Microsoft Intune Premium Suite


Photo by fauxels on Pexels.com

Microsoft, somewhat confusingly, “introduced” Intune at Ignite 2022…despite it having existed for what – at least a decade at this point?! It’s more of a Jay-Z style “allow me to re-introduce myself” as it seems Microsoft have decided to make Intune the primary brand for endpoint management going forwards…say goodbye to Microsoft Endpoint Management (MEM) as part of this.

The new suite will include:

  • Remote Help for Windows & Android
  • Microsoft Tunnel for Mobile App Management
  • Endpoint Privilege Management
  • Advanced endpoint analytics

as well as more features to be announced in 2023.

The add-on license will be available for Microsoft 365 E3/E5 and any licenses that include Intune and will, not surprisingly, be cheaper than buying all the individual components separately. This is another example of where organisations licensed with M365 E5 must still acquire additional licenses – something I know many are not happy with.

Further Reading

See more details on the features here.

Microsoft Teams Premium


Photo by Christina Morillo on Pexels.com

Announced at Ignite 2022, Microsoft have introduced a Teams Premium add-on SKU – giving more benefits to organisations as hybrid working becomes more common and continues to evolve. Given the huge success of Teams, and how integral it has become to so many organisations, it makes sense that Microsoft will look to monetize this with a focus on hybrid features. These new options include:

Meeting Guides

This gives a set of pre-built options for different types of meetings i.e. client calls, brainstorming, help desk calls etc. that will set the length and best practices.

Customised branding

Again, the option to have customised meeting lobbies appears as well as custom backgrounds and together modes.

Intelligent Recap

This sounds like it could genuinely be a game changer.

It will use AI to pick out action items and assign owners during meetings and then create recordings which show key events such as where your name was mentioned or when a screen was shared – making it easier, and faster, to cover what you missed. It will also highlight speakers based on who you work most closely with, so you can skip through the transcripts to find relevant sections more easily.

Live translated captions

This is very cool for international companies and partnerships. An organiser having Teams Premium will mean all attendees get live captions in one of 40 languages.

Advanced Meeting Protections

New options around the security of meetings and recordings include watermarking and, for E5 customers, the ability to use Purview Information Protection sensitivity labels.

Appointment management

Teams Premium will offer advanced Virtual Appointments with better end to end management, text reminders, appointment access without the Teams app, a dashboard to see appointment overviews, and analytics. See more here.

Advanced webinar features

There are also some new features that help enhance the Teams webinar offering – something I’m particularly interested in. These include:

  • Registration waitlist
  • Automated branded reminder emails
  • Virtual green room – this gives a space for speakers to chat, monitor Q&A, check content etc. separate to attendees
See more here

Teams Premium also gives control over which speakers, videos etc. attendees can see – which can be very useful when you have multiple presenters at once.

Pricing is currently expected to be $10 per user per month. The Preview will begin in December 2022 and General Availability with be February 2023, although intelligent recap features will be “first half of 2023”.

Further Reading

Microsoft announcement

Teams Premium site

Teams Premium info for Admins

Azure Hybrid Benefit for Azure Kubernetes Service (AKS)


Photo by Chanaka on Pexels.com

As well as the Azure Stack HCI news, Microsoft have also added Azure Hybrid Benefit (AHB) for AKS (Azure Kubernetes Service).

How it works

This benefit is available for Windows Server Standard and Datacenter (both with SA) and also CSP server subscriptions. Hosts must be Windows Server 2019 (and later) or Azure Stack HCI

Each Windows Server core license w/SA allows use of 1 virtual core of AKS. The AKS AHB is additive, meaning the licenses can be used to cover on-prem/Azure workloads AND to use AKS. You can see more info here.

Azure Hybrid Benefit for Azure Stack HCI


Photo by Alexander Grey on Pexels.com

Ignite 2022 saw Microsoft expand the Azure Hybrid Benefit (AHB) to grant access to Azure Stack HCI.

What is it?

