Welcome to episode 340 of the Microsoft Cloud IT Pro Podcast. Recorded live on June 23rd, 2023. This is a show about Microsoft 365 and Azure from the perspective of it pros and end users. Where we discuss the topic or recent news and how it relates to you, Microsoft has released a response to the denial of service attack that occurred in early June against Azure and some details about how you can protect yourself against similar attacks.
We also discuss some Terraform news with the June updates as well as a new module to manage Azure AD with Terraform. Finally, we wrap up talking about copilot as the release gets closer and Microsoft has released guidance around preparing your Microsoft 365 tenant for its release and adding it to your environment. I feel like we should talk about news, but I don't know that I really wanna talk about news. . Fair enough? Yeah. Okay, so I have one for you Scott. I forgot to send you this.
This was on my list and I have to find it now. I think I sent it to you in a text message. Remember how, okay. A couple weeks ago, I think it was a couple weeks ago or a week ago, we talked about that outage in Azure and Microsoft kind of did everything in that news article to not say denial of service. They just talked about a spike in traffic. Mm-hmm. , I do remember that one. They.
Did come out now with the official response to that and it is Microsoft's response to a layer seven distributed denial of service attack. So they did come out and say that it was a denial of service attack. It was interesting, it started in early June. I don't know when that actual outage was, but it sounds like this was actually a denial of service attack that occurred across maybe multiple days that temporarily impacted availability.
They did open an investigation tracking it to a threat actor that Microsoft tracks as storm 1359 . I wish I had a cool name like that. Yeah. Yeah. But they did dive into kind of what was going on. They did say no evidence of customer data being accessed or compromised. It was layer seven rather than layer three or four. And it was a combination of attacks, an htt P https, flood attack, a cash bypass and a slowloris. Is that how you pronounce it? Slowloris? Mm-hmm.
. Yeah. Effectively a client that opens a, a connection. So think like, hey, I make, may I make an HTP request and so I've, I've got that TCP socket open and I'm ready to go and the client then just, it just sits there. Yep.
Keeps it open, consumes resources. Yep. The other interesting thing about this, or nice thing though is Microsoft's also because it was against Azure and like Azure uses Azure, which is kind of odd to think about in and of itself , but they talk about how you can use layer seven protections such as the web application firewall or the waf not to be confused with the well architected framework or the wife acceptance factor to help protect against those.
So they also not only kinda said this is what happened, but also gave recommendations how even you as a customer hosting things in Azure could take advantage of the WAF to help prevent some of these layer seven DDO o s attacks. Yeah. It's another thing that's just happened over time, right?
As web applications become more prevalent, stuff starts to move up the stack and I guess in this case the O S I stack and you know, you start to go from layer three, layer four and then you hit up to the application layer on layer seven and it starts to get more interesting where clients can do like really weird things like not just even like the, the slowloris kinds of things where you maybe open a connection and then you purposefully go slow with it.
There are clients that misbehave even when they don't intend to, like sometimes they see storage customers that do weird things with like HDB connection, pooling like, like they don't understand the way like sockets are pooled inside of SDKs or inside of some of the frameworks that exist.
So they start to do weird things like you know, occasionally I'll have a customer where they go, oh, you know, I thought I had enough of the data so I just stopped downloading it and then I start seeing all these network errors in my storage account. Why do we see network errors? It's like, well let's go read our documentation. A, a network error is when a client suddenly disconnects and we're still sending data so we don't know if the client ever got it and they look at us and
they go, oh well we got all the data so we walked away. It's like, but you didn't walk away in the right way. You know, like sometimes I have customers who do things like they send us like RSTs and we're like, no, you shouldn't do that. We should send you the R S T cuz we're done and it's just weird.
So I think the more of that like just underlying implementation stuff that's been abstracted away from developers, sometimes it's a little easier to lose sight of how this stuff works now and and how it comes together and and what that all looks like. I was actually, I was same kind of vein of like weird client behaviors and maybe you don't understand or think enough it's that people don't understand. I think it's just that they don't kind of think end to end about how it comes
together. Yep. Is we were working with a customer on easy copy. So easy copy client tool, it copies data from on-prem service to service, like all those kinds of things. So it's a multi-threaded application and it also has concurrency built into it. So within these threads you can spin off kind of n HTP connections because you have to fire off HTP requests to the storage service to be able to do your
copies. And we were working with a customer and they're like, Hey, we're getting this weird air on Linux where we're running out of sockets. And it was like, huh, you really shouldn't like ever run out of sockets cuz we purposefully limit the number of threads that can go up. So that doesn't happen cuz like most Linux clients, like a default installation on like a modern Linux kernel.
