Tag Archives: organization

Breaking down the Exchange Online vs. on-premises choice

We all know the cloud is there, but how does an organization determine if a move from an on-premises platform is the right one?

Many companies currently using Exchange Server cannot escape from the siren call of the cloud. Untold numbers of organizations will weigh the pros and cons of Exchange Online vs. on-premises Exchange Server. There are many reasons to move to the cloud, just as there are ones to stay put.

Whether the cloud is better requires some deeper analysis. I’ve spent most of the last eight years migrating organizations of every size to Office 365. Over that time, I’ve grown familiar with the motivations to move to the cloud, as well as the ones to maintain the status quo.

This article will dig into the Exchange Online vs. on-premises Exchange Server debate and examine the differences between the two offerings, as well as which has the advantage in certain areas.

Is Exchange Online less expensive?

In many cases, the first selling point of Exchange Online is the cost. Since Exchange Online and Exchange on premises are very different, it’s difficult to do an apples-to-apples comparison. To get started, you must look at several factors.

The first factor to weigh is how long you plan to keep your on-premises servers. If you upgrade your on-premises servers every three years, then it’s likely those costs will exceed the payments for Exchange Online. If you plan to keep your on-premises Exchange servers for 10 years, then you’ll likely pay considerably less than Exchange Online.

There are a number of costs associated with on-premises Exchange, such as hardware, electricity, data center space and repair costs. Due to all of these factors, the real answer is a lot more complicated than the de facto response from Microsoft that the cloud is always cheaper. Of course, it’s to the vendor’s benefit to get as many companies signed up for an Office 365 subscription as possible.

Is Exchange Online more reliable?

Just as there are several ways to look at the question of cost, it’s also difficult to determine reliability in the Exchange Online vs. on-premises equation.

Microsoft touts its 99.9% uptime guarantee for Office 365. Upon closer inspection, does that assurance hold up?

Open any Office 365 tenant at any time and look at the service health dashboard. Every tenant I check has items marked in red almost every day, but those customers still pay for the full subscription. I’m not saying Office 365 has a lot of downtime, but that 99.9% uptime guarantee is more gray than it is black and white.

[embedded content]

What are the perks and drawbacks
of a switch to hosted email?

As for on-premises Exchange, there is no way to evaluate the overall reliability of Exchange Server. I’ve seen organizations that almost never have problems, while others experience numerous major outages. I don’t think Office 365 is more reliable than on-premises Exchange, but my expectation is data loss is less likely with Exchange Online.

Exchange Server is a very complicated and difficult product to manage. Unless you have some very talented Exchange admins, Exchange Online is the more stable choice.

Do you get newer features with Exchange Online?

In this area, there is no doubt which platform has the advantage. Due to its nature as a cloud service, Exchange Online gets new features well before on-premises Exchange. Not only that, but there are many features that are exclusive to Exchange Online. For a company that wants all the latest and greatest features, the clear choice is Exchange Online.

Every organization has specific needs it must consider, and quite often the traditional on-premises mail system does the job.

However, there is a downside to the constant stream of new features. It can take time for both users and administrators to recover from the culture shock that sets in after the migration to Exchange Online when they realize the feature set changes constantly. There is always something new to learn. Many workers prefer to come into work without spending time to learn about new features in the email system.

What’s the final verdict?

Now that you’ve gone through the Exchange Online vs. on-premises deliberation, which is better? With the sheer number of factors to consider, there is no definitive answer.

Every organization has specific needs it must consider, and quite often the traditional on-premises mail system does the job. For example, a company that relies on public folders might see some difficulties migrating that feature to Exchange Online and decide to stay with the on-premises Exchange.

It’s no secret Microsoft wants its customers to move to the company’s cloud services, but they continue to develop on-premises versions of their software.

Microsoft plans to release Exchange 2019 later this year. When that offering arrives, take the time to evaluate all the features in that release and determine whether it’s worth moving to the cloud. For some organizations, on-premises email might continue to be a better fit.

Snag a better software service contract with these tactics

are ways to knock the price down.

If your organization purchases all its software licenses through the vendor that made the software, then the support options are somewhat limited. Software vendors might have one or two — possibly even three — support options, but there isn’t usually a way to negotiate a custom support plan when you buy direct.

This isn’t to say the business should not try to get better terms, but software vendors do not typically negotiate on the types of support. Hence, the only avenue for compromise is on price.

Understand where you have leverage

Negotiating the price of a support and software service contract is a common practice. Few enterprise software vendors list license or support prices because the cost is typically based on the number of licenses to be purchased. Support costs are usually figured into the sales quote.

When purchasing software directly from the software vendor — and the vendor does not publicly disclose pricing — then there is room to haggle. Never take the vendor’s first quote. Much like dealing with a car salesperson, it’s almost always possible to get a better price if you push for it.

