Hugging Face models that are fine-tuned for summarization and sentiment analysis of financial data.
Additionally, last month we announced new healthcare AI models in Azure AI Studio. These state-of-the-art multimodal medical imaging foundation models, created in partnership with organizations like Providence and Paige.ai, empower healthcare organizations to integrate and analyze a variety of data types, leveraging intelligence in modalities other than text in specialties like ophthalmology, pathology, radiology and cardiology.
Accelerating transformation with industry agents
Microsoft also offers AI agents that are purpose-built for industry scenarios. Available in Copilot Studio, these agents can be configured to support organizations’ industry-specific needs. For example, retailers can use the Store Operations Agent to support retail store associates and the Personalized Shopping Agent to enhance customers’ shopping experiences. Manufacturers can use the Factory Operations Agent to enhance production efficiency and reduce downtime by enabling engineers and frontline workers to quickly identify and troubleshoot issues.
All this AI innovation wouldn’t be possible without a solid data estate, because AI is only as good as the data it’s built upon. By ensuring data is accurate, accessible and well integrated, organizations can unlock deeper insights and drive more effective decision-making with AI. Microsoft Fabric, a data platform built for the era of AI, helps unify disparate data sources and prepares data for advanced analytics and AI modeling. It offers industry data solutions that address each organization’s unique needs and allows them to discover, deploy and do more with AI.
At the forefront of addressing industry needs securely
At the core of our AI strategy is a commitment to trustworthy AI. This commitment encompasses safety, security and privacy, ensuring that AI solutions are built with the highest standards of integrity and responsibility. Trustworthy AI is foundational to everything we do, from how we work with customers to the capabilities we build into our products.
At Microsoft, we combine industry AI experience, insights and capabilities with a deep understanding of customer challenges and objectives. Along with a trusted ecosystem of experienced partners, we unlock the full potential of AI for each industry and business. Our goal is not just to offer or implement AI tools but to help customers succeed by embedding AI into the very core of what each industry does.
AI transformation is here, and Microsoft is at the forefront of this revolution. As we continue to navigate this new era of innovation, it’s clear that AI will play a pivotal role in shaping the future of business across all industries and that Microsoft will continue to lead the way. To learn more about how customers in a variety of industries are transforming with AI, visit How real-world businesses are transforming with AI.
The post Microsoft introduces new adapted AI models for industry appeared first on The Official Microsoft Blog.
Across every industry, AI is creating a fundamental shift in what’s possible, enabling new use cases and driving business outcomes. While organizations around the world recognize the value and potential of AI, for AI to be truly effective it must be tailored to specific industry needs. Today, we’re announcing adapted AI models, expanding our industry…
The post Microsoft introduces new adapted AI models for industry appeared first on The Official Microsoft Blog.Read More
SharePoint Online Intelligent Versioning and Retention Processing
Trimming Unwanted Versions Stopped by Retention Policies and Labels
Last month, I wrote about the introduction of Intelligent Versioning for SharePoint Online. I think this is a great feature because its automated management of versions created during editing sessions reduces the storage quota consumed to store file versions. The advent of AutoSave for Office increased the number of versions created for files, and keeping 500 or so versions for a file, when some versions only include minimal changes, is effective but expensive.
Microsoft allows tenants a default storage quota for SharePoint Online that’s consumed by items stored in sites and Loop workspaces (containers). If a tenant exceeds their SharePoint storage quota, they must buy more from Microsoft or use Microsoft 365 Archive to move the storage consumed by inactive sites to cheaper “cold” storage.
As I noted in the article, the big issue with the current implementation of intelligent versioning is that it doesn’t work with Purview Data Lifecycle management, aka Microsoft 365 retention policies. If SharePoint Online sites come within the scope of a retention policy or individual documents have retention labels, then the requirement to retain information about files trumps the desire of intelligent versioning to remove unwanted versions for those files.
Checking Expired Versions Trimmed by Intelligent Versioning
Microsoft’s documentation explains how retention works with document versioning. I decided to check out what happens when versions expire for documents in a site with a retention policy in force. On November 6, I noted that several versions were in an expired state (Figure 1).
The next day, the expired versions were gone from the list. In one respect, this is what you might expect to happen. A background SharePoint Online job detected the existence of expired versions and removed them, which is what intelligent versioning is all about (the process is called trimming).
But the retention policy applied to the site set a five-year retention period and the document had a retention label with a ten-year retention period. The document is a source file for the Office 365 for IT Pros eBook, and you can never be too careful with source material. The longest retention period wins, so SharePoint Online should retain the file for ten years. However, no trace could be found of the removed versions.
Microsoft’s documentation says that versions for items subject to a retention hold are not automatically purged. In addition, users cannot delete versions from the Version history. When intelligent versioning trims versions in a site without retention policies, the files bypass the recycle bin. This didn’t apply, so it seemed like the site preservation hold library is the logical place to look. However, nothing was found in the preservation hold library except the copy of the file containing all versions prior to the implementation of intelligent versioning in the tenant.
Reappearing Versions
Then the removed versions reappeared in the version history complete with a new expiration date (Figure 2). Interestingly, SharePoint Online adjusted the expiration date for some other versions to make sure that full coverage of changes to the file is available.
After chatting with Microsoft engineering, I understand that the observed behavior is quite normal. The expired versions are removed by a background job, only for retention processing to detect that the removed versions are still within their retention period. This causes SharePoint to add a week to the previous expiration date for each version and make the versions available again. The cycle then repeats until the retention period for removed versions lapses to allow SharePoint Online to permanently remove the unwanted versions from its store.
More Intelligence in the Future?
It’s unfortunate that a clash exists between storage management and retention. Microsoft’s current approach is probably the best that can be done for now. I’m sure that they have an eye on the potential to extend intelligent versioning to interact with retention processing better. One possibility is to allow organizations to decide if selective version trimming is permissible, perhaps at a less aggressive level. For instance, it’s OK to remove versions that only contain formatting changes but not OK to remove any that contain text additions or deletions. Perhaps some storage savings are possible without compromising retention. It’s a hard nut to crack.
Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
IDC’s 2024 AI opportunity study: Top five AI trends to watch
In 2024, generative AI emerged as a key driver for business outcomes across every industry. Already this new generation of AI is having an incredible impact on our world — yet companies and industries are just scratching the surface of what’s possible as they continue to develop new use cases across every role and function.
To help guide organizations on their AI transformation journey, Microsoft recently commissioned a new study through IDC, The Business Opportunity of AI. IDC’s findings show that when organizations truly commit to and invest in AI, the return on investment (ROI) potential grows significantly.
According to IDC, the study’s findings reflect a tipping point as AI gains momentum across industries. As companies worldwide go deeper with AI, Microsoft customers continue to deploy innovative new solutions and discover how tools like Copilot can transform their day-to-day work. In telecommunications, Lumen Technologies estimates Copilot is saving sellers an average of four hours a week, equating to $50 million annually. In healthcare, Chi Mei Medical Center doctors now spend 15 minutes instead of an hour writing medical reports, and nurses can document patient information in under five minutes. Pharmacists are now able to double the number of patients they see per day. In retail, AI models help Coles predict the flow of 20,000 stock-keeping units to 850 stores with remarkable accuracy, generating 1.6 billion predictions daily.
IDC’s 2024 top 5 trends for AI
IDC’s findings align with what Microsoft is seeing as we work with companies across industries to deploy AI. We’ve highlighted more than 200 of our top AI customer stories to show a sampling of how AI is already driving impact today. Below is a look at the top trends we’re seeing in IDC’s study and the impact of those trends on organizations working with AI today.
#1 Enhanced productivity has become table stakes. Employee productivity is the No. 1 business outcome that companies are trying to achieve with AI. The study shows that 92% of AI users surveyed are using AI for productivity, and 43% say productivity use cases have provided the greatest ROI. While productivity is a top goal, generative AI use cases that are close behind include customer engagement, topline growth, cost management and product or service innovation — and nearly half of the companies surveyed expect AI to have a high degree of impact across all those areas over the next 24 months.
Customer snapshot:
At the global marketing and advertising agency dentsu, employees are already saving 15 to 30 minutes a day using Copilot for tasks such as summarizing chats, generating presentations and building executive summaries.
“Copilot has transformed the way we deliver creative concepts to our clients, enabling real-time collaboration. Agility, security and uniqueness are crucial, but our goal is to lead this transformation company-wide, from top to bottom.”
