close

Azure Network

Azure Network

Microsoft Thwarts Largest Azure DDoS Attack Ever

DDoS-Attacks

Cyber-Security-Lock-Pixabay

Microsoft says it has prevented the biggest ever Distributed Denial-of-Service (DDoS) attack. According to the company, it mitigated the record threat during the summer. In doing so, the company stopped an Azure customer in Europe from becoming a victim.

In its Azure blog, Microsoft points out the DDoS attack had a peak bandwidth of 2.4 terabytes per second (Tbps). This means it was 140% larger than any other previous DDoS bandwidth Microsoft has seen.

Microsoft says the August attack was over within 10 minutes but included short episodes of high traffic. Those short bursts reached 2.4 Tbps, while others were recorded at 1.7 Tbps and 0.55 Tbps. Like other types of DDoS attacks, the goal was to overwhelm systems with too much traffic, causing them to go offline.

Importantly, despite being a record attack, Microsoft says it was still below what Azure DDoS security features are designed to handle:

“Azure’s DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks,” explains Microsoft. “This aggregated distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need.”

Azure Security in Action

Because of Microsoft’s mitigations, the customer did not see any impact from the attack, including no downtime. If the attack had worked, it would have had a significant impact and caused financial damage to the customer.

“The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States,” explains Microsoft’s Amir Dahan, senior program manager, Azure networking.

Tip of the day: Thanks to the Windows Subsystem for Linux (WSL) you can run complete Linux distributions within Windows 10. In our tutorial, we show you how to install Ubuntu or other Linux packages and how to activate the bash shell.

Source Winbuzzer

read more
Azure NetworkAzure VM

Mozilla Firefox Overcomes Microsoft Edge Default Barrier with In-Built Button

no thumb

Mozilla-Firefox-Logo

Microsoft Edge is the default browser on Windows, as you would expect considering it is Microsoft’s own platform. However, the company gives users the choice to switch to other default browsers, among them Mozilla Firefox. We recently reported how switching to another default browser (or any program) will become more difficult on Windows 11.

To overcome Microsoft’s various paths to change the default, Mozilla has quietly made some changes. The company is making it easier for users to switch permanently to Firefox. The changes will work on Windows 11, as well as Windows 10.

With the release of version 91 of Firefox, Mozilla included a method for setting the browser as default in Windows. In fact, this was a clever bit of reverse engineering, taking Microsoft’s one-click default choice for Edge and applying it to Firefox.

In other words, it is now possible to set Firefox as the default from directly within the browser.

“People should have the ability to simply and easily set defaults, but they don’t,” Mozilla tells The Verge. “All operating systems should offer official developer support for default status so people can easily set their apps as default. Since that hasn’t happened on Windows 10 and 11, Firefox relies on other aspects of the Windows environment to give people an experience similar to what Windows provides to Edge when users choose Firefox to be their default browser.”

Windows 11 Changes

With the launch of Windows 11 next month, making non-Microsoft apps default will be more difficult.

On Windows 11, users get just one chance to see and select browser alternatives before Microsoft hides them Specifically, like on Windows 10 when you open a web link for the first time, or install a new browser, the platform gives you the opportunity to select it as default.

Unless you choose “always use this app” this first time, the browser will not become default. Sure, this is the same as normal, and equal to Windows 10. Users simply could right click a file, web link, app, or shortcut and choose the “open with” option and then “always use this app”.

On Windows 11, this process is different and more confusing. Instead of a catch all toggle like “always use this app” or “always open with this program”, Microsoft is changing app defaults. The company will now force users to set defaults for every link type or file. Yes, instead of a universal toggle, you have to work through each format like HTML, PDF, SVG, HTTPS, etc.

For example, to set Mozilla Firefox as the default browser, you will need to change the default across 11 individual file types. Of course, this is an overly complex process with the only explanation being Microsoft is trying to make it harder for users to choose other browsers.

Tip of the day: Did you know that your data and privacy might be at risk if you run Windows 10 without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

Source Winbuzzer

read more
Azure App ServiceAzure DRAzure Network

Cybersecurity Paradigms – Is Remote Work a Hacker’s Paradise?

