Tag Archives: Customers

Intune APIs in Microsoft Graph – Now generally available

With tens of thousands of enterprise mobility customers, we see a great diversity in how organizations structure their IT resources. Some choose to manage their mobility solutions internally while others choose to work with a managed service provider to manage on their behalf. Regardless of the structure, our goal is to enable IT to easily design processes and workflows that increase user satisfaction and drive security and IT effectiveness.

In 2017, we unified Intune, Azure Active Directory, and Azure Information Protection admin experiences in the Azure portal (portal.azure.com) while also enabling the public preview of Intune APIs in Microsoft Graph. Today, we are taking another important step forward in our ability to offer customers more choice and capability by making Intune APIs in Microsoft Graph generally available. This opens a new set of possibilities for our customers and partners to automate and integrate their workloads to reduce deployment times and improve the overall efficiency of device management.

Intune APIs in Microsoft Graph enable IT professionals, partners, and developers to programmatically access data and controls that are available through the Azure portal. One of our partners, Crayon (based in Norway), is using Intune APIs to automate tasks with unattended authentication:

Jan Egil Ring, Lead Architect at Crayon: “The Intune API in Microsoft Graph enable users to access the same information that is available through the Azure Portal – for both reporting and operational purposes. It is an invaluable asset in our toolbelt for automating business processes such as user on- and offboarding in our customer`s tenants. Intune APIs, combined with Azure Automation, help us keep inventory tidy, giving operations updated and relevant information.”

Intune APIs now join a growing family of other Microsoft cloud services that are accessible through Microsoft Graph, including Office 365 and Azure AD. This means that you can use Microsoft Graph to connect to data that drives productivity – mail, calendar, contacts, documents, directory, devices, and more. It serves as a single interface where Microsoft cloud services can be reached through a set of REST APIs.

The scenarios that Microsoft Graph enables are expansive. To give you a better idea of what is possible with Intune APIs in Microsoft Graph, let’s look at some of the core use cases that we have already seen being utilized by our partners and customers.


Microsoft Graph allows you to connect different Microsoft cloud services and automate workflows and processes between them. It is accessible through several platforms and tools, including REST- based API endpoints and most popular programming and automation platforms (.NET, JS, iOS, Android, PowerShell). Resources (user, group, device, application, file, etc) and policies can be queried through this API, and formerly difficult or complex questions can be addressed via straightforward queries.

For example, one of our partners, PowerON Platforms (based in the UK), is using Intune APIs in Microsoft Graph to deliver their solutions to their customers faster and more consistently. PowerOn Platforms has created baseline deployment templates to increase the speed at which they are able to deploy solutions to customers. These templates are based on unique customer types and requirements and vastly accelerate the process that normally would take two to three days to complete and compresses it down to 15 seconds. Their ability to get customers up and running is now faster than ever before.

Steve Beaumont, Technical Director at PowerON Platforms: “PowerON has developed new and innovative methods to increase the speed of our Microsoft Intune delivery and achieve consistent outputs for customers. By leveraging the power of Microsoft Graph and new Intune capabilities, PowerON’s new tooling enhances the value of Intune.”


Intune APIs in Microsoft Graph can also provide detailed user, device, and application information to other IT asset management systems. You could build custom experiences which call Microsoft Graph to configure Intune controls and policies and unify workflows across multiple services.

For example, Kloud (based in Australia) leverages Microsoft Graph to integrate Intune device management and support activities into existing central management portals. This increases Kloud’s ability to centrally manage an integrated solution for their clients, making them much more effective as an integrated solution provider.

Tom Bromby, Managing Consultant at Kloud: “Microsoft Graph allows us to automate large, complex configuration tasks on the Intune platform, saving time and reducing the risk of human error. We can store our tenant configuration in source control, which greatly streamlines the change management process, and allows for easy audit and reporting of what is deployed in the environment, what devices are enrolled and what users are consuming the service”


Having the right data at your fingertips is a must for busy IT teams managing diverse mobile environments. You can access Intune APIs in Microsoft Graph with PowerBI and other analytics services to create custom dashboards and reports based on Intune, Azure AD, and Office 365 data – allowing you to monitor your environment and view the status of devices and apps across several dimensions, including device compliance, device configuration, app inventory, and deployment status. With Intune Data Warehouse, you can now access historical data for up to 90 days.