— Takuya Kodama, Business Strategy Manager at dentsu
#2 Companies are gravitating to more advanced AI solutions. In the next 24 months, more companies expect to build custom AI solutions tailored directly to industry needs and business processes, including custom copilots and AI agents. This shows a growing maturity in AI fluency as companies realize the value of out-of-the-box use cases and expand to more advanced scenarios.
Customer snapshot:
Siemens has developed the Siemens Industrial Copilot, which has eased the challenges caused by increasing complexity and labor shortages for dozens of customers in different industries.
“In full appreciation of GenAI’s transformational potential, it’s important to remember that production does not have an ‘undo’ button. It takes diligence and effort to mature AI to industrial-grade quality. The Siemens Industrial Copilot for Engineering significantly eases our customers’ workload and addresses the pressing challenges of skill shortages and increasing complexity in industrial automation. This AI-powered solution is a game-changer for our industry with over 50 customers already using it to boost efficiency and tackle labor shortages.”
— Boris Scharinger, AI Strategist at Siemens Digital Industries
#3 Generative AI adoption and value is growing across industries. Even though it is relatively new to the market, generative AI adoption is rapidly expanding — 75% of respondents report current usage up from 55% in 2023. The ROI of generative AI is highest in Financial Services, followed by Media & Telco, Mobility, Retail & Consumer Packaged Goods, Energy, Manufacturing, Healthcare and Education. Overall, generative AI is generating higher ROI across industries.
Customer snapshot:
Providence has leveraged AI to extend and enhance patient care, streamline processes and workflows and improve the effectiveness of caregivers.
“Whether we’re partnering with organizations on the leading edge of this technology — like Microsoft — and building bespoke solutions through Azure OpenAI Service, advancing clinical research to help cancer patients receive personalized and precise treatments faster, or ‘hitting the easy button’ and adopting established technologies like Microsoft 365 Copilot or DAX Copilot, we have successfully stayed on the forefront of this tech revolution. For example, physicians who use DAX Copilot save an average of 5.33 minutes per visit, and 80% of physicians have reported lower cognitive burden after using DAX Copilot.”
— Sarah Vaezy, EVP, Chief Strategy and Digital Officer at Providence
#4 AI leaders are seeing greater returns and accelerated innovation. While companies using generative AI are averaging $3.7x ROI, the top leaders using generative AI are realizing significantly higher returns, with an average ROI of $10.3. In addition to the enhanced business value, leaders are also on an accelerated path to build and implement new solutions — 29% of leaders implement AI in less than 3 months versus 6% of companies in the laggard category.
Customer snapshot:
Södra is an international forest industry group that processes forest products from 52,000 owners into renewable, climate-smart products for international market. Every day Södra collects and interprets climate impact data to make thousands of decisions for every part of the value chain.
“With innovative AI technology from Microsoft, our business experts and data scientists have been able to help make us more sustainable while also improving revenue significantly.”
— Cristian Brolin, Chief Digital Officer at Södra
#5 Looking ahead: Skilling remains a top challenge. Thirty percent of respondents indicated a lack of specialized AI skills in-house, and 26 percent say they lack employees with the skills needed to learn and work with AI. This dovetails with findings from the Microsoft and LinkedIn 2024 Work Trend Index Annual Report, which found that 55 percent of business leaders are concerned about having enough skilled talent to fill roles.
That is why over the past year we have helped train and certify over 14 million people in more than 200 countries in digital skills. And we are committed to working in partnership with governments, educational institutions, industry and civil society to help millions more learn to use AI.
Customer snapshot:
The University of South Florida (USF) is partnering with Microsoft to streamline processes and enhance innovation for all aspects of university operations with AI.
“We’re giving students a leg up to do amazing things with AI as part of tomorrow’s workforce. Our focus on generative AI not only drives operational efficiency but also empowers our community to unlock new levels of creativity and impact, further positioning USF as a leader in AI adoption, which includes being among the first universities in the nation to form a college dedicated to AI, cybersecurity and computing.”
— Sidney Fernandes, CIO & VP of Digital Experiences at University of South Florida
AI’s growing economic impact
While companies today are largely implementing out-of-the-box generative AI solutions and seeing significant ROI, more than half of those surveyed expect to build custom industry and line-of-business applications in the next 24 months — demonstrating that today’s ROI is quickly becoming tomorrow’s competitive edge.
“We are at an inflection point of autonomous agent development and are beginning an evolution from using just off-the-shelf assistants and copilots that support knowledge discovery and content generation to custom AI agents to execute complex, multistep workflows across a digital world,” says Ritu Jyoti, GVP/GM, AI and Data Research at IDC. “With responsible technology usage and workplace transformation, IDC predicts that business spending to adopt AI will have a cumulative global economic impact of $19.9 trillion through 2030 and drive 3.5% of global GDP in 2030.”
Key findings from IDC’s The Business Opportunity of AI study include:
- Generative AI usage jumped from 55% in 2023 to 75% in 2024.
- For every $1 a company invests in generative AI, the ROI is $3.7x.
- The top leaders using generative AI are realizing an ROI of $10.3.
- On average, AI deployments are taking less than 8 months and organizations are realizing value within 13 months.
- Within 24 months, most organizations plan to expand beyond pre-built AI solutions to advanced AI workloads that are customized or custom-built.
- The ROI of generative AI is highest in Financial Services, followed by Media & Telco, Mobility, Retail & Consumer Packaged Goods, Energy, Manufacturing, Healthcare and Education.
- 43% say productivity use cases have provided the greatest ROI.
- The primary way that organizations are monetizing AI today is through productivity use cases. In the next 24 months, a greater focus will be placed on functional and industry use cases.
- The top barrier when implementing AI is the lack of both technical and day-to-day AI skills.
Learn how to fuel your AI journey
IDC’s study, which included more than 4,000 business leaders and AI decision-makers around the world, also identifies the top barriers organizations face when implementing AI. As businesses integrate new solutions, they navigate important considerations such as data privacy, responsible use and the need for investment in both technology and skills.
No matter where you are in your cloud and AI transformation journey, Microsoft can help. To learn more about how customers across industries are shaping their AI transformation with Microsoft, please visit Microsoft’s AI in Action page. For more on how to get started in your AI transformation journey, visit Microsoft AI.
IDC InfoBrief: sponsored by Microsoft, 2024 Business Opportunity of AI, IDC# US52699124, November 2024
The post IDC’s 2024 AI opportunity study: Top five AI trends to watch appeared first on The Official Microsoft Blog.
In 2024, generative AI emerged as a key driver for business outcomes across every industry. Already this new generation of AI is having an incredible impact on our world — yet companies and industries are just scratching the surface of what’s possible as they continue to develop new use cases across every role and function….
The post IDC’s 2024 AI opportunity study: Top five AI trends to watch appeared first on The Official Microsoft Blog.Read More
How real-world businesses are transforming with AI
One of the highlights of my career has always been connecting with customers and partners across industries to learn how they are using technology to drive their businesses forward. In the past 30 years, we’ve seen four major platform shifts, from client server to internet and the web to mobile and cloud to now—the next major platform shift to AI.
As today’s platform shift to AI continues to gain momentum, Microsoft is working to understand just how organizations can drive lasting business value. We recently commissioned a study with IDC, The Business Opportunity of AI, to uncover new insights around business value and help guide organizations on their journey of AI transformation. The study found that for every $1 organizations invest in generative AI, they’re realizing an average of $3.70 in return—and uncovered insights about the future potential of AI to reshape business processes and drive change across industries.
Today, more than 85% of the Fortune 500 are using Microsoft AI solutions to shape their future. In working with organizations large and small, across every industry and geography, we’ve seen that most transformation initiatives are designed to achieve one of four business outcomes:
- Enriching employee experiences: Using AI to streamline or automate repetitive, mundane tasks can allow your employees to dive into more complex, creative and ultimately more valuable work.
- Reinventing customer engagement: AI can create more personalized, tailored customer experiences, delighting your target audiences while lightening the load for employees.
- Reshaping business processes: Virtually any business process can be reimagined with AI, from marketing to supply chain operations to finance, and AI is even allowing organizations to go beyond process optimization and discover exciting new growth opportunities.
- Bending the curve on innovation: AI is revolutionizing innovation by speeding up creative processes and product development, reducing the time to market and allowing companies to differentiate in an often crowded field.
