How effective is enabling Windows Attack Surface Reduction in preventing a Windows device from Malware?

Enabling Windows Attack Surface Reduction (ASR) rules is **highly effective** in preventing a Windows device from many common types of malware and attack techniques. It’s a crucial component of a defense-in-depth strategy.

However, it’s not a silver bullet and its effectiveness depends on several factors.

Here’s a breakdown of its effectiveness:

How ASR Works and Why It’s Effective:

Targets Common Attack Vectors: ASR rules are specifically designed to block behaviors commonly used by malware to infect machines and execute malicious code. This includes:
- Office Application Abuse: Blocking Office apps from creating executable content, injecting into other processes, creating child processes, or running macros deemed malicious.
- Script-Based Attacks: Blocking obfuscated scripts (JavaScript, VBScript, PowerShell), or scripts that download/run payloads.
- Email-Based Threats: Blocking executable content from email clients and webmail.
- Exploitation Techniques: Preventing credential stealing (e.g., from LSASS), process hollowing, or unsigned/untrusted executables from running from USB drives.
- Ransomware Behaviors: Some rules can help mitigate common ransomware tactics.
Pre-Execution and Early-Execution Prevention: Many ASR rules intervene before malware fully executes or early in its execution chain, stopping the attack before significant damage occurs. This is more proactive than relying solely on detection of already-running malware.
Reduces Reliance on Signatures: While traditional AV relies heavily on signatures for known malware, ASR focuses on behaviors. This makes it more effective against new or polymorphic malware that might not have a signature yet.
Complements Antivirus: ASR works alongside Microsoft Defender Antivirus (or other AV solutions) and Endpoint Detection and Response (EDR) solutions like Microsoft Defender for Endpoint. It adds an extra layer of proactive defense.

Factors Influencing Effectiveness:

Which Rules Are Enabled: There are many ASR rules. Not all may be suitable for every environment. Enabling more relevant rules increases protection. Some key high-impact rules include:
- Block Office applications from creating child processes.
- Block Adobe Reader from creating child processes.
- Block execution of potentially obfuscated scripts.
- Block credential stealing from the Windows local security authority subsystem (lsass.exe).
- Block executable content from email client and webmail.
Mode of Operation (Audit vs. Block):
- Audit Mode: Logs what would have been blocked. Essential for testing and identifying potential legitimate application conflicts (false positives) before enabling block mode. Provides visibility but no active prevention.
- Block Mode: Actively prevents the flagged behaviors. This is where the true preventative power lies.
Exclusions: Properly configured exclusions are necessary for legitimate applications that might otherwise trigger ASR rules. Overly broad exclusions can reduce effectiveness.
Configuration and Management: Consistent deployment and management (e.g., via Group Policy, Intune, MEMCM) ensure all devices are protected.
Attacker Sophistication: While ASR stops many common TTPs (Tactics, Techniques, and Procedures), highly sophisticated attackers might find novel ways to bypass specific rules or use techniques not covered by ASR.
Keeping Systems Updated: Microsoft continually updates ASR rules and the underlying Defender platform to address new threats and improve detection logic.

Limitations:

False Positives: The primary challenge. Some legitimate applications, especially older or custom-developed ones, might exhibit behaviors that trigger ASR rules. Thorough testing in audit mode is crucial.
Not a Complete Solution: ASR doesn’t cover every conceivable attack vector. It won’t stop zero-day exploits against unpatched vulnerabilities if the exploit doesn’t trigger a specific ASR rule behavior.
User Experience: If not carefully tuned, blocking legitimate actions can frustrate users.

Conclusion:

Enabling Windows Attack Surface Reduction rules is a very effective proactive measure to significantly reduce the likelihood of malware infection from common attack vectors. It raises the bar for attackers, forcing them to use less common or more sophisticated techniques.

For maximum effectiveness:

Start in Audit Mode: Understand the impact on your environment.
Gradually Enable Rules in Block Mode: Prioritize rules that block high-risk behaviors with low potential for false positives first.
Monitor and Tune: Continuously review ASR logs and adjust exclusions as needed.
Use in Conjunction with Other Security Layers: ASR should be part of a comprehensive security strategy that includes antivirus, EDR, firewalls, patching, and user education.

