Microsoft, somewhat confusingly, “introduced” Intune at Ignite 2022…despite it having existed for what – at least a decade at this point?! It’s more of a Jay-Z style “allow me to re-introduce myself” as it seems Microsoft have decided to make Intune the primary brand for endpoint management going forwards…say goodbye to Microsoft Endpoint Management (MEM) as part of this.
The new suite will include:
Remote Help for Windows & Android
Microsoft Tunnel for Mobile App Management
Endpoint Privilege Management
Advanced endpoint analytics
as well as more features to be announced in 2023.
The add-on license will be available for Microsoft 365 E3/E5 and any licenses that include Intune and will, not surprisingly, be cheaper than buying all the individual components separately. This is another example of where organisations licensed with M365 E5 must still acquire additional licenses – something I know many are not happy with.
Announced at Ignite 2022, Microsoft have introduced a Teams Premium add-on SKU – giving more benefits to organisations as hybrid working becomes more common and continues to evolve. Given the huge success of Teams, and how integral it has become to so many organisations, it makes sense that Microsoft will look to monetize this with a focus on hybrid features. These new options include:
This gives a set of pre-built options for different types of meetings i.e. client calls, brainstorming, help desk calls etc. that will set the length and best practices.
Again, the option to have customised meeting lobbies appears as well as custom backgrounds and together modes.
This sounds like it could genuinely be a game changer.
It will use AI to pick out action items and assign owners during meetings and then create recordings which show key events such as where your name was mentioned or when a screen was shared – making it easier, and faster, to cover what you missed. It will also highlight speakers based on who you work most closely with, so you can skip through the transcripts to find relevant sections more easily.
Live translated captions
This is very cool for international companies and partnerships. An organiser having Teams Premium will mean all attendees get live captions in one of 40 languages.
Advanced Meeting Protections
New options around the security of meetings and recordings include watermarking and, for E5 customers, the ability to use Purview Information Protection sensitivity labels.
Teams Premium will offer advanced Virtual Appointments with better end to end management, text reminders, appointment access without the Teams app, a dashboard to see appointment overviews, and analytics. See more here.
Advanced webinar features
There are also some new features that help enhance the Teams webinar offering – something I’m particularly interested in. These include:
Automated branded reminder emails
Virtual green room – this gives a space for speakers to chat, monitor Q&A, check content etc. separate to attendees
Teams Premium also gives control over which speakers, videos etc. attendees can see – which can be very useful when you have multiple presenters at once.
Pricing is currently expected to be $10 per user per month. The Preview will begin in December 2022 and General Availability with be February 2023, although intelligent recap features will be “first half of 2023”.
As well as the Azure Stack HCI news, Microsoft have also added Azure Hybrid Benefit (AHB) for AKS (Azure Kubernetes Service).
How it works
This benefit is available for Windows Server Standard and Datacenter (both with SA) and also CSP server subscriptions. Hosts must be Windows Server 2019 (and later) or Azure Stack HCI
Each Windows Server core license w/SA allows use of 1 virtual core of AKS. The AKS AHB is additive, meaning the licenses can be used to cover on-prem/Azure workloads AND to use AKS. You can see more info here.
Ignite 2022 saw Microsoft expand the Azure Hybrid Benefit (AHB) to grant access to Azure Stack HCI.
What is it?
It is only available for Enterprise Agreement customers and only applies to Windows Server Datacenter licenses w/SA; licenses must be allocated for all physical cores in the Azure Stack HCI cluster. Licensing in this way allows you to use unlimited Windows Server base instances across the cluster. Furthermore, as per the Product Terms, the “dual-use” rights do not apply so licenses can be used as Windows Server licenses OR as Azure Stack HCI licenses.
It is activated in the Azure portal:
I question the phrasing in the Microsoft announcement here as it says that customers “exchange” their Windows Server licenses to get Azure Stack HCI. This suggests that they are somehow transformed from one type into another but that doesn’t appear to be the case – as this is via AHB, it is simply an additional right that doesn’t change the underlying licenses. As with allocating Windows Server licenses to “regular” Azure, it seems one can re-assign from Azure Stack HCI licenses back to Windows Server Datacenter licenses following the 90-day rule.
