Microsoft Support & Discussions

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Runa Sandvik, an expert on journalistic security and the former Senior Director of Information Security at The New York Times. In this blog, Runa introduces the unique challenges and fundamentals of journalistic security. Natalia: What is journalistic security?  Runa: Being a reporter is not a 9-to-5 job. You’re not just a reporter when you step through the doors of The Washington Post or The Wall Street Journal or…

Last month, we introduced the SimuLand project to help security researchers around the world deploy lab environments to reproduce well-known attack scenarios, actively test detections, and learn more about the underlying behavior and implementation of adversary techniques. Since the release of the project, we have worked on a second phase to improve the current documentation and collect the telemetry generated after running the simulation plans in the lab guides. Today, we are excited to release a dataset generated from the first simulation scenario to provide security researchers with an option to access data mapped to attack behavior without deploying the full enviro…

Every day, Microsoft Defender for Office 365 encounters around one billion brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In this blog, we discuss our latest innovation toward developing another detection layer focusing on the visual components of brand impersonation attacks. We presented this approach in our Black Hat briefing Siamese neural networks for detecting brand impersonation today. Before a brand impersonation detection system can be trained to distinguish between legitimate and malicio…

With every week bringing new headlines about crippling cyberattacks, and with organizations growing increasingly distributed, security teams are constantly asked to do more with less. Moving to cloud-native security information and event management (SIEM) can help security teams analyze data with the scale of the cloud, and empowers them to focus on protecting the organization, not managing infrastructure. As the industry’s first cloud-native security operation and automated response (SIEM+SOAR), Azure Sentinel provides security analytics across the organization to fight today’s sophisticated cyber threats. It does this by collecting data across the digital estate—includi…

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker behavior and outlines investigation guidance.] LemonDuck is an actively updated and robust malware primarily known for its botnet and cryptocurrency mining objectives. As we discussed in Part 1 of this blog series, in recent months LemonDuck adopted more sophisticated behavior and escalated its operations. Today, beyond using resources for its traditional bot and mining acti…

Today, we are launching MLSEC.IO, an educational Machine Learning Security Evasion Competition (MLSEC) for the AI and security communities to exercise their muscle to attack critical AI systems in a realistic setting. Hosted and sponsored by Microsoft, alongside NVIDIA, CUJO AI, VM-Ray, and MRG Effitas, the competition rewards participants who efficiently evade AI-based malware detectors and AI-based phishing detectors. Machine learning powers critical applications in virtually every industry: finance, healthcare, infrastructure, and cybersecurity. Microsoft is seeing an uptick of attacks on commercial AI systems that could compromise the confidentiality, integrity, an…

Black Hat USA 2021 is about understanding the needs of security professionals and meeting you where you are. With last year’s pandemic-related firefighting still fresh in our minds, this year’s event will provide a welcome respite to learn about cutting-edge security solutions, build our skillsets, and network with peers. Microsoft Security is committed to helping you secure your entire digital estate with integrated, comprehensive protection—bridging the gaps to catch what others miss. We provide the leading AI, automation, and expertise that help you detect threats quickly, respond effectively, and fortify your security posture. As the world enters a new normal where…

Universal Print eliminates the need for on-premises print servers and let you easily manage and deploy printers directly to Cloud PCs with Microsoft Endpoint Manager. As businesses are shifting more and more to digital and away from paper, you could ask yourself, do we still have to print? In many cases, the answer is still "yes" and that's why it is important to simplify legacy print environments in the most efficient way possible. This is where the new Microsoft 365 service Universal Print comes into play! What is Universal Print? Universal Print is a cloud-based print solution to allow IT admins to share and manage printers through the cloud. You might re…

Our investigation into several vulnerabilities collectively referred to as “PrintNightmare” has determined that the default behavior of Point and Print does not provide customers with the level of security required to protect against potential attacks. Today, we are addressing this risk by changing the default Point and Print driver installation and update behavior to require … Point and Print Default Behavior Change Read More » Continue reading...

If you have a Windows 10 Enterprise subscriptions (formerly called Software Assurance), we recommend that you download language pack media from the Volume Licensing Service Center (VLSC). Upon signing in, you can access the downloads by searching under Downloads and Keys for "Windows 10." How to search for downloads and product keys within the Volume Licensing Service Center To select and download multiple language packs at once, select MultiLanguage. If you only need one language pack, select the individual language pack and then select Continue. Selecting more than one language pack in the Volume Licensing Service Center The results will return the curren…

The MSRC Researcher Recognition Program offers public thanks and acknowledgement to the researchers who help protect customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure. Today, we are excited to recognize this year’s Most Valuable Security Researchers (MVRs) based on the impact, accuracy, and volume of their reports. Congratulations to each of our MSRC … Congratulations to the MSRC 2021 Most Valuable Security Researchers! Read More » Continue reading...

