At Microsoft, we’re redefining how and where we work, and how we stay secure. We manage staggering amounts of data and embrace self-service tools. We’re more mobile and productive than ever. Our global Finance team is at the forefront, driving insights with Power BI analytics, adopting Skype for Business unified communications, using Office 365 Enterprise E5 advanced security and threat protections, and managing data discovery and compliance—for an intelligent, collaborative, and more secure work experience.


Every business needs to digitally transform—the constantly shifting computing landscape demands it. At Microsoft, we’ve embraced this challenge and we’re well our way toward accomplishing our goal of being “digital by default.” Whether it’s managing and protecting rapidly-increasing amounts of corporate data and intellectual property, or helping our highly mobile workforce work quickly and safely from anywhere in the world, we’re using vital Office 365 Enterprise E5 technologies that are robust enough to handle the magnitude of our need. Equally important, E5 technologies are helping us set a new pace. They’re helping us reduce lengthy processes and boost productivity.

E5 delivers insights, collaboration, and security

Microsoft organizations everywhere are using new and powerful analytics, voice, and security solutions in E5. It’s the most complete and secure productivity and communication platform for our digital workplace. And it’s a driving force toward our move to make powerful self-service business and personal analytics a foundation of our culture.

By using E5, our employees and business partners get business data analytics with Power BI, personal data analytics with Microsoft MyAnalytics, and seamless conferencing and calling options with Skype for Business. Microsoft IT gets protection from advanced threats, effective new ways to manage data for discovery and compliance purposes, unified management, and robust data access controls. And Microsoft overall benefits from tremendous cost savings, more agile teams, and thorough visibility and insights into data and organizations.

Finance evolution and E5

Our own Finance organization is a prime example of how we’re using E5 analytics, communications, and security features to help us achieve our digital transformation. With access to and responsibility for vast amounts of business data, our ongoing digital transformation has given Finance a new focus—to explore new opportunities for growth by understanding the data they manage.

Finance simplifies

Finance has always had aggressive objectives for revenue, partners, employees, and market capitalization. About 15 years ago, the business realized that operational inefficiencies and disparate sources of business data were formidable roadblocks to its goals.

Since then, the organization has undergone multiple significant initiatives that simplified and improved processes and operational efficiencies. Hundreds of data sources and unmonitored “Shadow IT” apps were whittled down to only 50 data sources. And recently, Finance consolidated those 50 data sources into a “single source of truth” contained in a Microsoft Azure Data Lake, secured with role-based Azure Active Directory access. The Data Lake provides all of our analysts around the world instantaneous access to almost 2 billion key performance indicators.

New opportunities and IT partnership

The priorities and roles of today’s finance executives—at Microsoft and everywhere else—are fundamentally changing. Although the traditional goals of finding new sources of revenue and reducing costs remain constant, a fresh focus on exploring new opportunities for growth has been added. Finance teams now serve as business analysts who power the insights that an entire organization depends on to grow and innovate.

This new focus requires substantial agility to balance many competing priorities, including:

  • Strategically harnessing the power of data analysis.
  • Reducing lengthy processes and working faster.
  • Facilitating collaboration among employees and business partners who work from anywhere and from any device.
  • Championing the rapidly changing, mobile-first world to accelerate business value and decrease costs.
  • Enhancing our ability to be nimble, compliant, and secure, while embracing cloud computing at the same time.

Innovate and protect

At the same time that Finance is challenged with pushing for business innovation, data security concerns continue to mount. Attacks grow in sophistication and in their potential to disrupt. In short, we’re in very turbulent times when protecting corporate assets. Managing and protecting data is a top priority.

This is why strong partnerships between Finance, IT, and Information Security are so critical. Finance, IT, and Information Security experts must work together to drive technology innovations, while managing risk at the same time. The challenge is to keep people safe while also empowering businesses to take risks and grasp new opportunities. A reflection of this key partnership is that across industries, 39 percent of IT departments now report up through their Finance organizations.

Finance and analytics

The new analytics components in E5 inform our Finance organization’s business and personal productivity decisions with data-driven insights. Power BI offers an intuitive experience for interacting with business data and provides a rich consolidated view of key information, no matter where the underlying data is stored. MyAnalytics (formerly called Delve Analytics)—a brand new category of insights—helps our employees and teams gain insights about personal and group productivity, and helps them to make informed decisions about their time and collaboration investments.

Power BI delivers business insights

Because data and insights are generated in real time, every layer of an organization can seek out trends and become transformational change agents. Power BI puts the power of data insights into the hands of employees, and takes IT out of the business of building dashboards, which is resource-intensive and time consuming.

Power BI is provisioned across Microsoft and there is an active and enthusiastic base of people who use it, including practically all of our knowledge workers. It delivers cloud-based analytics and a rich data visualization service that inform our business decisions.

Integrated with Excel, our employees create their own interactive Power BI dashboards and reports to generate the insights they need to drive their business groups forward at the pace required. Power BI also provides new ways to interact with data—using Cortana and natural language queries.

Our Finance organization has used infrastructure changes and Power BI to evolve to a powerful, self-service analytics capability.

