CrowdStrike Update caused “Global IT Outage” with “Blue Recovery Screen” Issue on older Windows devices

BSOD - Crowdstrike

We have seen social media frenzy this morning following a triple whammy of issues impacting Azure Virtual Machines (running Windows 10 and Server 2016) and Windows devices across hundreds of organisations where devices are rebooting to the Windows Recovery Screen issue on Windows 10 devices and Server running older versions.

19/7/24 11:00am: The impacts of the issue are still on-going although the root cause is known and CrowdStrike and working with Microsoft on getting a patch out…

19/7/24: 15:00: CrowdStrike have updated their sites to take accountability of the issue (Microsoft still helping) that has impacted devices due to a “bug” in their software update which caused the BSOD. They have pulled and fixed the update and are working with their customers to remediate the impact. Microsoft have also offered guidance on what can be done to reverse the issue – links to this below.

29/7/2024: 18.00: this is not a Microsoft problem (yet I imagine they will be blamed) but it affected millions of Windows systems… Read to the bottom to see why.


Summary

Since the early hours of the morning, several media companies, airlines, transport companies, tech companies, and schools / universities are reporting a Blue Screen (actually a safety recovery screen) issue Windows 10.

The issue is impacting Windows 10 devices that are using CrowdStrike Falcon agent – their flagship Extended Detect and Response (XDR) Security platform.

Impacted devices are crashing following this Falcon Client update and then getting stuck at the “Recovery” screen due to a critical system driver failure that is preventing the device from starting back up.

CrowdStrike and Microsoft are actively working on this to drive a permanent fix, workarounds are available which require manually preventing this service from starting on affected devices.

The issue is not known to be affecting devices running Windows 11 and Server 2019 and beyond.

What is CrowdStrike?

CrowdStrike, a cybersecurity firm based in the US, assists organisations in securing their IT environments, which encompasses all internet-connected resources.

Their mission is to “safeguard businesses from data breaches, ransomware, and cyberattacks” and they position themselves as having leading offerings that compete with other vendors including Microsoft themselves, SentinelOne, and Palo Alto Networks. Their client base is extensive and includes legal, banking, finance, travel firms, airlines, educational institutions, and retail customers.

A key offering from CrowdStrike is their Falcon XDR tool, touted on their website for delivering “real-time indicators of attack, hyper-accurate detection, and automated protection” against cybersecurity threats.

Root Cause

Information available from CrowdStrike and Microsoft state that the issue is caused by a “faulty” version of the csagent.sys file which is key system start-up file needed by CrowdStrike’s new sensors update for their Falcon Sensor agent. It is this file that has been responsible for the BSOD errors on Windows 11 and many servers running older Windows Server OS running in private and public data centres such as Microsoft Azure. .

George Kurtz, the CEO of the global cybersecurity firm CrowdStrike, stated that the issues were due to a “defect” in a “content update” for Microsoft Windows devices.

“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”

Impact

  • Windows 10 devices are primarily affected.
  • Devices running Windows Server 2016 and older in Azure are also impacted if they run the CrowdStrike Falcon agent.
  • Limited/less impact on devices running Windows 11 or Windows 2019 and later.

Note: Windows 10 enters end of support in October 2025.

Is there a fix?

Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.

The formal advice if this issue is affecting your organisation is to contact your CrowdStrike Support representative – CrowdStrike and Microsoft are actively working to address the issue both as a response to the issue and preventative to ensure more devices are not impacted.

Since the issue is known to be caused by the csagent.sys file, there are ways to manually prevent this file being loaded, allowing the device to load. There are a couple of ways to do this.

  1. Use Safe Mode and delete the affected file:
    • Boot the device to Safe Mode
    • Open Command Prompt and navigate to the CrowdStrike directory which should be C:\Windows\System32\drivers\CrowdStrike
    • Locate and delete the file matching the pattern C-00000291.sys* – you can do this using the by using a wildcard dir C-00000291*.sys.
    • Remove or rename the file.
  2. Use Registry Editor to block the CrowdStrike CSAgent service:
    • Boot to Safe Mode
    • Open Windows Registry Editor.
    • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent
    • Change the Start value to 4 to disable the service.

Dan Card, of BCS, The Chartered Institute for IT and a cyber security expert said: “People should remain calm whilst organisations respond to this global issue. It’s affecting a very wide range of services from banks to stores to air travel.

He also said that whilst the cause is now known, it is still causing worldwide issues and impacts on consumer services, banking, healthcare and travel and will take some time to remediate.

Companies should make sure their IT teams are well supported as it will be a difficult and highly stressful weekend for them as they help customers of all kinds. People often forget the people that are running around fixing things.”

Updated: 21/7/2024: Microsoft have updated their guidance and provided additional support for fixing these issues using managed devices via Intune. This can be found here.

Conclusion

CrowdStrike has acknowledged the issue and is investigating the cause. Users can follow the above steps to resolve the recovery screen issues  and boot their PCs normally.

Crowdstrike and Microsoft worked tirelessly to resolve this issue and prevent further widespread impact.

“The issue has been identified, isolated, and a fix has been deployed.” he said as he clarified that the problems did not impact operating systems other than Windows 10 and WIndows Server 2016 and older and also emphasized, “This is not a security incident or cyber-attack.”

Devices running Microsoft’s latest Operating Systems seem to be less impacted (though information still being collated).


How did Microsoft allow this to this happen?

How did this happen? Many people are asking why Microsoft are shifting blame to Crowdstrike (who have admitted fault) asking why and how did Microsoft allow this?

In short, it’s not their fault and there really wasn’t anything they could have done to prevent it…. Here’s why..

Many Security products such as XDR products made by Crowdstrike, Palo Alto, and even Microsoft’s own XDR product defender, are what is known as “kernel mode products” . Whilst this issue affected Windows the same “hiccup error with the update” could have equally of affected other OS such as MacOS and Linux since they are kernal extensions.. This means is they had made the same mistake on the updates for these OS’s the same product mess up would have occurred. 

In an ideal world all applications and services would run in user mode rather than Kernel Mode, but with many security and AV products, these have a need (a legitimately one) to monitor at the lowest levels of the OS in order to detect attacks… This is not possible if running in user mode as the kernel is protected.

The Blue Recovery Screen (which was mistaken by most as the Blue Screen of Death (BSoD) which it actually was not is actually the Windows OS safety net.

As such, there is not much more Microsoft can do here. These are third party applications not managed or developed or controlled/updated by Microsoft. If Microsoft were to manually vet every update and change to an application, Microsoft would be classed as control hogs and the world will crucify them for it!

Microsoft cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets.

