Categories
Microsoft365 Windows 11

Summary Post: How Windows Device Check-in Works With Intune

I don’t blog about Intune nearly as much as I used to, now that I no longer work for Microsoft and have a greater focus on the Apple ecosystem (which, to be fair, Intune still plays a pretty significant role with iPad/iPhone management).

However, I like to keep across what is happening in this space and I saw a great tweet earlier this week that touched on one of the age old complaints about Intune – the perceived slowness of policy synchronisation (especially compared to other MDM such as Jamf). The tweet came from Rudy Ooms who describes himself as:

Content Creator at Patch My PC | Reverse engineering Intune and Windows internals. Sharing what actually happens under the hood.

Back in 2019 I shared a similar blog post from Oliver Kieselbach entitled New To Intune As An MDM? Read This Blog Post First! – SamuelMcNeill.com (which is still a good read), where Oliver dived into how policy syncs work. In this newer post from Rudy, he tackles similar ground but with a view 6yrs on (wow, time flies!) and as always, I encourage you to read the original post in full:

Intune Sync and Policy Delivery: Debunking the 8 Hour Myth

Rudy does have a video overview of this topic if you’re more into listening and watching than reading:

I’ll share a few highlights from the post that are pertinent in my view, starting with:

Microsoft has documented this first enrollment sync behavior: during the Intune/MDM enrollment, devices check in more frequently to PULL down configuration profiles, certificates, and policies.

  • Every 3 minutes for the first 15 minutes
  • Then every 15 minutes for the next 2 hours
  • And only after that, it shifts to the ~8-hour cycle

Those first two bullet points are generally pretty well understood and most IT Pros will have seen this frequent sync and update during the first OOBE workflow (Out Of Box Experience).

Rudy correctly focuses on “Change Based Check-ins” with Intune and has even created a great diagram to help explain that:

To expand on that, he talks about the role of the Windows Notification Service (WNS) which functions in a similar fashion to Apple’s own Push Notification Service (APN – Configure devices to work with APNs – Apple Support (NZ)). As explained by Rudy:

That push message travels over the Windows Notification Service (WNS) and tells the device to check in. These are the triggers that make Intune notify devices:

  1. Changing targeting (adding or removing a device or user group)
  2. Editing a payload (changing/adding a new Intune policy or updating app assignment)
  3. Entra group membership changes
  4. Store app version updates released by the vendor

In practice, the first policy change is usually pushed down within a few minutes. From there, Intune enforces a quiet period/throttle (roughly 30 minutes per device) before sending another push. So, while it’s not instant like a remote wipe (which must always be immediate), it’s still far faster than waiting for the full 8-hour maintenance cycle. Let me zoom in on the push message itself a bit more.

The blog includes some interesting testing data showing that the WNS is somewhat of a ‘black box’ in terms of how it operates and where buffers can come into play between a push of a policy change and execution on the device (again, read the full blog on Rudy’s site).

But What About Throttling, You Say?

Something that many frustrated IT Admins have suspected and/or complained about is the preception Microsoft throttles Intune changes to reduce load (either for the Azure cloud or the endpoint). Rudy’s post goes into this in some detail, explaining how the first changes are almost immediate and then subsequent rapid changes are bundled together and throttled:

  • Change #1 → WNS push almost immediate
  • Change #2 and #3 (<30 min later) → bundled, resolved when device responds to the same notification
  • Change #4 (>30 min later) → new WNS push delivered

Whilst this may make a lot of sense for Microsoft, for IT Admins that are perhaps making rapid changes to configurations it can be a source of intense frustration. Of course, in a perfect world IT Admins are cool, calm and collected at all times and make all of their policy configuration changes with a single update. However, that rarely matches the often frenetic pace which busy IT Admins are required to work at and knowing that changes are being bundled and throttled is often a suboptimal experience.

It does sound like there is some work being done by Microsoft to redesign this with something called “Fast Lane” that is broken down in the blog – check it out.

