Microsoft Word Introduces Automatic Document Summarisation with Copilot

Quicker, faster, easier is the goal with this new update for Microsoft Word and Copilot for Microsoft 365 users, which aims to make handling long documents much easier. The feature, known as automatic document summarisation, is now rolling out now to select users.

Auto Summarise in Word


Key Highlights include:-

  • Automatic Summaries: With this new feature, Copilot licensed users will receive an automatic summary at the top of their Word documents. This summary synthesises the most important information, allowing users to quickly grasp key points without reading the entire document.
  • Interactive Summaries. Users can expand the summary by clicking the “View more” button, copy it, or even start a new chat with Copilot to discuss the content further. After making edits, a new summary can be generated to reflect the latest changes.
  • Availability: The new feature is gradually rolling out to users with Copilot licenses on word for Windows (version 16.0.17928.20114 or newer), Mac (version 16.88, build 24081116 or newer), and the web. If you don’t see it yet, check back in a few days.


This new feature is part of Microsoft’s ongoing efforts to enhance productivity and make information processing more efficient. For more details, you can visit the official Microsoft 365 Insider blog.

Want to see this in action?

I’ve created a YouTube video that dives deeper into this feature and demonstrates how it works.

Be sure to check it out for a more detailed video  walkthrough!

Windows 11 24H2 Update will bring Quality, Performance, and AI updates

Image showing words Windows 11 24H2 Update

As we head into September, Microsoft is preparing to start the rollout of their annual Windows 11 feature update, this time focusing on the underlying platform and surface-level quality-of-life improvements and updates as well as some major updates to Windows on Arm (WoA). Windows 11 24H2 (also known as the 2024 Update) is a huge update in fact, including everything from performance increases across the board, UX changes and new AI (of course) features.

The Windows 11 2024 Update is packed with OS improvements and new features across the board, with special attention given to those running an ARM-based device this time around.

This update is a much bigger release than last years’ 2023 H2 update, due mainly to a vast number of underlying platform enhancements. There are improvements to Windows Update process, an updated and faster x86 emulation layer for Arm PCs (such as Copilot Plus PCs), and new AI features that will take advantage of newer devices which have a dedicated NPU (neural processing unit.).

On Copilot+ PCs, this Windows 11 release is also the first include features exclusive to this new category of Windows devices. This means if you don’t yet have a Copilot+ PC, then you miss out on certain features when upgrading to version 24H2, such as the controversial “Windows Recall” AI feature.

Windows 11 24H2 also promised to be much better for gamers, since it includes many new capabilities that utilise the high-performance hardware of Copilot+ PCs and new software optimisations. An example of innovation is the new emulation engine, Prism. It operates seamlessly, converting x86 or x64 code to Arm64 instructions when you launch an x86 or x64 application on an Arm-based Windows 11 device, all without requiring extra effort from developers.

Why is this important? Well, given that many of today’s games are written for x86 or x64, Prism unlocks a large back log of games that work great on Arm under emulation. While Windows on Arm has had emulation in the past, the performance improvements of Prism, along with automatic super resolution and the new Snapdragon® X Series processors together emerge as a game-changer.

So here is a summary of the key changes and updates you can expect in the Windows 24H2 update. Features in Bold are just for Copilot+ PCs.

Desktop and start menu

  • Phone Link is now integrated with the Start menu
  • Taskbar system tray layout has been further simplified
  • Quick Settings has been rebuilt to be faster and more customisable
  • Windows Spotlight image is now the default wallpaper setting
  • The Taskbar app preview thumbnails now have an animation
  • It’s now possible to set to HDR images as a desktop wallpaper

File menu

  • The File Explorer home tab now includes updated layout with shared documents.
  • Just like in Edge, you can now duplicate tabs by right clicking the tab.
  • The context menu layout has been updated with better labelling making it easier to use.
  • Added ability to create .7z and .TAR archive formats as well as ZIP files without the need for third party apps.
  • If you use Phone Link, you can view your Android phone’s file system directly in File Explorer

Native Apps

  • The new Outlook app for email, calendar, and contact is now included in the update (this will replace the mail and calendar app).
  • Photos now includes AI-enhanced generative erase and background editing.
  • The Copilot applet is now a standalone web app – meaning it can be resized and moved around like any other app.
  • Photos can now generate AI images based on user criteria (Copilot+ PC)
  • A new Recall app uses AI to capture everything you do and makes finding things easier (Copilot+ PC).
  • Paint now has built-in generative AI capabilities based on user drawn sketch (Copilot+ PC)