206-08-02-2021-BLOG-Hackers-Paradise-LOW-1-1-340×200

The cybersecurity paradigm is built on being prepared for the unexpected. Organizations have long relied on strategies like employee training, security procedures and IT solutions help defend against cyber threats.

But the giant upheaval brought by the COVID-19 pandemic has led to a staggering 500% increase in the number of attacks. Hackers are eager to take advantage of weaknesses and vulnerabilities introduced by the rapid shift to remote work, which left many organizations without the time or expertise to implement changes in their IT infrastructures securely. For example, some allow employees to use unsecured Remote Desktop Protocol (RDP) services, which has become one of the chief attack vectors for ransomware. In addition, many cybersecurity teams are struggling to maintain the security of networks, company devices and data being accessed remotely, while working remotely themselves.

Remote work is almost certainly here to stay. For example, a survey from Deloitte found that almost three-quarters of employees working in financial services rate their work-from-home experience during the lockdown as positive, and so do company executives. Similarly, PwC’s January 2021 report on remote work states that 83% of employers say the shift to remote work has been successful for their company, up from 73% in their June 2020 survey.

Therefore, it’s imperative for organizations to rethink their security strategies with remote work and the current threat landscape firmly in mind. My talk at The Experts Conference (TEC) in September 2021, Hacker’s Paradise: Top 10 Biggest Threats when Working from Home, will provide a deep analysis of the top threats to pay attention to, along with practical recommendations for both technical teams and decision makers.

Some of the top threats in a work-from-home world

Here’s a sneak peek at a few of the threats I’ll cover at TEC:

Phishing emails

Phishing activity increased from 1 in 10,000 emails in Q3 2019 to 1 in 4,200 emails in the beginning of 2020.

Cybercriminals use phishing emails to pose as a legitimate authority or institution in order to lure individuals into providing sensitive data, such as personally identifiable information (PII), banking and credit card details, and login credentials. The email can include a malicious attachment that, if opened, launches malware to collect this data, or a link to a fake corporate website that tricks the victim into entering the information.

This technique can be highly effective. Indeed, my company’s experience in performing controlled phishing campaigns reveals that around 25% of corporate users fall for them. In fact, sometimes it takes just 40 seconds for a user to click on a malicious link after receiving the phishing email.

Once attackers have a user’s credentials, even multifactor authentication (MFA) may not be enough to keep them out of your network. For example, hackers can intercept both call-based and SMS one-time passwords (OTPs) commonly used in MFA.

Insecure Wi-Fi networks

Another risk of remote work is the use of insecure Wi-Fi networks, such as those at airports or cafés. Attackers can provide a fake access point with the same SSID; if a user connects to it instead of the real one, the attacker can redirect them to a malicious webpage that looks exactly the same as the legitimate one. When connected to the same insecure public Wi-Fi network as a victim, an attacker can also perform Man-in-the-Middle attacks on a victim’s workstation to achieve similar effects.

VPN pivoting attacks

Another tactic that can make remote work a hacker’s paradise is a VPN pivoting attack. Once an attacker has control over a machine that is connected through VPN to the company network (for example, because the user has opened a malicious attachment), they can treat the workstation as a proxy. The hacker will be able to see the infrastructure that the user has access to and will be able to connect to the cloud infrastructure as well. For example, in 2020, attackers were able to take control over the internal infrastructures of many companies by using a backdoor in SolarWinds Orion software and compromising Microsoft 365 accounts. In my presentation, we will take a closer look at how this is possible and why additional inspection is necessary for all incoming VPN traffic.

 

Source Practical365

read more
Active DirectoryAzure ADAzure App ServiceAzure BackupAzure MediaAzure NetworkAzure SQLOffice 365Sharepoint

Attend TEC 2021 and Learn from the Very Best

TEC-340×200

TEC 2021 (The Experts Conference) takes place as a free virtual event on September 1-2. Practical365.com has a close relationship with TEC as many of our writers are TEC speakers, so I thought that I’d highlight some of the sessions I am looking forward to. Many other sessions covering different topics are on the TEC agenda, so you’re sure to find something interesting to attend.

