Microsoft UK Gets New Channel Chief

Microsoft has hired Accenture's Salesforce business lead for the United Kingdom and Ireland as its new U.K. channel chief.

Orla McGrath will run the Microsoft Partner organization as the One Commercial Partner lead for Microsoft UK.

McGrath comes to Microsoft after a 26-year career with Accenture, according to her LinkedIn profile. Other roles at Accenture included being managing director at the U.K. and Ireland level for cloud-first applications and for emerging technology around SaaS and Salesforce. She had also been involved in management and consulting roles involving SAP, CRM and ERP.

Orla McGrath (source: Microsoft)

"I am excited to help shape Microsoft's partner ecosystem for the benefit of our customers and society more broadly. I couldn't think of a more exciting and challenging opportunity," McGrath said in a statement Monday.

McGrath replaces Joe Macri, who retired last year after a 24-year career at Microsoft.

Also joining the U.K. subsidiary is Soraya Scott, previously chief of staff for Jean-Philippe Courtois, who runs Microsoft International. Scott will be chief operating officer of Microsoft UK.

Microsoft UK CEO Clare Barclay said, "We are at an important inflection point in the U.K. market, so I am excited about the depth of global experience and leadership capability both Orla and Soraya bring, and they will both play a critical role in driving the future success in the U.K. with our customers and partners."

Posted by Scott Bekker on March 30, 20210 comments

Enterprise Cloud Spending Vaults Past Datacenter Spend in 2020

It took 10 years of steady growth for enterprises to spend the same amount on cloud services as they did on their on-premises datacenter hardware and software.

But it happened in 2019. And then in 2020, cloud service spending left datacenter-related spending in the dust.

That's according to new data this month from Synergy Research Group.

The Reno, Nev.-based research firm found cloud infrastructure services spending grew 35 percent in 2020 to almost $130 billion. By comparison, enterprise spending on datacenter hardware and software, largely stagnant for a decade, fell 6 percent to $89 billion.

[Click on image for larger view.]

"Over the last ten years we have seen a dramatic increase in computer capabilities, increasingly sophisticated enterprise applications and an explosion in the amount of data being generated and processed, resulting in an ever-growing need for data center capacity. However, 60% of the servers now being sold are going into cloud providers' data centers and not those of enterprises," said John Dinsdale, chief analyst at Synergy, in a statement.

In 2019, spending on the two categories was relatively even in the mid-$90-billion range, with cloud service spending slightly ahead.

According to Synergy's data, average annual spending growth over the last decade was 2 percent for datacenters and 52 percent for cloud services, which included IaaS, PaaS and hosted private cloud.

Within cloud over the decade, Dinsdale said the segments with the highest growth rates were PaaS categories, especially database, IoT and analytics.

Posted by Scott Bekker on March 26, 20210 comments

IDC: Data Creation Hit 64ZB in 2020

I'll admit it, I'm a sucker for data milestones.

They're simultaneously amazing and entirely expected.

After all, we're all doing more digitally, seemingly every day, with more and more of our output occurring with images and video. Over this last year, a lot of these remote work meetings happen on video. We're recording a lot of the meetings rather than picking up a pen since the fidelity of a recorded conversation is always better than what you happen to scribble down while the conversation is continuing in your ears.

Then there's the duplicate file in a separate service to create a transcript -- you get the idea. We're all living it.

On to the jaw-dropping new figures. Researchers at IDC this week posted a huge new number for global data creation: 64.2ZB in 2020. That's zettabytes. If you're keeping track, it goes kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte (TB), petabyte (PB), exabyte (EB) and zettabyte (ZB).

"In 2020, 64.2ZB of data was created or replicated, defying the systemic downward pressure asserted by the COVID-19 pandemic on many industries and its impact will be felt for several years," said Dave Reinsel, senior vice president, IDC's Global DataSphere, in a statement Wednesday. "The amount of digital data created over the next five years will be greater than twice the amount of data created since the advent of digital storage."

It's not just virtual meetings, social media, video streaming, wireless and mobile traffic and ever-fatter broadband pipes driving the increase, which IDC anticipates will grow at a compound annual growth rate of 23 percent a year through 2025. It's also IoT data, which is the fastest growing data segment, data at the edge and enterprise data generally.

Other than the headline storage number, what's also interesting in IDC's recent analysis is how ephemeral most of that data is. The overall installed base of storage capacity grew steadily to 6.7ZB in 2020. You'll notice that's about 10 percent of the capacity of all the data that was created.

