Defending Ukraine: Microsoft share conclusions of their cyber-attacks’ defensives against Russian attacks

As Russia continues its attack on Ukraine, Microsoft has taken some of the lessons they have learnt from their cyber attack defensive assistance of Ukraine at the start of the war and have now shared their insights with the world to learn from.

In a recent blog post on Microsoft’s “Microsoft on the Issues” site, Brad Smith, Microsoft VP and Chairman, shared highlights of the re-occurring themes around how the war in Ukraine follows a similar yet updated parallel to other historical battles but with a modern cyber focussed offensive now a huge part of the war-plan.

In this most recent blog, Brad Smith discussed the three-part strategy Microsoft has discovered and observed during their early defense assistance of Ukraine. He calls out “destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

The wider report goes into detail around how Microsoft’s are continuing their efforts in assisting in the defense of technological targets in Ukraine as well as the continuous evolving strategy Microsoft is pushing to further help harden businesses, institutions, governments, and nations against future cyber-attacks.

The Russian military poured across the Ukrainian border on February 24, 2022, with a combination of troops, tanks, aircraft, and cruise missiles. But the first shots were in fact fired hours before when the calendar still said February 23. They involved a cyberweapon called “Foxblade” that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.

Brad Smith | Vice President | Microsoft

Conclusions and how to defend against state nation attacks

Microsoft say that to defend against similar state-nation coordinated attacks you first need to understand the approach, what has worked and what needs to be done to allow other state nations and countries to better protect against cyber warfare. The conclusions of the report (which you can read in depth here), highlights the following:

  1. Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
  2. Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
  3. As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
  4. In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts. Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
  5. Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

The Wider Comprehensive Report

Cyber warfare Ukraine Image

Finally, Brad Smith references the extensive comprehensive report “Defending Ukraine: Early Lessons from the Cyber War” that Microsoft have also recently published which can be read and downloaded here.

Cisco Live 2022: Cisco Catalyst Management is coming to the Meraki cloud

At Cisco Live 2022 this week, Cisco annouced that Catalyst is coming to the Meraki cloud which put simply means that organisations will now be able to manage their Catalyst switches and access points using the Cisco Meraki cloud dashboard, providing a centralised view of the network with real-time switch status and health.

Image (c) Cisco Meraki

Supported platforms

At time of launch, the Catalyst 9200, 9300 and 9500 switching platforms will be supported in the Meraki dashboard with two different options:

  • Cloud Monitoring (monitoring only)
  • Cloud Management (monitoring and config management)

Licensing

  • Monitored Catalyst switches needs only a Meraki license.
  • Fully managed Catalyst switches requires DNA Advantage (DNA-A) or DNA Essentials (DNA-E) licensing.

The main difference between the two switching licenses is that DNA-E will not include application visibility or client usage data.

Is this the end to DNA Center?

Put simply, No. What Cisco is doing is providing more flexibility and options to their customers. It will mean, however that organisations will need to make a choice as to where that want to manage their Cisco Catalyst infrastructure. In Meraki, in DNA Center, or standalone.

Once a Catalyst switch is fully managed by Meraki it will no longer be an IOS device and will instead run Cisco Meraki software. If the Catalyst switch is a monitored only switch though, it will still be accessible and manageable via the CLI.

New Catalyst Wireless Switches

Cisco also annouced that they are introducing three new Catalyst wireless access points that can be managed by their Meraki dashboard or a C9800 controller.

  • Catalyst CW9166
  • Catalyst CW9164
  • Catalyst CW9162

Feature Partity with DNA Center?

No.. Well not initially anyway.

Since this is the first iteration of Catalyst management within the Meraki Cloud dashboard, there will not be feature parity with what is possible with the CLI or DNA Center. Initially all the core basic basic monitoring and configuration will be available and Cisco have a said a feature list and roadmap will be published soon.

Why are Cisco taking this approach?

Cisco have traditionally been continuing to build on-premises software solutions, such as DNA Center, but with their increased focus of software subscriptions and cloud this is a logical move and something their competition have been doing for a while.

Since the aquisition of Meraki back in 2013, Cisco have continued to try to provided multiple options for their customers and this appears to eb a great move into that hybrid space, providing and option for scenarios where DNA Center maybe too much or complex, but a more simplistic cloud managed approach with a Meraki may well fit organisations who want cloud management with Meraki while still having the feature-rich capabilities of the Catalyst product set.