Dynamic dashboards drive strategic insights, deliver meeting productivity

Across Microsoft, our Finance organization had to wrestle with multiple data sources that made business reviews time consuming and cumbersome. Stumbling blocks included:

  • Subsidiaries—nearly 200—built out their own static decks.
  • Business review decks could range from two, to two hundred pages.
  • Analysts had to iterate back and forth to get answers to questions.
  • Time-intensive queries produced cumbersome, multi-page reports with literally thousands of data points.

By adopting Power BI, Finance immediately gained speed and agility. For example, using Power BI dashboards at business review meetings eliminated the old process—and let the organization bridge the gap from data to insights.

In the past, getting the data and creating the visuals—such as manually creating waterfall charts—took so much time that it left very little time for deeper analysis or insights. However, now Power BI lets us shortcut and automate the labor-intensive creation of the visuals and reports, so that our analysts can focus on activities to gain deeper insights, like drilling down through the data, speaking with account teams, and so on.

Dynamic dashboards revealed insights that let attendees dive in deeper—without paper—in key business review meetings. Because the effects of changed data points could be discussed immediately, it uncovered different discussion drivers, and led to more robust conversations.

This graphic illustrates the potential efficiencies of Power BI.

Figure 1. Dynamic visualizations

The organization accrued many benefits from Power BI, including:

  • Dashboards saved time. Dashboards dramatically reduced the time required to run reports.
  • Dashboards changed meeting dynamics. Data sources were combined into a single real-time dashboard that could be manipulated during a meeting.
  • The Finance organization evolved strategically. They evolved to focus on discovering strategic insights, rather than running reports.
  • Power BI fostered a “what-if” mindset. With Power BI dashboards, data could be changed immediately, which encouraged forward-thinking questions.
  • Natural language leveled the playing field. Data can now be questioned with natural language queries. This removed the barriers of time and expertise associated with writing complex queries.
  • Power BI provided do-it-yourself data modeling for all levels. It empowered everyone to create dashboards for themselves in minutes, instead of asking IT to do it.
  • Power BI helped run the business with a consolidated view. Dashboards increased productivity and the ability to spot trends as they happen.
  • Finance professionals shared dashboards securely. They can also view the dashboards from any device, including mobile devices.
  • Power BI is as straightforward as Excel. Power BI has a small learning curve.

Power BI gave us the information we needed when Britain voted to exit from the United Kingdom European Union membership referendum (commonly known as Brexit).

Power BI provided timely currency data

In June 2016 when the Brexit vote occurred, financial markets were immediately affected. Our Treasury department had a Power BI Equity Dashboard configured to monitor currency changes, so they could respond immediately to questions about portfolio value changes and positions, and potential implications for the financial quarter’s performance. The team was ready for questions early in the morning after the vote. Figure 2 shows a screenshot of the Equity Dashboard.

The Equity Dashboard that MS Finance was ready to use the morning after the Brexit vote.

Figure 2. Equity Dashboard

Visualizing data with Dashboards

How can a dashboard work in your organization? We use dashboards at every level of our Finance organization. We have a demonstration dashboard that shows how intuitive Power BI can be. Using anonymized data, we've replicated a dashboard that senior Finance leaders are using. Figure 3 shows a snapshot of this dashboard, which demonstrates how intuitive Power BI can be. It includes lots of interest points, such as:

  • Revenue Variance to Budget (VTB) by country/region.
  • A single view of all server vulnerabilities across the world.
  • A 12-month graph of budgeted, actual spend, and forecasted spend.

The visual nature of Power BI makes data points jump out.

A mock CFO dashboard that Microsoft uses to show how Power BI works.

Figure 3. Main dashboard

What we're looking at in Figure 2 is a sample dashboard—it has multiple tiles that have been pinned here from a variety of reports, to provide a high-level overview of the business. If you want to discover more insights about the information on any of the tiles, select the tile to drill down into the underlying report.

For example, in Figure 3, let’s say you noticed in the Expense variance to budget ($) by country/region tile that France’s gross sales were off. To learn more, select the tile on the left with the graph to view the Revenue & Profitability report. Figure 4 shows a sample.

This is another screenshot of the Microsoft mock CFO dashboard. It shows what happens when a user clicks into a Revenue & Profitability report.

Figure 4. Revenue & Profitability report

On the Revenue & Profitability report, you would see that France has a large, negative VTB, which is alarming. You’ll also see that France is meeting performance requirements in the Retail Store channel, and is doing relatively well in the Television channel, but it’s the Online and Wholesale channels where they’re struggling. They’re not doing well with both Loyalty and Non-Loyalty programs.

You can keep clicking deeper and deeper to uncover specific data points that can be acted upon. You extract insights much faster than you would by looking at multiple reports—and transform data into rich visuals that let you focus on what matters to you.

At the end of this paper, you’ll find some links to other sample Power BI dashboards that you might be interested in. You can try out Power BI firsthand and see how it helps you to drill down into data.

Personal productivity insights with MyAnalytics

Everyone knows that time is money. Learning where time goes, spending time efficiently, and being more effective has so much to do with successfully determining return on investment (ROI), reducing lengthy processes, and working faster.