With Windows 365, you can automatically provision Windows virtual machines (Cloud PCs) and manage them alongside your organization’s other devices in Microsoft Endpoint Manager. A prerequisite for using Cloud PCs is that the devices must be hybrid Azure Active Directory (Azure AD) joined. Some organizations may need to configure new hybrid Azure AD environments to accommodate Cloud PCs, while others can utilize their existing hybrid Azure AD environments to connect their on-premises resources and cloud-based services. If you have an existing environment, you may need to modify your hybrid Azure AD configuration to successfully provision Cloud PCs. This article outli…

Windows 365 Business is a version of Windows 365 made specifically for use in smaller companies (up to 300 seats). It offers an easy, streamlined way of providing Cloud PCs to your users. Users want technology that is familiar, easy to use, and always available so they can work and create fluidly across devices. Cloud PC makes this possible by combining the power and security of the cloud with the familiarity of the PC. Only Microsoft can bring together the PC and the cloud with a consistent and integrated Windows experience. What is a Cloud PC? It is your personalized desktop, apps, data, settings, and content streamed securely from the cloud directly to your devic…

Today I am thrilled to share the general availability of Windows 365 and the resources available to help you get started with this new cloud service! Windows 365 introduces a new way to experience Windows 10 or Windows 11 (when it’s generally available later this calendar year) for all types of workers, from interns and contractors to software developers and industrial designers. Windows 365 takes the operating system to the Microsoft Cloud, securely streaming the full Windows experience—including all your apps, data, and settings—to your personal or corporate devices. This approach creates a fully new personal computing category, specifically for the hybrid world: the…

Today, we are thrilled to announce the general availability of Windows Autopilot for HoloLens 2! IT administrators around the world can now use Microsoft Endpoint Manager to efficiently set up their fleet of HoloLens 2 devices and effectively deploy them to their production environments. Traditionally, IT pros spend significant hands-on time configuring and setting up devices that will later be used by end users. With Windows Autopilot for HoloLens, we are simplifying this process. IT admins can pre-configure devices with a few simple operations, and end users can set-up the devices with little to no interaction by connecting to a network and verifying credentials. …

As we work through the Public Preview of expedited updates in Microsoft Endpoint Manager, we wanted to share troubleshooting tips based on the feedback we've received to date. We are continuing to build and enhance the expedited update capabilities currently available in public preview. We investigate issues and feedback. We update documentation. We make improvements. For those eager to utilize this feature, but who may be experiencing issues, we wanted to share some information to help efficiently troubleshoot your devices independently. Most of the tips included in this post are based on the assumption that you are using Microsoft Intune to create and manage an exped…

From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security transformation. And as we look forward to the next major disruption—the move to hybrid work—one thing is clear: the pace of change isn’t slowing down. In the face of this rapid change, Zero Trust has risen as a guiding cybersecurity strategy for organizations around the globe. A Zero Trust security model assumes breach and explicitly verifies the security status of identity, endp…

Today’s cybersecurity threats continue to find ways to fly and stay under the radar. Cybercriminals use polymorphic malware because a slight change in the binary code or script could allow the said threats to avoid detection by traditional antivirus software. Threat actors customize their wares specific to their target organizations to increase their chances of breaking into and moving laterally through an entire corporate network, exfiltrating data, and leaving with little or no trace. The underground economy is rife with malware builders, Trojanized versions of legitimate applications, and other tools and services that allow malware operators to deploy highly evasive ma…

Today we introduced Windows 365. Find out what you need to know to jump into this new service and make it even easier for your users to connect to Windows running in the Microsoft cloud. Before I start explaining the steps required to get your environment up to speed, I’d like to start by outlining what Windows 365 is. Let’s get started! What is Windows 365? Users want technology that is familiar, easy to use and always available so they can work and create fluidly across devices. Cloud PC makes this possible by combining the power and security of the cloud with the familiarity of the PC. Only Microsoft can bring together the PC and the cloud with a consistent …

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Computer-aided design (CAD) files are used by design professionals in the manufacturing, engineering, architecture, surveying, and construction industries. These highly valuable files contain confidential information and form their core intellectual property (IP). Loss of such proprietary information to an outsider or a competitor can have disastrous effects leading to a loss in sales, market share, and reduced profit margins. However, such industries often collaborate with other design partners or vendors or they share their design parts with smaller m…

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Rockwell Automation Vice President and Chief Information Security Officer Dawn Cappelli. In this blog post, Dawn talks about the importance of including insider risk in your cybersecurity plan. Natalia: What is the biggest barrier that organizations face in addressing insider risk? Dawn: The biggest barrier is drawing attention to insider risk. We heard about the ransomware group bringing down the Colonial Pipelin…

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 will be a deep dive on the attacker behavior and will provide investigation guidance.] Combating and preventing today’s threats to enterprises require comprehensive protection focused on addressing the full scope and impact of attacks. Anything that can gain access to machines—even so-called commodity malware—can bring in more dangerous threats. We’ve seen this in banking Trojans serving as entry point for ranso…