Microsoft Cloud a 'Tempting Target' for Attacks

A new Microsoft security report released this week quantifies a longstanding concern about big cloud services, namely that hyperscale clouds appeal to attackers like banks attract robbers.

After all, the Microsofts, Amazon Web Services and Googles of the world are increasingly where the users and data are. The bet by customers and the industry on big clouds is that in the arms race between attackers and defenders, the risks of putting all the data under only a few vendors' control can be outweighed by the high-quality people and processes the hyperscale vendors will be able to afford.

The latest data points on the question come from the Microsoft Security Intelligence Report (SIR) released on Thursday. Version 22 of the somewhat sporadic report has an increased focus on cloud, and Microsoft comes right out and admits the obvious point that its cloud makes an appealing target.

"Consumer and Enterprise Microsoft accounts are a tempting target for attackers, and the frequency and sophistication of attacks on cloud-based accounts are accelerating," Microsoft's report states.

Just how attractive is made clear in the report, which relies on telemetry data from various Microsoft products and services, such as its monthly scanning of 400 billion e-mails for phishing and malware, processing of 450 billion authentications, and executing of more than 18 billion Web page checks.

[Click on image for larger view.] Outbound attacks detected by the Azure Security Center in Q1 of 2017. (Source: Microsoft)

"The Identity Security and Protection team has seen a 300 percent increase in user accounts attacked over the past year," the report notes in language indicating that it is referring to successful attacks.

No matter how effective Microsoft's defenses are, the report contends that enterprise and end user security practices need to improve. "A large majority of these compromises are the result of weak, guessable passwords and poor password management, followed by targeted phishing attacks and breaches of third-party services," the report states.

Attacks are flooding in from bad sectors of the Internet. "The number of Microsoft account sign-ins attempted from malicious IP addresses has increased by 44 percent from 1Q16 to 1Q17," according to the report.

The report does not break out specific numbers, only percentages. It also doesn't quantify how many successful attacks and unsuccessful attempts were aimed at business versus consumer accounts in the Microsoft cloud.

In addition to targeting the digital assets or identities of targeted accounts, a portion of the attacks involve something Microsoft has referred to in previous editions of its SIR as "cloud service weaponization." That involves attackers compromising accounts in order to take over Azure-based virtual machines, which can then be redirected to other nefarious purposes, similar in concept to botnets.

According to Microsoft Azure Security Center data cited in the report, the three most common types of outbound attack traffic that compromised Azure-based virtual machines attempt to send are communications with malicious IPs, RDP brute force and spam.

On the other side of the ledger, Microsoft's report details various Microsoft products and services that can help customers and end users combat attackers, such as Windows Hello for Business, Credential Guard, Microsoft Azure Active Directory Identity Protection and Azure Multi-Factor Authentication.

Posted by Scott Bekker on August 18, 2017 at 11:45 AM0 comments

Kaseya Traverse 9.5 Set for September Release

The next version of Kaseya's Traverse tool will feature an enhanced visualization interface, more powerful automation profiles, and new remote control integration for the network monitoring and management platform for managed service providers (MSPs) and mid-market IT departments.

Kaseya unveiled Traverse version 9.5 on Tuesday. Currently in the final release candidate stage, the new version is expected to reach general availability at the beginning of September. It will follow the previous release, 9.4, by about 10 months.

Network visualization is not new to Traverse 9.5, but it's greatly enhanced, says Kaseya Chief Product Officer Mike Puglia. "We've really taken it to the next level. I call it network topology on steroids," Puglia says of the feature, called Panorama 2.0. "Not only do you have a visualization of what your infrastructure looks like, you can see it, you can hover over and see where something is broken."

[Click on image for larger view.] The Panorama 2.0 functionality in Kaseya Traverse 9.5 will allow new admins to quickly visualize and drill into problem areas of the network. (Image source: Kaseya)

The interface of Panorama 2.0 may not be a huge deal for an experienced network technician who knows what to do with a simple list of alarms, Puglia says. The interface improvements are really aimed at newer network admins. "For the less-experienced infrastructure folks, a picture is worth 10,000 words. Seeing is a lot faster. Network topology is interesting, but being able to manipulate it and click around it empowers IT administrators," he says.

