Stay secure and informed

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Microsoft Secure</title> <atom:link href="https://cloudblogs.microsoft.com/microsoftsecure/feed/" rel="self" type="application/rss+xml" /> <link>https://cloudblogs.microsoft.com/microsoftsecure</link> <description>In-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance</description> <lastBuildDate>Tue, 17 Oct 2017 16:00:14 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <generator>https://wordpress.org/?v=4.8.2</generator> <item> <title>Cybersecurity in a modern age</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/17/cybersecurity-in-a-modern-age/</link> <pubDate>Tue, 17 Oct 2017 16:00:14 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70528</guid> <description><![CDATA[By 2021, worldwide cybercrime damage is expected to reach $6 trilliondouble what it cost businesses in 2015. As digital transformation sweeps the globe, the imminent threat of cybercrime grows alongside it. As a result, new techniques in cybersecurity must be developed at a growing rate to keep pace. Digital-first is the new business frontier, and <p><a class="read-more" title="Cybersecurity in a modern age" aria-label="Read more about Cybersecurity in a modern age" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/17/cybersecurity-in-a-modern-age/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><img class="size-full wp-image-70540 aligncenter" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/17349_MSFT_SecurityRoadShowSeriesBlogs_SecureBlog_960x300_R1_V2.jpg" alt="" width="960" height="300" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/17349_MSFT_SecurityRoadShowSeriesBlogs_SecureBlog_960x300_R1_V2.jpg 960w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/17349_MSFT_SecurityRoadShowSeriesBlogs_SecureBlog_960x300_R1_V2-300x94.jpg 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/17349_MSFT_SecurityRoadShowSeriesBlogs_SecureBlog_960x300_R1_V2-768x240.jpg 768w" sizes="(max-width: 960px) 100vw, 960px" /></p>&#10;<p>By 2021, worldwide cybercrime damage is expected to reach $6 trillion<a href="http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/">double what it cost businesses in 2015</a>. As digital transformation sweeps the globe, the imminent threat of cybercrime grows alongside it. As a result, new techniques in cybersecurity must be developed at a growing rate to keep pace.</p>&#10;<p>Digital-first is the new business frontier, and if we want to keep this landscape a safe space to store and share information, we must be able to quickly identify opportunities to bolster security and adapt to evolving threats. Microsofts cloud technology offers organizations the tools to advance security, enhance government compliance, improve security education, and enable industry collaboration to shut down new threats. Microsoft is creating a new path toward digital transformation in a secure space.</p>&#10;<p>Through cloud technologies, IT professionals now have advanced tools at their fingertips that provide real-time visibility into cybersecurity and the ability to proactively thwart threats before they become an issue. As more organizations move to the cloud, management of security risks can occur in real time. This real-time action on cyber threats helps create cost efficiency, and allows for frequent and seamless updates without reconfiguration, giving IT leaders the upper hand in staying compliant with regulatory guidelines.</p>&#10;<p>With cloud-based technology come real solutions in data loss prevention. IT professionals are using the cloud to secure employee data in new and highly effective ways. Through improved cloud encryption capabilities, organizations can better help protect sensitive information in motion and at rest. Even if cybercriminals are able to breach your network and bypass the first lines of cyber defense, <a href="https://www.microsoft.com/en-us/trustcenter/security/encryption">encryption helps keep organizational data from falling into unauthorized hands</a>. Additionally, advanced measures like multi-factor authentication (MFA) and Single Sign-On (SSO) provide additional layers of security by ensuring only those with the proper credentials are able to gain access to information and company platforms. These solutions and innovations in tech security are just the beginning.</p>&#10;<p>With the advent of new technology and the digitization of how IT experts and professionals communicate, a quicker dissemination of knowledge can occur in a collaborative space. Experts can share and explore new ideas and concepts to quickly improve upon cloud technology and how to best address security concerns. By partnering up, industries are able to break new ground on how to secure information, share information, and revolutionize the way government, private enterprise, education systems, and average people navigate a digitally transforming world.</p>&#10;<p>Ready to discover how Microsoft technology is transforming security for a digital-first, cloud-first world, and participate in interactive sessions led by subject matter experts? Microsoft is hosting a series of Security Forums in cities across the United States to demonstrate how organizations can use the latest technology to update and improve their cybersecurity efforts. We invite you to join your fellow IT professionals alongside Microsoft experts to discuss new ways to address evolving cyber threats. Find out how your business can use the power of the cloud to boost security, and get a firsthand look at what Microsoft has to offer.</p>&#10;<p>For more information, including locations near you and a full event calendar, visit the <a href="https://www.microsoftevents.com/profile/web/index.cfm?PKwebID=0x5342431576&amp;wt.mc_id=AID641621_QSG_BLOG_178512">Microsoft Security Forum events page</a>. Dont delay, as seats are limited. <a href="https://www.microsoftevents.com/profile/web/index.cfm?PKwebID=0x5342431576&amp;wt.mc_id=AID641621_QSG_BLOG_178512">Register now</a> to save your spot!</p>&#10;]]></content:encoded> </item> <item> <title>Microsoft and Progeny Systems enhance security for mobile applications across U.S. Government</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/16/microsoft-and-progeny-systems-enhance-security-for-mobile-applications-across-u-s-government/</link> <pubDate>Mon, 16 Oct 2017 15:00:49 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70549</guid> <description><![CDATA[In our mobile-first, cloud-first world, security is paramount for organizations of any size. It is especially critical to applications used across the U.S. Government, which is why we are working with the Department of Homeland Security (DHS) Science and Technology Directorate and Progeny Systems to enhance mobile application security. In support of the broader federal <p><a class="read-more" title="Microsoft and Progeny Systems enhance security for mobile applications across U.S. Government" aria-label="Read more about Microsoft and Progeny Systems enhance security for mobile applications across U.S. Government" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/16/microsoft-and-progeny-systems-enhance-security-for-mobile-applications-across-u-s-government/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p>In our mobile-first, cloud-first world, security is paramount for organizations of any size. It is especially critical to applications used across the U.S. Government, which is why we are working with the Department of Homeland Security (DHS) Science and Technology Directorate and Progeny Systems to enhance mobile application security.</p>&#10;<p>In support of the broader federal initiative to enable <a href="https://www.gsa.gov/technology/government-it-initiatives/digital-strategy">access to quality digital government information and services anywhere, anytime, on any device</a>, Progeny will build a mobile application development security framework for iOS, Android and Windows apps that will be used across several US Government agencies, both for public facing and internal enterprise use cases. This framework will broadly enable developers across the United States Government to focus on building mobile apps that provide business value, with the confidence that security is built in.</p>&#10;<p>The cross-platform, native approach using Visual Studio, the open-source .NET framework, and Xamarin platform will enable developers to build higher quality apps that are fully compliant with the National Information Assurance Partnership (NIAP) mobile app vetting standards, the National Institutes of Standards and Technology (NIST) 800-163 guidance and the Department of Homeland Securitys Mobile Application Playbook. Utilizing Microsofts <a href="https://www.gartner.com/doc/reprints?id=1-42YW0M8&amp;ct=170613&amp;st=sb">leading mobile application development tools</a>, the framework will support mobile apps built to run on-premise and on any cloud platform, including government-only clouds such as <a href="https://azure.microsoft.com/en-us/overview/clouds/government/">Azure Government</a>, which meet critical government regulatory compliance requirements.</p>&#10;<blockquote><p>Id like to congratulate the Department of Homeland Security Science and Technology Directorate for their commitment to addressing the mandates of both security and mobility for their stakeholders, said Greg Myers, Microsoft Vice President of Federal. We look forward to partnering with DHS and ultimately, by bringing mobile, secure, and compliant technology solutions helping them fulfil their critical mission.