Microsoft Support & Discussions

Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games. We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either. In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all”—which can be monumentally embarrassing—than reset a password. But what alternative do we have? For the past couple of years, we’ve been saying that the future is passwordless, and today I…

Information has long been wielded as an instrument of national power and influence. In today’s digital world, misinformation can also be just as powerful. On a special episode of Afternoon Cyber Tea with Ann Johnson, Sandra Joyce, Executive Vice President and Head of Mandiant Intelligence at FireEye joined me to talk about threat attribution and accountability when it comes to the use of technology by bad actors to help spread misinformation. As a US Air Force Reserve officer and faculty member at the National Intelligence University with four master’s degrees in cyber policy, international affairs, science and technology intelligence, and military operational art a…

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. In 2021, cyberattacks and instances of ransomware demands against companies, agencies, and institutions have dominated the headlines. These kinds of attacks are on the rise and often have long-reaching impacts that can spill over across supply chains. In just the first half of the year, there have been several high-profile cyberattacks in the United States including Colonial Pipeline1, JBS (the world’s largest meat supplier)2, the Washington, D.C. Police Department3, and the MTA of New York City4, to name a few. The SolarWinds cybersecurity breach5 open…

Medicine. Aeronautics. Academia. When you’re a cybersecurity professional, the colleague next to you could have started in one of these industries—or just about any other you can imagine. The backgrounds of cybersecurity professionals are more diverse than those of professionals in other industries. And because cybersecurity as an industry is so new, these professionals likely didn’t study security in school either. That includes LinkedIn’s Chief Information Security Officer (CISO) Geoff Belknap, who graduated college with a business degree. I hosted Geoff on a recent episode of Security Unlocked with Bret Arsenault to talk about strategies for recruiting cybersecurity ta…

Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI). Our investigation surfaced no unauthorized access to customer data. Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal. If you did not receive a notification, no action is required with respect to this vulnerability. Continue reading...

Several weeks ago, Microsoft detected a 0-day remote code execution exploit being used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks. The Microsoft Threat Intelligence Center (MSTIC) attributed the attack with high confidence to DEV-0322, a group operating out of China, based on observed victimology, tactics, and procedures. In this blog, we share technical information about the vulnerability, tracked as CVE-2021-35211, that we shared with SolarWinds, who promptly released security updates to fix the vulnerability and mitigate the attacks. This analysis was conducted by the Microsoft Offensive Research & Security Engineering team, a f…

Windows 365 Enterprise provides an easy method to automatically provision Cloud PCs, without the complex skillsets that are required for successful deployment in other virtualization environments. Windows 365 also offers flexibility, allowing organizations to manage Cloud PC users, deployment locations, and lifecycles. This article reviews some common considerations you can make for initial user provisioning, when you might need multiple provisioning policies, and how to manage those provisioning policies going forward. Scenario 1 – Provisioning by location Before you create a provisioning policy, you need to create your on-premises network connection (OPNC). T…

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for years, but their breadth and sophistication today pose a formidable threat. According to the FBI, fraudulent emails sent under the guise of their own domains cost companies over $13 billion between 2016 and 2020.1 Microsoft has industry-leading solutions for protecting customers from such attacks. Recently, Microsoft was named a leader in the 2021 Enterprise Email Security Wave…

In today’s changing business world, where flexibility is more crucial than ever, we’re honored that Gartner has again recognized Microsoft as a Leader in the Magic Quadrant for Unified Endpoint Management (UEM) Tools1. Over the last 18 months, millions of employees worldwide have had to shift their work from the office to the home, and millions more continue to deal with dramatically reconfigured workplaces. Whether it’s hybrid or remote work, the one common aspect is the endpoint-as-conduit through which people remain connected and participate in today’s workplace. Throughout this massive shift, it’s become clear that digital endpoints—PCs, phones, operating systems, and…

In 2020, the US Department of Defense (DoD) began the phased rollout of a new framework for protecting their supply chain, known as the defense industrial base (DIB). This new Cybersecurity Maturity Model Certification1 (CMMC) system requires regular audits that will bolster the security of the DIB, which comprises approximately 350,000 commercial companies producing everything from Abrams tanks, satellites, and Reaper drones down to laptop computers, uniforms, food rations, medical supplies, and much more. It’s no secret why the DoD would want to tighten security on its supply chain. According to DoD officials, organizations in the DIB are under constant attack both f…

