With Lawsuit, Microsoft Goes After 'Sophisticated' COVID-19 Cyberattack

With the help of federal courts, Microsoft is seizing domains to try to slow a "sophisticated, new phishing scheme" that is employing pandemic-related messaging against customers in 62 countries.

Microsoft published a blog about the effort on Tuesday, the same day that the U.S. District Court for the Eastern District of Virginia unsealed documents from Microsoft's lawsuit.

"Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals' infrastructure so that it can no longer be used to execute cyberattacks," said Tom Burt, Microsoft corporate vice president for customer security and trust, in the blog post.

The Microsoft Digital Crimes Unit first got wind of the malicious activity, which it classifies as a business e-mail compromise attack, in December, although at that time the attack's messaging did not incorporate COVID-19 themes.

Back then, Microsoft had employed technical measures to block the attacks. Without saying so explicitly, Burt's blog implies that criminals ramped up their effort as they realized that worldwide concerns over COVID-19 could lower individual executives' routine wariness of suspicious messages and attachments.

"In cases where criminals suddenly and massively scale their activity and move quickly to adapt their techniques to evade Microsoft's built-in defensive mechanisms, additional measures such as the legal action filed in this case are necessary," Burt wrote.

Users clicking on an attachment or a link in what Microsoft is calling a sophisticated new phishing attack would be prompted to grant the attacker a number of dangerous permissions. (Source: Microsoft)

Like most phishing attacks, there were several parts to this attack. The cybercriminals designed phishing e-mails to look like they originated internally. Subject lines and message body text involved pandemic-related financial concerns. A key element of this attack was malicious links, such as an apparent Office attachment with a filename like "COVID-19 Bonus."

Clicking on the deceptive link led to a prompt from a malicious Web application asking the user to grant various permissions. As shown in a consent screen included in the Microsoft blog, the user could be allowing the attacker to access data, read contacts, read mail, view OneNote notebooks, send mail and get full file access.

The attack differs from simpler phishing attacks, which might send users to a sign-in screen, where they would be prompted to enter a user name and password to access the file or follow the link, and where small mistakes or inconsistencies in the interface might give users clues not to click any further.

Burt said the civil case allowed Microsoft to "proactively disable key domains that are part of the criminals' malicious infrastructure."

Microsoft also recommended that organizations protect themselves by enabling two-factor authentication on e-mail accounts, reviewing how to spot phishing schemes, enabling security alerts about links and files from suspicious Web sites and checking e-mail forwarding rules for suspicious activity.

Posted by Scott Bekker on July 07, 2020 at 1:01 PM0 comments

Menlo Security Detects Use in the Wild of Old Office Flaw

Researchers at Menlo Security on Tuesday documented newly discovered attacks in the wild leveraging an old flaw in Microsoft Office -- underscoring once again the importance of applying older patches.

Microsoft first patched the vulnerability, CVE-2017-11182, in late 2017. The flaw is in the Equation Editor of Microsoft Office, which allows users to embed mathematical equations or formulas inside Office documents.

A small number of attacks turned up in Menlo Security's regular operations over a two-week period in late May and early June. The company offers cloud proxy with isolation, executing browsing and documents in its remote browsing solution to prevent active content from hitting a customers' endpoints.

Menlo detected three different attacks against five companies, all using the Equation Editor flaw but each attempting to deliver a different Remote Access Trojan. None of the attacks, which were found in Hong Kong and in North America and involved real estate, entertainment and banking targets, went out to more than two employees at a single company.

"We think that it was targeted and it was targeting very few important individuals," said Vinay Pidathala, director of security research at Menlo Security, in an interview. "We believe they did the reconnaissance and they targeted the individuals."

The finding reinforces and amplifies the advice from the CISA and the FBI last month listing the 10 vulnerabilities most routinely exploited by "foreign cyber actors." CVE-2017-11882 was high on that list. In fact, the FBI singled out the Equation Editor flaw as a favorite of state-sponsored attackers.

"Of the top 10, the three vulnerabilities used most frequently across state-sponsored cyber actors from China, Iran, North Korea, and Russia are CVE-2017-11882, CVE-2017-0199, and CVE-2012-0158. All three of these vulnerabilities are related to Microsoft's OLE technology," the CISA/FBI alert noted.