In this blog, we’ve collected more than 200 of our favorite real-life examples of how organizations are embracing Microsoft’s proven AI capabilities to drive impact and shape today’s platform shift to AI. We hope you find an example or two that can inspire your own transformation journey.
Enriching employee experiences
Generative AI is truly transforming employee productivity and wellbeing. Our customers tell us that by automating repetitive, mundane tasks, employees are freed up to dive into more complex and creative work. This shift not only makes the work environment more stimulating but also boosts job satisfaction. It sparks innovation, provides actionable insights for better decision-making and supports personalized training and development opportunities, all contributing to a better work-life balance. Customers around the world have reported significant improvements in employee productivity with these AI solutions:
- Access Holdings Plc adopted Microsoft 365 Copilot, integrating generative AI into daily tools and, as a result, writing code now takes two hours instead of eight, chatbots launch in 10 days instead of three months and presentations are prepared in 45 minutes instead of six hours.
- Adobe is connecting Adobe Experience Cloud workflows and insights with Microsoft 365 Copilot to deliver generative-AI powered capabilities that enable marketers to increase collaboration, efficiency and creativity.
- Amadeus empowers its teams to focus their time and skills on value-added tasks with Microsoft 365 Copilot, by summarizing email threads, chat or transcripts and summing up information from diverse sources.
- ANZ has invested in Microsoft 365 Copilot, GitHub Copilot and Copilot in Microsoft Edge to boost productivity and innovation across its workforce.
- Asahi Europe & International (AEI) has adopted Microsoft 365 Copilot, saving employees potentially 15% of time previously spent on administrative tasks.
- AXA developed AXA Secure GPT, a platform powered by Azure OpenAI Service that empowers employees to leverage the power of generative AI while targeting the highest level of data safety and responsible use of the tool.
- Axon Enterprise developed a new AI tool with Azure OpenAI Service called Draft One, resulting in an 82% decrease in time spent on reports, which freed up officers to engage more with their community.
- Aztec Group enhanced productivity and client experience by trialing Microsoft 365 Copilot with 300 staff, uncovering “unlimited” use cases and plans for a wider rollout.
- Bader Sultan & Bros. Co. W.L.L implemented Microsoft 365 Copilot to enhance employee productivity and speed up customer response times.
- Bancolombia is using GitHub Copilot to empower its technical team, achieving a 30% increase in code generation, boosting automated application changes to an average of 18,000 per year, with a rate of 42 productive daily deployments.
- BaptistCare Community Services is using Microsoft 365 Copilot to save employees time as they navigate workforce shortage challenges, allowing them to focus more on the people they care for.
- Barnsley Council was recognized as “Double Council of the Year in 2023” for its implementation of Microsoft 365 Copilot, which modernized operations and reduced administrative tasks, leading to improved job satisfaction and increased creativity.
- BlackRock purchased more than 24,000 Microsoft 365 Copilot licenses spanning all employees, functions and locations, helping improve the Copilot experience, including codeveloping new features and functions.
- British Heart Foundation is testing Microsoft 365 Copilot and in its initial test, users estimate that Microsoft 365 Copilot could save them up to 30 minutes per day.
- Buckinghamshire Council deployed Microsoft 365 Copilot with staff reporting productivity improvements, quality enhancements and time savings, which are enabling the different teams to do more with less.
- Campari Group adopted Microsoft 365 Copilot to help employees integrate it into their workflow, resulting in time savings of about two hours a week from the support of routine activities such as email management, meeting preparation, content creation and skill acquisition.
- Capita is using GitHub Copilot for productivity improvements as well as improvements in developer satisfaction, recruitment and retention.
- CDW used Microsoft 365 Copilot to improve work quality for 88% of users, enabling 77% to complete tasks faster and increasing productivity for 85% of users.
- Chi Mei Medical Center is lightening workloads for doctors, nurses and pharmacists with a generative AI assistant built on Azure OpenAI Service.
- E.ON is focused on Germany’s energy transition, leveraging Microsoft 365 Copilot to manage the complex grid in real-time, increasing productivity and efficiency for its workforce.
- Enerijisa Uretim has adopted Microsoft 365 Copilot to streamline meeting summaries, reformat documents and compile reports, enabling employees to concentrate on more strategic and fulfilling activities instead of spending six hours in meetings.
- EPAM is deploying Microsoft 365 Copilot to consolidate information and generate content and documents.
- Farm Credit Canada implemented Microsoft 365 Copilot, which resulted in time savings on routine tasks for 78% of users, with 30% saving 30 to 60 minutes per week and 35% saving over an hour per week, allowing employees to focus on more value-added tasks.
- Finastra used Microsoft 365 Copilot to automate tasks, enhance content creation, improve analytics and personalize customer interactions, with employees citing a 20% to 50% time savings.
- Four Agency Worldwide increased employee productivity using Microsoft 365 Copilot to generate ideas for creative work and support administrative-heavy processes, data analysis and report generation, allowing staff to focus on outreach and less time doing paperwork.
- Goodwill of Orange County developed an AI-powered app using Azure AI capabilities to help more people, including those with developmental, intellectual and physical disabilities, work in unfilled e-commerce positions.
- Honeywell employees are saving 92 minutes per week—that’s 74 hours a year! Disclaimer: Statistics are from an internal Honeywell survey of 5,000 employees where 611 employees responded.
- Insight employees using Copilot are seeing four hours of productivity gained per week from data summarization and content creation.
- Joos uses Microsoft 365 Copilot to grow its brand with worldwide collaboration by streamlining meetings, optimizing presentations and improving communications.
- Kantar is harnessing the power of Microsoft 365 Copilot by reducing costly, time-consuming IT processes and boosting productivity for employees.
- KPMG Australia is using Microsoft Azure OpenAI Service, Azure AI Search and Microsoft Copilot 365 to perform advanced text analysis of dozens of client source documents to identify full or partial compliance, or noncompliance, in a fraction of the time required for manual assessments.
- LGT is launching Microsoft Copilot LGT to improve efficiency, showing users save an average of an hour a week even in the pilot phase.
- Lotte Hotels & Resorts has been creating a new work culture that allows employees to work more efficiently and focus on the nature of the work by adopting Microsoft Power Platform for automation.
- MAIRE is leveraging Microsoft 365 Copilot to automate routine tasks, saving over 800 working hours per month, freeing up engineers and professionals for strategic activities while supporting MAIRE’s green energy transition by reducing their carbon footprint.
- McDonald’s China chose Microsoft Azure AI, GitHub Copilot and Azure AI Search to transform its operations, resulting in a significant increase in AI adoption, consumption and retention from 2,000 to 30,000 employee transactions monthly.
- McKnight Foundation adopted Microsoft 365 Copilot for all staff, saving time, increasing productivity and freeing space to focus on strategic priorities.
- Morula Health is using Microsoft 365 Copilot to enhance productivity, streamline medical writing tasks and ensure data security, ultimately improving efficiency and client satisfaction.
- Motor Oil Group is achieving remarkable efficiency gains by integrating Microsoft 365 Copilot into its workflows, with staff spending minutes on tasks that used to take weeks.
- Nagel-Group uses Azure OpenAI Service to help employees quickly access information which saves time, creates efficiency and transparency, and leads to higher-quality answers overall.
- National Australia Bank is leveraging Microsoft 365 Copilot for daily productivity and data analysis and insights and Microsoft Copilot for Security to quickly analyze millions of security event logs and allow engineers to focus on more important areas.
- NFL Players Association integrated Azure AI Services and Azure App Service into their video review process, reducing review time by up to 73%, significantly increasing efficiency and enhancing player safety through consistent rule enforcement.
- O2 Czech Republic boosts productivity and streamlines meetings with Microsoft 365 Copilot, revolutionizing how information is shared and making automation a part of daily work.
- Onepoint developed a secure conversational agent based on Azure OpenAI, which delivers productivity gains of between 10% and 15% across all business lines.
- Orange Group has over 40 use cases with Azure OpenAI Service and GitHub Copilot across business functions to support employees in their day-to-day tasks, enabling them to concentrate on higher value-added activities.
- Oxford University Hospitals NHS Foundation Trust implemented Microsoft 365 Copilot to improve staff report productivity by saving one to two hours a week, or simple formatting tasks down to a matter of seconds, enabling more resources to deliver frontline services.
- PA Consulting transformed its sales operations with Microsoft 365 Copilot, so its people can invest more time on the activities that have the biggest impact for clients and maximize the strategic value they provide.