Please register for TEC to access the sessions. Even if you can’t attend on the day, you’ll be able to use your registration link to access recordings afterwards. Of course, attending live is best because you’ll then have the chance to participate in the live Q&A following the recorded segment of each session. Be nice to the presenters and don’t throw too many curve balls… With that said, here’s my curated list of TEC 2021 sessions. All times are in U.S. eastern time.

Artificial Intelligence and Microsoft 365

Some excellent Microsoft speakers are going to share their unique perspectives on different aspects of Microsoft 365 technology. At 10:30AM on September 2, Jeffrey Snover, the CTO for Modern Workplace Transformation (a fancy name for making stuff work across Microsoft 365) will deliver a keynote covering the use of artificial intelligence within Microsoft 365. Sometimes people get worried about the use of machine learning and AI within Microsoft 365 as they see features like insights and suggested responses turn up in email and meeting requests. I’m more focused on the use of AI in applications like Viva Topics. Jeffrey says that AI will make features more intelligent and easier to use. Turn up and see what you think!

Protecting Office 365 Against Attack

Practical365 traffic spiked in March when the Hafnium attack exploded and many Exchange on-premises administrators discovered just how exposed their servers were to attack. Alex Weinert, Director of Identity Security, is going to improve our knowledge about how attacks develop, the techniques used to penetrate systems, and how Microsoft and other security companies work to mitigate and close off vulnerabilities. Specifically, he’s going to analyze the Nobelium (SolarWinds) attack in December 2020 during his 1:30PM session on September 1.

Using Sensitivity Labels with SharePoint Online

Sensitivity labels are a great way to apply rights management-based encryption to Office documents. They can also be used to protect containers (Teams, Groups, and Sites). I can’t think of a better person to come along and talk about how to protect SharePoint Online and OneDrive for Business with sensitivity labels than Sanjoyan Mustafi, a Principal Product Manager who’s one of my go-to people whenever I have a question about the inner workings of sensitivity labels for SharePoint content. Sanjoyan speaks at 1:30PM on September 2. Apparently, he might even drop some hints about some new features due to appear soon.

Collaborating Teams Channels

A conference would be a pretty bland affair if only Microsoft people spoke, so TEC has many other experts come along to talk about different aspects of technology. MVP Curtis Johnstone talks at 12:45PM on September 1 about the different types of channels used in Teams, including the new shared channels first revealed in March and now getting close to public preview. Curtis plans to cover how shared channels work, differences with private channels, and how organizations can govern channel use.

Power Automate and Teams

Microsoft spends a lot of time banging the publicity drum for Teams and Power Automate. MVP Christina Wheeler brings some practical advice (always appreciated at Practical365.com) at 1:30PM on September 1 to show how to connect the two technologies to get real work done by exploring how to launch a flow from a Teams bot.

Go to OneDrive

At 12:45PM on September 2, MVP Andy Huneycutt dives into the topic of moving people off network drives to OneDrive for Business. Many good business and technology reasons exist for this transition. Better data governance, more stable infrastructure, more visibility over content, better sharing, and so on. And of course, the simple fact that Office 365 and Microsoft 365 apps are built to use OneDrive for Business (Stream and Whiteboard are both moving their storage to OneDrive for Business). Why anyone would stay on old-fashioned network drives is beyond me…

Manage Exchange Online at Massive Scale

SAP is a very large software company that also uses Exchange at massive scale. MVP Ingo Gegenwarth gets lots of practice running PowerShell scripts to process tens of thousands of objects, and he’s going to share his experience and give some tips and techniques for how to approach the problem of dealing with so many objects at 2:30PM on September 1. I suspect Ingo might even say that it’s a good idea to use the Microsoft Graph API with PowerShell to get data about service incidents or interrogate Azure AD.

Removing the last Exchange On-Premises Server

After the Hafnium exploit in March, some organizations started to look more closely at the question of removing the last Exchange on-premises server. This has been a hotly debated topic for years, with some people saying that it’s easy to do (by performing brain surgery with ADSIEdit) and Microsoft continually saying that they are seeking a more graceful solution. Steve Goodman takes on the challenge of reporting the current situation at 12:45PM on September 2.