Getting Started…

Cisco advise their customers to speak to their account manager, work with their trusted a isco partner and / or to check out their get started guide. There’s no need to go full in and organisations can start their move cloud management for Catalyst at their own pace.


Read the full detail from Cisco

Microsoft Viva Sales: Aims to provide seamless integration from any CRM into Office 365 and Teams.

With the annoucement the Viva Sales platform, Microsoft aims to help organisations harness the power of their existing CRM platform and seamless expose this within and across Microsoft Teams and Office 365 without third party apps, plug-ins, or data exchange tools. Microsoft’s goal is a native, common and familiar experience regardless of an organisations choice of CRM system.

Viva Sales will connect customer data across from any CRM into Teams and Office.
Image: (c) Microsoft

This approach is not unique to Microsoft. Salesforce’s acquisition of Slack last year was in part to enable them to ramp up their communications tools for sales teams. Microsoft, however, is not looking to compete directly with Salesforce or any specific CRM vendor. Microsoft’s goal here is more around “filling gaps” left behind by legacy and traditional CRM systems that done provides the “smarts” that systems like Salesforce and Dynamics 365 provide for example.

In the official announcement of Viva Sales, Microsoft said:

We definitely think people benefit from a CRM system, the difficulty is, a lot of what’s happening between a customer and a salesperson is actually never recorded in the CRM system, because it’s just too tedious.”.

Jared Spataro | Corporate VP for Microsoft 365

What does Viva Sales do?

Due for release in Q4 2022, Viva Sales will allow sales and marketing teams to automatically synchronise data between any, and all, of their communications applications such as Microsoft Teams and Outlook, and their CRM system which does not have to be Dynamics 365 either. This is like the Salesforce’s Sales Cloud and Slack integration, and what Microsoft have done natively with Dynamics 365 and Teams.

In their official blog, Microsoft describe Viva Sales as a intelligent service which enables sellers to capture insights from across Microsoft 365 and Teams, eliminate manual data entry, and receive AI-driven recommendations and reminders – while staying in the flow of work. Viva Sales promises to streamline the seller experience by surfacing the insights with the right context within tools people already use, without them needed to dip in and out of their CRM therefore saving time and ensuring that the CRM becomes part fo the core workflow without compromise on the productivity tools the teams use across the wider organisation.

Microsoft say that Viva Sales will work with any CRM to automate data entry and brings AI-powered intelligence to sellers in Microsoft 365 and Microsoft Teams.

The key benefit for organisations using Viva Sales is that is that Viva is already (naturally) integrated with Microsoft Teams and Outlook which are used and adopted.

The launch of Viva Sales isn’t just about sales however. What!!!?, Well, Microsoft has a much broader vision with Viva to provide a layer of intelligence across its entire Office 365 suite and Teams. This strategy is demonstrated by the incredible reach and integration available through the Microsoft Graph – a major part of strategy for moving beyond the underlying enterprise resource planning tools and more towards the type of workflow play displayed and respected by the likes of ServiceNow.

A Change of Approach

This approach is a strategic shift for Microsoft. In the past, Microsoft’s go-to-market strategy was to require their customers to choose their products such as Teams and Dynamics 365 over the say WebEx, Zoom and then Salesforce or HubSpot. With Viva Sales, this is now about choosing what products work for you and then leveraging the intelligence services through Viva and the Microsoft Graph to bridge them together and provide data intelligence on top.

“The most significant thing about this announcement is we are saying … choose whatever you want to choose — what we actually think will be most valuable over time will be the layer of intelligence that binds it all together.”.

Microsoft

Microsoft have compared the enterprise software industry to that of a city, where it is built from the ground up. For example, If Azure, AWS and GCP are the city’s foundations, then SaaS applications and workflow are its roads and buildings.

“People will keep putting money into sewers and roads and stuff like that,” he said, “but a lot more money goes into the hardware put on top.”

What do you think?

What do you think of the announcement? Is this a good move for Microsoft or are sellers better off just working in their native CRM?




Like what you read, why not subscribe?

Microsoft ends support for their once-dominant web browser Internet Explorer.

Today (June 15th 2022), what was once the “king of the web browsers” has officially retired after 27 years, marking the end of an era. As of now Internet Explorer is officially “end of life”.

Bill Gates and Microsoft Internet Explorer Logo
Bill Gates – Showcases Internet Explorer (c)

Microsoft Internet Explorer was released in 1995 and quickly became the dominant browser, almost instantly wiping out the previous dominant player Netscape. Internet Explorer was the dominant web-browser for more than a decade as it was bundled with the Windows operating system (similar to how Edge is today) that came pre-installed on billions of computers.