Written in HTML 5, Panorama 2.0 is fully functional for admins on their iOS and Android devices.

Another feature set that is ratcheted up in version 9.5 is the use of best practices through Automation Profiles. Traverse previously had best practices-related features, but new capabilities are designed to dramatically reduce the time it takes MSPs to onboard new customers. Through the use of faceted search options (think online shopping checkboxes on the left-hand side of the screen that allow you to sort products by price, brand, et cetera) and other capabilities, Automation Profiles are designed to automatically apply monitoring policies to devices during the discovery process.

MSP feedback led Kaseya to add "If Then Else" capabilities to the Automation Profiles in Traverse 9.5, Puglia says.

"A lot of people want to tweak the best practices based on their experience, especially in the MSP world because they all try to differentiate themselves by the expertise that they have," Puglia says. As an example, Puglia offered: "If a service crashes on a Windows Server, automatically I'm going to monitor these services because that's what I like to do in my environment. No. 2 if it does crash, I want a snapshot -- what was happening at the time, not an hour later. Restart the service, but I'm going to automatically start monitoring these five other services because they're suddenly important to me."

The other headline feature of Traverse 9.5 is the integration of Kaseya Live Connect, which is Kaseya's tool allowing admins to remotely view and control a system for troubleshooting.

Posted by Scott Bekker on August 08, 2017 at 10:18 AM0 comments

Trouble in Detachable Tablet Land?

Now that Apple is out with its earnings, IDC has the critical iPad data necessary to refresh its assessment of the worldwide quarterly tablet market.

The short version is a decline in quarter-over-quarter tablet shipments of 3.4 percent. Total units shipped for the second calendar quarter of 2017 were 37.9 million.

One interesting aside in the report is some bad news for the detachable tablets subsegment, which IDC says was "once touted as the savior of the [tablet] market." Detachables would be the category pioneered by the Microsoft Surface, and later joined by the iPad Pro.

Without offering specific numbers in its Thursday news release discussing the results, IDC said detachable tablet shipments declined.

"There's been a resetting of expectations for detachables as competing convertible notebooks offered a convincing and familiar computing experience for many," said Jitesh Ubrani, senior research analyst with IDC's Worldwide Quarterly Mobile Device Trackers, in a statement. "To date, the 2-in-1 market was bifurcated as Apple and Microsoft led with detachables while the PC vendors led with convertibles. Though that is slowly changing as smartphone vendors and traditional PC vendors begin to offer compelling alternatives, the pace has been rather slow as Surface and iPad Pro still dominate shelf space and mindshare."

Posted by Scott Bekker on August 03, 2017 at 8:47 AM0 comments

Microsoft 365 Business Hits Public Preview

Microsoft's net new licensing package for small businesses, called Microsoft 365 Business, is now in public preview.

Microsoft CEO Satya Nadella unveiled Microsoft 365 last month at the Microsoft Inspire partner conference in Washington, D.C., as a combination of key parts of Office 365, Windows 10 and Enterprise Mobility + Security (EMS).

"Microsoft 365 Business is the coming together of all of these products in a very compelling offer and package for every small business, every medium-sized business to have the same tools, the same sophistication that any large business has," Nadella said during his Inspire keynote.

An enterprise version, Microsoft 365 Enterprise, is an evolution of Secure Productive Enterprise, which was already available in E3 and E5 SKUs, and is supposed to be generally available (GA) this quarter.

As a completely new bundle, Microsoft 365 Business is only entering the public preview stage on Wednesday. Microsoft currently says a fully supported version will be available by the end of the year.

For now, the preview is free, although Microsoft recommends that customers hire a partner to deploy the solution. At GA, Microsoft 365 Business will cost $20 per user, compared to the $12.50 per user charge for Office 365 Business Premium. Like Office 365 Business Premium, Microsoft 365 Business includes Microsoft Office, 1TB of file storage, a 50GB mailbox, online meetings, Microsoft Teams, and business applications including Outlook Customer Manager, Bookings and MileIQ.

The $7.50/user/month premium for the release version of Microsoft 365 Business will get organizations Windows 10 Pro upgrade rights for users with Windows 7 or Windows 8.1, as well as Windows Defender and other security features and device management features, such as a single console to manage user and device settings, self-service PC deployment, and automatic deployment of Office apps to Windows 10 PCs.

