How to use Azure Active Directory differently than classic AD

it leaves a lot behind, Azure Active Directory gives administrators ways to extend AD into cloud resources and achieve critical connections, such as application federation, once they know how to use it.

Most Windows administrators use classic AD to manage users, profiles, Group Policy Objects and other relationships. Bandwidth and interoperability are rarely an issue on premises. The cloud is a whole different proposition. Servers and services in the cloud have different needs and requirements than in-house deployments. Azure Active Directory extends classic AD into the cloud environment, rather than replacing AD with a cloud version. Active Directory has a treelike structure of organization, but Azure AD is essentially a flat exported version.

Azure Active Directory vs. on-premises AD

The public cloud is as device-agnostic as possible, which means it isn’t designed to look after computers and Group Policy Objects. Azure doesn’t need the heavy feature set of on-premises AD; it requires only that authenticated user accounts, groups and security information carry forward into the cloud. This is where administrators use Azure Active Directory.

Azure Active Directory is a web-based system that manages and authenticates users against web services. It works with web-hosted, custom-built applications, as well as integrated third-party web services and applications. Microsoft’s term for this list is the portfolio. Look for ways to use Azure Active Directory as an easily managed, extensible identity services front end to web services, platform-as-a-service offerings and other products.

Microsoft Azure Active Directory management console
Figure 1. The management console for Azure Active Directory shows components for administrators to control.

Azure Active Directory can also manage identity and application provisioning on Windows devices: The enterprise Windows 10 systems have a configuration option for on premises or Azure Active Directory. Don’t expect it to apply Group Policy Objects, however.

Azure Active Directory even has its own PowerShell extensions to manage and configure users.

How to use Azure Active Directory in an enterprise

Azure Active Directory’s setup suits companies with BYOD programs. Azure Active Directory connects Microsoft- and Android-based user devices, as a truly web-first affair. Once authenticated, the user can consume applications from the Azure system portfolio as dictated by the administrator. As the Azure Active Directory framework grows, its portfolio supports more applications. While end users download and consume apps easily, administrators retain a certain amount of control over local system configuration regarding apps.

Administrators can control the application sign-in for a web service from the portfolio. They can let the user specify username and password, choose to store preconfigured values or use federated services, such as Active Directory Federation Services (ADFS). Azure Active Directory passes these settings down upon app install.

Administrators can set up and release an application for users via a wizard interface in Azure Active Directory. They specify groups or individual users and can add users from other Azure Active Directory-enabled companies. In large environments, administrators commonly add these users so that Azure domains can authenticate with each other via ADFS without divulging any secrets. Multifactor authentication is also available on Azure Active Directory.

Administrators should take advantage of the in-app authentication feature. This enables you to validate Office 365 license statuses and management, authenticate users seamlessly to OneDrive and SharePoint and set up other pathways.

Use Azure Active Directory with Azure Active Directory Connect, a Microsoft tool that ties on premises to cloud. It helps prevent pesky authentication prompts or nasty hacks around them. An organization installs Azure AD Connect on the on-premises AD controller to extend authentication across both private and public cloud.

Administrators with a simple Active Directory setup, with a single domain and forest, will find it easy to extend into Azure.

Powered by WPeMatico

Windows 10 Tip: How to get started viewing and streaming with Mixer

Mixer is the only next-gen live game streaming service that offers viewers real-time influence and participation in game streams. Mixer’s streaming protocol delivers content with less than one second of latency. It makes game streams so fast and clear, that it’s a refreshing surprise to both streamers and viewers—almost like they’re in the same room! Here’s how to get started with Mixer:

To view Mixer content from your PC, simply navigate to Mixer.com

To view Mixer content from your PC, simply navigate to Mixer.com. 

Featured streams are available right from the homepage, or you can sort streams by game using the “Games” menu on the left-hand side of the homepage.

While you’re there, consider logging in with your Microsoft account so that you can start earning sparks when you view Mixer streams across both Windows and Xbox One devices.  Sparks are in-app currency you use to interact with streamers in ways they’ve setup (like soundboards!).