When implemented thoughtfully, ASR is a powerful, built-in tool that provides a substantial boost to Windows endpoint security.

Getting started with the Microsoft Power Platform

The goal is to empower you (and your colleagues) to build solutions *without* necessarily needing deep coding expertise, focusing on productivity boosts and automating those repetitive tasks.

What is the Power Platform?

Think of it as a suite of low-code/no-code tools that work seamlessly with Microsoft 365 (and many other services) to:

Power Apps: Build custom applications (mobile or web) for specific tasks or processes.
Power Automate: Automate workflows and repetitive tasks between different apps and services.
Power BI: Analyze data and create interactive dashboards and reports (often used alongside the others, but slightly different focus).
Power Virtual Agents: Build intelligent chatbots without code.
(Underlying) Dataverse: A secure, scalable data platform to store and manage data used by your Power Platform solutions (think of it as a sophisticated database optimized for business apps).

For quick and easy productivity gains and automation, we’ll primarily focus on Power Apps and Power Automate.

Prerequisites & Access

Microsoft 365 License: Most standard Microsoft 365 Business or Enterprise licenses (like E3, E5, Business Standard, Business Premium) include foundational Power Platform capabilities. This typically covers:
- Running apps.
- Creating flows with Standard connectors (like SharePoint, Outlook, Teams, OneDrive, Forms, Excel Online).
- Limited Dataverse usage.
- Important Note: Using Premium connectors (like SQL Server, Salesforce, custom APIs), AI Builder features, RPA (Robotic Process Automation), or extensive Dataverse capacity often requires additional standalone Power Apps or Power Automate licenses. Start with what’s included first!
Accessing the Tools:
- Go to Office.com and sign in with your work account.
- Click the App Launcher (the “waffle” icon, 9 dots) in the top-left corner.
- You should see icons for Power Apps and Power Automate. If not, click “All apps”.
- Alternatively, go directly to:
  - make.powerapps.com for Power Apps
  - make.powerautomate.com (or flow.microsoft.com) for Power Automate

Getting Started: The Strategy

The key is to start small and focus on a specific pain point. Don’t try to boil the ocean.

Identify a Bottleneck or Repetitive Task: What’s something you or your team does regularly that is manual, time-consuming, or prone to errors?
- Examples: Manually copying data from an email into a spreadsheet, chasing people for approvals, collecting information via long email chains, tracking simple requests on paper or a shared doc.
Choose the Right Tool (Initially):
- Need to automate a process that runs in the background? (e.g., save email attachments, notify a team when a file is updated, request approval) -> Power Automate is likely your best bet.
- Need a user interface to interact with data or kick off a process? (e.g., a simple form to submit requests, a way to view and update items in a list, a checklist app) -> Power Apps is probably the way to go. Often, Power Apps and Power Automate work together.
Leverage Templates: This is the ABSOLUTE EASIEST way to start. Both Power Apps and Power Automate have extensive template galleries based on common scenarios.
Connect Your M365 Services: The real power comes from connecting the tools you already use (Outlook, Teams, SharePoint, OneDrive, Forms, Planner, etc.).
Build, Test, Iterate: Your first attempt won’t be perfect. Build something simple, test it, get feedback, and refine it.

Detailed Steps with Examples:

Scenario 1: Automating Email Attachments to OneDrive (Using Power Automate)

Pain Point: You receive regular reports via email from a specific sender and have to manually save the attachments to a designated OneDrive folder.
Tool: Power Automate
Steps:
1. Go to make.powerautomate.com.
2. On the left menu, click Templates.
3. Search for “Save email attachments to OneDrive”. You’ll find several variations. Select one like “Save Office 365 email attachments to a specified OneDrive for Business folder”.
4. Review the flow description and the connections it needs (Office 365 Outlook, OneDrive for Business).
5. Click Continue. Power Automate will check if you’re already signed into these services or prompt you to sign in.
6. Configure the Trigger: The template likely starts with the “When a new email arrives (V3)” trigger. You need to customize it:
  - Folder: Usually Inbox.
  - From: Enter the specific email address of the sender.
  - Include Attachments: Set to Yes.
  - Subject Filter: (Optional but recommended) Enter keywords from the subject line to be more specific (e.g., “Weekly Report”).
7. Configure the Action(s): The template will have actions like “Apply to each” (to handle multiple attachments) and “Create file” (for OneDrive).
  - In the “Create file” action:
    - Folder Path: Click the folder icon and navigate to the exact OneDrive folder where you want to save the files.
    - File Name: The template usually pre-fills this with Attachments Name (dynamic content from the trigger). This is good.
    - File Content: The template usually pre-fills this with Attachments Content. This is also good.
8. Save the flow.
9. Test the flow. You can use the “Test” button in the top-right. Choose “Manually” and then trigger the flow by having an email sent that matches your criteria (or use a recent email if available via automatic testing).
10. Turn it On: Once saved, the flow is active and will run automatically whenever a new email matching your criteria arrives.
Productivity Gain: Saves you minutes every time that email arrives, reduces the chance of forgetting, and keeps files organized automatically.