Organizations that are currently paying for Office 365 will need to continue to pay the subscription while using the public preview, Microsoft said in a FAQ.

Microsoft 365 Business is meant for organizations with no full-time IT staff, no Active Directory domain controllers and fewer than 300 users. The FAQ states that customers using on-premises Active Directory "must switch to cloud identity and management as part of their deployment."

Posted by Scott Bekker on August 02, 2017 at 1:26 PM0 comments

Bounties Boosted for Busting Windows

Microsoft, an industry foot-dragger to bug bounties, seems satisfied with the results of the programs over the last few years.

The company has been offering financial rewards for the white hats who find security flaws in its products since 2012, with sporadic increases in bounty amounts and products covered, as well as occasional pop-up opportunities to find problems in select software, such as technical previews, before a specific deadline.

This week, Microsoft again expanded the scope of the products involved, and also bumped potential awards for bounties related to Hyper-V.

"In the spirit of maintaining a high security bar in Windows, we're launching the Windows Bounty Program on July 26, 2017," the company stated Tuesday in a blog post from the Microsoft Security Response Center team. "This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We're also bumping up the pay-out range for the Hyper-V Bounty Program."

That payout range for bugs discovered in Hyper-V is now fairly large. Microsoft will pay $5,000 to $250,000 for Hyper-V bugs that meet certain criteria on the Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server Insider Preview platforms.

Outside of Hyper-V, a new base program for bugs found in the Windows Insider Preview can pay between $500 and $15,000. Focus area programs offer the same pay range for the Microsoft Edge browser, $500 to $30,000 for Windows Defender Application Guard, and $500 to $200,000 for "Mitigation Bypass Bounty and Bounty for Defense" in Windows 10.

That last category consists of two separate bounties, maxxing out at $100,000 each, for the same issue. Essentially, Microsoft is asking individuals to submit a novel mitigation bypass against the up-to-date Windows platform, as well as a separate defense idea that would block the exploitation technique.

Beyond the bounty programs launched or updated this week, Microsoft also offers ongoing bounties for bugs reported in Microsoft .NET Core, ASP.NET Core and in Microsoft cloud services. Those programs currently top out at $15,000.

The payouts are adding up. According to a bounty hunters honor roll that Microsoft maintains, the company has paid out over $1.5 million in bounties to date. The list includes three payouts of $100,000 bounties under the mitigation bypass category, and a $125,000 bounty for a mitigation bypass that was shared among three researchers.

Details about Microsoft Bounty Programs are available here.

Posted by Scott Bekker on July 27, 2017 at 12:10 PM0 comments

Gartner to Office 365 Partners: Go Vertical and Enhance Teams, Graph, Cortana and Power BI

Microsoft recently posted the full text of a lengthy report on Office 365 by independent analysts at Gartner. In it, Gartner's Craig Roth, Joe Mariano, Michael Woodbridge and Steve Crawford analyze Office 365 for strengths, weaknesses, opportunities and threats (SWOT).

The whole report is worth reading for a lot of insights on the technology, market forces and usage trends. Of special note to the Microsoft channel are the lengthy sections on the Office 365 partner and ISV ecosystems. After leveling criticism at Microsoft's previous approaches, including direct sales under the Business Productivity Online Suite (BPOS) and the syndication program, Gartner repeatedly lauds Microsoft's Cloud Solution Provider (CSP) approach as a solid strategy and notes that 20,000 partners have signed up as CSPs.

For now, Gartner notes that the migration market is booming. Yet the analysts warn that growth, while still in double digits, has settled down considerably. Those partners looking for the next wave of opportunity and attention need to go vertical or align with strategic technologies being surfaced in Office 365, the analysts say.

Key quote:

To succeed, channel partners will need to create differentiation by industry focus or some other specialty, and bundle this differentiation in the form of value-added services for Office 365 and other Microsoft cloud services. There will be ample migration, training, change management, integration and other opportunities as large enterprises move from on-premises Exchange to the cloud. And new ways of working will present plenty of lucrative opportunities for nontechnical change management: helping organizations shift how they create content, communicate and collaborate.