You've probably got something from like 20,000 to 40,000 ephemeral sockets to work with locally and it's like wow, that's a lot for you to run out of. Like what are you doing? Oh well we're running multiple instances of AZ copy on the same server and then each one of those instances has this concurrency setting and it's doing this thing and we're like, oh we never really intended for you to run multiple instances of AZ copy on the same server .
You can certainly run multiple instances but you should kind of like fan that out, right? Maybe you have this one, go look at this directory, this one, go look at this directory. And the response we got back, which I kind of went like fair enough, but was, well your documentation doesn't say that we shouldn't run multiple instances on the same server. So I was like, okay, fair enough. Right? Like I'll, I'll go update the documentation so that that doesn't happen so that, you know,
future customers can take that into consideration. Yeah. But it was a weird one to me like I, like I hadn't even thought about ephemeral T c p port exhaustion on Linux clients in like a long time. It's like something that's been so far abstracted and so far outside of my head like, like why would that be top of mind for me or anybody else? Un until you run into a weird edge case, right? So things like this do happen.
I think in the case of like the DDoS attack that that you pulled up and some of the things in there, like you do have to think about kind of multi-layered mitigation and how you're gonna mitigate risk there for yourself. So you can't really protect at just layer four or layer three. Like you, you probably do need some things at the application level as well and you know, that often comes at the expense of operational overhead and money as well.
Like sometimes these advanced security solutions do cost you more to pick up those things like web application firewalls and, and all that kind of stuff. But I think it's worth it for customers to consider and kind of do that like, you know, risk reward kind of thing, right? Like put it on the scales, see where it balances out and what makes sense for your business, your workload, all that good kind of stuff.
Absolutely. I'm still this, this whole running multiple copies of AZ copy on the same server still has me going, huh? I don't know that I ever would've even tried that or thought to try that. Uh. Yeah, I I mean you can certainly do that. Uh, there's no. Limitation. And it, it was never explicitly not recommended. Now it's not recommended cause we we updated the docs and, and put that fair enough there. But should, should you wanna find a way to exhaust tens of thousands of ephemeral ports
on your client very quickly. Yeah. Just spin up a couple copies of AZ copy, I mean, and tell it to copy a couple hundred thousand objects at the same time. I was. Gonna say they must have also set the concurrency really high. Yes. I would assume. concurrency high plus number of objects really high.
So one of the interesting things about like easy copy as a client tool and and I sometimes forget about this, like I tend to view it as a, and not to sell it short but like it should be used more for I think more manageable migrations and data movement scenarios, right? Especially if you're doing like an on-premises client to the cloud for a whole bunch of reasons and you know, over time like the maturity of that tooling,
like it's good today. Like you can throw 50 million o object, you know, job at easy copy and it'll churn through it and do it like that. But just because you can do 50 million objects in a single job, does that mean you should well initial, well again, we're back to like weigh the risk reward thing. Like how big's my client? Uh, you know, what's my network throughput?
What what's my CPU and and all these other things that you've gotta kind of put together on the client side and just think about a little bit, right? It's not that it can't be done, it's that you have to like think through it end to end and rationalize it and you know, we're all moving so fast that you know, you just kind of go, go, go, go, go. And sometimes you don't know that you've haven't like passed a point of no return but that you've passed a point that you maybe could have caught
sooner and come back to. So I always think it's very, very interesting to go work on those kinds of things and I am 100% happy to be putting more prescriptive guidance like you know, yes you should do this. Yes, you shouldn't do this right into documentation and things like that. I think that moves everybody forward. Oh absolutely. I wish everybody did that with documentation. And again,
I think it just like that's what they ran out of first. To your point, I've never thought about doing that because I always feel like you'd choke out your throughput whether it's the nick going through the switch or the CPU or the memory or the IOPS on the hard drive, but to choke out the available connections and the available sockets before you hit any of that other stuff.
Cuz that's why I've always run AZ copy or other SharePoint migration tools when I've done something similar, probably not this amount of data, you spread it out for that, right? I think. Any tool that does this, right? Like I not to not to single out easy copy, but anything that's gonna open an h e p connection call an API and orchestrate this type of movement. Like ultimately bits like when you're doing an on-premises to like cloud, cloud integration scenario, right?
