New Microsoft Purview Deployment Blueprint | Lightweight guide to mitigate data leakage
We’re excited to share our latest Data Security deployment blueprint: “Lightweight guide to mitigate data leakage”—a practical resource designed to help organizations quickly enable core data security features across their Microsoft 365 estate with minimal setup. The blueprint follows a good / better / best model that maps protections to your licensing. “Good” highlights foundational features included in Business Premium SKUs, while “Better” and “Best” layer in advanced E5 Compliance capabilities, such as auto-labeling, Endpoint DLP, insider risk signals and much more. With the new E5 Compliance Add-On for Business Premium, this guide shows how organizations can capture quick wins today while building toward stronger, long-term security practices. This blueprint is designed for IT administrators, security teams, and compliance stakeholders tasked with protecting sensitive data – and it’s equally valuable for Microsoft partners and consultants supporting customers on their data security journey. Whether you’re enabling basic safeguards or advancing towards automated protection, this guide provides clear, actionable steps to strengthen your data security posture. Ready to get started? Visit our Purview deployment blueprint page or jump straight to the direct PPT link for a step-by-step walkthrough. Securing your data doesn’t have to be complex – this lightweight blueprint makes it achievable for organizations of any size.
Check (and modify) network drive mappings as an admin for other users
It does not appear that admins can check/modify a user's network drive mappings (e.g. from `\\server\shares` to a drive letter) via powershell? The various `Smb-` commands seem to be per user, and as far as I can tell, there is no way to run a powershell command as a different user without using their credentials (which seems to be poor security hygiene to ask users for their passwords), even if you are an admin. Am I missing something, or is this not possible? In case it helps clarify things, what I am asking about is the Windows equivalent to `sudo -u some_user some_command`.Partner Blog | Copilot monetization for SMBs: Start with Copilot Chat, scale with agents
This post kicks off a five-part series for Microsoft partners on the Copilot monetization opportunity for small and medium-sized businesses (SMBs). Each post follows a repeatable approach aligned to the Microsoft Customer Engagement Methodology (MCEM) and the Win Formula—from building credibility as Customer Zero to driving adoption and measurable outcomes, then extending value with agents and specializations. If you’re looking for practical ways to turn your customers’ AI interest into secure, scalable outcomes and repeatable revenue, you’re in the right place. SMBs want proof, not hype. They want an AI path that fits how they work today, stays governed, and delivers results. SMBs are the backbone of the global economy, accounting for 90% of all firms with around 400 million enterprises worldwide, according to the World Economic Forum’s SME Resource Hub. At the same time, 82% of leaders are rethinking core aspects of their strategy and operations, under constant pressure to do more with less. That combination is driving a shift from AI curiosity to AI decisions. Continue reading hereMicrosoft Partners: Accelerate Your AI Journey at AgentCon 2026 (Free Community Event)
Recently, a customer asked me a question many Microsoft partners are hearing right now: “We have Copilot — how do we actually use AI to change the way we work?” That question captures where we are in the AI journey today. Organizations have moved past curiosity. Now they’re looking for trusted partners who can turn AI into real business outcomes. That’s why events like AgentCon 2026 matter. A free, community-led event built by practicioners AgentCon is not a traditional conference. It’s a free, community-driven global event organized by the Global AI Community together with Microsoft partners and ecosystem leaders. Simply put: it’s for the community, by the community. Across cities worldwide, developers, consultants, architects, and Microsoft partners come together to share practical experiences building with AI agents, Copilot, and the Microsoft platform. The focus isn’t theory — it’s implementation: What worked What didn’t What partners can apply immediately with customers This peer learning model reflects how many of us actually grow in the Microsoft ecosystem: by learning from other partners solving real problems. Why this matters for Microsoft partners The opportunity for partners is evolving quickly. Customers aren’t just asking about AI tools — they’re