To log in to Mixer with your Microsoft Account:

Login to Mixer with your Microsoft Account

  • Click “Log In” in the top right corner of the window.
  • In the Log In menu, select “Log in with Your Microsoft Account”
  • In the popup, complete the log in steps using your Microsoft account and password.

You should now see your Microsoft account profile photo in the top right corner of the Window.

To start broadcasting a Mixer stream of your own:

To set more detailed settings for your future broadcasts, select the Start button, then Settings > Gaming > Broadcasting. 

  • Launch a game.
  • Press Windows logo key + G on your Windows 10 PC to open the Game bar.
  • Press the Broadcast button to choose how you want your broadcast to look.
  • Press Start broadcasting to broadcast your game.

To set more detailed settings for your future broadcasts, select the Start button, then Settings > Gaming > Broadcasting.  Additional settings can be accessed by visiting your channel on Mixer.com.

Enable Video on Demand (VoD) for your streaming sessions:

A Video on Demand (VoD) is a recording of a previous stream that is automatically saved on Mixer. VoD recording must be enabled with the “Keep recordings [VoDs] of my streams” option on your “Manage Channel” page of Mixer.com before your stream starts for the VoD to be saved (VoD recording is disabled by default).

  • In a web browser, navigate to Mixer.com and log in.
  • Click your profile photo in the top right, then click on “Manage Channel” in the menu.
  • Select the button for “Keep recordings (VoDs) of my streams” in the preferences menu.
  • Once enabled, any broadcast longer than 5 minutes will be automatically saved as a VoD.

You can watch, download, and delete saved VoDs from your “Manage Channel” page on Mixer.com. Don’t forget you can read all of our Windows 10 Tips right over here.

Have a great week!

Configure Azure Active Directory SSO service and avoid delays

No one wants to enter the same password multiple times to use applications on a single machine. Many administrators…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

seek single sign-on, and Microsoft’s Active Directory Federation Services is the traditional way to get it. But ADFS doesn’t prevent login prompts in all applications; Outlook or Skype for Business users have to look elsewhere.

Businesses have a new option for SSO. Azure Active Directory (AD) Seamless SSO registers a special computer account in AD to act as a proxy so that Integrated Windows Authentication (IWA) — which authorizes users — works against specific URLs in Azure AD to sign a user in as if the URLs were an intranet site.

Administrators can configure Azure AD Connect, which integrates an on-premises directory with Azure AD, to perform Seamless SSO; set up an Office 365 tenant to support modern authentication; and, finally, examine the client experience.

Combine Azure Active Directory SSO with modern authentication, which enables features such as multifactor authentication and certificate-based authentication, to get a full SSO without ADFS. Modern authentication uses a web browser-based sign-in within the Office applications, which enables IWA to work.

Configure Azure AD Connect

To set up the feature, start with Azure AD Connect and password synchronization in place. Launch the Azure AD Connect configuration wizard, select the User Sign-In option and choose Enable single sign on, as shown in Figure 1.

Azure AD configuration wizard
Figure 1. Click on Enable single sign on to use Seamless SSO.

On the Enable single sign on page shown in Figure 2, enter the domain administrator credentials to create the special computer account for Azure AD Connect in the local AD.

Enable single sign on
Figure 2. Enter the domain administrator credentials to create a special computer account for Azure AD Connect.

Complete the setup wizard. Once Azure AD Connect updates the configuration, verify that the new computer account has been created. Open Active Directory Users and Computers, navigate to the Computers container and look for a new computer for Azure Active Directory SSO, named AZUREADSSOACC:

Active Directory Users and Computers
Figure 3. Verify that the action created a new computer account named AZUREADSSOACC.

Set up the Office 365 tenant

To use the Seamless SSO service with Outlook and Skype for Business applications, enable the Office 365 tenant for modern authentication.

Connect with Exchange Online PowerShell and use administrative credentials, as such:

$UserCredential = Get-Credential

$ExoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $ExoSession

Next, use the Set-OrganizationConfig cmdlet to enable the OAuth2 Client Profile:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

For Skype for Business Online, download and install the Skype for Business Online Windows PowerShell module. Connect to Skype for Business Online from a PowerShell prompt:

$UserCredential = Get-Credential

$SfBSession = New-CsOnlineSession -Credential $UserCredential -Verbose

Import-PSSession $SfBSession

Invoke the Set-CsOAuthConfiguration cmdlet to enable Modern Authentication.

Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

These are common steps to enable SSO with Windows 10 Azure AD-joined devices and ADFS.

If your organization uses Office 2013 with modern authentication enabled — or Office 2016, which uses modern authentication if available — then the system will prompt clients for a password until you have completed and tested the remainder of the steps.

Configure Intranet Zone settings

Azure Active Directory SSO requires an administrator to add two URLs to Internet Explorer’s Local Intranet Zone on client PCs. This indicates to the client that the specific URLs are safe to use with IWA.

The two URLs to add are:

When you add these URLs to the Intranet Zone in Internet Explorer, Office clients — including Outlook and Chrome — inherit them.

To test the functionality, open the Internet Explorer options page, and on the Security tab, choose Local Intranet, then Sites and finally add the URLs, as shown in Figure 4.

Internet Explorer options page
Figure 4. Test that the two mandatory URLs for Azure AD’s SSO service function in Internet Explorer.

Admins typically deploy these URLs via Group Policy. Open the Group Policy management tools for your domain, and either create or amend an existing policy for users who need SSO. Under the User Configuration section, as seen in Figure 5, navigate to Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page. Select the Site to Zone Assignment List.

Group Policy Management Editor
Figure 5. Create or adjust Group Policy for users who need SSO.

Add both site URLs to the Site to Zone Assignment List, with the URL as the Value name and the Value as 1, which indicates that the URL should be added to the Intranet Zone, as seen in Figure 6.

Site to Zone Assignment List
Figure 6. Add the value name and value for each URL to join the Intranet Zone.

What are the caveats?

Once Seamless SSO is configured and you’ve deployed supporting policies, the sign-in experience removes almost all areas where a user would enter his username and eliminates the need to enter credentials.

But in some scenarios the user needs to enter a username.

A username — typically an email address — is required to access some web-based services, including the Office 365 portal, OneDrive and SharePoint. However, after entering the username, the system won’t prompt the user for a password.

The next-generation OneDrive client, which can sign into both consumer and business OneDrive services, is similar. On first entry, the user must enter a username to sign in but will not be prompted for a password.

Next Steps

Azure AD has a lot to offer Office 365 orgs

Keep abreast of Microsoft’s Azure portal changes

Pros and cons of the Azure AD PowerShell module

Powered by WPeMatico

Connecting with partners to empower the modern workplace

This is one of my favorite weeks of the year! It’s a week where Microsoft leaders connect with thousands of partners from around the world to talk about what’s new and the opportunity in front of us in the coming year. Since our last partner conference a year ago, we’ve been working together to better serve customers who have continuously evolving demands of technology.

We’re on a mission to empower every person and organization on the planet to achieve more in the Modern Workplace. A big part of that mission is delivering a new way for customers to transform their business with modern Microsoft products and services that help make employees more productive, creative and secure.

Just last week we announced new security and management features in Windows 10 that will arrive in the Windows 10 Fall Creators Update.

<!–
!function(a,b){“use strict”;function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf(“MSIE 10”),h=!!navigator.userAgent.match(/Trident.*rv:11./),i=b.querySelectorAll(“iframe.wp-embedded-content”);for(c=0;c<i.length;c++){if(d=i[c],!d.getAttribute(“data-secret”))f=Math.random().toString(36).substr(2,10),d.src+=”#?secret=”+f,d.setAttribute(“data-secret”,f);if(g||h)a=d.cloneNode(!0),a.removeAttribute(“security”),d.parentNode.replaceChild(a,d)}}}var d=!1,e=!1;if(b.querySelector)if(a.addEventListener)d=!0;if(a.wp=a.wp||{},!a.wp.receiveEmbedMessage)if(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value)if(!/[^a-zA-Z0-9]/.test(d.secret)){var e,f,g,h,i,j=b.querySelectorAll(‘iframe[data-secret=”‘+d.secret+'”]’),k=b.querySelectorAll(‘blockquote[data-secret=”‘+d.secret+'”]’);for(e=0;e<k.length;e++)k[e].style.display=”none”;for(e=0;e1e3)g=1e3;else if(~~g<!]]>

Today, we’re excited to announce Microsoft 365, a new set of offerings that include Office 365, Windows 10, and Enterprise Mobility + Security, to create a complete, intelligent, secure solution that empowers everyone to be creative and work together, securely.