That stuff needs to move over the wire and it's going to consume resources, it's gonna be cpu, it's gonna be memory like say you wanna like hash objects before you send them with like, you know, I don't know, an MD five or a Shaw hash or something like that. Like guess what? You've gotta do all that someplace. So that takes CPU and then you know, potentially increases the size of your responses even minimally because it's gotta go in headers and be stored in a service, blah blah blah.
So it's one of those things like nobody should have to think about it. But then when you get into those kind of edge cases you go like, yeah okay, . Right? Yeah for sure. Huh, interesting. Do you feel overwhelmed by trying to manage your Office 365 environment? Are you facing unexpected issues that disrupt your company's productivity?
Intelligent is here to help much like you take your car to the mechanic that has specialized knowledge on how to best keep your car running intelligent helps you with your Microsoft cloud environment because that's their expertise. Intelligent keeps up with the latest updates on the Microsoft cloud to help keep your business running smoothly and ahead of the curve.
Whether you are a small organization with just a few users up to an organization of several thousand employees they want to partner with you to implement and administer your Microsoft Cloud technology, visit them at intelligent.com/podcast. That's I N T E L L I G I N k.com/podcast for more information or to schedule a 30 minute call to get started with them today. Remember intelligent focuses on the Microsoft cloud so you can focus on your business. All right, so with that,
what else do we have? Which one of these do you wanna go? There were a couple of interesting ones. I've got two interesting ones. I would like to chat about something that you brought to my attention. So why don't we do Terraform and Azure AD Azure ad cause I didn't even, I didn't even know this was possible through a, through like an HCF F script.
Well I don't think this was possible up until very recently and I don't even know, I'll be fair, I don't know where this came from in my R ss feed I have some searches that just pull random stuff into my RSS feed. I may have seen this on Twitter but yet this was an article from June 20th so just three days ago about Azure AD with Terraform examples and I agree I didn't know this was possible.
So I've done some with Terraform and I've looked at Terraform, I've written some Terraform, we've talked about Terraform and Bicep on the podcast before but it's always been in like provisioning resources, whether it's managing VMs or app services or firewalls and the whole infrastructure is code type of thing.
And then I saw Azure ad intro with Terraform and I was like huh, this is gonna be interesting because I never, I never thought about this before and I wasn't quite sure what this even was. And then you start reading through the article and it is even more interesting.
So it, the article kind of starts out with your Terraform set up for Azure ad kind of what you need to do, what providers you need to specify how you would go in and set this up with a client id, client secrets, tenants ID subscription IDs. And then the next thing is managing users in Azure ad. So it's all about how you can create and manage users with Terraform. I don't even know where do you wanna start with this? Like it goes through again, it just kind of caught me off guard.
Yeah with you can go through and set these user properties. So I think it's an interesting idea. A couple of things just from like looking at the article and I guess the way the kind of provider operates, it's all fairly straightforward. It's an official kind of thing looks like supported on the HashiCorp side. So they've got kind of their own Azure ID provider just to plug into you pump in a tenant id. So pretty easy to figure all that out.
And as far as how the provider interacts with Azure ad,
it looks like it's all just a service principle. So uh, you know you go create a new service principle grant that service principle contributor rights over to your Azure active directory and then you end up, you know, with a client ID, client secret, all that good kind of stuff which can just be exported out, you know just environment variables that sit on the client side and then get it running management look pretty rich like it doesn't look too bad to get started
with, you know, you can create users, you can assign roles, it even works with administrative units. , that was kind of good. Yeah like uh, I didn't even know like most people read the documentation and and knew those existed group membership applications licensing, which I think is really cool devices as well. So if you're thinking about devices and groups and dynamic security groups that's all in here and all good and ready to go I think like it seems like it
has a good surface area. The really interesting thing to me would be, hey this is Terraform so it can do things like state management. So can it start to manage state of group memberships inside of my Terraform scripts? I think that could be a little bit interesting like as you start to extend your scripts like maybe application deployment now. Like here's a cool one, right? Like cuz now you have the ability to create users and all these kinds of things.