What does “End-of-life” mean?

In short, just that – it’s dead. Officially, “End of life” refers to the point in time when an application is no longer supported by the software company that makes it. In this case, Microsoft’s end of life for Internet Explorer means continued use of the browser after today is still allowed, but Microsoft will no longer update it, patch it or support it if something goes wrong.

This is important since new computer viruses, malware, and ransomware attacks are developed daily, and the web-browser is a major window into many of the apps that employees, customers, consumers use every day. Users should therefore stop using Internet Explorer use their modern Chromium-based Edge browser (or other 3rd party choice) since no more security updates will be provided by Microsoft as of now.

It has been a while coming

This has been a while coming, ever since Internet Explorer’s market share continued to be dominated by Google Chrome and others and Microsoft announced, and launched it’s new Edge Browser which built on the open source Chromium framework which Google uses within it’s Chrome browser.

Microsoft had already ended support for Internet Explorer for their Teams web app back in 2020, shortly followed by removing support across their other key web apps and services including OneDrive, Dynamnics, PowerApps, Outlook and Office from August 2021.

“Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10,”

Microsoft

Microsoft will continue to be supported in very few situations including with customers running the Windows 10 long term services branch (ltsb).

The Future is Edge

Microsoft Edge, was released in 2015 and was upgraded in 2019 to include the Chromium open-source code which Microsoft is now a major contributor along side Google and others. The move was done to compete with more popular browsers like Google Chrome, which has (and still does in part) dominated the market.

Microsoft Edge is a modern open-source browser and offers improved compatibility, streamlined productivity, and hugely better browser security.

As new apps and software products are released onto the market by other companies, old software versions can’t keep up. Microsoft Edge Chromium-based browser can now support a wider variety of platforms, which makes it more useful for the modern era. IE 11, in comparison, held limitations preventing it from updating alongside newer technologies.

What about legacy web apps and sites?

For older websites and services, Microsoft Edge provides a built-in “Internet Explorer mode”, making the use of using older web browsers like Internet Explorer unnecessary.

Microsoft recognise that many larger organisations “may have a surprisingly large set of legacy Internet Explorer-based websites and apps, built up over many years.” As such Microsoft have promised to support legacy web apps via it’s Internet Explorer mode until at least 2029, which gives web developers 8 full years to modernise their legacy apps and eventually remove the need for IE mode.

Legacy Support and Help is available

Users shifting from Internet Explorer to Edge can easily transition their passwords, favourite websites, and other browsing data from to Edge.

Microsoft recommends that any organisation that still has concerns or needs to support Internet Explorer (and therefore need legacy support) do the following.


Like what you read? Feel free to subscribe

Microsoft to acquire cyber intelligence research expert Miburo

Microsoft continues its huge investment and expansion of their leading cyber security, threat analysis and response solutions with the acquisition of Milburo, a world leader in foreign threat analysis and research detection services.

They announced via their security blog site that they have entered into an agreement to acquire Milburo, who will be ‘assimilated’ so to speak into Microsoft’s Customer Security and Trust organisation.

Microsoft will leverage Milburo portfolio to help bolster their current threat detection platforms while also expanding their abilities to counter new cyber threats and state sanctioned information operations and attacks. Miburo’s mission statement is to “protect democracies and the free information environment from malign influence and extremism.”

“Working in close collaboration with the Microsoft Threat Intelligence Center, our Threat Context Analysis team, our data scientists and others, the new analysts from Miburo will enable Microsoft to expand its threat detection and analysis capabilities to address new cyber-attacks and shed light on the ways in which foreign actors use information operations in conjunction with other cyber-attacks to achieve their objectives. Miburo has become a leading expert in identification of foreign information operations.”

Tom Burt |Microsoft

The public announcement arrives just a month after Microsoft acknowledged its role in combating many state-sanctioned cyber-attacks and disinformation campaigns aimed at Ukraine by Russia.

Microsoft 365 Admin Center now lets admins report on Windows & Office Update compliance

Microsoft Security Logo

Microsoft has unveiled a new “software updates” dashboard in the Microsoft 365 admin center that enables IT to get a simple, unified overview of the installation status of Windows and Microsoft 365 app updates across all their devices. This is currently in preview.