- Petrobras used Azure OpenAI Service to create ChatPetrobras, which is streamlining workflows, reducing manual tasks and summarizing reports for its 110,000 employees.
- Petrochemical Industries Company automates work processes to save time with Microsoft 365 Copilot from weeks to days, hours to seconds.
- PKSHA Technology is optimizing their time on critical work by increasing efficiency in meeting preparations, data analytics and ideation with the help of Microsoft 365 Copilot.
- Providence has collaborated with Nuance and Microsoft to accelerate development and adoption of generative AI-powered applications, helping improve care quality and access and reduce physician’s administrative workloads.
- RTI International adopted Microsoft 365 Copilot to gain productivity wherever possible, allowing staff to focus on their areas of expertise, delivering even better science-backed solutions for clients.
- Sandvik Coromant is using Microsoft Copilot for Sales to drive efficiency and accuracy, shaving at least one minute off each transaction, allowing sellers and account managers to focus their expertise on responding to customers’ needs with analysis, creativity and adaptability.
- Sasfin Bank built a solution on Microsoft Azure that centralized 20,000 documents to analyze contract clauses and provide real-time snapshots, moving guesswork into data-driven decision-making.
- Scottish Water implemented Microsoft 365 Copilot, reducing mundane tasks to a minimum and thus freeing up time for employees to work on the more meaningful tasks.
- Shriners Children’s developed an AI platform allowing clinicians to easily and securely navigate patient data in a singular location, enhancing patient care and improving the efficiency of their healthcare services.
- Siemens is leveraging Azure OpenAI Service to improve efficiency, cut downtime and address labor shortages.
- Softchoice employees are experiencing firsthand how Microsoft 365 Copilot can transform daily workflows, realizing productivity gains of 97% reduction in time spent summarizing technical meetings and up to 70% less time spent on content creation.
- Syensqo utilized Microsoft’s Azure OpenAI Service to develop a custom AI chatbot in three months, which improved their internal data management, decision-making and overall efficiency.
- Teladoc Health uses Microsoft 365 Copilot to revolutionize its telehealth operations, automating routine tasks, boosting efficiency and increasing productivity.
- Telstra developed two cutting-edge generative AI tools based on Microsoft Azure OpenAI Service: 90% of employees are using the One Sentence Summary tool, which resulted in 20% less follow-up customer contact, and 84% of customer service agents are using the Ask Telstra solution.
- Topsoe achieved 85% AI adoption among office employees in seven months, significantly enhancing productivity and business processes.
- Torfaen County Borough Council utilized Microsoft 365 Copilot to streamline back-office processes, resulting in significant time savings and enhanced productivity for both business and children’s services teams, with further rollouts planned.
- Trace3 leveraged Microsoft Copilot to streamline and enhance processes across the business and with clients, such as reducing the time it takes HR recruiting managers to respond to applicants within a couple of days instead of several weeks.
- Unilever is reinventing their marketing process with Copilot, saving time on briefing tasks, automatically pulling in relevant market data, content and insights to accelerate campaign launches.
- Uniper SE implemented Microsoft 365 Copilot to reduce time spent on manual and repetitive tasks and help workers focus on more pressing work, such as developing enhanced solutions to speed up the energy transition.
- Unum Group built a custom AI application to search 1.3 terabytes of data with 95% accuracy using Azure OpenAI Service.
- Virgin Atlantic adopted Microsoft 365 Copilot and GitHub Copilot and is seeing real business benefits, including productivity improvements, enabling new ways of working.
- Visier built a generative AI assistant that leverages Azure AI and Azure OpenAI Services to deliver workforce analytics and actionable insights for more than 50,000 customers.
- Virtual Dental Care developed an AI application Smart Scan that leverages Microsoft Azure to reduce paperwork for mobile dental clinics in schools by 75% and frees dentists to devote more time to patient care.
- Zakladni Skola As Hlavkova adopted Microsoft 365 Copilot and saw a 60% improvement in handling administrative documents, decreased lesson preparation from hours to a few minutes, increased inclusivity and enhanced communication with students and parents.
Reinventing customer engagement
We’ve seen great examples of how generative AI can automate content creation, ensuring there’s fresh and engaging materials ready to go. It personalizes customer experiences by crunching the numbers, boosting conversion rates. It makes operations smoother, helping teams launch campaigns faster. Plus, it drives innovation, crafting experiences that delight customers while lightening the load for staff. Embracing generative AI is key for organizations wanting to reinvent customer engagements, stay ahead of the game and drive both innovation and efficiency.
- Absa has adopted Microsoft Copilot to streamline various business processes, saving several hours on administrative tasks each day.
- Adobe leverages Microsoft Azure to streamline the customer experience, harnessing the power of the connected cloud services and creating a synergy that drives AI transformation across industries.
- Acentra Health developed Medscribe, a web application that uses Azure OpenAI Service to generate draft letters in a secure, HIPPA-compliant enclave that responds to customer appeals for healthcare services within 24 hours, reducing the time spent on each appeal letter by 50%.
- Alaska Airlines is using Microsoft Azure, Microsoft Defender and GitHub to ensure its passengers have a seamless journey from ticket purchase to baggage pickup, and it has started leveraging Azure OpenAI Service to unlock more business value for its customer care and contact centers.
- Ally Financial is using Azure OpenAI Service to reduce manual tasks for its customer service associates, freeing up time for them to engage with customers.
- BMW Group optimizes the customer experience, connecting 13 million active users to their vehicles with the MyBMW app on Azure, which supports 450 million daily requests and 3.2TB of data processing.
- Boyner has tripled its e-commerce performance using Microsoft Azure, seeing a rise in customer satisfaction, engagement, conversion rate and revenue.
- Bradesco Bank integrated Microsoft Azure into its virtual assistant, BIA, resulting in reduced response time from days to hours, improving operational efficiency and client satisfaction.
- Capgemini Mexico integrated GitHub Copilot to support scalable AI implementations, which has led to improved customer experiences and increased efficiency.
- Capitec Bank uses Azure OpenAI Service and Microsoft 365 Copilot, enabling their AI-powered chatbot to assist customer service consultants in accessing product information more efficiently, saving significant time for employees each week.
- Cdiscount is leveraging GitHub Copilot and Azure OpenAI Service to enhance developer efficiency, optimize product sheet categorization and improve customer satisfaction.
- Cemex used Azure OpenAI Service to launch Technical Xpert, an AI tool used by sales agents to provide instant access to comprehensive product and customer solution information, significantly reducing search time by 80%.
- Chanel elevated their client experience and improved employee efficiency by leveraging Microsoft Fabric and Azure OpenAI Service for real-time translations and quality monitoring.
- City of Burlington created two AI-powered solutions: MyFiles system using Microsoft Power Platform for building permits and CoBy, a 24/7 customer support assistant using Microsoft Copilot Studio.
- City of Madrid created an AI virtual assistant with Microsoft Azure OpenAI Service, offering tourists accurate, real-time information and personalized responses in 95-plus languages.
- Cognizant is making performance management more effective and meaningful with Microsoft Azure Machine Learning to help clients across industries envision, build and run innovative digital enterprises.
- Coles Group has leveraged Microsoft Azure to enhance its digital presence and improve customer engagement, rolling out new applications to its stores six times faster without disrupting workloads.
- Commercial Bank of Dubai used Microsoft Azure to upgrade its application infrastructure, improving transaction security and speed so individual customers can now open an account and start banking in about two minutes.
- Dubai Electricity and Water Authority has significantly improved productivity and customer satisfaction by integrating multiple Microsoft AI solutions, reducing task completion time from days to hours and achieving a 98% customer happiness rate.
- Elcome uses Microsoft 365 Copilot to improve the customer experience, reducing response times from 24 hours to eight hours.
- elunic developed shopfloor.GPT based on Azure OpenAI, leading to increased productivity for customers and saving 15 minutes per request.
- Estée Lauder Companies is leveraging Azure OpenAI Service to create closer consumer connections and increase speed to market with local relevancy.
- First National Bank (FNB) is using Microsoft Copilot for Sales to help bankers create professional, thoughtful emails in 13 native South African languages, to enhance customer interactions, streamline communications and reinforce its commitment to innovation and customer service.
- Flora Food Group migrated to Microsoft Fabric to offer more detailed and timely insights to its customers, enhancing service delivery and customer satisfaction.
- Groupama deployed a virtual assistant using Azure OpenAI Service that delivers reliable, verified and verifiable information, and boasts an 80% success rate.