The agencies then called on the private sector to patch the threats to help with U.S. network security. "A concerted campaign to patch these vulnerabilities would introduce friction into foreign adversaries' operational tradecraft and force them to develop or acquire exploits that are more costly and less widely effective."

On a separate trend, Pidathala noted that the three specific attacks all hosted their payloads on SaaS platforms, including Microsoft OneDrive.

"As enterprises are moving to the cloud, they're adopting cloud storage solutions like Box, Dropbox and OneDrive. By posting their malware on these websites, [attackers] are able to make it more believable. Also, a lot of security appliances might whitelist or might not inspect traffic that comes from OneDrive, because it's a trusted source. So by hosting their weaponized payloads on these popular platforms, they're able to get by," Pidathala said.

For more detail on the attack and the RATs involved, visit Pidathala's blog post here.

Posted by Scott Bekker on June 30, 2020 at 11:03 AM0 comments

Microsoft Commits $73 Million To Support Black and African American-Owned Partners

As part of a broad racial justice initiative involving several hundred million dollars, Microsoft is committing $73 million to support Black and African American-owned partners in the United States.

Microsoft CEO Satya Nadella shared details of the initiative this week in a blog entry called "Addressing Racial Injustice," and said senior Microsoft executives and board members have been evaluating options over the last few weeks. The blog is Nadella's second on racial justice since the death of George Floyd in Minneapolis sparked mass protests against police violence.

"Today, we are making commitments to address racial injustice and inequity for the Black and African American community in the United States. We will additionally take important steps to address the needs of other communities, including the Hispanic and Latinx community, across the company in the next five years," Nadella wrote Tuesday.

For partners, Nadella committed to boosting the number of Black and African American-owned partner companies in the United States.

"We know how important partners are to the growth of our business. We look forward to investing to increase the number of Black- and African American-owned partners in our US partner community by 20 percent over the next three years," Nadella said.

Three pools of money are being set aside to accomplish that goal, Nadella said.

For startup partners, a new $50 million partner fund will be created to help provide access to capital. The loans will be provided through the startup phase and "be recovered over time as their business grows."

Existing and new partners will have access to $20 million in financing to support cash flow needs. Recent research across the economy has shown the fund to be addressing a need. A working paper from the Stanford Institute for Economic Policy Research found that African-American small businesses were the hardest-hit by coronavirus-related social distancing restrictions and demand shifts. While the study found a 22 percent drop in business owners from February to April 2020, the damage was much worse within the African-American community.

"African-American businesses were hit especially hard experiencing a 41 percent drop. Latinx business owners fell by 32 percent, and Asian business owners dropped by 26 percent," report author Robert Fairlie wrote.

Although Nadella's post did not lay out details for the Latinx community, the same Stanford report noted that Latinx business owners fell by 32 percent.

Microsoft also committed to an additional $3 million "in training programs covering financial management, tech solutions, and go-to-market readiness," Nadella said.

The partner funding is a small part of Microsoft's overall program.

A very large bucket of money is going into an initiative that will help Microsoft partners who are also Microsoft suppliers. Microsoft plans to double the number of Black- and African American-owned approved suppliers over the next three years. The effort will be supported with an incremental $500 million in spending with those existing and new suppliers, Nadella said. "We will also encourage Black and African American representation progress in our top 100 suppliers, which account for over 50 percent of our indirect spend, by requesting annual disclosure of their diversity profile information (e.g., workforce diversity, goals) that we will incorporate into our RFP evaluations," he said.

The company is adding $150 million to its diversity and inclusion spending with a goal of doubling the number of Black and African American people managers, senior individual contributors and senior leaders in the United States by 2025. Microsoft and other tech giants have been getting criticism lately for slow progress on diversification despite high-profile PR announcements in recent years.

As part of an effort to support Black- and African American-owned financial institutions, Microsoft is also creating a $100 million program to invest with Minority Owned Depository Institutions (MDIs). The company also is creating a $50 million investment fund focused on supporting Black- and African American-owned small businesses across the economy, in addition to the partner-focused funding.