The software vendor’s goal is to make money. The more it stands to get, the better your position is to work a less costly deal. Suppose you get a quote for three licenses, plus one year of service. It might be possible to talk the price down a little bit, but the vendor has no motivation to give a price break on such a small order. But, on an order for 3,000 licenses, the vendor stands to make a lot of money and will most likely make accommodations to get your business.

Some wiggle room with small orders

What can you do to negotiate the cost of a software service contract on a relatively minor order?

Try asking the vendor to throw in the service contract for free; explain that the small number of licenses means you won’t tie up their phone lines. You might also add that you will probably never use the support, but your boss insists that you have an agreement as a safety net.

You could say that the service cost pushes the software beyond your budget, and that, without a more favorable agreement, you will have no choice but to find a less expensive — possibly open source — product.

You still aren’t likely to get a free support agreement, but if the vendor understands the deal hinges on the support contract, then they will probably give a discount at the very least.

Get a break with an advance purchase

Another way to negotiate on the service contract is to purchase multiple years of support. If the company plans to use the software for an extended period of time, then it would probably pay for a support contract each year anyway. Why not pay for three to five years of support up front in exchange for a deeply discounted price?

If you purchase software from a value-added reseller rather than the software vendor, then these techniques might still be viable. You may be able to negotiate the scope of the service contract.

For example, one company I worked for had an agreement with a reseller that the company would purchase all software through the reseller — that included OS licenses, application licenses and everything else — but expected 24/7, on-site technical support for that software. This service contract was expensive, but the company lowered the price by agreeing to handle Tier I support events internally. The company’s IT staff — many who had various IT certifications — would handle whatever support incidents they could. For issues that proved more troublesome, the company would call the reseller for support.

Even with primary support handled by the organization’s IT staff, the support agreement was still expensive. The most important thing this organization did was keep careful records of all support incidents. When it was time to renegotiate the support contract at the end of the first year, the company used those reports to show it had only asked for support on a certain number of occasions. Those records gave the company leverage to get a better price than it had paid for the previous year’s support contract.

Transforming your VMware environment with Microsoft Azure

Just as each organization is unique, each organization will take a unique path to the cloud. Whether you are transferring data, migrating infrastructure, modernizing applications, or building a new app, Azure allows you to move to the cloud in a way that makes the most sense for your needs.

As part of this journey, one request I hear frequently is the desire to move existing on-premises VMware workloads to Azure. This includes migrating VMware-based applications to Azure, integrating with Azure, and deploying VMware virtualization on Azure hardware. 

A frictionless path to Azure for your VMware environment

Today we are announcing new services to help you at every step of your VMware migration to Azure.

  • Migrate applications with Azure Migrate. On November 27th, Azure Migrate, a free service, will be broadly available to all Azure customers. While most cloud vendors offer single server migration capabilities, Azure Migrate helps you through the journey of migrating an entire multi-server application across the following phases: 

Discovery and assessment. Azure Migrate can discover your on-premises VMware-based applications without requiring any changes to your VMware environment. Azure Migrate offers the unique capability to visualize group level dependencies in multi-VM applications, allowing you to logically group and prioritize the entire application for migration. Through utilization discovery of the CPU, memory, disks, and network, Azure Migrate also has built-in rightsizing to offer size and cost guidance so when you migrate, you can save money.


Uniquely visualize entire application dependencies with Azure Migrate

Migration. Once discovery has completed, with just a few easy clicks, you can migrate your on-premises applications to Azure. Azure Site Recovery (ASR) enables customers to migrate VMware-virtualized Windows Server and Linux workloads with minimal downtime. ASR offers application-centric migration, allowing you to sequence your application servers as they migrate. No other cloud provider offers this built-in multi-tier sequencing. Additionally, Azure Database Migration Service enables customers to migrate their SQL Server and Oracle databases directly into the fully managed Azure SQL Database. For customers who need large volume storage migration, we recently announced Azure Data Box, an appliance designed to simplify data movement to Azure.

Resource & Cost Optimization. Once deployed in Azure, with the free Azure Cost Management service (formerly called Cloudyn), you can easily forecast, track, and optimize your spending. Our calculations show up to 84% TCO savings for certain on-premises VMware to Azure migration scenarios. You can reference this VMware to Azure TCO guide to learn more and even run TCO calculations, yourself. As an example, Capstone Mining has gone through this journey and already saved $6M in capital and operating costs.