Scenario 2: Creating a Simple Request Form/Tracker (Using Power Apps & SharePoint)

Pain Point: Your team uses email or chat to request small IT support items, making them hard to track and manage.
Tools: SharePoint (for data storage), Power Apps (for the user interface)
Steps:
1. Create a SharePoint List:
  - Go to your team’s SharePoint site (or create a new one).
  - Click + New > List.
  - Choose Blank list. Name it something like “IT Support Requests”.
  - Add columns relevant to the request:
    - Title (Rename to “Short Description” – required by default)
    - Requester (Person or Group column, default to current user)
    - RequestDetails (Multiple lines of text)
    - Urgency (Choice column: High, Medium, Low)
    - Status (Choice column: New, In Progress, Completed, Cancelled – default to ‘New’)
    - AssignedTo (Person or Group column – optional initially)
    - CompletionDate (Date and Time column – optional)
2. Create the Power App:
  - Go to make.powerapps.com.
  - Click Create > SharePoint.
  - It will ask you to select or enter a SharePoint site URL. Find your site.
  - Select the “IT Support Requests” list you just created.
  - Click Create.
3. Automatic App Generation: Power Apps will automatically generate a basic 3-screen app (Browse, View Details, Edit/Create New) based on your SharePoint list columns!
4. Customize (Optional but Recommended):
  - Browse Screen: Select the gallery (the list of items). In the right-hand pane (or top formula bar), you can change which fields are displayed. Maybe show Title, Requester, and Status.
  - Edit/New Screen: Select the form. In the right-hand pane, click “Edit fields”. You can reorder fields, change control types (e.g., make RequestDetails bigger), or remove fields you don’t want users filling in (like AssignedTo if only IT assigns). Set the default value for Status to “New”.
  - Theme/Colors: Use the “Theme” option on the Home tab to quickly change the look and feel.
5. Save the app (give it a meaningful name like “IT Request App”).
6. Publish the app.
7. Share the app:
  - Click Share (top right or from the app list).
  - Enter the names or email addresses of the colleagues who need to submit requests.
  - Crucially: Make sure they also have permission to access the underlying SharePoint list! Grant them “Contribute” access to the list itself in SharePoint.
  - Decide if you want to send an email invitation.
8. Accessing the App: Users can access the app via the Power Apps mobile client, directly from the web link you share, or you can even embed it within a SharePoint page or Microsoft Teams tab for easier access.
Productivity Gain: Centralized request tracking, standardized information collection, clear status visibility, replaces messy email/chat trails.

Further Steps & Learning:

Explore More Templates: Both Power Apps and Power Automate have hundreds. Browse them for inspiration.
Learn about Connectors: Understand the difference between Standard (included with M365) and Premium (require extra licenses). Explore the vast list of available connectors.
Combine Power Apps and Power Automate:
- Trigger a Power Automate flow from a Power App button (e.g., when a new IT request is submitted in the app, trigger a flow to post a notification in a Teams channel).
- Use Power Automate to update data that your Power App displays.
Microsoft Learn: This is your BEST resource for structured learning. Search for Power Apps and Power Automate paths and modules – many are beginner-focused. (learn.microsoft.com)
Power Platform Community: Ask questions, see what others are building. (powerusers.microsoft.com)
Experiment: The best way to learn is by doing. Pick another small task and try to build a solution! Don’t be afraid to try things out in the editor.