Posted by Scott Bekker on June 24, 2020 at 4:42 PM0 comments

Survey Documents MSP Struggles with COVID-19

A major new survey of managed service providers (MSPs) finds that revenues are down, customers are struggling to pay their bills and interest in mergers and acquisitions is flagging in the midst of COVID-19's twin health and economic crises.

IT Glue, an IT documentation provider for IT professionals and MSPs, released results of the survey on Monday. Originally fielded in February with 1,500 participants, IT Glue conducted a follow-up survey in May to gauge sentiment after the effects of the pandemic had begun to hit the United States, which is home to about three-quarters of the respondents. That follow-up survey had about 500 respondents.

"The pandemic has created an unprecedented landscape for all businesses," said Nadir Merchant, general manager of IT Glue, which was acquired by MSP powerhouse Kaseya in December 2018.

At a high level, the report described the effect of COVID-19 on MSPs' business this way: "We know that the work from home scramble in March was replaced by a slowdown in April. In our follow-up survey, we found that around half of MSPs saw their monthly revenue decrease as the result of the coronavirus shut down, though some MSPs reported an increase in revenue as well."

In other words, MSPs that felt the slowdown in business definitely weren't alone. The specific number reporting monthly revenue decreases was 51 percent.

A chart from IT Glue's survey report shows how drastically MSPs' priorities have changed between February and March of this year. (Source: "2020 Global MSP Benchmark Report: A Pre and Post COVID Analysis," IT Glue)

A slowdown in pay, or customers being outright unable to pay, also showed up in the follow-up survey. Some 29 percent of MSPs reported seeing their accounts receivable increase. A few MSPs reported that their accounts receivable impact increased by 50 percent or more. Just under 40 percent said their accounts receivable was flat. A surprising 23 percent had their accounts receivable impact decline, the survey found.

As MSPs deal with pandemic-related issues, interest in mergers and acquisitions has taken a big hit. Having done this survey for three years, IT Glue noted a major shift in the number of firms that expressed "no interest" in M&A. "While this figure has been steadily rising, the pandemic has marked the most profound shift in M&A sentiment in the MSP space," the report stated.

In the February run of the survey, 48 percent of respondents were not considering acquiring or merging with another MSP. By May, that figured had soared to 63 percent.

That's the buy side. On the sell side, sentiment is even more heavily anti-M&A. In February, 73 percent were not looking to sell. By May, that figure was 85 percent.

There were also major change in the challenges that MSPs considered important from February to May.

Cybersecurity threats, already a major concern for MSPs, approximately doubled from 27 percent to more than 50 percent. Customer churn also went way up as a concern. Going the other way were concerns about challenges related to lack of time, difficulty hiring good employees and changing technologies.

Meanwhile, 74 percent of respondent MSPs in May saw the potential for a renewed lockdown in the fall as a major challenge.

Posted by Scott Bekker on June 15, 2020 at 11:43 AM0 comments

Under Pressure, Microsoft Steps Further From Facial Recognition for Police

Microsoft President Brad Smith said Thursday that the artificial intelligence platform powerhouse won't be selling facial recognition technology to U.S. police departments until there is a national law in place that is "grounded in human rights."

Smith's statement comes after IBM and Amazon both took similar positions in the wake of worldwide protests against police brutality and racism in policing sparked by the death of George Floyd. Those moves by Microsoft's AI peers led critics to call on Microsoft this week to take public steps, as well.

Speaking in a live interview with Washington Post columnist David Ignatius on Thursday, Smith emphasized that Microsoft already was not selling facial recognition technology to police, but suggested the company would also use its influence to push for Congressional legislation.

"We've decided that we will not sell face recognition technology to police departments in the United States until we have a national law in place grounded in human rights that will govern this technology," Smith said. "If all of the responsible companies in the country  cede this market to those that are not prepared to take a stand, we won't necessarily serve the national interest or the lives of the black and African American people of this nation well."

In a letter to Congress Monday, IBM CEO Arvind Krishna said IBM was getting out of the business of general purpose facial recognition or analysis software.