Group Policies Are Dead: Long Live Intune

I hate Group Policy Objects (GPOs). For years, they’ve been a necessary evil to enable workstation and server management. Intune is a better solution, especially in the world of Microsoft 365 where the PC is not the sole focus. Paul Robichaux covers this topic at 11:45AM on September 2 with a real focus on making management easier for your Microsoft 365 tenant.

Leveraging the Graph to Manage Microsoft 365

Finally, if you have time, you could attend my session at 11:45AM on September 1 where I’ll discuss how to use the Microsoft Graph APIs to manage Microsoft 365 tenants and applications. This is not a session for programmers. It’s focused on tenant administrators who automate processes with PowerShell today and want (or need) to use some Graph APIs with PowerShell. Maybe it’s just to get work done faster (like when you need to process thousands of mailboxes) or it’s because a Graph API is the only way to change a tenant setting.

Many Practical365.com articles cover different aspects of using the Graph APIs from reporting the storage used by Teams channels to updating tenant privacy controls. It should be a fun session (for me anyway!).

Enjoy TEC 2021. I plan to and hope that you’ll come along and have a terrific time sharing knowledge with some excellent speakers.

Source Practical365

read more
Azure App ServiceAzure MediaAzure Network

How Microsoft Azure is Leading the Way for Mainstreaming Supercomputers on the Cloud

no thumb

Met-Office-Server-Microsoft

The days of supercomputers being a niche product are in the past. Companies are building hardware that is streamlining the concept of super computing and Microsoft is leading the way with its Azure platform. By leveraging its servers and using cloud to handle the high performance computing (HPC) workloads, the company is increasingly bringing supercomputers to the cloud.

In a report, ZDNet points out how Microsoft is using Azure to become a leader in mainstreaming supercomputer technology. In fact, the newest Top500 list released in June shows Microsoft Azure with four supercomputers within the top 30. Amazon Web Services (AWS), Azure’s biggest competitor, has just a single entry in the top 500 (41st).

You may be wondering why the race is on to make supercomputers are part of everyday computational output. Well, as datasets become increasingly large and complex, only a supercomputer can efficiently sort the information. For example, simulations of millions of data points run through multiple times to see different scenarios would take years to organize using even the best cloud virtual machines.

Instead, the data needs to be distributed so systems work on specific areas. The only machines with the computational power necessary are supercomputers. While the hardware for supercomputers has traditionally been off the cloud, there is an increasing push towards these computers living in cloud data centers.

Azure HPC

For Microsoft, that means Azure HPC (high performing computer), a service that allows complex computational loads. Microsoft describes the platform as a new way to have all computational needs in one product:

“Azure high-performance computing (HPC) is a complete set of computing, networking and storage resources integrated with workload orchestration services for HPC applications. With purpose-built HPC infrastructure, solutions and optimized application services, Azure offers competitive price/performance compared to on-premises options with additional high-performance computing benefits. In addition, Azure includes next-generation machine learning tools to drive smarter simulations and empower intelligent decision making.”

Microsoft’s push to make supercomputers usable in everyday scenarios for major organizations is already visible. Back in April, the company combined its Azure HPC offering with the UK Met Office to develop a weather-predicting supercomputer. In fact, one of the top 25 most powerful supercomputers in the world.

The Met Office will base the supercomputer in the south of the UK, and it will be operational from summer 2022. Microsoft says the machine will have a 10-year lifespan. While the UK is not home to the most devastating of weather, climate change is causing concerns about increasingly powerful storms, snow, and floods.

Microsoft’s supercomputer technology on Azure will provide deeper prediction by analyzing bigger sets of data more efficiently. By leveraging AI and simulations, the solution will provide richer weather models for more accurate forecasting.

Tip of the day: Did you know that as a Windows 10 admin you can restrict user accounts by disabling settings or the control panel? Our tutorial shows how to disable and enable them via Group Policy and the registry.

Source Winbuzzer

read more
Azure App ServiceAzure Network

Using the Service Communications API to Report Service Update Messages

182-07_1-300×162

Informing Tenants About Feature Updates

I recently wrote about the transition of the Office 365 Service Communications API to become a Microsoft Graph API and how to use the API to fetch details of service incidents. As I pointed out then, the API includes the ability to retrieve information about the service update messages Microsoft posts to inform tenants about the delivery or retirement of features. These messages show up in the message center in the Microsoft 365 admin center (Figure 1) and are a great source of information about future change.