Given the increasing level of focus on CSP and the MCA, it’s interesting to see that it is restricted to Enterprise Agreement customers only. It not being made available for Open Value and MPSA customers is, rightly or wrongly, business as usual these days but CSP has been getting a lot of shiny things lately.
This new way of paying for Microsoft Azure was announced at Microsoft Ignite 2022 and seems to bear more than a passing resemblance to Amazon AWS Savings Plans. The similarities are probably a bonus for customers, meaning you don’t have to learn 2 totally different IaaS cloud payment options.
What is it?
Azure Savings Plans is, to some degree, the next step beyond Reserved Instances (RI). This new offering comes with a spend commitment on an hourly basis (over 1 or 3 years) and gives discounts over the PAYG pricing on resources where you have consistent usage. Eligible compute services include:
Azure premium functions
Azure app services
How it works
Savings Plans discounts are applied automatically (starting where the largest discount exists) to any eligible services on spend up to the hourly commitment i.e. £7 per hour. Any spend over that amount is then charged at PAYG pricing so, just as with Reserved Instances, accurate understanding of current and future usage is a must.
They only apply to infrastructure costs but can be combined with Azure Hybrid Benefits for Windows Server & SQL Server etc.
How to buy
Savings Plans are available for Enterprise Agreements, Microsoft Customer Agreements (MCA), and Microsoft Partner Agreements.
EA admins with write permissions can directly purchase savings plans from Cost Management + Billing > Savings plan. No specific permission for a subscription is needed.
Subscription owners for one of the subscriptions in the EA enrollment can purchase savings plans from Home > Savings plan.
Enterprise Agreement (EA) customers can limit purchases to EA admins only by disabling the Add Savings Plan option in the Azure portal. Navigate to the Policies menu to change settings.
Notifications are sent to EA administrators and EA notification contacts.
Users added to a savings plan using Azure RBAC (IAM) permission don’t receive any email notifications.
Microsoft Customer Agreements
Customers with billing profile contributor permissions and above can purchase savings plans from Cost Management + Billing > Savings plan experience. No specific permissions on a subscription needed.
Subscription owners for one of the subscriptions in the billing profile can purchase savings plans from Home > Savings plan.
To disallow savings plan purchases on a billing profile, billing profile contributors can navigate to the Policies menu under the billing profile and adjust Azure Savings Plan option.
Microsoft Partner Agreements
Partners can use Home > Savings plan in the Azure portal to purchase savings plans for their customers.
Savings Plans can be paid for upfront or on a monthly basis, and you don’t pay any more for choosing to spread payments. That said, monthly prices may vary on MCA due to impact of exchange rates.
If you currently have Azure Reserved Instances but would like to move to Savings Plans, you’re in luck – you can trade in Reservations for Savings Plans. The hourly commitment of the new savings plan must be greater than the leftover payments that are cancelled for the returned reservations. That said, not all reservations can be traded – those not eligible are:
Azure Databricks reserved capacity
Synapse Analytics Pre-purchase plan
Azure VMware solution by CloudSimple
Azure Red Hat Open Shift
Red Hat plans
SUSE Linux plans
Beware – Savings Plans cannot be cancelled, exchanged, or refunded. Automatic renewal of Savings Plans isn’t on by default but can be activated if you so wish.
Setting the scope
You can set the scope of Savings Plans to restrict where the savings can be applied. Your options are:
Single resource group
Microsoft have provided information to help with reporting and cost analysis including how to identify wasted spend and how to access the CSV files here.
To get this, and more, in your inbox each month – sign up to my newsletter here!
Most of the focus is on the changes that Microsoft have made to cloud and virtualisation licensing for Windows Server, Windows 11, Office and more – you can check out my analysis of that here – but there are other changes this month too.
Three new products are added:
I cover this in more depth here but it is now in the Product Terms and there’s a clause that organisations must use a Viva Sales connector to link it to their CRM…so no 3rd-party or in-house connectors.