Final Thoughts

It can be very hard to change perceptions and the old adage of “perception vs reality” is very real when it comes to Intune sync speed. Dealing far more regularly with Jamf and macOS/iPadOS these days than Intune and Windows, I can say that in terms of speed of policy sync and responsiveness it really does feel like Jamf is a Ferarri and Intune can be a Bambina stuck in rush hour traffic.

However, Rudy’s blog goes a long way to showing that perception is often just that: perception. (Again, read the original post in its entirety – it’s definitely worth it)

Ultimately, it’s a great thing if Windows and Intune become increasingly more responsive as managing endpoints from the cloud is a good thing for everyone. With that, a final graphic from Rudy’s blog to visualise timings:

Categories
Apple Microsoft365

Video: Configuring Platform SSO Password Sync For Multi-User Mac Devices

I saw this post today from Scott Breen at Microsoft, a great guy that I used to work with off and on over the last six years I was at Microsoft.

In this video, he steps through the configuration of using Apple’s Platform SSO with password sync for an EntraID Join of a macOS device that will be shared by multiple users. This is of course a very common scenario in education where labs of iMacs are common, or shared devices in a library context is also prevalent.

This builds on my earlier blog post last month announcing the launch of Microsoft’s PSSO integration with EntraID and highlights the effort Microsoft is clearly making in terms of improving the macOS experience within Intune.

Given many educational organisations already own M365 A3 licenses and many corporates have M365 E3 (both of which contain Intune and EntraID licensing – see this post), it reduces the cost of ownership to securely and easily integrate Macs into an organisational fleet of devices.

Reminder: this functionality is still currently in preview (as of June 2024), but watch this space once it goes public.

Check out all the docs here.

Categories
Microsoft365 Security

AI & Cyber Risk Presentation

This week I presented to the Independent Schools of New Zealand Association of School Business Administrators (ASBA) at their annual conference here in Christchurch, New Zealand.

I was asked to run a 1hr workshop on AI and Cyber Risk, allowing time for moderated Q&A. The session was well received and you can see a copy of the deck I used above. It does not include an AI generated video I shared as well, proving the point that believable content can be generated very quickly with very little effort/input, so I embedded it as a video below:

Beyond the initial prompt to create this video, I included some contextual information on education specifically (given the audience) and some slightly misleading information around Multi Factor Authentication (MFA).

To add some further real examples of Generative AI (GAI) I chose to generate unique images for the presentation with GAI – some of my favourites are below:

A pop vinyl image of me as part of the intro, including my role (Technology Strategist) and company I work for (Cyclone) on the packaging of the box
Two separate images combined – I asked the audience who poses the biggest cyber risk to their organisation – a careless employee or a sophisticated external bad actor?
The importance of being prepared: having a cyber response plan written in advance to guide responses whilst under stress is a key strategy.
I really liked this one as the GAI tool accurately implemented my prompt for creating a Company AI policy poster with two people drinking coffee in front of it, and starting with “Thou Shalt…”

Of course, when it comes to addressing Cyber Risk I’m a big believer in adopting a Zero Trust framework and I shared the following two slides on this idea:

As the audience was not technical we approached these ideas from a business risk perspective and what they could do as Business Managers to influence ICT teams internally or partner externally to move towards a Zero Trust approach

Only so much can be covered in 1hr on these very large topics so it was necessarily presented a high level but with prompts for them to think about as they returned to their schools after the conference.

Categories
Microsoft365

EntraID Join Your MacBook?? Yes, Now In Public Preview… & Managed Device Attestation Coming Soon

Update 7th May: some excellent documentation and guide on how the various configuration options for Platform SSO for macOS with Intune is here: Configure Platform SSO for macOS devices | Microsoft Learn

Long time readers of this blog will know that I worked for Microsoft’s Asia Pacific Education team from 2016-2023, supporting education customers across the region “go modern” with their device management strategy and drive the value of M365 inside organisations. More recently, I’ve joined Cyclone where I now use a MacBook Pro as my primary device (along with a Windows365 Subscription for good measure!) and am focused on helping organisations enjoy a premium managed Mac experience.

