AWS

This is the monthly news from Microsoft. This month deals with Microsoft Defender. There is much good information in this article. I hope you get as much out of it as I did. Microsoft Defender XDR Monthly news June 2024 Edition [attachment=53430:name] This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from May 2024. Legend: [attachment=53431:name] Product videos [attachment=53432:name] Webcast (recordings) [attachment=53433:name] Docs on Microsoft [attachment=53434:name] Blogs on Microsoft [attachment=53435:name] GitHub [attachment=53436:name] External [attachment=53437:name] Improvements [attachment=53438:name] Previews / Announcements Unified Security Operations Platform: Microsoft Defender XDR & Microsoft Sentinel [attachment=53439:name] Host Microsoft Defender data locally in Switzerland. We are pleased to announce that local data residency support in Switzerland is now generally available for Defender for Endpoint and Defender for Identity. [attachment=53440:name] Create custom detections that include both Microsoft Sentinel and Defender XDR data. With the Unified Security Operations Platform, you are now able to create a customizable detection to look across both Microsoft Sentinel and Defender XDR data, without requiring any additional ingestion, via Custom detections. You will no longer have to duplicate data across both environments to ensure you are capturing what is necessary. Analytics rules will continue to work on any data ingested into Microsoft Sentinel. Learn more in our documentation. [attachment=53441:name] Advanced hunting query API via Graph API is now available for log analytics data! A new optional parameter "timespan" for the Graph API was added and allows you to query your log analytics data for any lookback time, not only for 30 days. This new parameter is not yet documented, but will get added to this link. [attachment=53442:name] SOC optimization: unlock the power of precision-driven security management. A new experience and API is currently in public preview – Microsoft Sentinel’s SOC Optimization, designed to empower security teams with precision-driven management capabilities. Read the announcement blog, and watch the webinar with a live demo. [attachment=53443:name]SOC optimization - Unified Security Operations Platform [attachment=53444:name] New Ninja show episodes: New Defender XDR Copilot for Security Capabilities: Tune into this episode to learn the latest advancements, now available in the April release of Copilot for Security GA. We dive into the notable enhancements and new features, such as Guided Response for all incident types, comprehensive device and file summaries, end-user communications, and much more.Answering Your Questions: Attack Disruption Explained: Attack Disruption is an automated response feature, designed to contain an ongoing attack quickly and effectively by leveraging high-confidence signals from both Microsoft Defender and non-Microsoft products. This episode addressees the most frequently asked questions about Attack Disruption and shares clarifications on its functionality. Microsoft Security Exposure Management [attachment=53445:name] Respond to trending threats and adopt zero-trust with Exposure Management. This blog post shares updates to Security Initiatives and also gives a heads up about a few updates to attack path analysis. Microsoft Security Experts [attachment=53446:name] A BlackByte Ransomware intrusion case study. This blog details an investigation into a ransomware event. During this intrusion the threat actor progressed through the full attack chain, from initial access through to impact, in less than five days, causing significant business disruption for the victim organization. [attachment=53447:name] Recover an Active Directory Certificate Services (ADCS) platform from compromise. This blog describes comprehensive backup and restore strategies for ensuring swift recovery and restoration of essential certificate services following a cyberattack or data breach. [attachment=53448:name] Hunting for MFA manipulations in Entra ID tenants using KQL. This blog describes how to use Kusto Query Language (KQL) to parse and hunt for MFA modifications in Microsoft Entra audit logs. By the end of this blog, you will have a better understanding of how to track MFA changes in compromised tenants using KQL queries and how to improve your cloud security posture. [attachment=53449:name] Microsoft Defender Experts Services Expanded Coverage Upcoming Preview. The upcoming preview of our Defender Experts services expanded coverage scheduled for June 2024 extends the capabilities to include customers’ cloud estates with servers and virtual machines running in Microsoft Azure and on-premises via Defender for Servers in Microsoft Defender for Cloud. In addition, our coverage will utilize third-party network signals to enhance investigations, create more avenues to generate leads for comprehensive threat hunting, and accelerate response earlier in the attack chain. Microsoft Defender for Endpoint [attachment=53450:name] Simplify triage with the new Alert Timeline. This blog introduces the latest feature to our rich reporting feature set - the alert timeline - a new view that minimizes the time needed for triage and investigation without compromising the quality of analysis. [attachment=53451:name] Offline Security Intelligence Update is now generally available. Organizations can now update security intelligence (also referred to as “signatures”) on Linux endpoints with limited or no exposure to the internet using a local hosting server. Details in this blog. [attachment=53452:name] Update: The Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL) is generally available as of 05/23/2024. Details in this blog. [attachment=53453:name] Update: The streamlined device connectivity experience is generally available as of 5/8/2024. Details in this blog. Microsoft Defender for Identity [attachment=53454:name] Easily detect CVE-2024-21427 with Defender for Identity. This blog details the new activity added to the Advanced Hunting experience in the Defender portal which can help you spot potential attempts to exploit this vulnerability. Microsoft Defender for Cloud Apps [attachment=53455:name] App Governance capabilities are now available in GCCH & DoD. App Governance capabilities in Defender for Cloud Apps are now available to opt-in in GCCH& DoD - go ahead and enable it to increase your app protection. [attachment=53456:name] Defender for Cloud Apps now provides new in-browser protection capabilities via Microsoft Edge to enable security teams to seamlessly manage how a user can interact with in-app data based on their risk profile. The in-browser protection removes the need for proxies, improving both security and productivity, based on session policies that are applied directly to the browser. Details in this blog. [attachment=53457:name]A block message from Defender for Cloud Apps to prevent the download of a sensitive file within the Edge browser Microsoft Defender for Office 365 [attachment=53458:name] Automated responses to users via Automated Investigation and Response (AIR) is now generally available. Details in this blog. [attachment=53459:name] Enhanced Response Action Experience from Threat Explorer. You can now take multiple actions at the same time on messages via Threat Explorer. This feature makes it easier and faster for SecOps to deal with email threats by giving you logical grouping of actions, contextual availability of actions, and support for tenant level block URLs and files. Details in this blog. [attachment=53460:name] Email Protection Basics in Microsoft 365 Part Five: Mastering Overrides. This blog is the fifth and final part of the "email protection basics" blog series,  and it covers the different overrides, why you may need them, and why it isn’t a good idea to keep them permanently. Microsoft Security Blogs [attachment=53461:name] “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps. Microsoft discovered a high impact vulnerability pattern found in popular Android applications that a malicious app can leverage along with an advanced & previously to compromise vulnerable apps on the same device, potentially leading to account credentials, tokens, sensitive data. [attachment=53462:name] Threat actors misusing Quick Assist in social engineering attacks leading to ransomware. Microsoft Threat Intelligence has observed Storm-1811 misusing the client management tool Quick Assist to target users in social engineering attacks that led to malware like Qakbot followed by Black Basta ransomware deployment. [attachment=53463:name] Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks. Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new custom ransomware. Continue reading...