The outage is awful and has impacted so many organisation including crutiic services, but it’s also not fair IMO that Microsoft and Windows have been dragged through the dirt simply because it’s their OS that was impacted by the poor updates and issues another third party application caused. 

It’s not the first time this had happened…to other OS’s

According report by Neowin, ” similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company”s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

In April, a CrowdStrike update caused all Debian Linux servers in a civic tech lab to crash simultaneously and refuse to boot. The update proved incompatible with the latest stable version of Debian, despite the specific Linux configuration being supposedly supported. The lab”s IT team discovered that removing CrowdStrike allowed the machines to boot and reported the incident. “

What this shows it the vital importance on update testing and deployment rings.

Microsoft Security Hits $20B in Revenue

Microsoft Security Banner

In a blog post following Microsoft’s Q2 earning report this week, Microsoft shared how their security revenue had grown 33% from 2022 to 2023 and now stands at $20Billion driven massively by their global partners who have been helping customers strengthen their security posture while saving money through vendor consolidation. Microsoft stated that security remains the number one investment for businesses is where organisations spend the most, and easily justifiable for companies.

To put this into perspective, the $5 billion increase in Microsoft’s security business over the past twelve months is larger than the revenue generated by every pure-play cybersecurity vendor other than Palo Alto, which expects to hit $6.85 billion growth when they publish their results later this year.

We are taking share across all major categories we serve…..customers are consolidating on our security stack in order to reduce risk, complexity and cost.” – Satya Nadella.

Even in this economically challenging time, organisations still see security as the top priority.

Vasu Jakkal | CVP of Security, Compliance, Identity, & Management | Microsoft

Every Growing Market

According to McKinsey & Company, the cybersecurity market is now worth $2 trillion as more businesses realise that they lack the levels and breath of protection and detection measures to keep their data, identities, applications, devices, and networks and safe whilst the number of attacks continue to rise at alarming rates.

Despite Microsoft’s huge growth in this area, Microsoft pointed out that there is still a global shortage of cybersecurity professionals across the globe and in the USA alone, there are ~4 million unfilled cybersecurity jobs currently open, with salaries hugely inflated due to the high demand for these roles.

Organisations can save lots of money

In the Microsoft earnings call, Satya Nadella, called out their focus in helping customer “do more with less” saying that “this is a place where customers can save lots of money’
He talked about Microsoft’s breadth, depth, and integrated security portfolio, stating boldly that “Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy“.

Much of the value and cost savings Microsoft saves their customers is through their productivity suite bundles, such as Microsoft 365 E5, which combines advanced security, privacy, and compliance, along with Teams voice and rich analytics. Recent customers to go all-in on E5 licenses include IKEA, NTT, Boots, Rio Tinto and Marks and Spencer, and leading global law firm Baker McKenzie.

Data from 2021/2022 Forester report.



Microsoft also provide dedicated Security and Compliance add-on suites as well, as the ability to purchase their security offerings as point products such including their Enterprise Mobility and Security suite which grew 16% to more than 241 billion seats.

Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy

Satya Nadella | CEO | Microsoft

Microsoft called out an example of $4.46 billion, British Sports retailer Frasers Group, for its decision to consolidate tools and services from ten separate cybersecurity vendors to just Microsoft.

In another example, $2.76 billion, American digital media player manufacturer Roku moved its entire identity and access management business to the cloud with Azure Active Directory.

Market Bolstering Stats

  • SEIM: In October 2022, Microsoft Sentinel shot to the top of Gartner’s SIEM Magic Quadrant, zooming past IBM, Splunk, Securonix and Exabeam .
  • Identity & Access Management: IDC say Microsoft have 23.8% market share of the $13.6 billion identity and access management market, with Okta at a distant second at 9.2%.
  • Endpoint Security: Microsoft had 11.2% of the market in 2021 and 12.4% in 2022. Only CrowdStrike had a larger slice of the endpoint security market at 12.6% but has a lower growth. CrowdStrike, Microsoft &Trend Micro were of in April 22 Forrester Wave for EDR providers.

“Microsoft is the “only company” that offers “integrated end-to-end tools spanning identity, security, compliance, device management and privacy, informed and trained on over 65 trillion signals each day.”

Satya Nadella | CEO | Microsoft

The Role of Microsoft Partners

Despite the global shortage of Cyber Security professionals, Microsoft’s pointed out that their security business is surging partly due to the work many of their global Modern Work and Security partners are driving. Microsoft continues to invest significantly in partner skills enablement along with resources and funding to help their partners to help their customers. This ranges from funded discover and usage workshops, technology enablement funding, end user adoption funding (to help users work more securely), technical training initiatives, third party vendor displacement support and more.

As such Microsoft partners can certify and specialise in different security and compliance areas, helping their customers find partners that can help them understand their risk profile, identity weaknesses or risks, deploy and adopt new tools and platforms and migrate from point product to improve their security whilst reducing cost.

Organisations can reach out to their Microsoft representative or speak to their Microsoft Partner for more information

Microsoft technology (through the help of their partners) can save the average 10,000 seat organisation more than $8.3M per annum through investing in Microsoft 365 E5 and Sentinel according to research conducted by Forrester.

On a recent fireside chat that I hosted, most organisations on my panel discussed how they were improving their security through investment in Microsoft 365 E5 with the help of their partners.

The Microsoft Security Portfolio

Microsoft has organised their security portfolio (which spans more than fifty product categories overall) into six product lines.

  1. Defender: The Defender portfolio includes Microsoft 365 Defender (Microsoft’s extended detection and response (XDR) platform for securing endpoints, email, applications, identities, and data, as well as their Defender solutions for endpoint, Cloud, IoT, vulnerability management, threat intelligence, DevOps and external attack surface management.
  2. Sentinel: Microsoft’s SEIM platform
  3. Entra: Microsoft’s identity management and security portfolio, which includes Azure AD
  4. Purview: Data protection, data loss prevention, inside risk management
  5. Priva: Their new privacy risk management solution following their acquisition of RiskIQ
  6. Intune: Microsoft’s multiple vendor, multi-category endpoint management suite.

Note: Whilst Microsoft do not have dedicated products that cover the network infrastructure, SIP, WAN and Wireless LAN spaces, but work in partnership with leading infrastructure vendors such as Cisco to provide seamless identity and access integration.

Microsoft is the only vendor that has integrated tools spanning identity, security, compliance, device management and privacy

Satya Nadella | CEO | Microsoft
Microsoft Security 2023



You can read more on the official Microsoft security blog post here.

Microsoft Sentinel |2022 Gartner Magic Quadrant leader | Security Information & Event Management

Microsoft has been named a Leader in the 2022 Gartner Magic Quadrant for Security Information and Event Management (SEIM) and was positioned highest on the measure of Ability to Execute axis.