"IBM no longer offers general purpose IBM facial recognition or analysis software. IBM firmly opposes and will not condone uses of any technology, including facial recognition technology offered by other vendors, for mass surveillance, racial profiling, violations of basic human rights and freedoms, or any purpose which is not consistent with our values and Principles of Trust and Transparency. We believe now is the time to begin a national dialogue on whether and how facial recognition technology should be employed by domestic law enforcement agencies," Krishna wrote.

In a statement on Wednesday, Amazon declared a one-year moratorium on police use of its Rekognition platform for facial recognition. "We've advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested," the Amazon statement read.

A day after calling on Microsoft to speak out, Electronic Frontier Foundation (EFF) Policy Analyst Matthew Guariglia, updated his post to call Microsoft's Thursday announcement a good step. "But," he continued, Microsoft must permanently end its sale of this dangerous technology to police departments."

Here's a longer transcript of Smith's comments to the Washington Post:

We have been focused on this issue for two years and we have been taking a principled stand and advocating not only for ourselves but for the tech sector and under the law a principled stand for the country and for the world.

As a result of the principles that we put in place, we do not sell facial recognition technology to police departments in the United States today.

But I do think this is a moment in time that really calls on us to listen more, to learn more, and most importantly, to do more. Given that, we've decided that we will not sell face recognition technology to police departments in the United States until we have a national law in place grounded in human rights that will govern this technology.

We'll also put in place some additional review factors so that we're looking at other potential uses of this technology that go even beyond what we already have for other potential scenarios.

The number one point that I would really underscore is this. We need to use this moment to pursue a strong national law to govern facial recognition that is grounded in the protection of human rights.

I think it is important to see what IBM has done. I think it is important to recognize what Amazon has done. It is obviously similar to what we are doing. But if all of the responsible companies in the country  cede this market to those that are not prepared to take a stand, we won't necessarily serve the national interest or the lives of the black and African American people of this nation well.

We need Congress to act, not just tech companies alone. That is the only way that we will guarantee that we will protect the lives of people."

Posted by Scott Bekker on June 11, 2020 at 5:03 PM0 comments

Vectra AI Offers a Security Assist to Microsoft Defender ATP and Azure Sentinel

Vectra AI, a surging security company applying artificial intelligence to network-based intrusion detection, on Tuesday unveiled strategic integrations with Microsoft's core security technologies.

The eight-year-old, San Jose, Calif.-based Vectra attracted $100 million in a Series E funding round last June in part due to growing interest in its approach to network threat detection and response (NDR).

Vectra's Cognito platform uses artificial intelligence to help identify attacks coming over the network and over the cloud and deploys easy-to-understand scoring and charting to help professionals in a security operations center (SOC) prioritize the most critical threats and respond to them quickly or automatically based on user-defined rules.

The company is going to market through partnerships with major security players, emphasizing a Gartner-published concept known as the "SOC visibility triad." In Vectra's implementation, the triad consists of the company's own NDR tool for network and cloud visibility, combined and integrated with other vendors' endpoint detection and response (EDR) tools and with partners' security information and event management (SIEM) tools.

In theory, the triad would cast a wider, more comprehensive net for potential attacks while dramatically reducing the signal-to-noise problem with security alerts. Current Vectra partners for other legs of the triad include CrowdStrike, Carbon Black, Cybereason, SentinelOne, ArcSight, IBM, Chronicle and Splunk.

The news on Tuesday is not Vectra's first foray into Microsoft technologies. In February, Vectra launched Cognito Detect for Office 365, which used detection models focused on credentials and privilege in SaaS applications to stop attacks.

But the Tuesday announcement involves working with Microsoft to bring the SOC visibility triad effort to the Microsoft stack. In triad terms, Vectra is the NDR piece, and as of Tuesday, it is integrated with Microsoft Defender Advanced Threat Protection (ATP) for the EDR piece and with Azure Sentinel for the SIEM piece.

The Defender ATP integrations with Vectra combine the cloud/datacenter detections with Microsoft's process-level context from the endpoint, and allow for the isolation or disabling of compromised systems. On the Sentinel side, Vectra created custom workbooks in Azure Sentinel that bring elements of their dashboard into Microsoft's cloud SIEM product.