MyAnalytics, a new E5 analytics capability, is an innovative new category of insights. It empowers employees and teams to take control of their work and improve their productivity with a data-driven approach. MyAnalytics tracks how you spend your daily activities—such as email and meetings—so you can manage your time better and be more effective. For example, it’s powerful to know the average time that people in your organization spend in meetings, or how long it takes for members of a group to read your emails. MyAnalytics helps you gain insights into effectiveness by analyzing activities and your network—to help you make the most of your time and collaboration investments.

Time management analysis and tools

For someone like an account executive, who could be easily overwhelmed by the demands of managing thousands of customer relationships, MyAnalytics charts email activity by the hour, and provides a personal dashboard to help recognize where valuable time is being spent, and to improve efficiency. In any sales role, timely response is a key performance metric. MyAnalytics can help prioritize the time and communications spent with key accounts. It breaks down email activity in many ways, such as:

  • The percentage of your messages that are read by others.
  • The percentage of mail read by you.
  • The time that it takes for you to reply to others.

Our executives also use MyAnalytics to help them manage their time. Our own CIO has 21,000 people in his organization. As you might imagine, it’s challenging to sort out demands on his time and to prioritize his volume of email. For example:

  • How much time is he spending with his team?
  • How much time is he spending with customers?
  • How much “focus time” does he have?
  • Have his external engagements gone up or down compared to last year?

Through a combination of MyAnalytics and Outlook features, a wide variety of tools—such as color-coding, categorizing by internal and external stakeholders, or customer accounts—help his administrator prioritize his time, and helps recognize and prioritize his most significant email threads. She can make recommendations based on the analysis.

MyAnalytics helps us analyze information like email reach and average amount of time in meetings to understand what might be right for each of us, given our role, organization, and goals.

Determining the read rate effectiveness of executive email communications

For our IT leaders, we use MyAnalytics to measure group email communications metrics—in aggregate, never on an individual level—while simultaneously maintaining strict confidentiality of the email recipients. MyAnalytics quickly and easily measures the impact of group email communications. A sender simply presses a button in Outlook to track metrics associated with group messages, such read rates. MyAnalytics also shows message activity—the number of forwards and replies, and graphically displays the time at which readership peaks, and then drops off.

Readership data is a quick way to gauge immediate interest in topics, and in turn lets teams fine-tune email campaigns and strategies. For example, we’ve seen that in some cases, if a report is shorter, more people are likely to open it. Consumption data can show better days—or even better hours—to send messages.

Fine-tuning meetings

When it comes to meetings, you can probably identify with the feeling that some of them are not the best use of your time. Without supporting data behind that feeling, it’s difficult to act on. At Microsoft, we’ve seen MyAnalytics redefine how people use meetings to collaborate. MyAnalytics empowers employees and teams to use data to evaluate their own ROI on time and effort.

For example, we’ve seen teams use MyAnalytics data to re-vamp and streamline meetings—shortening their length, prioritizing participants to the fewest and best, and even empowering employees to decline participation considered non-critical. Teams have also used MyAnalytics data about multitasking to make meetings more focused and valuable. They set specific thresholds for multitasking in meetings, and then re-evaluate effectiveness and adjust meeting formats if necessary. The emphasis on relentlessly managing time as a precious resource is one that reverberates through all levels of Microsoft.

“You can in fact have a more effective meeting by having the right set of folks in there to be able to make the right kind of decision as fast as you can. So I would say it’s not the number of meetings that matter, it’s the effectiveness of the meetings.” – Satya Nadella, Microsoft CEO

Redefining modern collaboration and reducing costs

The priorities and roles of today’s finance teams are fundamentally changing. In many cases, the finance team holds the reins for expanding into new geographic markets or product lines, making acquisitions, and developing new partnerships. Modern finance teams understand that if they want to keep a pulse on their business, manage risk, and enable business growth, they must empower their teams with the self-service tools that surface meaningful insights quickly and accelerate productivity.

At Microsoft, our Finance employees need to be able to partner with each other, as well as with external customers, vendors, and suppliers, from anywhere, on any device. At the same time, the team needs to embrace the dynamic, mobile-first world in ways that simultaneously accelerate business value and decrease costs.

Enter Skype for Business. A key component of E5, Skype for Business helps Finance optimize operations and realize productivity improvements. Skype for Business in E5 is a complete cloud communication and voice service, with capabilities for cross-platform chat, presence, voice, video, and meeting services.

Finance uses Skype for Business at every business touchpoint. Like it does for any enterprise, Skype for Business transforms the entire customer engagement for our Finance group. It helps them deliver a better customer and business partner experience, resulting in faster collaboration and worker engagement. At the same time, Skype for Business brings tremendous business value and cost savings.

Our Skype for Business configurations

We have more than 200,000 active Skype for Business users, including employees, partners, and vendors. More than 19,000 of our partners are federated and authenticated in our Skype for Business infrastructure. Federated partners can see presence information, and use Skype for Business to communicate with Microsoft. Today, approximately 13,000 of our Skype for Business users are fully cloud-based, 64,000 are in a hybrid configuration, and the remainder are hosted on-premises.

