Microsoft

The Latest

22 September 2021: Six months after GorillaStack has released capabilities to monitor and apply rules to any AWS events, it has added similar functionality to Azure. The new service enables greater governance and automation of Azure. The new Azure service focuses on identifying when bad changes - particularly those that may impact security - occur.

Why it’s Important


As previously discussed, Aussie born GorillaStack is one of the earliest vendors to address the complexities of Cloud cost management.

Since its inception, GorillaStack has evolved into a more expansive Cloud monitoring service, with a growing focus on security and compliance. In March 2021, GorillaStack announced real-time event monitoring for AWS. With this announcement, it expands the monitoring of events to Azure, and confirms IBRS analysis that Cloud cost optimisation and security compliance go hand-in-hand. In short, enforcing configurations for security follows the same processes and uses common architectures as enforcing financial governance within Cloud infrastructure. 

Who’s Impacted

  • CIO
  • CISCO
  • Cloud teams 

What’s Next?


When reviewing solutions for Cloud cost optimisation through compliance, consider the extent to which the service can also assist with tightening up security. Conversely, when looking at tools to help enforce Cloud security compliance, consider how these may also be used to manage costs.

Related IBRS Advisory

As self-service data analytics and visualisation becomes mainstream – due in no small part to Microsoft’s Power BI strategy – traditional data teams within IT groups need to reconsider traditional business intelligence architectures and plan a migration to a new environment. Underpinning the new architecture must be a sharper focus on tools and practices to support data governance, which is not a strength of Microsoft’s portfolio.

Download the 'Power BI is Driving Data Democratisation: Prepare Now' presentation kit and discover:

  • The key areas of business intelligence to inform your Power BI strategy
  • Next steps for your organisation

The Latest

27 August 2021: Security flaw hunters at Wiz were able to obtain the security keys that control access to Microsoft’s Azure Cosmos DB, and demonstrate that it was possible to access customers’ Azure Cosmos DB.  

Why it’s Important.

This flaw is especially worrying, because all Cloud vendors and many independent security advisors, including IBRS, have been advocating that Cloud security is generally of a far higher standard than that achieved by most in-house data centre teams. IBRS stands by this claim. But this does not mean Cloud vendors will not make security mistakes. And when they do, they will impact large numbers of organisations.

There is no evidence that this security flaw - likely an operational oversight - has been exploited. Once it was identified by Wiz (on the 9th August) and flagged with Microsoft (on the 12th August), the existing keys were quickly re-secured. Unfortunately, the keys in question are fundamental security assets that Microsoft cannot change. Therefore, Microsoft emailed the customers (on the 26th Aug) requesting they create new keys, just in case the previous keys had fallen into the hands of bad actors. It is estimated that 3300 customers have been impacted. 

To mitigate this issue, Microsoft advises Cosmos DB customers to regenerate their Cosmos DB primary keys immediately.

Unfortunately, just because there is no evidence the flaw had been leveraged, organisations should assume the worst. It is well publicised that state-actors hoard such flaws for intelligence gathering. In this case, paranoia may be justified.

More importantly, the situation highlights the need to take a multi-level approach to security in the Cloud. Relying on security protocols to secure an essential asset places organisations at greater risk of these hyper-scale security flaws.  

For example, in this situation, organisations that have behavioural/usage pattern analytics monitoring the database would likely have been altered should any bad actor start to access the database, and remedial action would be triggered. Furthermore, data from such monitoring could be used to determine the likelihood that the security flaw had been exploited - something few Azure Cosmos DB customers can confirm at the moment. 

Another example is using encryption services, these services should be leveraged extensively. Assume data assets will leak and repositories (including databases) will be breached, base encryption strategies on the sensitivity of the data. 

A migration to the Cloud can often improve the security stance of an organisation, but only if security is treated as a multifaceted, ‘trust nothing’ (akin to zero trust) philosophy is taken.

