Microsoft’s Digital Transformation: Modernizing IT Infrastructure with Azure
Microsoft is undergoing a significant transformation in its internal IT infrastructure management, spearheaded by the Microsoft Digital Employee Experience (MDEE) team. Embracing digital transformation and the cultural changes that accompany it, MDEE is leveraging the power of Microsoft Azure to create a customer-focused, self-service management ecosystem centered around modern engineering principles and Microsoft Azure DevOps.
With over 98 percent of Microsoft’s IT infrastructure residing in the cloud, the organization is adopting Microsoft Azure’s monitoring, patching, backup, and security tools. This shift aims to deliver a fully automated, self-service management solution that offers comprehensive visibility over the entire IT environment. The ultimate goal is to empower Microsoft’s business groups, allowing them to adapt IT services to meet their specific needs effectively.
For a deeper understanding of this transformation, a video is available on YouTube. You can find it by visiting https://www.youtube.com/watch?v=C1PEhAT1Cns. Select the “More actions” button (three dots icon) below the video, and then select “Show transcript.” Microsoft experts detail their processes and the tools used to transition monitoring services to Azure, demonstrating how they recreated System Center Operations Manager (SCOM) functions within Azure Monitor using native Azure capabilities. Additionally, you will learn how DevOps teams use log analytics to gain more visibility into end-to-end application performance.
Digital Transformation at Microsoft
The MDEE team, a global IT organization, is dedicated to fulfilling the evolving business needs of Microsoft. Microsoft Azure serves as the primary platform for its IT infrastructure, hosting a significant portion of their operations. Here are some quick facts:
- 220,000+ employees
- 150 countries
- 587 locations
- 1,400 Azure subscriptions
- 1,600 Azure-based applications
- 17,000 Azure infrastructure-as-a-service (IaaS) virtual machines
- 643,000 managed devices
Historically, Microsoft’s IT infrastructure was rooted in the datacenter, with traditional hosting services running in physical, on-premises environments. These infrastructures used specialized technologies and required skilled personnel for design, deployment, and management. Limited by the planning and implementation time, the company saw an opportunity to utilize cloud-based infrastructure to transform IT operations. As a result, Cloud-based infrastructure has grown in recent years and continues to evolve to keep up with dynamic IT landscapes.
Traditional IT Technologies, Processes, and Teams
Traditional datacenters were managed by many IT professionals that supported diverse platforms. Physical and virtual servers comprised a mass of metal and silicon that needed to be managed and maintained. Microsoft product engineering groups had similar adoption processes for app services. This model worked well for traditional IT infrastructure, but cloud computing and Azure changed everything in its wake.
Evolution of the Hybrid Cloud
As infrastructure and services were moved to the cloud, Microsoft and its Azure services changed as a result. In the beginning, Microsoft utilized early Azure as IT. Cloud development and management were fully controlled. The infrastructure was based on IaaS virtual machines and hosted workloads in the cloud the same way data centers did. To manage the cloud, Microsoft used some of the same tools and processes as the data center. Datacenters were still the focus; however, the rise of the cloud was on the horizon as Microsoft evolved Azure. PaaS, co-ownership, and cloud-first became the norm, which led to Azure taking over the IT solutions and datacenter decommissioning. Microsoft evolved Azure from IT-owned applications to featuring more self-service and management features.
Monitoring and management was becoming cloud-focused as we pointed more of our System Center Operations Manager (SCOM) and System Center Configuration Manager (SCCM) instances at the cloud. Azure-native management started to mature. Large-scale Azure: Service line–owned, IT-managed, PaaS-first PaaS quickly became a focus for developers in our business groups, as they realized the agility and scalability they could achieve with PaaS-based solutions. Those developers shifted to PaaS for applications as we transitioned away from IaaS and virtual machine-based solutions.
Microsoft Azure in a DevOps Culture
Microsoft is focused on cultivating a robust DevOps culture. This culture has reshaped how Microsoft Azure solutions are developed and operated, offering business groups agile, dynamic, and data-intensive solutions. Continuous integration and development drive constant improvements and feature releases. Azure solutions used by business groups are designed to respond to their specific business requirements. The company is actively implementing Azure-native tools for insights into its IT environments.
Realizing Digital Transformation & The Modern Workplace
In the modern workplace, developers and IT decision-makers in the enterprise’s business groups play a crucial business role. These business groups need the ability to independently make IT decisions that best serve their needs. Microsoft is utilizing Azure to deliver agility and scale to solve business issues with Microsoft’s IT from infrastructure to the management end.