You could go ahead and say like when you're deploying, say your new web app and your web app has a specific set of maybe security groups that are already in your Azure ED that are gonna be associated with some r a roles on the resources in Azure that are spun up now you can go ahead and kind of apply that user security, that R a C and kind of do all the identity and access management things as part of your native Terraform script and not have to reach out and run like
a separate BA script or a power shell script on the side. So, and then you get all the state management across, you know all those resources within there and I think that's pretty nifty. I'm gonna have to go play around with this one. Yeah, I was looking at it, I don't see much about state management here, but I think that was my first thought that I had with this as well. Like I mean you could use dynamic groups, right?
If you have dynamic groups and you are managing users and their group membership that way technically based on user attributes, it would automatically undo and redo things but then people could change attributes.
You could still manually create security groups but if you could kinda lock down your Azure ad environment by forcing state management of security groups, I guess I see pros and cons to this too because you start thinking through, if I'm managing group membership users and groups with Terraform and managing their state. I'm thinking like Terraform State. So you know when you spin up a Terraform script you can create a plan and then
you can apply that plan. So if this works the way other Terraform modules do, I should be able to do something like create a security group in Terraform and then populate group membership in that group and I run it the first time like let me do a plan and apply it and then when I come back and run it again, if there's no changes it's just gonna skip it,
it knows I don't need to do it right? Or if I run it again and I've changed it, say like I've gone and added a user like hey we hired Ben, he's onboarded ready to go. You just put that in it and that's the only change that fires off against the environment. So, but not so much like Azure D State but actual like be the ability to retain state like group memberships within the plan on the Terraform side.
But what if you're creating other groups like I'm gonna assume this is only security groups maybe. Oh no there's Microsoft 365 groups too, but you might not necessarily want it to main state maintain state of Microsoft 365 groups or if you were using that, what would happen as you create new teams? I mean you'd really have to think through how you would do all of that . Cause you wouldn't want it deleting teams because it wasn't in your terraform.
Welcome to everybody's big problem with Terraform or, or the thing that they run into, right? Like Terraform only knows what Terraform knows, right? And the things that it doesn't know so, so the more you manage outside of your Terraform scripts, the less iept they become over time or I think kind kind of you lose some of
that power. So should you go down a path like this, quite often you are getting to the point where you're making the decision of saying like, Hey I'm gonna use Terraform as a management tool and really with the management plane of these services that I work with to go ahead and affect change within them. It's the same kind of thing.
Like if you think about Terraform and maybe there's an update to a service or a new service in Azure and that isn't available in Terraform yet, the answer is usually well hey if there's not a provider for Terraform for the, to the resource provider in Azure, just go ahead and fire off an arm template. Well the problem is when you fire off an ARM template, all Terraform does is it knows it ran an arm template, it doesn't know like what was in the template and what resources were created
within it. So you lost like that state management piece, which I, I think is why people become a little kind of like zealots around like oh my gosh like I need native Terraform support for these kinds of things. Which again, you know like makes sense if, if you kind of walk it end to end like you can understand the desire and why you would want it to be that way. So I view this as like this is probably pretty cool for standing up new stuff
and then kind of maintaining it going forward. The stuff that's there, it's gonna be a little bit harder, right? Cuz Terraforms not gonna have any idea that it ever existed in the first place. But all about having like new providers that are integrated into the ecosystem, they work really well without having to do things like arm templates or kind of sideways machinations like that so that you can maintain like TF State and all those kinds of things. Like that's goodness.
Yeah and this, it does force you to do a password too. So they also include in this article a random password generator from Terraform. So you can use that in combination with it. I think the other place I thought this could be useful too is I've done things before with different solutions where you have a service account and you need to create a service account, you need to have a password, maybe that service account needs to maintain certain permissions.
I've had issues before where you create a service account, you give it permissions, it's doing something and some overzealous administrator comes in and sees that said service account has permissions and maybe they don't know why and they take 'em away and it breaks stuff. never happens.
No. If you can maintain, maybe you're not doing all your user management, but if you build a solution that requires a service account and requires the service account to be a member of certain groups or have certain permissions being able to both create and then kinda your point manage the state so that if somebody comes in and does alter certain settings, permissions groups, whatever on the service account, Terraform goes in and says or redoes it the next time you run it.
There could be some benefits there. I I could see with this as well. Yeah, it's an interesting idea. While we're talking Terraform real quick, I'll put a link in the chat and show notes for everybody as well. If you go out on tech community,
the Terraform is HashiCorp and Yep. You know they, they write the things they write and then there's also Microsoft which contributes back to HashiCorp and in some cases holistically maintains some of those Terraform modules and kind of the, the management of how those map back to the resource providers in Azure and all
that kind of stuff. So if you're into Terraform, there is an Azure tools blog, you might want to go follow that blog on tech community, like throw it into an RSS reader like we've talked about in the past or you know, however you choose to consume that. But they do monthly updates for what's come out in Terraform. But I don't know if you've been paying attention to some of the things but like they've been pushing new updates to the export tools.