Settings and other stuff

  • Windows Update now supports checkpoints and hot patching for faster and less obtrusive updates.
  • New PRISM emulation layer makes x86 emulated apps run up to 2x faster and smoother on Arm meaning Arm-based devices.
  • New Voice Clarity feature uses AI to remove background noise picked up by your microphone in supported apps such as Teams.
  • Power settings for plugged/unplugged state can now be configured simultaneously just they could previously in “control panel”
  • Energy Saver mode replaces “battery saver” and now applies to laptops and desktop devices.
  • Devices with the new “Wi-Fi 7” hardware is now supported.
  • AutoSR uses AI to enhances the framerate and quality of games (Copilot+ PC)
  • Live Captions translate languages into English in real-time locally (Copilot+ PC).
  • Advanced Windows Studio Effects enhance your webcam with filters (Copilot+ PC) and some older ARM based PCs such as Surface Pro 9 5G.

Consumer and Gaming

  • Updates to x86/x64 emulation on Copilot+PCs and other ARM based devices brings significant (up to 2x) performance updates for games running under emulation – needed for games and apps that are not yet “native” ARM.

Availability and Rollout

The Windows 11 2024 Update process is rather unique in its rollout and availability this time round. Unlike previous versions of Windows 11, this release is rolling out in two distinct waves. Wave one is has essentially already shipped, but only on new Copilot+ PCs that launched on June 18. If you recently purchased a new Copilot+ PC running the Snapdragon X chipsets then you are already running Windows 11 version 24H2.

For the rest of the world, Windows 11 24H2 for “non-Copilot+ PCs” is expected to begin rolling out gradually from late September, which is when Windows 11 feature updates normally begin rolling out to users.

Windows Insiders get it earlier…

If you want to try out the Windows 11 2024 Update ahead of general availability on non-Copilot+ PCs, you can do so today by joining the Windows Insider Programme.

Exploring Microsoft Loop 2.0: The new goto tool for Collaborative work

Microsoft has recently unveiled Loop 2.0, a significant update that promises to enhance the way teams collaborate and work together. With a revamped UI and a host of new features, Loop 2.0 is set to streamline the user experience and integrate seamlessly with the Microsoft 365 suite.


Simplified User Interface

The new UI in Loop 2.0 is designed to be clean and simple, removing any unnecessary clutter and focusing on what’s important – your work. The navigation menu on the left side of the app has been reorganized, making it easier to access meeting notes, favorites, recent items, and more.

New Loop Interface

Enhanced Creation and Organization

A new Create button has been prominently placed at the top left, allowing users to quickly create workspaces or draft ideas from anywhere within the app.

Image (c) Microsoft.

Additionally, you can now add Loop Components, pages, or ideas to a workspace directly from the breadcrumb at the top, streamlining the process of organising your content.

Collaborative Meeting Notes

All Collaborative Meeting Notes from Microsoft Teams are now neatly organised under the Meeting Notes tab in Loop, providing a simple way to access all your meeting notes (these are nested for recurring meetings which is the killer feature for me).

This feature enables users to create pre-read notes or agenda items for upcoming meetings and to keep track of in meeting notes too within the new Loop experience…

Note: Today, notes generated by Intelligent Recap are not stored here.. I hope this will soon be added.

Favorites and Recent Tabs

The Favorites tab on the navigation bar provides quick access to your most important workspaces, while the Recent tab helps you find your latest Loop pages and components across Microsoft 365, including those created in Teams, Outlook, OneNote, and Whiteboard.

From Preview to Release

Loop 2.0 is now rolling out gradually to all commercial customers after being tested with organisations enrolled in the Technology Adoption Program (Tap). Microsoft say it is actively rolling it out.

This update is part of Microsoft’s broader effort to reduce sign-in prompts, redirects, and delays when accessing their online services, making for a smoother and more efficient user experience.


Microsoft to further enhance Hybrid Meeting Experiences supporting Multiple Cameras and Views in Teams Rooms.