Managing the Modern Hybrid Cloud
Microsoft’s modern hybrid cloud is composed primarily of Microsoft Azure. Azure is crucial for Microsoft’s platform for infrastructure and management tools, and this trend reflects a growing reality. Implementing new solutions to run the cloud environment to handle remaining on-premises infrastructures is crucial for Microsoft’s overall management. The new focus has been the ability for engineers to leverage PaaS, Functions, and Container models to optimize the management of cloud environments.
Embracing Decentralized IT
Decentralized IT services are a critical aspect of this digital transformation. The company needs a management strategy that provides its business units what they need to manage their environments. By allowing the organization to decentralize services and ownership, the business groups get several benefits:
- Greater DevOps flexibility
- Native cloud experience
- Freedom to choose marketplace solutions
- Minimal subscription limit issues
- Greater control over groups and permissions
- Greater control over Azure provisioning & subscriptions
- Business group ownership of billing & management
Microsoft’s goal in using data management is in constant pursuit of a system that transforms tasks into self-service native cloud solutions for the sake of its environment.
Supporting Digital Transformation with Microsoft Azure Management Tools
Managing the hybrid cloud within Microsoft Azure comprises diverse activities. To improve, business groups must monitor their applications to recognize issues and opportunities and must also update systems and automate tasks. The company uses Azure to assist in hybrid cloud management.
Monitoring the Hybrid Cloud
Monitoring the hybrid cloud is an important task for business groups and service lines at Microsoft. The enterprise requires an understanding of how its apps are performing as well as an insight into the overall environment. Historically, the company used SCOM for over 10 years. To ease the transition from SCOM to Azure monitoring, Microsoft developed transition solutions that used native Azure functions and views in Azure Monitor. The transition solutions include PowerShell scripts and documentation that gives business groups the ability to work in a familiar setting. Microsoft’s business groups are able to be in a standardized environment with built-in test security and compliance. This helps Microsoft maintain a centralized standard. Azure’s monitoring is designed to do the following:
- Create Visibility: Providing access to metrics across Azure services for business units.
- Provide Insight: Business groups view diagnostics and analytics through applications, compute, storage, and network resources, including anomaly detection and proactive alerting.
- Enable Optimization: Monitoring results help business groups to see how users are using their applications.
- Deliver Extensibility: Support custom event ingestion, and broader analytics scenarios.
Microsoft has retired SCOM and left Azure monitoring as its default for cloud monitoring and is focusing on:
- The Installation and repair of Microsoft Monitoring Agent with Azure Runbooks.
- Centralized visibility into performance and health.
- Transition solution development to enable complete self-service monitoring.
- Complete transition from SCOM to Microsoft Azure.
Patching, Updating, and Inventory Management
Similar to its approach to monitoring, Microsoft is deploying transition solutions to streamline the migration of its business groups from existing on-premises tools to Azure. Patching processes leaned on existing solutions. Microsoft is moving to Azure in a phased approach. These transitions allow for inventory, update processes, and self-service patch management. From a management and patching perspective, Microsoft is focusing on:
- Inventory management from Configuration Manager to Microsoft Azure including tracking and management of IT assets.
- Update processes to Microsoft Azure Update Management.
- Self-service patch management.
- Orchestrated deployment of application and operating system updates with Azure.
- Creating and updating solutions to support the transition.
Ensuring Recoverable Data
Microsoft Azure is an important repository for business data, data recovery solutions address these issues:
- Recover data from malicious software or activity.
- Recover from deletion or data corruption.
- Secure critical business data.
- Maintain compliance standards.
- Provide historical data recovery requirements.
Microsoft is using Azure Backup as a self-service solution.
Embedding Security and Compliance
Decentralization gets the greatest scrutiny for security and compliance. Microsoft is responsible for security and legal compliance. A broad set of security and compliance practices are leveraged across all Microsoft Azure subscriptions. Security and compliance measures are governed by the following:
- Microsoft Azure Policy: Establish guardrails
- Automation: Complementing DevOps automation with it to save time and money.
- Empower engineering teams: Allow engineering teams to integrate security into the DevOps workflow.
- Maintain continuous assurance: Define a security state and track its drift.
- Set up operational hygiene: Create the ability to see the security state across DevOps stages and establish capabilities to receive alerts and security for activities.
At MDEE, the company is making great efforts to make Azure-based management better. The company envisions a management system that is cloud-based, and automated with the goal of continually building in Azure.