In all, less than 2 percent of the new data was saved and retained into 2021. Most of it was temporarily created or replicated for consumption and then deleted or overwritten with newer data. Think downloading a Netflix movie to your phone, watching it and then having it removed when you're finished.

The combination of those numbers prompts Reinsel to ask, "How much of it should be stored?"

In IDC's view, we should think about retaining a lot more data, at least on the business side.

"Organizations should consider preparing now to store more data as they seek to achieve digital transformation milestones and improve business metrics by accelerating innovative data analytics initiatives," said John Rydning, research vice president of IDC's Global DataSphere.

Whether or not organizations need to store more data, or just need to more effectively use what they already retain, one thing is sure. We're awash in data, and it's still flooding in.

Posted by Scott Bekker on March 25, 20210 comments

Veeam Puts Hourly Downtime Cost at $85K

There's a new hourly metric for the cost of downtime -- $84,650.

That hyper-specific average comes from the new "Veeam Data Protection Report 2021" released Thursday. The report is based on a survey of 3,000 IT decision makers around the world.

Veeam's survey also found that the average downtime for an outage was 79 minutes.

The numbers are both better and worse than similar figures Veeam provided last year in its "Veeam 2020 Data Protection Trends Report." That survey of about 1,550 IT pros put the cost of downtime for high-priority applications at $67,651 per hour and found the average outage lasted for a more excruciating 117 minutes.

Veeam provides cloud data management solutions, of which backup and recovery components make up the core value proposition.

The 2021 report also digs a little deeper into IT professionals' perceptions of other negative impacts of downtime.

"The impact cannot be measured solely in costs per hour. There are many other potential downsides to outages," the 32-page report states.

In descending order of response percentage, those other impacts included loss of customer confidence, damage to brand integrity, loss of employee confidence, diversion of resources from long-term or business-critical projects, reduced stock price, subject to legal action and revocation of licenses or accreditations.

Major themes of the 2021 report included changing rates of digital transformation spending, with some sectors accelerating projects while others halted them; significant backup and recovery failure rates; and a significant shift toward cloud-based backup.

The full report is available here (registration required).

Posted by Scott Bekker on March 18, 20210 comments

Sherweb Adds MDR Solution to Microsoft Partner Offerings

Sherweb is taking another step to support smaller managed service providers whose customers' security expectations sometimes outstrip their MSPs' in-house capabilities.

The Sherbrooke, Quebec-based cloud solution provider (CSP) this week rolled out Office Protect Alliance, a managed detection and response (MDR) solution. The new service gives Sherweb's partners access to a security operations center staffed by security analysts who monitor the partners' clients' activity.

"We do the tedious work of analyzing every situation, eliminating false positives, and researching the required information affordably," said Guillaume Boisvert, director of product innovation at Sherweb, in a statement. "That way, partners can do the hero work of intervention for their clients, fully briefed and ready to go."

The service builds on the philosophy behind Sherweb's first security product -- Office Protect. The Office Protect tool was designed to help partners quickly and easily configure their clients' Office 365 environments to greatly improve the baseline security without needing extensive security expertise.

According to Sherweb, Office Protect Alliance is the first in a planned series of cybersecurity services to support Microsoft cloud-based applications.

Sherweb is one of a few dozen indirect providers in Microsoft's CSP program. In the program, indirect providers, like Sherweb, obtain Microsoft cloud subscriptions from Microsoft and bundle them with other services and support for distribution to a large network of smaller CSP/MSP partners who work directly with their own customers.

Posted by Scott Bekker on March 17, 20210 comments

Now There's Ransomware for Those Exchange Vulnerabilities

A little more than a week after being revealed in on-premises Exchange Servers, some of the zero-day vulnerabilities are appearing in ransomware, adding further urgency to the associated patches.

Microsoft disclosed the existence on March 2 of four zero-day vulnerabilities in certain versions of Exchange that enabled access to e-mail accounts and allowed attackers to install leave-behind malware. The announcement included patches for the vulnerabilities in Exchange Server 2019 and Exchange Server 2016.

The Microsoft Threat Intelligence Center (MSTIC) attributed the campaign to a state-sponsored group it calls Hafnium that operates out of China and primarily targets entities in the United States. The initial focus was on pre-patch/pre-discovery attacks, as well as an acceleration in post-patch activity as attackers raced to beat the patches.