The analysts also suggest that ISVs and other Microsoft partners are likely to get noticed in a crowded field by developing applications and solutions that highlight strategically important technologies within Office 365: "Attaching to emergent portions of the suite (such as Teams, Microsoft Graph, Cortana and Power BI) becomes doubly compelling."

Posted by Scott Bekker on July 25, 2017 at 12:25 PM0 comments

Microsoft Launches Partner Program To Protect Utilities

As evidence mounts that attackers are probing critical infrastructure worldwide, Microsoft is spinning up a new partner program for securing utility customers' operations through modernization.

Larry Cochrane, Azure Principal Program Manager, Energy, unveiled the Azure Certified Elite Partner Program for Cyber Analytics in Power and Utilities this month in a Microsoft blog. That post cited a flurry of recent attacks affecting the utilities industry, including devastating take-downs of the power grid in Ukraine, the WannaCry ransomware and a recent targeting of U.S. power firms, including the Wolf Creek nuclear facility in Kansas.

"Microsoft is deeply aware of the importance of cybersecurity for companies supporting the electric grid and is committed to helping partners and customers secure their nations' most critical of critical infrastructure," Cochrane wrote.

The program hinges on the Operations Management Suite (OMS), which is Microsoft's Software as a Service IT management platform for cloud and on-premises systems, and this new group of elite systems integrator partners with OMS deployment expertise. Starting in the United States with plans to expand worldwide, Microsoft aims to seed utility participation by covering the initial costs for deploying and running the Azure-based OMS, and will also include a limited Azure subscription to help with training, development and expediting projects.

The platform will be able to collect data from Windows agents, Linux agents, System Center Operations Manager, various Azure resources, Office 365 and custom logs. In response to an e-mailed question, Cochrane confirmed that the data sources go "way beyond just Microsoft systems," and noted that the platform offers several ways to capture data about the SCADA systems that are often targets in industrial attacks.

In addition to the management capabilities, another important component is anti-malware software built into OMS and extended for the utility solution.

"Initially this Azure Certified Elite Partner Program is all about securing our nation's power system," Cochrane said in the e-mail interview. "Utilities may potentially get immediate value about threat actors and malware that might be present in their networks."

Longer-term, Cochrane said he hopes the program will cause utility customers to see the value of OMS and sign up. "The power and utilities industry is undergoing the most fundamental change since its inception, driven in part by renewables and digital transformation," he said.

Posted by Scott Bekker on July 24, 2017 at 4:58 PM0 comments

Nachtrab Named CEO at eFolder

Five months after joining eFolder as chief strategy officer, LabTech founder Matt Nachtrab is now the MSP-focused company's CEO.

Kevin Hoffman, who has been CEO/CTO of eFolder for 10 years, is changing his title at the Denver-based private company to founder and CTO.

"Matt and I complement each other well," Hoffman said in a statement Thursday introducing Nachtrab as CEO. "We both share a passion for this channel community, our partners, our employees, and delivering exceptional, game changing products. This partnership with Matt allows me to focus on delivering the next wave of innovation and product excellence that will propel the company to new heights, allowing our partners to thrive in a changing IT services landscape."

Nachtrab, who was serving both as chief strategy officer and chief revenue officer prior to being elevated to CEO, started a Toledo, Ohio-based MSP called Nemsys in 1999 and then founded the remote monitoring and management (RMM) company LabTech Software in 2007, which he later sold to ConnectWise.

eFolder currently has 200 employees and 3,000 channel partners and a portfolio of products that includes Replibit for backup and disaster recovery; Anchor for file sync and sharing; and Cloudfinder for backup, search and eDiscovery of Office 365 and other SaaS services.

Posted by Scott Bekker on July 21, 2017 at 8:58 AM0 comments

Dun & Bradstreet Coming to Dynamics 365

A new partnership will make Dun & Bradstreet's rich business data available in Microsoft Dynamics 365 sometime later this year.

The deal could create the potential for Microsoft partners to offer more actionable business information in Dynamics 365 solutions for customers. It could also present the opportunity for partners to use the data themselves to develop new business.

Much like data being brought into Dynamics 365 from Microsoft's LinkedIn acquisition, Dun & Bradstreet is another source of information on customers and potential customers that could be available through Dynamics 365 that comes from a source outside of a business' own customer and prospect database.