Whilst the concepts of managing a Mac with an MDM are similar to that of Windows 11, there has been a lot of learning for me over the previous few months, closer partnership with Apple, attending a lot of Apple and Jamf webinars as well as asking lots of questions of organsations on how they currently manage their Macs (short answer: most do it very poorly).

The overwhelming message I hear from customers is they firstly want to improve their employee’s experience when getting a new Mac and secondly, they want to manage their Macs in a comparable manner to their Windows fleet, but most are struggling to get anywhere close to this level of experience.

Consequently, I read with interest a couple of Tweets / X Posts from Microsoft this morning:

These posts all point to this update which I encourage you to read closely: What’s new in macOS management: Platform SSO and more | Microsoft Intune blog

There is a heap in here, but given many organisations are most focused on the end user experience, Microsoft has helpfully created a walk through video showcasing this experience:

Platform SSO

The ‘magic sauce’ making much of this possible is Apple’s Platform SSO functionality:

With Platform Single Sign-on (Platform SSO), developers can build SSO extensions that extend to the macOS login window, allowing users to synchronise local account credentials with an identity provider (IdP). The local account password is automatically kept in sync, so the cloud password and local passwords match. Users can also unlock their Mac with Touch ID and Apple Watch

Platform Single Sign-on for macOS – Apple Support (NZ)

It is this capability that starts to take the macOS experience far closer to what users may have enjoyed for a long time with Windows 11 and EntraID joined devices (formerly, AzureAD joined – AADJ). As the Microsoft blog post from today explains, this is critical for those organisations on a Zero Trust journey:

Platform SSO is a win for security and productivity alike. From a security standpoint, SSO integrates with Apple’s Secure Enclave technology. This means that organizations can enable phishing-resistant, hardware-bound, passwordless authentication on Mac through Intune. For organizations implementing Zero Trust, this is a big win, especially since Intune is cloud native.

What’s new in macOS management: Platform SSO and more | Microsoft Intune blog

There are lots of buzz words there that speak my love language: cloud IdP, SSO, passwordless authentication … if you’re serious about security and improving the end user experience inside your organisation these are all things you should be considering as part of your endpoint management pre-requisites.

At Cyclone, we are deep in the M365 ecosystem and yet many of our users have MacBooks as their primary device. I use the M365 Apps for Enterprise desktop and web apps every single day, and Edge is my default browser. This new Platform SSO powered experience means I can have single sign on into all my M365 Apps experience from the time I sign into the device (with my EntraID credentials) bringing my macOS experience far closer to matching that of the Intune managed Windows 11 user experience I am more familiar with.

As the video above showed, the ability to integrate the password experience into Apple’s TouchID means an end user can essentially go passwordless when signing into their macOS device and M365 Apps, replicating the hugely popular, and highly secure, Windows Hello for Business experience on Windows 11.

When I first joined Microsoft in 2016 they were requiring forced password rotation every 60 days. This was eventually phased out and with WHfB on my Surface Laptop, combined with MFA via the Microsoft Authenticator App, I virtually never used my password at all. In fact, at one point I went so long between entering passwords I forgot my long and complex password. Fortunately, with Entra’s Self Service Password Reset I was able to resolve this without needing to raise a support ticket.

Await Final Configuration Setting

In the past, I demonstrated to many security conscious organisations the ability in Intune’s Enrolment Status Page (ESP) to block user access to the device desktop until the full configuration of the device was completed. Whilst this slowed down the device deployment, it did ensure that critical security policies were deployed: e.g. disk encryption with BitLocker and VPN access enforced. It is really exciting to see this type of setting also landing inside Intune for macOS management:

I am engaging with multiple organisations now who operate in highly regulated industries where this level of enforced device configuration is an absolute minimum requirement before allowing an employee access to the desktop.