Announced by Microsoft in their Teams Roadmap (Roadmap ID 402517), Microsoft Teams continues to innovate the way we connect and collaborate, both in-room and remotely. This latest feature (set to roll out in October 2024) is the Multiple Camera View for Teams Rooms on Windows (not yet announced for Android), which continually promises to revolutionise meeting experiences as the world continue to adapt to hybrid meetings.

A New Perspective on Collaboration

This new feature which will support the transmitting of up to four discrete USB camera feeds at once, breathe new life and create new deployment options to revolutionise the use of large(r) areas such as multi-purpose rooms and halls, classrooms, and executive boardrooms, enabling in-room users to switch between multiple video cameras from the console on Teams rooms on Windows.

Users using Microsoft Teams Rooms set up with multiple USB cameras attached to the MTR will see updated experience, in the form of a video select option on the Microsoft Teams rooms console. With this option, (when more than one video camera is attached to MTR), users will be able to switch between these cameras before and during a Teams meeting by selecting a camera from the list of available cameras.

Image (c) Microsoft.
Changing the Video Feeds in Teams Room Control Panel – Image (C) Microsoft.

This functionality aims to improve visibility and guarantees that remote attendees can smoothly keep up with the proceedings.

If the device does not have multiple USB cameras set up with Teams Rooms device in the conference rooms, there will be no difference in the experience.

Benefits for In-Room Participants

  • Increased Inclusivity – Allows hybrid / meetings to cover more, angles and areas within large meeting spaces.
  • Flexibility – Allows easy switching between multiple views during a meeting automatically or manually.
  • Control and Personalisation – In-room participants can toggle the multiple camera view on or off with a simple button press or choose the best view for them.

Advantages for Remote Participants

  • Inclusive Experience: Feel more connected to the in-room activities.
  • Customisable Views: Choose which camera feed to focus on at any time.
  • Engagement: Improved visibility can lead to better engagement and interaction.

Enabling or Disabling the Feature

This feature, when it becomes available, will need to be enabled and configured from the Teams Pro Management portal for each room.

This update is for Microsoft Teams Rooms for Windows only – there is no indication (if/when) this will be available for Teams Rooms on Android.

Conclusion

As we move towards a more hybrid work environment, features like the Multiple Camera View are essential in bridging the gap between physical and virtual meeting spaces, especially in larger meeting spaces.

Thanks for reading, welcome your feedback and stay tuned for more updates in this space.

Common Mistakes with Microsoft Copilot and How to Fix Them

Copilot is a super powerful tool but if you are not getting the results you expect, you might be “using it wrong”. This is based on my experience working with organisations large and small over the past year or so.

Momentum continues to increase and we are seeing more and more public case studies show casing the value of Copilot for Microsoft 365. These focus on the “huge” time savings and efficiency gains organisations such as Barnsley Council, Clifford Chance, and Hargreves Lansdown experienced and how it’s now a tool their employees would not be able to give up.

Getting to this stage is not as simple as just allocating a license and turning it on. The “view” of Copilot I see in many organisations, is very different and as such is so important organisations get off on the right foot with Copilot to ensure that their early experiences with Copilot go well, they understand and evaluate where and how it fits and also where it doesn’t (or doesnt yet).

It all starts with the right expections

It’s hardly suprising that expectations of what Copilot can achieve are high. It’s not that they shouldn’t be, but we need to remember that most of what we see online and in demos are staged, based on the “perfect use case”, data in the “right place” and with Copilot embedded across all your apps and services.

You need to make the cool aid before you can drink it.

There are two scenarios with Copilot which I commonly see.

First there are organisations that grab a handful of licenses, allocate them to a bunch of people and then expect Copilot to know everything about everything and do anything you can think of – setting themselves up for a fail or “less successful” trial.

Secondly, there are those that follow the general guidance shared by Microsoft and their Copilot partners, who build a pilot team, annonce the trial (and what they expect of the pilot users), train and educate their users and share feedback amongst the teams to ensure everyone learns from each other before they expand it to more people.

Whilst the second approach, almost always succeeds (assuming the pilot team are engaged and are open to sharing), I still find (in both scenarios) that part of the reason Copilot trials/pilots can fail quickly is that, in my experience, “people” try to go from zero to hero and rather than looking for many small gains, are trying to get Copilot do that one big thing that will totally change their workload and save them hours of manual effort per day or week.

I find this problem goes away in the main, where organisations are working either directly with Microsoft or via their Copilot Adoption Partner, since the specialists they work with have the time to work with the employees to not only coach them through how and what Copilot can do, but also where it (on its own) may not be the answer they are looking for.