By working with those two strategic components of the Microsoft security mix, Vectra also on Tuesday joined the Microsoft Intelligent Security Association (MISA), a group of more than 80 members with deep programmatic hooks into a dozen Microsoft security technologies or products. In addition to Defender ATP and Azure Sentinel, the MISA-related technologies include Azure Active Directory, Azure Information Protection, Microsoft Endpoint Manager, Microsoft Graph Security API, Microsoft Cloud App Security, Azure Security Center, Azure Security Center for IoT Security, DMARC reporting for Microsoft 365, Windows antimalware platform and Azure DDOS Protection.

Posted by Scott Bekker on June 09, 2020 at 12:07 PM0 comments

Could the Economic Crisis Accelerate 5G Adoption?

Recent technology spending (and economic forecasts in general) for 2020 have been bleak.

But couched in IDC's latest forecast for smartphone spending is an interesting side effect, the current pandemic-induced economic crisis could mean 5G technology arrives faster than previous forecast models indicated.

First, the predictable near-term bad news for anyone in the business of smartphone shipments. IDC predicts a 2020 year-over-year decline in smartphone shipments of nearly 12% to 1.2 billion units. That's a drop in the forecast from earlier this year as a supply-side problem due to the supply chain shutting down as China fought to contain the coronavirus morphed into a demand-side problem due to economic effects as the pandemic spread around the world.

Now IDC is looking for 5G technology to lead the way back to smartphone growth in 2021.

"On the brighter side, 5G is expected to be a catalyst throughout the forecast period, which will play a vital role in worldwide smartphone market recovery in 2021," Sangeetika Srivastava, senior research analyst with IDC, said in a statement.

Another IDC analyst, Ryan Reith, laid out IDC's case for a 5G surge. "The surge in consumer spending around devices that are less mobile than smartphones (PCs, monitors, video game consoles, etc.) will undoubtedly take a share of the consumer wallet that would have been put towards smartphone upgrades and 5G. We believe this will result in even more aggressively priced 5G smartphones than expected prior to the pandemic. This could result in some share wins for the vendors that position their portfolios to capitalize on this change," Reith said.

If this scenario plays out, the industry could  bypass the usual cycle of a price premium on a hot new feature that slows down initial adoption. In short, cheaper 5G phones could mean 5G technology in more hands sooner than originally expected.

Posted by Scott Bekker on June 03, 2020 at 9:21 AM0 comments

Study: Hourly Cost of Application Downtime Nearly $68K

A new study puts the hourly cost of downtime for high-priority applications at $67,651 per hour.

The survey of 1,550 business leaders and IT decision makers in 22 countries was conducted earlier this year on behalf of data management specialist Veeam Software.

One question asked respondents to estimate their downtime costs per hour for high-priority applications and for normal applications. The cost for normal applications came to $61,642. Although in our all-data-all-the-time world, the amount of applications that respondents rated as high-priority was a whopping 51 percent.

Alongside those costs, the survey also tried to nail down the prevalence of data outages and reached some high numbers on that front as well. Nearly all organizations (95 percent) reported unexpected downtime, with one server in 10 having at least one outage per year.

When it comes to time, the average outage is 117 minutes, just a few minutes short of two hours.

As a company specializing in cloud-focused and virtualization-centric methods for backing up data and moving around workloads on the fly, Veeam posed a number of questions about where organizations were in their journey to having their business continuity infrastructure modernized.

For the purpose of the survey, Veeam defined legacy as tools designed to back up on-premises file shares and applications. The survey found that 40 percent of organizations were relying on legacy systems to protect their data.

Asked to pick defining aspects of a modern data management solution, respondents put Disaster Recovery as a Service (DRaaS) first. DRaaS was followed in descending order by the ability to move workloads from on-premises to cloud, the ability to move workloads from one cloud to another and the ability to automate recovery workflows/orchestration.

Lack of staff and lack of budget each counted as inhibitors to new initiatives for about 40 percent of respondents.

As for the factors that would drive organizations to change their primary backup solution, respondents most often cited the ability to improve the reliability of backups (39 percent) and reduced software or hardware costs (38 percent).

About two in five respondents reported that they planned to leverage cloud-based backup managed by a backup-as-a-service provider within the next two years.