  • Integrate VMware workloads with Azure services. There are many Azure services that you can use together with VMware workloads without any migration or deployment, enabling you to keep your entire environment secure and well-managed across cloud and on-premises. This includes Azure Backup, Azure Site Recovery (for Disaster Recovery), update/configuration management, Azure Security Center and operational intelligence using Azure Log Analytics. You can even manage your Azure resources in the public cloud using the VMware vRealize Automation console. Somerset County Council and Russell Reynolds Associates are example customers who have integrated Azure services with their VMware VMs. 
  • Host VMware infrastructure with VMware virtualization on Azure. Most workloads can be migrated to Azure easily using the above services; however, there may be specific VMware workloads that are initially more challenging to migrate to the cloud. For these workloads, you may need the option to run the VMware stack on Azure as an intermediate step. Today, we’re excited to announce the preview of VMware virtualization on Azure, a bare-metal solution that runs the full VMware stack on Azure hardware, co-located with other Azure services. We are delivering this offering in partnership with premier VMware-certified partners. General availability is expected in the coming year. Please contact your Microsoft sales representative if you’d like to participate in this preview.  Hosting the VMware stack in public cloud doesn’t offer the same cost savings and agility of using cloud-native services, but this option provides you additional flexibility on your path to Azure.

Here are some resources to help with migration to Azure:

Beyond Migration

Many of you are looking to move to the cloud to help your business move faster. Azure provides security, reliability, and global scale to help you deliver and scale your applications. At the same time, we understand that it may not be possible to run your entire business in the cloud. You may have low-latency, regulatory, or compliance requirements that require you to run some of your applications on-premises, in a hybrid way. The reality is, running your VMware virtualization stack in the cloud does not address your hybrid requirements.  For this, you need a broad set of hybrid services and solutions that provide not just connectivity and virtualization, but true consistency across your cloud and on-premises environments.  

Azure is the only true hybrid cloud that enables consistency across application development, management, security, data, and identity. This is made possible with a rich set of offerings like Azure Stack, Azure Backup, Azure Site Recovery, Azure Security Center, SQL Server Stretch DB, Azure Active Directory, and hybrid management with patching, configuration, and monitoring of both cloud and on-premises servers. No other cloud offers this level of comprehensive hybrid capabilities.

We are committed to investing in tools, solutions and services that make Azure simple for you no matter what your needs and where you are in your cloud journey. I can’t wait to hear more about your cloud story.


Corey Sanders

How IT orgs make container management platform choices

One IT organization runs 50 data centers, while another started natively on the cloud and never looked down. Unsurprisingly, they have different expectations of container management software.

Every company and team has different goals and requirements to deploy containers. Technological differentiation is not the only — or even the biggest — factor when they select a container management platform.

Expertise on staff, tool cost, implementation decisions and the existing ecosystem and underlying infrastructure play a large role in the vendor, tools and technology that’s the right fit to scale containers.

“Some like to stick with the Docker product vertical due to lifecycle UX and a focus on simplicity and security,” said Bret Fisher, an independent DevOps and Docker consultant, trainer and speaker involved in open source communities, at the O’Reilly Velocity Conference 2017 in New York. “Some choose Kubernetes because it seems the current winner of orchestrators, and others choose Mesos and [Mesosphere] DC/OS due to flexibility and maturity.”

The management tool marketplace reflects the maturing nature of containers. “We’re just now standardizing what it means to be a container runtime and a container image,” Fisher said. The difference between container management platforms such as Kubernetes and Docker Enterprise Edition (EE) represents an ecosystem war reminiscent of the iPhone vs. Droid phone wars, he said. Orchestrators and schedulers have 75% the same features, so it often comes down to which one people know and feel comfortable on.

Dealer Tire, a Cleveland, Ohio-based automotive industry distributor, modernized from physical machines to virtual ones a few years ago, and now its web platform operations team is six months into container adoption on private servers in two data centers with VMware virtualization as the host layer. The container management tool evaluation covered Docker, Kubernetes, Mesos and Rancher.

Mesos and Kubernetes seemed complicated, and the team didn’t want to manage native Docker via the command-line interface, said Andrew Maurer, IT manager of web platform ops.

“Rancher seemed to make sense. It was low level of barrier to entry; to get it up and running was extremely simple,” he said.

Dealer Tire also wanted guidance through not just container adoption but also a shift to treat servers not as pets but as cattle, Maurer said.

Other companies’ IT teams have started to branch out from native Docker tooling.

Cox Automotive’s inventory solutions group is evaluating Kubernetes and Mesos technologies for container management as its Docker deployment grows, said Jason Riggins, the group’s director of production engineering, who discussed his company’s DevOps and cloud adoption at Delivery of Things World USA in San Diego.

The primary requirement of a container management platform — and any other tool they select — is production stability. “We know how to move stuff really fast,” Riggins said, “[but that’s not a good thing if] even bad stuff moves fast.” And his group also wants a more dynamic tool than the native Docker options, with a particular focus on the container registry. The tiebreaker for container management platform selection will be how much effort goes into maintenance and upkeep.