So in short, I find that, many people are simply using Copilot wrong, misunderstand what it can and can’t do and then simoly give up on it and go back to what they did before.

It’s not Copilot it’s you!

In this blog, I am going to share the most common Copilot mistaken use cases that make people the most frustrated….and how to fix them….

1. Trying to use Copilot as an automation tool

This is very common. I often see people who have watched the Microsoft marketing videos (often sequence shortened) contour up an image in their mind that Copilot will solve all their business challenges. I see organisations map out end to end business processes they “would like” Copilot to solve for them that are, to be frank, sometimes outside of what Copilot is really designed to (or is able) to do.

Copilot is not an RPA (Robotic Process Automation) tool. Yes, it can do many many things for you – such as reviewing documents, summarising meetings and actions and creating other “things” from them such as summaries, presentations or new documents.

One of things I hear a lot (and experience) is often that Copilot doesn’t (or wont) do things in exactly the way I ask it to and it can be inconsistent if I ask the same thing twice.

This is true and it is one of the “behaviours” of Copilot (and other Generative AI tools like ChatGPT or Gemini). I do find the more specific I am, the more “similar” my responses from Copilot become, but it’s serves back to the point that Copilot is not designed to carry out multi-step activities with a fixed predetermined output. It is also not currently possible to schedule or trigger Copilot based on an event or other trigger. See Prompting.

Tip:
Understanding the value and use cases of where Copilot fits into the business process and workflow is key to getting the best results. There are many areas where Copilot will provide real business value (either as a first eye, second opinion, note taker, author or creator). Working with a Copilot specialist partner or building a team of them internally will help the rest of the business get used to working “with” Copilot as the “assistant” it is expecting to be.

2. Not understanding Copilot’s Grounding Capabilities

One of the most common pitfalls in adopting Copilot is overlooking its grounding capabilities and limitations. Grounding is the term that refers to the context of the data Copilot can access/will access to perform the request you pass it.

One of the unique values of Copilot for Microsoft 365 over “other” Generative AI experiences, is its deep-rooted access, context awareness and understanding of your business data [through the Microsoft Graph] to enhance its functionality and response. This means that, in short, you can ask Copilot about a particular file that someone shared or a meeting you had last tuesday and it will understand the context and content of that scenario and base it’s response around that. This is hugely value and one of the reasons it has so much value in the workplace. You can also point Copilot at specific content that is within your organisation (though these connected services) or via a URL – for example web content.

The limitation of this grounding is also it’s benefit, in that for Copilot to be able to interface with your data (or application services), that data needs to be connected to the Microsoft Graph through either a connector or plug-in. These are sometimes provided (at cost) by the third party provider or can be built by your devops team or your partner.

This is important because if your employees work off data that is stored primarily in a Document Management System (DMS) that is not connected to Microsoft 365, then Copilot will not have visibility over it or it’s data meaning that employees would need to manually copy and paste data from it, to Copilot in order for Copilot to do anything with it.

Tip:
When running your initial or later stage Copilot rollout, it’s important to ensure you understand where and how people work in different teams so that you know what data people work on and where it is stored.

This grounding process is key as it allows Copilot to build upon the foundation of previous work, such as project histories or meetings. To maximise Copilot’s potential, it’s important to ensure that relevant data is accessible (through connectors or plug-ins) within Microsoft 365 or stored / migrated to Microsoft 365 (OneDrive, SharePoint etc.). For Copilot to work on meetings, you also need to be using Teams and must ensure they are recorded and/or transcribed.

3. Over simplifying or over complicating Prompts

Another key to Copilot’s effective use is the quality of prompts provided. Unlike an AI powered smart speaker, Copilot can handle really complex and specific requests , allowing you to write up to 2,000 (soon to be 8,000) characters in its input boxes.

This means that prompts can well thought out, detailed and quote refined, leading to more specific and sophisticated responses. I have written other blogs on prompt perfection if you wish to read them.

That said, the key when adopting and getting to know Copilot is to encourage your people / teams to experiment with prompts, iterating them and and refining them to achieve the desired outcomes whilst rememering that the same prompt will rarely generate exactly the same answer.