It is only available for Enterprise Agreement customers and only applies to Windows Server Datacenter licenses w/SA; licenses must be allocated for all physical cores in the Azure Stack HCI cluster. Licensing in this way allows you to use unlimited Windows Server base instances across the cluster. Furthermore, as per the Product Terms, the “dual-use” rights do not apply so licenses can be used as Windows Server licenses OR as Azure Stack HCI licenses.

It is activated in the Azure portal:

I question the phrasing in the Microsoft announcement here as it says that customers “exchange” their Windows Server licenses to get Azure Stack HCI. This suggests that they are somehow transformed from one type into another but that doesn’t appear to be the case – as this is via AHB, it is simply an additional right that doesn’t change the underlying licenses. As with allocating Windows Server licenses to “regular” Azure, it seems one can re-assign from Azure Stack HCI licenses back to Windows Server Datacenter licenses following the 90-day rule.

Given the increasing level of focus on CSP and the MCA, it’s interesting to see that it is restricted to Enterprise Agreement customers only. It not being made available for Open Value and MPSA customers is, rightly or wrongly, business as usual these days but CSP has been getting a lot of shiny things lately.

Microsoft Azure Savings Plans


Photo by maitree rimthong on Pexels.com

This new way of paying for Microsoft Azure was announced at Microsoft Ignite 2022 and seems to bear more than a passing resemblance to Amazon AWS Savings Plans. The similarities are probably a bonus for customers, meaning you don’t have to learn 2 totally different IaaS cloud payment options.

What is it?

Azure Savings Plans is, to some degree, the next step beyond Reserved Instances (RI). This new offering comes with a spend commitment on an hourly basis (over 1 or 3 years) and gives discounts over the PAYG pricing on resources where you have consistent usage. Eligible compute services include:

  • Virtual Machines
  • Dedicated Hosts
  • Containers
  • Azure premium functions
  • Azure app services

How it works

Savings Plans discounts are applied automatically (starting where the largest discount exists) to any eligible services on spend up to the hourly commitment i.e. £7 per hour. Any spend over that amount is then charged at PAYG pricing so, just as with Reserved Instances, accurate understanding of current and future usage is a must.

They only apply to infrastructure costs but can be combined with Azure Hybrid Benefits for Windows Server & SQL Server etc.

How to buy

Savings Plans are available for Enterprise Agreements, Microsoft Customer Agreements (MCA), and Microsoft Partner Agreements.

Enterprise Agreements

  • EA admins with write permissions can directly purchase savings plans from Cost Management + Billing > Savings plan. No specific permission for a subscription is needed.
  • Subscription owners for one of the subscriptions in the EA enrollment can purchase savings plans from Home > Savings plan.
  • Enterprise Agreement (EA) customers can limit purchases to EA admins only by disabling the Add Savings Plan option in the Azure portal. Navigate to the Policies menu to change settings.
  • Notifications are sent to EA administrators and EA notification contacts.
  • Users added to a savings plan using Azure RBAC (IAM) permission don’t receive any email notifications.

Microsoft Customer Agreements

  • Customers with billing profile contributor permissions and above can purchase savings plans from Cost Management + Billing > Savings plan experience. No specific permissions on a subscription needed.
  • Subscription owners for one of the subscriptions in the billing profile can purchase savings plans from Home > Savings plan.
  • To disallow savings plan purchases on a billing profile, billing profile contributors can navigate to the Policies menu under the billing profile and adjust Azure Savings Plan option.

Microsoft Partner Agreements

Partners can use Home > Savings plan in the Azure portal to purchase savings plans for their customers.

Savings Plans can be paid for upfront or on a monthly basis, and you don’t pay any more for choosing to spread payments. That said, monthly prices may vary on MCA due to impact of exchange rates.

If you currently have Azure Reserved Instances but would like to move to Savings Plans, you’re in luck – you can trade in Reservations for Savings Plans. The hourly commitment of the new savings plan must be greater than the leftover payments that are cancelled for the returned reservations. That said, not all reservations can be traded – those not eligible are:

  • Azure Databricks reserved capacity
  • Synapse Analytics Pre-purchase plan
  • Azure VMware solution by CloudSimple
  • Azure Red Hat Open Shift
  • Red Hat plans
  • SUSE Linux plans

Beware – Savings Plans cannot be cancelled, exchanged, or refunded. Automatic renewal of Savings Plans isn’t on by default but can be activated if you so wish.