Who’s impacted

  • CISO and security teams
  • Cloud architects
  • Cloud migration teams

What’s Next?

  • If you are an Azure Cosmos DB client or have instances in development teams, immediately regenerate the primary keys for these databases.
  • Review your Cloud solution designs - including those of ‘lift and shift’ of legacy systems - to identify where single points of security failure could occur. Consider remediation strategies using multi-facilitated security services risks. Such effort needs to be balanced against business risk and information sensitivity. 

Related IBRS Advisory

  1. Cloud Security Considerations – Lessons from the Frontline
  2. CyberArk launches AI-powered service to remove excessive Cloud permissions
  3. New generation IT service management tools Part 2: Multi-Cloud management

The Latest

19 August 2021: Microsoft has announced pricing increases for its Office 365 and Microsoft 365 offerings, which has resulted in a great deal of media coverage.Microsoft is at pains to point out that it has not increased its prices on 365 for a decade, and during that time has added a great deal of functionality (20+ applications) to the portfolio.

The Specifics

Microsoft is still working through how the new pricing will be applied in the Australian market and an announcement is expected soon. IBRS will perform a detailed cost analysis at this time. However, Microsoft has confirmed that any changes to local pricing will mimic the North American price changes. 

Based on the US data, enterprise and business plans will see increases in March 2021. Based on US$, the dollar amounts range from US$1 to US$4 per user per month, or US$12 to US$48 per user per year, with the percentage increases running from a low of 9% to a high of 25%. Microsoft F-series licences for frontline workers and Microsoft 365 E5 are not subject to price increases. Consumer and education-specific plans (the A-series) are also unaffected by the price increases.

The new pricing structures will disproportionately impact small businesses and those with the lower levels of the Microsoft suite, while enterprises with E5 licences will be left unscathed. That in itself reveals Microsoft’s clear intent to nudge the market towards its E5 offerings. It is estimated that only 8% of Microsoft customers globally opt for E5 licensing, though IBRS has seen strong interest among Australian organisations to at least explore the more expansive capabilities found in E5.

At this time, we believe the majority of IBRS clients will see price increases in the lower range. However, given that Australia has been one of the fastest adopters of Office 365, and has for decades suffered from ‘the Australia tax’ of software vendors, the increases will still be felt deeply across the industry.

Why it’s Important.

For many IBRS clients, the immediate impact is the need to set aside extra budget for its existing 365 environment. 

Something that is not gaining attention is that the new pricing also increases the cost of Microsoft’s Unified support, since it is calculated as a percentage (10-12%) of the overall Microsoft spend. IBRS recommends that organisations set aside a budget for this increase as well.

However, the price increase is not the full story. A closer look at how the new pricing is structured, plus other less publicised changes, suggests it is geared towards making E5 licences more attractive to mid-sized organisations. 

The increases came shortly after Microsoft announced that its perpetual-licence Office would see a 10% increase and that its service for Office would drop from 7 years (it was previously 10) to just 5. Even more telling is that Microsoft has effectively engineered a one year ‘gap’ in N-2 support for Office (with the persistent licensing model), which forces organisations with older Office Pro licences to either purchase an upgrade sometime before 2023, or migrate to Office 365. 

In summary, Microsoft’s recent changes to Office licensing are a strategy that makes the price difference from E3 to E5 licensing less imposing and makes sweating perpetual Office licences far less attractive, if not unworkable. The savings from sweating Office licences over a five-year period are still there, but they are significantly lower than with seven-year cycles.

IBRS has long stated that Microsoft’s goal is not necessarily to drive up ICT budgets. A closer look at the additional capabilities found in E5 licensing reveals that most are aimed at moving Microsoft into adjacent product sets. For example, the additional security capabilities that become available with E5 licensing are clearly aimed at security incumbents, such as Symantec. Microsoft’s E5 strategy is to pull ICT budget away from competitors and into its own coffers. It is about carving out competition.