</p></blockquote>&#10;<p>Microsofts latest award from the DHS comes on the heels of several related <a href="https://azure.microsoft.com/en-us/blog/microsoft-azure-reaches-new-industry-leading-cloud-compliance-milestones/">public sector certifications</a> and <a href="https://azure.microsoft.com/en-us/blog/azure-brings-big-data-analytics-and-visualization-capabilities-to-u-s-government/">big data and analytics</a> enhancements to our leading mobile apps and security. It also builds on our current work with the <a href="https://blogs.msdn.microsoft.com/azuregov/2017/03/15/veterans-affairs-issues-fedramp-high-ato-for-microsoft-azure-government1/">Department of Veterans Affairs</a> and Applied Research Associates, whose Instant Notification System enables the U.S. governments <a href="http://resources.xamarin.com/rs/xamarin/images/Xamarin-Case-Study-Applied-Research.pdf">Combating Terrorism and Threat Support Offices Tactical Support Working Group (TSWG)</a> to quickly and effectively notify team members about suspicious packages or events over commercially available networks.</p>&#10;<p>You can read more about our mobile application security work with the Department of Homeland Security (DHS) Science and Technology Directorate and Progeny Systems in their <a href="https://www.dhs.gov/science-and-technology/news/2017/10/11/news-release-st-awards-750k-manassas-va-based-tech-firm">news release</a>. For details on Microsofts leadership in mobile application development, visit <a href="https://www.gartner.com/doc/reprints?id=1-42YW0M8&amp;ct=170613&amp;st=sb">Gartners Magic Quadrant report</a>.</p>&#10;]]></content:encoded> </item> <item> <title>Easily create securely configured virtual machines</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/12/easily-create-securely-configured-virtual-machines/</link> <pubDate>Thu, 12 Oct 2017 15:00:40 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Featured]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70513</guid> <description><![CDATA[This blog post is authored by Jonathan Trull, Cheif Security Advisor, Enterprise Cybersecurity Group. While a securely configured operating system is essential to repelling todays cyber attacks, the base images provided by vendors do not come pre-hardened and require significant research, expertise, and proper configuration by the customer. To make it easier for Microsoft customers <p><a class="read-more" title="Easily create securely configured virtual machines" aria-label="Read more about Easily create securely configured virtual machines" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/12/easily-create-securely-configured-virtual-machines/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><em>This blog post is authored by Jonathan Trull, Cheif Security Advisor, Enterprise Cybersecurity Group.</em></p>&#10;<p>While a securely configured operating system is essential to repelling todays cyber attacks, the base images provided by vendors do not come pre-hardened and require significant research, expertise, and proper configuration by the customer. To make it easier for Microsoft customers to deploy secured virtual machines out of the box, I am excited to share the recent availability for purchase of hardened virtual machine images within Azure, based on the partnership between Microsoft and the <a href="https://www.cisecurity.org/">Center for Internet Security</a>(CIS). CIS is a non-profit entity focused on developing global standards and recognized best practices for securing IT systems and data against the most pervasive attacks. Hardened images are virtual machine images that have been hardened, or configured, to be more resilient to cyber attacks. These images are available in the <a href="https://azuremarketplace.microsoft.com/">Azure Marketplace</a> and can be used by Azure customers to create new, securely configured virtual machines.</p>&#10;<p>Establishing and maintaining the secure configuration of an entitys IT infrastructure continues to be a core tenet of information security. History has shown that the misconfiguration or poor configuration of laptops, servers, and network devices is a common cause of data breaches. Global standards, governments, and regulatory bodies have also highlighted the importance of establishing and maintaining secure configurations, and in many cases, have mandated their use due to their effectiveness. I have included a few of the most relevant and wide-ranging examples in the table below.</p>&#10;<table style="height: 226px" width="980">&#10;<tbody>&#10;<tr>&#10;<td width="208"><strong>Source</strong></td>&#10;<td width="236"><strong>Control</strong></td>&#10;<td width="180"><strong>Reference</strong></td>&#10;</tr>&#10;<tr>&#10;<td width="208">Center for Internet Security Critical Security Controls</td>&#10;<td width="236">CIS Control 3 Secure configurations for hardware and software on mobile devices, laptops, workstations, and servers</td>&#10;<td width="180"><a href="https://www.cisecurity.org/controls/secure-configurations-for-hardware-and-software/">https://www.cisecurity.org/controls/secure-configurations-for-hardware-and-software/</a></td>&#10;</tr>&#10;<tr>&#10;<td width="208">Australian Signals Directorate Strategies to Mitigate Cyber Security Incidents</td>&#10;<td width="236">User Application Hardening<br />&#10;Server Application Hardening<br />&#10;Operating System Hardening</td>&#10;<td width="180"><a href="https://www.asd.gov.au/infosec/mitigationstrategies.htm">https://www.asd.gov.au/infosec/mitigationstrategies.htm</a></td>&#10;</tr>&#10;<tr>&#10;<td width="208">US NIST Cyber Framework</td>&#10;<td width="236">PR.IP-1: A baseline configuration of information technology/ industrial control systems is created and maintained</td>&#10;<td width="180"><a href="https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf">https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf</a></td>&#10;</tr>&#10;<tr>&#10;<td width="208">Payment Card Industry</td>&#10;<td width="236">Build and maintain a secure network and systems</td>&#10;<td width="180"><a href="https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_2.pdf?agreement=true&amp;time=1505339723255">https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_2.pdf?agreement=true&amp;time=1505339723255</a></td>&#10;</tr>&#10;</tbody>&#10;</table>&#10;<h2>Accessing and Deploying CIS Hardened Images</h2>&#10;<p>To view the CIS hardened images, login to the Azure portal and navigate to the Marketplace. You can then search for and filter on the Center for Internet Security. As you can see below, there are hardened images for many of the common operating systems, including Windows Server 2012, Oracle Linux, and Windows Server 2016.</p>&#10;<p><img class="size-large wp-image-70516 aligncenter" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_1-1024x700.png" alt="" width="1024" height="700" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_1-1024x700.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_1-300x205.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_1-768x525.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_1.png 1431w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<p>From within the Marketplace blade, you can then select the appropriate image and select the create button to start the deployment journey within the portal or gain further details on deploying the image programmatically. Below is an example showing the start of the deployment of new CIS hardened Windows Server 2016 image.</p>&#10;<p><img class="size-large wp-image-70519 aligncenter" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_2-1024x823.png" alt="" width="1024" height="823" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_2-1024x823.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_2-300x241.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Accessing-and-Deploying-CIS-Hardened-Images_2-768x617.png 768w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<p>The hardened images are configured based on the technical specifications established in the related benchmark. These benchmarks are freely available on the <a href="https://www.cisecurity.org/cis-benchmarks/">CIS website in PDF format</a>.</p>&#10;<p>The CIS benchmarks contain two levels, each with slightly different technical specifications:</p>&#10;<ul>&#10;<li>Level 1 Recommended, minimum security settings that should be configured on any system and should cause little or no interruption of service or reduced functionality</li>&#10;<li>Level 2 Recommended security settings for highly secure environments and could result in some reduced functionality.</li>&#10;</ul>&#10;<p>Prior to deploying one of the CIS hardened images, it is important for the administrator to review the benchmarks specifications and ensure it conforms to the companys policy, procedures, and standards and perform sufficient testing before deploying to a production environment.</p>&#10;<p>CIS is working to release additional, hardened images, so check the <a href="https://azuremarketplace.microsoft.com/marketplace">Azure Marketplace</a> for new updates.