Our hybrid configuration typically consists of using the cloud for IM, presence, and conferencing, with voice being on-premises. Our hybrid configuration is temporary, until we can host all of our Skype for Business users fully in the cloud, anywhere in the world.

Our goal is to host all of our enterprise users in the cloud for efficiencies and cost savings. As we aggressively roll out voice services globally, we move more workloads from on-premises to Skype for Business in the cloud.

Unifying communications and reducing costs with Skype for Business

Our teams use Skype for Business and other E5 products to communicate, collaborate, and share meeting documents—all in one place. In addition to voice calls, Skype for Business lets you share content, add instant messaging (IM), add attachments, and turn a voice call into a video call. In fact, 89 percent of our Skype for Business meetings use these sharing features. We can complete processes in real time with Skype for Business—giving back time to our employees, and realize tremendous cost savings.

Dramatic adoption scale and value

The scale at which we’ve adopted Skype for Business across Microsoft is breathtaking. Each month, we host nearly 1 million meetings per month, generate more than 9 million voice sessions—2 million of them cloud-based—and host more than 130 million instant messages. More than 19,000 partners are federated into our Skype for Business system.

Skype for Business has realized tremendous cost savings and value for Microsoft. For example, PSTN conferencing saves us nearly $124,000—every day. The following table provides more value highlights.

Table 1. Cost savings

Business costs

Savings realized

Conferencing costs

Nearly $124,000 per day

Travel costs

$92 million per year (45,000 trips)

PBX de-commissioning

Nearly $700,000 per year

Audio/video costs

$8 million per year

International calling tolls

$5,200 per day

Skype for Business and Finance

Consider the logistical challenges associated with attending meetings with Finance colleagues or external customers who are physically in a different place, or in a different time zone. If attendees can’t travel to a meeting, or if an attendee is in another time zone, they can still attend by using Skype for Business voice and collaboration features, or they can watch a recording of a meeting at a later time. Cost savings associated with avoiding business travel are dramatic. Skype for Business lets us avoid, on average, 45,000 in-person trips each year. This alone translates to a $92,000,000 savings.

The travel budget that Microsoft saved by using Skype for Business instead of business travel

Figure 5. Skype for Business savings

Finance is a vital, centralized organization that works with many external customers, and has internal business partners across all of Microsoft. It’s truly a global group—more than 800 Finance employees and business partners work outside of Microsoft corporate headquarters. Finance works across a huge number of geographies and time zones, and needs to support new ways of work. Here are a few quick examples of how we take advantage of Skype for Business in the organization:

  • Offline convenience. An organizational meeting held in the U.S. can be recorded for later offline consumption anywhere in the world.
  • Communication options. To adapt to specific preferences, users can choose to communicate by voice, text, or visually.
  • Consistent communication method. Finance crosses all boundaries. Skype for Business provides a consistent and efficient method of communicating across the world.
  • Mergers and acquisitions support. We can quickly provision new companies and partners into our Skype for Business infrastructure.
  • Adapt quickly. New partners may prefer to use video calls instead of audio calls. Video calls are available to any user.
  • Fast resolution to blocking issues. Finance provides essential services, and we provision quick access to corporate support teams through Skype for Business.

Skype for Business helps Finance thrive and grow

Within Finance, as across Microsoft, Skype for Business has become the standard method of communication and collaboration. Here are a few examples of how Finance uses Skype for Business to mature its teams, optimize its business, and drive efficiencies:

  • Dynamic training. Finance hosts a series of dynamic training sessions that are designed to drive continuous improvement across the organization. They align to four core Finance priorities. Because the team wants to be lean—and give back time whenever possible—the sessions aren’t scheduled on a regular basis. Rather, they’re designed and spun up quickly when there’s a compelling business need or growth opportunity, such as new materials, tools, or updates. In addition to the obvious agility aspect of being able to deliver these sessions quickly—because they don’t have to arrange travel or a physical meeting space—the team sees a more interactive meeting experience. Attendees can ask questions over IM during the session, and have them answered in real time.
  • Meetings scale. Finance meetings, small and large, are now run through Skype for Business. Organization-wide meetings are now conducted exclusively through Skype for Business, all around the globe. This represents a significant savings, because Finance used to fly people in from all around the globe for these meetings. Quarterly business updates are delivered to 13 small teams at the area level through Skype for Business—the update meetings incorporate presentation content, reports, and Power BI dashboards. These serve smaller subsidiary teams and include field representation. And finally, we host Finance community calls, such as one for Financial Controllers within the company.
  • Direct connections. By their nature, large and geographically dispersed organizations sometimes make it hard to feel like you’re actively participating. We use Skype for Business to create more immediate connections between our teams and leaders. For example, at a recent Microsoft International Finance group meeting for more than 600 participants, Skype Broadcast virtually hosted a conversation between two of our most senior Finance executives. Those executives happened to be on different continents at that moment. Then, we added questions from the general audience to the conversation. It created a compelling opportunity for team members from all over the world to engage directly—with not just one, but two—of our most senior leaders.

Mobility support

At Microsoft, we’re a bring-your-own-device (BYOD) culture, and like with any modern enterprise, mobility support is key. Our workforce is changing and is increasingly mobile—and Skype for Business is there to meet the challenge. Our employees can use Skype for Business from any number of devices to join meetings, see and hear participants, shared content, IM other participants on the call, and can even present PowerPoint content right from an Android or iOS device.