Setting the scope

You can set the scope of Savings Plans to restrict where the savings can be applied. Your options are:

  • Shared
  • Single subscription
  • Management group
  • Single resource group

Reporting

Microsoft have provided information to help with reporting and cost analysis including how to identify wasted spend and how to access the CSV files here.

To get this, and more, in your inbox each month – sign up to my newsletter here!

Further Reading

Microsoft announcement

Azure Savings Plans document hub

Manage Savings Plans

Microsoft Product Terms: October 2022


Photo by Markus Winkler on Pexels.com

Most of the focus is on the changes that Microsoft have made to cloud and virtualisation licensing for Windows Server, Windows 11, Office and more – you can check out my analysis of that here – but there are other changes this month too.

Three new products are added:

Viva Sales

I cover this in more depth here but it is now in the Product Terms and there’s a clause that organisations must use a Viva Sales connector to link it to their CRM…so no 3rd-party or in-house connectors.

SharePoint Advanced Management Plan 1

I’ve not seen any info about this and am still looking for details – let me know if you have any info!

Workload Identities

Again, no info about these yet. Looking at Microsoft Learn/Docs, workload identities are “applications, service principals, and managed identities” but I’m not sure how this relates to the new SKU.

There was also:

The removal of Intune for EDU (device) from MCA

Windows 11 Home to Pro availability expanded to Central and South America

Microsoft cloud and virtualisation licensing changes


Photo by Alexas Fotos on Pexels.com

Microsoft first announced these changes in May 2022 and, after an update in September, we’ve now got the majority of the info in the October 2022 Product Terms document. Let’s take a look at what’s changed and what it means for us all.

First things first, the Listed Providers:

  • Microsoft Azure
  • Amazon AWS
  • Google Cloud Platform
  • Alibaba Cloud

are not included in any of these changes.

Outsourcing Software Management clause

This is in the “Universal license terms for all Software” which means it applies to all products under this category. There are 3 new elements within this clause:

Flexible Virtualisation Benefit

The Microsoft wording:

Customers with subscription licenses or Licenses with active Software Assurance (including CALs) may use licensed copies of the software on devices, including shared Servers, that are under the day-to-day management and control of Authorized Outsourcers.”

This is similar to the existing “License Mobility through Software Assurance” benefit but doesn’t have the requirement to use an “Authorized Mobility Partner” -rather, you can use any “Authorized Outsourcer” partner…which is any partner that isn’t a Listed Provider.

While much of the focus here is on Windows Server, this new benefit applies to other products such as SQL Server too.

CSP Hoster

The Microsoft wording:

Customers with subscription licenses or Licenses with active Software Assurance (including CALs) may access their licensed copies of software that is provided by a Cloud Solution Provider-Hoster and installed on that partner’s devices.”

Dedicated device outsourcing

The Microsoft wording:

Customers may use licensed copies of the software on devices that are under the day-to-day management and control of Authorized Outsourcers, provided all such devices are and remain fully dedicated to Customer’s use.”

As I say, these apply to all Microsoft Software products and, as we’ll see, individual products may have their own additional terms.

Windows Server – license individual VMs

You are now able to license individual Windows Server virtual machines rather than licensing the underlying physical hardware. As expected, there are a few rules you need to follow:

  • Minimum of 8 core licenses per VM
  • Minimum of 16 core licenses per customer
  • Licenses must have active SA or be active subscriptions – this includes CALs used to access the Windows Server instances
  • Licenses can be re-assigned with the same server farm as often as needed.
  • 90-day rule applies if moving to another server farm/cloud provider

Windows 11

Customers with per-user licenses for Windows 11:

  • Enterprise
  • Education
  • VDA

install Windows 10 Creators Update or later in an Azure VM or a server that meets the requirements in the “Outsourcing Software Management” clause. The QMTH language has been removed from this section too, opening this up to the wider pool of Authorized Outsourcers.