We continue to expand the Microsoft AppSource ecosystem. For this volume, 54 new offers successfully met the onboarding criteria and went live. See details of the new offers below: [HEADING=2]Get it now in our marketplace[/HEADING] [attachment=53295:name] CCH SureAddress for CCH SureTax: This offer from Wolters Kluwer validates addresses individually or in bulk for Microsoft Dynamics 365. CCH SureAddress validates the following: company information page, location page/list, customer page/list, vendor page/list, ship-to address page/list, order address page/list, bank account page/list, contact page/list, responsibility center page/list, and job page/list. Available in English for the United States and Canada. [attachment=53296:name] Hive Streaming Silent Test: This offer from Hive Streaming allows for flawless execution of live video events while reducing bandwidth load and ensuring high-quality video for all employees. Prerequisites include suitable applications for script distribution and online participation. Supported systems include Microsoft Windows and MacOS, with supported browsers including Microsoft Edge, Google Chrome, and Firefox. [attachment=53297:name] Nextuple OMS Studio: Nextuple OMS Studio is a modular, microservice-based platform that enhances legacy order management systems by offering advanced inventory and promising, order orchestration, and store fulfillment capabilities. The platform offers multiple deployment and ownership options, package and bespoke implementations, and consulting/services for business and tech strategy. [attachment=53298:name] Proventeq Content Productivity Suite - Copilot Edition: This offer from Proventeq helps organizations transition to an intelligent workplace with AI-powered tools for content understanding, classification, and automation. It includes a copilot accelerator for security and compliance readiness, graph connectors, copilot plugins, and custom generative AI solutions. The suite supports popular enterprise content management systems and facilitates migration projects. [attachment=53299:name] Reminders by Udyamo: Reminders by Udyamo is a task management and team collaboration tool for Microsoft Teams. It offers seamless integration, customizable reminders, an intuitive interface, enhanced collaboration, and centralized management. It's a valuable tool for managing reminders efficiently and fostering better coordination among team members. [attachment=53300:name] Fluentis Standard ERP: This offer from Fluentis is a comprehensive solution for small- and medium-sized enterprises, covering all main application areas from administration to logistics management. It includes modules for finance, treasury, controlling, purchase, sales, and logistics. The system offers automation and speed in communication with banks and accounting for transactions, and helps increase productivity and efficiency by optimizing storage and goods flows. [attachment=53301:name] TRaaS Plugins: From Numonix, this Microsoft Teams recording as a service (TRaaS) plugin for the Recorder Panel Base Cost plan allows for secure recording and muting functionality for compliance regulation. It can be used for calls that are being recorded automatically or recorded on-demand. Muting is triggered when using the native Teams app, maintaining total integrity of the recording. [HEADING=2]Go further with workshops, proofs of concept, and implementations[/HEADING] [attachment=53302:name] BCN Power BI Managed Services: This offer from BCN Group features flexible options to support, develop, and improve Microsoft Power BI environments. BCN provides ongoing support, dedicated developer time, and a set number of developers assigned to the account. BCN's certified Power BI developers work with customers to provide strategy support, unlimited development time within business hours, and development of reports and dashboards. [attachment=53303:name] Enterprise Analytics with Microsoft Fabric: 1-Week Workshop: Ventagium Data Consulting's Analytics Roadmap Workshop helps organizations become data-driven by integrating disparate data sources, establishing an analytics strategy, identifying prioritized capabilities and solutions, and assessing the initial top priority capability and its related solutions with a definition of potential benefits, success criteria, deliverables, and implementation. [attachment=53304:name] Microsoft 365 Copilot - Extensibility Solutions: Microsoft 365 Copilot offers extensibility solutions for developers to customize the Copilot experience within Microsoft 365. Noventiq provides services to enhance the Copilot experience, including assessment, use case identification, implementation, and verification and transition. Noventiq's expertise in generative AI and large language models can improve Copilot's capabilities. [attachment=53305:name] Microsoft 365 Optimization: Microsoft 365 offers advanced device management, security, and online services for productivity, collaboration, and communication. However, unoptimized environments can lead to licensing, administrative, security, mailbox, and governance risks. This offer from Wanstor helps ensure proper licensing, user management, security measures, and governance policies to avoid these risks. [attachment=53306:name] Microsoft Copilot: 5-Day Workshop: Maximize your Microsoft 365 investment with Axians Digital Solutions' tailored consulting services for Microsoft Copilot. Our team assesses readiness, identifies use cases, provides training, establishes best practices, monitors and evaluates security and compliance, and helps optimize documentation and knowledge sharing. [attachment=53307:name] Microsoft Copilot for Security Rapid Onboarding Program: 4-Week Implementation: Tech One Global Philippines offers a rapid onboarding program for Microsoft Copilot for Security. Its process includes assessment, planning, implementation, testing, training, and continuous monitoring. The program provides customized solutions, expert guidance, and ongoing support to enhance an organization's security posture. [attachment=53308:name] Microsoft Teams Calling: 6-Week Implementation: This offer from Global Computing and Telecoms outlines a six-week plan for successful adoption of Microsoft Teams in an organization. It includes assessing network readiness, defining adoption goals, targeted communication, creating use cases, and engaging champions. The focus is on driving adoption through tangible use cases and peer recommendations. [attachment=53309:name] Windows 365 Proof of Concept: Microsoft Windows 365 is a cloud-based desktop and application platform that allows employees to work from anywhere while keeping the same desktop experience. Wanstor provides a solution to help organizations overcome the challenges of traditional IT management and embrace the benefits of Windows 365, including simplified onboarding, enhanced security, scalability, predictable costs, and automated patch management. [HEADING=2]Contact our partners[/HEADING] 180ops - Revenue Intelligence SaaS for B2B Enterprises 9Ways IX-FE ADS Data Exchange 01 ai-omatic - Digital Maintenance Assistant for Machines (SaaS Solution) AL Foundation App IT ARBENTIA fApptory AskAny - AI for Retails Automatic Import of F&O PDF Orders Biomass Solution Connector 365 E-Documents Validator FaceMatch Global Campus Grant Management Knowledge Management with AI LegalDesk for Outlook Levridge for Agriculture Localization Argentina for Dynamics 365 Business Central m+m Ext. Text Module with Production Order Job Overview Managed Detection and Response Services Powered by Sentinel and AIsaac MentorCloud Microsoft Copilot for Security Readiness Assessment: 4-Week Assessment Microsoft Copilot Readiness Minuba Connector Nextome PI Conteksto Power Insight Embedded Production Instructions Protrak Low-Code Application Platform Rezzy Showell for Dynamics Skysnag Protect Speechify AI Studio TPG ProjectPowerPack TruNorth Dynamics Power Platform Discovery VAX Transfer 365 App Verbamatic Workforce Optimization XpensePro Canvas App YoungWilliams Priya This content was generated by Microsoft Azure OpenAI and then revised by human editors. Continue reading...

FPCHF is mostly back. Still have to tidy up a few things.

Try these steps to see if it fixes the issue. Post back if that doesn't help.

You could try to get one on Electronics, Cars, Fashion, Collectibles & More | eBay or another site. Why would you. Windows XP is old and the minute it gets installed it gets infected. Windows XP was the most insecure version of Windows ever. If you really want to install Windows XP here is a link to download a virtual hard disk you install in VMWare or other virtualization software. https://windows-xp-mode.en.softonic.com/download

Is this an Epson printer giving you the error. If it is try this:

The openSUSE project is currently undertaking a brand refresh aimed at establishing a distinct identity from its parent company, SUSE. Community designers were invited to submit designs for an updated openSUSE logo, and a public vote launched to help the project narrow down the shortlist to potential winners (the ultimate victor will be decided by the project). With the finish line for the vote set for December 12th, the clock’s ticking if you want to cast your vote in helping shape the future brand appeal of this iconic Linux distribution. Subtle evolution: openSUSE’s logo hasn’t changed much in years Why does openSUSE want a new logo? As said, the project wishes to develop a brand identity that stands independently from SUSE, underlining the project’s distinctiveness within the open-source community. Or to quote openSUSE’s Douglas DeMaio directly: “The brands of both SUSE and openSUSE can oftentimes confuse people who don’t understand the relationship between the open-source company SUSE and the open-source community project openSUSE.” Think of it as aiming for an identity that is “less corporate, more community.” Karma chameleon: a handful of the many candidates After a winning logo is selected, there won’t be an immediate logo swap. Instead, the new logo will phase in gradually. The iconic “Geeko” lizard logo will continue to be used (there’s a lot of existing promotional materials with it on) during the transition period. Conservationists will be pleased to hear the iconic openSUSE chameleon isn’t about to go extinct. All of the 30+ logos available in the vote are creative variations of the much-loved lizard. So if you haven’t already done so, be sure to hop on board and make your voice count defining a new direction for this Linux distro! • Take the openSUSE logo survey The post You Can Vote for openSUSE’s New Logo – But Not For Long! is from OMG! Linux Continue reading...

My iPad is old. I am looking to upgrade. I waited for the new models to revealed. To me last years iPad with M3 looks like what I'll buy. Wasted a year waiting and will wind up with what I could have had. That's the first time that the iPad gets a processor that is faster than the Mac, isn't it ? Maybe M3 Max is still faster than the M4 but still, that's quite a revolution. What do you think ? Continue reading...

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217 Microsoft Edge Additional updates will be documented in the MSRC Security Update Guide CVE-2023-4863 and CVE-2023-5217 accordingly. You can register for the security notifications mailer to be alerted when updates are available, and when content changes are made to the CVEs. See Microsoft Technical Security Notifications and Coming Soon: New Security Update Guide Notification System. References Visit the Security Update Guide for information about CVE-2023-4863 and CVE-2023-5217 Continue reading...