For example, Netrix, LLC (based in the US) leverages Microsoft Graph to curate automated solutions to improve end-user experiences and increase reporting accuracy for a more effective device management. These investments increase their efficiency and overall customer satisfaction.

Tom Lilly, Technical Team Lead at Netrix, LLC: “By using Intune APIs in Microsoft Graph, we’ve been able to provide greater insights and automation to our clients. We are able to surface the data they really care about and deliver it to the right people, while keeping administrative costs to a minimum. As an integrator, this also allows Netrix to provide repetitive, manageable solutions, while improving our time to delivery, helping get our customers piloted or deployed quicker.”

We are extremely excited to see how you will use these capabilities to improve your processes and workflows as well as to create custom solutions for your organization and customers. To get started, you can check out the documentation on how to use Intune and Azure Active Directory APIs in Microsoft Graph, watch our Microsoft Ignite presentation on this topic, and leverage sample PowerShell scripts.

Deployment note: Intune APIs in Microsoft Graph are being updated to their GA version today. The worldwide rollout should complete within the next few days.

Please note: Use of a Microsoft online service requires a valid license. Therefore, accessing EMS, Microsoft Intune, or Azure Active Directory Premium features via Microsoft Graph API requires paid licenses of the applicable service and compliance with Microsoft Graph API Terms of Use.

Additional resources:

Microsoft rushes Spectre patch to disable Intel’s broken update

Following Intel’s advisory for customers to stop deploying the Meltdown and Spectre patch, Microsoft has issued an out-of-band patch to disable the broken fix.

Microsoft announced the out-of-band Spectre patch on Saturday, Jan. 27, and included more information than Intel had previously given when pulling the original patch.

“Intel has reported issues with recently released microcode meant to address Spectre variant 2 (CVE 2017-5715 Branch Target Injection) — specifically Intel noted that this microcode can cause ‘higher than expected reboots and other unpredictable system behavior’ and then noted that situations like this may result in ‘data loss or corruption.’ Our own experience is that system instability can in some circumstances cause data loss or corruption,” Microsoft wrote in a support advisory. “While Intel tests, updates and deploys new microcode, we are making available an out-of-band update today, KB4078130, that specifically disables only the mitigation against CVE-2017-5715. In our testing this update has been found to prevent the behavior described.”

For comparison, Intel’s announcement on Jan. 22 gave no indication it was the Spectre patch at fault — it did not mention the Meltdown or Spectre branding, nor did it say what CVE patch was causing problems — and only said that the company had “identified the root cause” of the rebooting issues, which affected systems are running Intel Broadwell and Haswell CPUs, and that it was working on a new fix.

Intel initially announced the “reboot issues” on Jan. 11 but again, the company didn’t specify which firmware updates were causing problems and didn’t cite either the Meltdown or Spectre vulnerabilities. In addition, it wasn’t until the chip maker’s fourth quarter 2017 earnings announcement that it acknowledged “data loss or corruption” was a possible side effect from its Spectre update.

Microsoft’s new Spectre patch will disable Intel’s fix and Microsoft is also offering an option for advanced users “to manually disable and enable the mitigation against Spectre variant 2 independently via registry setting changes.”

A source at Microsoft, who wished to stay anonymous, told SearchSecurity the Spectre patch was a difficult situation because “you can’t fix it in firmware alone or software alone.”

“The chip vendor releases a firmware capability, which the OSes use in a certain way in key situations to mitigate against potential abuse [or] attack. So, to mitigate, you need a firmware update plus an OS that leverages [that update]. It’s symbiotic [and] collaborative,” the source said. “Given that you need both, it was possible that an OS update would rollout on machines that didn’t yet have a firmware update, so the mitigation needed to be able to be ‘on’ or ‘off’ depending [on the presence of Intel’s microcode update].”