We introduced two Microsoft 365 solutions:

  • Microsoft 365 Enterprise includes Office 365 Enterprise, Windows 10 Enterprise, and Enterprise Mobility + Security and is offered in two plans – Microsoft 365 E3 and Microsoft 365 E5.  Both plans provide customers with a complete set of productivity and security capabilities, while Microsoft 365 E5 provides the latest and most advanced innovations in security, compliance, analytics, and collaboration.
  • Microsoft 365 Business is designed for small-to-medium sized businesses (SMB) and includes Office 365 Business Premium, security and management features for Office apps and Windows 10 devices, upgrade rights to Windows 10, and a centralized IT console. It will be available in public preview starting August 2.

For our partners, Microsoft 365 offers exciting new opportunities – from the ability to modernize a customer’s environment through managed services, to the ability to differentiate their offerings with advanced enterprise services. We believe Microsoft 365 will be a further catalyst to drive customer creativity, security and simplicity in their desktop management.

In addition to having end-to-end solutions with Windows 10, Office 365, and Enterprise Mobility + Security, we know customers need the ability to decide how to operate. Today we are announcing that Windows 10 E3 and E5 customers will now have the option to add virtualization use rights to Windows subscriptions in the CSP program starting in September.

<!–
!function(a,b){“use strict”;function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf(“MSIE 10”),h=!!navigator.userAgent.match(/Trident.*rv:11./),i=b.querySelectorAll(“iframe.wp-embedded-content”);for(c=0;c<i.length;c++){if(d=i[c],!d.getAttribute(“data-secret”))f=Math.random().toString(36).substr(2,10),d.src+=”#?secret=”+f,d.setAttribute(“data-secret”,f);if(g||h)a=d.cloneNode(!0),a.removeAttribute(“security”),d.parentNode.replaceChild(a,d)}}}var d=!1,e=!1;if(b.querySelector)if(a.addEventListener)d=!0;if(a.wp=a.wp||{},!a.wp.receiveEmbedMessage)if(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value)if(!/[^a-zA-Z0-9]/.test(d.secret)){var e,f,g,h,i,j=b.querySelectorAll(‘iframe[data-secret=”‘+d.secret+'”]’),k=b.querySelectorAll(‘blockquote[data-secret=”‘+d.secret+'”]’);for(e=0;e<k.length;e++)k[e].style.display=”none”;for(e=0;e1e3)g=1e3;else if(~~g<!]]>

Now is the best time to be a Surface partner

Since last year when we first introduced Surface as a Service at Inspire, the program has grown from one partner in the channel to more than 50 partners in 15 markets worldwide. The Surface channel is well equipped to handle the demand that will come from Microsoft 365 customers worldwide and we cannot wait for customers to get the best of the complete Microsoft stack in their hands.

On top of the momentum Microsoft Surface partners have worldwide, Surface is highlighting two new opportunities for partners to get more value out of being a Surface partner: a new Services and Support opportunity as well as a new Surface Reseller Alliance. The partner program for Services and Support was successfully piloted and is now active in 10 countries: the US., U.K., Germany, France, Australia, New Zealand, Denmark, Sweden, Norway, and Finland. Japan and the expansion to other Surface markets are coming over the next few months. Surface also announced a partnership with IBM Technology Support Services (TSS) – one of the world’s leading support providers – to enhance our Microsoft Complete extended warranty offerings and deliver technology services and support for Surface devices.