Gartner Magic Quadrant for SEIM 2022

What is Sentinel?

Microsoft’s end to end security takes the best of SIEM and combines that with the best of extended detection and response (XDR) to deliver a unified security operations platform.

Microsoft Sentinel is a scalable, cloud-native solution that provides:

  • Security information and event management (SIEM) and
  • Security orchestration, automation, and response (SOAR).

Sentinel delivers intelligent security analytics and threat intelligence across the enterprise with integration into almost any application, network and service. Sentinel provides a single comprehensive, intelligent, AI driven solution for attack detection, threat visibility, proactive hunting, and threat response.

It’s unique bird’s-eye view across the enterprise, helps alleviate the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution time frames which often cripples IT and SecOps teams.


Leaders because….?

Microsoft’s vision for protecting organisations from threats is unique compared to competitor vendors/products that only offer a SIEM platform. Just look at how far they have moved in 12 months… Incredible for a fairly new product.

In the annoucement from Microsoft on the recognition they say that “the breadth of coverage only a SIEM can provide and the depth of insight that XDR provides. That means that organisations that leverage Microsoft security solutions have more context to work from to resolve attacks faster. Customers using our XDR capabilities, such as Microsoft 365 Defender, also receive a discount on their data ingestion into Microsoft Sentinel.


You can access and read the full Gartner report here

You can also get a free trial (or free workshop) for Sentinel by following the link here or by speaking to you Microsoft Security Partner.

Defending Ukraine: Microsoft share conclusions of their cyber-attacks’ defensives against Russian attacks

As Russia continues its attack on Ukraine, Microsoft has taken some of the lessons they have learnt from their cyber attack defensive assistance of Ukraine at the start of the war and have now shared their insights with the world to learn from.

In a recent blog post on Microsoft’s “Microsoft on the Issues” site, Brad Smith, Microsoft VP and Chairman, shared highlights of the re-occurring themes around how the war in Ukraine follows a similar yet updated parallel to other historical battles but with a modern cyber focussed offensive now a huge part of the war-plan.

In this most recent blog, Brad Smith discussed the three-part strategy Microsoft has discovered and observed during their early defense assistance of Ukraine. He calls out “destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.”

The wider report goes into detail around how Microsoft’s are continuing their efforts in assisting in the defense of technological targets in Ukraine as well as the continuous evolving strategy Microsoft is pushing to further help harden businesses, institutions, governments, and nations against future cyber-attacks.

The Russian military poured across the Ukrainian border on February 24, 2022, with a combination of troops, tanks, aircraft, and cruise missiles. But the first shots were in fact fired hours before when the calendar still said February 23. They involved a cyberweapon called “Foxblade” that was launched against computers in Ukraine. Reflecting the technology of our time, those among the first to observe the attack were half a world away, working in the United States in Redmond, Washington.

Brad Smith | Vice President | Microsoft

Conclusions and how to defend against state nation attacks

Microsoft say that to defend against similar state-nation coordinated attacks you first need to understand the approach, what has worked and what needs to be done to allow other state nations and countries to better protect against cyber warfare. The conclusions of the report (which you can read in depth here), highlights the following:

  1. Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries.
  2. Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks.
  3. As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine.
  4. In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts. Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
  5. Finally, the lessons from Ukraine call for a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations.

The Wider Comprehensive Report

Cyber warfare Ukraine Image

Finally, Brad Smith references the extensive comprehensive report “Defending Ukraine: Early Lessons from the Cyber War” that Microsoft have also recently published which can be read and downloaded here.

Windows Autopatch is now available for public preview

Microsoft Autopatch

Windows Autopatch, a service to automatically keep Windows and Microsoft 365 up to date in enterprise organisations, has now reached public preview. When officially released (GA), it will be included Microsoft commercial customers with a Windows Enterprise E3 license or higher.


In short, Windows Autopatch automatically allows organisation to shift the management and deployment of Windows 10, Windows 11 and Microsoft 365 Apps including quality and feature updates, drivers, firmware to Microsoft.

What’s the purpose?

Essentially this aims to take the nightmare out of the age-old “patch Tuesday” and promises to be a great time saver for IT admins. With Autopatch, IT can continue to use their existing tools and processes for managing and deploying updates to devices OR can look to phase in or replace this in entirety and with this new “hands off” approach and let Windows Autopatch take care of security, driver and firmware updates.

“Changing the way things get done, even when that change makes things easier, gives pause to most people who run large IT organisations. By joining the public preview, you’ll be able to get comfortable with Windows Autopatch and ready your organisation to take advantage of the service at scale”.

Lior Bela | Senior Product Marketing Manager | Microsoft


The main purpose of Windows Autopatch is moving the update orchestration burden from the IT department to Microsoft. Once deployed, configured and tested, Autopatch should allow the entire effort around planning and managing the Windows Update process (sequencing and rollout) to be taken away from IT freeing up time and resources.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate,” Bela added.

“Whenever issues arise with any Autopatch update, the remediation gets incorporated and applied to future deployments, affording a level of proactive service that no IT admin team could easily replicate.”

Lior Bela | Senior Product Marketing Manager | Microsoft

How to enable Autopatch

Windows Autopatch devices must be managed by Microsoft Intune for this to work and Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

As you’d expect, there are a handful of steps needed to enable the preview and to enrol your Microsoft 365 tenant into the Windows Autopatch public preview:

  • Log on to Endpoint Manager as a Global Admin and navigate to the Windows Autopatch blade which is under the Tenant Administration menu – this will only be visible if you have the right licenses deployed.
  • Using an InPrivate browser window, redeem your Autopatch preview code
  • Run the readiness assessment, add the required admin contact, and add the devices you want to enrol in the service.
  • Tick the box, to allow Microsoft to manage updates on behalf of your organisation.
Allowing Microsoft to manage updates for your organisation

Microsoft provides regularly updated instructions on how to add devices to your test ring and how to resolve common errors such as “tenant not ready,” “device not ready” or “device not registered.”

Microsoft also provides detailed instructions (and video) on how to add devices to your test ring and how to resolve the status of “tenant not ready,” or a status of “device not ready” or “device not registered.”

https://youtu.be/gu4bpXYiAd8
Microsoft YouTube video on enabling Windows Autopatch

How Autopatch works

The Windows Autopatch service automatically splits your organisation’s device estate into four groups of devices described by Microsoft as “testing rings”.

  • Test Ring: Contains a minimum number of devices for test purposes
  • First Ring: Contains ~1% of all endpoints (think of this like the early adopter ring)
  • Fast Ring: Contains ~9% of devices
  • Broad Ring: Contains the rest of the devices.