Who’s impacted

  • CIO
  • CFO & procurement
  • Digital workspace teams

What’s Next?

In the Australian market, IBRS sees few enterprises still on persistent licensing for Office. Globally, Australia has been an early adopter of E3 licensing, though until the mass push to work from home in 2020, many organisations did not take full advantage of the additional features and collaboration capabilities of the 365 platform. Furthermore, Google Workspaces is only making marginal increases in the local market, meaning Microsoft has little real local competitive forces working to temper it in the office productivity space (though this is not the case in other markets in the Asian region).

Therefore, the question for organisations is, is this strategy to push customers from existing E3 licences to E5 licences a trigger to start re-evaluate ways to leverage more value from the Microsoft ecosystem (that is, double-down on Microsoft).  

Organisations may respond to this price increase and Microsoft’s strategy to push customers from existing E3 licences to E5 licences as a trigger to:

  1. Re-evaluate ways to leverage more value from the Microsoft ecosystem (that is, double-down on Microsoft).  Just prior to this announcement, IBRS had drafted a paper on how to decide between E3 and E5 licensing. It is due for publishing in the coming month. However, if you wish an advance (draft) copy, please request it from nbowman@ibrs.com.au. It is focused on how to evaluate the additional benefits of E5 in the context of your existing software ecosystem.
  2. Set up a ‘plan b’ for enterprise collaboration. In a practical sense, this would likely be a shift to Google Workspace for part of the organisation, coupled with a percentage (generally 20-30%) of the organisation also having Office software, though not necessarily Office 365.  
  3. Set aside 12-15% extra budget for the existing E3 environment, plus a similar increase for support of the Office environment, and re-evaluate the situation in 2-3 years

IBRS also recommends considering what will happen in another 10 years, when many organisations have migrated to E5 (which is likely). What new business risks will emerge from this? Migrating from Office 365 E3 to a competitive product (e.g. Google or Zoho) is hard enough. When E5 features are fully leveraged, the lock-in is significant, but so too is the value. At the end of the day, the ultimate risk factor is trust in Microsoft not to engage in rent-seeking behaviour.

Related IBRS Advisory

  1. Pros and Cons of Going All-In With Microsoft
  2. Special report: Options for Microsoft support - Key findings from the peer roundtable: August 2020
  3. The journey to Office 365 Part 6: Mixing up Microsoft’s 365 licensing and future compliance risks
  4. DXC Technology and Microsoft collaborate on workplace experience
  5. AIP Should be Essential to Any O365 and Workforce Transformation Strategy
  6. AIS and Power BI Initiatives
  7. Microsoft Pivots to Target Verticals

The Latest

28 June 2021: After a leak of an early pre-release version of Windows, Microsoft formally announced Windows 11 and have followed up with a series of posts, most aimed at promoting the new user experience of the operating system. A quick look on YouTube will find dozens of reviews and tests of the pre-release version of Windows 11, and from early tests, it appears as if there is little performance impact for the OS. Reviews of Microsoft’s documentation suggest that there is no significant change to how Windows 11 can be deployed. The bulk of the changes appear to be related to how Microsoft’s Office 365 products are put front and centre within the desktop experience. Teams, in particular, takes centre stage. As with the release of Windows 10, Windows 11 will start by building new expectations among consumers, which will in turn drive staff to demand the new environment from their ICT groups. In this sense, the key issues for ICT look to be identical to those faced in 2015.

Why it’s Important

While Microsoft executives famously touted that Windows 10 would be the last Windows, a clear reference to enterprises’ frustrations with continued hardware/software refresh treadmill and the expense of upgrading fleets of desktops en-mass, the statement was never officially enshrined in the product lifecycle. This means that enterprises, at least for the foreseeable future, will need to plan for generational shifts in desktop upgrades, complete with the demands of change management and the potential bulk hardware refreshes.  