Key Mindset:

Low-Code, Not No-Effort: While you don’t need traditional coding, you do need to think logically about process steps (for Automate) and user interface design (for Apps).
Iterative Improvement: Your first version is just the start. Use it, get feedback, and make it better over time.
Focus on Value: Prioritize automating tasks or building apps that provide the most significant time savings or process improvements first.

By starting small, using templates, and focusing on your existing M365 tools, you can quickly begin leveraging the Power Platform to make a real difference in your daily productivity and reduce manual work. Good luck!

Need to Know podcast–Episode 345

Join me for the latest news an updates from the Microsoft Cloud just on eve of Microsoft Build. Microsoft 365 Copilot Wave 2 is upon u and I provide some thoughts and information on what to expect as well as some thoughts around why data is the important thing to consider with AI rather than which model might currently be better. Listen along and let me know your thoughts.

Brought to you by www.ciaopspatron.com

you can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-345-its-all-about-the-data/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

or Spotify:

https://open.spotify.com/show/7ejj00cOuw8977GnnE2lPb

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

@directorcia

Join my shared channel

CIAOPS merch store

Become a CIAOPS Patron

Microsoft 365 Copilot Wave 2 Spring updates

Microsoft 365 Copilot: Built for the era of human–agent collaboration

2025 release wave 1 brings hundreds of updates to Microsoft Dynamics 365 and Power Platform

What’s new in Copilot Studio: April 2025

Researcher agent in Microsoft 365 Copilot

Analyst agent in Microsoft 365 Copilot

What’s new in the Microsoft 365 Copilot app – April 2025

Announcing Public Preview of DLP for M365 Copilot in Word, Excel, and PowerPoint

Explore practical best practices to secure your data with Microsoft Purview

Project Manager in Planner Demo

What’s new in Microsoft Intune: April 2025

Introducing ActorInfoString: A New Era of Audit Log Accuracy in Exchange Online

Advanced deployment guide for Conditional Access Policy templates

Enforce device compliance and app protection policies on BYOD with M365 Business premium

M365 Business Premium is well-suited for this because it includes key components like:

Microsoft Intune (Part of Microsoft Endpoint Manager): For Mobile Device Management (MDM) and Mobile Application Management (MAM).
Azure Active Directory (Azure AD) Premium P1: Provides Conditional Access policies, which are crucial for enforcement.
Information Protection Features: For data security.

Here’s a step-by-step approach, focusing on the least intrusive but effective methods for BYOD:

Core Strategy: Prioritize App Protection Policies (MAM) without Full Device Enrollment (MDM)

This is often the preferred approach for BYOD because it protects corporate data within specific apps without taking full control over the user’s personal device. It respects user privacy while securing business information.

Steps:

Configure App Protection Policies (APP / MAM Policies):
- Go to the Microsoft Endpoint Manager admin center: (endpoint.microsoft.com)
- Navigate: Apps > App protection policies.
- Create Policy: Click “+ Create policy” and select the platform (iOS/iPadOS or Android).
- Basics: Give the policy a descriptive name (e.g., “BYOD App Protection – Android”).
- Apps:
  - Target policy to: Select “All Public Apps” or “Selected Apps”. For BYOD, often start with core Microsoft apps (Outlook, Teams, OneDrive, Edge, Office apps). You can add other MAM-enabled apps later.
  - Important: This policy only applies to apps that support Intune App Protection.
- Data Protection: This is the core. Configure settings like:
  - Prevent backup: Block backing up work data to personal cloud storage (iCloud/Google Cloud).
  - Restrict cut, copy, paste: Control data movement between managed (work) apps and unmanaged (personal) apps. Often set to “Policy managed apps”.
  - Encryption: Ensure app data is encrypted. (Usually enabled by default).
  - Screen capture: Block screen capture for Android (iOS requires device management).
  - Save copies of org data: Prevent saving work files to local/personal storage. Allow saving only to managed locations like OneDrive for Business or SharePoint.
  - Receive data from other apps: Control if managed apps can receive data from unmanaged apps.
  - Open data in Org documents: Control which apps can open work documents.
- Access Requirements: Define how users access the protected apps:
  - PIN for access: Require a separate PIN (or biometrics) to open the work apps. Configure PIN complexity and timeout.
  - Work or school account credentials for access: Force re-authentication after a period of inactivity.
- Conditional Launch: Set conditions that must be met for the app to launch (e.g., block rooted/jailbroken devices, minimum OS version, app version).
- Assignments:
  - Target: Assign the policy to specific Azure AD user groups containing your BYOD users. Do not assign to device groups for MAM-without-enrollment.
- Review + Create: Finalize and create the policy.
Configure Conditional Access Policies in Azure AD:
- This is how you enforce the use of protected apps and check device state (even without full enrollment).
- Go to the Microsoft Endpoint Manager admin center or Azure AD portal: (portal.azure.com)
- Navigate: Endpoint Security > Conditional Access (in MEM) or Azure Active Directory > Security > Conditional Access (in Azure Portal).
- Create New Policy:
  - Name: Give it a clear name (e.g., “CA – Require App Protection for Mobile Access”).
  - Assignments > Users and groups: Target the same user groups as your App Protection Policy.
  - Assignments > Cloud apps or actions: Select the specific M365 services you want to protect (e.g., Exchange Online, SharePoint Online, Teams). Start with “Office 365” (which covers multiple services).
  - Assignments > Conditions > Device platforms: Configure this policy to apply only to iOS and Android.
  - Assignments > Conditions > Client apps: Configure this to apply to “Mobile apps and desktop clients” > “Modern authentication clients” > Select “Mobile apps”.
  - Access Controls > Grant:
    - Select “Grant access”.
    - Choose “Require app protection policy”.
    - Optional but Recommended: Also choose “Require approved client app”. This ensures users are using MAM-capable apps (like Outlook Mobile instead of native mail clients).
    - For “Multiple controls”: Select “Require all the selected controls”.
  - Enable policy: Set to “On”.
  - Create: Save the policy.

User Experience with this Approach:

The user installs a managed app (e.g., Outlook) from the public app store.
They sign in with their work (Azure AD) account.
Conditional Access checks if access is allowed. The policy requires an app protection policy.
The user is prompted that their organization protects data in the app. They may be prompted to install the Microsoft Authenticator (on Android) or the Company Portal app (on iOS/Android). Crucially, they do NOT need to fully enroll their device via the Company Portal. The Company Portal app simply needs to be present to receive and report the APP status.
The App Protection Policy settings are applied to the app (e.g., PIN required, copy/paste restrictions).
The user can now securely access work data within that managed app. Their personal apps and data remain untouched and unmanaged.

Alternative/Additional Strategy: Device Compliance (Requires Enrollment – MDM)

If you need stronger device-level controls (e.g., enforcing screen lock complexity on the device itself, checking for device encryption, ensuring minimum OS), you need users to enroll their devices into Intune (MDM). This is more intrusive for BYOD and users might resist.

Steps (If Choosing Enrollment):

Configure Enrollment Restrictions: (MEM Admin Center > Devices > Enroll devices > Enrollment device platform restrictions) Ensure personal iOS/Android devices are allowed to enroll if you intend to support this.
Create Device Compliance Policies: (MEM Admin Center > Devices > Compliance policies)
- Create separate policies for iOS and Android.
- Configure settings like: Minimum/Maximum OS Version, Require PIN/Password, Require Encryption, Device Threat Level (if using Defender for Endpoint), Block rooted/jailbroken devices.
- Assign these policies to user groups.
Modify/Create Conditional Access Policies:
- Instead of (or in addition to) “Require app protection policy,” add the grant control “Require device to be marked as compliant”.
- You can combine these: Require a compliant device AND require app protection policy for maximum security on enrolled BYOD devices.

User Experience with Enrollment:

User installs the Company Portal app.
User signs in and follows the prompts to enroll their device. This grants Intune management capabilities over the device.
Intune checks the device against the assigned Compliance Policy.
If compliant, the device is marked as such in Azure AD.
Conditional Access policies check for this compliance status before granting access to corporate resources.
App Protection Policies can still be applied for layered data security within apps, even on enrolled devices.

Summary & Recommendation:

For BYOD, start with App Protection Policies (MAM) without enrollment, enforced by Conditional Access requiring App Protection and Approved Client Apps. This provides strong data security within work apps with minimal impact on the user’s personal device.
Use Device Compliance Policies (MDM) requiring enrollment only if you have specific, strong requirements for device-level settings and your users consent to this level of management on their personal devices.
Always communicate clearly with users about what is being managed and why, especially with BYOD.
Test thoroughly with pilot groups before rolling out broadly.

By leveraging App Protection Policies and Conditional Access, Microsoft 365 Business Premium offers a powerful and flexible way to secure corporate data on BYOD smartphones while respecting user privacy.

Storage limits for Microsoft 365 Business Premium and Microsoft 365 Enterprise E5

The main differences lie in OneDrive per-user storage potential and Exchange Online mailbox/archive sizes and capabilities. SharePoint storage calculation is generally the same, but E5 often caters to larger organizations, potentially leading to more overall pooled storage.

Here’s a comparison table:

Feature/Service	Microsoft 365 Business Premium	Microsoft 365 Enterprise E5	Key Difference
OneDrive for Business (Per-User File Storage)	1 TB per user (default) Can often be increased by admin to 5 TB, sometimes 25 TB under specific conditions.	Starts at 1 TB per user Admin can increase to 5 TB, then 25 TB. For plans with 5+ users, can request unlimited (initially provisioned as 25 TB, then 25 TB SharePoint site collections per user).	Business Premium maxes out (typically 5TB/25TB), E5 can go beyond with admin steps.
SharePoint Online (Tenant Pooled Storage)	1 TB base tenant storage + 10 GB per licensed user Storage is pooled across all sites.	1 TB base tenant storage + 10 GB per licensed user Storage is pooled across all sites.	No difference in calculation. Total pooled storage depends on user count. E5 tenants might have more total storage due to higher user counts typically.
Exchange Online (Primary Mailbox)	50 GB Primary Mailbox (Comes with Exchange Online Plan 1)	100 GB Primary Mailbox (Comes with Exchange Online Plan 2)	E5 has double the primary mailbox size (due to Exchange Online Plan 2 vs Plan 1).
Exchange Online (Archive Mailbox)	50 GB Archive Mailbox (Standard, separate archive)	1.5 TB Archive Mailbox (Initially 100GB) Auto-Expanding Archiving enabled by default.	Business Premium has a fixed 50 GB archive. E5’s archive can grow massively.
Microsoft Teams (File Storage)	Files stored in SharePoint/OneDrive. Subject to those respective limits.	Files stored in SharePoint/OneDrive. Subject to those respective limits.	No direct difference. Storage limits are dictated by SharePoint/OneDrive.
Stream (on SharePoint) (Video Storage)	Videos stored in SharePoint/OneDrive. Subject to those respective limits.	Videos stored in SharePoint/OneDrive. Subject to those respective limits.	No direct difference. Storage counts against SharePoint/OneDrive pooled storage.

Key Takeaways & Nuances:

OneDrive: The biggest potential difference. While both start at 1 TB, E5 offers a path to effectively unlimited storage per user (requires admin configuration and meeting criteria like having 5+ E5 licenses). Business Premium has clearer upper limits (usually 5 TB or potentially 25 TB with admin intervention).
Exchange Mailbox: E5 provides significantly larger primary mailboxes (100 GB vs 50 GB).
Exchange Archive: This is a major E5 advantage. Business Premium has a standard 50 GB archive. E5 includes Auto-Expanding Archiving, which starts larger (100 GB) and can automatically grow up to 1.5 TB, removing significant storage headaches for long-term email retention.
SharePoint: The calculation for pooled tenant storage is identical (1 TB base + 10 GB per user). An organization with E5 licenses might have more total SharePoint storage simply because they have more users, but the formula per user is the same.
Admin Action: Increasing OneDrive storage beyond the initial 1 TB (in either plan) usually requires administrator configuration. The “unlimited” OneDrive in E5 requires specific admin steps and meeting license count prerequisites.
Add-on Storage: Both plans allow for purchasing additional SharePoint storage if the pooled limit is reached.

In summary, Microsoft 365 E5 offers substantially more generous storage limits and capabilities, particularly for individual user file storage (OneDrive potential) and email archiving (Exchange Online Auto-Expanding Archive). Business Premium provides ample storage for many small-to-medium businesses but has stricter upper bounds compared to E5’s potential.

CIA Brief 20250503

What’s new in Copilot Studio: April 2025 –

https://www.microsoft.com/en-us/microsoft-copilot/blog/copilot-studio/whats-new-in-copilot-studio-april-2025/

2025 release wave 1 brings hundreds of updates to Microsoft Dynamics 365 and Power Platform –

https://www.microsoft.com/en-us/dynamics-365/blog/business-leader/2025/04/30/2025-release-wave-1-brings-hundreds-of-updates-to-microsoft-dynamics-365-and-power-platform/

McGees Property secures its future after ransomware attack –

https://www.youtube.com/watch?v=T6RaAuPXrcQ

Microsoft 365 Copilot Wave 2 Spring updates –

https://www.youtube.com/watch?v=Y-taqarhCao

aster, more personalized service begins at the frontline with Microsoft Intune –

https://www.microsoft.com/en-us/security/blog/2025/04/28/faster-more-personalized-service-begins-at-the-frontline-with-microsoft-intune/

Enhancing Cybersecurity for Nonprofits with Microsoft Defender –

https://techcommunity.microsoft.com/blog/nonprofittechies/enhancing-cybersecurity-for-nonprofits-with-microsoft-defender/4383058

What’s new in Microsoft Intune: April 2025 –

https://techcommunity.microsoft.com/blog/microsoftintuneblog/whats-new-in-microsoft-intune-april-2025/4408094

Announcing General Availability: Microsoft Sentinel Solution for Microsoft Business Applications –

https://techcommunity.microsoft.com/blog/microsoftsentinelblog/announcing-general-availability-microsoft-sentinel-solution-for-microsoft-busine/4406758

How agentic AI is driving AI-first business transformation for customers to achieve more –

https://blogs.microsoft.com/blog/2025/04/28/how-agentic-ai-is-driving-ai-first-business-transformation-for-customers-to-achieve-more/

Project Manager in Planner Demo –

https://www.youtube.com/watch?v=WpQpjey1L3Q

Introducing more control over Direct Send in Exchange Online –

https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790

The Crucial Role of Data Security Posture Management in the AI Era –

https://techcommunity.microsoft.com/blog/microsoft-security-blog/the-crucial-role-of-data-security-posture-management-in-the-ai-era/4408308

After hours

The Rise of AI in Factories – https://www.youtube.com/watch?v=Yx1UEdDii5s

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week

Getting beyond just emails with Microsoft 365

Getting employees to move beyond the familiar (email, basic file storage) requires a thoughtful and multi-faceted strategy. Simply *having* the tools isn’t enough; you need to address awareness, skill, motivation, and integration.

Here’s an effective strategy broken down into actionable steps:

Phase 1: Assessment & Planning

Understand the “Why”:
- Survey/Interviews: Talk to employees (or a representative sample). Why aren’t they using other tools? Common reasons include:
  - Lack of awareness (don’t know what’s available).
  - Lack of understanding (don’t know how to use them).
  - Lack of perceived value (don’t see the benefit over current methods).
  - Lack of time to learn.
  - Resistance to change (“Email works fine for me”).
  - No clear expectation or direction from leadership.
- Identify Pain Points: Ask what their biggest daily frustrations or time-wasters are (e.g., finding documents, managing tasks, collaborating on reports, endless email chains). This helps you map M365 tools to solve their actual problems.
- Analyze Current Usage (if possible): Use the Microsoft 365 admin center reports to get baseline data on which services are being used, even minimally.
Identify High-Impact Use Cases & Target Tools:
- Don’t try to push everything at once. Based on the pain points identified, select 2-3 tools or features with the highest potential impact. Examples:
  - Problem: Endless internal email chains, difficulty tracking conversations. Solution: Microsoft Teams (Chat, Channels).
  - Problem: Difficulty managing team tasks or small projects. Solution: Microsoft Planner (integrated into Teams).
  - Problem: Version control chaos, difficulty collaborating on documents. Solution: SharePoint/Teams file storage with co-authoring & version history (moving beyond personal OneDrive).
  - Problem: Repetitive manual tasks (e.g., approvals, notifications). Solution: Simple Power Automate flows.
  - Problem: Collecting feedback or simple data. Solution: Microsoft Forms.
- Define Clear Scenarios: Instead of saying “Use Teams,” say “Use Teams chat for quick internal questions instead of email,” or “Use the ‘Project Alpha’ Team channel for all discussions and file sharing related to that project.”