</p>&#10;]]></content:encoded> </item> <item> <title>What Am I Missing? How to see the users you’re denied from seeing</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/11/what-am-i-missing-how-to-see-the-users-youre-denied-from-seeing/</link> <pubDate>Wed, 11 Oct 2017 20:00:54 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70474</guid> <description><![CDATA[This blog post is authored by Michael Dubinsky, Principal PM Manager, Microsoft ATA / Azure ATP. Recently Andy (@_wald0) and Will (@harmj0y), who are amazing contributors to the security community, have published the whitepaperAn ACE Up the Sleeve: Designing Active Directory DACL Backdoors. In this whitepaper they discuss different methods which can be used by <p><a class="read-more" title="What Am I Missing? How to see the users youre denied from seeing" aria-label="Read more about What Am I Missing? How to see the users youre denied from seeing" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/11/what-am-i-missing-how-to-see-the-users-youre-denied-from-seeing/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><em>This blog post is authored by <a href="https://twitter.com/MichaelDubinsky">Michael Dubinsky</a>, Principal PM Manager, Microsoft ATA / Azure ATP.</em></p>&#10;<p><img class="aligncenter wp-image-70507" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/EMS_business-scenario-insights-1-1024x713.jpg" alt="" width="824" height="574" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/EMS_business-scenario-insights-1-1024x713.jpg 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/EMS_business-scenario-insights-1-300x209.jpg 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/EMS_business-scenario-insights-1-768x535.jpg 768w" sizes="(max-width: 824px) 100vw, 824px" /></p>&#10;<p>Recently Andy (<a href="https://twitter.com/_wald0">@_wald0</a>) and Will (<a href="https://twitter.com/harmj0y">@harmj0y</a>), who are amazing contributors to the security community, have published the whitepaper<em><a href="https://www.blackhat.com/docs/us-17/wednesday/us-17-Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors-wp.pdf">An ACE Up the Sleeve: Designing Active Directory DACL Backdoors</a></em>.</p>&#10;<p>In this whitepaper they discuss different methods which can be used by attackers to remain persistent and stealthy in the environment to avoid detection.</p>&#10;<p>In general, this is a very important goal for an attacker and is a big part of a successful mission performed either by a nation state or by a hacker group.</p>&#10;<p>Specifically, in the whitepaper Andy and Will mention the option to setup a Deny ACE on an object created by the attacker. This will cause the object in question to become invisible (not be returned in LDAP queries performed to the Active Directory), which causes the object to avoid being seen (and monitored) by any service account used by monitoring solutions.</p>&#10;<p>This does sound like an issue, as denying permissions from a Domain Admin principle (or the <em>Everyone</em> principle for that matter) will cause an object to become invisible. A cool idea indeed.</p>&#10;<p>So, this made me think is there a way we can identify <em><strong>all</strong></em> the objects to which I <strong>dont</strong> have permissions?</p>&#10;<p>Sounds like a tough task, however after going through some of the possible resolution APIs together with the ATA security research team, <a href="https://twitter.com/simakov_marina">Marina</a> has come across this statement for the LsaLookupSIDs:</p>&#10;<p style="padding-left: 30px"><em><a href="https://technet.microsoft.com/en-us/library/ff428139%28v=ws.10%29.aspx#BKMK_LsaLookupSIDs">There is no access check that would require the caller to be able to read the SID or account name to perform the mapping</a>.</em></p>&#10;<p>Now that weve found a method to query a SID and get a result regardless of the ACL we can verify whether the object exists or not.</p>&#10;<p>The next step is to identify whether its a permissions issue. In order to validate whether its a permissions issue or not, we can compare the results of this API with the LDAP query results.</p>&#10;<p>If <em><strong>only</strong></em> the LsaLookupSIDs returns a result while the LDAP query fails this means one thing (after cleaning up several bugs related to SidHistory) <strong>we dont have permissions on the objec</strong>t!</p>&#10;<p>Ive made a small PowerShell script to demonstrate this capability. The script enumerates all RIDs in a specific domain and compares the LDAP result to the LsaLookupSIDs result to see what I am missing.</p>&#10;<p>The script can be found at <a href="https://github.com/michdu/WhatAmIMissing">https://github.com/michdu/WhatAmIMissing</a>.</p>&#10;<p>This should make discovering ACL hidden objects a little bit easier.</p>&#10;]]></content:encoded> </item> <item> <title>SharePoint and OneDrive: security you can trust, control you can count on</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/10/sharepoint-and-onedrive-security-you-can-trust-control-you-can-count-on/</link> <pubDate>Tue, 10 Oct 2017 19:00:19 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70447</guid> <description><![CDATA[This post is authored by Bill Baer, Senior Product Marketing Manager, SharePoint and OneDrive Team. In todays complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholdersboth in the cloud and on-premises. Microsoft has been building enterprise software for decades and running some <p><a class="read-more" title="SharePoint and OneDrive: security you can trust, control you can count on" aria-label="Read more about SharePoint and OneDrive: security you can trust, control you can count on" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/10/sharepoint-and-onedrive-security-you-can-trust-control-you-can-count-on/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Bill Baer, Senior Product Marketing Manager, SharePoint and OneDrive Team.</em></p>&#10;<p>In todays complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholdersboth in the cloud and on-premises.</p>&#10;<p><img class=" wp-image-70462 alignleft" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive.png" alt="" width="503" height="316" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive.png 754w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Securing-your-content-in-the-new-world-of-work-with-SharePoint-and-OneDrive-300x189.png 300w" sizes="(max-width: 503px) 100vw, 503px" /></p>&#10;<p>Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, by implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.</p>&#10;<p>SharePoint and OneDrive are uniquely positioned to help you address these evolving security challenges. To begin with, Microsoft has continued to evolve with new standards and regulations. This has been a guiding principle as we think about security for SharePoint and OneDrive. Right alongside that principle is this one: There is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work.</p>&#10;<p>SharePoint and OneDrive allow your organization to go beyond its regular business rhythms and be nimbler in responding to market changes and opportunities. These solutions enable users to access the files and documents they need wherever they&#8217;re doing work while sharing and collaborating in real-time. And you control and own your data while Microsoft takes care of it. <a href="http://sharepoint-infographic.azurewebsites.net/">Explore</a> the many options SharePoint and OneDrive provide to secure you and your information and then read our eBook <em><a href="https://www.microsoft.com/en-us/download/details.aspx?id=55242">Securing your content in the new world of work with SharePoint and OneDrive</a>.</em></p>&#10;<p>For businesses, the time is now to reevaluate security practices. In the modern communications and collaboration, landscape connectivity is ubiquitous and the ability to work remotely has become an ingrained part of the work practice. People have come to expect to be able to access email and documents from anywhere on any device &#8211; and for that experience to be seamless.</p>&#10;<p>While this has been an enormous boost to productivity, it also presents huge challenges for security. Previously, businesses needed to concern themselves with a firewall that ended at the corporate boundary. Now that boundary has shifted to the end user. Businesses need to ensure sure that corporate data is safe while enabling users to stay productive in today&#8217;s mobile-first world, where the threat landscape is increasingly complex and sophisticated.</p>&#10;<p>We know that data loss is non-negotiable, and overexposure to information can have legal and compliance implications. SharePoint and OneDrive provide a broad array of features and capabilities designed to make certain that your sensitive information remains that way with investments across our security and compliance principles to include compliance tools that span on-premises servers and Office 365 while providing a balance between enabling user self-service.</p>&#10;<p>The rapidly-changing security landscape means that your organization&#8217;s content &#8211; its knowledge &#8211; is being shared more broadly, and accessed from more devices and more locations, than ever before. We&#8217;re committed to the security, privacy, and compliance of your data, and we continuously innovate intelligent ways to protect your content and to empower you to govern and manage information. Last month we announced label-based classification for information management policies, which enable a more dynamic governance of content across SharePoint, Exchange, and Skype, and Microsoft Teams. We&#8217;re continuously working to ensure content usage adheres to corporate policy defending your organization from todays growing and evolving advanced threats.