Reading the terms, it appears that the restriction on local virtualisation with CSP licenses has been removed too – bringing them even closer to parity with volume licenses. The language now states that customers can install Windows in a VM running on their Azure or “a server” – which I read as including their own servers as well as those of an authorized outsourcer.

Desktop Applications

For Office/Project/Visio, the word “dedicated” has been removed from the terms which means hosting on shared servers is now possible:

Remote use of the software running on a Server is permitted for any user from a Licensed Device

Microsoft 365

There have been changes to the use rights for the Windows component of Microsoft 365 too. The previous language was:

rights to access and use remote virtualized instances of Windows only apply to Licensed Users that are the Primary User of a device licensed with a Qualifying Operating System.

While it now says:

Licensed Users may only run Windows Enterprise locally on devices with a Qualifying Operating System.”

Removing the primary user requirement to access remote virtual instances. Microsoft say:

Essentially, when licensed as part of Microsoft 365, the requirement to use VDA rights for remote access from desktops without Qualifying Operating Systems no longer applies

There is also a change for Microsoft 365 F3 to loosen the remote virtualisation restriction. The previous clause:

rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System

has been removed.

Microsoft 365 Apps

There is definitely some further clarification needed here. Microsoft released a new licensing guide “Using software products under the Flexible Virtualization Benefit” this month and that document states that the Flexible Virtualisation Benefit applies to Microsoft 365 Apps (formerly Office 365 Pro Plus).

With the introduction of the Flexible Virtualization Benefit, customers’ options for using Microsoft 365 Apps…outside their own data centers are expanded to include any Authorized Outsourcer’s shared servers

However, I can’t find language which clearly states this in the current Product Terms, so for now I’d advise not to get too carried away! I expect we’ll see an update to the Product Terms soon to add that language in – but I’ll update either way once we see something from Microsoft.

Thoughts

This is all pretty exciting for a licensing fan like myself – lots of new language and terms and things to check and understand. Also lots of training presentations to update!

For customers though, I’m not sure how much impact this will really have. Yes, it enables organisations to work with a much larger pool of potential hosting providers…but, in my experience at least, most orgs that are struggling want to work with Amazon AWS…and they’re not included in these changes as they’re a Listed Provider. I’m keen to see what real world impact these changes have and who wins (and loses) from it all.

PS: I’m still processing all this new info so will update with corrections as/if needed!

Further Reading

New Flexible Virtualisation Benefit licensing guide

Windows Server 2022 licensing guide

Product Terms

New Microsoft Viva products – Pulse and Amplify


Photo by cottonbro on Pexels.com

The Microsoft Viva family continues to grow – they have announced new apps as well as a host of new features…let’s take a look.

Microsoft Viva Pulse

This allows managers to gather feedback from their team members, in a regular and confidential manner via Teams. It comes with templates and suggested questions which help ensure the right questions are being asked in the best way – something which can be difficult for a manager to get right on their own.

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/22/empower-and-energize-employees-with-microsoft-viva/

Microsoft also mention that Glint, currently a separate but related product, will be “coming to Viva” in 2023.

Apply for the Microsoft Viva Pulse Customer Advisory Board here.

Microsoft Viva Amplify

This is aimed at supporting “effective communication at scale” and will help leaders write effective messages to their teams and organisations, and then publish it across multiple channels and receive analytics to understand how well they were received etc. It sounds quite useful as internal corporate messaging can often be disjointed with little insight into effectiveness…but I know some will be concerned about whether the analytics allows for invasive tracking of employees.

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/22/empower-and-energize-employees-with-microsoft-viva/

Apply for the Viva Amplify preview program here.

New features across Viva

Viva Engage Leadership Corner

This, as the name suggests, has been developed to help leaders better communicate and connect with people across the organisation. It enables Ask Me Anything (AMA) events, surveys, and news to be published and, again, tracked with metrics and sentiment analysis.

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/22/empower-and-energize-employees-with-microsoft-viva/

Answers in Microsoft Viva

This will be available within the Viva Engage app, to users licensed for Viva Suite, and will work with Viva Topics and Viva Engage. It uses AI to match user questions to existing answers and highlights relevant topics and experts. It also uses gamification to to encourage people to add content to the knowledge base.