Service update messages in the Microsoft 365 admin center
Figure 1: Service update messages in the Microsoft 365 admin center

Microsoft has done a lot of work over the last few years to improve communication with tenants. They’ve:

  • Built an integration between the Message Center and Planner to synchronize updates to Planner. Tenants can then use the tasks created in Planner to assign responsibility for managing the introduction of new features or phasing out of old features. We recommend that all tenants consider using this integration to help manage change.
  • Added extra information to the messages to highlight the affected services (like Exchange Online, SharePoint Online, and Teams).
  • Introduced better filtering capability in the Message Center.

Even so, challenges still exist in dealing with the volume of updates Microsoft introduces annually. It’s not just reading about the changes as they appear to understand how a new feature will affect users and the business, or how to manage something like the retirement Skype for Business Online on July 31, 2021. Not everyone has the time or opportunity to keep tabs on new posts in the message center, and when they do, it can be challenging to understand some of the text created by Microsoft development groups to describe what they’re doing (intelligent people aren’t necessarily great writers). Another problem is tracking the frequent slippage in dates when Microsoft predicts features will be available. While Teams is notable for the high percentage of missed dates, no workload hits all its commitments.

Custom Message Processing

Good as the Message Center is, it’s always good when you can do things your own way, and that’s why the Office 365 Service Communications API is valuable. My last article covers the basics of connecting to the API and fetching data. Here we focus on the Messages API and how to extract and manipulate service update messages with PowerShell.

I like to think of practical examples to illustrate how something works. In this case, my example is a report of the service update messages flagged for tenants to act by a certain date. For instance, Teams ceased support for IE11 after November 30, 2020. That date is long gone now but a message to remind administrators of the fact remains. You could argue that this is an example of something Microsoft should clean up; equally, you could say that it’s a prompt for tenants to move off IE11 to Edge, which is why Microsoft might have left the message in place. In any case, it’s a message with an act-by date. Looking at the message center as I write, of the 256 messages, 31 have act-by dates.

I discovered this fact by running a simple Graph query using a registered app with consent to use the ServiceMessage.Read.All permission:

This code sets a date range to check service update messages against (I chose 180 days in the future) and sets up a query to find messages with an action required date less than the date. The code then runs the query and extracts the message data from the information the API returns. An individual message looks like:

So far, so good. We have some data, and the nice thing about having some data to play with is that we can decide how to slice and dice the information to make it more digestible for the target audience.

Let’s assume that we need to convince managers of the need to do some up-front preparatory work before Microsoft delivers new software to the tenant. Asking managers to go to the Microsoft 365 admin center isn’t feasible. In my experience, busy managers are more likely to review information if given a spreadsheet or report.

The next task is therefore to create code to loop through the message data retrieved from the Graph and generate suitable outputs. Apart from removing all the HTML formatting instructions from the descriptive text for a message, there’s no great challenge in this code. To make things interesting, I computed the time remaining between the current time and the action by date and flagged overdue items. You can download the complete script from GitHub. Figure 2 shows the HTML version of the report. The script also generates a CSV file.

Service update message data reported in HTML file
Figure 2: Service update message data reported in HTML file

Generating a Word Document

Given the flexibility of PowerShell, you could even create Word documents using message data in an approved form. Here’s some code to generate a Word document containing details of a message center notification.

Figure 3 shows an example of a Word document generated using the code.

A Word document generated by PowerShell using service message data
Figure 3: A Word document generated by PowerShell using service message data

Access Drives Innovation

The nice thing about having access to data is that innovative people will do interesting things with the data. Being able to process Microsoft 365 service update messages to extract whatever value you see in the information is goodness. The only question is how best to make use of the opportunity…

Source Practical 365

read more
Azure Network

Microsoft Azure is Sharing Customer Information and Allowing Publishers to Contact Customers

privacy-policy-bluediamondgallery-reuse-646×420

A security researcher says Microsoft Azure and Canonical are creating a privacy issue by allowing sales reps to track users spinning Ubuntu Linux on Azure. Bentley Systems advisor Luca Bongiorini was stunned when a Canonical sales rep contact him shortly after he spun an instance of Ubuntu 18.04 on Microsoft’s cloud platform.