asking how to redesign processes, automate work, and unlock productivity using AI-powered solutions. The Microsoft AI Cloud Partner Program emphasizes partner skilling and helping customers realize value from AI investments. Community events like AgentCon accelerate that learning by bringing partners together to exchange proven approaches and practical insights. When partners upskill faster, customers succeed faster. Why attend AgentCon is designed to help partners move from AI awareness to AI delivery. As an attendee, you can expect: Practical sessions and demos from practitioners Real-world AI and agent scenarios Direct conversations with builders and peers New collaboration and co-sell opportunities You’ll leave with ideas and approaches you can bring directly into customer engagements. Why speak AgentCon thrives because partners share openly with one another. If you’ve implemented Copilot, explored AI agents, or learned lessons from customer deployments, your experience can help others accelerate their journey. Speaking at AgentCon allows you to: Share your expertise with the global partner community Build credibility within the Microsoft ecosystem Create new partnerships and opportunities Contribute to collective partner success You don’t need a perfect story — just an honest one others can learn from. Join the global AgentCon community AgentCon 2026 events takes place around the world including these upcoming events: March 9 - New York: https://aka.ms/AgentconNYC2026 April 11 - Hong Kong: https://aka.ms/AgentconHongKong2026 April 16 - Seoul: https://aka.ms/agentconLondon2026 April 22 - London: https://aka.ms/agentconSeoul2026 Each event is locally organized, community-led, and free to attend. Help shape the next phase of AI adoption AI transformation is happening now — and Microsoft partners play a critical role in guiding customers forward. AgentCon is an opportunity to learn together, share experiences, and strengthen the partner ecosystem driving AI innovation. 👉 Register or apply to speak: https://aka.ms/agentcon2026 We hope you’ll join us — and be part of the community helping customers turn AI potential into real impact.
Driving Global SMB Impact Through AI Powered, Partner Led Digital Sales
Join Siew Hoon Goh, General Manager of Microsoft’s Global Vendor Digital Sales (VDS) organization, as she shares how VDS is transforming SMB engagement through digitally‑scaled, partner‑centric sales motions that deliver impact worldwide. Under her leadership, VDS has become a core engine in Microsoft’s SMB strategy—driving significant YoY revenue growth, pioneering AI‑forward sales capabilities, and strengthening global alignment across Americas, EMEA, and Asia. In this session, Siew Hoon Goh will explore: How VDS empowers thousands of SMB customers by combining digital signals, AI innovation, and partner collaboration at scale. The evolving “digitally initiated, partner closed” model that accelerates customer acquisition, migration, and growth across global markets. FY26 priorities—including AI transformation, CSP growth acceleration, and deeper global‑regional orchestration—that strengthen partner execution and unlock new revenue opportunities. Attendees will gain insight into Microsoft’s fastest‑scaling SMB sales engine and learn how partners can amplify their impact by aligning with VDS’ global motion and leveraging shared best practices, joint planning frameworks, and AI‑powered customer engagement strategies. Register for this IAMCP Enlighten session here Driving Global SMB Impact Through AI Powered, Partner Led Digital SalesIntroducing new security and compliance add-ons for Microsoft 365 Business Premium
Small and medium businesses (SMBs) are under pressure like never before. Cyber threats are evolving rapidly, and regulatory requirements are becoming increasingly complex. Microsoft 365 Business Premium is our productivity and security solution designed for SMBs (1–300 users). It includes Office apps, Teams, advanced security such as Microsoft Defender for Business, and device management — all in one cost-effective package. Today, we’re taking that a step further. We’re excited to announce three new Microsoft 365 Business Premium add-ons designed to supercharge security and compliance. Tailored for medium-sized organizations, these add-ons bring enterprise-grade security, compliance, and identity protection to the Business Premium experience without the enterprise price tag. Microsoft Defender Suite for Business Premium: $10/user/month Cyberattacks are becoming more complex. Attackers are getting smarter. Microsoft Defender Suite provides end-to-end security to safeguard your businesses from identity attacks, device threats, email phishing, and risky cloud apps. It enables SMBs to reduce risks, respond faster, and maintain a strong security posture without adding complexity. It includes: Protect your business from identity threats: Microsoft Entra ID P2 offers advanced security and governance features including Microsoft Entra ID Protection and Microsoft Entra ID Governance. Microsoft Entra ID protection offers risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. It also enables SMBs to detect, investigate, and remediate potential identity-based risks using sophisticated machine learning and anomaly detection capabilities. With detailed reports and alerts, your business is notified of suspicious user activities and sign-in attempts, including scenarios like a password-spray where attackers try to gain unauthorized access to company employee accounts by trying a small number of commonly used passwords across many different accounts. ID Governance capabilities are also included to help automate workflows and processes that give users access to resources. For example, IT admins historically manage the onboarding process manually and generate repetitive user access requests for Managers to review which is time consuming and inefficient. With ID Governance capabilities, pre-configured workflows facilitate the automation of employee onboarding, user access, and lifecycle management throughout their employment, streamlining the process and reducing onboarding time. Microsoft Defender for Identity includes dedicated sensors and connectors for common identity elements that offer visibility into your unique identity landscape and provide detailed posture recommendations, robust detections and response actions. These powerful detections are then automatically enriched and correlated with data from other domains across Defender XDR for true incident-level visibility. Keep your devices safe: Microsoft Defender for Endpoint Plan 2 offers industry-leading antimalware, cyberattack surface reduction, device-based conditional access, comprehensive endpoint detection and response (EDR), advanced hunting with support for custom detections, and attack surface reduction capabilities powered by Secure Score. Secure email and collaboration: With Microsoft Defender for Office 365 P2, you gain access to cyber-attack simulation training, which provides SMBs with a safe and controlled environment to simulate real-world cyber-attacks, helping to train employees in recognizing phishing attempts. Additionally automated response capabilities and post-breach investigations help reduce the time and resources required to identify and remediate potential security breaches. Detailed reports are also available that capture information on employees’ URL clicks, internal and external email distribution, and more. Protect your cloud apps: Microsoft Defender for Cloud Apps is a comprehensive, AI-powered software-as-a-service (SaaS) security solution that enables IT teams to identify and manage shadow IT and ensure that only approved applications are used. It protects against sophisticated SaaS-based attacks, OAuth attacks, and risky interactions with generative AI apps by combining SaaS app discovery, security posture management, app-to-app protection, and integrated threat protection. IT teams can gain full visibility into their SaaS app landscape, understand the risks and set up controls to manage the apps. SaaS security posture management quickly identifies app misconfigurations and provides remediation actions to reduce the attack surface. Microsoft Purview Suite for Business Premium: $10/user/month Protect against insider threats Microsoft Purview Insider Risk Management uses behavioral analytics to detect risky activities, like an employee downloading large volumes of files before leaving the company. Privacy is built in, so you can act early without breaking employee trust. Protect sensitive data wherever it goes Microsoft Purview Information Protection classifies and labels sensitive data, so the right protections follow the data wherever it goes. Think of it as a ‘security tag’ that stays attached to a document whether it’s stored in OneDrive, shared in Teams, or emailed outside the company. Policies can be set based on the ‘tag’ to prevent data oversharing, ensuring sensitive files are only accessible to the right people. Microsoft Purview Data Loss Prevention (DLP) works in the background to stop sensitive information, like credit card numbers or health data, from being accidentally shared with unauthorized people Microsoft Purview Message Encryption adds another layer by making sure email content stays private, even when sent outside the organization. Microsoft Purview Customer Key gives organizations control of their own encryption keys, helping meet strict regulatory requirements. Ensure data privacy and compliant communications Microsoft Purview Communication Compliance monitors and flags inappropriate or risky communications to protect against policy and compliance violations. Protect AI interactions Microsoft Purview Data Security Posture Management (DSPM) for AI provides visibility into how AI interacts with sensitive data, helping detect oversharing, risky prompts, and unethical behavior. Monitors Copilot and third-party AI usage with real-time alerts, policy enforcement, and risk scoring. Manage information through its lifecycle Microsoft Purview Records and Data Lifecycle Management helps businesses meet compliance obligations by applying policies that enable automatic retention or deletion of data. Stay investigation-ready Microsoft Purview eDiscovery (Premium) makes it easier to respond to internal investigations, legal holds, or compliance reviews. Instead of juggling multiple systems, you can search, place holds, and export information in one place — ensuring legal and compliance teams work efficiently. Microsoft Purview Audit (Premium) provides deeper audit logs and analytics to trace activity like file access, email reads, or user actions. This level of detail is critical for incident response and forensic investigations, helping SMBs maintain regulatory readiness and customer trust. Simplify Compliance Management Microsoft Purview Compliance Manager helps track regulatory requirements, assess risk, and manage improvement actions, all in one dashboard tailored for SMBs. Together, these capabilities help SMBs operate with the same level of compliance and data protection as large enterprises but simplified for smaller teams and tighter budgets. Microsoft Defender and Purview Suites for Business Premium: $15/user/month The new Microsoft Defender and Purview Suites unite the full capabilities of Microsoft Defender and Purview into a single, cost-effective package. This all-in-one solution delivers comprehensive security, compliance, and data protection, while helping SMB customers unlock up to 68% savings compared to buying the products separately, making it easier than ever to safeguard your organization without compromising on features or budget. FAQ Q: When will these new add-ons be available for purchase? A: They will be available for purchase as add-ons to Business Premium in September 2025. Q: How can I purchase? A: You can purchase these as add-ons to your Business Premium subscription through Microsoft Security for SMBs website or through your Partner. Q: Are there any seat limits for the add-on offers? A: Yes. Customers can purchase a mix of add-on offers, but the total number of seats across all add-ons is limited to 300 per customer. Q: Does Microsoft 365 Business Premium plus Microsoft Defender Suite allow mixed licensing for endpoint security solutions? A: Microsoft Defender for Business does not support mixed licensing so a tenant with Defender for Business (included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (included in Microsoft 365 Security) will default to Defender for Business. For example, if you have 80 users licensed for Microsoft 365 Business Premium and you’ve added Microsoft Defender Suite for 30 of those users, the experience for all users will default to Defender for Business. If you would like to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through standalone or Microsoft Defender Suite) and then contact Microsoft Support to request the switch for your tenant. You can learn more here. Q: Can customers who purchased the E5 Security Suite as an add-on to Microsoft 365 Business Premium transition to the new Defender Suite starting from the October billing cycle? A: Yes. Customers currently using the Microsoft 365 E5 Security add-on with Microsoft 365 Business Premium are eligible to transition to the new Defender Suite beginning with the October billing cycle. For detailed guidance, please refer to the guidelines here. Q: As a Partner, how do I build Managed Detection and Response (MDR) services with MDB? A: For partners or customers looking to build their own security operations center (SOC) with MDR, Defender for Business supports the streaming of device events (device file, registry, network, logon events and more) to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. If you are using the streaming API for the first time, you can find step-by-step instructions in the Microsoft 365 Streaming API Guide on configuring the Microsoft 365 Streaming API to stream events to your Azure Event Hubs or to your Azure Storage Account. To learn more about Microsoft Security solutions for SMBs you can visit our website.