Today, we are adding a new Security Advisory tab to the Security Update Guide to meet our customers’ needs for a unified and authoritative source for the latest public information about Microsoft security updates and issues. We are continuously listening to feedback from users of the Security Update Guide. Our goal is to find new and improved ways to help customers manage security risks and keep their systems protected. Continue reading...

The re-birth of FPCHF was derailed for a few days. Since I dusted off the cobwebs on the old servers from when the site first started way back in 2003 one of the drives failed. As it happened it was the drive that had all the data on it. I replaced the drive and the others as well, reinstalled the OS and started the data import. Please bear with me as I upgrade and fix things. I will keep you informed during the process of getting the site in tip top shape.

Introduction In this blog post, I would like to introduce you to packaging and patching your applications. You might have tried to manually package applications into Microsoft Intune before and also made sure to update an application. It takes a lot of time to prepare and test an application before deploying it. Microsoft has luckily come to the rescue and introduced Enterprise App Management! Let's take a closer look at it in this blog and see how it works. Security for Beginners course Would you like to expand your knowledge in the security world? I might have found the course for you. It's designed to help you get started with the fundamentals behind security. Take a look at the course right here. Cybersecurity for Beginners Enterprise App Management The Enterprise App Catalog is a new app type for Windows devices in Intune. The catalog contains applications based on the Win32 app type that you might have used before for application deployment. The catalog contains at this time, 100 prepackaged applications, this number is expanding over time. Some of the apps in the catalog are self-updating, which means that the application will automatically update when the vendor releases a new version. It's not all applications in the catalog that are self-updating. The applications that are self-updating have the below message displayed in Intune. Licensing for Enterprise App Management If you are thinking about utilizing the Enterprise App Management feature in Intune, you have to be aware of which license you have to use. There are two options available for you. Standalone add-on There is an option to buy the Enterprise App Management feature as a standalone add-on if you don't want to use the other features in Intune Suite. [*]Intune Suite If you would like to utilize more than the Enterprise App Management feature, you can take a look at the Intune Suite license. It includes features such as endpoint privilege management, advanced analytics, and more! If you are more curious about the options, I would highly recommend you take a look right here. Configuration Once you have acquired the license for Enterprise App Management, is it time to take a look at the exciting part - configuration! Head into our (at least my) favorite portal of them all, the Intune portal. Click on apps, and last but not least, all apps. 3. Once you are in the apps section, click Add. In the app type section, scroll down to the Enterprise App Catalog app. Make sure to click select, once you have clicked on the Enterprise App Catalog app. 4. As you can see now, we are in the machinery. This is where we can start configuring. Select an app from the catalog, in my case, I will pick 7-Zip. 5. I will click next and pick the configuration of the app. Once that's done, remember to click select. The options available for configuration can be different from app to app. Have you tried to deploy apps from Intune before? Remember all the fields that you have to fill out, before the application can be deployed? Microsoft makes sure to pre-populate a lot of the information in the Enterprise App Catalog. This includes the app and program information, as well as the requirements and detection rules for the application. If you are satisfied with the pre-populated information from Microsoft, you can simply press next through the tabs and deploy the application. Be aware that you can't make the assignments before the application has been created, so this has to be done afterwards. Conclusion Thank you for reading through this blog. I hope it gave you some insights on how Enterprise App Management works. In my opinion it makes the deployment of the applications more easier and faster. Microsoft Learn references Take a look below for official documentation for Enterprise App Management. Microsoft Intune Enterprise Application Management Do you want to get started with application management in Intune? Take a look at the training below. Understand app management using Microsoft Intune Continue reading...

Microsoft is headed to VMware Explore 2023 in Barcelona After seeing everyone in person at the Las Vegas VMware Explore event, we are even more excited for Barcelona! If you want to know about Azure, the work we are doing with VMware, or just have a great conversation, we’d love to talk to you so stop by our booth! This year we will have a bunch of sessions with Microsoft employees on stage, so if you're building out your schedule check them out: Microsoft Keynote: Transform your VMware Workloads with Microsoft Azure Speaker: Jeff Woolsey, Principal PM Manager, Microsoft Date/Time: Wednesday, November 8 @ 9:00 - 10:00 CET Jeff will share how customers can transform their on-prem VMware environments using Microsoft Azure. Keynote attendees will learn how to: Learn about everything that’s new in Windows Server 2022 and address end of support for Windows Server 2012 Use familiar VMware skills to migrate or extend your VMware environment to the cloud, including hybrid cloud options with Azure VMware Solution and Azure Arc Modernize hybrid work with Azure Virtual Desktop and Horizon Cloud Learn how Azure VMware Solution could be the ideal landing spot for those looking to migrate their SQL Server workloads to Azure, but still want to use Unlimited Virtualization In addition, here are some other Microsoft Azure-related sessions that we highly recommend for learning more about Azure and VMware: Day, Time, Topic Session Title Monday, Nov. 6 15:00-16:30 Azure VMware Solution Azure VMware Solution: Networking & Security Deep-Dive CEIT2450BCNS Tuesday, Nov. 7 11:30-12:00 Azure VMware Solution Meet the Expert Roundtable: Ask me anything about Azure VMware Solution CEIM2452BCNS Tuesday, Nov. 7 11:45-12:30 Azure VMware Solution Azure VMware Solution Lessons Learned: Designing, Migrating, and Operating CEIB2451BCNS Wednesday, Nov. 8 9:00-9:45 Azure VMware Solution Microsoft Executive Keynote: Transform your VMware workloads with Azure CEIB2488BCNS Wednesday, Nov. 8 10:15-11:00 Azure VMware Solution Azure VMware Solution: Migration on Steroids CEIB2547BCNS Wednesday, Nov. 8 11:30-12:15 Azure VMware Solution Pave the way to innovation with Azure, Azure Arc, Windows & SQL Server! CEIB2489BCNS Wednesday, Nov. 8 12:45-13:30 Azure VMware Solution Bring Azure to your VMware vSphere environment on premises and in the cloud CEIB2490BCNS Wednesday, Nov. 8 12:45-13:30 Azure VMware Solution Speed Your Azure Migration with the Latest Azure VMware Solution Features CEIB2033BCN Wednesday, Nov. 8 13:30-14:00 Azure VMware Solution Meet the Expert Roundtable: Ask me anything about Azure VMware Solution CEIM2453BCNS Wednesday, Nov. 8 14:00-14:45 Azure VMware Solution Extending Windows in the Cloud with VMware Horizon EUSB2491BCNS Wednesday, Nov. 8 14:00-14:45 Azure Virtual Desktop Radically Simplify Your Published App Architecture with Apps on Demand EUSB1594BCN During the event we will also have presentations in our booth at the bottom of every hour! Be sure to stop by! Continue reading...

We are happy to announce new content updates to Microsoft 365 Learning Pathways (M365LP), our free and customizable, on-demand training solution for September 2023. This update included five (5) new playlists for Microsoft Viva Engage, under the Microsoft 365 training section. The new playlists are below. Read our what’s new documentation here for more details. Get started with Viva Engage Communities Storyline Leadership Answers in Viva Campaigns Analytics Viva Engage Mobile App Microsoft Viva Engage playlists Since 2019, M365LP has been helping drive healthy usage and adoption of Microsoft 365 apps and services, providing customers with content streamed from Microsoft for key services such as Microsoft Teams, Office apps (e.g., Word, Excel, and PowerPoint), Planner and more. Once installed, this solution can be customized to your organization’s brand and service usage, custom playlists can be created for your own business processes, and the entire experience is configured in SharePoint Online to give you maximum familiarity and flexibility. Learn more about M365LP here. Microsoft 365 Learning Pathways, your customizable, on-demand training solution Our upcoming releases will include Viva Insights and Viva Topics in October and Viva Amplify in November. Use this new content and our upcoming releases as an opportunity to update your app and re-engage your users. On-demand, micro training is a great way to help people learn in the flow of work. Continue reading...