It is exceedingly odd for a software company to disable a patch from a hardware vendor.
Jake Williamsfounder of consulting firm Rendition InfoSec LLC

Jake Williams, founder of consulting firm Rendition InfoSec LLC in Augusta, Ga., told SearchSecurity that Intel “isn’t helping anyone by not publishing this information, but the lack of the data won’t change how we action the vulnerabilities,” and added that it is “exceedingly odd for a software company to disable a patch from a hardware vendor.”

Microsoft claimed in its advisory that “as of January 25, there are no known reports to indicate that this Spectre variant 2 has been used to attack customers,” but Williams said it may not be possible to fully confirm that claim.

“Detecting a Meltdown or Spectre attack is exceedingly difficult. While there is some interesting research on novel methods to detect the attacks, nobody is instrumented for these detections,” Williams said. “It is true that we haven’t seen any attacks in the wild, but I’m near 100% certain that they are happening.”

Jeff Williams, co-founder and CTO at Contrast Security, said the infosec community shouldn’t assume that “any vulnerability means negligence.”

“These attacks are truly novel and tricky to fix. We wouldn’t like it if companies engineered everything like NASA — it would take decades, cost many times more, and execute slowly,” Williams told SearchSecurity. “We are all complicit. We have all reaped the benefits of an ecosystem that prioritizes speed to market over security. So instead of throwing bombs, how about we encourage collaboration and openness around the best ways to solve this new attack.”

Azure ExpressRoute updates – New partnerships, monitoring and simplification

Azure ExpressRoute allows enterprise customers to privately and directly connect to Microsoft’s cloud services, providing a more predictable networking experience than traditional internet connections. ExpressRoute is available in 42 peering locations globally and is supported by a large ecosystem of more than 100 connectivity providers. Leading customers use ExpressRoute to connect their on-premises networks to Azure, as a vital part of managing and running their mission critical applications and services.

Cisco to build Azure ExpressRoute practice

As we continue to grow the ExpressRoute experience in Azure, we’ve found our enterprise customers benefit from understanding networking issues that occur in their internal networks with hybrid architectures. These issues can impact their mission-critical workloads running in the cloud.

To help address on-premises issues, which often require deep technical networking expertise, we continue to partner closely with Cisco to provide a better customer networking experience. Working together, we can solve the most challenging networking issues encountered by enterprise customers using Azure ExpressRoute.

Today, Cisco announced an extended partnership with Microsoft to build a new network practice providing Cisco Solution Support for Azure ExpressRoute.   We are fully committed to working with Cisco and other partners with deep networking experience to build and expand on their networking practices and help accelerate our customers’ journey to Azure.

Cisco Solution Support provides customers with additional centralized options for support and guidance for Azure ExpressRoute, targeting the customers on premises end of the network.

New monitoring options for ExpressRoute

To provide more visibility into ExpressRoute network traffic, Network Performance Monitor (NPM) for ExpressRoute will be generally available in six regions in mid-February, following a successful preview announced at Microsoft Ignite 2017. NPM enables customers to continuously monitor their ExpressRoute circuits and alert on several key networking metrics including availability, latency, and throughput in addition to providing graphical view of the network topology. 

NPM for ExpressRoute can easily be configured through the Azure portal to quickly start monitoring your connections.

We will continue to enhance the footprint, features and functionality of NPM of ExpressRoute to provide richer monitoring capabilities for ExpressRoute. 



Figure 1: Network Performance Monitor and Endpoint monitoring simplifies ExpressRoute monitoring

Endpoint monitoring for ExpressRoute enables customers to monitor connectivity not only to PaaS services such as Azure Storage but also SaaS services such as Office 365 over ExpressRoute. Customers can continuously measure and alert on the latency, jitter, packet loss and topology of their circuits from any site to PaaS and SaaS services. A new preview of Endpoint Monitoring for ExpressRoute will be available in mid-February.