The updates are deployed progressively, starting with the test ring and moving to the larger sets of devices following a validation period in which the system and IT can monitor device performance and compare it to pre-update metrics through End Point Analytics.

Autopatch rings. Image (c) Microsoft

Autopatch also features a nifty, feature called “Halt and Rollback” that block updates from being applied to higher test rings or rolled back automatically. This is key for critical dates or projects which may be impacted by updates or where quality errors are detected in the Test Ring updates.

What about Patch Tuesday and Critical Updates?

Microsoft will continue to deliver monthly security and quality updates for supported versions of the Windows on the second Tuesday of the month (commonly referred to Patch Tuesday or Update Tuesday) as they have been to date. These will be delivered by Autopatch also.

For normal updates, Autopatch uses a regular release cadence starting with devices in the test ring and completing with general rollout to broad ring.

Any updates addressing a critical vulnerability, such as Zero Day threats, will be expedited by Windows Autopatch with a aim to patch all devices immediately.


Microsoft provides further info in the Windows Autopatch support documentation, including details on service eligibility, prerequisites, licensing and features.

Microsoft Entra aims to secure access for the multicloud connected world

Microsoft has just announced “Entra“, which is the latest “family of products” and joins their other suites alongside Priva and Viva.

Entra brings together all of Microsoft’s identity and access products and services and includes Microsoft Azure Active Directory (Azure AD), as well as their Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity services.

Identity is one of the biggest cornerstones for cybersecurity.

Microsoft Entra. Image (c) Microsoft

Microsoft Entra aims to help simply the way organisations approach and accomplish attack surface reduction in the multicloud, hyperconnected world by filling the biggest and most critical gaps. It does this by:

  • Protecting access to any application or resource for each and every user
  • Secure and verify every identity across hybrid and multicloud environments
  • Discovering and governing permissions in multicloud environments
  • Simplying the user experience with real-time intelligent access decisions.

Microsoft Entra embodies our vision for what modern secure access should be. Identity should be an entryway into a world of new possibilities, not a blockade restricting access, creating friction, and holding back innovation. We want people to explore, to collaborate, to experiment – not because they are reckless, but because they are fearless.

Microsoft.

Entra works with the majority of all cloud platforms, including Azure, AWS, Google Cloud, as well as other Microsoft apps and websites.


To find out more, visit the Microsoft Entra website to learn more about how Azure AD, Microsoft Entra Permissions Management, and Microsoft Entra Verified ID deliver secure access for our connected world.

Microsoft announces new Managed ‘Security Experts Services’ to ramp up fight against cybercrime

Microsoft’s security business is growing faster than any of their other mainstream products and services, and today they announced they will be adding three new services designed to help organisations spot and respond to cybersecurity incidents.

Here’s the TL;DR version.

  • Microsoft are bolstering their security services offerings to go along with its technology products and partners.
  • Security is the fastest-growing broad product category for Microsoft.
  • Microsoft are increasing annual research and development spend in cybersecurity from $1 billion to $4 billion (more than any other security vendor anywhere).

The new services will see Microsoft’s own cyber security experts providing hands-on, proactive threat hunting for organisations unable to fully build out their own SOC due to the global security skills shortage and cost.

Keep reading to learn more…

This new announced investment comes as we see increasing reports from industry analysts on the continued increase in cyber security budgets globally as organisation continue to invest in protecting against the ever-increasing threat of ransomware attacks, identity theft and network hacks. 

Attacks are getting smarter and more targeted

Cybercrime attacks are continuing to rise and get increasing sophisticated, costing the world’s businesses $6 trillion USD last year, with that number expected to rise to $10.6 trillion in 2025.

According to Microsoft, “most human-operated ransomware attacks share some common traits, as attackers take advantage of an organization’s reliance on legacy software configurations or poor “credential hygiene” to gain entry into systems, and once in to find privilege escalation points to move through systems and carry out attacks.“.

Whilst identity hygiene is improving many organisations still do not get the basics right with poor identity protection, lax controls, no (or patchy) MFA and a disjointed and fragmented approach to security rather than a Zero Trust ‘defence in depth mindset’

Guarding single points of entry is not enough anymore, and a system or systems of managed extended detection and response (MXDR) is helping to help companies take a step back and look to guarding overall systems rather than focusing on locking down network ports or domains etc. “, Microsoft said in their latest security blog.

What is Microsoft Security Experts?

Microsoft Security Experts is a newly announced set of human, AI and software led services they will offer to organisations which will provide managed security services without them needing to build everything in house.

Microsoft Security Expert Services

Whilst just the start, the three new security managed services include Defender Experts for Hunting, Defender Experts for XDR, and Security Services for Enterprise.

  • Microsoft Defender Experts for Hunting.
    • This involves Microsoft Security engineers hunting and altering organisations of issues they proactive hunt in clients’ devices, Office 365 productivity software installations, cloud apps and identity platforms programs.
    • This will put Microsoft into a more direct competition with pure-play security software companies such as CrowdStrike.
    • Cost is circa $3 pupm.
  • Microsoft Defender Experts for XDR.
    • This is a more people intense service that will see Microsoft Security Experts helping organisations act on threats. Microsoft say that this type of work is typically done by a variety of different organisations today, including the big four accounting firms.
    • Cost is $14 pupm.
  • Microsoft Security Services for Enterprise
    • This service includes an even broader set of people-driven services.
    • It aims to be more specific and customised to the needs of large enterprise organisations.
    • It’s set to help elevate the global security skills and people challenge which affecting almost every organisation.
    • Costs are bespoke to each organisation.

Microsoft and Security

Security is already a $15 billion annual business for Microsoft, and in 2021/22 it has increased faster than any other significant product or service that Microsoft sold – up 45% YoY.

Microsoft is of course no new kid on the block when it comes to cyber defence, and last year blocked over 9.6 billion malware threats and 35.7 billion malicious emails as well taking down several huge state nation attacks.

Microsoft believe that they are uniquely positioned to help their customers and partners do more to meet today’s security challenges. “We secure devices, identities, apps, and clouds—the fundamental fabric of our customers’ lives – with the full scale of our comprehensive multicloud, multiplatform solutions. At Microsoft, we understand today’s security challenges because we live this fight ourselves every single day“.

Microsoft’s CEO Satya Nadella had already announced last year that their annual cyber security research and development spending is increasing to a staggering $4 billion, up from an already huge $1 billion.

What about the role of the Microsoft Partner?

Details are still emerging about how partners that sell security consultancy, enablement, training and of course managed extended detections and response (XDR) will be able to leverage these and build on their services.