</p>&#10;<p>To learn more about security and compliance with SharePoint and OneDrive:</p>&#10;<ul>&#10;<li><a href="https://www.microsoft.com/en-us/download/details.aspx?id=53884">Read more about how we secure your files</a></li>&#10;<li><a href="https://products.office.com/en-us/business/office-365-trust-center-welcome?legRedir=true&amp;CorrelationId=de8d945b-65d3-41bc-b5a5-41d503131554">Review Office 365 Trust where we share our commitments and information about security, privacy, and compliance</a></li>&#10;<li>Stay up to date with our <a href="https://blogs.office.com/security/">security</a> and <a href="https://blogs.office.com/compliance/">compliance</a> blogs</li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/</link> <pubDate>Thu, 05 Oct 2017 09:00:33 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70405</guid> <description><![CDATA[This post is authored by Arden White, Senior Program Manager, Windows Servicingand Delivery. As a follow-up to our announcement regarding TLS 1.2 support at Microsoft, we are announcing that support for TLS1.1/TLS 1.2 on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 is now available for download as of October 17th, 2017. Were offering <p><a class="read-more" title="Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009" aria-label="Read more about Announcing support for TLS 1.1 and TLS 1.2 in XP POSReady 2009" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/05/announcing-support-for-tls-1-1-and-tls-1-2-in-xp-posready-2009/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Arden White, Senior Program Manager, Windows </em>Servicing<em>and Delivery.</em></p>&#10;<p>As a follow-up to our announcement regarding <a href="https://blogs.microsoft.com/microsoftsecure/2017/06/20/tls-1-2-support-at-microsoft/">TLS 1.2 support at Microsoft</a>, we are announcing that support for TLS1.1/TLS 1.2 on Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 is now available for download as of October 17th, 2017. Were offering this support in recognition that our customers have a strong demand for support for these newer protocols in their environment.</p>&#10;<p>This update for Windows Embedded POSReady 2009 and Windows Embedded Standard 2009 will include support for both TLS 1.1 and TLS 1.2. For application compatibility purposes, these protocols will be disabled by default in a manner similar to the TLS 1.1/TLS 1.2 support that was disabled by default in Windows 7 and Windows Server 2008 R2. After downloading and installing the update these protocols can be enabled by setting the registry keys described in <a href="https://support.microsoft.com/kb/4019276">KB4019276</a>.</p>&#10;<p>This update is being made available on the following timeline:</p>&#10;<table style="height: 226px" width="980">&#10;<tbody>&#10;<tr>&#10;<td width="208"><strong>Release Date</strong></td>&#10;<td width="236"><strong>Channels</strong></td>&#10;<td width="180"><strong>Classification</strong></td>&#10;</tr>&#10;<tr>&#10;<td width="208">October 17, 2017</td>&#10;<td width="236">Microsoft Catalog</td>&#10;<td width="180"></td>&#10;</tr>&#10;<tr>&#10;<td width="208">January 16, 2018</td>&#10;<td width="236">Windows Update/WSUS/Catalog</td>&#10;<td width="180">Optional</td>&#10;</tr>&#10;<tr>&#10;<td width="208">February 13, 2018</td>&#10;<td width="236">Windows Update/WSUS/Catalog</td>&#10;<td width="180">Recommended</td>&#10;</tr>&#10;</tbody>&#10;</table>&#10;]]></content:encoded> </item> <item> <title>Advanced Threat Analytics security research network technical analysis: NotPetya</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/10/03/advanced-threat-analytics-security-research-network-technical-analysis-notpetya/</link> <pubDate>Tue, 03 Oct 2017 10:00:17 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">https://cloudblogs.microsoft.com/microsoftsecure/?p=70375</guid> <description><![CDATA[This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics. On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the malwares initial infection delivered via the &#8220;M.E.doc&#8221; update service, a Ukrainian finance application. Based on <p><a class="read-more" title="Advanced Threat Analytics security research network technical analysis: NotPetya" aria-label="Read more about Advanced Threat Analytics security research network technical analysis: NotPetya" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/10/03/advanced-threat-analytics-security-research-network-technical-analysis-notpetya/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Igal Gofman, Security Researcher, Advanced Threat Analytics.</em></p>&#10;<p>On June 27, 2017 reports on a new variant of Petya (which was later referred to as NotPetya) malware infection began spreading across the globe. It seems the malwares initial infection delivered via the &#8220;M.E.doc&#8221; update service, a Ukrainian finance application. Based on our investigation so far, the propagation steps executed by the malware can be considered sophisticated and well tested.<br />&#10;The malware distributes itself as a DLL file, spreading over internal networks using different lateral movement techniques.</p>&#10;<p>This blog post focuses on the network behavior analysis of NotPetya and the techniques it uses to propagate in the network. This is ongoing research, and well update with additional findings as those become available.</p>&#10;<h2>Malware Propagation Flows</h2>&#10;<p><img class="size-large wp-image-70378 aligncenter" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-1024x576.png" alt="" width="1024" height="576" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-1024x576.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-300x169.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph-768x432.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/NotPetya-malware-lateral-movement-graph.png 1578w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<h3>Delivery &amp; Initial execution</h3>&#10;<p>The malware is delivered via the &#8220;M.E.doc&#8221; service to infect the first endpoint.</p>&#10;<p>The malware executes and extracts the relevant components to disk. These include:</p>&#10;<ol>&#10;<li>PsExec &#8211; Network remote execution tool.</li>&#10;<li>A credential dumping tool.</li>&#10;</ol>&#10;<p>More information on these steps can be found at the <a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">Windows Security blog</a>.</p>&#10;<h3>Reconnaissance</h3>&#10;<p>The internal network is probed using multiple discovery methods to identify new workstations and domain controllers. These include:</p>&#10;<ul>&#10;<li>LANMAN NetServerEnum2 API used to get information about workstations and domain controllers.</li>&#10;<li>Probing using ports 139 and 445 to other endpoints.</li>&#10;<li>If a domain controller is accessible, the malware queries its DHCP Service to enumerate DHCP subnet.</li>&#10;<li>In case DHCP subnets are discovered, the malware will continue its discovery against those subnets as well.</li>&#10;</ul>&#10;<p><strong>Reconnaissance example &#8211; NetServerEnum2</strong></p>&#10;<p><img class="alignnone size-full wp-image-70381" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2.png" alt="" width="955" height="447" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2.png 955w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2-300x140.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Reconnaissance-example-Step-3-NetServerEnum2-768x359.png 768w" sizes="(max-width: 955px) 100vw, 955px" /></p>&#10;<p><strong>In the screenshot above, we can see the NetServerEnum2 API used by the infected machine. </strong><br />&#10;<strong>The response includes the domain controller and a list of all known workstations response.</strong></p>&#10;<h3>Lateral Movement</h3>&#10;<p>To spread itself on the network, the malware tries to access the administrative share ($admin).</p>&#10;<ul>&#10;<li>If the SeDebugPrivilege privilege obtained (Step2), a credentials dumping tool is used to recover additional user credentials from the local memory.</li>&#10;<li>Our lab tests have shown that in addition to the current account session, only one additional user is used by the malware to probe the remote hosts. The malware seems to ignore memory dumped users who were tagged under a new credentials session. Moreover, it seems like only one user (the last one who is in memory) is used to probe the destination host</li>&#10;<li>Each target endpoint is accessed using multiple authentication protocols, such as NTLM and Kerberos over GSSAPI (SPNEGO). The credentials used for access are:&#10;<ul>&#10;<li>Current user context, under which the malware is running.</li>&#10;<li>Successfully dumped credentials (if available).</li>&#10;</ul>&#10;</li>&#10;</ul>&#10;<p>In the screenshot below, we can see multiple CIFS ticket requests performed by the malware on behalf of the dumped user. Such broad abnormal access attempts performed by the malware will be detected by Microsoft Advanced Threat Analytics (ATA) abnormal behavior detection. Based on previously learned user behavior analytics, the detection mechanism will recognize and alert on the abnormal resource access performed by the malware using the compromised credentials.