So being able to go back between native concepts of uh, Terraform and Azure can be a little bit hard sometimes in this kind of clouds scenario that's out there. They also host community calls, I believe they do those monthly or B or bimonthly, I forget the exact cadence for them, but folks can go out and register for those community calls.
It's like aka ms slash Azure Terraform, you can just register, join the community and uh, go ahead and do that and then they're always pushing out new quick starts, all that kind of thing. So super helpful for kind of keeping up with what's going on on the Microsoft side of Terraform, which is potentially different than the HashiCorp side of Terraform and, and what it's doing as like HashiCorp uh, as a whole. Yeah, I saw this too.
I haven't read through what was new in June but excellent call out, good resources. Export tool and yeah some, some new documentation and and quick starts and things like that, which is probably one of like the other big asks that I see a lot. It's like, hey how do you do this? It's like, it's not documented yet. Okay, we should go fix that. Yeah and. The LA the last community call that's mentioned in here was yesterday on June 22nd, it looks like it's maybe like every other month.
They had one on April 6th. Doesn't look like they had one in May and then they had one on June 22nd. So if you're interested like use the sketch, just go sign up and watch for notifications and emails about those community calls because they don't look to be particularly consistent. You can also be a speaker if you're interested. Fill out a form at a K M S A Z, uh T F C C speakers and we'll reach out if you like your topic, if you want to co-present on a community call.
So if you don't wanna just observe but you wanna participate and have something interesting to talk about. I know from running user groups in the past with you Scott, that people are always looking for speakers that are interested in speaking. Yes. Uh, what they are hard to find. So I have one more Scott that is not Azure related or Terraform related but is one I have been anxiously waiting for is there was an article published this past week about how to prepare for Microsoft 365 co-pilot.
This is not an announcement about co-pilots being out there or getting public preview access to it. It is still in the early access program. There's a link to it if you want to go apply and find out more about that. But the fact that they are now publicly talking about what you need to do to prepare to me means that maybe, hopefully this is right around the corner and I can go give Microsoft some more money for yet another license. . Oh yeah. I always love things like this. You're like huh,
what do I really need to prepare for? Right? Like I already, if you're a Microsoft 365 Office 365 customer, you would think like you already have a lot of the groundwork in place but you might not, the licensing is probably gonna be a big one upfront. Like do you have the right types of licenses? So copilot is like as far as what they've said so far for Microsoft 365, you're gonna need either an M 365, E three or E five license. Yep. You need the Azure ID account. Like that all makes sense.
And then all those apps and services that co-pilot is going to work with like Word, Excel, PowerPoint, OneDrive, all that kind of stuff. Turns out you're gonna need that. And I, I think that's probably one of the more interesting things like having done the M 365 office 365 administrator thing for multi-thousand person orgs. You have clients who are kind of multi-thousand, it gets like weird sometimes, right?
With some of those organizational requirements or just things they've put in place like oh yeah, you know we, we let this business group run this thing but we don't do this over here, we haven't deployed this yet or turn this on. And I think for like co-pilot to work across the stack, you're back to one of these inflection points where you kind of gotta like get ready to turn everything on and live with it.
, right? And they did so they did say too further down, there's a footnote all the way down and I saw it in the comments for SMB Business standard and Business Premium are also eligible base licenses. So this was not called out in the initial technical requirements but is a footnote that if you're an SMB you can also
use either of those. I'm curious about this Scott, from the preparing for it with the word Excel, PowerPoint, OneDrive, outlook loop and more, it says you need access to the Microsoft 365 apps and services. Is this going to be that you need the desktop license of those apps or do you think it'll just be like if you have just the online version of Word Excel, PowerPoint, is that gonna be an enough? That's not specifically clear in here from a licensing perspective.
It also does say you need to be on current channel or monthly enterprise channel for Microsoft 365 apps to have access to copilot. Yeah. So doesn't the channel thing for apps apply to the web desktop clients? I think it's desktop and web. And and web. Yeah. Yeah. So I would speculate it would work on the web particularly because a lot of these features do tend to come to the web before the desktop. I'd have to dig it out.