Streamlining The End User Experience: Setup Assistant Screens Configuration

One of the other features I always demonstrated on the Intune managed Windows experience was reducing the number of interactions a user had with the device during the deployment phase. Windows Autopilot made huge strides in this area by allowing an organisation to hide numerous settings from the user during enrolment (language/keyboard selection, EULA agreement etc). This is now possible in the macOS experience as well:

The key here is choice: many organisations are offering their employees choice on their device selection (Windows 11 or macOS) and to that end, some businesses want to allow their users to add their personal Apple ID to their work device, or to configure Apple Pay with their personal or business credit card. In that case, allowing the user to see those configuration screens during enrolment will certainly personalise the experience of their Mac and make it feel much more like their experience with a personal MacBook or iPad they may own at home.

However, other organisations absolutely do not want these options being presented to users and now Intune offers this experience on macOS that has been on Windows 11 for a long time.

Managed Device Attestation Coming Soon In Intune

In a separate blog announcement made today, Microsoft announced that in 2024 H2 they will be supporting Managed Device Attestation:

As part of our ongoing partnership with Apple, Intune is planning to introduce support for the Automated Certificate Management Environment (ACME) protocol and managed device attestation for Intune-enrolled iOS, iPadOS, and macOS devices in the second half of 2024. This critical security feature will better help you verify that credentials cannot be lifted from authorized personal and corporate-owned devices. New and eligible personal devices and automated device enrollments will attempt to become attested. There will be no change to the end user onboarding experience, and the attestation status report described above will report on these devices, too.

Boost security with Microsoft Intune device attestation | Microsoft Intune blog

Both admins and end users will see that the ACME certificate is hardware-bound within the Settings app. This is the critical indication from the Apple device that the MDM certificate is bound to the hardware and stored in the secure enclave.

Final Thoughts

While still only in public preview, this is a big deal from Microsoft and shows their intent to really try to be the MDM of choice for organisations with mixed device fleets, as well as their positioning of EntraID as the premium cloud identity in business.

I have not gone into it in this post, but a configuration of Windows 11 + macOS + EntraID + Intune certainly allows for a ‘single pane of glass’ experience and when integrated with Conditional Access in EntraID a very granular, rules based experience can be applied to ensure that corporate data is only accessible to authorised users on a managed, secured and compliant device – be that Windows 11 or macOS.

I know the wider Apple Practice Team at Cyclone will be getting hands on with this new functionality now that it is in Public Preview and I look forward to discussing this with customers interested in managing their macOS devices securely and offering a premium end user experience as well.

Categories
Microsoft365 Security

SharePoint Restricted Search – Helpful For Staged Copilot Deployments

Last week I saw this helpful tweet from my former Microsoft colleague Ovi Barcelo:

It references a good article (direct link here) of a new feature coming in April 2024 called Restricted SharePoint Search – from the article:

Restricted SharePoint Search gives you time to review and audit site permissions. It is designed to help you maintain momentum with your Copilot deployment while you implement robust data security solutions from Microsoft Purview and manage content lifecycle with SharePoint Advanced Management. Combined, these two solutions offer a complete solution for data discovery, protection, and governance. 

Introducing Restricted SharePoint Search to help you get started with Copilot for Microsoft 365 – Microsoft Community Hub

This seems like a sensible offering from Microsoft as one of the most frequent topics of conversations I’ve had with customers exploring Copilot adoption is concerns around data security and oversharing. I’ve written a few blogs about this already and with this new feature, Microsoft is clearly looking to encourage customers to take the first steps into Copilot usage but with some additional guardrails in place to try specifically exclude SharePoint sites that may have highly sensitive data in them or have not adopted effective file security permissions through Purview.

Organisations should note that SharePoint Restricted Search is off by default which likely makes sense from a Microsoft perspective (maximum datasets for Copilot to search and respond with), however I’d imagine many organisations may have preferred this was turned ON by default to allow a staged rollout with a more cautious approach to AI powered assistance.

Nevertheless, the fact this functionality is being added suggests to me that Microsoft is responding to feedback from customers around data privacy concerns and providing a valuable tool to be able to restrict access to data until all the necessary security permission are in place. When this functionality is turned on, users are given a visual cue that restrictions are in place:

If you to follow the rollout and availability of this feature, keep an eye on it here: Microsoft 365 Roadmap | Microsoft 365

Categories
Microsoft365

Reflections on Microsoft’s AI Tour In Sydney

We’re bringing together decision makers, developers, and industry experts to unlock the potential of AI. Don’t miss this opportunity to connect with thought leaders and explore new paths forward.