</p>&#10;<p><strong>Multiple TGS-REQ</strong></p>&#10;<p><img class="alignnone size-full wp-image-70384" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ.png" alt="" width="744" height="607" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ.png 744w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Multiple-TGS-REQ-300x245.png 300w" sizes="(max-width: 744px) 100vw, 744px" /></p>&#10;<p><strong>In the screenshot above, we can see multiple CIFS ticket requests.</strong></p>&#10;<p><strong>Example of abnormal user access &#8211; ATA</strong></p>&#10;<p><img class="alignnone size-large wp-image-70387" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-1024x870.png" alt="" width="1024" height="870" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-1024x870.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-300x255.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA-768x653.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Example-of-abnormal-user-access-ATA.png 1152w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<h3>Remote Execution</h3>&#10;<p>If access to the administrative share was obtained, the malware copies itself to the target host and executes PSEXEC and WMIC.</p>&#10;<p><strong>Malware Copy</strong></p>&#10;<p><img class="alignnone size-large wp-image-70390" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-1024x280.png" alt="" width="1024" height="280" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-1024x280.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-300x82.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5-768x210.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/Malware-Copy-Step-5.png 1343w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<p><strong>PSEXEC Service creation</strong></p>&#10;<p><img class="alignnone size-large wp-image-70393" src="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-1024x319.png" alt="" width="1024" height="319" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-1024x319.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-300x93.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation-768x239.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/10/PSEXEC-Service-creation.png 1349w" sizes="(max-width: 1024px) 100vw, 1024px" /></p>&#10;<p><strong>In the screenshot above, the infected host starts executing the PSEXEC tool.</strong></p>&#10;<h3>Exploitation (optional)</h3>&#10;<p>If all propagation steps failed, the malware tries to execute one of the SMB exploits (MS17-010).</p>&#10;<p><strong>Available SMB Exploits:</strong></p>&#10;<ol>&#10;<li>EternalBlue CVE-2017-0144</li>&#10;<li>EternalRomance &#8211; CVE-2017-0145</li>&#10;</ol>&#10;<p>The above steps are performed simultaneously, using multiple threads and runs against each target host. For further information regarding the SMB exploit mitigation, malware encryption steps and initial infection stage, please refer to the <a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">Petya worm capabilities</a> blog post.</p>&#10;<p><strong>The spreading capabilities used by the NotPetya malware introduce a new level of sophistication when executing lateral movement.</strong></p>&#10;<h2>Detection and mitigation</h2>&#10;<p>Microsoft Advanced Threat Analytics allows customers to detect and to investigate a variety of advanced techniques including the lateral movement technique used by NotPetya.</p>&#10;<p>This type of lateral movement can be detected by ATA as abnormal resource access &#8211; given the large scanning performed by the user to attempt access additional endpoints on the subnet.</p>&#10;<p>There are several ways customers can detect and prevent NotPetya from impacting their environment.</p>&#10;<p>First, we strongly recommend customers that have not yet installed security update MS17-010 to do so as soon as possible. If applying the patch is not possible, disable SMB V1 on the corporate networks.</p>&#10;<p>Second, we recommend that you verify good credential hygiene. To learn more, read the following article about <a href="https://www.microsoft.com/itshowcase/Article/Content/601/Protecting-highvalue-assets-with-secure-admin-workstations">protecting high value assets with secure admin workstations</a>.</p>&#10;<h2>Additional Resources</h2>&#10;<p><strong>KB</strong></p>&#10;<ul>&#10;<li><a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx">MS17-010 Security Update</a></li>&#10;</ul>&#10;<p><strong>Blog</strong></p>&#10;<ul>&#10;<li><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/"></a><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/">New ransomware, old techniques: Petya adds worm capabilities</a></li>&#10;<li><a href="https://blogs.technet.microsoft.com/mmpc/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/">Windows 10 platform resilience against the Petya ransomware attack</a></li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>Stepping up protection with intelligent security</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/25/stepping-up-protection-with-intelligent-security/</link> <pubDate>Mon, 25 Sep 2017 13:00:54 +0000</pubDate> <dc:creator><![CDATA[Julia White]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[Featured]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=69940</guid> <description><![CDATA[With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.]]></description> <content:encoded><![CDATA[<p><img class="wp-image-69994 alignright" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/MS-Ignite-Venue.jpg" alt="" width="500" height="317" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MS-Ignite-Venue.jpg 630w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MS-Ignite-Venue-300x190.jpg 300w" sizes="(max-width: 500px) 100vw, 500px" /></p>&#10;<p>With digital transformation, technology becomes increasingly central to every business and organization. This makes ensuring cybersecurity increasingly important. And, as employees increase their use of mobile devices and cloud-based apps, protecting their work requires a new approach for IT. With 80% of employees admitting to the use of non-approved cloud apps for work, ensuring data protection cannot be left to employees to manage.</p>&#10;<p>To address these needs, Microsoft continues to take a multi-faceted approach to providing built-in security capabilities. These span areas across:</p>&#10;<ul>&#10;<li>Protecting at the front door</li>&#10;<li>Protecting data anywhere</li>&#10;<li>Achieving data security compliance objectives</li>&#10;<li>Detecting and recovering from attacks</li>&#10;<li>Managing the security tool set</li>&#10;</ul>&#10;<p>The Microsoft security tools continuously improve with insight from the Microsoft Intelligent Security Graph, which serves as the connective tissue across Microsoft security solutions. Today at <a href="https://www.microsoft.com/ignite">Ignite</a>, we are announcing new integrations, expanded capabilities, and partnerships toward addressing the complex areas of cybersecurity for all organizations.</p>&#10;<h2>Protect at the front door</h2>&#10;<p>The vast majority of security breaches continue to trace back to weak or stolen passwords. Because its proving to work, attackers are increasing their focus on stealing passwords to access corporate systems. The latest <a href="https://www.microsoft.com/sir">Microsoft Security Intelligence Report</a> shows a 300 percent increase in user account attacks. To address this growing issue, it is essential to focus on securing identities and access. Our cloud-based approach is through broadly implemented conditional access.</p>&#10;<p>Conditional access enables you to control who has access to your organizations resources based on a combination of risk factors, such as user account activity, physical location, and the trustworthiness of the device. <a href="http://www.microsoft.com/identity">Azure Active Directory</a> analyzes these factors and applies continuous cybersecurity threat intelligence, powered by Microsofts Intelligent Security Graph. This insight provides real-time risk assessment, and triggers the appropriate authentication requirements needed for accessing apps and data. Today, we are expanding conditional access capabilities by integrating with Microsoft Cloud App Security, Azure Information Protection, and our partners in the ecosystem:</p>&#10;<ul>&#10;<li>Microsoft <a href="http://www.cloudappsecurity.com/">Cloud App Security</a> performs real-time monitoring and helps IT gain control over cloud apps and how employees use these apps. Now with Cloud App Security, users actions taken in cloud applications can be managed and controlled based on conditional access policies and proxy-enforced session restrictions. For example, you can allow users to access cloud apps from an unfamiliar location or unmanaged device, but prevent them from downloading documents.</li>&#10;<li>To further enhance security at the file level, we&#8217;re introducing conditional access for sensitive files. With the integration of <a href="https://www.microsoft.com/en-us/cloud-platform/azure-information-protection">Azure Information Protection</a> and Azure Active Directory, conditional access can be set up to allow or block access to documents protected with Azure Information Protection. You can also enforce additional security requirements such as multi-factor authentication or device enrollment.