Microsoft has said in their Yammer partner community site that they will be making a whole new set of investments in partners to help advance (or build) their managed extended detection and response (XDR) services business.

Growth and demand for Managed Security Services

According to Gartner, demand is on a fast growth trajectory, and more than 50 percent of organizations will be using managed detection and response (MDR) services for threat monitoring, detection, and response functions that offer threat containment and mitigation capabilities by 2025.

Microsoft say that their Partners will play a critical role in addressing this incredible customer demand.

Smaller Organisations – Here’s why you should care about Microsoft Defender for Business

Defender for Business

Today (May 3rd 2022) Microsoft formally announced the general availability of the standalone version of Microsoft Defender for Business.

Why should I care?

Well firstly, it’s a myth that smaller organisations are not targeted and attacked. Security continues to be an increasing challenge for small and medium businesses with a more than 300% increase in ransomware attacks alone in the past year alone, leading to increase cost in time and money, whilst pulling you away from doing what matters most – running your business and making money.

300% Increase in ransomware attacks 2021

As an example, the solicitor I was personally using last year for a house purchase was victim of a cyber-attack in September last year and it took them almost 3 months to get back on their feet which cost them loads of business – including mine!

In addition, according to a report commission by Microsoft – over 90% SMB organisations admit to buying “bad” endpoint security (which means it is below par, nor is it integrated into their wider security portfolio).

What is Defender for Business

Microsoft Defender for Business brings enterprise-grade security to smaller and medium sizes businesses (SMBs), including world-class endpoint detection and response capabilities.

Microsoft Defender for Business

Microsoft Defender also continually scores the highest across all industry endpoint protection products. https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/top-scoring-industry-antivirus-tests

Why Defender for Business

Microsoft position this as “the solution for the new Hybrid Workforce”. As employees increasingly work across a mix of different devices and locations, Defender for Business delivers end-to-end security and moves beyond traditional end-point anti-virus, with their cloud connected, AI-powered service that is backed by trillions of daily signals, bringing enterprise grade, real time detection of known or trending threats including zero-day attacks and ransomware.

Microsoft Defender for business is part of the wider Microsoft 365 Defender family – a unified pre- and post-breach enterprise defence suite which natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Key Benefits

  1. Reduce your vulnerability with Defender’s risk-based management approach
  2. Help eliminate risks by reducing the surface area of attack
  3. Protect against cyberthreats like ransomware and malware
  4. Detect and investigate advanced persistent attacks
  5. Automatically investigate alerts and helps respond to complex threats

Here’s how it works

If you think of your business as like you might think about your own house, we can use this simple by effective analogy:

  1. Threat and Vulnerability Management is like a proactive police/crime assessment – looking at your doors and windows for potential weaknesses. It’s a risk prevention approach to vulnerability management that reduces threats before they grow into serious problems.
  2. Attack surface reduction works by making sure the windows are locked, and only the right people have keys to the front door. This helps minimise risk by reducing the attack surfaces open across your devices.
  3. Next Generation Protection acts as the lock for your front door. It helps to stop the things you don’t want to enter, from file-based and fileless malware, to spyware.
  4. Endpoint Detection and Response is like a security camera system, helping you see and record an intruder in the building. Defender’s advanced tools then sets off the alarms, allowing you to respond directly to the problem, device, or file.
  5. Auto Investigation and Remediation is like your smart alarm system, calling the authorities and taking the intruder away. Defender for Business automatically investigates alerts and helps remediate complex threats, acting as your personal security analyst, working 24/7 to protect your business.

In short, Microsoft Defender for Business looks across your environment, multiple activities, devices, and users and then aggregates your alerts into a single incident making it easier for you (or your IT Services partner) to manage and respond to threats before they impact your business.

How does it compare to Defender for Enterprise?

Defender for Business provides the same premium protection at endpoint level for SMBs as it does for Enterprise organisations – the only difference is the price point and simplified management. The table below, shows the main differences.

Microsoft Defender Product Comparison (c) Microsoft.

How do I get it?

All these features and more are available as part of Microsoft 365 business premium plan or can be purchased (if you are not a Microsoft 365 subscriber) as a standalone application.

Microsoft Defender for Business Options

Speak to your Microsoft Partner or CSP license provider in the first instance. They can probably also help you quickly get started and set it up..

Defender for Business is already included as part of Microsoft 365 Business Premium – Microsoft’s comprehensive security and productivity solution for businesses with up to 300 employees (or as part of a blended licensing approach). Microsoft Business Premium costs just £16.50 per user per month.

You can (from today) also purchase Defender for Business as a standalone solution for just £2.75 per user, per month and what’s more support for On-Premises and Cloud Hosted Servers for SMB is also coming later this year.

Microsoft Authenticator adds ability to generate Secure Passwords for you.

To mark the one year anniversary since Microsoft launched their Autofill feature on Authenticator, they have just updated the service with the ability to auto generate strong, unique passwords for you.

Microsoft Autofill (like a password manager) allows you to (for personal and corporate use) unites all of your passwords and stores them security in Azure AD via your Microsoft Account (or Azure AD account) for use across Microsoft Edge and Google Chrome (via an extension) as well as across your smart phone. Furthermore, the Microsoft Authenticator app can be used for managing all your passwords and this new feature helps you be even more secure online by generating secure and unique passwords that you don’t even need to worry about remembering (which is traditionally what leads to weak passwords).

Microsoft Authenticator App

To access this new feature, you need to be running the latest version of Authenticator on iOS or Android.

Authenticator will prompt you to use the feature when ever you create a new password for a website or cloud service or when you change the password of an existing one.

The app has slightly different behaviour across iOS and Android at the moment.

  • Android – tap the Passwords section, then click the (+) button, and choose Generate Password. You can save any passwords with the save icon and even name or copy them.
  • iOS – clickthe ellipses button at the top right of the app, and choose password generator.

What do you think. Do you use Microsoft Authenticator for password management today? What do you think of this new feature.

Microsoft Security recognised as a Leader in 8 Forrester Wave™ categories

Microsoft has been recognised over the last 12 months as leaders in 8 Forrester Wave catagories.

Did you know, Microsoft analyse over 24 trillion security signals every 24 hours offering a uniquely comprehensive view of the current state of security.

This is backed by over 8,500 security experts from across 77 countries that provide a critical perspective on the security landscape and helps protect against industry and state nation attacks.

Microsoft say that “When you have comprehensive security, you have the freedom to grow your enterprise to match your vision. Comprehensive security is not only coverage, but also best-in-breed protection, built-in intelligence, and simplified management”.