Now Microsoft has confirmed that ransomware organizations have gotten in on the action.

"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry," the Microsoft Security Intelligence tweeted.

The @MsftSecIntel account also noted that Microsoft Defender customers with automatic updates turned on don't need to take additional action to protect against the DearCry ransomware. That official Microsoft account also reiterated the urgent call to patch vulnerable Exchange Servers and take other related steps.

One ransomware security researcher said the speed with which the vulnerabilities were converted to ransomware was remarkable.

"What this shows is the acceleration of the development of the ransomware actors and their maturity," said Allan Liska with Recorded Future in an interview. "If you go back to ZeroLogin, which was released in August, we didn't see ransomware actors exploiting that until October, which was a two-month gap. Here there was a nine-day gap. It shows how quickly they're growing and maturing in terms of being able to take advantage of exploits."

Posted by Scott Bekker on March 12, 20210 comments

Three Dozen GA Announcements from Microsoft Ignite

Editor's Note: This article is updated to correct the general availability date of Azure Communication Services. The service will be available in the next few weeks.

We like to think "general availability" still counts for something in this always-iterating development world, which is why we often take the opportunity at Microsoft events to separate the GA milestones from preview news.

At Microsoft Ignite on Tuesday, there were more than three dozen announcements of features, services and a few products at or near the GA stage, meaning the item is deemed stable and tested enough for a supported production deployment.

Here are the key general availability announcements from Microsoft this week:

Microsoft Teams is a countercyclical. In a year of widespread lockdowns, the remote worker-enabling capabilities of Teams have been critical for organizations worldwide. In his Ignite keynote, CEO Satya Nadella indicated Microsoft is investing in Teams with the expectation that it will continue to be important even as the pandemic abates.

"As the world recovers, there's no going back. Employee expectations are changing and flexibility will be key. And that's why we're building Microsoft Teams as an organizing layer for all the ways we work -- the modes of communication, collaboration and the ability to extend it with other apps and services," Nadella said.

More than a quarter of Microsoft's big GA announcements this week involved Teams:

  • PowerPoint Live in Teams makes sharing slides richer on both sides. Presenters can view notes, slides, meeting chat and participants in a single view. On the viewing side, attendees will have more control over their experience with the ability to move through the slides at their own pace, independently of the speaker, and with a high-contrast mode for accessibility.
  • Presenter mode in Teams gives presenters options for customizing how their video feed and content appear. The first Presenter mode option, becoming available this month, is Standout, showing the speaker's video in front of shared content. Coming options include Reporter, which puts content above the speaker's shoulder, apparently like a news anchor's display, and Side-by-Side, where the video feed is next to the presenter's content.
  • Dynamic view has to do with the automatic arrangement of meeting elements, informed by the user base's experience over the past year. For example, presenters can now place the participant gallery on top of the meeting, helping to approximate a more natural eye contact with audience members. GA is slated for this month.
  • Teams Rooms now also has new gallery views, which include a Together Mode and a large gallery view.
  • Invite-only meetings controls are a security feature of Teams that will be generally available this month. It's designed to prevent the Teams equivalent of Zoombombing.
  • Large-scale Teams meeting capabilities will be available later this month. The capacity of view-only broadcast meetings will increase from the current 10,000-person limit to a 20,000-person limit. That particular bump may be reduced again later. Microsoft materials note that the increase is to accommodate "this time of increased remote work" and that it is "available through the end of this year." Also rolling out this month are large-scale interactive customer webinars for up to 1,000 attendees. Those events support custom registration and other options.
  • Teams webinars are now available as part of Dynamics 365 Marketing campaigns
  • The Microsoft Viva employee experience platform was announced in February with four modules: Viva Connections, Viva Learning, Viva Insights and Viva Topics. The Teams desktop experience of Viva Connections hits GA this month. That component allows companies to provide a curated experience of news, conversations and other resources for their employees.
  • Viva Topics, which is supposed to automatically organize content and contacts across an organization, is also generally available as a Teams add-on for Microsoft 365 customers.

Microsoft 365
Microsoft highlighted a few GA features of its strategic Microsoft 365 cloud at Ignite.

  • Attack Simulation Training reached general availability on Jan. 6, but remained one of the most important GA highlights at Ignite, two months later. A critical and useful component of organizations' defense against phishing and ransomware, Attack Simulation Training  is part of Microsoft Defender for Office 365. Using neutralized versions of real attacks, the tool simulates attacks to detect risky user behavior and provides reporting on training progress.
  • A slew of updates are now generally available for the Microsoft 365 Office Apps admin center, including device servicing profiles, inventory and security update statuses, reliability and performance trend reporting, reliability advisories, diagnostic coverage, integration with the Service Health Dashboard, skip capabilities and rollback capabilities.

The bulk of the general availability news from Ignite involved various Azure services.

  • Azure Sentinel, Microsoft's security information event management (SIEM) service, is newly enhanced with more than 30 new, built-in connectors covering Microsoft Dynamics, Salesforce Service Cloud, VMware and Cisco Umbrella; new security orchestration automated response (SOAR) playbooks; data ingestion improvements; and improvements in analytics.
  • Role-based access control is now available for Azure Machine Learning.
  • Azure Stream Analytics is now generally available with support for single-tenant dedicated clusters.
  • Azure Cache for Redis, the open source, in-memory data store, now has two additional tiers -- Enterprise and Enterprise Flash.
  • Azure Resource Mover, which Microsoft bills as unique to the Azure platform, is a new capability that allows organizations to migrate their applications from one Azure region to another once a new region is launched or to take advantage of region with availability zones.
  • Azure Communication Services, a new "fully managed communication platform" for integrating voice, video, text and data communication, will be generally available in a few weeks after a preview period that started in September. Rounding out the many business-to-consumer use cases are new preview integrations with Teams intended to allow customers to connect directly with employees.
  • The Private Azure Marketplace service, which allows an organization to limit which third-party solutions their users can find and install from the broader Azure Marketplace, is generally available.
  • Connecting, managing and governing Kubernetes clusters on-premises and across multiple clouds is now available through the Azure Arc management service.
  • The Backup Center is generally available with support for centralized backup management of Azure Virtual Machines, SQL in Azure Virtual Machines, HANA in Azure VMs and Azure Files.
  • A mixed reality-related service, Azure Remote Rendering, is generally available for performing the compute-intensive rendering of complex models in the cloud and then streaming them in real-time to devices, such as HoloLens 2.
  • In the next few weeks, Microsoft will make Azure Monitor for Windows Virtual Desktop generally available, allowing organizations to view summary data of a host pool, find and troubleshoot problems in a deployment, view utilization data and gather relevant information for decisions on scaling and cost management.

Azure Active Directory (Azure AD)

  • Passwordless authentication is now supported in Azure AD. Under the functionality, employees can sign in with Windows Hello for Business, the Microsoft Authenticator app or compatible FIDO2 security keys.
  • Header-based authentication apps can now natively connect to Azure AD with general availability of support for header-based authentication in Azure AD Application Proxy.
  • Azure AD External Identities, allowing Azure AD access for an organization's customers and partners, will be generally available later this month after a public preview that launched in May 2020. The first 50,000 monthly active users of External Identities are free at any tier.
  • Two enterprise app management updates for Azure AD will hit general availability later in March. The Application Template API for Azure AD within Microsoft Graph gives organizations a way to programmatically manage applications in the Azure AD app gallery. The Admin Consent Workflow for Azure AD is a slick feature that adds a request to the administrator to the sign-in flow when a user tries to access an application that requires admin approval.

Azure Networking

  • A deep set of load balancing options are being added to general availability for Azure Networking this month. Those include a guided experience for selecting the right load-balancing approach, load balancing across IP addresses and other features.
  • An Azure Public IP SKU upgrade is a back-end change that allows a customer to upgrade from the Basic SKU to the Standard SKU of Azure Public IP without having to change the public IP address.
  • Customers can take control of the way their traffic is routed between Azure and Internet with Azure Networking routing preference, optimizing for performance or cost. The options are referred to colorfully as "cold potato routing" and "hot potato routing."
  • A related GA capability involves an Azure hybrid networking feature. Microsoft now offers an ExpressRoute Portal within the Azure Portal with more complete peering and Global Reach configuration settings.

Azure Spring Cloud
Azure Spring Cloud is a service for developers of Spring Boot-based Java applications that is intended to take away various infrastructure maintenance concerns. Microsoft launched Spring Cloud as a preview in 2019 with Pivotal Software, and made it generally available in September with Pivotal's now corporate parent, VMware. One of the newly GA features this week is a Managed Virtual Network for deploying Azure Spring Cloud for customers needing extra security. The other GA feature is Autoscale for Spring Cloud.

Microsoft also announced this week that Azure Spring Cloud is now available in seven more Azure regions, for a total of 18.

Azure Cosmos DB
Azure Cosmos DB got two significant feature additions at Ignite. One is an Azure Synapse Link. Microsoft bills the ability to run cloud-native and near-real-time analytics over the NoSQL data in Azure Cosmos DB as breaking down a barrier between OLTP and OLAP systems.


  • Visual Studio 2019 version 16.9 is out the door. Highlights include Git tooling, C++ development enhancements, .NET productivity enhancements, Web tooling and XAML productivity enhancements. A version 16.10, meanwhile, reached the preview stage.
  • The cloud-based print technology, Universal Print, is designed for printing without print servers or printer drivers and to work in zero-trust environments. It allows printing from Windows devices to Azure AD-registered printers and from a browser using OneDrive for Business. Print manufacturers supporting Universal Print include Brother, Canon, HP, Konica Minolta, Lexmark, Toshiba, Ricoh and Xerox.

Posted by Scott Bekker on March 02, 20210 comments

BitTitan Expands Microsoft Teams Capabilities in MigrationWiz

BitTitan is expanding its tools and capabilities around tenant-to-tenant migrations of Microsoft Teams.

The move comes as the managed services automation specialist, like the rest of the industry, is seeing booming interest and usage around the Teams component of Microsoft 365.

"Microsoft Teams has become an increasingly essential tool for companies across the globe," BitTitan Founder and CEO Geeman Yip said in a statement about the new migration capabilities on Thursday.

As employees have worked remotely over the last year, BitTitan reports that it has seen a 400 percent increase in Teams migration revenue, a 9,000 percent increase in the amount of data being migrated between tenant-to-tenant instances of Teams and a 770 percent increase in the number of Teams projects being migrated.

New Teams migration capabilities unveiled on Thursday include conversation history, channel structure, files and user permissions for individual teams and channels. BitTitan is also adding support for transitioning private chats and OneNote between Teams instances. For planning purposes, BitTitan has created a Teams Migration Assessment to help MSPs and IT managers define the scope, estimate costs and identify potential challenges of a project.

More features are on the way. "We are enhancing Teams migration capabilities in MigrationWiz on a weekly basis, allowing us to meet evolving customer needs for managing Teams migrations and to ensure a best-in-class Teams migration experience," Yip said. Items on the roadmap include capabilities for Planner, Teams settings, private chat hydration and support for additional sources into Teams, the company said.

Posted by Scott Bekker on February 11, 20210 comments

Co-Sell Revenues Climb as Microsoft Eyes SMB for Next Opportunities

Microsoft and partners continue to rack up co-selling revenues, and the company is now looking to the small and medium business segment for further growth.

Because Microsoft reports the figure oddly, as a total of all co-selling since the beginning of the program around four years ago, it's difficult to tell exactly how much revenue partners are generating under the program annually.

Nevertheless, the numbers are on a Microsoft (very large) scale.

"Since we started the co-sell program in 2017, we've been able to jointly sell more than $18 billion in partner services," said Gavriella Schuster, corporate vice president for Microsoft One Commercial Partner, during a Microsoft "State of the Partner Ecosystem" session on Wednesday for channel media. A slide put the figure at more than $18.5 billion in annual contract value.

Whatever the annual figure may be, the new total represents $10 billion more than the number that CEO Satya Nadella provided two years ago during an earnings call. During that January 2019 call, Nadella said Microsoft had generated $8 billion in contracted partner revenue.

As in the past, Schuster emphasized that the revenue is not Microsoft revenue. It is solely partners' services revenue that partners get directly from the Microsoft field taking partner solutions and services to customers.

In a metric related to that field activity, Microsoft also said there have been 166,000 co-sell opportunities and closed engagements so far in the current fiscal year, which started in July. Schuster also noted a few other indicators of the scale of the funnel that Microsoft is pointing toward its partners currently. The company's direct Web stores have 4 million monthly active users and its commercial marketplace has generated more than 3 million leads so far this fiscal year.

Over the last few years, Microsoft has expanded co-sell from a program for Azure ISVs to a program that encompasses Microsoft 365, Dynamics 365 and Power Platform. Additionally, Microsoft extended aspects of co-sell program from its own internal field sales force to its roughly 90,000 Cloud Solution Provider (CSP) partners. In other words, Microsoft was offering ISVs a "channel as a service," removing some of the friction of partner-to-partner engagement and allowing CSPs to more easily sell ISV solutions built on the Microsoft cloud stack.

Now Microsoft is indicating its next frontier in the co-sell program is small and medium business.

"We are increasing our focus on co-selling within the small- and mid-sized business segment (SMB). This includes making targeted marketing investments in top SMB customers, supporting and growing our ecosystem of ISV partners who serve SMBs and streamlining the way we help partners develop their practices," said Nick Parker, Microsoft's corporate vice president for Global Partner Solutions, in a blog post Wednesday.

Describing the effort as "being more intentional with the medium enterprise and small business segment," Schuster called it a huge growth opportunity for Microsoft partners. In addition to the efforts Parker outlined, Schuster said, "We're supporting our ISV partners to help them serve that customer segment with digital sales and marketing."

Even as new attention turns toward SMB, Casey McGee, vice president for Global ISV Sales at Microsoft, indicated that co-sell remains a strategic pillar of Microsoft's overall efforts around ISVs.

"We succeed collectively because we offer our partners both the technology platform and a business platform that consists of go-to-market, co-sell, top-line revenue growth and scaled growth through our partner ecosystem," McGee said during the channel media session.

Posted by Scott Bekker on February 11, 20210 comments

Microsoft Adds Advanced Specializations in Low-Code and SMB Management

Microsoft's advanced specialization catalog for partners is getting more extensive by the quarter. The company now boasts two new advanced specializations, bringing the total list to 16.

A relatively new addition to Microsoft's list of badges for partner organizations, the advanced specializations, are layered over a gold competency and demonstrate extra expertise in a particular area.

"In January, we launched our first two advanced specializations for Business Applications, the Small and Midsize Business Management advanced specialization and the Low Code Application Development advanced specialization," said Nick Parker, Microsoft's corporate vice president for Global Partner Solutions, in a blog post Wednesday.

"This means we now have advanced specializations across all five commercial solution areas -- modern workplace, business applications, Azure (apps and infrastructure, and data and AI), security," Parker said. "Advanced specializations provide an opportunity for partners to demonstrate their experience in specific technical scenarios and enable customers to identify the partners that best fit their needs."

Unlike most of the advanced specializations, which are attached to only one or two specific competencies, the Low Code advanced specialization is achievable from five different competencies. A partner can vault to the Low Code specialization from a gold badge in either Cloud Business Applications, Cloud Platform, Small and Midmarket Cloud Solutions, Cloud Productivity or Application Integration.

Requirements include that the partner must have at least five Power Apps customers, must meet a growth metric in customer usage, must have a certain number of individuals who have passed exams or earned certifications and the partner's apps must clear various technical hurdles.

The Small and Midsize Business Management Advanced Specialization is an option for partners with a gold competency in either Small and Midmarket Cloud Solutions or Cloud Business Applications.

The advanced specialization requires five individuals certified as Dynamics 365 Business Central Functional Consultant Associates, 10 customer deployments with five or more monthly active users, a 35 percent increase in monthly active users across the entire customer base over the last year, and at least one consulting service featuring Dynamics 365 Business Central published on AppSource.

Posted by Scott Bekker on February 11, 20210 comments

Microsoft Postpones More Deadlines To Ease Bureaucratic Burdens on Partners

As the global pandemic drags on, partners facing Microsoft Partner Network (MPN) renewal deadlines for competencies and advanced specializations in the first half of this year are getting a one-year extension.

During a Microsoft "State of the Partner Ecosystem" session on Wednesday for channel media, Gavriella Schuster, corporate vice president for Microsoft One Commercial Partner, detailed the ongoing adjustments that have been made to MPN deadlines since last March.

"To make sure our partners were getting what they need, we adjusted the deadlines and requirements related to MPN partner programs, the competency extensions, training and exam deadlines, and in fact, we just announced more extensions," Schuster said.

One new extension covers partners with competencies that have anniversary dates between Jan. 1 and June 30 of this year. Those partners are eligible for a one-year competency extension that will last through the next anniversary date in 2022. According to Microsoft, partners will be able to find information specific to their organizations in the Partner Center starting this month. Because of a similar extension last year, that means some partners will be able to maintain their competency for two consecutive years by paying their competency fees but not having to deal with other competency requirements.

A major exception is the Cloud Business Applications competency, which has a distinct Partner Contribution Indicators (PCI) scoring system. While some concessions are being made for those partners, many will still need to meet some adjusted requirements for the new scoring system.