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/22/empower-and-energize-employees-with-microsoft-viva/

The continued growth of Viva through 2022 shows that Microsoft are betting big on this area an also shows it’s likely to reach Dynamics 365 levels of confusion pretty quickly 😊 Some things are apps, some are features, some are in the suite, some are standalone, some are inside one thing but work with another and so on…it’s definitely going to be its own ecosystem!

Check out the Microsoft post here which has even more new features and info.

New Microsoft products – Defender Threat Intelligence, External Attack Defender, & Sentinel for SAP


Photo by Susanne Jutzeler, suju-foto on Pexels.com

Microsoft have added more new products to the Defender family – “Microsoft Defender Threat Intelligence” and “Microsoft Defender External Attack Surface Management” – and have brought out an SAP add-on for Microsoft Sentinel.

Microsoft Defender Threat Intelligence

This new offering, incorporating what was RiskIQ, effectively “maps the internet” and gives customers direct access to Microsoft’s real-time data and security signals; this enables organisations to “proactively hunt” for threats within their environment.

https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-defender-threat-intelligence?rtc=1

Microsoft Defender External Attack Surface Management

This helps organisations identify all their internet facing resources – including those you’re not aware of and/or have forgotten about. It’s so easy to lose track of your external facing devices with COVID changes, mergers, good old shadow IT, and the potential for mis-configured assets around the business.

https://www.microsoft.com/en-us/security/business/cloud-security/microsoft-defender-external-attack-surface-management?rtc=1

Being able to see a continuously updated map of potentially vulnerable assets will be key for organisations looking to protect themselves, their assets, and their users.

Microsoft Sentinel for SAP

They have announced an SAP specific add-on for Microsoft Sentinel that will:

  • Monitor all system layers
  • Detect & respond to threats
  • Enable customisation to extend protection

According to Microsoft it will integrate with “virtually any” NetWeaver system. It launched in August 2022 and is free for the first 6 months. After that it will be an add-on charge to the regular Sentinel pricing.

Further Reading

Threat Intelligence

External Attack Surface Management

Sentinel for SAP

Microsoft Teams Rooms licensing: September 2022


Photo by Ron Lach on Pexels.com

The September Product Terms revealed that Microsoft have replaced Teams Rooms Standard & Premium with Teams Rooms Basic & Pro, and we now have more information on feature differences and licensing.

Teams Rooms Basic

This is the free entry level license, included with certified Teams Devices and available via the Microsoft 365 Amin Center (not via resellers etc.). It is limited to 25 licensed devices within an organisation, if devices are needed they must be covered with Pro licenses. Furthermore, it is limited to 1 device per room with the same resource account – if 2 or more devices are needed, this again requires a Pro license.

You’ll notice below that Basic does not include a Teams Phone license, preventing the room from making/receiving PSTN calls.

Teams Rooms Pro

These are $40 per device per month and offer a much wider range of features than the Basic license.

It seems Microsoft have removed access to in-person engineers as part of the management features offered, with the Docs page stating “Microsoft Service engineers will no longer serve as intermediaries to incident response starting October 1, 2022“.

How do they compare to their predecessors?

Teams Rooms Basic is missing many of the features that were present in Teams Room Standard which means organisations may find themselves having to move from the $15 per month Standard license to the $40 per month Pro license at renewal – a significant increase. Equally, although probably much less likely, some organisations could drop from Standard ($15) to Basic ($0) and save money each month.

Basic v Pro

https://docs.microsoft.com/en-gb/microsoftteams/rooms/rooms-licensing#switching-from-teams-rooms-standard-and-teams-rooms-premium

This link here gives a detailed comparison of the differences between Basic & Pro in various different use areas. I would recommend also comparing the new functionality to your existing licenses to identify if you’ll need the Pro option going forwards.

Further Reading

Microsoft announcement

Teams Rooms licensing

New Teams Rooms pricing

Old Teams Rooms pricing

Tom Talks blog for more in-depth telephony info

%d bloggers like this: