Octo Tempest: Hybrid Identity Compromise Recovery

Octo Tempest: Hybrid Identity Compromise Recovery

This article is contributed. See the original author and article here.

Have you ever gone toe to toe with the threat actor known as Octo Tempest? This increasingly aggressive threat actor group has evolved their targeting, outcomes, and monetization over the past two years to become a dominant force in the world of cybercrime. But what exactly defines this entity, and why should we proceed with caution when encountering them?


Octo Tempest (formerly DEV-0875) is a group known for employing social engineering, intimidation, and other human-centric tactics to gain initial access into an environment, granting themselves privilege to cloud and on-premises resources before exfiltrating data and unleashing ransomware across an environment. Their ability to penetrate and move around identity systems with relative ease encapsulates the essence of Octo Tempest and is the purpose of this blog post. Their activities have been closely associated with:


  • SIM swapping scams: Seize control of a victim’s phone number to circumvent multifactor authentication.

  • Identity compromise: Initiate password spray attacks or phishing campaigns to gain initial access and create federated backdoors to ensure persistence.

  • Data breaches: Infiltrate the networks of organizations to exfiltrate confidential data.

  • Ransomware attacks: Encrypt a victim’s data and demand primary, secondary or tertiary ransom fees to refrain from disclosing any information or release the decryption key to enable recovery.



Figure 1: The evolution of Octo Tempest’s targeting, actions, outcomes, and monetization.


Some key considerations to keep in mind for Octo Tempest are:

  • Language fluency: Octo Tempest purportedly operates predominantly in native English, heightening the risk for unsuspecting targets.

  • Dynamic: Have been known to pivot quickly and change their tactics depending on the target organizations response.

  • Broad attack scope: They target diverse businesses ranging from telecommunications to technology enterprises.

  • Collaborative ventures: Octo Tempest may forge alliances with other cybercrime cohorts, such as ransomware syndicates, amplifying the impact of their assaults.


As our adversaries adapt their tactics to match the changing defense landscape, it’s essential for us to continually define and refine our response strategies. This requires us to promptly utilize forensic evidence and efficiently establish administrative control over our identity and access management services. In pursuit of this goal, Microsoft Incident Response has developed a response playbook that has proven effective in real-world situations. Below, we present this playbook to empower you to tackle the challenges posed by Octo Tempest, ensuring the smooth restoration of critical business services such as Microsoft Entra ID and Active Directory Domain Services.


Cloud eviction

We begin with the cloud eviction process. If any actor takes control of the identity plane in Microsoft Entra ID, a set of steps should be followed to hit reset and take back administrative control of the environment. Here are some tactical measures employed by the Microsoft Incident Response team to ensure the security of the cloud identity plane:



Figure 2: Cloud response playbook.


Break glass accounts

Emergency scenarios require emergency access. For this purpose, one or two administrative accounts should be established. These accounts should be exempted from Conditional Access policies to ensure access in critical situations, monitored to verify their non-use, and passwords should be securely stored offline whenever feasible.


More information on emergency access accounts can be found here: Manage emergency access admin accounts – Microsoft Entra ID | Microsoft Learn.




Octo Tempest leverages cloud-born federation features to take control of a victim’s environment, allowing for the impersonation of any user inside the environment, even if multifactor authentication (MFA) is enabled. While this is a damaging technique, it is relatively simple to mitigate by logging in via the Microsoft Graph PowerShell module and setting the domain back from Federated to Managed. Doing so breaks the relationship and prevents the threat actor from minting further tokens.


Connect to your Azure/Office 365 tenant by running the following PowerShell cmdlet and entering your Global Admin Credentials:





Change federation authentication from Federated to Managed running this cmdlet:


Update-MgDomain -DomainId "test.contoso.com" -BodyParameter @{AuthenticationType="Managed"}



Service principals

Service principals have their own identities, credentials, roles, and permissions, and can be used to access resources or perform actions on behalf of the applications or services they represent. These have been used by Octo Tempest for persistence in compromised environments. Microsoft Incident Response recommends reviewing all service principals and removing or reducing permissions as needed.


Conditional Access policies

These policies govern how an application or identity can access Microsoft Entra ID or your organization resources and configuring these appropriately ensures that only authorized users are accessing company data and services. Microsoft provides template policies that are simple to implement. Microsoft Incident Response recommends using the following set of policies to secure any environment.


Note: Any administrative account used to make a policy will be automatically excluded from it. These accounts should be removed from exclusions and replaced with a break glass account.



 Figure 3: Conditional Access policy templates.


Conditional Access policy: Require multifactor authentication for all users

This policy is used to enhance the security of an organization’s data and applications by ensuring that only authorized users can access them. Octo Tempest is often seen performing SIM swapping and social engineering attacks, and MFA is now more of a speed bump than a roadblock to many threat actors. This step is essential.


Conditional Access policy: Require phishing-resistant multifactor authentication for administrators

This policy is used to safeguard access to portals and admin accounts. It is recommended to use a modern phishing-resistant MFA type which requires an interaction between the authentication method and the sign-in surface such as a passkey, Windows Hello for Business, or certificate-based authentication.


Note: Exclude the Entra ID Sync account. This account is essential for the synchronization process to function properly.


Conditional Access policy: Block legacy authentication

Implementing a Conditional Access policy to block legacy access prohibits users from signing in to Microsoft Entra ID using vulnerable protocols. Keep in mind that this could block valid connections to your environment. To avoid disruption, follow the steps in this guide.


Conditional Access policy: Require password change for high-risk users

By implementing a user risk Conditional Access policy, administrators can tailor access permissions or security protocols based on the assessed risk level of each user. Read more about user risk here.


Conditional Access policy: Require multifactor authentication for risky sign-ins

This policy can be used to block or challenge suspicious sign-ins and prevent unauthorized access to resources.


Segregate Cloud admin accounts

Administrative accounts should always be segregated to ensure proper isolation of privileged credentials. This is particularly true for cloud admin accounts to prevent the vertical movement of privileged identities between on-premises Active Directory and Microsoft Entra ID.


In addition to the enforced controls provided by Microsoft Entra ID for privileged accounts, organizations should establish process controls to restrict password resets and manipulation of MFA mechanisms to only authorized individuals.


During a tactical takeback, it’s essential to revoke permissions from old admin accounts, create entirely new accounts, and ensure that the new accounts are secured with modern MFA methods, such device-bound passkeys managed in the Microsoft Authenticator app.



Figure 4: CISO series: Secure your privileged administrative accounts with a phased roadmap | Microsoft Security Blog.


Review Azure resources

Octo Tempest has a history of manipulating resources such as Network Security Groups (NSGs), Azure Firewall, and granting themselves privileged roles within Azure Management Groups and Subscriptions using the ‘Elevate Access’ option in Microsoft Entra ID.


It’s imperative to conduct regular, and thorough, reviews of these services to carefully evaluate all changes to these services and effectively remove Octo Tempest from a cloud environment.


Of particular importance are the Azure SQL Server local admin accounts and the corresponding firewall rules. These areas warrant special attention to mitigate any potential risks posed by Octo Tempest.



Intune Multi-Administrator Approval (MAA)

Intune access policies can be used to implement two-person control of key changes to prevent a compromised admin account from maliciously using Intune, causing additional damage to the environment while mitigation is in progress.


Access policies are supported by the following resources:

  • Apps – Applies to app deployments but doesn’t apply to app protection policies.

  • Scripts – Applies to deployment of scripts to devices that run Windows.


Octo Tempest has been known to leverage Intune to deploy ransomware at scale. This risk can be mitigated by enabling the MAA functionality.



Review of MFA registrations

Octo Tempest has a history of registering MFA devices on behalf of standard users and administrators, enabling account persistence. As a precautionary measure, review all MFA registrations during the suspected compromise window and prepare for the potential re-registration of affected users.



On-premises eviction

Additional containment efforts include the on-premises identity systems. There are tried and tested procedures for rebuilding and recovering on-premises Active Directory, post-ransomware, and these same techniques apply to an Octo Tempest intrusion.




Figure 5: On-premises recovery playbook.



Active Directory Forest Recovery

If a threat actor has taken administrative control of an Active Directory environment, complete compromise of all identities, in Active Directory, and their credentials should be assumed. In this scenario, on-premises recovery follows this Microsoft Learn article on full forest recovery: 


Active Directory Forest Recovery – Procedures | Microsoft Learn


If there are good backups of at least one Domain Controller for each domain in the compromised forest, these should be restored. If this option is not available, there are other methods to isolate Domain Controllers for recovery. This can be accomplished with snapshots or by moving one good Domain Controller from each domain into an isolated network so that Active Directory sanitization can begin in a protective bubble. 


Once this has been achieved, domain recovery can begin. The steps are identical for every domain in the forest:


  1. Metadata cleanup of all other Domain Controllers

  2. Seizing the Flexible Single Master Operations (FSMO) roles

  3. Raising the RID Pool and invalidating the RID Pool

  4. Resetting the Domain Controller computer account password

  5. Resetting the password of KRBTGT twice

  6. Resetting the built-in Administrator password twice

  7. If Read-Only Domain Controllers existed, removing their instance of krbtgt_xxxxx

  8. Resetting inter-domain trust account (ITA) passwords on each side of the parent/child trust

  9. Removing external trusts

  10. Performing an authoritative restore of the SYSVOL content

  11. Cleaning up DNS records for metadata cleaned up Domain Controllers

  12. Resetting the Directory Services Restore Mode (DSRM) password

  13. Removing Global Catalog and promoting to Global Catalog


When these actions have been completed, new Domain Controllers can be built in the isolated environment. Once replication is healthy, the original systems restored from backup can be demoted.


Octo Tempest is known for targeting Key Vaults and Secret Servers. Special attention will need to be paid to these secrets to determine if they were accessed and, if so, to sanitize the credentials contained within.



Tiering model

Restricting privilege escalation is critical to containing any attack since it limits the scope and damage. Identity systems in control of privileged access, and critical systems where identity administrators log onto, are both under the scope of protection.


Microsoft’s official documentation guides customers towards implementing the enterprise access model (EAM) that supersedes the “legacy AD tier model”.  The EAM serves as an all-encompassing means of addressing where and how privileged access is used. It includes controls for cloud administration, and even network policy controls to protect legacy systems that lack accounts entirely.


However, the EAM has several limitations. First, it can take months, or even years, for an organization’s architects to map out and implement. Secondly, it spans disjointed controls and operating systems. Lastly, not all of it is relevant to the immediate concern of mitigating Pass-the-Hash (PtH) as outlined here.


Our customers, with on-premises systems, are often looking to implement PtH mitigations yesterdayThe AD Tiering model is a good starting point for domain-joined services to satisfy this requirement. It is:


  • Easier to conceptualize

  • Has practical implementation guidance

  • Rollout can be partially automated


The EAM is still a valuable strategy to work towards in an organization’s journey to security; but this is a better goal for after the fires and smoldering embers have been extinguished.




Figure 6: Securing privileged access Enterprise access model – Privileged access | Microsoft Learn.


Segregated privileged accounts

Accounts should be created for each tier of access, and processes should be put in place to ensure that these remain correctly isolated within their tiers.


Control plane isolation

Identify all systems that fall under the control plane. The key rule to follow is that anything that accesses or can manipulate an asset must be treated at the same level as the assets that they manipulate. At this stage of eviction, the control plane is the key focus area. As an example, SCCM being used to patch Domain Controllers must be treated as a control plane asset.


Backup accounts are particularly sensitive targets and must be managed appropriately.



Account disposition

The next phase of on-premises recovery and containment consists of a procedure known as account disposition in which all privileged or sensitive groups are emptied except for the account that is performing the actions. These groups include, but are not limited to:


  • Built-In Administrators

  • Domain Admins

  • Enterprise Admins

  • Schema Admins

  • Account Operators

  • Server Operators

  • DNS Admins

  • Group Policy Creator Owners


Any identity that gets removed from these groups goes through the following steps:


  1. Password is reset twice

  2. Account is disabled

  3. Account is marked with Smartcard is required for interactive login

  4. Access control lists (ACLs) are reset to the default values and the adminCount attribute is cleared


Once this is done, build new accounts as per the tiering model. Create new Tier 0 identities for only the few staff that require this level of access, with a complex password and marked with the Account is sensitive and cannot be delegated flag.



Access Control List (ACL) review

Microsoft Incident Response has found a plethora of overly-permissive access control entries (ACEs) within critical areas of Active Directory of many environments. These ACEs may be at the root of the domain, on AdminSDHolder, or on Organizational Units that hold critical services. A review of all the ACEs in the access control lists (ACLs) of these sensitive areas within Active Directory is performed, and unnecessary permissions are removed.


Mass password reset

In the event of a domain compromise, a mass password reset will need to be conducted to ensure that Octo Tempest does not have access to valid credentials. The method in which a mass password reset occurs will vary based on the needs of the organization and acceptable administrative overhead. If we simply write a script that gets all user accounts (other than the person executing the code) and resets the password twice to a random password, no one will know their own password and, therefore, will open tickets with the helpdesk. This could lead to a very busy day for those members of the helpdesk (who also don’t know their own password).


Some examples of mass password reset methods, that we have seen in the field, include but are not limited to:

  • All at once: Get every single user (other than the newly created tier 0 accounts) and reset the password twice to a random password. Have enough helpdesk staff to be able to handle the administrative burden.

  • Phased reset by OU, geographic location, department, etc.: This method targets a community of individuals in a more phased out approach which is less of an initial hit to the helpdesk.

  • Service account password resets first, humans second: Some organizations start with the service account passwords first and then move to the human user accounts in the next phase.


Whichever method you choose to use for your mass password resets, ensure that you have an attestation mechanism in place to be able to accurately confirm that the person calling the helpdesk to get their new password (or enable Self-Service Password Reset) can prove they are who they say they are. An example of attestation would be a video conference call with the end user and the helpdesk and showing some sort of identification (for instance a work badge) on the screen.


It is recommended to also deploy and leverage Microsoft Entra ID Password Protection to prevent users from choosing weak or insecure passwords during this event.




The battle against Octo Tempest underscores the importance of a multi-faceted and proactive approach to cybersecurity. By understanding a threat actors’ tactics, techniques and procedures and by implementing the outlined incident response strategies, organizations can safeguard their identity infrastructure against this adversary and ensure all pervasive traces are eliminated. Incident Response is a continuous process of learning, adapting, and securing environments against ever-evolving threats.



What’s new in Azure AI Translator: document translation?

What’s new in Azure AI Translator: document translation?

This article is contributed. See the original author and article here.

Seattle—June 18, 2024—Today, we are happy to announce new releases and enhancements to Azure AI Translator Service. We are introducing a new endpoint which unifies document translation async batch and sync operation and the SDKs are updated. Now, you can use and deploy document translation features in your organization to translate documents through Azure AI Studio and SharePoint without writing any code. Azure AI Translator container is now enhanced to translate both text and documents.



Document translation offers two operations: asynchronous batch and synchronous. Depending on the scenario, customers may use either operations or a combination of both. Today, we are delighted to announce that both operations have been unified and will share the same endpoint.


Asynchronous batch operation:                                                                                                  

  • Asynchronous batch translation supports the processing of multiple documents and large files. The batch translation processes source documents from an Azure Blob storage and uploads translated documents back into it.

The endpoint for the asynchronous batch operation is getting updated to:


{your-document translation-endpoint}/translator/document/batches?api-version=[Date]


The service will continue to support backward compatibility for the deprecated endpoint. We recommend new customers adapt the latest endpoint as new functions in the future will be added to the same.


Synchronous operation:

  • Synchronous operation supports the processing of single document translation. It accepts source document as part of the request body, processes the document in memory and return translated document as part of the response body.


{your-document translation-endpoint}/translator/document:translate?api-version=[Date]


This unification is aimed to provide customers with consistency and simplicity while using either of the document translation operations.


Updated SDK

The updated document translation SDK supports both asynchronous batch operation and synchronous operation. Here’s how you can leverage it:


To run a translation operation for a document, you need a Translator endpoint and credentials. You can use the DefaultAzureCredential to try a number of common authentication methods optimized for both running as a service and development. The samples below uses a Translator API key credential by creating an AzureKeyCredential object. You can set endpoint and apiKey based on an environment variable, a configuration setting, or any way that works for your application.


Asynchronous batch method:

Creating a DocumentTranslationClient


string endpoint = "";
string apiKey = "";
SingleDocumentTranslationClient client = new SingleDocumentTranslationClient(new Uri(endpoint), new AzureKeyCredential(apiKey));


To Start a translation operation for documents in a blob container, call StartTranslationAsync. The result is a Long Running operation of type DocumentTranslationOperation which polls for the status of the translation operation from the API. To call StartTranslationAsync you need to initialize an object of type DocumentTranslationInput which contains the information needed to translate the documents.


Uri sourceUri = new Uri("");
Uri targetUri = new Uri("");
var input = new DocumentTranslationInput(sourceUri, targetUri, "es");

DocumentTranslationOperation operation = await client.StartTranslationAsync(input);

await operation.WaitForCompletionAsync();

Console.WriteLine($"  Status: {operation.Status}");
Console.WriteLine($"  Created on: {operation.CreatedOn}");
Console.WriteLine($"  Last modified: {operation.LastModified}");
Console.WriteLine($"  Total documents: {operation.DocumentsTotal}");
Console.WriteLine($"    Succeeded: {operation.DocumentsSucceeded}");
Console.WriteLine($"    Failed: {operation.DocumentsFailed}");
Console.WriteLine($"    In Progress: {operation.DocumentsInProgress}");
Console.WriteLine($"    Not started: {operation.DocumentsNotStarted}");

await foreach (DocumentStatusResult document in operation.Value)
    Console.WriteLine($"Document with Id: {document.Id}");
    Console.WriteLine($"  Status:{document.Status}");
    if (document.Status == DocumentTranslationStatus.Succeeded)
        Console.WriteLine($"  Translated Document Uri: {document.TranslatedDocumentUri}");
        Console.WriteLine($"  Translated to language code: {document.TranslatedToLanguageCode}.");
        Console.WriteLine($"  Document source Uri: {document.SourceDocumentUri}");
        Console.WriteLine($"  Error Code: {document.Error.Code}");
        Console.WriteLine($"  Message: {document.Error.Message}");


Synchronous method:

Creating a SingleDocumentTranslationClient


string endpoint = "";
string apiKey = "";
SingleDocumentTranslationClient client = new SingleDocumentTranslationClient(new Uri(endpoint), new AzureKeyCredential(apiKey));


To start a synchronous translation operation for a single document, call DocumentTranslate. To call DocumentTranslate you need to initialize an object of type MultipartFormFileData which contains the information needed to translate the documents. You would need to specify the target language to which the document must be translated to.


    string filePath = Path.Combine("TestData", "test-input.txt");
    using Stream fileStream = File.OpenRead(filePath);
    var sourceDocument = new MultipartFormFileData(Path.GetFileName(filePath), fileStream, "text/html");
    DocumentTranslateContent content = new DocumentTranslateContent(sourceDocument);
    var response = client.DocumentTranslate("hi", content);

    var requestString = File.ReadAllText(filePath);
    var responseString = Encoding.UTF8.GetString(response.Value.ToArray());

    Console.WriteLine($"Request string for translation: {requestString}");
    Console.WriteLine($"Response string after translation: {responseString}");
catch (RequestFailedException exception)
    Console.WriteLine($"Error Code: {exception.ErrorCode}");
    Console.WriteLine($"Message: {exception.Message}");


Ready to use solution in Azure AI Studio

Customers can easily build apps for their document translation needs using the SDK. One such example is the document translation tool in the Azure AI Studio, which was announced to be generally available at //build 2024. Here is a glimpse of how you may translate documents in this user interface:


AI Studio screenshot.png


SharePoint document translation

The document translation integration in SharePoint lets you easily translate a selected file or a set of files into a SharePoint document library. This feature lets you translate files of different types either manually or automatically by creating a rule.

Sharepoint screenshot.png


Learn more about the SharePoint integration here.

You can also use the translation feature for translating video transcripts and closed captioning files. More information here.


Document translation in container is generally available

In addition to the above updates, earlier this year, we announced the release of document translation and transliteration features for Azure AI Translator containers as preview. Today, both capabilities are generally available. All Translator container customers will get these new features automatically as part of the update.


Translator containers provide users with the capability to host the Azure AI Translator API on their own infrastructure and include all libraries, tools, and dependencies needed to run the service in any private, public, or personal computing environment. They are isolated, lightweight, portable, and are great for implementing specific security or data governance requirements.