SharePoint Advanced Management Plan 1
I’ve not seen any info about this and am still looking for details – let me know if you have any info!
Again, no info about these yet. Looking at Microsoft Learn/Docs, workload identities are “applications, service principals, and managed identities” but I’m not sure how this relates to the new SKU.
There was also:
The removal of Intune for EDU (device) from MCA
Windows 11 Home to Pro availability expanded to Central and South America
Microsoft first announced these changes in May 2022 and, after an update in September, we’ve now got the majority of the info in the October 2022 Product Terms document. Let’s take a look at what’s changed and what it means for us all.
First things first, the Listed Providers:
Google Cloud Platform
are not included in any of these changes.
Outsourcing Software Management clause
This is in the “Universal license terms for all Software” which means it applies to all products under this category. There are 3 new elements within this clause:
Flexible Virtualisation Benefit
The Microsoft wording:
“Customers with subscription licenses or Licenses with active Software Assurance (including CALs) may use licensed copies of the software on devices, including shared Servers, that are under the day-to-day management and control of Authorized Outsourcers.”
This is similar to the existing “License Mobility through Software Assurance” benefit but doesn’t have the requirement to use an “Authorized Mobility Partner” -rather, you can use any “Authorized Outsourcer” partner…which is any partner that isn’t a Listed Provider.
While much of the focus here is on Windows Server, this new benefit applies to other products such as SQL Server too.
The Microsoft wording:
“Customers with subscription licenses or Licenses with active Software Assurance (including CALs) may access their licensed copies of software that is provided by a Cloud Solution Provider-Hoster and installed on that partner’s devices.”
Dedicated device outsourcing
The Microsoft wording:
“Customers may use licensed copies of the software on devices that are under the day-to-day management and control of Authorized Outsourcers, provided all such devices are and remain fully dedicated to Customer’s use.”
As I say, these apply to all Microsoft Software products and, as we’ll see, individual products may have their own additional terms.
Windows Server – license individual VMs
You are now able to license individual Windows Server virtual machines rather than licensing the underlying physical hardware. As expected, there are a few rules you need to follow:
Minimum of 8 core licenses per VM
Minimum of 16 core licenses per customer
Licenses must have active SA or be active subscriptions – this includes CALs used to access the Windows Server instances
Licenses can be re-assigned with the same server farm as often as needed.
90-day rule applies if moving to another server farm/cloud provider
Customers with per-user licenses for Windows 11:
install Windows 10 Creators Update or later in an Azure VM or a server that meets the requirements in the “Outsourcing Software Management” clause. The QMTH language has been removed from this section too, opening this up to the wider pool of Authorized Outsourcers.
Reading the terms, it appears that the restriction on local virtualisation with CSP licenses has been removed too – bringing them even closer to parity with volume licenses. The language now states that customers can install Windows in a VM running on their Azure or “a server” – which I read as including their own servers as well as those of an authorized outsourcer.
For Office/Project/Visio, the word “dedicated” has been removed from the terms which means hosting on shared servers is now possible:
“Remote use of the software running on a Server is permitted for any user from a Licensed Device”
There have been changes to the use rights for the Windows component of Microsoft 365 too. The previous language was:
“rights to access and use remote virtualized instances of Windows only apply to Licensed Users that are the Primary User of a device licensed with a Qualifying Operating System.”
While it now says:
“Licensed Users may only run Windows Enterprise locally on devices with a Qualifying Operating System.”
Removing the primary user requirement to access remote virtual instances. Microsoft say:
“Essentially, when licensed as part of Microsoft 365, the requirement to use VDA rights for remote access from desktops without Qualifying Operating Systems no longer applies“
There is also a change for Microsoft 365 F3 to loosen the remote virtualisation restriction. The previous clause:
“rights to access and use virtualized instances of Windows only apply to Licensed Users of a shared device with a Qualifying Operating System“
has been removed.