Container management platform choices often fall along data center vs. cloud lines. “People going with Google Cloud [Platform] tend to prefer Kubernetes. People with complex private data centers tend to consider Mesos, though that’s changing as data center venders have started to support Kubernetes and Docker EE,” Fisher said. Cox Automotive is consolidating data centers and adopting public cloud, so a container management product must work with on-premises infrastructure and public cloud deployments.

Part of Cox’s evaluation of Kubernetes and Mesos is to examine the “scar tissue” from difficult previous container deployment attempts, Riggins said. Peers who have already implemented each technology are also valuable information sources, he said.

Container platform
Containers are just one piece of the puzzle when it comes to delivering highly available, scalable containerized applications.

When to orchestrate a change

Most companies stick with their container management platform from pilot to large-scale production, and only change course when they hit a limitation. One popular goal for container orchestration is more flexible integration between components, but the market isn’t that mature yet, Fisher said.

Social Tables, a cloud-native 100% Amazon Web Services customer, bucked the comfort zone trend when it chucked its initial choice of AWS Elastic Compute Cloud Container Service (ECS).

One popular goal for container orchestration is more flexible integration between components, but the market isn’t that mature yet.
Bret Fisherindependent DevOps and Docker consultant

“We switched from ECS to Rancher because we wanted to move away from ELB [Elastic Load Balancing] and run our own global load balancing service for better control over our traffic,” said Michael Dumont, lead systems engineer in DevOps at the Washington, D.C., firm which provides social event planning and management SaaS. The company also required persistent storage for a Cassandra cluster, an Elasticsearch cluster, Redis, and Prometheus, and with Rancher it also gets DNS-based service discovery, Docker-Compose support, and GitHub OAuth integration for authentication and authorization.

While companies are unlikely to switch container orchestrators, sometimes they don’t have a choice. In this emergent space, container orchestrators, schedulers and related tools for storage and network management change constantly. For example, Rancher Labs brought in Kubernetes for Rancher 2.0. Both Maurer and Dumont hope Rancher will keep Kubernetes under the hood to preserve the familiar interface while enriching its management capabilities.

Support matters in emerging technologies

In the rapid modernization climate for an IT organization, any new tool has to do more than provide necessary technology — it has to be supported.

Cox Automotive will select a supported version of Kubernetes or Mesos, not pure upstream open source, because it encountered difficulties getting container deployments up and running at enterprise scale, Riggins said, adding that they’re familiar with taking the unsupported open source route, but not right in this case.

During Dealer Tire’s container management platform evaluation period, Rancher’s support engineers worked through a problem. “This was before we spent a dime with them,” Maurer said. Today, his group relies on enterprise support, and he believes commercial versions of open source technologies are the best option for IT organizations that want to safely move into new areas, and avoid the time and money to get a platform running only to find out support falls flat.

“My biggest challenge with purchased software is it’s really hard to [simulate real use] when you’re limited to a two-week trial,” he said. “It’s nice to be able to deploy something, configure something significant and then decide, ‘I’ve invested quite a bit of my business into the software — I need to buy support to make sure my business continues to succeed.'”

Work with what you have

Social Tables’ cloud-native, startup pedigree is the tailor-made case for containerization, but enterprise IT pros can suit up their traditional apps with containers, too.

At Dealer Tire, Maurer’s team started with a simple app that was not customer-facing as the lowest-risk entry point to containers. The team communicates with application owners about which apps are a good fit on containers, and which are not. A 100% move to containers is not going to happen at Dealer Tire, but Maurer expects to convert all the web apps. At the same time, the company puts new software development in containers — a natural fit, in his estimation.

Dealer Tire also decided to stay on premises during its ramp up of containers. It was too much change at once, and changing responsibilities, to go to a cloud model, and some of the company’s diverse supported apps are not conducive to cloud ops, Maurer said. However, a future phase of cloud migration would be easier with these workloads encapsulated in Docker containers, he said.

“There’s a learning curve, and because the system’s new you have to set new expectations on every facet,” he said. “What directory are you using? How do you log things? … How do you communicate your errors and metrics?” Whereas before everything lived on the server, now systems are volatile and ephemeral. “It’s not just moving to containers — you’re changing everything about your environment,” he said.

MakeCode for Minecraft makes learning to code super fun

A few years ago, my group in Microsoft’s research organization began to experiment with tools that make it possible for kids to learn how to code in the context of Minecraft, the wildly popular game where players build fantastical virtual worlds out of digital blocks, create and play mini-games within the game, and learn to survive monster-filled nights.