1. Unified Endpoint Management

Microsoft Endpoint Manager brings together Microsoft Intune for cloud endpoint management and Microsoft Endpoint Configuration Manager for endpoints on-premises, empowers organisations to protect their apps and devices across platforms for a resilient, productive workforce.

Image (c) Forrester Research 2021

2. Extended Detection and Response (XDR)

Extended detection and response (XDR) is an early-stage market, and current vendor capabilities reflect that. XDR products have variegated feature sets based on their maturity, native portfolio, and vision for the SoC which is thought will likely replace (longer term) SEIM.

Microsoft Defender combines SIEM and XDR to increase efficiency and effectiveness while securing your digital estate. It allows IT to get insights across their entire organisation with their cloud-native SIEM, Microsoft Sentinel. Customer can leverage integrated, automated XDR to protect end users with Microsoft 365 Defender, and secure their multi cloud infrastructure with Microsoft Defender for Cloud.

Image (c) Forrester Research 2021

3. Identity as a Service

The shift to hybrid or fully remote workforces has also accelerated user access that bypasses enterprise networks. To manage these changes, organisations are looking to IDaaS providers to serve as their primary identity provider (IDP).

Image (c) Forrester Research 2021

4. Security Analytics Platforms

In the past, vendors offered traditional SIEM systems as on-premises hardware or software deployments. In 2020, Azure Sentinel became the industry’s first cloud-native SIEM on a major public cloud.

Most of the vendors included in Forrester’s evaluation of the security analytics platform market deliver their products via SaaS or cloud-hosted models. This change has enabled vendors to more quickly roll out new capabilities to their customers and decrease the management overhead for these systems.

Image (c) Forrester Research Q4 2020

5. Enterprise Email Security

Microsoft were positioned as a leader for Enterprise Email Security, Q2 2021 receiving among the highest scores in the strategy category. Microsoft Defender for Office 365 also received the highest possible score in the incident response, threat intelligence, and endpoint and endpoint detection and response (EDR) solutions integration criteria, as well as in the product strategy, customer success, and performance and operations criteria.

Image (c) Forrester Research 2021

6. Endpoint Security Software as a Service

Microsoft 365 Defender received one of the highest scores in the strategy category. Forrester notes that “the focus on endpoint security has increased as cyber risks shift from the network to the endpoints, prompted by increasing amounts of homeworkers and the bulk movement of data from enterprise network-connected data centers to edge devices.”

Microsoft Defender for Endpoint is seamlessly built into Microsoft 365 Defender, and their XDR offering brings capabilities for identities, endpoints, cloud apps, email, and documents.

Microsoft 365 Defender delivers intelligent, automated, and integrated security in a unified security operations (SecOps) experience, with detailed threat analytics and insights, unified threat hunting, and rapid detection and automation across domains – detecting and stopping attacks anywhere in the kill chain and eliminating persistent threats.

Image (c) Forrester Research 2021

7. Unstructured Data Security Platforms

Microsoft has significantly increased their investment in building risk management and compliance solutions, inclusive of information protection and data loss prevention (DLP). They delivered new solutions, such as Microsoft Information Protection, Endpoint DLP, and product features, including trainable classifiers, the “know your data” dashboard, and enhanced sensitive information types, to name a few. Additionally, Microsoft continues to invest in extending the Microsoft Information Protection ecosystem with continued innovation via their SDK. Over 200 partners now extend this protection capabilities to various industry or vendor specific use cases.

Image (c) Forrester Research 2021

8.Cloud Security Gateways

Microsoft Defender for Cloud (formally Cloud App Security) received the highest possible score in the strategy category.

Defender for Cloud is focused on helping organisations gain visibility of all their cloud apps, discover shadow IT, protect sensitive information anywhere in the cloud, enable protection against cyber threats, assess compliance, and manage security posture across clouds.

Image (c) Forrester Research 2021

Read the digital defence report

To find out more read the Microsoft Digital Defence Report.

https://www.microsoft.com/en-gb/security/business/be-fearless

Microsoft’s new “Cyber Signals” gives vital insights into current cybersecurity threats

Microsoft has launched their first Cyber Signals, a new quarterly cyber intelligence brief that highlights the latest cyber security threats, tactics, and strategies and is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers and other senior security opps teams.

Microsoft Cyber Signals Report

The brief is built using Microsoft’s extensive threat and data and research which leverages insights from more than 24 million security signals as well as intelligence data mined from the monitoring of 40 nation-state groups and over 140 threat groups. Microsoft has focused the first edition specifically on identity, which they believes is “the battleground for security” and the biggest weakest link in most organisations security posture.

In the briefing, Microsoft state that “Our identities are made up of everything we say and do in our lives, recorded as data that spans across a sea of apps and services. While this delivers great utility, if we don’t maintain good security hygiene our identities are at risk. And over the last year, we have seen identity become the battleground for security.

Perhaps the biggest point raised in this Cyber Signals report is the worrying low adoption of strong identity authentication across organisations. This includes multifactor authentication (MFA) which are proven to reduce the risk of compromised identity by 99.9%.

Here are they key highlights from the report.

  • Only 22% of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021.
  • Microsoft Defender for Endpoint blocked more than 9.6 billion malware threats targetting enterprise and consumer customer devices
  • From January 2021 through December 2021, Microsoft blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.

The full brief also examines how nation-states are using spear phishing attacks and targeted social engineering to obtain passwords and other sensitive data. It also details the latest Ransomware attack trends and how they are being along with guidance and recommendations for how to stop the attacks.

“Microsoft ended 2021 with 71 billion cyberattacks blocked.”

Microsoft Cyber Signals

Much of the research explained by leading security chiefs including Christopher Glyer – the principal threat intelligence lead at the Microsoft Threat Intelligence Center which employs nearly 4,000 security experts and threat hunters.

You can learn more about these trends and read the report on Microsoft’s Security Blog site….

… Oh and please let’s get MFA enabled for all corporate accounts and close that front door!

Use MFA

Defender for Endpoint now included within Microsoft 365 E3/A3

As of today (14th Jan 2022) Microsoft Defender for Endpoint Plan 1 is now included within Microsoft 365 E3/A3 licenses.

Microsoft Defender for Endpoint (Plan 1) extends Microsoft 365 security by including world class threat and attack prevention capabilities to help you deliver against your Zero Trust strategy, reduce cost (by negating the need for additional products) and simplifies security management.

Defender for Endpoint Plan 1 includes the following key features (among others).