Microsoft 365 Apps
There is definitely some further clarification needed here. Microsoft released a new licensing guide “Using software products under the Flexible Virtualization Benefit” this month and that document states that the Flexible Virtualisation Benefit applies to Microsoft 365 Apps (formerly Office 365 Pro Plus).
“With the introduction of the Flexible Virtualization Benefit, customers’ options for using Microsoft 365 Apps…outside their own data centers are expanded to include any Authorized Outsourcer’s shared servers“
However, I can’t find language which clearly states this in the current Product Terms, so for now I’d advise not to get too carried away! I expect we’ll see an update to the Product Terms soon to add that language in – but I’ll update either way once we see something from Microsoft.
This is all pretty exciting for a licensing fan like myself – lots of new language and terms and things to check and understand. Also lots of training presentations to update!
For customers though, I’m not sure how much impact this will really have. Yes, it enables organisations to work with a much larger pool of potential hosting providers…but, in my experience at least, most orgs that are struggling want to work with Amazon AWS…and they’re not included in these changes as they’re a Listed Provider. I’m keen to see what real world impact these changes have and who wins (and loses) from it all.
PS: I’m still processing all this new info so will update with corrections as/if needed!
The Microsoft Viva family continues to grow – they have announced new apps as well as a host of new features…let’s take a look.
Microsoft Viva Pulse
This allows managers to gather feedback from their team members, in a regular and confidential manner via Teams. It comes with templates and suggested questions which help ensure the right questions are being asked in the best way – something which can be difficult for a manager to get right on their own.
Microsoft also mention that Glint, currently a separate but related product, will be “coming to Viva” in 2023.
Apply for the Microsoft Viva Pulse Customer Advisory Board here.
Microsoft Viva Amplify
This is aimed at supporting “effective communication at scale” and will help leaders write effective messages to their teams and organisations, and then publish it across multiple channels and receive analytics to understand how well they were received etc. It sounds quite useful as internal corporate messaging can often be disjointed with little insight into effectiveness…but I know some will be concerned about whether the analytics allows for invasive tracking of employees.
This, as the name suggests, has been developed to help leaders better communicate and connect with people across the organisation. It enables Ask Me Anything (AMA) events, surveys, and news to be published and, again, tracked with metrics and sentiment analysis.
Answers in Microsoft Viva
This will be available within the Viva Engage app, to users licensed for Viva Suite, and will work with Viva Topics and Viva Engage. It uses AI to match user questions to existing answers and highlights relevant topics and experts. It also uses gamification to to encourage people to add content to the knowledge base.
The continued growth of Viva through 2022 shows that Microsoft are betting big on this area an also shows it’s likely to reach Dynamics 365 levels of confusion pretty quickly 😊 Some things are apps, some are features, some are in the suite, some are standalone, some are inside one thing but work with another and so on…it’s definitely going to be its own ecosystem!
Check out the Microsoft post here which has even more new features and info.
Microsoft have added more new products to the Defender family – “Microsoft Defender Threat Intelligence” and “Microsoft Defender External Attack Surface Management” – and have brought out an SAP add-on for Microsoft Sentinel.
Microsoft Defender Threat Intelligence
This new offering, incorporating what was RiskIQ, effectively “maps the internet” and gives customers direct access to Microsoft’s real-time data and security signals; this enables organisations to “proactively hunt” for threats within their environment.
Microsoft Defender External Attack Surface Management
This helps organisations identify all their internet facing resources – including those you’re not aware of and/or have forgotten about. It’s so easy to lose track of your external facing devices with COVID changes, mergers, good old shadow IT, and the potential for mis-configured assets around the business.
Being able to see a continuously updated map of potentially vulnerable assets will be key for organisations looking to protect themselves, their assets, and their users.
Microsoft Sentinel for SAP
They have announced an SAP specific add-on for Microsoft Sentinel that will:
Monitor all system layers
Detect & respond to threats
Enable customisation to extend protection
According to Microsoft it will integrate with “virtually any” NetWeaver system. It launched in August 2022 and is free for the first 6 months. After that it will be an add-on charge to the regular Sentinel pricing.