Confused? That’s okay. Many grownups don’t understand Minecraft. Even if they think they do, they don’t. That no rules, open-world environment is all part of its appeal. Our goal is to leverage this enthusiasm to teach kids how to code while playing Minecraft. After all, game playing is the most natural way for humans to learn.

The research is an outgrowth of our TouchDevelop program, which we started in 2011 to teach people how to program and build apps using the touchscreen on their phones. These devices are much more powerful, graphic and sensor rich computers than those we learned to code on as kids. Our TouchDevelop group wanted anyone to be able to program their phones as easily as we did 8-bit computers.

Then Minecraft emerged as the game people everywhere were playing and we found ourselves wanting to code inside Minecraft, too. The rest, as they say, is history.

Students in my after-school computer science classes lucky enough to tinker with coding in Minecraft went nutso crazy, in a good way. The ability to write code and immediately see the results in Minecraft, such as avatars that can jump 100 blocks high, dig through mountains and make it rain chickens, sent my students running around the classroom from screen to screen to see what their classmates did and shouting the IP addresses of their servers across the room.

Today, our Microsoft Research and Microsoft MakeCode teams are excited to make this learning experience widely available through Microsoft MakeCode for Minecraft on Windows 10.

The MakeCode for Minecraft editor has the pixelated look and feel of Minecraft. MakeCode allows coding with visual blocks, based on a drag and drop interface for beginners, as well as in text with a JavaScript interface for the more experienced learners.

Coding with blocks or text, MakeCode teaches the 101 of programming languages, including variables, control flow, if statements, loops and functions. More advanced users smoothly ramp up to more complex concepts such as recursion, fractals and object oriented or distributed programming.

The Microsoft MakeCode team also works on other editors that allow the programming of physical things such as micro-controllers including the micro:bit and Adafruit Circuit Playground Express. In all these scenarios, the coding is directly linked to building something real, which is the primary reason most computer programmers learn to code in the first place.

Instead of thinking they are coding, students are playing a game, they are building their next superpower. Minecraft is a game. MakeCode for Minecraft fits the coding experience into the game itself. Check it out.


Microsoft SharePoint recognized as a Leader in Gartner Magic Quadrant for Content Services Platforms

Content is one of the most critical assets for every organization, embodying its knowledge and processes. How content is created, managed, and shared—and how users collaborate using that content—has gone through a drastic evolution from traditional enterprise content management (ECM) to dynamic content services.

According to Gartner, “Content services platforms are the next stage of enterprise content management, representing a shift from self-contained systems and repositories to open services.” To truly deliver on the promise of content services, you must balance manageability with ease of use to unlock productivity gains around your critical business information.

SharePoint delivers content services as the foundational content platform for Office 365, with capabilities for creating, sharing, protecting, and reusing information. Going far beyond merely storing documents, SharePoint hosts digital content like pages, videos, images, designs, 3D, medical scans, and markup as well as traditional documents. SharePoint embodies ease of use with ease of management—on any device, for any user, at any location.

These innovations, along with customers’ transition to the cloud and the growing imperative for secure content collaboration and sharing, are driving growth across Microsoft 365, SharePoint, and OneDrive. More than 300,000 organizations now have SharePoint and OneDrive in Office 365, including 85 percent of the Fortune 500. Active users grew over 90 percent, and data stored in SharePoint Online grew over 250 percent in the last year alone.

Gartner has recognized Microsoft as a Leader in the Content Services Platform Magic Quadrant for 2017. In addition to being positioned as one of only three Leaders, Microsoft is placed highest for Ability to Execute.

Image of the Gartner Magic Quadrant shows Microsoft as a Leader in Content Services for 2017.

We feel this placement is a further indication of our commitment to our customers, recognizing that Microsoft provides leading content services capabilities, including:

  • Simplicity—SharePoint is quick and fast to set up, with a simple and clean user interface paired with easy but powerful management.
  • Content services across Office 365—SharePoint has also become the content services layer that powers content collaboration across Office 365. So, now whether you are co-authoring in Office apps, emailing cloud attachments in Outlook, or collaborating with your team in the new chat-based workspace, Microsoft Teams—SharePoint provides a consistent set of experiences across the applications, along with the security and control that’s important to IT.
  • Support for a broad range of file types—In addition to Office files, SharePoint can store any file and now supports viewing of over 270 file types, including Adobe Photoshop (PSD), Illustrator (AI), Acrobat (PDF), as well as video, 3D formats, and DICOM images.
  • Personalized search and intelligence—Search is smarter, faster, and easier for you to find and filter results that include all SharePoint content, including files, sites, people, and now news and list items. SharePoint even indexes objects, text, and handwriting inside other images.
  • Scalability—SharePoint supports customers ranging in size from small businesses to organizations with hundreds of thousands of users and has a maximum tenant capacity of 30 trillion documents.
  • Security and IT confidence—SharePoint leverages Microsoft security capabilities such as Advanced Data Governance for Retention and Records Management, Data Loss Prevention (DLP), eDiscovery, and Customer Key with consistent controls across Office 365.
  • Deployment flexibility—Customers can choose their deployment model—cloud, hybrid, or on-premises—and leverage no-cost Microsoft FastTrack deployment, adoption, and migration services.
  • Cloud leadership and compliance—With 100+ global datacenters and Microsoft’s global network edge—combined with compliance standards, including ISO 27001, FISMA, and EU Model Clauses—we offer customers trusted enterprise-grade compliance and security.