</li>&#10;<li>Not only are we providing better integration within our own solutions to deliver holistic and identity-driven security, we also are working with our partners to extend conditional access in the ecosystem. In addition to Azure multi-factor authentication (MFA), you can now use RSA, Duo or Trusona for two-step authentication as part of your conditional access policy.</li>&#10;</ul>&#10;<h2>Protect your data anywhere</h2>&#10;<p>Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.</p>&#10;<p>Microsofts Information Protection solutions help you detect, classify, protect and monitor your data regardless of where it is stored or shared. Today, were announcing several new investments in the integration across our information protection solutions helping provide more comprehensive protection across the data lifecycle.</p>&#10;<p>A key part of this vision is to provide a more consistent and integrated classification, labeling and protection approach across our information protection technologies, enabling persistent protection of your data everywhere. Microsoft Cloud App Security natively integrates with Azure Information Protection to classify and label files that reside in cloud applications.</p>&#10;<p>Finally, we are announcing the general availability of improvements to <a href="https://products.office.com/en-us/exchange/office-365-message-encryption">Office 365 message encryption</a>, which makes it easier to share protected emails with anybody inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail and Outlook.com.</p>&#10;<h2>Achieve your data security compliance objectives</h2>&#10;<p>Regulated organizations have additional needs to demonstrate compliance, and were investing in tools to help achieve those goals.</p>&#10;<p>Customer Key can help regulated customers meet their security compliance obligations by providing added control and management of encryption keys. To learn more, check out this <a href="https://youtu.be/y-BSmEhdk7c?t=8m18s">video example</a> of how Customer Key works in SharePoint Online.</p>&#10;<p>Beyond just security compliance, achieving organizational compliance is a complex challenge. Its hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement controls with limited in-house capability. Were pleased to introduce the upcoming preview of Compliance Manager, which enables you to manage your compliance posture from one place and stay up-to-date on evolving data protection regulations. Compliance Manager enables real-time risk assessment with one intelligent score reflecting your compliance posture against data protection regulations when using Microsoft cloud services. It also provides recommended actions and step-by-step guidance to help you improve your compliance posture.</p>&#10;<h2>Detect and recover from attacks</h2>&#10;<p>On average breaches exist for over 90 days in a customers environment before they are detected. In response, many organizations are moving to an assume breach posture. We continue to invest in tools that help detect attacks sooner and then remediate. But, we know its also important to continue investing in pre-breach attack prevention tools.</p>&#10;<p>Today, we are announcing several new capabilities to further improve our anti-phishing capabilities in <a href="https://products.office.com/en-us/exchange/online-email-threat-protection">Office 365 Advanced Threat Protection</a>, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Office 365 Threat Intelligence, we have introduced threat insights and tracking to help with detection and remediation. In Windows, we are adding Windows Defender Application Control, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on the endpoint.</p>&#10;<p>On the post-breach detection side, we are announcing the limited preview of a brand-new service Azure Advanced Threat Protection for users that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Powered by the graph, our Advanced Threat Protection products have a unified view of security event data so your security operations analysts can investigate an incident from endpoint to end-user to e-mail. Finally, as previously announced earlier in the month, <a href="https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp">Windows Defender Advanced Threat Protection</a> is integrating Hexadite&#8217;s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.</p>&#10;<h2>Security management</h2>&#10;<p>Protecting resources across distributed infrastructure against evolving cyberthreats demands a new approach to security management a solution that provides comprehensive visibility, consistent controls and actionable intelligence and guidance.</p>&#10;<p>We are <a href="https://go.microsoft.com/fwlink/?linkid=856797">announcing</a> today that <a href="https://azure.microsoft.com/en-us/services/security-center/">Azure Security Center</a>, which helps customers protect workloads running in Azure against cybersecurity threats, can now also be used to secure workloads running on-premises and in other private and public clouds. Azure Security Center reduces management complexity by delivering visibility and control over workloads across clouds, enables adaptive threat prevention to reduce your exposure to threats, and provides intelligent detection to help you keep pace with rapidly evolving cyberattacks.</p>&#10;<p>Azure Security Center also has new capabilities to enable central management of security policies, better detect and defend against advanced threats, and streamline investigation of threats for your hybrid workloads. Read the Azure <a href="https://go.microsoft.com/fwlink/?linkid=856797">blog</a> to learn more about these and other new features.</p>&#10;<h2>Getting started</h2>&#10;<p>We have made it easier than ever to get end-to-end security solutions up and running. FastTrack for Microsoft 365 now provides deployment services for key security scenarios, giving you the resources, tools, and support you need from Microsoft engineers.</p>&#10;<p>FastTrack for Microsoft 365 can work with you directly, work with your existing partner, or help you get matched with a trusted Microsoft partner to deploy comprehensive security solutions. And the best part is this isnt a one-time benefit. It is a repeatable resource that you can use to ensure you have the help and resources you need.</p>&#10;<p>You can go to <a href="https://fasttrack.microsoft.com/">fasttrack.microsoft.com</a> and get help to deploy Microsoft products to address some of the most common security scenarios including:</p>&#10;<ul>&#10;<li>Working securely from anywhere, anytime on almost any device enabling a flexible workstyle</li>&#10;<li>Protect your data on files, apps and devices within and across orgs</li>&#10;<li>Detect and protect against external threats</li>&#10;<li>Protect your users and their accounts</li>&#10;<li>Securely collaborate on documents in real time</li>&#10;</ul>&#10;]]></content:encoded> </item> <item> <title>New Microsoft 365 features to accelerate GDPR compliance</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/25/new-microsoft-365-features-to-accelerate-gdpr-compliance/</link> <pubDate>Mon, 25 Sep 2017 12:59:56 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <category><![CDATA[announce]]></category> <category><![CDATA[Featured]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=70066</guid> <description><![CDATA[Today we made several Microsoft 365 security and compliance announcements and updates as part of the news from the Microsoft Ignite conference. I wanted to share how these new capabilities provide customers with a more complete and protected solution to simplify their journey to compliance with the General Data Protection Regulation (GDPR).]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Alym Rayani, Director Office 365 Security.</em></p>&#10;<h2>New capabilities in Microsoft 365 help simplify your GDPR compliance journey</h2>&#10;<p>Today we made several Microsoft 365 security and compliance announcements and updates as part of the news from the Microsoft Ignite conference. I wanted to share how these new capabilities provide customers with a more complete and protected solution to simplify their journey to compliance with the <a href="https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx">General Data Protection Regulation (GDPR)</a>.</p>&#10;<p>Earlier this year, we brought together Office 365, Enterprise Mobility + Security, and Windows into a single, always-up-to-date solution called Microsoft 365 relieving organizations from much of the cost of multiple, fragmented systems that were not necessarily designed to be compliant with modern standards. These announcements at Ignite add to our extensive capabilities that organizations are already using to secure and manage their data, users, and devices.</p>&#10;<h3>A platform you can trust, and verify</h3>&#10;<p>We understand that organizations with GDPR responsibilities will have additional needs to demonstrate compliance, and were investing in tools to help them achieve those goals.