I thought there was an announcement the other day that like when the new version of Outlook drops, like you know that new like web-based version of Outlook at that point like Outlook is basically like a glorified PWI glorified. Yeah and I, I'm way over simplifying it but like I guess I'm allowed to do that. You. Can absolutely do that. So those are some of the technical requirements. It also talks about permissions.
There's some stuff in here about security, privacy, data residency that it's gonna follow Microsoft's principles around those. I think that's gonna be super interesting with GDPR and some of the things that are going on in the EU around ai. Like are you going to be able to do this organizationally let alone like can you configure the stat, can you light everything up?
Like are you okay with that organizationally, just like the broader question of like, is machine learning things like this kind of hate that we're calling 'em ai, but are AI things like this allowed in your country or in your geography is gonna be another big question for folks. And then what do you do like if you're a global organization, like how are you gonna handle this and what's that gonna look like and how is Microsoft gonna handle it?
I think those are gonna be super gnarly kind of questions to dig into. So this whole thing is interesting.
I saw an article about this and I can't find the one I saw recently, but it did pull up one bag from April where there was a leak at Samsung where Samsung employees entered sensitive information into chat G P T. And depending on where this data goes from co-pilot and from, I mean even chat G P T is the bigger one because it's just open public is you're giving these models confidential information that they then turn around
and get trained on and could technically leak out to a competitor who uses it to look for the same information. Um, which kind of ties into this whole data residency security privacy as when I start having all these internal documents presentations that's learning from the graph and it's generating these models and learning, making sure that data does stay secure and private.
So my understanding for copilot and, and I could be off, I've, I've gotta go watch some of this stuff about the indexing service for it. Mm-hmm . So the base model, like the foundational model was not trained and will not be trained on customer. Data. Customer data, yes. So you're effectively, like Microsoft Mechanics had a pretty good video on it, I think that kind of laid it out. I'll try and dig up a link to it, but you're kind of running through this series of like meta prompts.
So it's a meta prompt that builds on a meta prompt that builds on a response and another meta prompt from there and then is augmented with kind of security controls in Azure AD and making sure they've got the guardrails and and ring fencing and things there. So if you think about it for like large language model to say summarize this meeting for you for it to be able to respond to that, really it's gotta go back to the transcript of the meeting.
It's not training on that data, but it is eventually running that data like through one of the meta prompts so that it can feed in that document or whatever it needs to do and go summarize. But how it learned to summarize and what it thought a good summarization was like that's all in the foundational model and and none of that was trained on customer data. So we shall see. Yeah, and it does get into that in that security privacy and data residency.
It says copilot does not use customer data or user prompts train the foundation. Copilot does not use open AIS publicly available services. It uses Azure open a AI services only the L L M calls are routed to the closest data centers but can go into other regions where capacity is available. No customer data is written outside the user's home region. Starting in July, the early access program for Microsoft 365 copilot will align with our commitments under the EU data boundary.
So they do have a bunch of that type of information in here. If you're curious about it, it's interesting that starting in July, the early access program will adhere to that. Is that an EU thing or is that a hint at that maybe we'll see this in July because they're getting ready for public preview and wanna make sure it aligns with all that when it hits public preview? I have no idea. Me reading between the lines.
I don't know, I haven't, I haven't been paying attention to some of like more deeply some of the stuff that's going on over in the eu. I know there was the initial hubbub with, you know, Italy banning some of those things, which they've kind of dialed back a little bit and walk back some of that. But we'll see. I don't think you'll know like the fallout until all of this is broadly available. People can kind of see what it does and understand where it's going.
And then I would imagine that given the kind of, you know, government tour that some of the CEOs of, of these companies like Sam Altman and OpenAI, like they, they're going around and kind of visiting with governments now I'd imagine this stuff is just gonna be litigated for a while as well once it launches and gets ready to go. But I imagine also a number of organizations will be kind of hampered by that in the beginning, especially cuz there's gonna be lack of clarity there.
I just don't know how they'd get to like a 100% locked in kind of prescriptive set of guidance around that. Like I, I haven't seen it done yet. It'd be interesting if it could get done for this. Yeah. And then the last big thing I would say is the license management. We already talked about you need a base license. Needing a base license implies that this is not in included in a base license,
that it is an add-on. But then yes, further down they also say co-pilot license management as with other apps and services admins will be able to manage Microsoft 365 co-pilot licenses using the admin center, blah blah blah blah blah. That very much implies as well that there is a Microsoft 365 co-pilot license that you will have to buy.