At Microsoft Ignite last month, we announced an exciting new set of SharePoint innovations that build on this foundation. To learn more about how SharePoint can help you and your organization, visit our website and download our content services white paper. Finally, download your own complimentary copy of the Gartner Content Services Platforms Magic Quadrant.

—Chris McNulty, senior product marketing manager for the SharePoint team

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Stepping up protection with intelligent security

With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.

To address these needs, Microsoft continues to take a multi-faceted approach to providing built-in security capabilities. These span areas across:

  • Protecting at the front door
  • Protecting data anywhere
  • Achieving data security compliance objectives
  • Detecting and recovering from attacks
  • Managing the security tool set

The Microsoft security tools continuously improve with insight from the Microsoft Intelligent Security Graph, which serves as the connective tissue across Microsoft security solutions. Today at Ignite, we are announcing new integrations, expanded capabilities, and partnerships toward addressing the complex areas of cybersecurity for all organizations.

Protect at the front door

The vast majority of security breaches continue to trace back to weak or stolen passwords. Because it’s proving to work, attackers are increasing their focus on stealing passwords to access corporate systems. The latest Microsoft Security Intelligence Report shows a 300 percent increase in user account attacks. To address this growing issue, it is essential to focus on securing identities and access. Our cloud-based approach is through broadly implemented conditional access.

Conditional access enables you to control who has access to your organization’s resources based on a combination of risk factors, such as user account activity, physical location, and the trustworthiness of the device. Azure Active Directory analyzes these factors and applies continuous cybersecurity threat intelligence, powered by Microsoft’s Intelligent Security Graph. This insight provides real-time risk assessment, and triggers the appropriate authentication requirements needed for accessing apps and data. Today, we are expanding conditional access capabilities by integrating with Microsoft Cloud App Security, Azure Information Protection, and our partners in the ecosystem:

  • Microsoft Cloud App Security performs real-time monitoring and helps IT gain control over cloud apps and how employees use these apps. Now with Cloud App Security, users’ actions taken in cloud applications can be managed and controlled based on conditional access policies and proxy-enforced session restrictions. For example, you can allow users to access cloud apps from an unfamiliar location or unmanaged device, but prevent them from downloading documents.
  • To further enhance security at the file level, we’re introducing conditional access for sensitive files. With the integration of Azure Information Protection and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.
  • Not only are we providing better integration within our own solutions to deliver holistic and identity-driven security, we also are working with our partners to extend conditional access in the ecosystem. In addition to Azure multi-factor authentication (MFA), you can now use RSA, Duo or Trusona for two-step authentication as part of your conditional access policy.

Protect your data anywhere

Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss – it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.

Microsoft’s Information Protection solutions help you detect, classify, protect and monitor your data – regardless of where it is stored or shared. Today, we’re announcing several new investments in the integration across our information protection solutions – helping provide more comprehensive protection across the data lifecycle.

A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data – everywhere. Microsoft Cloud App Security natively integrates with Azure Information Protection to classify and label files that reside in cloud applications.

Finally, we are announcing the general availability of improvements to Office 365 message encryption, which makes it easier to share protected emails with anybody – inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail and Outlook.com.

Achieve your data security compliance objectives

Regulated organizations have additional needs to demonstrate compliance, and we’re investing in tools to help achieve those goals.

Customer Key can help regulated customers meet their security compliance obligations by providing added control and management of encryption keys. To learn more, check out this video example of how Customer Key works in SharePoint Online.

Beyond just security compliance, achieving organizational compliance is a complex challenge. It’s hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability. We’re pleased to introduce the upcoming preview of Compliance Manager, which enables you to manage your compliance posture from one place and stay up-to-date on evolving data protection regulations. Compliance Manager enables real-time risk assessment with one intelligent score reflecting your compliance posture against data protection regulations when using Microsoft cloud services. It also provides recommended actions and step-by-step guidance to help you improve your compliance posture.