Posted by Scott Bekker on June 02, 2020 at 8:52 AM0 comments

Microsoft Contest To Pit Security Machine Learning Models Against Each Other

It's time to let the security machine learning (ML) models punch it out.

Microsoft on Monday unveiled an ML contest to run later this summer that will pit security defenders against attackers. With the "Machine Learning Security Evasion Competition," Microsoft is hoping to engage both ML researchers and security professionals to develop cutting edge machine learning models related to security.

The idea builds on a contest held last summer at DEF CON 27, where contestants attacked a white box containing static malware ML models.

For its part, Microsoft, along with partners CUJO AI, VMRay and MRG Effitas, will run a two-stage contest with ML playing a part in each stage. First comes a Defender Challenge running from June 15 through July 23. Participants must provide novel countermeasures that will be judged based on their ability to detect real-world malware without triggering too many false positives.

A few weeks later is an Attacker Challenge. Unlike the DEF CON competition, the Attacker Challenge will be a black-box model. Attackers will have API access to hosted antimalware models, including models developed in the Defender Challenge. That part of the competition will go from Aug. 6 to Sept. 18.

Winners of each challenge will get $2,500 in Azure credits with a runner up earning $500 in Azure credits.

By combining defense and attack and bringing together different groups of experts, Microsoft hopes to improve the maturity of machine learning in security and make security professionals more aware of the potential, and threat, of machine learning.

"One desired outcome of this competition is to encourage ML researchers who have experience in evading image recognition systems, for example, to be introduced to a threat model common to information security," Hyrum Anderson, principal architect for Enterprise Protection and Detection wrote in an entry on the Microsoft Security Research Center blog. "Concurrently, security practitioners can gain deeper insights into what it means to secure ML systems in the context of a domain they are already know."

Posted by Scott Bekker on June 01, 2020 at 3:49 PM0 comments

Microsoft Teams: In a Sign of Maturity, Another Vendor Joins the Migration Party

Successful Microsoft products tend to follow a certain path. There's the splashy introduction, followed by a rapid adoption gold rush, where Microsoft and its partners work flat out to enable deployments at unparalleled scale.

In the middle stages of that gold rush, even as most of the focus is on onboarding new seats, second-order problems start to emerge. One of the biggest of those second-order problems is that some early adopter customers need to migrate their deployment for various reasons, such as mergers and acquisition.

That's where we are with Microsoft Teams -- Microsoft's three-year-old collaboration platform. With a huge assist from the global shift with coronavirus to working from home, Teams daily active users (DAU) has soared to 75 million, as of April, and Microsoft claimed more than 200 million meeting participants in a single day in April.

ShareGate, a Montreal-based company with a decade of experience in SharePoint migrations and other Microsoft cloud tools, jumped into the mix this week.

Benjamin Niaulin, who runs strategy and roadmap for all ShareGate products as head of product, this week announced the addition of a Microsoft Teams migration feature to ShareGate Desktop in the 13.0 version of the company's migration tool.

The tool allows organizations to migrate teams to a new tenant in a process that includes retaining conversation history, channels, team settings and files.

The problem was getting significant attention from vendors well before the current remote work surge.

In May 2018, Teams was about a year old and many companies were uncertain where the tool would fit with Microsoft's many collaboration technologies, including SharePoint, Yammer and Office 365 Groups. AvePoint Inc. took the new tool seriously enough to add support for migrating Teams from one tenant to another in its FLY tool for cloud and SharePoint migrations.

In July 2019, as Teams was getting some traction with around 13 million DAU, BitTitan introduced Teams migration capabilities by folding the functionality into its MigrationWiz product for broader Office 365 migrations.

As demand for Teams was building last November, a time when Microsoft claimed about 20 million DAU, Quest Software was also addressing the issue of Teams migrations. The company updated its Quest On Demand Migration tool that added Microsoft Teams migration support to tenant migration support for Exchange, OneDrive and SharePoint.

Following the usual Microsoft product rollout playbook, there is plenty that Microsoft still needs to do to make migration a more seamless transition, even with third-party tools and community-created PowerShell scripts. In a November post, Mike Campbell, a senior solutions architect with Perficient, discussed some of the common gaps in the Teams migration experience, mostly due to underlying limitations in Microsoft's APIs.