With that update, the following are the operations that are now supported in Azure AI Translator containers:

  • Text translation: Translate the text phrases between supported source and target language(s) in real-time.

  • Text transliteration: Converts text in a language from one script to another script in real-time. 

  • Document translation: Translate a document between supported source and target language while preserving the original document’s content structure and format.


Announcing unlimited application installs in Dynamics 365 Customer Insights

Announcing unlimited application installs in Dynamics 365 Customer Insights

This article is contributed. See the original author and article here.

We’re excited to announce unlimited application installs when starting with Dynamics 365 Customer Insights, an improvement to our license definition and installation management experience. As of June 30, 2024 we’ve removed application installation limits for Customer Insights–Journeys (real-time journeys only) and Customer Insights–Data. Previous application installations had restrictions of four per base license of the new Dynamics 365 Customer Insights license launched September 2023, and one if using the older, standalone Marketing license.  

Unlimited application installations: What it means for you

 After June 30, 2024, as an admin, you have unlimited application installs with Customer Insights – Journeys (real-time only) and Customer Insights – Data on as many production and sandbox environments in the Power Platform Admin Center as you’d like. Admins with a paid Dynamics 365 Customer Insights license on their tenant (i.e. production or sandbox environments) will no longer see the application installation counter and limits. See details on how to install Customer Insights. Customer Insights –Journeys, application install limits still apply to additional installations of legacy outbound marketing solutions. (This accommodates the high cost of the background services.) For customers using only real-time Journeys, there is no installation limit.

  • Access the installation management page by going to admin.powerplatform.microsoft.com -> Resources -> Dynamics 365 apps -> Dynamics 365 Customer Insights or Marketing -> … -> Manage. Because it’s no longer restricted, the meter doesn’t display the count of paid application installations you’re entitled to or have used. However, trials are still limited to one per license.
  • If your tenant has used outbound marketing solutions, you see a meter monitoring your entitled and installed instances of outbound marketing. We count outbound marketing instances based on the previous application logic. For Dynamics 365 Marketing standalone licenses and application add-on licenses you get one install per license. For the Dynamics 365 Customer Insights combined license launched September 2023, you get four outbound marketing installs per base license. Learn more about who can enable outbound marketing.

Enhancing your applications installation experience

While making this change, we took the opportunity to simplify the user experience further with the following small changes:

  • We removed the little gray “i” icon with the environment URL. Find the environment URL in the green checkmark.
  • If your tenant does not have any Dynamics 365 Customer Insights or Marketing licenses, you see a view which offers you links to learn how to buy.

We hope these license definition and user experience improvements simplify your experience installing Dynamics 365 Customer Insights.

The post Announcing unlimited application installs in Dynamics 365 Customer Insights appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Ernst & Young reinvents sales globally with Microsoft Dynamics 365

Ernst & Young reinvents sales globally with Microsoft Dynamics 365

This article is contributed. See the original author and article here.

Building a successful sales team starts with collaboration and insights. To boost performance across the sales journey, business development professionals must be empowered to engage across internal teams to better connect with customers and easily interact with data and insights. Like any organizational transformation, adapting teams to a new way of selling requires coordination between people, process, and technology—a challenging effort for any organization.

So, how does one of the largest professional services organizations in the world—with almost 400,000 people across 700 offices in 150 countries—transform and connect a sales organization that spans nearly every corner of the globe?

a woman wearing glasses and smiling at the camera

Microsoft Dynamics 365 Sales

Optimize your organization and transform your sales processes.

For Ernst & Young LLP (EY), one of the largest professional services member firms worldwide, its sales transformation journey included Microsoft Dynamics 365 Sales. EY began its extensive rollout of Dynamics 365 Sales with the simple mission to deliver exceptional client service. By equipping more than 100,000 EY member firm professionals across the globe with an intuitive customer relationship management (CRM) system that is integrated across marketing, sales, delivery, and insights, EY can help its clients and itself maintain a competitive edge across markets.

The sales system also sets the stage for enhanced seller productivity with Microsoft 365, including the ability to access and collaborate on customer opportunities within the flow of work from Microsoft Outlook and Microsoft Teams. And Microsoft Copilot capabilities are expected to help sellers work more efficiently and improve customer experiences with email assistance, personalized sales content creation, AI-generated insights, and recommendations for next steps.