<!–
!function(a,b){“use strict”;function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf(“MSIE 10”),h=!!navigator.userAgent.match(/Trident.*rv:11./),i=b.querySelectorAll(“iframe.wp-embedded-content”);for(c=0;c<i.length;c++){if(d=i[c],!d.getAttribute(“data-secret”))f=Math.random().toString(36).substr(2,10),d.src+=”#?secret=”+f,d.setAttribute(“data-secret”,f);if(g||h)a=d.cloneNode(!0),a.removeAttribute(“security”),d.parentNode.replaceChild(a,d)}}}var d=!1,e=!1;if(b.querySelector)if(a.addEventListener)d=!0;if(a.wp=a.wp||{},!a.wp.receiveEmbedMessage)if(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value)if(!/[^a-zA-Z0-9]/.test(d.secret)){var e,f,g,h,i,j=b.querySelectorAll(‘iframe[data-secret=”‘+d.secret+'”]’),k=b.querySelectorAll(‘blockquote[data-secret=”‘+d.secret+'”]’);for(e=0;e<k.length;e++)k[e].style.display=”none”;for(e=0;e1e3)g=1e3;else if(~~g<!]]>

The Surface Reseller Alliance training program includes a revamped online portal with training modules, live webinars for newly launched Surface products, and will provide incentives for partner sellers to complete training curriculum.  You can read more about it on the Devices Blog.

Expanding the Mixed Reality Partner Program

We’ve also been working to expand our partnership program for Windows Mixed Reality around the world. Today, we are excited to announce the creation of the Mixed Reality Partner Program, welcoming both system integrators (SIs) and digital agencies around the world.

<!–
!function(a,b){“use strict”;function c(){if(!e){e=!0;var a,c,d,f,g=-1!==navigator.appVersion.indexOf(“MSIE 10”),h=!!navigator.userAgent.match(/Trident.*rv:11./),i=b.querySelectorAll(“iframe.wp-embedded-content”);for(c=0;c<i.length;c++){if(d=i[c],!d.getAttribute(“data-secret”))f=Math.random().toString(36).substr(2,10),d.src+=”#?secret=”+f,d.setAttribute(“data-secret”,f);if(g||h)a=d.cloneNode(!0),a.removeAttribute(“security”),d.parentNode.replaceChild(a,d)}}}var d=!1,e=!1;if(b.querySelector)if(a.addEventListener)d=!0;if(a.wp=a.wp||{},!a.wp.receiveEmbedMessage)if(a.wp.receiveEmbedMessage=function(c){var d=c.data;if(d.secret||d.message||d.value)if(!/[^a-zA-Z0-9]/.test(d.secret)){var e,f,g,h,i,j=b.querySelectorAll(‘iframe[data-secret=”‘+d.secret+'”]’),k=b.querySelectorAll(‘blockquote[data-secret=”‘+d.secret+'”]’);for(e=0;e<k.length;e++)k[e].style.display=”none”;for(e=0;e1e3)g=1e3;else if(~~g<!]]>

The Mixed Reality Partner Program is an expansion of the HoloLens Agency Readiness Partner Program which was announced just over a year ago at //build 2016. At that time, we welcomed 10 digital and creative agencies to develop mixed reality solutions. As we have expanded Microsoft HoloLens to more developers and commercial customers around the globe, we added new Europe-focused partners to the program. Now with more than 16 HoloLens Agency Readiness Partners, we’re creating the future of mixed reality experiences with partners and customers.

As the technology landscape continues to advance at unprecedented rates, Microsoft and the Windows and Devices Group will be at the forefront with new ideas to enhance the way our partners work with customers.

Hearing from our partners is extremely important and we look forward to talking with you during a great week at Inspire!

Windows virtualization use rights coming to CSP

We’re exceptionally proud that Windows 10, the most secure Windows ever, offers the widest range of device form factors and the greatest breadth of input options with support for touch, pen, gesture, and voice. Customers choose Windows 10 knowing that they can purchase a great new business PC for just a few hundred dollars, an incredible Surface Pro or Surface Book device for the ultimate in business productivity, or build their own custom rig part-by-part to meet any budget.

For some business customers, Windows virtualization is the solution that best meets their productivity, security, and IT infrastructure needs. This may mean PCs connecting to Windows client VMs running on dedicated or multi-tenant hardware enabling users to freely move from device to device, through to scenarios where a particular app or data set requires an additional layer of separation from the end-user device achieved through virtualization. The common factor here is choice and it’s one of the main reasons our customers and partners choose Windows 10.