Today, we’re excited to announce that the new Outlook for Windows is generally available for personal accounts through the Microsoft Store on Windows 11 and the Sept. 26 Windows fall update. It’s a free app for Windows users designed to help you easily connect and coordinate your various email accounts and calendars in one place, with a sleek and modern interface. You can write clear, concise emails and get intelligent suggestions with built-in AI, seamlessly and securely attach important documents and photos to any note, and access OneDrive files and Office web apps without a subscription. Newly purchased Windows devices running Windows 11, version 23H2 or higher, and some devices upgrading to Windows 11, version 23H2, will also see the new Outlook pre-installed*. The new Outlook for Windows is already actively used by millions in preview stage, and remains in preview for commercial customers with availability to be announced at a later date. For years, Windows has offered the Mail and Calendar apps for all to use. Now Windows is bringing innovative features and configurations of the Microsoft Outlook app and Outlook.com to all consumers using Windows – at no extra cost, with more to come. For Microsoft 365 subscribers, there’s even more to enjoy on the new Outlook, including an ad-free inbox, additional mailbox and cloud storage, advanced security benefits, and premium features across Microsoft 365 apps. Streamline email & calendar in one app We are constantly trying to get things done so that we have time for the things that matter. As we move through our day, we schedule and track events and appointments on digital calendars while we communicate, confirm, and plan with others through email, whether it’s a child’s teacher, a hiring manager for a prospective job, or friends planning a trip. Microsoft Outlook is committed to meeting our ever-changing needs with email and calendars, so core to our modern way of living--at home, work or on the go. Whether your email service of choice is Outlook.com, Hotmail.com, Gmail, Yahoo, iCloud, or a provider that uses IMAP (or all of the above), you can use the new Outlook for Windows. Add your various accounts and see all your calendars in one view, and toggle between accounts to see your emails and contacts. Write better emails with AI With the new Outlook for Windows, you can write better emails with AI built into the app. Help keep your sentences concise and error-free with intelligent spelling and grammar checks. If you have a Microsoft 365 Personal or Family subscription, you will also get advanced AI writing tools via Microsoft Editor, providing suggested refinements for clarity, conciseness, inclusive language and more to make your emails polished and professional. Copilot and other advanced AI features will be offered for the new Outlook for Windows at a later date. Connect seamlessly to Microsoft 365 apps The new Outlook for Windows is designed to connect seamlessly with free Microsoft Word, Excel, and PowerPoint web apps with the click of a button, perfect for making quick edits and comments. You can even access and attach OneDrive files right from your inbox. It’s never been easier to find the documents you’ve been working on and share them securely with the new Outlook for Windows. Intelligent tools to keep you organized Another key improvement in the new Outlook for Windows compared to Windows Mail and Calendar is how it can help you stay on top of your day. Here is a sampling of these great features: With My Day view, you can see your upcoming calendar events and tasks anywhere in Outlook. Package delivery and upcoming travel dates are also automatically added to your calendar from your email confirmations, and view the weather forecast in your calendar at any time. You can pin emails to the top of your inbox so they are easy to find later, snooze emails to temporarily hide them and then have them reappear when you’re ready to respond, and get reminders to follow up on important conversations. Schedule email sends to deliver at the best time for the recipient, or undo a sent email within ten seconds. Use the sweep function to clean up your inbox quickly by setting advanced inbox rules for incoming mails. Customize your inbox to your personal style The new Outlook for Windows allows you to customize your viewing experience to ensure you are getting the Outlook view you want – based on your mood and style. Choose from over 50 themes and 150+ fonts and customize how many emails you want to see in your inbox with roomy, cozy, and compact view options. Also included for all users of the new Outlook for Windows, is spam and malware filtering. Those who purchase a Microsoft 365 Basic, Personal, or Family subscription will also get advanced security benefits** like end-to-end message encryption. For complete details, visit the new Outlook for Windows page. Millions of people are already using the new Outlook for Windows every day by installing from the “Try the new Outlook” toggle button in the Mail or Calendar app. That toggle is still available today, or we invite you to download through the Microsoft Store on Windows 11 or enjoy on your new Windows 11 device*. * New Outlook for Windows is available on all Windows builds >23H2. Note in some cases you may not get the new Outlook pre-installed. **Applies to Microsoft email accounts (Outlook.com, Hotmail.com, Live.com, and MSN.com) Continue reading...

Support for restoring database backups from Amazon S3 to Azure SQL Managed Instance (MI) is now Generally Available (GA)! This feature offers users a flexible way of restoring backups and makes database migration to Azure SQL Managed Instance easier. Dive into this post to understand the scope and benefits of this new feature. Background In September last year SQL server 2022 introduced new feature – backup and restore to simple storage service (S3) – compatible object storage that grants the user the capability to back up or restore their databases using S3-compatible object storage, whether that be on-premises, or in the cloud. To provide this integration Azure SQL MI is enriched with a new S3 connector, which uses the S3 REST API to connect to Amazon S3 storage. It extends the existing RESTORE FROM URL syntax by adding support for the new S3 connector using the REST API. Prerequisites for the Amazon S3 endpoint The S3 endpoint must be configured as follows: A user (Access Key ID) has been configured and the secret (Secret Key ID) for that user is known to you. You need both to authenticate against the S3 endpoint. At least one bucket with a .bak file has been configured. Prerequisites for Azure SQL Managed Instance The Azure SQL Managed Instance must be configured as follows: User must have permissions to connect to Azure SQL Managed Instance and run T-SQL scripts to perform restore operations. Network Security Group (NSG) must have outbound security rules set to allow TCP protocol on port 443 to Any destination. Make sure other network security rules in tools such as Network Manager/Azure firewall, and similar, are not blocking outbound traffic. How to restore from S3 bucket via T-SQL In this example we will show how to restore .bak file(s) from AWS S3 bucket. 1. Make sure you have the right file path from Amazon S3 The easiest way to get a proper S3 URL of a .bak file you want to restore to Azure SQL MI is to navigate to S3 bucket and specific folder where .bak files are located. Now select a .bak file and click “Copy URL“ to copy correct URL. Copying S3 URL Keep the copied URL handy. Pro tip: if you use Windows you can use Windows logo key + V to see clipboard history. 2. Create credential First navigate to T-SQL query editor of your choice and connect to the Azure SQL Managed Instance. To restore from S3 bucket first you need to set up a credential to retrieve files from S3 bucket. To do so follow the next template and choose one of these two file path options: -- Option 1 CREATE CREDENTIAL [s3://./] WITH IDENTITY = 'S3 Access Key', SECRET = ':'; -- Option 2 CREATE CREDENTIAL [s3:////] WITH IDENTITY = 'S3 Access Key', SECRET = ':'; Make sure you always use the path in your restore command as it is defined in your credential. This is the "real" credential we'll use in our example: CREATE CREDENTIAL [s3://realbucket.s3.us-east-2.amazonaws.com/TestFolder] WITH IDENTITY = 'S3 Access Key', SECRET = 'REAL_ACCESS_KEY'; 3. Test credential After having credentials set, now is the moment to perform test on the backup file stored on AWS S3 bucket. We can do this by performing `RESTORE HEADERONLY`. RESTORE HEADERONLY FROM URL = 's3://realbucket.s3.us-east-2.amazonaws.com/TestFolder/TestBackup.bak'; After running this script you shall be able to see the results from reading a backup header as following. Test results 4. Restore database from single .bak file on S3 If you have received results, that means now you have everything prepared for performing the native restore from S3 bucket. The script for performing restore operation from the S3 endpoint location looks like this: RESTORE DATABASE FROM URL = 's3:////.bak' You can also use "Option 1" URL with bucket name in front. In our example below with "real" URL, we use option 1 since that one matches our credential. RESTORE DATABASE [DB1] FROM URL = 's3://realbucket.s3.us-east-2.amazonaws.com/TestFolder/TestBackup.bak'; Note: You cannot have your database pre-created. When performing a native restore Azure SQL Managed Instance will create a database on your behalf. This is general limitation, it is not S3-specific. 5. (Optional) Restore from multiple .bak files on S3 You can also perform a native restore from multiple .bak files located in AWS S3 just by simply adding multiple URLs, like usual. Follow the next template to perform this: RESTORE DATABASE FROM URL = 's3:////_01.bak' , URL = 's3:////_02.bak' , URL = 's3:////_03.bak' -- ... , URL = 's3:////_64.bak' Note: Limit is 64 files, and this works for both filepath options. If you receive any error, you can check best practices & troubleshooting page. How to restore from S3 bucket via SSMS If you use SSMS 19.1 or later, you can also utilize restore wizard. Once you are connected to Azure SQL Managed Instance, do a right click on databases and click on “Restore Database” item. Opening SSMS' restore database wizard This will lead you to restore wizard where you can add S3 URLs to your backups and make sure you also populate details about credentials. SSMS Restore Database wizard to restore from S3 URL When restoring a database via SSMS wizard, be aware that it will read DatabaseName field from .bak file and will prepopulate destination database name. Make sure you do not have already created a database with the same name or change the database destination name. After the completion of restore you will receive a popup that will let you know it has been successful. You can also restore from multiple .bak files in SSMS as well. Conclusion In this blog post we have outlined the steps to retrieve the file path from S3 and the methods for restoration via T-SQL and SSMS, along with key prerequisites. Backup to S3 is currently not supported, but feel free to nominate it on Azure SQL Ideas forum. If you find this guide useful, please share it with others who might benefit. Happy restoring! Related articles RESTORE (Transact-SQL) - SQL Server | Microsoft Learn Automated backups in Azure SLQ Managed Instance | Microsoft Learn Backup & restore with S3-compatible object storage - SQL Server | Microsoft Learn SQL Server backup to URL for S3-compatible object storage - SQL Server | Microsoft Learn Release notes for SQL Server Management Studio (SSMS) | Microsoft Learn Back up to URL best practices & troubleshooting for S3-compatible object storage - SQL Server | Microsoft Learn Continue reading...