The headliner of the three-pronged partnership announcement between Dun & Bradstreet and Microsoft on Wednesday was the element of the Microsoft customer win. Essentially, it's another one of those deals where a customer declares Microsoft as its strategic cloud provider. In this case, Dun & Bradstreet plans to put core applications and new services on Microsoft Azure and has announced its intention to use Microsoft intelligent cloud services to modernize its applications.

Of most potential interest to partners is a plan to bring elements of Dun & Bradstreet's global business database of 265 million business records into Dynamics 365. The companies say Dun & Bradstreet will leverage Microsoft's Common Data Service to integrate its D-U-N-S Number and core business data.

The data would supposedly help Dynamics 365 customers qualify sales leads and stay synchronized with Dun & Bradstreet's global business database.

"The opportunity for mutual customers to thrive with rich data when you combine Dynamics 365 and Dun & Bradstreet is incredible," said Judson Althoff, executive vice president of Microsoft's Worldwide Commercial Business, in a statement.

A third part of the deal is a joint, co-sell arrangement between Microsoft and Dun & Bradstreet focused on Dynamics 365, Dun & Bradstreet business data and D&B Hoovers. The companies billed that U.S. arrangement as offering Dun & Bradstreet sellers incremental opportunities to sell Dynamics 365, along with incremental Azure consumption for Microsoft.

Pricing, potential incentives for Microsoft partners and availability of the data to Microsoft partners for internal use were not part of the initial announcement.

Posted by Scott Bekker on July 20, 2017 at 11:56 AM0 comments

Watson To Run the Microsoft U.S. SMC Business

A big part of the major sales and marketing reorganization at Microsoft earlier this month involved splitting the business into an enterprise operating unit (EOU) and a small medium and corporate (SMC) customers unit.

For years there was an Enterprise & Partner Group (EPG) and a Small and Midsize Solutions & Partners (SMS&P) organization. Broadly speaking, enterprise customers were handled through EPG, while corporate account managed (CAM), corporate territory managed (CTM) and SMB & Distribution (SMB&D) customers went through SMS&P. Now enterprise and CAM accounts are being moved up into the vertically organized EOU, and the rest are heading into SMC.

As details emerge, it looks like the new worldwide structure will be reflected in the U.S. subsidiary, as well, with a One Commercial Partner organization at both the worldwide level and in the U.S. subsidiary, and the SMC also having a counterpart in the United States.

Longtime Microsoft partners will have a familiar face running the SMC business in the United States. Corporate Vice President Allison Watson, a former long-serving leader of the Microsoft Worldwide Partner Group who has been running Marketing and Operations for the U.S. subsidiary, will, according to a Microsoft spokesperson, "expand her responsibilities to also lead the US SMC business."

The spokesperson also confirmed previous RCP reporting on the U.S. organization that another former Microsoft worldwide channel chief, Phil Sorgen, is corporate vice president for Enterprise-Commercial in the U.S. subsidiary, and that Corporate Vice President David Willis is leading the U.S. One Commercial Partner organization.

All of those U.S.-based executives will have a new boss on Sept. 8. Microsoft announced earlier this week that Kate Johnson, currently the chief commercial officer and executive vice president of GE Digital, will be the corporate vice president of Microsoft's U.S. operations. Earlier organizational charts had Jean-Philippe Courtois, executive vice president and president of Microsoft Global Sales, Marketing and Operations, serving as acting president of Microsoft's U.S. subsidiary in lieu of a U.S. boss.

Posted by Scott Bekker on July 19, 2017 at 2:56 PM0 comments

Microsoft Inspire 2017: The Twitter Recap

  • Complete Microsoft Inspire 2017 coverage here.

RCP Editor in Chief Scott Bekker upheld his yearly tradition this week of live-Tweeting his way through Microsoft's annual partner conference. Here are the highlights from this year's keynotes:

Presiding over the kickoff presentation was Ron Huddleston, head of Microsoft's One Commercial Partner business, which was created just this year. Huddleston shared Microsoft's vision for the new unit.

Up next was Microsoft CEO Satya Nadella, who began with a sweeping overview of Microsoft's focus areas for the next year.

Nadella also announced the new Microsoft 365 solution, which had undergone two previous name changes.