- International University of Applied Sciences (IU) adopted Azure OpenAI Service to revolutionize learning with a personalized study assistant that can interact with each student just like a human would.
- Investec is using Microsoft 365 Copilot for Sales to enhance the bank’s client relationships, estimating saving approximately 200 hours annually, ultimately boosting sales productivity and delivering a personalized, seamless customer experience.
- Linum is using Microsoft Azure to train their text-to-video models faster and more efficiently without losing performance or wasting resources.
- Lumen Technologies is redefining customer success and sales processes through the strategic use of Microsoft 365 Copilot, enhancing productivity, sales, and customer service in the global communications sector.
- McKinsey & Companyis creating an agent to reduce the client onboarding process by reducing lead time by 90% and administrative work by 30%.
- Meesho leveraged Microsoft’s Azure OpenAI Service and GitHub Copilot to enhance customer service and software development, resulting in a 25% increase in customer satisfaction scores and 40% more traffic on customer service queries.
- Milpark Education integrated Microsoft Copilot and Copilot Studio and in just four months, improved efficiency and accuracy of student support, decreasing the average resolution time by 50% and escalations by more than 30%.
- NC Fusion chose a comprehensive Microsoft solution to make marketing engagement activities easier and accurately target the best audience segments.
- Medgate, a telehealth subsidiary of Otto Group developed a medical Copilot powered by Azure OpenAI which summarizes consultations, supports triage and provides real-time translations.
- Pacific Gas & Electric built a chatbot using Microsoft Copilot Studio that saves $1.1 million annually on helpdesk support.
- Pockyt is using GitHub Copilot and anticipates a 500% increase in productivity in the medium to long term as they continue adapting AI and fine-tuning their software development life cycle.
- South Australia Department for Education launched an AI-powered educational chatbot to help safeguard students from harmful content while introducing responsible AI to the classrooms.
- Sync Labs is using Microsoft Azure to create AI-driven solutions that have led to a remarkable 30x increase in revenue and a 100x expansion of their customer base.
- Syndigo is using Azure to accelerate digital commerce for its customers by more than 40% and expand its customer base.
- Telkomsel created a virtual assistant with Azure OpenAI Service, resulting in a leap in customer self-service interactions from 19% to 45%, and call volume dropped from 8,000 calls to 1,000 calls a day.
- Torrens University chose to use Azure OpenAI to uplift its online learning experience, saving 20,000 hours and $2.4 million in time and resources.
- Trusting Social integrated Microsoft Azure services to launch AI-driven agents that are changing how banks function and transforming their customer’s banking experience.
- University of California, Berkeley used Azure OpenAI Service to deploy a custom AI chatbot that supports student learning and helps students with complex coursework.
- University of Sydney created a self-serve AI platform powered by Azure OpenAI Service, to enable faculty to build custom chatbots for enhancing student onboarding, feedback, career simulation and more.
- Van Lanschot Kempen is using Microsoft 365 Copilot to reduce the time needed for daily tasks, freeing up time to invest in that crucial personal connection.
- Virgin Money built an award-winning virtual assistant using Copilot Studio to help build customers’ confidence in their digital products and services.
- VOCALLS automates over 50 million interactions per year, resulting in a 78% reduction in average handling time aside from a 120% increase in answered calls.
- Vodafone Group is leveraging Microsoft’s AI solutions, including Azure AI Studio, OpenAI Service, Copilot and AI Search, to achieve a 70% resolution rate for customer inquiries through digital channels and reduce call times by at least one minute.
- Walmart is using Azure OpenAI Service to deliver a helpful and intuitive browsing experience for customers designed to serve up a curated list of the personalized items a shopper is looking for.
- Weights & Biases created a platform which runs on Microsoft Azure that allows developers to keep records, log successes and failures and automate manual tasks.
- World2Meet is providing better customer service and operations with a new virtual assistant powered by Microsoft Azure.
- Xavier College is modernizing its student information systems on Microsoft Dynamics 365 and Microsoft Azure to unlock powerful insights, fostering innovation and data-driven decision making.
- Zavarovalnica Triglav implemented Microsoft Dynamics 365 and Azure OpenAI Service to streamline its operations with automated responses and smart rerouting of customer enquiries.
Reshaping business process
Transforming operations is another way generative AI is encouraging innovation and improving efficiency across various business functions. In marketing, it can create personalized content to truly engage different audiences. For supply chain management, it can predict market trends so companies can optimize their inventory levels. Human resources departments can speed up the hiring process, while financial services can use it for fraud detection and risk assessments. With generative AI, companies are not just refining their current processes, they’re also discovering exciting new growth opportunities.
- Accelleron used Microsoft Power Platform to support numerous business applications and simplify processes for service agents and employees, resulting in the onboard of new agents in 30 minutes, compared to two days for other solutions.
- Accenture developed an AI-powered financial advisor that leverages RISE with SAP on Microsoft Azure to enhance their infrastructure and integrate financial data.
- Atomicwork leverages Azure OpenAI to bring together three power capabilities: a conversational assistant, a modern service management system and a workflow automation platform.
- Blink Ops fully embraced generative AI to build the world’s first Security Automation Copilot with more than 8,000 automated workflows to help any Security/IT task through prompts.
- Chalhoub Group is using Microsoft Fabric to modernize its data analytics and streamline its data sources into one platform, increasing agility, enhancing analytics and accelerating processes.
- Cineplex is developing innovative automation solutions for finance, guest services, and other departments, saving the company over 30,000 hours a year in manual processing time.
- ClearBank moved its services to Microsoft Azure to gain scalability and efficiency, pushing out 183% more monthly system releases, gaining both scalability and efficiency.
- Danske Statsbaner increases productivity up to 30% with help from Microsoft AI solutions.
- Eastman implemented Microsoft Copilot for Security, realizing the benefits of accelerated upskilling, step-by-step guidance for response and faster threat remediation.
- Fast Shop migrated to Microsoft Azure, creating a self-service culture of access to data, eliminating delays, reducing costs and increasing leadership satisfaction with data while providing more agility in reporting.
- Florida Crystals adopted a value-added solution across Microsoft products including Microsoft 365 Copilot to reduce telecom expenses and automate industrial process controls.
- GHD is reinventing the RFP process in construction and engineering with Microsoft 365 Copilot.
- GovDash is a SaaS platform that leverages artificial intelligence to streamline the entire business development lifecycle for government contracting companies using Azure OpenAI.
- Grupo Bimbo is deploying Microsoft’s industrial AI technologies to modernize its manufacturing processes, optimizing production and reducing downtime, driving significant cost savings and empowering global innovation.
- Insight Canada implemented Microsoft 365 Copilot to streamline business operations, realizing a 93% productivity gains in functions including sales, finance and human resources.
- Intesa Sanpaolo Group enhanced its cybersecurity with AI-enabled Microsoft Sentinel and Microsoft Copilot for Security, resulting in faster threat detection, increased productivity and reduced storage costs.
- Kaya deployed a custom implementation of Microsoft Dynamics 365 and Power BI to modernize its supply chain, leading to enhanced visibility, improved planning and streamlined inter-department operations.
- Lionbridge Technologies, LLC is using Microsoft Azure and Azure OpenAI Service to accelerate its delivery times and improve quality, reducing project turnaround times by up to 30%.
- LTIMindtree integrated Microsoft Copilot for Security, offering automated incident response, integrated threat intelligence and advanced threat analysis.
- Mania de Churrasco used Microsoft Azure, Power Platform and Microsoft 365 to achieve high efficiency, security and scalability in its operations, in addition to improving its data intelligence, which indirectly participated in a 20% increase in sales year on year.
- National Bank of Greece built an Azure-powered Document AI solution to transform its document processing, improving the bank’s accuracy to 90%.
- Nest Bank has revolutionized its operations by integrating Microsoft 365 Copilot and Azure OpenAI Service, resulting in doubled sales and increased daily transactions from 60,000 to 80,000, showcasing the transformative impact of generative AI in the financial sector.
- Network Rail modernized their data analytics solution with Microsoft Azure, helping engineers understand data 50% faster than before and improve efficiency, passenger experiences and safety—all while saving costs.
- Nsure developed an AI-powered agent that uses Copilot Studio and Power Automate to reduce manual processing time by 60% while also reducing associated costs by 50%.
- Oncoclínicas implemented Microsoft Azure to transform its entire data ecosystem with a web portal and mobile application that performs all image processing and storage.