  • Next generation, born in the cloud, antivirus, anti malware and anti ransomware protection that leverages all the intelligence of the Intelligent Security Graph to help keep users endpoints secure and protected.
  • World class attack surface reduction capabilities that harden the device, prevent zero day attacks, and provide granular control over access.
  • Device based conditional access which leverages Azure AD and the Intelligent Security Graph to provide additional layers of protection and breach protection and forms a key part of your Zero Trust Security architecture.

Microsoft Defender is a Top right Magic Quadrant leader for Endpoint Protection.

Gartner Magic Quadrant for Endpoint Protection

What’s included in Defender for Endpoint Plan 1

The following diagram from Microsoft illustrates the key services and features included within both Plan 1 (now part of Microsoft 365 E3 and A3) and Plan 2 (part of Microsoft 365 E5 and A5 or available as an add-on).

Defender for End Point Plan 1 vs Plan 2.

Microsoft Defender for Endpoint Plan 1 supports client endpoints running Windows 7 with Extended Security Updates, 8.1, 10, 11, macOS, Android, and iOS.

What about Plan 2?

Microsoft say that Plan one provides a strong baseline and leading edge protection against modern day, zero day and every advancing threats.

For the complete set of endpoint security capabilities, as shown above, Microsoft advise that organisations strongly consider Microsoft Defender for Endpoint Plan 2.

“Plan 2 builds on Plan 1 and provides a best in class EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities which which combined with the wider Microsoft Defender suite provides seemless, integrated and cross architecture protection”.


To find out more, please refer to the official Microsoft documentation.

https://aka.ms/MDEP1docs

Microsoft adds SafeLinks protection to Teams

Microsoft 365 now has “Safe Links” protections across Microsoft Teams for any organisation that uses Microsoft Defender for Office 365 (formally Office 365 ATP).

Defender for Office 365

What is Safe Links?

Safe Links is a feature of Defender for Office 365 that scans URLs clicked by end users to check for malware and malicious or phishing sites in real time.

Safe Links was first introduced in 2015 (for just Exchange Online at the time) and was originally used to “detonate” links in e-mails to detect malicious payloads. Safe Links was subsequently added to Microsoft 365 applications, as well, such as PowerPoint and Word.

With the latest update and expansion across Microsoft 365, Safe Links now provides transparent, integrative and native intelligent protections against malicious links in conversations, group chats and channels chat across Microsoft Teams.

Enabling the feature

This can be configured in the Microsoft 365 Defender portal. Detailed instructions can be found here

As with SafeLinks across the other Office services, admins can add exclusions and trusted sites if needed.

Microsoft buys CloudKnox, the only multi-cloud, hybrid cloud permissions management platform

After their acquisition RiskIQ just last week and ReFirm the month before, Microsoft have just annouced they are now aquiring CloudKnox, a leader in Cloud Infrastructure Entitlement Management (CIEM).

Who are CloudKnox?

Founded in 2015, CloudKnox, are the only multi-cloud, hybrid cloud permissions management platform that provide granular visibility, automated remediation and continuous monitoring consistently enforcing least-privilege principles to reduce risk. CloudKnox works with Azure, as well as the AWS and Google public clouds as well with leading virtualisation and hybrid cloud vendors including VMware.

Image displaying key features of CloudKnox
CloudKnox

CloudKnox are the leaders in Cloud Infrastructure Entitlement Management (CIEM) space and offers complete visibility into privileged access within cloud services.

What Microsoft plans to do with the CloudKnox acquisition.

In Microsoft’s most recent security blog, Joy Chik (VP of Identity at Microsoft) said:

“Modern identity security needs to protect all users and resources consistently across multi-cloud and hybrid cloud environments….Today, Microsoft is taking a significant step toward this goal with the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. This strengthens our comprehensive approach to cloud security.”

Joy Chik, Corporate VP of Microsoft Identity

The post (which can be read here) summarises how Microsoft will leverage the CloudKnox technology to help Security Admins with tasks such as managing privileged access in multi-cloud and hybrid cloud environment through a set of comprehensive yet simple threat assessments and prevention methods as well as ensuring security enforcement and governance.

Finally Microsoft said that the acquisition of CloudKnox will allow Microsoft to further harden Azure Active Directory with more granular visibility, continuous monitoring and automated remediation for their hybrid and multi-cloud identities, access and permissions further solidifying their market leading position in Identity and Access Management.


There are no clouds in space… But there is Azure!

I read an article recently about Stephen Kitay – the Former Deputy Assistant Secretary of Defense for Space Policy, who is now  Senior Director at Microsoft Azure Space. It got me thinking… Firstly.. what a cool job title…. and secondly… what is Azure Space..

It’s quite cool.. Tech and Space!

Microsoft says that “Azure Space was created to be the platform and ecosystem of choice for the mission needs of the space community” . It’s designed to make connectivity and compute increasingly attainable across industries including agriculture, energy, telecommunications, and government.”

Azure Space Overview

I loved researching and sharing some of what I read. What a great project to be part of… Imagine being asked what do you at a networking event and saying “supporting customers on their space missions off and on the planet, using the power of cloud and space technology to help business across industries re-imagine solutions to some of the world’s most challenging problems”

Taking cloud-powered innovation beyond Earth with “Azure Space”.

With the enormous challenges space presents, there also comes great opportunity. The space community is growing rapidly, and innovation is lowering the barriers of access for public and private sector organizations.

Microsoft is the first hyperscale cloud service provider to join the Space Information Sharing and Analysis Center (ISAC) as a member organization and they plan to share our unique global threat insights to protect critical infrastructure and strengthen cybersecurity expertise across the space community.

What is the purpose and applications for Azure Space?

Microsoft are diligently working to make Azure the platform of choice for the mission needs of the space community, bringing our unique global threats insights to protect critical infrastructure and strengthen cybersecurity expertise in the space industry“.

But…. Its not just about sticking Azure in space stations and shuttles.

Putting compute, data and AI into space makes connectivity and compute increasingly more attainable and accessible across the globe and has huge benefits across industries such as agriculture, energy, telecommunications as well as across the public sector and in particular in regions where traditional connectivity and access to compute is more sparse. Third and developing world nations will also hugely benefit. “ our ambition is to grow the entire world community, which is the basis for Azure Space.”

OK so what is Azure Space though?

Azure Space is basically a set of innovative service offerings, a new partner ecosystem and a global strategy focused on specific core areas to addresses never-before-seen security challenges. Azure Space is made up of 3 main things..

Azure Space Components Overview

Azure orbital

Azure Orbital is a Ground Station As-a-Service that provides communication and control of a satellite and enables satellite operators to communicate with and control their satellites, process data, and scale operations within Microsoft Azure.

Azure Orbital brings satellite data directly into Azure, where it can immediately be processed with market-leading data analytics, geospatial tools, machine learning, and Azure AI services.