The common driver for most organisations looking to refresh their desktop environment (device management, security, application deployment and change management), is to ‘flatten the investment’ needed to keep users up to date. From a device asset management perspective, the goal is to move away from four-to-five year bulk buys and move to a rolling schedule of device refreshes. For software deployment, it's a move to a self-service model. And for the OS, it's a move to a gradually updated, evolving platform.  

All the above have become critical enablers of hybrid working and by extension business continuity. 

Microsoft’s Cloud-based approach to deploying devices and software with Autopilot is highly attractive as it supports the new digital workspace model. How best to migrate to Autopilot from the legacy ‘tiered’ desktop management approach is by far the most common question IBRS is asked in relation to digital workspaces.

Microsoft has noted that Windows 11 can be managed using all current tools and processes that are used to manage Windows 10. This means Windows 11 can be managed using the Cloud-based Autopilot approach and the ‘standardised desktop’ approach via SCCM (System Centre Configuration Manager). Third-party tools such as Ivanti are also expected to work without problem. Therefore, based on available information, there appears to be little additional benefit to Windows 11 over Windows 10 when it comes to deployment and management.

This is not to say that Windows 11 will not have other benefits to enterprises, but the (current) benefits appear to be more related to putting Office 365 services forward.

Who’s impacted

  • CIO
  • Desktop / end user computing teams
  • ICT asset management teams
  • CFO / ICT financial planning teams

What’s Next?

Enterprise desktop teams do not need to rush into Windows 11 planning. Device and software compatibility is expected to be high (despite some initial negative assumptions on YouTube). Instead, organisations should continue to focus their efforts on migrating from the standardised desktop management model to the ‘digital workspaces’ model which focuses on offering self-service capabilities and zero-trust security. In addition, adopting an iterative and ongoing approach to Office 365 change management is needed. Moving to the digital workspaces model will not only reap significant operational benefits over the older standardised desktop approach, but will also ensure a smoother transition to Windows 11 before the 2025 end of support deadline.

Related IBRS Advisory

  1. Digital Workspaces Master Advisory Presentation
  2. SNAPSHOT: Workforce Transformation beyond Mobility and Digital Workspaces
  3. How will you deal with Microsoft’s Pester Power strategy for Windows 10?
  4. The journey of Office 365: A guiding framework Part 3: Post-implementation

The Latest: 

26 June 2021: Zoho briefed IBRS on Zoho DataPrep, it’s new business-user focused data preparation which is being included in its existing Zoho Analytics tool, as well as being available separately as a tool to clean, transform and migrate data. DataPrep is in beta, and will be officially launched on 13th July 2021.

Why it’s Important

Traditionally, cleaning and transforming data for use in analytics platforms has involved scripting and complex ETL (extract, transform and load) processes. This was a barrier to allowing business stakeholders to take advantage of analytics. However, several analytics vendors (most notably Microsoft, Tableau, Qlik, Snowflake, Domo, etc.) have pioneered powerful, drag-and-drop low-code ETL into their products.  

Zoho, which is better known for its CRM, has an existing data analytics platform with Cloud storage, visualisation and reports, and dashboards. While the product is not as sophisticated as its top-drawer rivals, it can be considered ‘good enough’ for many business user’s needs. Most significantly, Zoho Analytics benefits from attractive licensing, including the ability to share reports and interactive dashboards both within an organisation and externally. 

However, Zoho Analytics lacked a business-user-friendly, low-code ELT environment, instead relying on SQL scripting. Zoho DataPrep fills this gap by providing a dedicated, AI-enabled platform for extracting data from a variety of sources, allowing data cleaning and transformations to be applied, with results being pushed into another database, data warehouse and Zoho Analytics. 

All existing Zoho Analytics clients will receive Zoho DataPrep with no change to licensing.

However, what is interesting here is Zoho’s decision to offer its DataPrep platform independent of its Analytics platform. This allows business stakeholders to use the platform as a tool to solve migration and data cleaning, not just analytics. 