Simplifying ExpressRoute peering

To further simplify management and configuration of ExpressRoute we have merged public and Microsoft peerings. Now available on Microsoft peering are Azure PaaS services such as Azure Storage and Azure SQL along with Microsoft SaaS services (Dynamics 365 and Office 365). Access to your Azure Virtual Networking remains on private peering.

ExpressRoute with Microsoft peering and private peering

Figure 2: ExpressRoute with Microsoft peering and private peering

ExpressRoute, using BGP, provides Microsoft prefixes to your internal network. Route filters allow you to select the specific Office 365 or Dynamics 365 services (prefixes) accessed via ExpressRoute. You can also select Azure services by region (e.g. Azure US West, Azure Europe North, Azure East Asia). Previously this capability was only available on ExpressRoute Premium. We will be enabling Microsoft peering configuration for standard ExpressRoute circuits in mid-February.

Manage rules

New ExpressRoute locations

ExpressRoute is always configured as a redundant pair of virtual connections across two physical routers. This highly available connection enables us to offer an enterprise-grade SLA. We recommend that customers connect to Microsoft in multiple ExpressRoute locations to meet their Business Continuity and Disaster Recovery (BCDR) requirements. Previously this required customers to have ExpressRoute circuits in two different cities. In select locations we will provide a second ExpressRoute site in a city that already has an ExpressRoute site. A second peering location is now available in Singapore. We will add more ExpressRoute locations within existing cities based on customer demand. We’ll announce more sites in the coming months.

An intelligent approach to building your AI practice – Microsoft Partner Network

@melimulhol , https://www.linkedin.com/in/melissa-mulholland/

While seeing how partners build out and customize any technology for their customers always intrigues me, I’m particularly fascinated by how AI will transform businesses. Many of the solutions being built with the Microsoft AI platform have not only led to business growth, but also make our lives safer, healthier, and more enjoyable.

Partners can build a roadmap that helps customers layer in sophisticated AI capabilities with minimal training. With so many entry points for developers to add value, IDC predicts 75 percent of developer teams will include cognitive and AI functionality in one or more applications in 2018.

Introducing our new AI Playbook

To assist in building an AI-focused practice, we’ve launched the AI Practice Development Playbook with guidance and resources around developing your strategy, gaining skills, and marketing and selling your service offerings. Written in conjunction with Microsoft partner Solliance and other AI experts that shared their experiences and best practices, the playbook also pulls in research from a recent MDC survey of 555 partners.

AI is a transformative technology that spans all verticals and company sizes. Our goal is to amplify human ingenuity with intelligent technology by infusing AI into everything we do, driving AI innovation that extends individuals’ and organizations’ capabilities and makes them more productive. And as you deepen the engagement and AI becomes more and more integrated into your customers’ operations, your intelligent solutions can create enormous barriers to entry for your competitors.

Achieving such differentiation can be easier and faster than you might think. Here’s an example of a partner that leveraged one of our Cognitive Services APIs to quickly build and implement its AI solution.

Filling a gap for Hollywood

InterKnowlogy, a leader in custom app development, took its expertise in computer vison and sentiment analysis in a new direction when it partnered with 1457 Investment Group to devise a better way for studios to conduct advance movie screenings. These screenings are an invaluable way to get public feedback in time to make changes before a picture is released, but the current process has two drawbacks: It’s limited to people who are local (not necessarily a good indicator of national sentiment); and it requires interviewers to ask follow-up questions of each subject.

InterKnowlogy’s solution allows studios to conduct screenings on turnkey Surface devices that can be sent anywhere. Then the magic happens: As the content plays, the application uses the Azure-based Cognitive Services Face API to determine how engaged the viewer is and what percentage of time they spend viewing the film. It also captures facial expressions such as happiness, sadness, neutral, surprise, contempt, anger, disgust, and fear. The solution makes sure the viewer is authorized to see the film, and automatically stops playing if they are not. Universal Windows Platform API’s are used to track the viewer’s face, and pause playback if more than one face is detected.