Today, we’re making two announcements that provide our business customers with greater choice.
The first is that virtualization use rights will be coming to Windows 10 subscriptions in the cloud solution provider (CSP) program starting in September, with the flexibility to host in both Azure or with 3rd party hosting partners. And the second announcement is a new certification program for 3rd party hosting partners that wish to host virtual machines (VMs) licensed via CSP subscriptions.

Virtualization is not for every customer and so we’re creating offerings with and without virtualization use rights to ensure customers have the choice to subscribe to the solution that best meets their needs while not paying for rights they don’t require.

Beginning September 6th, 2017, customers will be able to choose from five subscription offerings in the CSP program with Windows 10 virtualization use rights, enabling Windows VMs to be hosted in Azure or with a qualified multitenant hosting partner:

  • Windows 10 Enterprise E3 will be available with or without virtualization use rights
  • Windows 10 Enterprise E5 will be updated to include virtualization use rights
  • A new Windows 10 Enterprise E3 VDA offering will be created for customers that require access to Windows VMs on non-Windows Pro devices
  • Customers purchasing or already subscribed to Microsoft 365 Enterprise (formerly known as Secure Productive Enterprise) via CSP will automatically receive Windows 10 virtualization use rights at no extra cost

Compute and consumption charges may apply based on VM use.

To learn more about Windows Enterprise subscriptions in CSP or to find a Windows 10 in CSP partner please visit this page.

To learn more about Windows virtualization licensing please refer to this document

And for partners who wish to learn more about becoming a qualified multitenant hoster, please visit this link

Now is the best time to be a Surface partner

Men and woman sitting around a conference table looking at a Surface Pro.

I love the energy of our partners and hearing about their successes with Surface. To every Surface partner: thank you. You are helping businesses around the globe create workplaces that harness the full power of their teams and unleash their people’s creativity. It’s meaningful work that inspires me personally and the Surface team daily.

It’s amazing to think about how far the Surface Commercial business has come in three years because of our partners – from one to over 15,000 partners worldwide. Partners have developed innovative delivery and service models, such as Surface as a Service, which in under a year has grown from one partner and one customer to over 50 partners in 15 markets worldwide. Another partner-led program, the Surface Hub Value Added Distributor Program for Opportunity Resellers (VADOR), in less than four months has grown to over 500 partners and now accounts for 15% of Surface Hub sales worldwide!

The momentum Surface has will continue to grow especially considering today’s announcement of Microsoft 365, which combines the best of Microsoft products across Office 365, Windows 10, and Enterprise Mobility + Security. Surface devices represent the best expression of the Microsoft 365 offerings, allowing individuals and organizations to take the fullest advantage of their Office and Windows investments.

Today, I am highlighting two new opportunities for partners and customers to get more value out of their Surface devices: a new Services and Support opportunity as well as previewing our new Surface Reseller Alliance.

Improvements to services and support

Pre and Post-sale Services and Support are essential for modern businesses to succeed. Enterprises need devices that not only help them transform digital workflows but also ensure that their employees are always productive. I am excited to share that since the announcement at Ignite last year, we have quite a bit of progress on our next-generation Services and Support. The partner program for Services and Support was successfully piloted and is now active in 10 countries: the US., U.K., Germany, France, Australia, New Zealand, Denmark, Sweden, Norway, and Finland. Japan and the expansion to other Surface markets are coming over the next few months.

That said, we know larger Enterprise customers expect services such as next business day replacement and next business day onsite support on a global scale.

With that in mind, today I’m announcing that Microsoft Surface is partnering with IBM Technology Support Services (TSS) – one of the world’s leading support providers – to enhance our Microsoft Complete extended warranty offerings and deliver technology services and support for Surface devices. 

These services, offered by our channel partners, will be available starting July 15th in the US and Canada, with other Surface markets coming online soon.

I’m also happy to share that next business day replacement and next business day onsite support services will be available for new and existing customers who have a Microsoft Complete extended service plan.

Now whether you’re a 100-person company with one location or a 5,000+ person organization spread across the globe, you can receive the best post-sale services and support, thanks to our updated offerings.