Whilst simple prompts are often to vague, not specific enough and therefore may not yield the desired/expected results, prompts that are too complex can also be ambiguous, conflict or go “off topic” so getting the right balance is needed.

Tip:
Another way to get what you wanted it to make your prompt a conversation: Copilot support interative responses meaning that you can have a conversation with it. Writing the perfct prompt is not always easy to do and can be frustrating so feel comfortable in having a conversation with Copilot. You may find the iterative process becomes fundamental to how you work with Copilot and perfecting the response.

You see unlike human assistants, Copilot thrives on repeated, slightly altered instructions to refine its output. This approach requires a shift in mindset from one-shot solutions to ongoing dialogues with Copilot. By embracing this iterative process, businesses can tailor Copilot’s responses to their specific needs more effectively.

4. Not feeding Copilot properly.

One of things I often find when working with Copilot on more “complex” prompts and tasks is that you can tell it to base its response or output based on a specific file that contains the things you want Copilot to do / check / review for me. Whilst Copilot can leverage the Microsoft Search (via Graph API), if you know what file(s), meeting, person etc, you want Copilot to leverage, you can include that in your prompt.

In the example below (a real one that I was working with a customer on), you can see that we are using to Copilot to review some CVs against a Job Description and Criteria document.

Example Copilot for Microsoft 365 Prompt – Grounded with specific data/files

In this example, I am “feeding” Copilot the CVs I want it to review along with a Job Requirements document which contains a table of criteria about the role and the scores available based on this criteria. This means I can focus my prompt on what I need Copilot to do for me using existing data which is used to “ground” it’s response.

Tip:
One of the bug bears I hear alot around Copilot is why it can’t fill out a form for me. It cant. However…. you can ask Copilot to create an output for you based on an existing document. The video below shows an example of doing just this.

Conclusion

The integration of Copilot for Microsoft 365 presents a transformative opportunity for businesses.

By educating employees, understanding its grounding capabilities, mastering effective prompting, practising an iterative approach, and implementing a strategic adoption plan, businesses can position their organisations to really see the benefits of Copilot.

I hope the tips above help – welcome your questions and views.

Snapdragon X: The power behind Copilot Plus AI PCs

Picture of a Surface Keyboard with Snapdragon X sticker

Qualcomm’s Snapdragon X series processors are specifically crafted for PCs, particularly Windows on Arm and Copilot Plus PCs available from HP, Dell, Lenovo, Acer and of course Microsoft Surface. The processors inside these latest generation of devices, integrate the renowned Snapdragon technology from premium smartphones with the demanding performance needs of the PC domain. The goal is to deliver a processor that competes with Intel and Apple in terms of performance, while also offering the energy efficiency typical of smartphones and providing cutting edge NPU performance to power existing and upcoming AI powered applications.

Arm vs Intel: The Copilot Plus PC Revolution

Copilot Plus PCs, like the Surface Laptop 7 are powered by these Snapdragon X Arm chips. The fundamental components shared by all Snapdragon X series chips include Qualcomm’s custom Arm-based Oryon CPU, rather than Intel’s x86, an enhanced version of their Adreno GPU (derived from their mobile devices), the Hexagon NPU for on-chip AI capabilities, and cutting-edge networking technology supporting the latest Wi-Fi 6 & 7 and 5G standards.

On the software front, Microsoft offers an emulation layer within Windows on Arm (WoA) to facilitate the running of x64 applications not yet native to Arm processors. Notably, there is an extensive collection of native Arm applications from Microsoft, Adobe, and other prominent developers.

About the Snapdragon X chipset options

Snapdragon X comes in two major flavours. The X Elite, which powers the first wave of top-tier Copilot Plus PCs, and the X Plus, destined for the more affordable range of Copilot Plus PCs (You’ll see most vendors providing options for both).

Today, Qualcomm has a total of four different Snapdragon X SKUs – three under the X Elite branding and one more affordable X Plus unit. You can see the subtle differences below, with the main differentiator being CPU cores and performance.

All current Snapdragon X models boast a remarkable 45TOPS Neural Processing Unit (NPU), which means they are all equipped to handle the same AI features. An NPU enhances the traditional CPU by adding machine learning (AI) specific computational abilities. An NPU is not only faster but also more energy efficient. This offloads work from the CPU, allowing the NPU to manage AI tasks, similar to how a GPU handles graphics-intensive tasks.