IBRS’s initial tests of Zoho DataPrep suggest that it has some way to go before it can compete with the ready-made integration capabilities of Tableau, Power BI, Qlik, and others. In addition, it offers less complex ETL than it’s better established rivals. But, that may not be an issue for organisations where staff have limited data literacy maturity, or where analytics requirements are relatively straightforward.

Who’s impacted

  • CIO
  • Development team leads
  • Business analysts

What’s Next?

The bigger take out from Zoho’s announcement is that ETL, along with all other aspects of business intelligence and analytics, will be both low-code, business-user friendly and reside in the Cloud. ICT departments seeking to create ‘best of breed’ business intelligence architectures that demand highly specialised skills will simply be bypassed, due to their lack of agility. While there will be a role for highly skilled statisticians, data scientists, and machine learning professionals, the days of needing ICT staff that specialise in specific reporting and data warehousing products is passing. 

Related IBRS Advisory

  1. Snowflake Gets PROTECTED Status Security Tick by Aussie Auditor
  2. IBRSiQ: Power BI vs Tableau
  3. Business-First Data Analytics
  4. AWS Accelerates Cloud Analytics with Custom Hardware
  5. IBRSiQ AIS and Power BI Initiatives
  6. Trends in Data Catalogues
  7. When Does Power BI Deliver Power to the People?
  8. Staff need data literacy – Here’s how to help them get it

The Latest

29 April 2021: Microsoft briefed analysts on its expansion of Azure data centres throughout Asia. By the end of 2021, Microsoft will have multiple availability zones in every market where it has a data centre.

The expansion is driven in part by a need for additional Cloud capacity to meet greenfield growth. Each new availability zone is, in effect, an additional data centre of Cloud services capability.

However, the true focus is on providing existing Azure clients with expanded options for deploying services over multiple zones within a country.  

Microsoft expects to see strong growth in organisations re-architecting solutions that had been deployed to the Cloud through a simple ‘lift and shift’ approach to take advantage of the resilience granted by multiple zones. Of course, there is a corresponding uplift in revenue for Microsoft as more clients take up multiple availability zones.

Why it’s Important

While there is an argument that moving workloads to Cloud services, such as Azure, has the potential to improve service levels and availability, the reality is that Cloud data centres do fail. Both AWS and Microsoft Azure have seen outages in their Sydney Australia data centres. What history shows is organisations that had adopted a multiple availability zone architecture tended to have minimal, if any, operational impact when a Cloud data centre goes down.

It is clear that a multiple availability zone approach is essential for any mission critical application in the Cloud. However, such applications are often geographically bound by compliance or legislative requirements. By adding additional availability zones within countries throughout the region, Microsoft is removing a barrier for migrating critical applications to the Cloud, as well as driving more revenue from existing clients.

Who’s impacted

  • Cloud architecture teams
  • Cloud cost / procurement teams

What’s Next?

Multiple available zone architecture can be considered on the basis of future business resilience in the Cloud. It is not the same thing as ‘a hot disaster recovery site’ and should be viewed as a foundational design consideration for Cloud migrations.

Related IBRS Advisory

  1. VENDORiQ: Amazon Lowers Storage Costs… But at What Cost?
  2. Vendor Lock-in Using Cloud: Golden Handcuffs or Ball and Chain?
  3. Running IT-as-a-Service Part 49: The case for hybrid Cloud migration

Future of Work expert and IBRS advisor Dr Joseph Sweeney has made seven recommendations towards good Microsoft Team governance after surveying and speaking to 80 CIOs across Australian organisations. 

Microsoft Teams usage grew to more than 44 million global daily active users during COVID-19 and has still continued to grow. Dr Sweeney's findings discovered a number of concerning issues for organisations with Teams implementation and the risks associated with them. Businesses rushed to deploy Teams in a way that left them at risk of exposing critical data and damaging productivity.