The rich Skype for Business mobile experience supports other critical functionalities—like the ability to publish and view availability status and out-of-office messages. Presence information is represented by a color-coded green, yellow, or red presence indicator. When you use Skype for Business on your mobile device, it will let people who view your contact information know that you are using a mobile device.

Cloud PBX provides complete voice solution in the cloud

PBX systems manage calls after they’re inside of your enterprise, like routing calls to extensions, direct lines, or an attendant. In the past, PBX systems were on-premises, managed by a third party, and required significant hardware investments. Cloud PBX—cloud-based call management—delivers familiar business phone call control and management features, such as call waiting, directly from Office 365.

Microsoft used to maintain a centralized, large PBX that serviced corporate headquarters and other areas. Nicknamed “Big iron,” it entailed significant maintenance costs, and it had to be upgraded every three years. In Australia, and other regions, we had additional PBX systems on-site that also had to be maintained and upgraded.

With Skype Cloud PBX, we no longer have to contract with a traditional telephony carrier for services, use traditional phone hardware, or use an on-premises PBX. Calls are routed over the Internet. Cloud PBX hardware support and management usually happens at an IT datacenter, rather than at a dedicated PBX site. We can even replace proprietary and expensive dedicated desk telephones with lower-cost headsets.

In the past six years, we’ve decommissioned 70 percent of our owned PBXs, and migrated to Cloud PBX. This represents nearly $700,000 saved per year. At the same time, our enterprise voice sites have grown by 238 percent.

PSTN calling eliminates telephony carriers

Combining Cloud PBX with the PSTN calling service creates a complete enterprise telephony experience for our end users, with Microsoft as the provider. A fast and flexible provisioning environment is supported by Office 365 and the power of the Microsoft global network.

The PSTN calling service connects private telephony exchanges to the PSTN. A typical scenario has a caller using a legacy land line, or a cell phone, in situations where Voice over IP (VoIP) is challenging. PSTN calling routes a call to a traditional telephone number that is outside of your own organization, such as a person, or to a different organization that has its own PBX.

With the combination of Cloud PBX and PSTN calling, operations are optimized, and in many cases, tasks are completely automated by Office 365. Consider the impact on corporate moves, or new hire scenarios. Before, telecom managers had to perform PBX programming to assign users to specific phones. Today, phone numbers and presence information are automatically associated with a user account through Office 365. The information follows that user to any physical location, computer, or mobile device. Today, moving to a different office can be as simple as picking up your laptop, and connecting to the network.

We make and receive calls using Skype for Business, using existing phone numbers and calling plans. With PSTN calling, you assign users to subscription-based plans either for domestic calling, or local and international calling.

PSTN conferencing simplifies meetings and reduces costs

Finance, like other teams at Microsoft, uses public switched telephone network (PSTN) conferencing to join Skype for Business meetings from anywhere, and from any device, such as a PC, tablet, or phone. Dial-in conferencing simplifies the meeting process—you can add audio conferencing numbers to Outlook meeting invitations at the time of scheduling so that attendees have the option to join meetings from any phone with a local phone number when they can’t connect to the Internet or don’t have access to audio from their PC, tablet, or laptop. Dial-out conferencing enables online meeting attendees to add others to the meeting by dialing their phone number. Attendees can also join the audio portion of the meeting by also calling into the meeting.

Third-party conferencing charges eliminated

We take advantage of unlimited audio conferencing to eliminate per-minute costs that third-party audio conferencing providers charge. The value realized has been dramatic. Overall, we’ve seen a 95 percent reduction in audio-conferencing costs, which translates to $8 million per year.

Overall, our infrastructure for PSTN conferencing isn’t very different from a third-party conferencing system. The main difference, of course, is that we don’t have to outsource a third-party conferencing solution. In an acquisition scenario, the new company merely needs to be provisioned into the system.

Finance manages risk and drives growth

Security has always been—and will continue to be—imperative for Microsoft Finance. All Finance data is highly confidential, and security is always top of mind.

Cloud computing has democratized data. With data in the cloud, anyone in a business today can get the insight they need to make data-driven decisions at any time, and in any location. More than anything, our organizations need to take advantage of the seismic change of the cloud to empower employees with secure, self-service options to drive growth, optimize efficiencies, and translate data into business impact.

At the same time, we have to manage risk, multiple—and sometimes inconsistent—sets of data, and compliance. Job one is to keep Microsoft corporate data safe.

Security at Microsoft

As a Finance professional, you probably want to gain increased visibility to all kinds of risks—from controllership risks to external risks—with a single view into your business. Minimizing risk is a high priority that spans across any enterprise. If you are a CFO or work on a Finance team, you know that you have to manage risk and protect information. It’s essential that you partner with your CIO or CISO to protect sensitive information.

At Microsoft, we’ve always managed security as a centralized IT service. Identity is at its core. We provide our users with a single—hybrid—sign-in credential for multi-factor authentication. The credential works across both cloud and on-premises assets. This straightforward approach provides limited persistent administration rights, and works well with policy controls.