</p>&#10;<p>Microsoft 365 users enjoy built-in security and compliance for the apps, services, and devices that they use every day. Microsoft has a long history of transparency, defense-in-depth, and privacy-by-design that enabled us to be the first enterprise cloud services provider to implement the rigorous controls needed to earn approval for the EU Model Clauses, the first to achieve ISOs 27018 cloud privacy standard, and the first to offer contractual commitments to the GDPR.</p>&#10;<p><strong>Introducing Compliance Manager</strong> We understand that achieving your organizational compliance goals can be very challenging. Its hard to stay up-to-date with all the regulations that matter to your organization, and to define and implement the controls.</p>&#10;<p>Were pleased to introduce Compliance Manager, a new compliance solution that helps you to manage your compliance posture from one place. Compliance Manager enables you to conduct real-time risk assessment, providing one intelligent score that reflects your compliance performance against data protection regulatory requirements when using Microsoft cloud services.</p>&#10;<p>You will also be able to use the built-in control management and audit-ready reporting tools to improve and monitor your compliance posture. Read our <a href="https://aka.ms/compliance-manager-blog">Tech Community Blog</a>to learn more about Compliance Manager, and <a href="https://aka.ms/compliance-manager-preview">sign up for the preview program</a>, which will be available starting in November.</p>&#10;<p><img class="size-large wp-image-70075 aligncenter" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Example-of-Compliance-Manager-dashboard-1024x818.png" alt="" width="640" height="511" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-1024x818.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-300x240.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard-768x613.png 768w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Compliance-Manager-dashboard.png 1300w" sizes="(max-width: 640px) 100vw, 640px" /></p>&#10;<p style="text-align: center;"><em>Example of Compliance Manager dashboard</em></p>&#10;<p><strong>General availability of service encryption with Customer Key</strong> Were announcing the availability of service encryption with Customer Key, which can help regulated customers demonstrate additional compliance controls by managing the encryption keys for their Office 365 data. Here is an example of how Customer Key works in SharePoint Online:</p>&#10;<p><iframe src="https://www.youtube.com/embed/y-BSmEhdk7c" width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen"></iframe></p>&#10;<h2>Simplify how you govern data</h2>&#10;<p>Organizations face ever increasing quantities of complex electronic data. Gaining control over this data overload so that you know what to keep and find whats relevant when you need it is critical for both security and compliance purposes. Today we are introducing several new features which further enhance the already rich set of capabilities available with Microsoft Information Protection and Advanced Data Governance.</p>&#10;<p>Companies of all sizes and industries need to protect their sensitive data and ensure that it doesnt get into the wrong hands. Employees are using more SaaS apps, creating more data, and working across multiple devices. While this has enabled people to do more, it has also increased the risk of data loss it is estimated that 58% of workers have accidentally shared sensitive data with the wrong person.</p>&#10;<p><strong>Microsofts Information Protection</strong> solutions help you identify, classify, protect and monitor your sensitive data as it is created, stored, or shared. We made several investments across our information protection solutions helping provide more comprehensive protection across the data lifecycle. A key part of our vision is to provide a more consistent and integrated classification, labeling, and protection approach across our information protection technologies, enabling persistent protection of your data everywhere. <strong>Microsoft Cloud App Security</strong> now deeply integrates with <strong>Azure Information Protection</strong> to classify and label files that reside in cloud applications.</p>&#10;<p><strong>Advanced Data Governance enhancements</strong>, including event based retention in Office 365 Advanced Data Governance, allows customers to create events which will trigger the retention period of data in Office 365 to consistently comply with internal business requirements. Disposing of data in a defensible manner allows organizations to effectively reduce their security and compliance risks. This feature is currently in the standard Office 365 Universal Preview Program and available for you to try.</p>&#10;<p><strong>New Multi-Geo Capabilities in Office 365</strong> enable a single tenant to span multiple Office 365 datacenter geographies (geos) to store data at-rest and on a per-user basis in customer specified geos. Multi-Geo helps customers address organizational, regional, and local data residency requirements and enables modern collaboration experiences for their globally dispersed employees. <a href="https://aka.ms/Multi-Geo">Learn more about Multi-Geo</a>.</p>&#10;<p>Also, we are announcing the general availability of improvements to <strong>Office 365 message encryption</strong>, which makes it easier to share protected emails with anybody inside or outside of your organization. Recipients can view protected Office 365 emails on a variety of devices, using common email clients or even consumer email services such as Gmail, Outlook.com, and Live.com.</p>&#10;<h3>Use intelligent tools to better discover and control your data</h3>&#10;<p>Many organizations are evaluating how to find and protect the personal data they collect. With the explosion of data and its increasing value many organizations cannot adequately manage their assets with traditional manual processes.</p>&#10;<p>Unfortunately, even once you know where all the data is and how it should be managed, you must constantly ensure it is protected from threats. The GDPR requires organizations take appropriate measures to prevent unauthorized access or disclosure and to notify stakeholders in the case of breach. Today, on average attacks exist for over 90 days in an environment prior to detection. Microsoft continues to invest in tools that help detect attacks sooner and then remediate, as well as in pre-breach attack prevention tools.</p>&#10;<p><strong>Analysis of non-Office 365 data with Advanced eDiscovery</strong>: While the amount of data being generated and stored in Office 365 is growing at an exponential rate, many organizations still have data in legacy file shares and archives. Data is also being generated in other cloud services which may be relevant for an eDiscovery case surrounding a Data Subject Request. Analysis of non-Office 365 data allows organizations to import the case-specific copy of such data into a specifically assigned Azure container and analyze it using Office 365 Advanced eDiscovery. Having one eDiscovery workflow for both Office 365 and non-Office 365 data provides organizations with the consistency they need to make defensible decisions across the entire data set of a case.</p>&#10;<p>This feature is currently in preview and requires an Advanced eDiscovery license for each user whose data is being analyzed. Later this year, in addition to Advanced eDiscovery licenses this feature will require the purchase of the eDiscovery Storage plan for all non-Office 365 data imported into the specifically assigned Azure container for analysis by Advanced eDiscovery. The eDiscovery Storage plan comes in increments of 500GB of storage and is priced at $100 per month.</p>&#10;<p><img class="size-large wp-image-70081 aligncenter" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Example-of-Advanced-eDiscovery-1024x557.png" alt="" width="640" height="348" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-1024x557.png 1024w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-300x163.png 300w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/Example-of-Advanced-eDiscovery-768x418.png 768w" sizes="(max-width: 640px) 100vw, 640px" /></p>&#10;<p style="text-align: center;"><em>Example of Advanced eDiscovery</em></p>&#10;<p>To better protect your users against threats, we also improved our anti-phishing capabilities in <strong>Office 365 Advanced Threat Protection</strong>, with a focus on mitigating content phishing, domain spoofing, and impersonation campaigns. Office 365 Advanced Threat Protection is also expanded to help secure SharePoint Online, OneDrive for business, and Teams. In Windows, we added <strong>Windows Defender Application Contro</strong>l, which is powered by the Microsoft Intelligent Security Graph to make it less likely that malicious code can run on that endpoint.</p>&#10;<p>On the post-breach detection side, we announced the limited preview of a brand-new service <strong>Azure Advanced Threat Protection</strong> for users that brings our on-premises identity threat detection capabilities to the cloud and integrates them with the Microsoft Intelligent Security Graph. Finally, as previously announced earlier in the month, <strong>Windows Defender Advanced Threat Protection</strong> is integrating Hexadite&#8217;s AI technology to automatically investigate new alerts, determine the complexity of a threat, and take the necessary actions to remediate it.