Breaking down barriers for a globally-connected team

To help their clients solve their most complex problems, EY needed a digital sales foundation that helped enable sellers to be connected, proactive, and insightful with a deeper understanding of account and opportunity data. A collaborative sales system can empower teams to help deliver consistently exceptional client services and continuously adapt to rapid changes across each client organization, industries, and entire markets.

That’s why EY turned to Microsoft Dynamics 365 Sales and the latest advancements in AI to both unify and transform sales processes with a goal to improve cross-team collaboration and deepen connections with clients.

Led by a need for a more integrated approach to client relationship building focused on client value, EY identified the people who would gain the most from a global sales transformation. For example, EY pursuit leaders, who are dedicated to leading complex client relationships, could benefit from deeper insights into client and industry issues to deliver the right set of solutions when pursuing opportunities. Client-serving teams could also benefit from a system that provided targeted, meaningful information and insights, helping them to create winning proposals in less time.

In 2022, EY and Microsoft got to work on an architecture design and implementation plan for a sales platform that bridged both existing solutions and a modern, future-proof platform for insights, automation, collaboration, productivity, and reporting. These transformative solutions build on a years-long commitment to power growth and innovation of EY on Microsoft technologies such as Microsoft Azure, Microsoft Azure OpenAI Service, Microsoft Fabric, Microsoft Power Platform, Microsoft 365, and Microsoft Dynamics 365.

A new way to power a global organization

EY client-serving teams around the world are standardizing sales processes on a single, unified customer relationship management and productivity system. On this new, flexible platform, with the ability to integrate third-party applications and adapt new technologies, teams can leverage both tools they currently depend on and leverage the latest in Dynamics 365 and AI enhancements.

For example, teams will continue to manage engagements in SAP ECC, but the integration with Dynamics 365 Sales will help ensure a more seamless handoff of crucial information to delivery. This allows EY to take advantage of Microsoft capabilities, such as Microsoft Power BI data visualizations, Outlook, and Teams for enhanced collaboration and AI and automation features to streamline processes.

“We’ve brought the opportunity management process closer to where we spend our time—in Outlook, in Teams, and on the go while on mobile.”

Kris Kuty, Global Product Manager, Ernst & Young LLP

Early signs of success

Only months after deployment, EY reports that the new sales platform is making a real impact on the way they do business. Some of the results include:

  • An enhanced CRM solution that has connected marketing, sales, and service processes for better collaboration between teams.
  • Greater access to intelligence and insights, enabling client-serving teams, financial forecasters, and business planners to be more efficient and knowledgeable, equipped to make better decisions faster, and, ultimately, make deeper connections with clients.
  • Standardized sales processes and unified views across accounts, using a globally consistent and streamlined system that includes a mobile Power App, Outlook, and Teams, with integrations to key EY systems for master data, risk management, and enterprise reporting. EY sales, service, and finance teams can access the information they need when they need it, right in the flow of work.
  • Improved pipeline visibility, giving EY client-serving teams a clear view of client pursuits across their broad services, supported by contextual insights into each sales contact and activity.
  • Tighter team collaboration, leading to more connected peer conversations and better outcomes for their clients’ most complex challenges.

Moving forward, the EY sales excellence journey will include AI and Copilot. To reinforce Dynamics 365 Sales as a key enabler for client serving individuals they expect to:

  • Provide AI-based recommendations for client communications and next best topics utilizing historical interactions as well as industry insights and trends.
  • Analyze seller behavior to recommend new ways of working.
  • Provide AI-driven recommendations for deal scoring and lead prioritization.

“We are extremely excited about what is coming and what is possible. We’ve already kicked off with Copilot and the possibilities with AI are extremely attractive as we aim to serve our clients even better. We have our integrated platform in place, with Dynamics 365 Sales at the center. Now we can build on this and continue the transformation.”

Jeremy Hallett, Global Markets Enablement Leader, Ernst & Young LLP

Better positioned to design and deliver transformative cloud solutions to organizations worldwide

The EY transformation story showcases how Dynamics 365 Sales can help complex, regulated, multi-national organizations inspire a unified, customer-focused global sales operation—empowered to move business forward with a shared vision and digital toolkit. And, as one of Microsoft’s top systems integrators, EY is well positioned to help deliver that value to organizations everywhere.