Detect and recover from attacks

On average breaches exist for over 90 days in a customer’s environment before they are detected. In response, many organizations are moving to an assume breach posture. We continue to invest in tools that help detect attacks sooner and then remediate. But, we know it’s also important to continue investing in pre-breach attack prevention tools.

Today, we are announcing several new capabilities to further improve our anti-phishing capabilities in Office 365 Advanced Threat Protection, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Office 365 Threat Intelligence, we have introduced threat insights and tracking to help with detection and remediation. In Windows, we are adding Windows Defender Application Control, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on the endpoint.

On the post-breach detection side, we are announcing the limited preview of a brand-new service – Azure Advanced Threat Protection for users – that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Powered by the graph, our Advanced Threat Protection products have a unified view of security event data so your security operations analysts can investigate an incident from endpoint to end-user to e-mail. Finally, as previously announced earlier in the month, Windows Defender Advanced Threat Protection is integrating Hexadite’s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.

Security management

Protecting resources across distributed infrastructure against evolving cyberthreats demands a new approach to security management – a solution that provides comprehensive visibility, consistent controls and actionable intelligence and guidance.

We are announcing today that Azure Security Center, which helps customers protect workloads running in Azure against cybersecurity threats, can now also be used to secure workloads running on-premises and in other private and public clouds. Azure Security Center reduces management complexity by delivering visibility and control over workloads across clouds, enables adaptive threat prevention to reduce your exposure to threats, and provides intelligent detection to help you keep pace with rapidly evolving cyberattacks.

Azure Security Center also has new capabilities to enable central management of security policies, better detect and defend against advanced threats, and streamline investigation of threats for your hybrid workloads. Read the Azure blog to learn more about these and other new features.

Getting started

We have made it easier than ever to get end-to-end security solutions up and running. FastTrack for Microsoft 365 now provides deployment services for key security scenarios, giving you the resources, tools, and support you need from Microsoft engineers.

FastTrack for Microsoft 365 can work with you directly, work with your existing partner, or help you get matched with a trusted Microsoft partner to deploy comprehensive security solutions. And the best part is this isn’t a one-time benefit. It is a repeatable resource that you can use to ensure you have the help and resources you need.

You can go to fasttrack.microsoft.com and get help to deploy Microsoft products to address some of the most common security scenarios including:

  • Working securely from anywhere, anytime on almost any device enabling a flexible workstyle
  • Protect your data on files, apps and devices within and across orgs
  • Detect and protect against external threats
  • Protect your users and their accounts
  • Securely collaborate on documents in real time
About the Author
Julia White

Julia White

Corporate Vice President, Microsoft Azure & Security

Azure Monitor now available in Azure Government

Getting ahead of issues before they impact end users is a key goal of any IT organization. One important tool in this process is the use of monitoring and analytics services, which help ensure that you get up-to-date information on the overall health of your cloud environment. We are happy to announce that we have expanded the portfolio of management services with the general availability of Azure Monitor in Azure Government.

With Azure Monitor, you can now consume monitoring metrics and logs within the portal and via APIs in near real-time and gain more visibility into the state and performance of your resources. Azure Monitor provides you the ability to configure alert rules to get notified or to take automated actions on issues impacting your resources. Azure Monitor enables analytics, troubleshooting, and a unified dashboarding experience within the portal, in addition to enabling a wide range of product integrations via APIs and data export options. All of this has now been enabled for Azure Government.


With this release, we are also providing new alerting and notification options including custom email and webhooks. This allows you to enable notification on specific Azure services and receive service health notifications. 

Azure Monitor is not just useful for the administration of your Azure resources. The centralized logging and alerting helps achieve compliance with many NIST SP 800-53 security controls that support CJIS, FedRAMP, and the DoD compliance requirements. The data from Azure Monitor can be queried, archived, or analyzed to provide an audit trail and meet key monitoring controls.

Learn more about Azure Monitor by visiting the documentation page. For a detailed list of Azure Monitor features available in the different Azure Government datacenter regions, visit the Azure Government Monitoring + Management page.

Disability Inclusion at Microsoft: A Personal Journey – Amos Miller

“Working in an organization like Microsoft, it’s like working in a toy store,” said Amos Miller, a product strategist with Microsoft’s Artificial Intelligence and Research team. “You basically have everything around you to help you with what you want to do.”

When Amos considered joining Microsoft a decade ago, he was looking for a role to combine his passion for technology with his newly acquired skills in business. As a person who is blind, he understands first-hand how important technology is for people with disabilities.

To learn more about the projects Amos has worked on, check out this story that includes an audio experience and enjoy the below video.

[embedded content]

Audio descriptive version available here. 