- Pacifico Seguros has adopted Microsoft Copilot for Security to optimize its security operations and anticipate and neutralize threats more efficiently and effectively.
- Parexel adopted Azure Databricks and Microsoft Power BI, achieving an 85% reduction in data engineering tooling costs, a 30% increase in staff efficiency and a 70% reduction in time to market for data product delivery.
- Paysafe used Microsoft 365 Copilot to streamline meetings, information management, and document creation, addressing language barriers, eliminating time-consuming tasks, and boosting creativity along the way.
- Planted is integrating Azure OpenAI to manage everyday tasks more efficiently and facilitate the search for information for innovative process development.
- Presidio realized dramatic productivity gains saving 1,200 hours per month on average for the employees using Microsoft 365 Copilot and created 70 new business opportunities.
- Qatar Charity used Copilot Studio to increase its call center efficiency, reducing average handle time by 30%, increasing customer satisfaction by 25% and achieving a 40% reduction in IT maintenance costs.
- Saphyre uses Microsoft Azure and AI to provide an intelligent cloud-based solution that automates and streamlines financial trading workflows around client and counterparty life cycle management, reducing manual efforts by 75%.
- Swiss International Air Lines migrated and modernized with Microsoft Azure, achieving up to 30% cost savings, a remarkable boost in platform stability along with enhanced security visibility.
- ZEISS Group uses Microsoft Fabric to create a secure and trusted data supply chain that can be shared effortlessly across a range of business units.
- ZF Group builds manufacturing efficiency with over 25,000 apps and 37,000 unique active users on Power Platform.
Bending the curve on innovation
Generative AI is revolutionizing innovation by speeding up creative processes and product development. It’s helping companies come up with new ideas, design prototypes, and iterate quickly, cutting down the time it takes to get to market. In the automotive industry, it’s designing more efficient vehicles, while in pharmaceuticals, it’s crafting new drug molecules, slashing years off R&D times. In education, it transforms how students learn and achieve their goals. Here are more examples of how companies are embracing generative AI to shape the future of innovation.
- Air India has incorporated Microsoft 365 Copilot into multiple departments, unlocking a new realm of operational insights that not only provide critical data on flight punctuality and operational hurdles but also empower proactive, collaborative decision making.
- Agnostic Intelligencedeployed Azure OpenAI Service to eliminate time-consuming tasks, saving users up to 80% of their time and enabling IT managers to focus on innovation and quality assurance.
- Albert Heijn is using Azure OpenAI for everything from customer personalization to demand forecast and food waste projects, making it easier for its customers to change their lifestyle.
- Amgen is using Microsoft 365 Copilot to boost productivity and has the potential to speed up drug development and support advancements in their business processes.
- APEC leverages Microsoft Azure and deep neural network algorithms to develop an app that enables healthcare providers to capture retinal images, increasing the accuracy to identify Retinopathy of Prematurity (RoP) to 90%.
- ASOS is using Azure AI Studio to help customers discover new looks with genuine shopping insights, personalized conversations, naturalism and even humor to enliven the shopping journey.
- Auburn University is incorporating Microsoft Copilot to promote AI literacy, accessibility, and collaboration, with the aim to expand educational and economic opportunities for its entire academic community with AI-centric tools.
- B3 launched an AI assistant using Azure OpenAI Service that aids 10,000 users a day to answer Brazilians’ questions about how to start investing.
- Basecamp Research aims to build the world’s largest database of national biodiversity and apply AI and machine learning to advance bioscience.
- Bayer is using Microsoft Copilot to contribute to feeding a growing global population and helping people lead healthier, disease-free lives.
- Brembo leveraged Azure OpenAI to develop ALCHEMIX, a solution to generate innovative compounds for its brake pads, drastically reducing the development time of new compounds from days to mere minutes.
- Canary Speech can now train new vocal models in as little as two months and handle millions of transactions per month with Microsoft Azure.
- CapitaLand simplified internal processes, increasing efficiency to more than 10,000 worker days saved per year and deployed Azure OpenAI Service to build the first AI hospitality chatbot for its lodging business.
- Cassidy is using Azure OpenAI Service to enhance efficiency across various industries, supporting over 10,000 companies.
- Coca-Cola is implementing Azure OpenAI Service to develop innovative generative AI use cases across various business functions, including testing how Microsoft 365 Copilot could help improve workplace productivity.
- Denso is developing “human-like” robots using Azure OpenAI Service as the brain to help robots and humans work together through dialogue.
- eFishery is using Azure OpenAI for farmers to get the data and insights on fish and shrimp farming, including more precise feeding and water quality monitoring.
- EY developed an application that automatically matches and clears incoming payments in SAP, resulting in an increase from 30% to 80% in automatically cleared payments and 95% matched payments, with estimated annual time savings of 230,000 hours globally.
- FIDO is using Azure OpenAI Service to develop an AI tool that uses sound to pinpoint leaky pipes, saving precious drinking water.
- Georgia Tech is using Azure OpenAI Service to enhance the electric vehicle (EV) charging infrastructure, achieving rapid data classification and predictive modeling, highlighting the reliability of networked chargers over non-networked ones.
- GigXR developed a solution to create the intelligence for specific AI patients using Microsoft Azure OpenAI Service and other Azure services.
- GoTo Group is significantly enhancing productivity and code quality across its engineering teams by adopting GitHub Copilot, saving over seven hours per week and achieving a 30% code acceptance rate.
- GovTech used Microsoft Azure OpenAI Service to create LaunchPad, sparking more than 400 ideas and 20 prototypes, laying the foundation for the government to harness the power of generative AI.
- H&R Block is using Azure AI Studio and Azure OpenAI Service to build a new solution that provides real-time, reliable tax filing assistance.
- Haut.AI provides skin care companies and retailers with customizable, AI-based skin diagnostic tools developed with the help of Microsoft AI.
- Helfie is building a solution that caters to healthcare providers who can arm their patients with an application to more quickly and accurately access the care they need.
- Hitachi will implement Azure OpenAI Service, Microsoft 365 Copilot and GitHub Copilot to create innovative solutions for the energy, mobility and other industries.
- Icertis is providing AI-based tools that will recognize contract language and then build algorithms to automatically choose the right approach based on the content of the contract.
- ITOCHU is using Azure OpenAI Service and Azure AI Studio to evolve its data analytics dashboard into a service that provides immediate recommendations by automatically creating evidence-based product proposals.
- IU International University of Applied Sciences (IU) is using the power of Azure OpenAI Service to develop Syntea, an AI avatar integrated into Microsoft Teams and Microsoft 365 Copilot, making learning more personalized, autonomous and flexible.
- Khan Academy has partnered with Microsoft to bring time-saving and lesson-enhancing AI tools to millions of educators.
- Lufthansa Group developed an animated 3D avatar called Digital Hangar to help guide passengers from initial travel inspiration to flight booking through an exchange with an avatar in natural language.
- Mitsubishi Heavy Industries is using Azure OpenAI Service to help accelerate digital innovation in power plants.
- Molslinjen has created an AI analytics toolbox that has reduced fuel emissions, improved customer satisfaction and brought in millions of additional revenue.
- Novo Nordisk recently published initial results with predictive AI models for advanced risk detection in cardiovascular diseases, including an algorithm that can predict patients’ cardiovascular risk better than the best clinical standards.
- Paige.AI is using AI and Microsoft Azure to accelerate cancer diagnoses with data from millions of images.
- Pets at Home created an agent to help its retail fraud detection team investigate suspicious transactions.
- Plan Heal is using Microsoft AI to create solutions that enable patients to monitor and report health metrics so care providers can better serve them.
- Pacific Northwest National Laboratory (PNNL) is testing a new battery material that was found in a matter of weeks, not years, as part of a collaboration with Microsoft.
- Rijksmuseum is harnessing the power of Copilot to make art accessible at scale by joining forces with Microsoft to improve and expand the art experience for blind and low-vision community members.
- Royal National Institute of Blind People is using Azure AI Services to develop an AI-based solution that quickly and accurately converts letters to braille, audio, and large print formats.
- Schneider Electric provides productivity-enhancing and energy efficiency solutions and is using a whole suite of AI tools to hasten its own innovation and that of its customers.
- SPAR ICS created an award-winning, AI-enabled demand forecasting system achieving 90% inventory prediction accuracy.
- Suzuki Motor Corporation is adopting Azure OpenAI Service for data security, driving company-wide use with five multipurpose apps.