Microsoft AI Tour Sydney Homepage

This week I attended Microsoft’s AI Tour on the Sydney stop – an impressive event and it really felt like a throwback to Microsoft events of old – plenty of cash thrown at the event and a really positive vibe with a heap of sessions to attend and some keynotes from leaders in the business:

TLDR; Too Long, Didn’t Read

If you’re pressed for time, here are the bullet points of the event for me:

  • Microsoft is “all in” on AI – no revelation here, but this event reinforced the fact that every aspect of their business is going to be integrating Copilots: from Windows, to D365, M365, Azure Services, Security – everything.
  • 14months on from the release of ChatGPT, there has been significant evolution in the capabilities of generative AI offerings from MSFT and OpenAI and over 1billion users have used ChatGPT in one format or another.
  • Some Australian educational institutes, notably the Departments of Education in South Australia and New South Wales have released custom LLM and chat bots (EduChat) that is focused on equity of access to GAI with a focus on security and parameters to restrict chats to education focused themes. The University of Sydney is also in a rapid pilot phase with various AI powered services.
  • Scott Guthrie, the EVP for Cloud and AI outlined four key areas he believed AI would create new opportunities:
    • Enrich employee experiences
    • Reinvent customer engagements
    • Reshape business processes
    • Bend the curve on innovation
  • Microsoft’s messaging on an organisation/customer data:
    • Very clear, specific language: “your data is your data”
    • This is about trust, but it’s also about responsibility. You’re expected to be maintaining strong data hygiene practices and restricting access on a ‘needs to know’ basis.
    • I suspect this is to some extent around liability: it seems almost inevitable to me that these AI services are going to comb and index organisational data and accidentally expose sensitive data to unauthorised users.
    • I’d go as far as saying many employees will actively try to use AI tools to hunt for sensitive data inside their organisation – if the correct data permissions are not in place there is real risk here for data leaks.
  • I’d argue the missing messaging here is the need for organisational AI governance policy
    • Humans are inherently lazy – as they see better and better results, they’ll check the output less and less.
    • I suspect organisations will need to enforce policies and accountability at an individual level for any over reliance on GAI output.
  • Lots of data points about the efficiency gains from Copilot. MSFT have been using it internally for their own support services. Some examples:
    • 31% increase in first call resolution;
    • 12% increase in overall customer satisfaction;
    • 14% more cases resolved per hour.
  • Copilot is just that – a guide by the side, it is not an Autopilot
    • This is my language of “Copilot not an Autopilot” but it rings true with what is being shared a these sessions – the human element is still required at this stage to be able to discern and verify the accuracy of what is being generated.
    • A case in point – we saw an example where a MSFT marketing manager created a 60 word bio from his LinkedIn profile with Copilot – I thought I’d try the same, pointed Copilot at my exact LinkedIn profile and it still “hallucinated” and got key facts wrong – e.g. said I was studying towards a PhD at Monash University (spoilter: I’m not!)
  • Microsoft has done a Work Index Trend for a few years now – unsurprisingly, lots of AI data being shared (and clearly a driver to promote adoption for MSFT):
    • 70% users were more productive with Copilot
    • 68% said Copilot improved the quality of their work
    • 64% spent less time processing email
    • 71% saved time on mundane tasks
    • 75% less time searching for information in their files
    • 77% Copilot users said don’t want to give it up
    • 10hrs+ saved in time per month (best users)
  • Copilot Studio is a lowcode offering to extend the capabilities of Copilot. There are over 1200 connectors already built into third party apps and platforms, and you can build your own as well. This looks truly useful if you’re going all in on Copilot
  • What are the barriers for AI adoption? According to a panel of MSFT staff:
    • Lack of skilled AI workers
      • Security concerns – where is an organisation’s data being sent to and analysed, what does “trust” look like in a world of AI?
    • Lack of confidence in AI capabilities and accuracy.
  • Organizations that have been slow / slack are going to face increased barriers to AI adoption
    • This came from from a partner question actually – not just slack in AI data hygiene but also slow to adopt cloud services and now wanting to use AI with on premise databases etc.
    • Response from MSFT to this observation: it’s definitely easier to adopt AI if you’re in the cloud, but it’s not impossible if you’re on premise still