  • Snapdragon X Elite
    • 12 Oryon CPU cores
    • Clock speeds up to 4.2Ghz
    • 4.6 TFLOPS GPU (Graphic Processing Unit)
    • 45 TOPS NPU (Neural Processing Unit)
  • Snapdragon X Plus
    • 10 Oryon CPU cores.
    • Clock speeds up to 3.4Ghz
    • 3.6 TFLOPS GPU
    • 45TOPS NPU

What about the new Surface Line up?

Snapdragon X offers competitive performance against not just Intel’s latest chips, but also against the Apple M3 and M4. The real star though (not a fan of just CPU benchmarks personally), is that battery life is simply incredible compared to previous generations of devices with initial testing and reports (from others such as here and here) showing these devices comfortably exceeding the demands of a busy workday, positioning these laptops as genuine contenders to the MacBook (which has always somehow always won for battery life). Running emulated x86 apps under emulation will (and does) run the CPU harder which will in turn impact battery life.

This next generation of AI powered PCs sch as Surface Laptop 7 and Surface Pro 10 are two such devices offering superior power, power efficiency and extreeeeeeemley long batter life.

Battery Life Wins

That said, tests by PC Magazine, revealed a result of almost 25 hours usage – making “Surface Laptop one of the longest-latest laptops we’ve ever tested on battery“. In comparison a 13-inch MacBook Air lasted “just” 21 hours and 38 minutes in their testing.

Surface Pro 10 and Surface Laptop 7 are the the first Copilot+ PC which feature these new Snapdragon X Elite and Snapdragon X Pro processors.

PC Magazine said in their comprehensive hands-on review of Surface Laptop 7 that

“…this is easily the best Arm chip we’ve tested yet in a PC. The CPU and GPU performance are there and deliver at least competitive benchmark numbers relative to current-gen Intel and AMD offerings in the early going. Qualcomm is to be commended for that.” | PC Magazine


What is your view on these Copilot Plus PCs? Have you got one yet – what are your first impressions?

Microsoft wants to lock down the kernel after CrowdStrike hiccup knocks out millions of Windows devices.

Windows Kernel Security - Image by Designer (AI)

Microsoft is reviewing their options and looking to push for significant changes to their Windows security architecture in the after math of the major outage caused by a “faulty” CrowdStrike update last a couple of week back. The impact of the faulty update, is thought to have afftected around 8.5 million Windows devices and services when the faulty update caused Windows devices to reboot and enter their protected recovery mode.

Microsoft acknowledges the inherent ‘tradeoff’ kernel-level cybersecurity solutions pose and confirms the root cause of the global outage.

This has prompted Microsoft to reassess the level of control that third party security vendors have over the deepest parts of their operating system and they are considering limiting kernel- level access for these vendors.

This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience“. | John Cable | Microsoft see blog post,


Time to bring control back?

John Cable, Microsoft’s VP of program management for Windows servicing and delivery, discussed passionately their viewpoint in a blog post named “Windows resiliency: Best practices and the path forward.” In this post, he emphasised the need for “end-to-end resilience” and discussed potential changes Microsoft are reviewing that could mean restricting kernel access for third party security vendors such as CrowdStrike.

Snipit from John Cable’s blog post | July 2024


The CrowdStrike update bug, which resulted in widespread system crashes, has clearly highlighted the risks associated with allowing third-party security apps and services to operate at the kernel level – a new approach is needed.

Privileged access, though advantageous for detecting threats, can result in disastrous failures if mishandled. Microsoft is investigating alternatives that circumvent future kernel access issues, including VBS enclaves and the Azure Attestation service. Employing Zero Trust methodologies, these solutions aim to bolster security without incurring the dangers inherent in kernel-level operations.

Why do Microsoft let third parties access the kernel?

In short, they dont have much choice (see below).

While Microsoft may be looking to further restrict access to its Windows kernel going forward, they have used this event to  explain why third-parties antivirus and security vendors to access the “core of Windows” the first place.

The Windows kernel is a deep layer of its operating system. Kernel-level cybersecurity lets developers do more to protect machines, can perform better, and can be harder for threat actors to alter or disable.

When a kernel-level cybersecurity solution loads at the earliest possible time, it gives users (and companies) the most data and context possible when threats arise and also ensures protection can kick in at the earliest stage of the Operating Systems boot up stage rather than waiting for the OS to load and then running as a normal system process.