All data is cached locally and then persisted to structured storage in Azure SQL Server to be visualized, analyzed, and reported on using Power BI. The Cognitive Services Video Indexer service can quickly slice and dice films so that insights on speech sentiment, keywords, and even actor identification can be visualized and played back in “video scrubber” format.

“Solutions like this would have been impossible for us to build just a couple of years ago. With AI, new problems can be tackled and solutions can be built in weeks versus months and have fewer zeroes in the final cost.  These are exciting times for Microsoft partners like us.”

— Rodney Guzman, Co-Founder and CEO, InterKnowlogy

Expand Your Practice with AI

As I wrote recently, many of these new applications have human elements that enhance our lives. But partners also use AI technologies pragmatically to differentiate their current services, so they can re-engage customers with enhanced end-to-end systems that learn from data to deliver new insights and efficiencies.

Imagine how your current services could be enhanced with machine learning, computer vision, natural language communication with chat bots, or speech recognition. Your AI practice can be an extension of your current data and advanced analytics practice. And Microsoft’s AI platform, which includes all the tools needed to create, build, and add intelligent capabilities to your applications, can support your efforts to create AI solutions.

The playbook goes into the AI Maturity Model and shows how to launch your AI practice with pre-built APIs and transform core business processes with custom modeling and algorithms, eventually building packaged vertical solutions. It offers real partner examples of industry AI solutions in healthcare, financial services, manufacturing, retail, government, and education. And it goes into the cloud AI business models and provides guidance on designing your solutions.

AI represents a huge partner opportunity to grow existing practices and launch new services. I hope the playbook helps you envision your own use cases and sets you up for the future of intelligent solutions.

Share your thoughts with the Microsoft Partner Community.

AI Practice Development Playbook State of the Channel Opportunities for partners in 2018

ExtremeLocation latest addition to Extreme wireless portfolio

Extreme Networks is offering retail customers cloud-based tools that provide actionable intelligence from customer-activity data gathered through a store’s beacons and guest Wi-Fi.

Extreme debuted its ExtremeLocation service this week at the National Retail Federation conference in New York. The service is designed to work best with ExtremeWireless WiNG, a combined access point and Bluetooth Low Energy beacon. Extreme received the WiNG technology in the 2016 acquisition of Zebra Technologies’ wireless LAN business.

For ExtremeLocation to gather the maximum amount of customer data, shoppers would have to launch the retailer’s mobile app and log into the guest network of an Extreme-based Wi-Fi. At that point, where customers move in the store and where they linger would be recorded by the system.

ExtremeLocation tracks people within 5 to 7 meters of their actual location — a distance acceptable to many retailers. However, higher accuracy is possible by adding access points.

“The more access points you have, the more triangulation we can use and the more accurate you can get,” said Bob Nilsson, the director of vertical solutions at Extreme, based in San Jose, Calif.

Depending on the desired level of accuracy, a large department store could deploy from hundreds to thousands of access points. ExtremeLocation supports up to 100,000 access points across multiple locations.

Insight from customer activity on Extreme wireless

The collected information provides retailers with a view of where shoppers go, which products or displays they stop at and the amount of time spent in the store or at a specific location. Retailers can also track salespeople to ensure they are in high-trafficked areas.

Customers who turn on the mobile app can become targets for in-store promotions and coupons that the system sends through the beacons. Retailers can create policies for push notifications through a third-party system, such as customer relationship management or point-of-sale software. Extreme provides the APIs for integrating with those systems.

The ExtremeWireless WiNG access points send customer activity data to Extreme’s cloud-based software, which aggregates the information and displays the results on graphs, charts and other visuals, including a heat map of the store that shows where most shoppers are gathering. “It’s designed more for the store manager, the sales manager and the marketing side, rather than the IT side,” Nilsson said of the software.

Retailers are using location-based services for more than customer tracking. Cisco, for example, is demonstrating at the NRF conference the use of radio frequency identification tags to automatically notify a store employee that it’s time to restock a shelf.

Cisco is also demonstrating ad signage that’s attached to products in a store. When customers handle an item, the sign will change to a message enticing them to purchase the product.