"Teams provides the integration glue that holds together so much collaborative goodness, but the result is a complex Teams Tenant migration story," Campbell wrote. "The nature of Teams integrations and extension means that there are likely to be gaps in the migration experience for the foreseeable future, especially for extensively used Teams that take advantage of a full range of Teams capabilities. That's understandable, but we should also collectively encourage Microsoft to provide better tenant portability for the core Teams workloads."

(Editor's Note: This article was updated on June 3 to include AvePoint Inc.'s support for Teams migrations.)

Posted by Scott Bekker on May 29, 2020 at 6:36 PM0 comments

Microsoft Gives Azure Lighthouse MSP Tool Some Attention

Azure Lighthouse, Microsoft's most ambitious managed service provider tooling effort in years, is now sporting important new features and integrations with Microsoft's main partner portal.

Microsoft released Azure Lighthouse last July during the Microsoft Inspire partner conference. It represents a way for MSPs to manage Microsoft Azure tenants for many customers using technology that provides visibility and control to both the partner and the customer. Azure Lighthouse is free for partners to use on top of their existing Azure subscriptions.

Microsoft Azure Chief Technology Officer Mark Russinovich provided an update on Azure Lighthouse progress in a blog post in the wake of Build, Microsoft's biggest annual conference for developers.

Without getting into specific numbers, Russinovich hinted at adoption momentum behind Lighthouse and emphasized the scalability of the platform. "Thousands of partners and enterprises use Azure Lighthouse to manage services across Azure tenants, representing tens of thousands of subscriptions and more than one million Azure resources from Azure Resource Manager -- a unified control plane," Russinovich said.

Early adopters of Azure Lighthouse from the July 2019 launch included DXC Technology, Nordcloud, Rackspace, Sentia, Dynatrace, Ingram Micro and Veeam. In his post, Russinovich highlighted new partners, including ClearDATA, Yorktel and Vandis.

Azure Lighthouse is primarily about Azure delegated resource management. It's designed to overcome many of the challenges from one of the Azure management methods MSPs have needed to use in the past -- having the customer create accounts on their Azure tenant for the partner to use to manage that tenant. With Azure Lighthouse, the partner uses their own Azure account to manage the customers' Azure tenants. With the system designed for multi-tenant management by partners from the start, both customers and their partners have more visibility and control over what the other can see and do.

Other than management at scale, benefits for Microsoft partners include being able to view and manage all their customers' tenants from one interface, the ability to support multiple licensing models and the protection of their intellectual property. That last point results from the way Azure Lighthouse allows the partner to run their proprietary automation scripts from their own tenant. With other management methods, partners would have to run their proprietary scripts from within the customers' tenants, putting that IP out of partners' control and making it harder to safeguard.

Russinovich summarized a series of updates to Azure Lighthouse that Microsoft has been rolling out over the last few months.

Among the most significant is the ability for partners to monitor the status of backup jobs across their customer base. One element is Backup Explorer, an Azure Monitor Workbook for single pane-of-glass monitoring of an entire Azure backup estate. Backup Explorer went into preview in February, and one of the key use cases is for MSPs running Azure Lighthouse to monitor multiple tenants. Similarly, new Azure Backup reports also support Azure Lighthouse. These additions add backup monitoring to the compliance and security monitoring that partners can already perform for customers from within Azure Lighthouse.

Another recent capability allows service providers with Azure Lighthouse to use Azure Monitor Logs across their customer tenants to trigger notification and onboarding workflows for their teams.

As part of Microsoft's broad effort to transition more of its partner functionality to the central portal of Microsoft Partner Center, certain Azure Lighthouse functionality is being swept up in that migration. For MSPs who want to use the Azure Marketplace to create either public or private Azure Lighthouse offers for customers, they now draft and publish those from within Partner Center. Previously they needed to create the offers from the separate Cloud Partner Portal.

Among other changes and improvements, Azure Lighthouse is now a FEDRAMP High certified service, the help and support experiences have been improved and customers have more self-service options.

Recognizing that few customers are entirely in the cloud, Microsoft is also starting to explore ways to help MSPs extend Azure Lighthouse for hybrid management.