The EU may prevent changes over anti-trust claims

Whilst this makes common sense to most, after all why shouldn’t Microsoft be able to restrict access to ensure stability of an operating system used by more than a billion users, their push for change is likley to face resistance from both cybersecurity vendors and regulators.

Back in 2006, Microsoft tried to restrict kernel access around the release of Windows Vista, but was met with opposition and a ruling that preventing them doing this, citing anti compete. In contrast, however, Apple successfully managed to lock down their kernel level
access in macOS in 2020. The market for Windows software is of course far larger than Apple’s MacOS and Microsoft is an open platform for developers to build upon so any changes will need to be done in a way that make this possible without preventing developers software doing what they are supposed to do!

Microsoft has attributed part of the CrowdStrike outage to the 2009 European Union antitrust agreement, which mandates that Microsoft must provide kernel-level access to third-party software vendors. Conversely, Apple started to phase out kernel extensions in macOS in 2020, encouraging software vendors to adopt the “system extension framework” due to its reliability and security advantages.

It is not the first and wont be the last time either that the EU have played the anti-trust card. Microsoft has recently had to decouple Teams from Microsoft 365 as a response to competitors such as Zoom citing Mcirosoft have an unfair advantage. They have had recent claims against them with Internet Explorer and Edge.

Zero Trust Kernel Protection mayt be the way forward

The blog post indicates that Microsoft is not proposing a complete shutdown of access to the Windows kernel. Rather, it highlights alternatives like the newly introduced VBS enclaves, which offer an isolated computing environment that doesn’t necessitate kernel mode drivers for tamper resistance.

“These examples use modern Zero Trust approaches and show what can be done to encourage development practices that do not rely on kernel access…We will continue to develop these capabilities, harden our platform, and do even more to improve the resiliency of the Windows ecosystem, working openly and collaboratively with the broad security community vendors”.
John Cable | Microsoft Windows VP

Trade off between “anti-compete” and stability.

Microsoft acknowledges that the tradeoff of kernel-level cybersecurity products is that if it glitches out, it can’t be easily fixed, saying in their blog that. “all code operating at kernel level requires extensive validation because it cannot fail and restart like a normal user application.”

As such companies have to demonstrate strict quality and testing controls over their software. The CrowdStrike issue occurred since this wasn’t a new product but” simply” and software patch by CrowdStrike that… well, went wrong.

Microsoft can’t vet every patch and every update released by their “trusted” ISVs/third parties, especially when it comes to security updates which these security vendors need to roll out requently.

“There is a tradeoff that security vendors must rationalise when it comes to kernel drivers. Since kernel drivers run at the most trusted level of Windows, where containment and recovery capabilities are by nature constrained, security vendors must carefully balance needs like visibility and tamper resistance with the risk of operating within kernel mode.” | Microsoft

What ever happens – businesses still need to have backup and remediation processed in place.

In response to the CrowdStrike incident, Microsoft deployed over 5,000 support engineers to aid affected organizations and provided continuous updates via the Windows release health dashboard. They rapidly developed recovery tools to assist companies in their recovery efforts, while emphasising the significance of business continuity planning, secure data backups, and the adoption of cloud-native strategies for managing Windows devices to bolster resilience against future incidents.

Further whitepapers and guidance will be released in the coming months and I expect this will lead to Microsoft, and their third party vendors releasing more recovery tools and guidance.


Summary

Microsoft “confirmed that CrowdStrike’s analysis that this was a read-out-of-bounds memory safety error in the CrowdStrike developed CSagent.sys driver,” Microsoft explained in their technical analysis of the crash and why the impact was so huge in a technical paper published last week.

Reviewing the security architecture and access to the kernel is definately needed, but their approach and desire to prevent future issues with third party glitches will likley be at the brunt of complaints from third party security vendors and the EU anti-compete regulators.

Apple “seem” to have a much easier ride when it comes to doing what they want – they say “jump” and developers say “how high”. Microsoft repeatedly have to “please” regulators far more – this recent huge global impact, may work in Microsoft’s favour however, to bring some control and governance in the name of system and business stability which I am sure will get the backing of everyone and every organisation impacted.

One thing is for certain -Microsoft wont take this sitting down. They will work hard to continue to protect their OS which is run on billions of devices and used by almost all coporations, education and crititical infrastrucutre. Change will happen!