Dr Sweeney emphasised Microsoft hasn't created an insecure environment with Teams. "Out of all the vendors Microsoft actually has a really good security Story" said Dr Sweeney. "The problem is, a lot of organisations in the rush to get people working from home turned Teams on, and they've deployed (it) without full consideration of all of these new risks."

Full story.

 

Related Articles

Microsoft teams governance: Emerging better practices

Better Practice Special Report: Microsoft Teams Governance

With the rush to deploy Teams to enable remote work in 2020, the majority of organisations have not yet fully considered the highly disruptive nature of deep collaboration. Governance has been largely overlooked in the effort to ‘just get people working’. IBRS outlines the seven critical areas of governance that must be immediately addressed for Teams to be sustainable and to mitigate the new risks (and benefits!) of deep collaboration. Find attached a PDF of the webinar to download for free. Or to view the webinar, click on the video below.

 

The Latest

CommsChoice Group has announced expanded Centre functionality for Microsoft Teams Direct Routing. The new service allows companies to implement a call centre natively within the Teams environment, leveraging Direct Routing.

Why it’s Important

Many Australian organisations - in particular public sector and local government - are in the process of re-architecting customer engagement from traditional ‘centralised call centre’ models to multichannel and then to omnichannel. The introduction of collaborative telephony solutions with rich API support, such as Teams, brings the possibilities of accelerating the move to true omnichannel services. Direct Routing allows contact centre agents to make and receive calls within Microsoft Teams, while also engaging in mixed mode communications, such as chat (potentially assisted by chat bots) and video meetings.

Who’s Impacted

  • Call centre managers and architects
  • Sales managers
  • Telephony teams
  • Office365 teams

What’s Next?

While CommsChoice is not the only vendor offering call centre integration with Teams, its announcement shows the likely future of calls centre architecture: a blend of collaborative tools and telephony, linked to internal and external-facing service channels. However, IBRS cautions organisations against rushing to adopt omnichannel call centre architectures. We have noted that the most successful organisations take a measured, phased approach, moving first to a multichannel operating model and only then to omnichannel. Many organisations have departmental processes that struggle to support true omnichannel. Staging through a multichannel model first allows organisations to identify and address the internal departmental silos before making the biggest step to omnichannel.

Related IBRS Advisory

  1. Omnichannel Customer Service must be more than Multichannel done properly
  2. Improve the customer experience within a digitally transformed world
  3. Modern telephony: Considerations

Conclusion: Organisations using Microsoft Server licences should consider leveraging the full potential of recent developments in the AWS licence suite. For more than a decade, AWS Cloud services have provided different organisations reliable data servicing and fewer downtime hours. AWS suggests that it offers clients more instances and twice the performance rate on SQL servers compared to other Cloud providers. Clients will need to have a performance rating in mind to validate these services for their own use.

Over the past decade, AWS has sought to innovate its processes and features following customer feedback. For example, the AWS License Manager was developed after customer feedback as a one-stop solution that manages usage limits and enables IT licensing optimisation across a variety of software vendors and across hybrid environments. It is important for customers to compare this licence management solution with other Cloud providers to validate the additional benefits.

Conclusion: In August 2020, IBRS ran a roundtable on the issue of Microsoft Support service, and specifically options for obtaining services in the most effective manner. 

The replacement of Microsoft's traditional Premier Support programs for its Unified Support program is well underway. For many organisations, the new program is a strong fit, offering a wide range of services and unlimited reactive support inquiries for a fee that is directly proportional to their Microsoft software and platform investment.  

However, for others, the program is not an ideal or cost-effective fit. During the roundtable, 16 peers shared their stories of how they have approached Microsoft support in the new era and a set of practical recommendations was developed. 

IBRSiQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.

 IBRS iQ is a database of Client inquiries and is designed to get you talking to our Advisors about these topics in the context of your organisation in order to provide tailored advice for your needs.