We protect with identity, devices, and apps and data. Our IT teams must balance user convenience and data security. Bring Your Own Device (BYOD) is a reality—our employees use the device of their choice. Microsoft IT uses the Enterprise Mobility Suite, Microsoft Intune, and other Microsoft Azure services to manage identity, devices, and applications.

Our focus on apps and data has expanded from infrastructure to include the behavior of our employees. We categorize data based on the sensitivity to the business and our customers. We also pursue pervasive encryption, including data at rest, data in motion, keys, certificates, and secrets. Like many other organizations, our Finance group depends on Microsoft IT to manage risk and keep our highly sensitive data safe.

We’ve seen new data security threats occur with greater frequency—and they’re more and more sophisticated. The negative effects of these breaches can’t be denied as they play out across our industry.

Protect, detect, and respond

Microsoft has made some changes in emphasis to its overall security posture. The core elements—which have not changed—are to:

  • Protect the enterprise across all devices, in all environments, anywhere in the world.
  • Detect threats using targeted signals, behavioral monitoring, and machine learning.
  • Respond quickly, closing the gap between discovery and action.

In our journey to the cloud, we’ve continued to emphasize the concept of assume breach. Traditionally, a large proportion of our resources were dedicated to preventive activities, such as application security, network segmentation, and host hardening. As we move to the cloud we have increased our investment in detection and response activities, using advanced intelligence capabilities—provided by Office 365—as part of our overall security strategy.

Security and E5

The estimated cost of cybercrime to the global economy is $500 billion. The number of security threats increases exponentially every year. Without a doubt, IT needs visibility and control over what our users are doing in Office 365 apps and services.

We focus on security and our secure and trusted technologies—using Office 365 Enterprise E5 capabilities—to create a digital-driven enterprise, and to help us compensate for decreasing levels of IT applications and support that are inherent in a cloud-based environment. Here’s a quick look at some of the new security capabilities that we’re using, and how they bring value to Microsoft:

  • Enhanced control and discovery. We monitor Office 365 usage and the cloud services that our users connect to—this helps us to identify anomalies and potentially risky behavior.
  • Safeguarding against threats. We address zero-day threats and malware in attachments and unsafe links, to detect and remediate breaches in real time.
  • Intelligent data discovery. We take advantage of machine learning and automated de-duplication to streamline the delivery of unique and relevant content for discovery purposes.

Advanced Security Management

Advanced Security Management capabilities in Office 365 Enterprise E5 give enhanced visibility and control over the service. They surface anomalies, and provide a better window into Office 365 and shadow IT consumption.

At a high level, Advanced Security Management provides:

  • Threat detection. Using Microsoft threat intelligence and machine learning, it identifies high-risk and abnormal usage, security incidents, and threats.
  • Enhanced control. It leverages granular controls and security policies to shape the Office 365 environment, it helps stop questionable activities, and lower risk.
  • Discovery and insights. Without installing an endpoint agent, it generates enhanced visibility into Office 365 consumption and shadow IT.
Threat detection

Advanced Security Management provides robust policy and threat alerting through anomaly detection policies for Office 365. Anomalies are detected by understanding user activity and evaluating its risk. Additionally, behavioral analytics help assess risk. It learns how the user interacts with Office 365 on a daily basis. With the baseline it creates when you enable the service, it can then detect suspicious user activity, and assign a risk score to help you if you decide to take further action.

Advanced Security Management benefits from the vast amount of threat intelligence information that Microsoft has. Microsoft has deep insights into the threat landscape—informed by trillions of signals from billions of sources—and is uniquely positioned to better protect organizations and their data.

Enhanced control

Advanced Security Management provides enhanced controls through a set of activity alerts, policies, and filters. Customizable policies can track specific activities that you might be interested in. Policies help you see when your users are doing things, such as:

  • Downloading a lot of data.
  • Failing to sign in multiple times.
  • Signing in from a new IP address.

Activity filters help scope the policies to detect specific information such as location, device type, or if a user has administrator rights. Based on activities happening within a specific timeframe, you can create an alert, or follow up directly.

Advanced Security Management generates alerts that make it easy for you to see the activities that you want monitored, and start your investigations. Some alerts—like a user signing in from a new location—might be a non‑issue. However, you might want to check to see if the user is accessing sensitive documents, or failing to sign in multiple times. Advanced Security Management gives you the power to drill down and get additional details around what else the user was doing, or the IP address being used, because it might have logged additional activities. If you decide a behavior is risky, you can stop them directly from the alert. If you consider some activities inherently risky, you can configure a policy so that an account is automatically suspended if the activity takes place.

Apps frequently plug in to Office 365. However, users don’t always closely read the permissions that an app requests, or they may simply not realize when an app isn’t in compliance with their organization’s policies. They’re just trying to be more productive. To help you get better control, visibility, and context, the app permissions feature gives you a way to see those apps, to know which users are using them, and the permissions they have. Based on this information, you can choose to approve the app or revoke its access to Office 365 for all users.

Discovery and insights

Advanced Security Management helps you discover usage information about Office 365 and other cloud services. This helps resolve shadow IT problems. The productivity app discovery dashboard provides a snapshot of pertinent information around Office 365 usage, like the amount of traffic that is going to Office 365.