We are pleased to announce the security review for Microsoft Edge, version 116! We have reviewed the new settings in Microsoft Edge version 116 and determined that there are no additional security settings that require enforcement. The Microsoft Edge version 114 security baseline continues to be our recommended configuration which can be downloaded from the Microsoft Security Compliance Toolkit. Microsoft Edge version 116 introduced 8 new computer settings and 8 new user settings. We have included a spreadsheet listing the new settings in the release to make it easier for you to find them. As a friendly reminder, all available settings for Microsoft Edge are documented here, and all available settings for Microsoft Edge Update are documented here. Please continue to give us feedback through the Security Baselines Discussion site or this post. Continue reading...

We are happy to share new updates to OneNote Android app. You can now capture notes at the speed of your thought with a refreshed notetaking canvas – that is easy to use and has a lot of new editing capabilities that you have been asking for. In this blog post we will cover updates of the following features - Contextual Command Bar optimization Additional capture modalities (using + button) Real time note sharing Insert shapes in ink mode Insert tables Update font color and style Update page color and style 1.Command Bar optimization - All the text mode commands you need, such as checklists, bullet lists and text formatting, are available to you as you start typing a new note. These commands are dynamically brought on the fore front, as per the usage pattern to ensure you only see what’s important to you. 2.Additional capture modalities (using ‘+’ icon) - Introducing streamlined approach for quick capture and switching between different notes formats. Capture text, images, voice, ink, URLs, tables, attachments and annotate them all in one convenient note. Save time and reduce cognitive load with ‘+’ icon on your command bar. 3.Real time note sharing - Click on the three-dot menu on the top right to access note level actions. You can now apply a page style, file the note to a different notebook, add the note to your home screen, delete, share your note in real time, enhancing collaboration and knowledge sharing and more. 4.Insert shapes in ink mode - Tap the ‘+’ icon on the top right to switch to ink mode. Select the newly introduced shapes icon to view a list of all the shapes you can add to your notes 5.Insert tables - As you are typing a note, click on the table icon within your contextual command bar. By default, a 3X3 table will be inserted into your note, but you can add or delete rows/columns as per your need 6.Update font color and style - Let your notes reflect your style and personality. Tap on the text formatting option within your contextual command bar and select the fonts icon. You can change the style, color and size of your text, heading as per your choice to format your notes. 7.Update page color and style - Tap on triple dot menu to get page color option. Tap on the button, access a range of page color options, select the perfect hue to set the mood or choose from rule lines to enhance the structure of your notes We’d love to hear from you! We’re excited about the future of OneNote and look forward to hearing your feedback to make OneNote the best place for your notes. Please continue to tell us what you think through the in-app feedback and in the comments below! Be sure to join our Tech Community to stay up to date with the latest. Follow OneNote Blog and connect with us on Facebook and Twitter for regular product updates. Continue reading...

Ubuntu Server is one of the most popular Linux distributions in the cloud. While many Azure customers are happy with Ubuntu Server as a free, community-supported distribution, Microsoft recommends you consider Ubuntu Pro for enhanced support from Canonical, including live kernel patching and extended security updates for more than 25,000 packages for 10 years. Customers may also benefit from switching to Ubuntu Pro to continue receiving support on images that have reached the end of support (Ubuntu Server 18.04 reached end of support on 31 May 2023). Today, in collaboration with Canonical, we are making it even easier to adopt Ubuntu Pro with the new support for in-place migration without the need to redeploy your VM or schedule a maintenance window. Azure is the first cloud to offer in-place upgrade from Ubuntu Server to Ubuntu Pro with zero downtime, saving you time and resources and minimizing disruption. "Through our strategic partnership with Azure, we demonstrate our shared dedication to delivering robust cloud solutions that prioritize security, compliance, and longevity. This partnership streamlines operations and makes the adoption of open-source software on Azure straightforward and effortless" - Alex Gallagher, VP of cloud. You can convert your Ubuntu Pro via command line (CLI) in a few simple steps. As an example, run the following with the Azure CLI: # The following will enable Ubuntu Pro on a virtual machine az vm update -g myResourceGroup -n myVmName --license-type UBUNTU_PRO And the following commands in the instance that you have converted: sudo apt install ubuntu-advantage-tools sudo pro auto-attach You can check that Ubuntu Pro is enabled on your instance by running: pro status -all --wait Note the “Subscription: Ubuntu Pro” and that both “esm-infra” and “esm-apps” services have a status of “enabled”. You can also use the --license-type UBUNTU_PRO option shown above during VM creation (az vm create) for a new instance with Ubuntu Pro or a new instance with Ubuntu Pro enabled from launch (on Ubuntu 16.04 and 18.04 you will also need to run the in-instance commands above). Please note that you will be charged by Microsoft for Ubuntu Pro as part of the Preview. Pricing for Ubuntu Pro starts at $0.01/hour. Combined with the recently announced enhanced security awareness through Azure Guest Patching Service (AzGPS), Ubuntu users on Azure now have a comprehensive system to identify Ubuntu instances running older releases that would benefit from Extended Security Maintenance plus a straightforward mechanism to attach Ubuntu Pro to gain access to it. Get Started Visit our documentation to get started with upgrading from Ubuntu Server to Ubuntu Pro on your existing Azure Virtual Machines. You can also read Canonical’s blog to learn more about the benefits of Ubuntu Pro. Continue reading...