So for all of you hoping that this was going to be just a free addition to maybe even the E five plan, kind of reading between the lines here where it talks about base licenses and then it also talks about Microsoft 365 licenses. Very much my expectation is, is that this is absolutely going to be a paid add-on to all of the existing license plans that you may have. This is not coming, well I won't say an add-on to any of them. An add-on to the base licenses.
There are not gonna be licenses that automatically include this. You're gonna have to go spend money to get copilot is how I would interpret everything in this article. Yeah, you ready for an E six or an E seven or an E 42? Like, like whatever the answer is. I mentioned that to somebody the other day. I was like, I would actually love an E seven or an E nine that just includes everything. I get it. It's going to be an expensive license if it's $97 or a
$125 per user per month. For me, I am getting tired of trying to manage, I'm gonna license everything for my job, for what I have to do. I am going to have at least one license of everything for myself so that I can adequately talk about it, test it out, validate it, that type of stuff. I am getting so tired of adding on add-ons to my license that even if it's the same price I would pay for an E seven or an E nine that
includes everything. Just to simplify my management, to align everything together. Just to have one big product to know exactly how much it is. I mean maybe Microsoft, if they bundled everything, they'd be able to knock off a few bucks. I'm just tired of add-ons. I want one license that includes it all. . I don't miss my days of having to worry about those kinds of things and
I've mostly forgotten about it. Right? Like with my current employer, it's like stuff is just there and I just use it and consume it and it's fine. , there's really not, you don't have. To think about it. Microsoft gives you your licenses for their products. Uh, they, they give me that and a lot of early release broken software. Yes. That makes it so like I have to reboot multiple times a day. Yeah, that's that's pretty much how I live my life. . Yeah, sorry but kind of not.
You kind of signed up for it when you took the job, Scott. I mean just saying little bit. All right with that, I don't know that I have anything too exciting in terms of news. There's even more Viva stuff. I'm doing some stuff on Viva. We might have to do a circle back around to Viva. There are new Viva products that didn't even know existed that have been announced. . Viva the one that sneaks up on you. Yes, I, I've been playing around with Viva goals a little bit lately so there is some
stuff out there. How. About Viva Amplify, have you heard about Viva Amplify? No idea what it is. See exactly. I'm gonna put it right up there with like syntax indexes and syntax repositories and like all the crazy stuff you hear about like later about these products as they come together. So I don't know. We'll see if you wanna talk about Viva sometime, we can talk about Viva. We. Would just need to catch up. There was amplifying.
There was one other one that was out there that I just ran across the other day that I was like, huh, who knew? Apparently some of this came from Glint. Microsoft acquired a company Glint. Mm-hmm and some of these new Viva stuff came from Glint and there's gonna be a Viva glint now as well. Microsoft, Viva and Glint. Yeah, Microsoft, Viva and Glint I saw somewhere. Microsoft. Yeah, Microsoft. Microsoft, Viva Glint, Microsoft Adoption. like Viva's like a bunny.
It just keeps having babies or something like that. Anyways, we do not need to talk about Viva anymore, but there's more Viva stuff we can talk about if we decide to talk about Viva. Done and done, we'll get that sorted. Too. And with that, I'll let you go enjoy your weekend. I'm gonna go work this weekend because I have end of the month deadlines that I need to make some progress on. Yeah.
Got I got some. We're in the middle of a semester, so yeah, , I gotta get all my like retros done and mid-semester reviews and all that stuff. So. Have fun with those. The. Work never stops. Yeah, the beatings will continue until morale improves. Let's just put it. That way. All right, well thanks Scott. Enjoy your weekend. Don't work too hard. Hopefully we'll get some non rainy weather and we will talk to you next week.
As it's been getting darker and darker behind me. As I'm sitting here, I'm like, should I turn up my key light? Should I have to, my lights on . We just had a thunderstorm roll through here. Maybe it's coming your way. All right. . All good. Thanks guys. All right. Appreciate it. Thanks Scott. If you enjoyed the podcast, go leave us a five star rating in iTunes. It helps to get the word out so more it pros can learn about Office 365 and Azure.
If you have any questions you want us to address on the show or feedback about the show, feel free to reach out via our website, Twitter, or Facebook. Thanks again for listening and have a great day.