On August 12, 2021, a security researcher reported a vulnerability in the Azure Cosmos DB Jupyter Notebook feature that could potentially allow a user to gain access to another customer’s resources by using the account’s primary read-write key. We mitigated the vulnerability immediately. Our investigation indicates that no customer data was accessed because of this … Update on the vulnerability in the Azure Cosmos DB Jupyter Notebook Feature Read More » Continue reading...

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Leigh Honeywell, CEO and Co-founder of Tall Poppy, which builds tools and services to help companies protect their employees from online harassment and abuse. In this blog, Leigh talks about company strategies for fighting online harassment. Natalia: What are some examples of online harassment experienced in the workplace? Leigh: Online harassment breaks down into two types. The first is harassment related to your …

Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating everyone before granting access. I hosted Emma Smith on a recent episode of Security Unlocked: CISO Series with Bret Arsenault to talk about Vodafone’s cybersecurity approach and the importance of workplace inclusion. The importance of employee inclusion and security When employees don’t feel included, they’re not going to do their best work, according to Emma, who is Vodafone’…

Today, we are open sourcing Cloud Katana, a cloud-native serverless application built on the top of Azure Functions to assess security controls in the cloud and hybrid cloud environments. We are currently covering only use cases in Azure, but we are working on extending it to other cloud providers. Design principles of Cloud Katana Figure 1: Cloud Katana design principles. Cloud Katana was designed and developed under the following principles: A serverless execution model. Compute on-demand as a web API. YAML-based attack definitions. Orchestrated stateful execution. Secure authentication and authorization. Managed identity integration. Granul…

Microsoft is excited to announce the launch of a new, three-month security research challenge under the Azure Security Lab initiative. The Azure Server-Side Request Forgery (SSRF) Research Challenge invites security researchers to discover and share high impact SSRF vulnerabilities in Microsoft Azure. Qualified submissions are eligible for bounty rewards up to $60,000 USD, with additional … Announcing the Launch of the Azure SSRF Security Research Challenge Read More » Continue reading...

With the massive volume of emails sent each day, coupled with the many methods that attackers use to blend in, identifying the unusual and malicious is more challenging than ever. An obscure Unicode character in a few emails is innocuous enough, but when a pattern of emails containing this obscure character accompanied by other HTML quirks, strange links, and phishing pages or malware is observed, it becomes an emerging attacker trend to investigate. We closely monitor these kinds of trends to gain insight into how best to protect customers. This blog shines a light on techniques that are prominently used in many recent email-based attacks. We’ve chosen to highlight th…

In part two of this three-part series, we covered the five types of side-by-side security information and event management (SIEM) configurations commonly used during a long-term migration to Microsoft Azure Sentinel. For part three, we’ll be looking at best practices for migrating your data and detections while operating side-by-side with your on-premises SIEM, as well as ways to maximize Azure Sentinel’s powerful automation capabilities to streamline common tasks. The information presented here is derived from experiences we’ve accumulated while assisting numerous customer migrations, as well as experiences gained by Microsoft’s own security operations center (SOC) in…

2020’s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred, bad actors are becoming more brazen and sophisticated. To help protect US national security, the White House on May 12, 2021, issued Presidential Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity3. This EO mandates “significant investments” to help protect against malicious cyber threats: Executive Order 14028 also states the “private sector must adapt t…

Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running. This phishing campaign exemplifies the modern email threat: sophisticated, evasive, and relentlessly evolving. The HTML attachment is divided into several segments, including the JavaScript files used to steal passwords, which are then encoded using various mechanisms. These attackers move…

Here at the global Microsoft Compromise Recovery Security Practice (CRSP), we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the deployment of crypto-mining tools. Ransomware is a growing threat to organizations and home users, as it is a low-cost, high-return business model. These attacks aren’t complex, they rely on tools and software exploits that have existed for many years and are still not remediated. They’re still sought out for a simple reason: they still work. In this post, we hope to share with y…