Microsoft marketing executive Alysa Taylor took the stage to demo new Dynamics 365 apps, including a just-released sales solution that's integrated with LinkedIn.

Nadella also shared more details about the long-awaited Azure Stack, which is now in the preorder stage.

Brad Smith, Microsoft's chief legal officer, discussed Microsoft's place in today's era of nation-state attacks.

Smith noted that 90 percent of all security attacks start with an e-mail.

He also urged partners to wean their customers from the 16-year-old Windows XP for clear security reasons.

In discussing the rise of state-sponsored security and privacy incursions, Smith advocated for a "digital Geneva Convention" and made Microsoft's stance clear.

Gavriella Schuster, head of the Microsoft Worldwide Partner Group, followed Smith onstage and described Microsoft's reasoning behind its recent sales reorg.

She then shared the top partner questions that Microsoft hopes to answer with the restructuring.

Microsoft provided some Microsoft Partner Network (MPN) stats:

Some key themes emerged over the week.

And finally:

Posted by Scott Bekker on July 14, 2017 at 6:29 AM0 comments

Partner-Facing Roles Shuffled in Microsoft Reorg

The leadership of the six-month-old One Commercial Partner (OCP) organization at Microsoft got a minor shuffle when the company's entire sales and marketing organization underwent major upheavals at the beginning of July.

Some of the biggest changes to Microsoft's global partner organization took effect well before the recent reorg. In January of this year, Executive Vice President of the Worldwide Commercial Business Judson Althoff named Ron Huddleston corporate vice president of a new OCP organization that at the time folded in the Worldwide Partner Group (WPG) run by Gavriella Schuster, the Enterprise Partner team led by Victor Morales and the ISV Partner Business Evangelist/Go-To-Market team led by Kim Akers.

Akers, however, moved in mid-May to the role of Readiness lead, reporting to Althoff in the Worldwide Commercial Business, leaving Huddleston with an open spot on ISV.

Rather than a straight ISV replacement, Huddleston chose to create a combined systems integrator/ISV role, and named Corporate Vice President Michael Angiulo to that post this month. Reporting to Angiulo are Morales, Alex Payne and Bob Maher.

Of the OCP's three newly defined core functions -- Build-With, Go-To-Market and Sell-With -- Huddleston says Angiulo's team will qualify as Build-With, which includes partner management, recruiting and business development.

In an interview this week at the Microsoft Inspire partner conference, Huddleston said Angiulo's marketplace-building experience at Microsoft was an important reason he was chosen for the role. "He has experience with setting up ecosystems at Microsoft, where he started the ecosystems from scratch for Vista, Surface Hub and a couple others. We're bringing him on board to take all of his Microsoft knowledge and apply it to those two different organizations -- ISVs and SIs," said Huddleston, adding, "He has really strong leadership at his directs level. Really, really strong."

Huddleston said the ISVs and SIs share elements of their selling motions and combining their management in one organization could also drive partner-to-partner cooperation. "Those two partner types spend a lot of time co-selling. The connection between that and what we're doing on the co-sell side and with solution maps is really critical," Huddleston said.

A position for a Go-To-Market Lead remains open on Huddleston's immediate leadership team. Other members of Huddleston's team include Schuster, corporate vice president of Worldwide Channels & Programs (Microsoft's worldwide channel chief); Larry Orecklin, vice president of OCP Field and Operations (a key "Sell-With" role); Joel Borellis, general manager of Technical; Gavin Orleow, Strategy and Planning Lead; and Chief of Staff Todd Nelmes.

Meanwhile, the major July reorganization brought significant changes to the U.S. organization, as well, shifting some high-profile partner executives into different roles.

An organizational chart viewed by RCP showed Jean-Philippe Courtois, executive vice president and president of Microsoft Global Sales, Marketing and Operations, serving for now as acting president of Microsoft's U.S. subsidiary. The chart showed that direct reports to Courtois in the U.S. organization included David Willis leading U.S. OCP, Phil Sorgen running Enterprise-Commercial, Allison Watson leading Marketing and Operations, and Gail Thomas leading Enterprise-Public Sector. Sorgen and Watson are both former Microsoft worldwide channel chiefs.

Posted by Scott Bekker on July 14, 2017 at 2:55 PM0 comments

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.