Productivity App Discovery component of the Advanced Security Management dashboard.

Figure 6. The productivity app discovery dashboard.

You can also see if users are using other productivity cloud services. Advanced Security Management can discover about 1,000 applications. You can determine if shadow IT is happening in your organization, and see details around the top apps in each category. For example, you can see how much data is being sent to cloud storage services, like OneDrive for Business, Box, or Dropbox.

To load the data into the dashboard, all you have to do is upload logs from your network devices, like firewalls or proxies. There is nothing to install on the user endpoints to collect this data, which is an advantage in a BYOD environment.

Cloud App Security for SaaS infrastructure

We’ve seen that Advanced Security Management—which is powered by Microsoft Cloud App Security—is a powerful management tool for Office 365. At Microsoft, we’re managing Office 365—and at the same time, we need to manage critical data across our large, cross-cloud software as a service (SaaS) infrastructure. That’s where Cloud App Security comes in.

Cloud App Security gives us the threat discovery and control functions of Advanced Security Management—and it also gives us critical visibility and control into our complex cloud services environment. Cloud App Security is a critical component of the Microsoft security platform. It works with Microsoft identity and security solutions—including Azure Active Directory, Microsoft Advanced Threat Analytics, and Azure Information Protection—to deliver an innovative approach to SaaS security.

Monitoring at Microsoft

Cloud App Security activity logs immediately revealed detailed information about how our users were consuming Office 365 services. Having activity log data allowed us to change our investigative mechanisms in a powerful way. The signals are invaluable and critical for our security team—and probably yours—to use during security investigations.

The activity log information has reduced our dependency on other product teams. For example, prior to Cloud App Security, if we had an issue with SharePoint Online that we couldn’t resolve ourselves, we had to reach out to the SharePoint Online Security team and ask them to help us. Because events are recorded across SharePoint Online, we can now investigate many SharePoint Online issues ourselves.

Cloud App Security activity logs give us rich signal data across Office 365, Exchange Online, and SharePoint Online. The deep integration allows Microsoft IT to investigate security issues across all platforms, at the same time.

Advanced Threat Protection for attachments and links

The vast majority of advanced threats come through email. Preventing those threats in the first place is a top priority. Microsoft IT needed to go beyond traditional technologies to stop advanced threats like zero-day attacks and phishing.

We’re using Office 365 Advanced Threat Protection to identify and block potential issues. We’re gaining advanced protection against unknown and sophisticated threats in end-user email, attachments, and URLs. By using Advanced Threat Protection, we gain visibility and control over what our employees are doing in Office 365. These features are policy-based and can be applied to specific groups of users.

Safe attachments detect malicious behavior

We use the safe attachments policy in Advanced Threat Protection to protect against advanced zero-day attacks. Documents and other files attached to emails are opened in cordoned-off virtual environments to detect malicious behavior. Machine learning—as well as dynamic and static analysis techniques—further build on known threats, and isolate and destroy the very latest attacks.

The safe attachments policy is cloud-based. This means all users are protected when a threat is registered, and the service is constantly learning. The safe attachments policy is a configuration option that is simply turned on, and it gives us a huge benefit of scale. When a threat detection is registered, all users get the benefit in real time.

The safe attachments process adds to our security posture. At Microsoft, we’ve phased in safe attachments by organization, and noticed no loss in email service.

Safe links protect against malicious URLs

We use the safe links policy to dynamically protect against malicious URLs that are embedded in email messages. It wraps external links in special URLs, and then checks the link destinations for threats before opening them. When a malicious site is detected, it effectively blocks other users from being exposed to the same threat. Similar to the safe attachments policy, it acts like a crowdsourced security function, where all users are protected as the service learns about threats.

The safe links policy allows us to significantly increase our defense against malicious websites—by protecting users on all devices, across all networks.

Click trace provides rich reporting and URL trace capabilities by keeping a record of every user who has clicked on a safe link-wrapped URL. Logs record data such as the users who received the link, the users who clicked, and whether the service blocked the link.

In-place intelligent eDiscovery

To continue to meet legal, business, and regulatory compliance challenges, businesses must be able to keep and protect important information and quickly find what’s relevant. Spending days, if not weeks, manually sifting through millions of files to find the small number that are relevant isn’t just expensive, it isn’t an option.

Office 365 eDiscovery capabilities can help you quickly and cost-effectively locate, identify, and retrieve relevant information— and preserve it in place. No need to move content to a separate archive to store, index, and process. And the Office 365 eDiscovery solution is available globally to use in any locale or situation where you need to respond to legal and compliance needs or to an internal investigation. Complementing Office 365 eDiscovery, Office 365 Advanced eDiscovery threads email conversations, removes duplicates, finds near-duplicates, and identifies themes. This lets us give each reviewer a structured batch of unique files, eliminating redundant effort and saving review time.

Office 365 eDiscovery

When you need to respond to a legal or regulatory information request, the search and analytics tools in Office 365 eDiscovery can cut your costs and streamline your responses. eDiscovery search finds text and metadata in content across all of your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online. Office 365 Advanced eDiscovery further organizes and filters your content. It groups content into categories, removes duplicates, and uses machine learning to filter for relevance, reducing the amount that must be sent to review. You’ll find relevant content faster—while keeping your organization’s information more secure.