Software update tab in Admin Centre

“Keeping devices current with the latest security updates is an important part of an IT admin’s role. The software updates page in the health section of the Microsoft 365 admin center provides a high-level summary view that informs you of devices that may be behind on taking the latest updates released by Microsoft. “

Microsoft

The software updates page now has a new tab that shows Windows update status and end of service statistics. These charts provide information about all the Windows devices running unsupported versions of the Windows as well as those that reaching the end of support.

There is a separate tab which provides update status for Microsoft 365 Apps.


This new dashboard currently only provides update status for Microsoft 365 apps and the core Windows OS, but they plan to expand this in the future to cover critical on premises servers such as Exchange.

There is currently no ability to drill down into the non compliant devices. To do this you need to head the Security pane or Microsoft Endpoint Manager but I suspect this will be linked by the time it comes out of preview.

You can read the full blog here.

Windows Autopatch is now available for public preview

Microsoft Autopatch

Windows Autopatch, a service to automatically keep Windows and Microsoft 365 up to date in enterprise organisations, has now reached public preview. When officially released (GA), it will be included Microsoft commercial customers with a Windows Enterprise E3 license or higher.


In short, Windows Autopatch automatically allows organisation to shift the management and deployment of Windows 10, Windows 11 and Microsoft 365 Apps including quality and feature updates, drivers, firmware to Microsoft.

What’s the purpose?

Essentially this aims to take the nightmare out of the age-old “patch Tuesday” and promises to be a great time saver for IT admins. With Autopatch, IT can continue to use their existing tools and processes for managing and deploying updates to devices OR can look to phase in or replace this in entirety and with this new “hands off” approach and let Windows Autopatch take care of security, driver and firmware updates.

“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations. By joining the public preview, you’ll be able to get comfortable with Windows Autopatch and ready your organisation to take advantage of the service at scale”.

Lior Bela | Senior Product Marketing Manager | Microsoft


The main purpose of Windows Autopatch is moving the update orchestration burden from the IT department to Microsoft. Once deployed, configured and tested, Autopatch should allow the entire effort around planning and managing the Windows Update process (sequencing and rollout) to be taken away from IT freeing up time and resources.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate,” Bela added.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate.”

Lior Bela | Senior Product Marketing Manager | Microsoft

How to enable Autopatch

Windows Autopatch devices must be managed by Microsoft Intune for this to work and Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

As you’d expect, there are a handful of steps needed to enable the preview and to enrol your Microsoft 365 tenant into the Windows Autopatch public preview:

  • Log on to Endpoint Manager as a Global Admin and navigate to the Windows Autopatch blade which is under the Tenant Administration menu – this will only be visible if you have the right licenses deployed.
  • Using an InPrivate browser window, redeem your Autopatch preview code
  • Run the readiness assessment, add the required admin contact, and add the devices you want to enrol in the service.
  • Tick the box, to allow Microsoft to manage updates on behalf of your organisation.
Allowing Microsoft to manage updates for your organisation

Microsoft provides regularly updated instructions on how to add devices to your test ring and how to resolve common errors such as “tenant not ready,” “device not ready” or “device not registered.”

Microsoft also provides detailed instructions (and video) on how to add devices to your test ring and how to resolve the status of “tenant not ready,” or a status of “device not ready” or “device not registered.”

https://youtu.be/gu4bpXYiAd8
Microsoft YouTube video on enabling Windows Autopatch

How Autopatch works

The Windows Autopatch service automatically splits your organisation’s device estate into four groups of devices described by Microsoft as “testing rings”.

  • Test Ring: Contains a minimum number of devices for test purposes
  • First Ring: Contains ~1% of all endpoints (think of this like the early adopter ring)
  • Fast Ring: Contains ~9% of devices
  • Broad Ring: Contains the rest of the devices.

The updates are deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period in which the system and IT can monitor device performance and compare it to pre-update metrics through End Point Analytics.

Autopatch rings. Image (c) Microsoft

Autopatch also features a nifty, feature called “Halt and Rollback” that block updates from being applied to higher test rings or rolled back automatically. This is key for critical dates or projects which may be impacted by updates or where quality errors are detected in the Test Ring updates.

What about Patch Tuesday and Critical Updates?

Microsoft will continue to deliver monthly security and quality updates for supported versions of the Windows on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date. These will be delivered by Autopatch also.

For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.

Any updates addressing a critical vulnerability, such as Zero Day threats, will be expedited by Windows Autopatch with a aim to patch all devices immediately.


Microsoft provides further info in the Windows Autopatch support documentation, including details on service eligibility, prerequisites, licensing and features.