Getting GDPR Ready
Commonly data breaches can take minutes, but discovery and reporting can take weeks or even months, Exemplified by breaches like Yahoo and Equifax, driving risk of reputational damage and material fines from regulators.
The GDPR features offered natively in Office365 and Azure AD services are compelling, offering reporting via Office365 Audit Logs, and DLP for PII (Personally Identifiable Information) and Compliance Dashboard.
However, while Microsoft offer important capabilities around automated classification and encryption of data, GDPR critical features are often enshrined within E5 level services, and the ‘fire hose’ of information available within Office365 Audit Logs are retained for just 90 days within Office365, only extensible for 180 days with ‘premium’ Advanced Security Management (ASM) https://goo.gl/P9QDwL
Accordingly, adding E5 level subscriptions to deals can secure Microsoft’s strategic Tier-1 services, and enable GDPR, but the value is in how we assess requirements and secure the best commercial outcome that delivers on IT and Governance objectives.
The advantage of Microsoft Advisory Services (MAS) is that we can work with the customer to understand their roadmap, enable cloud adoption, support a ‘cloud ready’ strategy, understand ‘smart scale in’ or ensure due diligence and assurance. Our team has experience negotiating contracts, enabled by our global commercial benchmark service, insight into common purchasing and pricing trends, to enable our customers to ‘buy the right technology, on the right contracts, at the best price’
Competitive Advantage through Licensing
A core advantage to our business, is that we understand what enterprises own (Entitlement), and what they deploy (Inventory), and can drive insights into use (Consumption), and how much things cost and what people actually pay (Price). There are no other consultancies with global scale and delivery capability to access this valuable EICP data layer from our services business, and provide trusted actionable insights with our Advisory practice.
As publishers like Microsoft leverage commercial licensing and pricing models to drive competitive advantage over competitors like AWS; smart assignment of legacy and active entitlements in licensing, can lower costs, afforded by Software Assurance under (often discounted) EA and SCE, and lower the overall TCO of a cloud architectures by including MAS license design principles in any solution.
For Example, AWS will often position ‘License Included’ (LI) solutions for Microsoft, with all licensing for the migrated Microsoft workloads included within a RI subscription. However, Microsoft are leveraging their ownership of the IP, to shift the cost landscape for SPLA providers over the last 7 years and secure the Microsoft workloads on Azure:
Taking selective advantage of (Hybrid Use Benefits for SQL and Windows Server in Azure, and selecting different architecture options, matched with available BYOL (Bring Your Own Licensing) in AWS, and our insights into both Entitlement and Inventory, and Price; MAS are able to provide optimised licensing TCO leveraging our ‘unfair advantage’.
Some principle recent Microsoft updates, for January 2017
- Managing Office365 licenses becomes easier with group-based subscription assignments, Admins will be able to restrict individual services for staged deployments, and assign multiple service packages https://goo.gl/kTg5Yy
- Windows Azure VM must enable port 1688 for licensing. To restrict access to Internet IPs, an admin must create an inbound rule in NSG https://goo.gl/pEFRPx to restrict the traffic. A network security group (NSG) https://goo.gl/wQHBoK contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet).
- PowerBI licensing can be expansive – a database managed by the Common Data Service (CDS) could incur all users of the app(s) that access the database to have a Plan 1 subscription. There is a good licensing resource available here: https://goo.gl/Bt6HgC
- Office365 enables GDPR with auto-data classification (AIP P2 / E5), DLP policies, and Compliance Manager. However, the ‘fire hose’ of Audit Logs are retained for just 90 days, extensible with premium AddOn /E5 Advanced Security Management (ASM) for 180 days https://goo.gl/P9QDwL
- Azure Info Protection scanner crawls through files in CIFS based file shares and SharePoint (2013-16) sites and apply classification, labelling and protection on files, policies. Note, as always the fancy GDPR content sits in AIP P2 or EMS E5. https://goo.gl/uuPGaz
- Skype for Business and Microsoft Teams – Setting up Communication Credits https://goo.gl/fL1h8d to enable Pre-Pay access toll-free call-out for Audio Conferencing and Calling Plans https://goo.gl/doHp8n
- A good resource on Skype for Business and Microsoft Teams add-on licensing https://goo.gl/5trxQ7
- Impact on Office365 service features support across the various iterations of Skype and Lync desktop clients https://goo.gl/9Hy3Yt
- PowerBI use scenarios can impact licensing and solution topology e.g. ‘User Owned Data’ vs, ‘App Owned Data’ when the user and app authenticate to access PowerBI APIs (for example for task workers to access a kiosk application) requires PowerBI Pro https://goo.gl/sYmgfW
- Microsoft announce policy change on End of Support and Premium Assurance. Microsoft are re-evaluating the Premium Assurance offer construct, which provides up to six years of additional support beyond the extended support period. Effective Feb 1st 2018, Premium Assurance SKUs will be updated to lead-status and removed from the published price list. As of now Premium Assurance should no longer be sold, and Redmond are working on plans to announce at a later date. If you have a deal in progress and need guidance, please contact firstname.lastname@example.org
- To allow additional time to deliver the full product and services catalog for software to the modern platform, the Select Plus Retirement suspension will be extended another 12 months. Microsoft will resume shutting down the remaining commercial Select Plus accounts in April 2019. Extensions have been automatically applied to all active commercial Select Plus accounts subject to retirement. Though Microsoft are not actively shutting accounts down, they are advocating moving customers out of Select Plus to a longer-term solution such as EA, CSP (or MPSA as appropriate). Note: Public Sector accounts are not impacted.
- Microsoft have announced that for pre-approved SMB customers that cannot transition to CSP, a 12 month Short Term EA Enrollment Extension option available until June 29, 2018 for pre-approved customers only.
- An longstanding issue for Skype for Business, Common Area Phone SKU will launch March 1, 2018. This new SKU will allow customers with phone devices not assigned to users and used in areas such as reception areas, break rooms, shop floors, or conference rooms to purchase just one SKU in order to enable those devices with the ability to make/receive calls. The SKU will include the service plans for Phone System and Skype for Business Plan 2. This new license will be available in EA, EAS, Open, CSP and GCC and will be restricted for assignment to devices only per updated Product Terms. The SKU will also roll out to EES customers in Q4FY18.
- Dynamics 365 for Sales, and Customer Service User CALs SA Only – have 61% discount empowerment until May 31st 2018. Available across Volume Agreement programmes.
This website is a way to give back to the licensing community and as an information resource for all customers that work with Microsoft software and licensing. I hope you find it of value.