In essence Azure Orbital will allow  organisations/providers of “space connected stuff”, to take full advantage of the Microsoft’s global network and services infrastructure to build new product offerings and services with the edge, 5G, SD-WAN, and AI.

Azure Modula Datacenter

 The Azure Modular Datacenter (MDC) is a complete, rugged datacenter solution for organisations/servjce providers that need cloud computing capabilities in hybrid, sparse or challenging environments like space.

Microsoft designed the MDC to support high-intensity, secure cloud computing in challenging environments, such as situations where critical prerequisites like power and building infrastructure are unreliable. Built on Azure Stack(r), it is a self-contained unit the provides the capability to deploy a complete datacenter to remote locations, or to complement existing infrastructure. The MDC runs primarily on terrestrial fiber, low-bandwidth networks, or be completely disconnected.

Azure Orbital Simulator

With space mow opening up to more commercial and government space organisation, the pace and demand of developing interconnected satellite networks increases exponentially.

To aid with this, Microsoft have created Azure Orbital Emulator, an emulation environment that conducts massive satellite constellation simulations with software and hardware in the loop. This allows satellite developers to evaluate and train AI algorithms and satellite networking before ever launching a single satellite reducing cost, time and money as well as human safety naturally. With Azure Orbital Emulator, Azure can emulate an entire satellite network including complex, real-time scene generation using pre-collected satellite imagery for direct processing by virtualized and actual satellite hardware.

“The Goal of Azure Orbital Emulator is to aid the preparation of space missions with the power of Azure.”

Azure Orbital Emulator is already being used Azure Government customers globally.

Credits and further reading

Some of the content here is referenced/quoted from the full comprehensive report. https://www.helpnetsecurity.com/2021/07/13/microsoft-azure-space and on twitter at @helpnetsecurity. Much of the information comes from Microsoft Azure blogs referenced below.

For further reading (it’s quite interesting) you can read Microsofts official blurb and ongoing updates here.

Microsoft makes another security acquisition…

Microsoft has just announced that they are to acquire cyber security company RiskIQ in a $500m deal.

RiskIQ provide cloud-based software as a service (SaaS) for businesses to identity various phishing, fraud, malware and other online threats.

Risk IQ

Microsoft’s Eric Doerr (VP of Cloud Security) explained in their annoucement how RiskIQ’s expertise and global threat intelligence platform will help their customers to better apprehend online threats in their digital transformation journey with the technology to become part of their integrated Security and Threat protection suite(s).

“The combination of RiskIQ’s attack surface management and threat intelligence empowers security teams to assemble, graph, and identify connections between their digital attack surface and attacker infrastructure and activities to help provide increased protection and faster response”.

Eric Doerr (Microsoft VP of Cloud Security)

Microsoft have a growing and comprehensive industry leading portfolio of integrated security and threat protection solutions for addressing the needs of hybrid and multi-cloud environments. The acquisition of RiskIQ’s expertise follows an ongoing list of acquisitions in the cybersecurity area.

“Our (Risk IQs) technology and amazing people will be a powerful addition to Microsoft solutions. Together, we’ll empower CISOs and security operations teams to proactively detect and defend their enterprise against all threats, both on-premise and across multi-cloud. “

Statement from RiskIQ

You can read the full annoucement in the Microsoft Security Blog here.

Microsoft “Authenticator app” now lets users change their passwords directly from the app

The Microsoft Authenticator app on Android has been updated and now lets users change security information and passwords right from within the app. This update also lets users view recent sign in activity, such as recent login attempts or changes to their account. This features update bring the android version upto date with the iOS version, which got this update back in May.

With the updated version, users can tap on the account name in the app which then opens a full-screen page for that account’s settings. Here it provides the one-time passcode for second-factor authentication, along with other options such as changing the password, updating security information, reviewing recent activity, and removing the account from authenticator should you wish.

These options are presented directly inside the app in a kind of in-line browser that lets users perform these actions without needing to switch to a browser or make these changes on the web. This works for corporate accounts as well as personal Microsoft accounts such as those with personal Microsoft 365 accounts.

Note: the account management options are not be available to Azure AD accounts as Microsoft want to empower IT admins to choose which options are made available to users from the Authenticator App.

Users can download the Microsoft Authenticator app for Android from the Google Play Store here.

There’s a myth that #Microsoft doesn’t “do” #security… Think again..

The myth that Microsoft isn’t a security vendor continues… led mainly by the traditional security appliance vendors and organisations that are still predominately on premise and therefore defend their data centre and office perimeters with traditional security blockers.. (sorry that was a bit of a generalist statement and not meant to offend)!

In reality, nothing could be further from the truth. With more than a billion dollar investment in security each year (excluding acquisitions), Microsoft has been recognised as a leader in multiple security-related Gartner Magic Quadrants, the Forrester Wave for Endpoint Security, and by I dependant AV testing firms such as AV TEST, AV Comparatives, and SE Labs in 2019 alone.

Security is built in across everything Microsoft designs, deploys and makes available and I’m proud to work and lead a certified and accredited partner is this space with Gold in Enterprise Mobility and Security competencies.

Check out the latest reports:

Take the time to read the reports and I’d love to hear your experiences thoughts and views on where you think Microsoft has its biggest gaps in this space.

Finally, theres some new announcements this week at Ignite to be sure to check these out.. The latest today is the announcment of #safedocuments which adds ATP type protection to Office desktop apps. Rolling over the next couple of month, when a user wants to consider a document “trusted”, Safe Documents will automatically check the file against the ATP threat cloud before it releases the document.

Thanks for reading and have a good day..
Rob

New WannaCry-type exploit threatens XP, Server 2003 and Windows 7… What do you need to do?

Microsoft has started warning users of older versions of Windows desktop and Sever to urgently apply a Windows Update today to protect against a potential widespread attack similar to the infamous WannaCry attack.

“Windows 7 users are still vast.. Make sure you are patched..”

Microsoft have yet again issues patched to close the critical remote code execution vulnerability that can be exploited in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions including Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.

Microsoft seems to be continually “doing the right thing” of still releasing critical patches for Windows XP and Windows Server 2003 even though both operating systems have been out of support for some time.

Anyone still running Windows XP, (yes I know) will need to manually download the update from Microsoft’s website.

As you know Windows 7 reaches end of extended support in just 7 months. #Windows10 offers more than 30 odd significant advances in security and OS hardening compared to its older siblings and whilst many organisations are rapidly migrating to #Windows10 there are still many organisations that have not.

Microsoft did announce yesterday extended support for Windows10E5 subscribers for another 12 months as a benefit to their “commitment” to move to Windows 10.