Slightly Deeper Dive On Specific Sessions I Attended:

The Future of Education In The Era Of AI

  • An interesting session that didn’t teach me too much, but a few links and thoughts:
  • Assessment reform for the age of artificial intelligence | Tertiary Education Quality and Standards Agency (teqsa.gov.au)
  • What to do about assessments if we can’t out-design or out-run AI? – Teaching@Sydney
  • How AI Could Save (Not Destroy) Education | Sal Khan | TED – YouTube
  • NSW and SA Departments of Education leading the way with custom AI Chat bots
    • heavily safeguarded, multiple filters (swear words in 150 languages for example
  • The identified challenges from the presenters around AI in education were:
    • Organizational alignment internally
    • Operational model development
    • Governance and data preparation
    • Addressing equitable access to AI tools
  • The session continued with a panel discussion hosted by Adam Pollington (Sales Lead for Microsoft ANZ Education and featured Jim Cook, Innovation Lead at Sydney University, Dan Hart, Data Science Lead at NSW Department of Education and finally Anthony England, Director of Innovation at Pymble Ladies College. Together, they had some interesting things to share with some highlights being:
    • Sydney University is rolling out ‘dozens and dozens’ of small scale PoCs related to AI currently. They opted to lead off with a policy navigator tool with the legal department at the Uni – relying on the belief if legal was on side with this technology, they could scale it further.
    • NSW DoE annouced on the day a large scale pilot of their custom LLM EduChat (details here) – they aim to promote this over ChatGPT and learn what their own model is capable of and where it needs to improve.
    • Anthony England brought a very education focus to the discussion, balancing the role of tech and educators nicely. His goal is to have 60 AI champions across the school, with a great quote of “focus on staff, not tools; process not product”
    • All recognised the challenge of AI “hallucinations” – where incorrect information is surfaced up and how do end users detect/validate and ultimately correct for this.
    • The session finished with Adam asking each panelist what their guidance was for orgs wanting to ramp up AI usage:
      • Jim Cook: Manage the expectations of stakeholders
      • Dan Hart: Focus on user engagement
      • Anthony England: Provide an environment where users can learn, play and fail, and then iterate on top of that.

Keynote: Scott Guthrie, Microsoft EVP for Cloud and AI

  • You know Microsoft is not holding back when they send an EVP down to Australia and Scott gave a 15-20mins presentation covering a few key areas of where he sees AI having significant impact:
    • Enrich employee experience
    • Reinvent customer engagement
    • Reshape business processes
    • Bend the curve on innovation
  • There were the predictable messages around MSFT runs on trust and that “your data is your data” – which is reassuring and I think MSFT recognise the need for customers and partners to have to trust that their organisational IP is not going to be used to train the underlying LLM
  • He then focused on three core areas (I won’t repeat in detail):
    • Unlock productivity across your business with Copilot
    • Build transformational AU solutions with Azure
    • Secure your business end to end with GAI
  • Of those, the focus on security at the end was least detailed – it seems like Copilot for Security is still a work in progress.
  • This was followed by a fireside chat with the CIO from Commonwealth Bank of Australia who had some interesting insights:
    • If you don’t know where your data is, Copilot will find it. Validate your data strategy, clean it up – good hygiene is critical.
    • they are building a ‘personal banker’ into their banking app that will be powered by AI
    • He then focused on the need for quantifying data when it came to building a business case for recommendations on spending on Copilot licenses: staff in the pilot were asked if they would prefer a $50/m lunch voucher or a $50/m Copilot license – 75% chose the Copilot license! They also analysed the impact of Github Copilot with their developers – 75% of respondents said it was very helpful and after studying their code commits over a 12 week span (2 sprints) they identified that 1/3 of the lines of code being committed (80k lines) were written by Copilot.