- Tecnológico de Monterrey created a generative AI-powered ecosystem built on Azure OpenAI Service with the goal to personalize education based on the students’ needs, improve the learning process, boost teachers’ creativity and save time on tedious tasks.
- TomTom is using Azure OpenAI Service, Azure Cosmos DB, and Azure Kubernetes Service to revolutionize the driver experience.
- Unilever is partnering with Microsoft to identify new digital capabilities to drive product innovation forward, from unlocking the secrets of our skin’s microbiome to reducing the carbon footprint of a multibillion-dollar business.
- Unity used Microsoft Azure OpenAI Service to build Muse Chat, an AI assistant that can guide creators through common questions and help troubleshoot issues to make game development easier.
- University of South Florida is using Microsoft 365 Copilot to alleviate the burden of repetitive, time-consuming tasks so faculty and staff can spend this time creatively solving problems, conducting critical research, establishing stronger relationships with peers and students and using their expertise to forge new, innovative paths.
- Visma has developed new code with GitHub Copilot, Microsoft Azure DevOps and Microsoft Visual Studio as much as 50 percent faster, contributing to increased customer retention, faster time to market and increased revenue.
- Wallenius Wilhelmsen is implementing Microsoft 365 Copilot and using Microsoft Viva to drive sustainable adoption, streamlining processes, empowering better decision making and cultivating a culture of innovation and inclusion.
- Wipro is committed to delivering value to customers faster and improving the outcomes across the business by investing $1 billion in AI and training 200,000 employees on generative AI principles with Microsoft Copilot.
Read more:
- Get the study: Business Opportunity of AI | Microsoft
- Explore Microsoft AI solutions: Artificial Intelligence Solutions | Microsoft AI
- Assess your AI readiness: AI Readiness Wizard – Microsoft Adoption
- Build a strategic plan for AI: AI Strategy Roadmap | Microsoft AI
IDC InfoBrief: sponsored by Microsoft, 2024 Business Opportunity of AI, IDC# US52699124, November 2024
The post How real-world businesses are transforming with AI appeared first on The Official Microsoft Blog.
One of the highlights of my career has always been connecting with customers and partners across industries to learn how they are using technology to drive their businesses forward. In the past 30 years, we’ve seen four major platform shifts, from client server to internet and the web to mobile and cloud to now—the next…
The post How real-world businesses are transforming with AI appeared first on The Official Microsoft Blog.Read More
Microsoft to Separate Copilot and Teams Compliance Records
Separate Retention Policies Coming for Teams and Copilot Compliance Records
On November 6, 2024, Microsoft issued message center notification MC926899 to inform tenants that they plan to split retention processing for compliance records created by the Microsoft 365 substrate for Teams and Microsoft 365 Copilot interactions. The current situation is that Purview Data Lifecycle management allows a single retention policy to apply to both types of compliance records. In the future, you’ll be able to have separate policies. The change is covered by Microsoft 365 roadmap item 407897.
MC926899 says that a Microsoft 365 Copilot license is required to use this feature. That statement is inaccurate insofar as administrator actions are concerned. You can configure a retention policy to process Copilot interactions without a Copilot license. The only need for a Copilot license arises when someone wants to use Copilot in apps, like Copilot in Word or Copilot in Teams.
Microsoft plans to roll out the update to public preview in mid-November 2024 with worldwide deployment in general availability following in January 2025. As always with dates for updates, some slippage can happen.
A Thoroughly Justified Change
The change is totally justified. Storing Copilot interactions alongside Teams compliance records in the hidden TeamsMessagesData folder in user mailboxes was always a short-term exercise to allow Microsoft to claim support for Purview by Microsoft 365 Copilot. Like compliance records generated for Teams messages, the records are modified versions of mail items that hold just enough information about a Copilot interaction to make the data useful for eDiscovery and compliance purposes, such as review by communication compliance policies.
But the biggest reason why this change makes sense is that organizations are likely to have radically different retention strategies for different compliance records. For instance, many organizations like to remove Teams chats after a few days (which is why Purview supports a 1-day retention period for Teams). However, throwing away Copilot interaction records after a day might not be the preferred approach. Being forced to use a single policy that enforces the same retention period to both (Figure 1) is too inflexible, and that’s why creating the ability to have a separate retention policy for Copilot is the right thing to do.
Current Retention Policies and Copilot Interactions
Microsoft hasn’t said what will happen to current retention policies that process both Teams chats and Copilot interactions. My assumption is that they will remain in place and be unaffected by the change. In other words, if you apply the same retention period to Teams and Copilot, you have nothing to do. However, if you process the two types of data together, any flaw in the retention policy settings will affect both, hopefully not to the degree experienced by KPMG in 2020.
The only work item created by the change is for organizations that want to have separate retention policies. In this scenario, administrators will need to remove Copilot interactions from the current policy and create a new policy specifically for Copilot. Unless the organization uses multiple retention policies scoped at different sets of accounts, the update should only take a few minutes.
Storage Location for Copilot Interaction Records
I don’t know yet if Microsoft plans to move the storage location. Yammer (Viva Engage) uses a separate location for its compliance records as does Planner, so it makes sense if the Copilot records move to a new folder. When it does, I’ll have to update my PowerShell script to analyze Copilot interactions and report the prompts and responses between users and apps.
The change required by the script should be straightforward. Once we know the folder where Copilot stores its interaction records, the script can use Get-ExoMailboxFolderStatistics to find the Store identifier for the folder and run some code to convert the value to a REST identifier that works with Graph API requests. At least, that’s the theory. I’ll know more when the new retention option is available in tenants.
Keep up to date with developments in Purview by subscribing to the Office 365 for IT Pros eBook. Our monthly updates make sure that our subscribers understand the most important changes happening across Office 365.
Microsoft Recommends the UnifiedRoleDefinition Graph API for Role Assignment Automation
A New Graph API to Replace Two Existing APIs
The Graph change log update posted on October 21, 2024 contains a simple and blunt recommendation for developers to use the unifiedRoleDefinition Graph resource type (API) instead of the directoryRole and directoryRoleTemplate resource types (Figure 1). Sounds good. Using one API to replace two should simplify development, and the new API delivers more information about Entra ID roles.
The Impact on PowerShell Scripts
But then you look under the surface and understand that this change affects PowerShell scripts that use Microsoft Graph PowerShell SDK cmdlets like Get-MgDirectoryRole (find Entra ID roles) and Get-MgDirectoryRoleMember (find the membership of a role group). This March 2022 article explains how to use those and other SDK cmdlets to assign roles to user accounts.
In effect, if you want to follow Microsoft’s recommendation, you need to upgrade scripts to use cmdlets like Get-MgRoleManagementDirectoryRoleDefinition instead (or the beta version, which provides more information). There’s no necessity to upgrade scripts for the moment, but this issue could arise in the future if Microsoft decides to deprecate the older APIs. All of which creates the question of why Microsoft didn’t simply upgrade the old APIs instead?
I’m sure that there’s good technical reasons for introducing a new API. It’s cleaner for a start because it avoids all the messiness involved in supporting backwards compatibility for an indeterminate period. Professional developers are used to changing APIs and, while they’ll grumble at the need to do more work, the change will happen. Those who write PowerShell might be less happy. There’s a lot happening in the Entra space to force change in scripts already and introducing another change to the mix now sounds like a bad idea that demonstrates a certain lack of sympathy for part-time PowerShell developers, many of whom are struggling to move over to the Graph SDK.
Example PowerShell Cmdlet Changes
Let’s look at the script code changes that might be required. I’ll use the code in the March 2022 article as the base. First, we find the set of Entra ID roles in the tenant.
[array]$DirectoryRoles = Get-MgDirectoryRole | Sort-Object DisplayName
The equivalent with the unifiedRoleDefinition API is:
[array]$DirectoryRoles = Get-MgRoleManagementDirectoryRoleDefinition | Sort-Object DisplayName
In my tenant, the first command returns 36 roles, the second 113. This is because the new API returns all roles and role templates.
Interestingly, the Graph X-Ray tool reveals that the Entra admin center uses the beta version of the cmdlet (Get-MgBetaRoleManagementDirectoryRoleDefinition) when it fetches roles for the All roles page.