Introduction Misconfigurations are common entry points for attackers. Cloud misconfigurations occur when cloud resources are set up with incorrect or insecure settings, leaving them vulnerable to exploitation. Misconfigurations can lead to sensitive data being exposed to the public internet, unauthorized users, or can open up unnecessary ports, services, or permissions that attackers can exploit. Proactive security management for cloud misconfiguration is essential to maintaining a strong security posture. In this blog, I will walk through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly. Proactively secure your AWS resources Prerequisites: To protect resources in Amazon Web Services (AWS), you need to set up the connection between your AWS account and Microsoft Defender for Cloud. Please refer guidance here Defender for Cloud uses AWS environment context to perform a risk assessment of your security issues. Enabling Defender CSPM Plan on your AWS Connector is a mandatory prerequisite to experience contextual security capabilities including Attack Path Analysis, and Cloud Security Explorer. Learn more about the cloud security graph, attack path analysis, and the cloud security explorer. Use case Scenarios: The following fictitious scenarios will help you to understand how this capability can assist you to proactive secure your AWS resources. Keep in mind that while these are fictitious scenarios, they are based on real-world situations that our customers face while trying to protect their multicloud resources.   Scenario 1:  Contoso Bank is using Amazon S3 to store sensitive customer data, financial records, and proprietary business information. They have set up a private S3 bucket called "PrivateDataBucket" to store this data securely. The bucket is configured with strict access controls, and data is intended to be accessible only to authorized personnel. Contoso Bank’s data engineering team decides to set up a data replication process to facilitate data analysis. They intend to replicate data from the "PrivateDataBucket" to another bucket for processing. During the setup of the data replication process, instead of configuring the replication to another private S3 bucket, the team mistakenly selects a public S3 bucket named "PublicDataBucket" that is accessible to the Internet. Using Defender CSPM attack path analysis, the data engineering team can identify this scenario and remediate the risk. The attack path “Private AWS S3 bucket replicates data to internet exposed and publicly accessible AWS S3 bucket” shows the misconfiguration and the potential impact as shown below: While the risk involved here is Sensitive Data Exposure, this is a result of data replicating to Internet exposed and publicly accessible S3 bucket. Insights on the target S3 bucket provides more information about the misconfiguration, as shown below: The remediation step suggests reviewing replication and S3 bucket public access settings to minimize the exposure of data publicly, as shown below: Scenario 2:  Datum Corporation’s IT Admin team is responsible for managing several applications hosted on AWS EC2 instances. The team wants to implement an automated backup and restore solution for their databases, ensuring data durability and disaster recovery capabilities. The administrator creates a script that runs on the EC2 instances to initiate automated backup and restore operations at specified intervals. The administrator creates an IAM role with AdministratorAccess to access all the AWS services and associates the IAM role with the EC2 instance. When an AWS EC2 instance has permissions to an AWS account, it means that the instance has privileges to access other AWS resources within that account. A misconfigured IAM role could lead to over-permissioning, where the instance has access to more resources and actions than it needs. This can expose unnecessary attack surfaces. By leveraging Defender CSPM attack path capability, the IT Admin team can gain visibility about the potential risk by reviewing the attack path called “Internet exposed EC2 instance has high severity vulnerabilities and high permission to an account”. The potential impact in this scenario is that a threat actor could exploit the vulnerabilities on the EC2 instance, gain remote code execution, and use its permission to manage the account - create resources, delete resources, and move laterally to additional resources. The possible risk is account takeover and compute abuse. Defender for Cloud calculates effective permission of identities and helps you understand what resources your identities can access. In this scenario, EC2 instance has 'AmazonSSMManagedInstanceCore', 'AmazonEC2ContainerRegistryReadOnly', 'AmazonEKSWorkerNodePolicy', permissions to account. The Insights tab on the EC2 instance provides details about the EC2 instance reachable from the internet, has high severity vulnerabilities allowing remote code execution. The remediation steps suggest granting permission at the resource level and not at the account level, as shown below: Scenario 3:  Fabrikam Inc hosts a critical application on an Amazon EC2 instance, and this application requires access to encrypted data stored in Amazon S3. To securely retrieve and decrypt this data, the EC2 instance is granted read permissions to a dedicated AWS KMS key. By granting the EC2 instance read permission to the KMS key, the organization ensures that sensitive data remains encrypted and secure both at rest and in transit. A high severity vulnerability was detected on the EC2 instance, which could potentially be exploited by attackers to gain unauthorized access to the system. If an attacker gains access to the EC2 instance and its associated read permissions for the KMS, they could extract sensitive cryptographic keys. This could result in the compromise of encrypted data across the organization's infrastructure. Defender CSPM identifies the attack path “Internet exposed EC2 instance has high severity vulnerabilities and read permission to a KMS” and the potential impact could be stealing credentials from the Key Management Service (KMS). The EC2 instance has IAM role attached with 'AmazonSSMManagedInstanceCore' permission via IAM policy to AWS Key Management Service (KMS) key. The Insights gives details about the EC2, such as the fact that it is reachable from the internet, and has high severity vulnerabilities allowing remote code execution as shown below: The Remediation steps suggest hardening the internet exposure to the minimum required, as shown below: For more detailed list of the attack paths, connections, and insights you might see in Microsoft Defender for Cloud Reference list of attack paths and cloud security graph components - Defender for Cloud | Microsoft ...  Conclusion Mitigating risks using Attack path analysis is not a one-time activity. It involves continuous monitoring of Attack paths. Security teams can regularly analyze new misconfigurations introduced during changes to the environment. Incorporating attack path analysis into your security strategy helps security teams stay ahead of potential security misconfigurations in AWS environments. Additional Resources Please refer the resources below to learn more about these capabilities: Microsoft Defender for Cloud Security Posture Management (Video) Identify and remediate attack paths Reference list of attack paths and cloud security graph components Public Lab: Contextual Security capabilities for AWS using Defender CSPM Reviewers Or Serok Jeppa, Senior PM Lead, Microsoft Defender for Cloud Yuri Diogenes, Principal PM Manager, CxE, Microsoft Defender for Cloud Continue reading...

Google typically releases a new Android version annually during the late third or early fourth quarter of the calendar year. They also require that apps uploaded to the Google Play Store are optimized to run on at least the previous year’s API version by mid-fourth quarter. API versioning is the practice of managing changes to an API to prevent breaking changes. Android 14 is soon expected to be releasing by Google. Our Microsoft Intune app protection policies (APP) and mobile device management (MDM) teams have been working hard to make sure Microsoft Intune customers are supported on the new operating system (OS) release. In this post, we’ll share some of what we’ve found from testing the latest Android beta builds and highlight other noteworthy changes that are coming with this release. We’ll update this blog post if new items are discovered during our continued testing. We also encourage you to read through Google’s Android 14 change documentation, and the Google article, Behavior changes: Apps targeting Android 13 or higher, to identify other changes that may be relevant to your organization. Keep us posted on what APP and MDM learnings you find from your testing too! Versioning vs targeting Day zero support refers to supporting the new Android OS version and API targeting. New Android OS versions are released every year, first on Google Pixel devices and later by various OEMs as they build out support. This year, the latest OS version is Android 14, and is expected to be available soon. API targeting is set within client apps. Google mandates that apps must target the two most recent versions to be approved in the Play store. This year, we’re targeting API 33 (Android 13) with support beginning in August 2023. Throughout this post, you may see changes attributed to either Android 14 readiness or API 33 targeting readiness. It’s important to note their differing release dates. Android 14: Updates to the Exact alarm permission on Managed Home Screen (MHS) When configured by admins, MHS uses the Exact alarm permission for configurations, which require action at an exact time. Currently, MHS uses this permission to automatically sign users out after a set time of inactivity on the device, to launch a screen saver after a set period of inactivity, and to automatically relaunch MHS after a certain period of time when a user exits kiosk mode. For devices running Android 14 and higher, by default, the Exact alarm permission will be denied. In order make sure critical functionality continues to work, users will be prompted to grant Exact alarm permission upon first launch of MHS. Targeting API 33: Changes to Android notification permission prompt behavior There are changes to how Android apps handle notification permissions to align with recent changes made by Google to the Android platform. Notification permissions will be granted to apps as follows:  On devices running Android 12 and earlier: Apps are permitted to send notifications to users by default.    On devices running Android 13 and later: Notification permissions vary depending on the API the app targets.    Apps targeting API 32 and lower: Google has added a notification permission prompt that appears when the user opens the app. Management apps are still be able to configure apps so that they're automatically granted notification permissions. Apps targeting API 33 and higher: App developers define when the notification permission prompts appear. Management apps are still be able to configure apps so that they're automatically granted notification permissions. Admins and users can expect to see the following changes once we begin targeting API 33: Managed Home Screen: In previous versions of Managed Home Screen, when an admin had enabled automatic relaunch of Managed Home Screen, a push notification was displayed to alert users of the relaunch. To accommodate changes to notification permission, in the scenario when an admin has enabled auto-relaunch of Managed Home Screen, the application will now display a toast message alerting users of the relaunch instead of a push notification. Managed Home Screen is able to autogrant permission for this notification, so no change is required for admins configuring Managed Home Screen to accommodate the change in notification permission with API 33. Company Portal used for work profile management: In the personal instance of the Company Portal, users will see a notification permission prompt when they first open it. In the work profile instance, users won’t see a notification permission prompt as the notification permissions will be automatically permitted. Users will be able to silence app notifications in the Settings app. Company Portal used for device administrator management: Users will see a notification permission prompt when they first open the Company Portal app and will be able to adjust app notifications in the Settings app.   Microsoft Intune app: No changes to existing behavior. Users will continue to not see a prompt because notifications are automatically permitted. App notifications can be adjusted in the Settings app. Microsoft Intune app for Android Open Source Project (AOSP): No changes to existing behavior. Users will continue to not see a prompt because notifications are automatically permitted. Users are unable to adjust app notifications in the Settings app. How can you reach us? Keep us posted on your Android 14 and API 33 experience through comments on this blog post or through Twitter @IntuneSuppTeam, and request any new features through our Intune Feedback Portal. We’ll update this post with any additional information we learn as testing continues, and when Android 14 releases. Continue reading...