"Many MSP partners rely on Azure Lighthouse, and now Azure Arc, to achieve a unified management solution in these advanced scenarios. MSPs can extend their service offerings to manage their customers' on-premises environments through Azure Resource Manager, managing resources at scale and governing compliance using Azure policy," Russinovich said.

Russinovich promised more Azure Lighthouse-related detail would come out of Inspire 2020 in July.

Posted by Scott Bekker on May 27, 2020 at 8:58 PM0 comments

Microsoft Build: 10 Interesting Technologies Hitting GA

The Microsoft Build conference was virtual this year, but many of the product and platform revelations coming out of the show were concrete.

Let's look at 10 interesting technologies that hit general availability (or at least got GA timeframes) at the developer-centric event that kicked off on Tuesday.

1. Project Cortex
While Build was filled with mostly small bore announcements, one of the larger ones was Project Cortex. Billed as the first new service in Microsoft 365 since the launch of Microsoft Teams, Project Cortex involves applying artificial intelligence to the Microsoft Graph. The new service is intended to surface knowledge and information from within the apps that workers use daily. While still in private preview, Project Cortex makes this GA list because general availability has now been promised for "early summer."

2. Azure Spatial Anchors
Graduating from preview to GA are Azure Spatial Anchors. Developers can use the anchors for mixed-reality apps that "map, persist and share 3D content," according to a Microsoft description. Intended for gaming, social networking, networking, manufacturing and retail, Azure Spatial Anchors are designed to share persisting 3-D content for HoloLens, iOS and Android devices.

3. IoT Hub Support for Virtual Networks
IoT Hub is Microsoft's cloud gateway for collecting telemetry data from IoT devices. What's becoming generally available is virtual network (VNET) support. That way customers can set up a more secure connection through Azure VNETs that they own.

4. Azure Kubernetes Service (AKS) Support
Microsoft's capabilities for orchestrating and managing containers matured considerably at Build with a handful of announcements involving GA of support around AKS. For one, AKS now supports Windows Server containers, allowing Windows and Linux applications to run within a single AKS cluster. AKS also newly supports private clusters and best-practice recommendations on performance, availability and security.

5. Responsible ML Workflow Documentation Capabilities
Not exactly a technology, but heavily intertwined with and informed by one, is some documentation capability for developers. A major theme out of Microsoft the last few years has been socially responsible use of emerging technologies. In line with that effort are new workflow documentation capabilities being made available to customers shortly after Build. The capabilities to enforce accountability cover Azure Machine Learning.

6. Azure Peering Service
This enterprise-focused networking service involving Microsoft partnerships with telecoms and carriers allows companies that are heavy users of Office 365, Dynamics 365 and Azure to ensure more reliable and higher-performance public connectivity and optimal routing.

7. Bookings App in Teams
The Bookings app allows scheduling, managing and conducting business-to-consumer meetings. Microsoft announced the integration of the app into Teams in March, and Build marks its general availability. Microsoft says the Bookings app in Teams allows organizations to consolidate management of meetings for multiple departments in one scheduling tool.

8. Azure Secure Score API
An API for the Azure Secure Score service is generally available for those who might want to incorporate the security benchmarking/snapshot tool into other applications. The API covers the enhanced version of Secure Score, which is still in preview. The new version is designed to be more meaningful to users and to group the scores and recommendations by their associated attack surfaces.

9. Windows Terminal
I guess this Microsoft statement qualifies as general availability: "The Windows Terminal is now out of preview and stable for enterprise use." Windows Terminal is an open source project available from the Microsoft Store and designed for command-line tool users. Power users can run things like Command Prompt, PowerShell and WSL from an interface with tabs, panes, custom themes and a GPU-accelerated text rendering engine.

10. Azure Cosmos DB Autoscale Provisioned Throughput
Like Project Cortex, this is another one that's not quite ready, but that makes the list because Microsoft is now talking about a GA date, in this case summer. Azure Cosmos DB autoscale provisioned throughput, a mouthful that Microsoft used to call "autopilot," handles planning and management of throughput capacity. Microsoft says it's suited for large, unpredictable workloads.

Posted by Scott Bekker on May 19, 2020 at 3:30 PM0 comments