Each role has an identifier which is needed to find information about role assignments. To find the identifier for a role, use the role name to filter the set of roles fetched above. For instance, here’s how to find the identifier for the Teams administrator role. This code remains the same:
$TeamsAdminRoleId = $DirectoryRoles | Where-Object {$_.DisplayName -eq "Teams administrator"} | Select -ExpandProperty Id
Note that the two APIs return different identifiers for roles. If you have hard-coded role identifiers in scripts, the values will need to be updated to match the API.
We want to make a new role assignment to add a user account to the role. To start, we find the set of current role members. With the old API, the command is:
[array]$RoleMembers = Get-MgDirectoryRoleMember -DirectoryRoleId $TeamsAdminRoleId
With the new, the command is:
[array]$RoleMembers = Get-MgRoleManagementDirectoryRoleAssignment -Filter "roleDefinitionId eq '$TeamsAdminRoleId'" -ExpandProperty "principal"
One thing to note is that the information returned for role assignments in the older API only includes user accounts, and the additionalProperties property includes details of the accounts, which means that you can do something like this to see the names of the assignees:
ForEach ($Member in $RoleMembers) { Write-Output $Member.AdditionalProperties.displayName }
This doesn’t happen with the new API. I think two reasons exist why this is so. First, the API includes service principals in role assignments, something that’s important for objects like Azure automation accounts used to execute runbooks or Entra registered apps that need to act in an administrative role. In the assignments listed in Figure 2, only two are user accounts.. Second, the API includes support for scoping (full directory, administrative units, or applications).
Making a Role Assignment
The last example from the article is to assign a role to a user account. The code first checks if the user account already has an assignment, and if not, calls the New-DirectoryRoleMemberByRef cmdlet to make the assignment:
If ($User.Id -notin $RoleMembers.Id) { Write-Host ("Adding user {0} to the Teams administrator role" -f $User.DisplayName) New-MgDirectoryRoleMemberByRef -DirectoryRoleId $TeamsAdminRoleId -BodyParameter @{"@odata.id" = "https://graph.microsoft.com/v1.0/directoryObjects/$($user.Id)"}
To make a role assignment with the new API, create a hash table to hold the parameters, including the identifier for the role to assign, the identifier of the account or service principal to receive the role assignment, and the directory scope. In this case, the scope is “/”, meaning the entire directory. If you want to limit the role assignment to specific administrative units, include the identifiers for the administrative units instead.
If ($User.Id -notin $RoleMembers.Id) { $Assignment = @{} $Assignment.Add("@odata.type","#microsoft.graph.unifiedRoleAssignment") $Assignment.Add("roleDefinitionId", $TeamsAdminRoleId) $Assignment.Add("principalId", $User.Id) $Assignment.Add("directoryScopeId", "/") New-MgRoleManagementDirectoryRoleAssignment -BodyParameter $Assignment } Id PrincipalId RoleDefinitionId DirectoryScopeId AppScopeId -- ----------- ---------------- ---------------- ---------- 3ywjKSOT_UKt4h0JevPk3oeS4FkbrPdPgKMI0NHu2Tk-1 59e09287-ac1b-4ff7-80a3-08d0d1eed939 29232cdf-9323-42fd-ade2-1d097af3e4de / $Assignment Name Value ---- ----- roleDefinitionId 4c962061-2581-417f-938a-7cc1b38fc2a2 directoryScopeId / principalId 59e09287-ac1b-4ff7-80a3-08d0d1eed939 @odata.type #microsoft.graph.unifiedRoleAssignment
In terms of Privileged Identity Management, the resulting assignment is active and permanent, so the new holder can use it immediately and will show up in administrative interfaces as a role holder (and in scripts like my reporting administrative role assignments script, which uses the unifiedRoleDefinition API).
More to Come
There’s lots more to investigate in terms of exploiting the UnifiedRoleDefinition API to automate the management of Entra role assignments. We’ll get to that in future articles. In the meantime, the message is that Microsoft is focused on using the UnifiedRoleDefinition API going forward, so that’s where your focus should be too.
Need more advice about how to write PowerShell for Microsoft 365? Get a copy of the Automating Microsoft 365 with PowerShell eBook, available standalone or as part of the Office 365 for IT Pros eBook bundle.
Private Channels Just Don’t Get Any Respect
Launched Just Prior to Covid, Private Channels Lost Impetus when Teams Changed Gears
To much excitement at the time, Microsoft introduced private channels for Teams at the Ignite conference in Orlando in November 2019. Teams was a very different proposition then. The Covid pandemic was still a few months away and less than 20 million people used Teams regularly. Private channels were the first major development in Teams since its launch in early 2017. They were a response to the misgivings voiced in many customers that all members of a team enjoyed equal access to channel conversations and the team’s SharePoint Online site.
Roll forward five years and Teams is in a very different place. The pandemic generated huge demand for online collaboration in general and online meetings in particular. Microsoft had to continually strengthen the Azure-based Teams infrastructure to cope with demand as the number of users swelled continually. Growth has slowed recently, but Teams now has 320 million monthly active users, or roughly 80% of the Office 365 installed base based on the latest numbers released by Microsoft.
After their launch, the initial excitement around private channels soon began to fade. In 2021, Microsoft began to hype shared channels (eventually released in 2022). Focus shifted to the possibilities of trans-tenant collaboration rather than the inward-nature restrictions offered by private channels. You can tell where the latest craze exists by counting the number of sessions offered for a specific technology by large conferences.
ESPC in Stockholm
The agenda for technology conferences like ESCP 2024 in Stockholm (December 2-5) is currently dominated by artificial intelligence because that’s what people want to talk about, despite the fact that AI is still not widely used across the Office 365 base. I’ll still enjoy ESPC, where I speak twice about non-AI topics (Mastering the Microsoft Graph PowerShell SDK and Decoding the Microsoft 365 Audit Log), and I’ll happily listen to the latest propaganda telling me how to work with AI.
Private channels don’t feature on the ESPC agenda, nor did I see anything on the topic at the Microsoft 365 conference in Orlando last May. I suspect that private channels won’t receive much coverage at the upcoming Ignite conference in Chicago. That’s no reflection on the importance or usefulness of the technology. After all, Microsoft 365 conferences usually avoid allocating sessions to cover Exchange Online, despite the essential role that Exchange plays in the overall ecosystem and the massive changes Microsoft is making for hybrid organizations, like forcing tenants to upgrade servers and the introduction of Exchange Server subscription edition next year.
Odd Session Selection at Some Technology Conferences
If conference programs were selected based on the importance of a technology to Microsoft 365 sessions would be dominated by Exchange Online, SharePoint Online, OneDrive for Business, Entra ID (including security), and Teams, with some sessions to cover PowerShell and the Microsoft Graph.
However, that’s not what happens, perhaps because the folks who select sessions are overly influenced by Microsoft marketing (including sponsorship dollars). What else accounts for conferences giving valuable time to cover everything in the Viva Suite, Loop, and the like? Far too many conference sessions are given over to technologies that are marginally interesting in terms of overall usage within tenants. There will always be the need for sessions to cover emerging technologies (AI is firmly in this category), but some conference selections are just odd.
The Worth of Private Channels
Back to private channels. My interest was reawakened the other day when discussing a problem a university had. Like most institutions, the university has a program to allow people to file complaints that are then investigated by the relevant facility. They were advised that they’d need to set up a separate team for each facility to store details of investigations in a secure SharePoint site. No one had considered creating a single team with separate private channels for each facility. Private channels limit access to the subset of the team membership who become channel members. No one else, not even team owners, can access the content in the private channel, including its separate SharePoint Online site.
The advantage of using private channels is the avoidance of team sprawl. Creating a new private channel is as easy as creating a regular channel (Figure 1). After creating a private channel, the only other task is to add members to the channel.
In the case in question, all the people in the university who work on complaints can be members of the team with subsets becoming members of the private channels created for the facilities. Team members share common knowledge such as program announcements and guidelines without compromising the integrity of their investigations in any way.
Another advantage is that people won’t create a group chat to take a discussion to a more limited forum. In fact, people should be discouraged from using group chats for anything that involves sensitive information.
An individual team can support up to 1,000 channels, of which up to 30 can be private channels. Being able to segment confidential and sensitive work across private channels within a team is a nice way to protect information. And if you want information to remain even more private, consider creating a sensitivity label that limits access to the members of a private channel and assigning the label to every document stored in the channel. That way, even if a document “escapes” outside the channel, its content will remain inaccessible.
I use private channels daily. They’re a great host for private collaboration on a need-to-know basis. It’s just a pity that so few people seem to know about private channels.