In celebration of the US Business Leadership Network (USBLN) conference focused on inclusive hiring, we are spotlighting the great contributions that Microsoft’s employees with disabilities make to the company. You can learn more about our approach to accessibility on our website. If you are interested in employment opportunities at the company, here is more information on Inclusive Hiring at Microsoft.

Tricks to create Office 365 Groups from distribution groups

When an organization moves from an on-premises platform, such as Exchange, SharePoint and Skype for Business, to…


* remove unnecessary class from ul
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

* Replace “errorMessageInput” class with “sign-up-error-msg” class
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {

* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
return validateReturn;

* DoC pop-up window js – included in moScripts.js which is not included in responsive page
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);

Office 365, it’s important to analyze existing distribution groups to determine how to migrate to the cloud.

Office 365 Groups is a collaborative service that takes the place of traditional distributions groups. However, administrators must understand how the services differ and use caution when they create Office 365 Groups from the existing distribution groups.

Here are five points an organization should review as it considers what’s involved to convert distribution groups into Office 365 Groups.

Study up on Office 365 Groups

When admins create Office 365 Groups, they install a collaboration service that extends across Office 365 services. In addition to email collaboration, Office 365 Groups provides access to shared resources, such as a mailbox, calendar, document library, team site and planner. Office 365 Groups also forms the foundation for other Office 365 services, such as Microsoft Teams.

When new members join Office 365 Groups, they immediately gain access to the conversation history in a dedicated shared mailbox. In a traditional distribution group, new members cannot access previous conversations and only receive messages from the time they join the group.

Analyze groups and determine migration options

An organization with an existing distribution group structure can convert them to Office 365 Groups and maintain some — or all — of that arrangement. Admins can extend the functionality further with the additional Office 365 Groups features. Evaluate existing distribution groups to determine if they are in use; this is a good time to eliminate any unwanted or unused groups.

Admins can convert a single distribution group when they create Office 365 Groups with a single click in the Office 365 Exchange Administration Center. Microsoft provides conversion scripts to convert multiple distribution groups to Office 365 Groups. Administrators should evaluate the scripts in a nonproduction environment before they create Office 365 Groups.

Understand the migration eligibility status

Microsoft conversion scripts will not work in all instances. Administrators cannot convert distribution groups to Office 365 Groups if any of the following factors exist:

  • They are mastered on premises, such as when synchronized from an on-premises Exchange environment into Office 365 via the Azure Active Directory Connect tool.
  • They have Send on Behalf Of permissions set.
  • They are configured as a moderated group.
  • The distribution group is hidden from the address list.
  • They have nested groups or are nested within other groups.

Microsoft’s conversion scripts include the Get-DlEligibilityList.ps1 script, which determines a group’s migration eligibility status. The script checks all distribution groups in an Office 365 tenant and outputs the eligibility results into a file. The output file will indicate if a distribution group cannot be converted if, for example, it is a closed group. The output file will provide some conversion assistance and show when the administrator can convert a distribution group to an Office 365 Group with an override switch in the conversion script.

Another script, named Convert-DistributionGroupToUnifiedGroup.ps1, uses the output file to perform the conversion.

Hybrid migration obstacles

Microsoft conversion scripts have limits; they cannot convert distribution groups that are mastered on premises in a hybrid configuration to Office 365 Groups.

An organization with an existing distribution group structure can convert them to Office 365 Groups and maintain some — or all — of that arrangement.

Microsoft developed a distribution list migration script, named Hummingbird, to help in this scenario. Hummingbird backs up the on-premises distribution group’s configuration and creates a new Office 365 Group from membership details in the original distribution group.

However, because the original distribution group syncs with Office 365, the tool must avoid duplicate configuration settings, such as email addresses. Consequently, some of the new Office 365 Group’s configuration settings will differ from the original distribution group. Administrators must perform other changes — remove the original distribution list and update the Office 365 Group to use the original email address — manually.

While administrators can build their own scripts to tackle this issue, they should test in a nonproduction environment to ensure success.

Assess governance and user self-service

As part of a move to Office 365, organizations must have a clear process to create Office 365 Groups. By default, users can also create Office 365 Groups through different clients or applications, such as Outlook, Outlook on the Web, SharePoint team sites and Planner. Admins can restrict this through a mixture of Outlook Web Access mailbox policies and Azure Active Directory configuration settings. Carefully evaluate whether to control group creation or deploy a user self-service model.

Admins can configure Office 365 Groups for a consistent naming standard. This is important, particularly in hybrid scenarios where groups created in Office 365 are written back to the on-premises environment. Review the naming policies for current distribution groups and new Office 365 Groups accordingly.

Next Steps

Evaluate Office 365 external access limitations

Use ADFS policies to control access to Office 365

Benefits of a hybrid setup with Office 365

Powered by WPeMatico