At Microsoft, we know how demanding and complex compliance can be. As you might imagine, being a large enterprise that operates on a global scale, we receive many discovery requests every year. Our legal department uses the eDiscovery features of Office 365 to improve the accuracy and usefulness of our discovery results and save time and money.

Before Office 365 eDiscovery was available, we had to manually collect content from various sources. Gathering a large volume of content and loading it into an offline processing tool took time. Then we had to reprocess it. With collection, processing, and remediation, it could take between two and three weeks to give outside counsel the documents they requested. Today, we do most of this work in hours, not days or weeks. We start to export content on the fly and have it ready for counsel to load into their review tool by the end of the day.

When we need to find specific content to respond to discovery requests, we first use eDiscovery search in the Office 365 Security & Compliance Center. We run searches right away, across the relevant Office 365 assets, without requiring the preliminary step of collecting content and moving it to a separate location to index and search.

We also preserve relevant content in place, in Office 365. We associate the relevant content sources with a case that we create in the Security & Compliance Center and then place the content on hold. This hold overrides any other retention policies that might be in force, and preserves the content for the duration of the case. The hold is practically invisible to the people using the sources, so they can continue working on their projects without interruption or loss of productivity.

Advanced eDiscovery

After we discover potentially relevant content using Office 365 eDiscovery Search, we use Advanced eDiscovery analytics to thread email conversations, remove duplicates, find near-duplicates, and identify themes. This lets us give each reviewer a structured batch of unique files, thereby eliminating redundant effort and saving review time. In some cases, instead of doing heavy keyword culling, we use the Advanced eDiscovery Relevance feature to identify relevant content. And even if we’re using keyword filtering, we always use Advanced eDiscovery to export our content in a format that’s immediately usable by our eDiscovery review partner and which requires no reprocessing.

This graphic shows the data efficiencies achieved by Advanced eDiscovery

Figure 7. eDiscovery efficiencies

By reducing the amount of manual work required to respond to eDiscovery requests, Office 365 eDiscovery saves our legal department about $4.5 million annually. With eDiscovery search, we typically reduce the amount of content in a case by about 95 percent. However, this still leaves large volumes of data that need to be submitted to the very costly process of legal review. Advanced eDiscovery helps us reduce these costs significantly: we typically see a further reduction of 30 percent by eliminating duplicate files and grouping near-duplicates, and another 25 percent by consolidating email threads.

Transforming with deep insights, collaboration, and security

Microsoft is leveraging powerful new Office 365 Enterprise E5 analytics, voice, and security capabilities to propel its digital transformation. E5 is used by all Microsoft groups and organizations. We’re unified and working together in a true data culture—securely and with the best tools.

Our Finance organization uses Power BI to revolutionize the tone and tenor of our business review meetings, and we rapidly respond to significant events that can impact financial assets, such as the Brexit vote. Power BI accelerates decision making and provides intuitive dashboards to interact with massive amounts of business data. MyAnalytics helps us to closely manage personal time and communications effectiveness in a data-driven way—which wasn’t possible before. Both Power BI and MyAnalytics support business and personal productivity decisions with rich, data-driven insights.

Skype for Business is our complete cloud communication and voice service. Skype for Business has become the standard method of communication and collaboration for hundreds of thousands of our employees and business partners—regardless of location. As a cloud-based PBX solution, Skype for Business saves us millions of dollars by freeing us from proprietary telephony carriers, and even from traditional phone hardware.

And new E5 security capabilities let us closely monitor across Office 365 usage and cloud services, safeguard against advanced zero-day threats, and streamline our eDiscovery processes. Security features in E5 give us brand new ways to thwart zero-day threats, and give us broad visibility across Office 365 apps. In-place eDiscovery and Advanced eDiscovery have made our discovery processes for internal investigations, court proceedings, and compliance purposes much more efficient and cost-effective.

For more Information

Microsoft IT Showcase

Office 365 product website

Power BI delivers custom data visualization to business teams

Improving service quality in Skype for Business

Mobile device management at Microsoft

Procurement Analysis sample for Power BI: Take a tour

Customer Profitability sample for Power BI: Take a tour

IT Spend Analysis sample for Power BI: Take a tour

Learn more about Office 365

Video: Digital Transformation at Microsoft: Achieving more with Office 365 


© 2019 Microsoft Corporation. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

You might also be interested in

IT expert roundtable: SharePoint at Microsoft - portals and publication
June 10, 2019

IT expert roundtable: SharePoint at Microsoft - portals and publication

Watch webinar
Speaking of security: Device health
June 03, 2019

Speaking of security: Device health

Watch webinar
IT expert roundtable: Migrating to live events in Microsoft 365 from Skype Meeting Broadcast
May 22, 2019

IT expert roundtable: Migrating to live events in Microsoft 365 from Skype Meeting Broadcast

Watch webinar
IT expert roundtable: Our journey towards a Modern Data Platform
May 20, 2019

IT expert roundtable: Our journey towards a Modern Data Platform

Watch webinar