Modern Work and the AI Powered Organisation

  • This session was mostly disappointing and largely run by marketing (correlation?)
  • The key info was the sharing of Work Trend Index data (a form of marketing in itself!)
    • 70% users were more productive with Copilot
    • 68% said copilot improved the quality of their work
    • 64% less time processing email
    • 71% saved time on mundane tasks
    • 75% less time searching for information in their files
    • 77% Copilot users said don’t want to give it up
    • 10hrs+ saved in time per month (best users)

Agile Analytics – A Tour Through the Possible (Enhancing Aure OpenAI with your data, systems and APIs)

  • This was arguably the most interesting session and was presented by an Australian based Microsoft partner called Agile Analytics.
  • They were more focused on taking OpenAI solutions (running on Azure) and extending them into bespoke products rather than simply onselling Microsoft’s 1st Party Copilot offerings.
  • They presented three live demos:
    • Improve Operations – querying your own systems
    • Improving Health – unstructured data to structured
    • Improving Finance – improving processes and democratization of AI
  • I did have a bit of an ‘a-ha’ moment from this session: the scenario was a team meeting and the manager noticed ‘Sarah’ was a bit flat. By putting a single query into a bespoke chatbot powered by a custom LLM, he could type ‘Sarah Brown’s HR record’ and it went off via API and came back with a pre-formatted output of her HR record, including her annual leave. In the scenario the manager notes Sarah has not taken any leave for 12months so suggests she takes a few days break. This was positioned as democratizing access to knowledge: through a single interface a manager could ask (in natural language) for info on employees and it would be returned, without the need to go to the HR tool itself, log in, pull the record, check the annual leave etc.
    • I could certainly see scenarios where this could be a good time saver, especially if this is pulling from across a range of systems – e.g. show me the top sellers and their sales summary to date, and then match this with their internal training – any correlation? Are top sellers effective because of training or not?
  • Another comment made by the presenter was that AI is an area that really rewards creativity – e.g. he saw one of his team providing a database schema to OpenAI – the chatbot was then trained to look at the users query, look at the provided database schema, then it would automatically generate the SQL query needed to extract the answer from the underlying SQL database – this is clever.
  • The healthcare example was presented by a Microsoft employee and had some cool demos.
    • One example was taking a doctor’s shorthand notes and complex medical jargon, copy/pasting into an LLM and having it write the patient’s complete discharge notes in what she described as “universal language” i.e. translating the Doctor’s shorthand and medical terminology into comprehensible notes for the patient to be able to read. I could see this being a real time saver.
  • These scenarios were extended into the Financial Services Industry – the following two examples were shown on screen (poor quality images sorry) – on the left is a basic response on whether someone qualifies for lending, on the right a more complex and nuanced reply:

The final slide presented was the recommended decision making tree on when to use first or third party AI solutions which I thought was helpful:

Leaning Into AI to Radically Transform The World Of IT

  • This was a panel discussion:
  • The panellists were asked about blockers to IT adoption:
    • Skilled workers – Tal Dagan
    • Security – concerns around where company IP is being sent and analyzed. AI is so nascent there is a need to rethink what we mean by “trust” – Alistair Spiers
    • Need to build confidence in AI (Security, safety etc) – – we need more skilling on how to use AI safely and effectively – Lee Hicken.
  • When asked which industries were the fastest to adopt IT it was clear:
    • IT itself – putting itself at the forefront of tech and adopting it the most quickly
    • Industries that are the most heavily regulated and monitored as they already have significant governance and oversight structures in place: healthcare, education, finance.
  • I asked a question at the end of this session around what is required around organisational governance policies and requirements of employees to actually vet/validate that that GAI content is accurate – all felt there was a strong need for individuals to remain vigilant in these early days of AI and not rely 100% on the content created (AI hallucinations was mentioned again)
    • this reiterates my idea: It’s a Copilot and not an Autopilot!