Partners with advanced specializations will also be eligible for a one-year extension into 2022 if their anniversary date falls between Jan. 1 and June 30 of 2021. Those partners must retain the underlying gold competency, in most cases by paying the competency fee to renew but without having to meet other normal renewal requirements.

Schuster also touted the success of other programs that Microsoft launched last year to help partners directly or to spur business among their customers during the pandemic and its associated business downturn.

Highlights from those efforts included:

  • Virtual training opportunities delivered by Microsoft and its partners. "Since July, our partners have delivered more than 6,500 workshops worldwide across Azure, business applications and the modern work and security solution areas," Schuster said.
  • Trials for remote work-related products. "We extended new offers and trials they could take to their customers for Microsoft 365, Windows Virtual Desktop and Teams," she said. "In fact, with Teams, CSP partners enabled tens of thousands of new organizations to get started with Teams through COVID-response trials, and we've seen significant conversion of those trials as the period ends."
  • Digital-on-demand marketing content for partners. "Without sellers in the field, our partners struggled. They needed to get creative with how they were reaching their customers. So our co-branded marketing content has really helped our partners step up their digital marketing."

As far as what else may be necessary, Schuster struck a positive note: "Hopefully the world will return to normal soon."

Posted by Scott Bekker on February 11, 20210 comments

4 Tricks MSPs Can Use to Check the Security of Their Vendors

When a managed service provider installs agents or sets up other tools at a customer site, the customer is trusting them at a deep -- let's call it what it is, an administrative -- level.

That makes it incumbent upon the MSP to ensure the vendor tools they're using are highly secure. How can an MSP, often challenged with a small staff and many other priorities, be confident that their much larger vendor partners are operating in a secure fashion?

During an Acronis virtual partner event Tuesday, Amy Luby, who leads community efforts for Acronis' channel, put that question to Bobby Kuzma, practice director of assessment and testing at the Herjavec Group, a Toronto-based MSP that specializes in security services and training.

Kuzma provided four shortcuts that MSPs can use to assess how serious their vendors are about security.

1. A Leader at the Company Whose Sole Job Is Security
"The CISO role has been around since the late '90s. And there are still organizations that don't believe that security is someone's job. If a vendor doesn't share that belief that that's a responsibility that's worthy of having a dedicated professional for," Kuzma says, it should be a red flag.

That person doesn't have to be listed on the Web site, or in the C-suite or even at the VP level, although any of those attributes would be a good indicator of seriousness. "If you don't see a CISO, ask," Kuzma says. "LinkedIn is your friend. Flat-out ask them, 'Who owns security in your org, and can I get an introduction?'"

2. A Clear Process for Reporting Bugs in Their Code
"If they are a vendor that produces a tool or has a service that is offered, do they have some non-trivial way for people to report vulnerabilities? This isn't necessarily a bug bounty program, although those are nice," Kuzma says. "Is there a way to let them know without blasting it out on the Internet? If a vendor doesn't have a way of doing that, that's a thing that would concern me greatly."

It's OK if vendors outsource triage of bugs to a third-party specialist, and bug tracking can be done through routine service tickets if bug reports are a clearly-defined procedure in the ticketing process, he says.

3. A Way To Get Your Customers' Risk Questionnaires Handled
"In this day and age, you probably have customers that want you as a vendor to them to fill out their risk questionnaires. Let's face it, they're silly [and] repetitive. No one likes doing them. You want to make sure that there's a sane process in doing that that doesn't involve a week in ticketing hell," Kuzma says.

Good enough much of the time, in Kuzma's view, is an NDA-protected FAQ available about the vendor's security operations center.

4. Evidence of a Recent Pentest
"You may want to ask the vendor when was the last time they had their organization itself pentested and the product itself pentested?" Kuzma suggests.

He'll go so far as to ask for a copy, but he views an executive summary as good enough in many cases. "I wouldn't downcheck them if they're unwilling to share the full report," he says. "If they're willing to open the doors and let you peek your head in, that shows a level of maturity."

Kuzma had one final piece of advice for MSPs who may struggle to get answers to their security questions: Leverage your relationship with the salesperson who is trying to get you to sign up for the service. If their commission depends on your satisfaction, you're more likely to get answers.

"Your sales point of contact that you may be in touch with is probably your greatest ally in trying to get information," he says. "They'll start asking questions to make you happy."

Posted by Scott Bekker on February 02, 20210 comments