Microsoft Edge for Business, the new, dedicated work experience currently in preview for the Microsoft Edge browser, is planned to be released with Microsoft Edge stable version 116 (scheduled for the week of August 17, 2023). All customers who sign into Edge using Microsoft Entra ID (formerly Azure Active Directory) will automatically be transitioned to Microsoft Edge for Business as part of the release. What to expect with Microsoft Edge for Business: Policies, settings, and configurations previously set by an organization and its Entra ID connected users will be automatically transitioned to Edge for Business. IT maintains full control over policy and feature management and configuration with Edge for Business. The icon will be updated to include a briefcase. An optional personal browsing window, Microsoft Edge, is enabled so users with a personal profile can separate their work and personal browsing and take advantage of the full feature set of Edge for personal use. This will also enable automatic switching from the personal to work browser window when work sites are accessed. The personal browser window is lightly managed, with IT maintaining control over security, compliance, and update policies. From the beginning, Microsoft Edge was designed with the specific needs of businesses and organizations in mind, with enterprise grade security, productivity, management, and now AI, built in. Microsoft Edge for Business is the next step in the journey to deliver the best browser for business across desktop and mobile, with enhanced separation of work and personal browsing, unmanaged device support, and more coming soon. General Is this a new browser?  No, this is not a new browser. This is a new, dedicated Microsoft Edge experience built for work that enables organizations to configure it to maximize productivity and security. It has the same functionality that you’re already familiar with in Microsoft Edge in addition to optional automatic switching built to help meet the evolving needs of users and businesses. Signing in with Microsoft Entra ID will automatically enable Microsoft Edge for Business.    How is Edge for Business differentiated from regular Microsoft Edge?  Microsoft Edge for Business is a dedicated work browsing experience. It’s distinguished through visual elements such as an adjusted icon and other minor visual cues.    IT maintains full control over policy and feature management and configuration with Edge for Business. Meanwhile, Microsoft Edge is lightly managed, with IT maintaining control over security and compliance policies of the personal browsing window. With users separating their work and personal browsing and content, personal data can be excluded from enterprise sync in the work browser window, giving users the privacy they want.   What benefit does Microsoft Edge for Business provide?  For IT, Microsoft Edge for Business can reduce the surface area for cyberattacks, heightening the organization’s security posture, since it offers the opportunity to streamline down to one browser for all use cases. For end users who are signed in with work and personal profiles, Edge for Business can provide a better browsing experience with automatic switching, which has security and privacy benefits. Does Microsoft Edge for Business require a separate download?  No. Microsoft Edge for Business is automatically triggered by signing in with a Microsoft Entra ID.   User experience What will the user experience be when Edge for Business becomes available? After Edge stable version 116 release is deployed, and the browser is restarted: The Microsoft Edge icon will be updated to the Edge for Business icon When the user launches Edge for Business, Microsoft Entra ID users will automatically be signed in A one-time banner will appear at the top of the browser after first launching Edge for Business informing the user of the change with a link to learn more What impact will the change to Edge for Business have on users? Users who are only signed in with Microsoft Entra ID After Edge stable version 116 release is deployed, and the browser is restarted, all users who sign in with Microsoft Entra ID will be transitioned to Edge for Business. Edge for Business inherits all configurations and policies previously set for Microsoft Edge, so the main difference users will see at this time is the Microsoft Edge for Business icon and a new location for their profile photo. Users who are signed in with both Microsoft Entra ID and Microsoft Account (MSA) Users who are also signed in with a personal profile (using their Microsoft account (MSA)) can experience automatic switching between their work browser window (Microsoft Edge for Business) and their personal browser window (Microsoft Edge). With the Edge stable version 116 release: Switching from the personal browser window to the work browser window will be on by default with the option to turn off by the user Switching from the work browser window to the personal browser window will be off by default with the option to turn on by the user. Switching from the work browser window to the personal browser window will be default on in future versions of Edge for Business. To turn on/off automatic switching, visit Edge settings and toggle on/off “Automatic profile switching”. Work-related sites, such as Microsoft 365 apps and services and sites requiring work login, automatically open in the work browser window. A growing set of popular sites open in the personal browser window once enabled by the user in Edge settings. Users can designate additional sites for work or personal use in settings. (Note: user site designation cannot be overwritten by IT administrators at this time.) What happens to favorites, passwords, etc.?  Passwords, favorites, and data currently associated with the user’s work profile will be maintained in Edge for Business. Passwords, favorites, and data are not shared between the work browser window and the personal browser window.  What impact will this cause to my default browser settings? There is no impact to users' default browser settings.  Will users see both the Edge and Edge for Business icons on the taskbar? Users that are only signed in with Entra ID will see the Edge for Business icon and not the Edge icon. Are there materials I can share with my end users to prepare them? Yes! A downloadable email draft is available and is linked at the bottom of this post.    IT management and controls Will all policies and configurations previously set by IT be applied to Edge for Business? Yes, all policies and configurations currently in place will be inherited by Edge for Business. What controls will IT admins have? IT maintains control over the security and compliance posture of both Microsoft Edge and Microsoft Edge for Business. Edge is lightly managed, with users able to access all features, while in Edge for Business, IT can control which features are available to users. IT admins can disable the personal browser window so that their users can only access Edge for Business. Please note that in this case, users will not be able to use Microsoft account based personal profiles and will not experience automatic switching between work and personal browsing.    What policies will be enabled in the personal browser window? The Microsoft Edge personal browser window is lightly managed, with all security, compliance, and Edge update policies applied, without the additional overhead of managing another browser. To learn more, please visit this site. How does my organization turn off the personal browser window? To turn off the personal browser window, please follow the steps listed in this document.    Does Edge for Business support unmanaged devices? Yes, Edge for Business includes support for unmanaged devices, currently available in preview. Please use these steps to access this preview. Is Edge for Business available on mobile? Yes. Edge for Business on mobile is built with enterprise grade security, productivity, management, and now AI, built in. An updated icon, automatic switching, and management via Edge management service in the Microsoft 365 admin center will be available for Edge for Business on mobile the future. Can anyone with a Microsoft Entra ID (formerly known as Azure Active Directory) can get Microsoft Edge for Business?  Microsoft Edge for Business will be the standard experience for all users with a Microsoft Entra ID. Will my sites and apps that work in Microsoft Edge work in Microsoft Edge for Business? Yes, sites and apps that currently work in Microsoft Edge will work in Microsoft Edge for Business. Are there any functional changes to the Entra ID profile? No. There are not any functional changes to the Entra ID profile. Automatic Switching How do I switch between the Microsoft Edge for Business browser window and the Microsoft Edge browser window?  With the Edge stable version 116 release, URLs entered into the personal browser window that are for work-related sites, such as Microsoft 365 apps and services and sites requiring work login, will automatically open in the work browser window. Do I need to enable automatic switching? With this release, switching from the personal browser window to the work browser window will be on by default with the option to turn off by the user. Switching from the work browser window to the personal browser window will be off by default with the option to turn on by the user. This will be enabled by default in a future release. To turn on/off automatic switching, visit Edge settings and toggle on/off “Automatic profile switching”. Are the work and personal browser window connected? The work browser window (Microsoft Edge for Business) and personal browser window (Microsoft Edge) will have their own separate caches and storage locations, so information stays separate. This feature does not create any link between the user's Microsoft Entra ID account and their MSA account, and the organization settings related to linking work and personal accounts are unaffected. There are no functional changes to the Entra ID profile. How does a user customize the work and personal URL list? To designate sites to open automatically in the work and personal browser windows, go to edge://settings/profiles/multiProfileSettings and select “Choose preferred browser for sites” to turn off or select a preferred profile for the applicable site. Is there a group policy to customize the work and personal URL list? Not at this time.   Is there a group policy to turn on/off automatic switching? At this time, only users will be able to turn switching between work and personal browser windows on and off. For organizations that do not want automatic switching or personal profile usage, there is a group policy to turn off multiple profiles. Is there a group policy to add sites to the site list? Not at this time. When the user switches between work and personal browser windows, are they logged out of sites and apps?  No, switching between the work and personal browser windows will not log the user out of sites and apps.     How do I adjust which browser window a site is opened in? There are two ways to change which browser window is used to open a website:  Click the Switching icon, pictured below, to switch back to the preferred browser window. This action makes the browser remember your choice for that URL. Go to edge://settings/profiles/multiProfileSettings and select “Choose preferred browser for sites” to turn off or select a preferred profile for the applicable site. Continue reading...

Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. Defender for Storage helps prevent the three major impacts on your data and workload: malicious file uploads, sensitive data exfiltration, and data corruption. Malware Scanning is its latest feature. Defender for Storage is part of Microsoft Defender for Cloud, a CNAPP solution. Malware Scanning in Defender for Storage Enabling Malware Scanning at scale is easy and simple, requires zero maintenance, and supports automated responses at scale. You can enable it with an Azure built-in policy (recommended), IaC templates such as Bicep and ARM, REST API, or the Azure portal UI to enable at scale. Malware protection is old news, but protecting your non-compute resources from malware still proves to be difficult Compute vs. non-compute malware protection: The malware distribution challenge is not new. Traditionally, endpoint detection and response (EDR) solutions solve this problem for compute resources such as VMs and containers. However, non-compute resources such as storage are much harder to protect against malware - they do not have a compute layer to run antimalware tools, installing an EDR on them is impossible. While non-compute resources cannot be infected by malware (because it cannot be executed in a non-compute environment), cloud storage resources are central hubs of data that downstream consumers tend to trust. This means that storage can be a gateway and distribution point to malware into your org or to 3rd parties and consumers. Untrusted content uploaded to cloud storage could be malware. Without verifying that incoming files are free of malicious content before they’re uploaded, storage accounts can become a malware entry point into the organization and serve as a point of distribution to the environment. This is because your storage accounts are data hubs and are typically a convenient place to upload content to, and have many downstream consumers pull the data and transform it. The malware could be distributed downstream to consumers in multiple copies. If the malware finds a host to run on – the impact could be game over. It could lead to data loss or corruption, steal sensitive data and authentication tokens, and present opportunities for potential ransomware attacks. It’s common for these attacks to damage the reputation of organizations and cause significant harm, regulatory fines, and compliance issues, making the protection of non-compute resources a challenging yet crucial aspect of cybersecurity. That’s why top compliance standards, such as NIST, SWIFT, and UK Government protocols, as well as security best practices, require scanning files in cloud storage before human users or applications access them. Traditional approaches to addressing the cloud storage malware protection challenge have scalability and privacy issues. Some popular approaches are sending files to a VM that runs antivirus, like open source ClamAV or by EDR providers, or running SaaS solutions that are not tailored to PaaS and IaaS. The main issue with these systems is they don't scale well, require too many resources, rely heavily on multiple copy jobs and complex networking, and keep you waiting a bit too long before they start scanning, creating hiccups in your apps and workflows. In most cases, they'll have you tangled up in intricate networking and juggling data management tasks, adding to your IT team's workload. The enablement friction and resource scaling maintenance is cumbersome, creates overhead, and leaves too much room for error. Unfortunately, these solutions fail to scale up as needed, and instead of protecting, they might increase the attack surface because of the data flow and resources. So, we end up needing even stronger security measures. An alternative approach to address these challenges involves sending files, or their signatures, to external third-party services for malware detection. The key drawback of such solutions is their inherent requirement to move your potentially sensitive data outside your existing environment, crossing regional and cloud boundaries. This is a compliance and privacy issue that exposes your data to potential leaks and breaches and places it beyond your control. A modern, private, and scalable approach that helps protect your cloud storage from malware, built for high-compliance industries Malware Scanning in Defender for Storage offers built-in and agentless detection with zero maintenance. As soon as a file is uploaded to a storage account, Malware Scanning will immediately read the uploaded content, scan it out of band, and detect polymorphic and metamorphic malware in near real-time. If a file is determined as malicious by the Microsoft Defender Antivirus engine, access to the file can be blocked, the file can be quarantined or deleted, and the scan result will automatically trigger a security alert in Defender for Cloud or other workflows, so your SOC analysts have full context on the malicious findings. To maintain maximum privacy, the regional malware scanning engine never retains the content of the files, and the data is never centralized. Files are scanned "in-memory" and are never stored in the Malware Scanning engine. Malware Scanning occurs within the same region of the storage account. In some cases, when a file is suspicious, and more data is required, the Malware Scanning engine may share metadata outside the scanning region, including metadata classified as customer data (e.g., SHA-256 hash), with Microsoft Defender for Endpoint, leveraging its powerful Cloud Protection features. Supporting fully-fledged features with granular cost control at the feature level The Malware Scanning capability within Defender for Storage was built with flexibility and cost management in mind. It allows enablement either at the subscription level or at the resource level while offering the ability to exclude individual storage accounts from protection. You can control and cap your costs. The pricing of Malware Scanning is based on the number of gigabytes (GB) of data scanned. For granular cost control, there's an option to set a monthly limit on the volume of data scanned per storage account per month. This limit can be set for the entire subscription or for each individual storage account. Once the set limit is reached in a month, the scanning process halts to prevent additional costs. You will be alerted when nearing the cap, and when crossing it. The default cap for the recommended enablement methods is 5TB per storage account per month. You can also choose to enable logging for every scan result (including clean files) for compliance needs. A hands-on lab to try out Malware Scanning in Defender for Storage We recommend you try the Ninja training instructions for detailed step-by-step instructions on how to test Malware Scanning end-to-end with setting up responses to scanning results. This is part of the 'labs' project that helps customers get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience with its capabilities. Common use cases In the last two years, we’ve worked with customers who’ve used the beta version of Malware Scanning and helped design it. During that process, we’ve learned the common use cases and scenarios that require and typically utilize malware scanning in cloud storage services to maintain data and system integrity. The following list is an example of some of these: Web applications: many cloud web applications allow users to upload content to storage. This allows low maintenance and scalable storage for applications like tax apps, CV upload HR sites, and receipts upload. Content protection: assets like videos and photos are commonly shared and distributed at scale both internally and to external parties. CDN and content hubs are a classic malware distribution opportunity. Compliance requirements: resources that adhere to compliance standards like NIST, SWIFT, GDPR, and others require robust security practices, which include malware scanning. It is critical for organizations operating in regulated industries or regions. Third-party integration: third-party data can come from a wide variety of sources, and not all of them may have robust security practices, such as business partners, developers, and contractors. Scanning for malware helps to ensure that this data doesn't introduce security risks to your system. Collaborative platforms: similar to file sharing, teams leverage cloud storage for continuously sharing content and collaborating across teams and organizations. Scanning for malware ensures safe collaboration. Data pipelines: data moving through ETL processes can come from multiple sources and may include malware. Scanning for malware can help to ensure the integrity of these pipelines. ML training data: the quality and security of the training data are critical for effective machine learning models. It's why it's important to ensure these data sets are clean and safe, especially if they include user-generated content or data from external sources. See it at work Here’s a short demo showcasing Malware Scanning capabilities to scan and provide quick, reliable results so you can easily make your applications secure: Malware Scanning - Tax App demo In this example, tax files are uploaded to a storage blob container that stores all the uploaded untrusted content. Once a file is uploaded, Malware Scanning scans the files and sends the scanning results to a serverless function that moves clean files to a ‘clean’ blob container and malicious files to a ‘suspicious’ files blob container (for quarantine/deletion). Consuming scan results and setting up response Scan results are returned for every file scanned. There are several supported methods to consume the scan results, fitting different use cases. Read more about consuming scan results and using them for an automated response. View and consume malware scanning results Getting started A common way to start is to deploy Malware Scanning protection with this built-in Azure Policy. You can also use IaC templates such as Bicep and ARM, REST API, or the Azure portal UI to enable at scale. If you’re using the old (“classic”) Defender for Storage plan, migrate to the new plan to enable Malware Scanning. You can also read about how to run an effective POC. Additional resources Malware Scanning in Defender for Storage documentation. A hands-on Ninja lab. Built-in Azure Policy to deploy to protect your environment now. Watch the “ ” YouTube episode to learn more about the threat landscape for Azure Storage and how Microsoft Defender for Storage can help detect and mitigate these threats. Learn more on the threat matrix for storage services. for product deep dives. Follow us at @MSThreatProtect for the latest news and updates on cybersecurity. Have questions or comments? Write them below. Continue reading...