Windows smb client and Zone.Identifier (WSL) authentication problem
hi together, we have an import process which import data from a csv file from a nas. I have change the nas server (from old to new server) and activate smb logging. Now i can see the following problems. We have on the nas a local user for application access and on the windows client side a other local user too (different names). Client machine is windows version 1809 build 17763.6414 (windows 10 enterprise ltsc). 1. problem - wrong Authentication Data for writing "Zone.Identifier" We configred the authentication data in the import process and the process used this data for access to the csv files. But it looks like that windows meta data process don't use this authentication data. I saw in tcpdump pcap file 4 smb sessions. First and secound smb sessions use the authentication data for the access to the 2 csv files. The third smb session use no authentication data. so that the access don't work. Whatevery windows in the third smd session will doing. The fourth smd session use a mix of source maschine name und destination user, which is not correct. I add read/write access for everbody, so that i can see, what is doing in the fourth session. Windows will writing/access to the Zone.Identifier file. 1. smb session: User: <nas>.<domain>\<nas_user> 2. smb session: User: <nas>.<domain>\<nas_user> 3. smb session: User: \ 4. smb session: User: <client machine name>\<nas_user> 2. problem - ignore "Do not preserve zone information in file attachments" setting now i activate this setting, so preventing writing of this kind of informations/files. But the windows client ignoring it. I have reboot the windows client and repeat the import process and windows tried to writing the zone information again. I change the setting about the following way. admin: gpedit.msc -> User Configuration > Administrative Templates > Windows Components > Attachment Manager and than enable the policy named "Do not preserve zone information in file attachments". Is this a know issue or hae sameone any idea? I would prevent the 3. and 4. smd session, so the access for the meta data proccesses. best regards Christian VoigtJoin the Fabric Partner Community for the next Fabric Engineering Connection calls!
Are you a Microsoft partner that is interested in data and analytics? Be sure to join us for the next Fabric Engineering Connection call, now offered at two different times! 🎉 This week's Fabric Engineering Connection call will include Rick Xu and Sumiran Tandon presenting on CMK for Fabric Workspaces. The APAC Fabric Engineering Connection call will take place Thursday, June 5, from 1-2 am UTC/Wednesday, June 4, from 5-6 pm PDT. This is your opportunity to learn more, ask questions, and provide feedback. To join the call, you must be a member of the Fabric Partner Community Teams channel. To join, complete the participation form at https://lnkd.in/g_PRdfjt. We can't wait to see you Wednesday/Thursday!📢 Swiss Partner Townhall – May Edition
🗓 May 28th 🕤 9:30 – 10:30 AM (Online) 👉 Register here: https://aka.ms/swisspartnertownhall We’re back with our Monthly Swiss Partner Townhall, your go-to forum for the latest updates, strategies, and guidance to empower your business. 💡 This month’s agenda is packed with timely topics and expert speakers: 🔹 Top of Mind – Andrew Reid 🔹 New European Digital Commitments: What They Mean for Switzerland – Moritz Oberli 🔹 3-Year SKU Strategy & Promotional Roadmap – Thomas Rupp 🔹 Technical Presales & Development Services Benefits – Beat Weissenberger 🔹 Understanding Security Score Requirements: FAQs – Manuel Michaud 🔹 Events & Partner Enablement Updates – Diyor Iskandarov 🎯 Stay informed. Stay competitive. Stay connected. We look forward to seeing you there. 👉 Register here: https://aka.ms/swisspartnertownhall #SwissPartnerTownhall #MicrosoftSwitzerland #PartnerNetwork #Switzerland #Cloud #AI #Innovation #Technology #TechUpdates #DigitalSwitzerland #PartnerEnablement #CloudInnovation
CSP potential customer on MCA multitant/ shareholding
Hello, Thank you for the opportunity to write about this. We have a request where a customer would like to implement Dynamics 365 Finance and Operations on a multi-tenant basis. However, there are now the challenges that the customer wants to map several holdings of his company network in his productive environments. Is this a license violation if the customer includes company holdings from his company network, as shown in the diagram? In my opinion, it is clear from the MCA that the customer cannot license company A in his tenant under CSP in the case of minority shareholdings. Is this correct? AS employees of companies B and C provide services for company A, the customer would like a one- tenant solution Is it possible to reach an agreement with Microsoft for this company construct without concluding an EA? Thank you!