</p>&#10;<p><strong>Office 365 security management updates</strong> We have also made a few updates to Advanced Security Management to give you even better visibility and control over Office 365. To help organizations in the EU meet their compliance obligations, starting in October, we will begin hosting Advanced Security Management in our EU datacenter region. We are also giving you additional visibility into the service by adding support for activities from Skype for Business, Yammer and Office 365 Threat Intelligence. The signals from these services will be used to generate activity alerts and be factored into anomaly detection alerts. Lastly, to better align our Microsoft 365 investments, we are renaming Advanced Security Management to Office 365 Cloud App Security.</p>&#10;<h2>Taking the next step on your GDPR compliance journey</h2>&#10;<p>The GDPR is compelling every organization to consider how they will respond to todays security and compliance challenges. It may require significant changes to how your business gathers, uses, and governs data.</p>&#10;<p>As a global company with hundreds of millions of customers around the globe, we are subject to many stringent regulations including the GDPR and we understand the challenges you face. As your trusted partner, we are committed to going beyond our minimum responsibilities and always working on behalf of your best interests. To that end, Microsoft is an active participant in a community of compliance experts that can support all aspects of your GDPR journey &#8211; such as audit and consulting, cloud migration assistance, as well as delivering specific point solutions.</p>&#10;<p>For more details on these announcements and the other capabilities of Microsoft 365, read the new whitepaper: <a href="https://aka.ms/M365-GDPR-paper">Accelerate your GDPR compliance journey with Microsoft 365</a>.</p>&#10;<p>&nbsp;</p>&#10;]]></content:encoded> </item> <item> <title>Security at Microsoft Ignite</title> <link>https://cloudblogs.microsoft.com/microsoftsecure/2017/09/22/security-at-microsoft-ignite/</link> <pubDate>Fri, 22 Sep 2017 20:30:05 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Uncategorized]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=70021</guid> <description><![CDATA[Microsoft Ignite begins this Sunday, September 24, with pre-day training and registration! The Microsoft Ignite event delivers the largest and most comprehensive perspective on the future of Enterprise technology at one conference. Everyone who attends IT pros and Enterprise developersgets inspiration, training, and connections to drive their business forward with Microsoft technology. 26,000+ IT and <p><a class="read-more" title="Security at Microsoft Ignite" aria-label="Read more about Security at Microsoft Ignite" href="https://cloudblogs.microsoft.com/microsoftsecure/2017/09/22/security-at-microsoft-ignite/">Read more</a></p>]]></description> <content:encoded><![CDATA[<p><img class="alignnone size-full wp-image-70048" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417.jpg" alt="" width="740" height="417" srcset="https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417.jpg 740w, https://cloudblogs.microsoft.com/microsoftsecure/wp-content/uploads/sites/13/2017/09/MSCOM_Ignite_About_Connecting_Social_740x417-300x169.jpg 300w" sizes="(max-width: 740px) 100vw, 740px" /></p>&#10;<p><a href="https://www.microsoft.com/en-us/ignite/default.aspx">Microsoft Ignite</a> begins this Sunday, September 24, with pre-day training and registration! The Microsoft Ignite event delivers the largest and most comprehensive perspective on the future of Enterprise technology at one conference. Everyone who attends IT pros and Enterprise developersgets inspiration, training, and connections to drive their business forward with Microsoft technology. 26,000+ IT and Enterprise developer customers and prospects come to collaborate and learn how Microsoft technology can help them achieve success.</p>&#10;<h2>Top three things to do before you go:</h2>&#10;<ol>&#10;<li>Download the mobile app&#10;<ul>&#10;<li>The mobile apps allow you to easily access My Conference, session details, evaluations, attendee networking, maps, event notifications, partners, and more. Download it now for your device: <a href="https://aka.ms/ignite.mobileapp">Window | IOS | Android</a></li>&#10;</ul>&#10;</li>&#10;<li>Set up your attendee profile&#10;<ul>&#10;<li>Connect with attendees at the events. Setting up your profile helps attendees discover Microsoft experts and get their questions answered. After your edits are complete, your profile will be updated in the apps and in MyIgnite.</li>&#10;</ul>&#10;</li>&#10;<li>Get ready for a great show&#10;<ul>&#10;<li>Confirm your hotel reservation</li>&#10;<li>Familiarize yourself with our event and resources</li>&#10;<li>Have fun!</li>&#10;</ul>&#10;</li>&#10;</ol>&#10;<h2>Key security sessions to attend at Ignite</h2>&#10;<ul>&#10;<li><a href="https://myignite.microsoft.com/sessions/56715?source=sessions">Create a modern workplace with Microsoft 365</a>&#10;<ul>&#10;<li>Kirk Koenigsbauer, Brad Anderson, Catherine Boeger</li>&#10;</ul>&#10;</li>&#10;<li><a href="https://myignite.microsoft.com/sessions/56716?source=sessions">Empower IT and developer productivity with Microsoft Azure</a>&#10;<ul>&#10;<li>Scott Guthrie</li>&#10;</ul>&#10;</li>&#10;<li><a href="https://myignite.microsoft.com/sessions/56551?source=sessions">Cloud infrastructure: Enabling new possibilities together</a>&#10;<ul>&#10;<li>Jason Zander</li>&#10;</ul>&#10;</li>&#10;<li><a href="https://myignite.microsoft.com/sessions/56550?source=sessions">Microsoft 365: Step up your protection with intelligent security</a>&#10;<ul>&#10;<li>Julia White</li>&#10;</ul>&#10;</li>&#10;<li><a href="https://myignite.microsoft.com/sessions/56549?source=sessions">Microsoft 365: Modern management and deployment</a>&#10;<ul>&#10;<li>Brad Anderson, Rob Lefferts</li>&#10;</ul>&#10;</li>&#10;</ul>&#10;<p>But thats not all, we have a huge selection of security related content, 345 sessions to be exact. Sessions have been designed to not only meet your product needs, but also your expertise needs. <a href="https://myignite.microsoft.com/sessions?q=security">Find a complete list of security sessions here</a>.</p>&#10;<h2>Who is attending from Microsoft</h2>&#10;<p>This year we are rolling out a fantastic new tool simply known as Expert Finder. All Microsoft staff will be tagged with the areas of expertise and can easily be located on the expo floor. Work with staff onsite at the Expo to locate the expert(s) that you need to speak with.</p>&#10;<p><a href="https://microsoftignitecontent.hubb.me/expertfinder">The Expert Finder tool can be found here</a>. (note not all attendees will have access)</p>&#10;<h2>Where to find Security onsite: In the expo</h2>&#10;<p>We have full coverage of security topics in the expo. From getting help desk answers to seeing demos, you are sure to walk away with the information you need.</p>&#10;<p>Youll find us in the expo during the following times:</p>&#10;<ul>&#10;<li>Monday: 12:30 7:30pm&#10;<ul>&#10;<li>Social hour: 5:30pm 7:30pm</li>&#10;</ul>&#10;</li>&#10;<li>Tuesday: 10:00am 6pm&#10;<ul>&#10;<li>Social hour: 5:30pm 7:30pm</li>&#10;</ul>&#10;</li>&#10;<li>Wednesday: 10:00am 6:00pm&#10;<ul>&#10;<li>Social hour: 5:30pm 6:00pm</li>&#10;</ul>&#10;</li>&#10;<li>Thursday: 10:00am 4:00pm</li>&#10;</ul>&#10;<p>Below you can see where the Security area is located within the Expo, as noted by the red circle.</p>&#10;<p><img class="aligncenter wp-image-70036" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/09/Ignite-Map.jpg" alt="" width="750" height="375" /></p>&#10;<h2>Networking opportunities</h2>&#10;<p>Ignite it not only about talking with the Microsoft experts, its also a great time to network with your peers. Here is a list of great opportunities for you to network during the event:</p>&#10;<ul>&#10;<li>Immersion zone&#10;<ul>&#10;<li>Get &#8220;Hands-on&#8221;- youll find Labs, workshops, mixed reality experiences, learning experts and more!</li>&#10;</ul>&#10;</li>&#10;<li>Visit the security and privacy <a href="https://techcommunity.microsoft.com/t5/Security-Privacy-Compliance/ct-p/SecurityPrivacyCompliance">Microsoft Tech Community</a>&#10;<ul>&#10;<li>Learn and see what other attendees are talking about. Then take the opportunity to not only to collaborate virtually, but set up time to network face-to-face while at the event.</li>&#10;</ul>&#10;</li>&#10;<li>Social hours&#10;<ul>&#10;<li>Wind down the day and enjoy a drink with security related professions, social hours are posted above.</li>&#10;</ul>&#10;</li>&#10;<li>Celebration event&#10;<ul>&#10;<li>More details to come, but on Thursday we have an amazing celebration event!</li>&#10;</ul>&#10;</li>&#10;</ul>&#10;<p>In the week following Ignite, we will summarize our lessons learned, product announcements, and customer feedback received from the event.</p>&#10;<p>To learn more about Microsoft security solutions and services, visit <a href="https://www.microsoft.com/secure">https://www.microsoft.com/secure</a>.</p>&#10;<p>We hope you have a lot of fun, make amazing connections, and walk away with inspiring insights at this years Ignite conference. Were looking forward to seeing you there!</p>&#10;]]></content:encoded> </item> </channel> </rss>