Phase 2: Execution & Engagement

Secure Leadership Buy-in & Role Modeling:
- This is CRUCIAL. If managers and leaders aren’t using the tools, employees won’t either.
- Brief leadership on the strategy and the business benefits (efficiency, collaboration, knowledge sharing).
- Encourage leaders to actively use the target tools (e.g., post announcements in Teams, manage their team tasks in Planner, share files via SharePoint/Teams links).
Targeted Communication & Awareness Campaign:
- Focus on “What’s In It For Me?” (WIIFM): Communicate the benefits to the employee, not just the features. (e.g., “Spend less time searching for files,” “Reduce email clutter,” “Collaborate easier with your team”).
- Use Multiple Channels: Emails, intranet posts, team meeting announcements, short videos, posters.
- Showcase Success Stories: Highlight teams or individuals who are already using the tools effectively.
- Regular Tips & Tricks: Send out short, actionable tips related to the target tools/use cases.
Provide Practical, Contextual Training:
- Variety of Formats: Offer different learning styles – live workshops (virtual or in-person), short recorded video tutorials, quick reference guides (QRG), lunch-and-learn sessions.
- Scenario-Based: Train on how to accomplish specific tasks relevant to their jobs using the tools (e.g., “How to co-author a report in Teams,” “How to manage your project tasks with Planner”), not just abstract feature overviews.
- Keep it Short & Focused: Micro-learning is often more effective than long, overwhelming sessions.
- Leverage Microsoft Resources: Point employees to Microsoft Learn, built-in help features, and templates.
Integrate Tools into Existing Workflows:
- Identify specific business processes where the new tools can replace older, less efficient methods.
- Example: Mandate that all documents for a specific team project must be stored and collaborated on within the designated Team/SharePoint site, not emailed as attachments.
- Example: Set up a Planner board for a recurring team process and make it the standard way to track progress.
- Make it the path of least resistance over time.
Establish Champions & Support Systems:
- Identify “Champions”: Find enthusiastic early adopters in different departments. Provide them with extra training and empower them to help their colleagues. Recognize their efforts.
- Provide Clear Support Channels: Make it easy for employees to ask questions – a dedicated Teams channel, help desk support, regular Q&A sessions.
- Create a Resource Hub: A simple SharePoint page or Teams tab with links to training materials, FAQs, guides, and champion contacts.

Phase 3: Reinforcement & Iteration

Gamification & Incentives (Optional but can be effective):
- Introduce friendly competitions or challenges related to tool usage (e.g., “Team with the best-organized SharePoint site,” “Most helpful answer in the Q&A channel”).
- Offer small rewards or recognition for participation or achieving milestones.
Gather Feedback & Measure Progress:
- Regularly check usage statistics in the M365 admin center.
- Conduct follow-up surveys or quick polls to gauge understanding and satisfaction.
- Ask champions and managers for qualitative feedback.
- Track whether the initial pain points are being addressed.
Iterate and Expand:
- Based on feedback and results, refine your approach. What’s working? What’s not?
- Once adoption of the initial target tools improves, gradually introduce new tools or more advanced features, following the same principles.
- Don’t stop communicating and training – adoption is an ongoing process.

Key Principles:

Start Small & Focused: Don’t overwhelm people.
Focus on Value & Problem Solving: Answer the “WIIFM”.
Make it Easy: Provide clear guidance, training, and support.
Lead by Example: Leadership involvement is non-negotiable.
Be Persistent & Patient: Change takes time.

By implementing this structured approach, focusing on employee needs and benefits, and providing ongoing support, you can significantly increase the adoption and effective use of the powerful tools within Microsoft 365 Business Premium.

CIAOPS Need to Know Microsoft 365 Webinar – May

laptop-eyes-technology-computer_thumb

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at OneDrive for BUsiness in Microsoft 365.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

May Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2505)

The details are:

CIAOPS Need to Know Webinar – May 2025
Tuesday 27th of May 2025
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.