Surface Reseller Alliance

Our goal is to enable our Surface resellers the ability to provide a premium experience when they interact with our shared end customers. To ensure our Surface reseller partners have the latest information in training, set up and transactional assistance, we’ve created the Microsoft Surface Reseller Alliance. The goal of the Alliance is to provide the Surface partners easy access to product information, training, marketing support materials, end-customer assistance and help with and direct deal registration for Distributor Managed Partners (DMPs). The Alliance is currently in preview and is accessible via the current Surface Drumbeat site. We will launch it in full later this fall.

The Surface Reseller Alliance training program includes a revamped online portal with training modules, live webinars for newly launched Surface products, and will provide incentives for partner sellers to complete training curriculum. We’re also ramping up our marketing support by making significant investments in lead generation, providing assets, guidelines and assistance to help partners create fantastic marketing collateral and web experiences wherever Surface is sold.

An example of our efforts to unify our resellers experience is the Deal Registration Portal that we will launch in the coming months. The Deal Registration Portal will allow our DMPs to register their deals directly as opposed to through their distributor. This will save them time and energy so they can focus on winning new business.

We will continue to create additional Microsoft Surface Reseller Alliance programs like the Deal Registration Portal and make other subsequent updates to improve the portal over time. This is just the beginning. To learn more partners can contact their Microsoft Account Teams starting today.

The success of Surface in the commercial sector in large part is due to the hard work of our partner network, who enable us to create innovative programs to better serve the needs of our shared customers worldwide. We are grateful to partners for their innovative spirits, tenacity, input, and desire as together we enable businesses and people around the world to do more. We look forward to years of continued success!

We’re expanding the Mixed Reality Partner Program

Just over a year ago at Build 2016, we welcomed 10 digital and creative agencies to develop mixed reality solutions as part of the HoloLens Agency Readiness Partner Program. As part of the program, we provided these partners with technical readiness training to extend their design competencies and help them deliver compelling mixed reality solutions across industries, including education, healthcare, architecture, engineering, construction, and design.

With the expansion of Microsoft HoloLens to more developers and commercial customers around the globe this last March — including those in Australia, Ireland, France, Germany, New Zealand, the United Kingdom, China, and Japan — we welcomed new partners to the program to create the future of mixed reality experiences for customers in those regions. Now more than 30 HoloLens Agency Readiness Partners are producing tangible results such as proof-of-concepts (POC), pilots and deployments of world class mixed reality solutions, leading the digital transformation for customers like Boeing, Cirque du Soleil, Cleveland Cavaliers, Cylance, Lowe’s, Jabil, Paccar, PGA Tour, Real Madrid, and Stryker.

Today, we are excited to announce that due to growing demand from partners and customers, we have created the Mixed Reality Partner Program, which expands the agency readiness program to welcome systems integrators (SIs) and digital agencies around the world. All existing HoloLens Agency Readiness Partners will be grandfathered into the Mixed Reality Partner Program.

We’ve learned that successful mixed reality solutions are built on great experiences — and those experiences require both a creative design component and a strong competency in application and infrastructure integration and deployment. SIs around the world already know how to build, support, integrate, and extend Microsoft technologies to meet their customers’ business and IT goals. As members of the Mixed Reality Partner Program, these SIs, and digital/creative agencies will play a critical role in building 3D and mixed reality experiences for enterprise commercial customers.

So how can you get involved? Eligible partners will begin a multi-week readiness program that consists of both in-depth technical training on mixed reality solutions and sales and marketing readiness. Upon completion of the program and a successful customer POC, partners can qualify to receive a wide range of benefits, such as direct access to Microsoft engineering support and mentorship, as well as marketing and sales assistance. Qualified partners that are accepted into the program will participate in joint business planning with the Mixed Reality extended team, which includes engineers, product managers, field sales and marketing leads

Partners who already have deep expertise in designing and deploying mixed reality solutions will have the option to take a fast track and immediately work with the Microsoft team on plans to engage customer accounts.

We’re excited for new partners around the globe to join us on this mixed reality journey, and we’re excited to see the mixed reality solutions that our partners create!

Partners can learn about and apply to join the Mixed Reality Partner Program, and if you’re attending Microsoft Inspire this week, I encourage you to join me for a breakout session on July 12 to learn more about the program.

-Jeff