“Putting Dynamics 365 and Copilot in the hands of more than 100,000 EY member firm professionals showcases how modern architectures and the latest advancements in AI create competitive advantage. Part of embarking down this journey was to demonstrate for our clients that it can be done for even the most complex global enterprises. The time is now to create new ways of working with AI-powered transformations.”

Jim Little, Global Microsoft Alliance Leader, Ernst & Young LLP

The EY organization can help complex organizations find their own path to differentiate with Dynamics 365 and AI and surface the right data for personalized customer experiences, critical business insights, and operational agility. Applying direct learnings from their global implementation of Dynamics 365 Sales, as well as day-to-day experiences using the technology, will bring a wealth of additional perspective, insights, and guidance to every engagement.

Learn more about Dynamics 365 Sales, as well as the EY Microsoft Alliance

The post Ernst & Young reinvents sales globally with Microsoft Dynamics 365 appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Dynamics 365 Field Service announces the new Crew Allocation Tool, which enables the “Morning Shuffle” 

Dynamics 365 Field Service announces the new Crew Allocation Tool, which enables the “Morning Shuffle” 

This article is contributed. See the original author and article here.

Being able to efficiently and effectively manage your resources is key to Dynamics 365 Field Service. Today, we introduce a new Crew Allocation Tool to streamline the process of making single-day membership changes to all your crews.

We’ve heard from users that it can be tedious to manually go into crew records, take a resource out for a day, add a new resource, and reset it all at the end of the day. Now, when a technician is on leave, a piece of equipment is out of service, or you need to add some additional support for a particularly intensive day, making the necessary crew reassignments will be a seamless, intuitive experience.  

Accessing the New Tool 

To find the new Crew Allocation Tool, you’ll first head to the Resources page. There you can either navigate to a view with your desired crews or just select up to fifteen crews you want to work with. You’ll see a new button in the control bar titled Crew Allocation that will open the tool. 

Accessing the new Crew Allocation Tool

Making Single Day Membership Changes 

When you enter the new tool, you’ll see your selection of crews displayed in a grid along with all the members that are working that day. You’ll also see all the bookings that the crew has for the day listed for easy reference. To move a crew member from one crew to another is as simple as dragging and dropping one or more of these resources from their original crew to the target crew. You can also make your resource selection and use the Assign to crew button to select a new crew.  

Of course, sometimes the resource you want to add to a crew is not already on another. In this case, you can use the Available Resources Panel. This section of the tool, which is based on the views you already have defined from the Resources page, is where you will find any resources working that day who are not already on a crew. From here, you can also select one or more resources, and move them to a crew either by dragging and dropping or the Assign to crew button.  

Moving and updating the resources within the new Crew Allocation tool.

The last kind of single day membership change is removing a resource from a crew. Let’s say you know a particular resource is booked up with individual training that day and won’t be able to contribute to crew activities. You can simply select that resource (or more than one resource) and click on the Remove button. Additionally, if you want to start from a clean slate, you can click Remove all and start all your crews from scratch.  

Removing the resources with the new Crew Allocation Tool

Updating Schedules 

Once you save your changes, the crew tool updates your crews and cascades your existing crew bookings. First your membership changes will be saved, with new resources being added to a crew, and removed resources being taken out for a full day in the target crew’s time zone. Then, the impacted resources’ schedules will be updated with appropriate bookings and cancellations. This phase will happen in the background, so you’re free to go on to your other daily tasks while the booking changes cascade.  

Now that all the booking changes are cascaded, your crews’ schedules will be up to date with the latest memberships and bookings.

This also means that if you create a new booking for the crew on the active day, it will populate to your new resource’s schedule like any other crew member.  

We’re excited to roll this new Crew Allocation Tool streamlines process tool out to all Field Service users and look forward to hearing about your experience. 

Explore more on Dynamics 365 Field Service documentation and share your feedback within the Field Service product or via our ideas portal. Your input drives continuous improvement for enhanced operational performance. 

The post Dynamics 365 Field Service announces the new Crew Allocation Tool, which enables the “Morning Shuffle”  appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.