Just three hours later, he received a message from a rep saying, “I saw that you spun up an Ubuntu image in Azure.” Bongiorni was stunned that a salesperson was able to track him in such a manner. It is worth noting Canonical is the developers behind Ubuntu.

Outraged by this breach of privacy, the security expert was less than diplomatic in his response: “What the f*** is happening here? WHY [did] MICROSOFT FORWARDED TO UBUNTU THAT I SPUN A NEW VM!?!” Customer privacy, what’s that?

The situation provided Microsoft rivals with a chance to score some free points against the company. Corey Quinn, Chief Cloud Economist for Duckbill Group but also a pro-Amazon Web Services (AWS) blogger suggests Microsoft is playing fast and lose with user information:

“@azure had a GOLDEN opportunity to pull a ‘we don’t mine your data, we don’t compete with you, WHO KNOWS what @GCPcloud and @awscloud do with your confidential cloud info!’  Instead, they legit did exactly what their competitors don’t, but we worry about.”

Privacy Confusion

So, is Microsoft allowing third-party services to have almost instant access to Azure data? ZDNet reached out to the company for an explanation. According to a spokesperson, it’s withing Azure’s T&Cs to allow service/app publishers to access customer data when their product is used:

“Customer privacy and trust is our top priority at Microsoft. We do not sell any information to third-party companies and only share customer information with Azure Marketplace publishers when customers deploy their product, as outlined in our Terms and Conditions. Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes.” 

Canonical confirms this is what happened in this instance:

“As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules. On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies.”

Microsoft also adds:

“If you purchase or use a Marketplace Offering, we may share with the Publisher of such Offering your contact information and details about the transaction and your usage. We will not share your Customer Data (as defined in this Section 3) with any Publisher without your permission.”

Fuzzy Privacy

One problem here is Microsoft is clearly offering a blurry privacy setup that may confuse Azure customers. For example, how does contact information (which can be shared) not fall under the same classification as Customer Data (which requires consent)?

This probably means the original Azure wrap up agreement – you know, the one no-one reads but agrees to anyway – is all the consent Microsoft needs to share contact information. As for Bongiorini, once was enough and he is jumping to another cloud provider.

Tip of the day:

Do you get flooded by notifications in Windows 10 from apps and want to disable them completely or just the notification sound? Our tutorial shows you how to do this. As an alternative you can also configure Windows 10 Focus Assist (Do Not Disturb Mode) and set quiet hours.

Source Winbuzzer

read more
Azure Network

Microsoft Azure Synapse Analytics Now Widely Available

Azure-Synapse-Analytics-Microsoft-696×392

Microsoft is this week releasing a couple of handy new Azure cloud services as generally available (GA). Specifically, Azure Synapse Analytics and Azure Synapse Studio are now available for all Azure customers. Azure Purview, a new governance cloud tool is also arriving in preview this week.

Azure Synapse Analytics is an analytics service that manages data for business applications. It was launched at Ignite last year and the Studio element of the service came later and also in preview.

Microsoft says now both Azure Synapse Analytics and Synapse Studio are reaching GA. This announcement came yesterday following an online event hosted by Microsoft CEO Satya Nadella. He believes data and analytics will drive the ongoing digital transformation across enterprise.

Services like Azure Synapse make digital transitions easier by streamlining data for organizations.

automatically prepares and manages data for business intelligence applications. Microsoft describes it as an extension of Azure SQL Data Warehouse as it leverages analytic data from warehouse systems across organizations.

“Today, businesses are forced to maintain two types of analytical systems — data warehouses and data lakes. Data warehouses provide critical insights on business health. Data lakes can uncover important signals on customers, products, employees, and processes,” said Azure Data corporate vice president Rohan Kumar in a blog post at the time. “Both are critical.”

Synapse Analytics comes with a dedicated workspace called Azure Synapse studio. Here customers can access tools for managing data, big data, AI tasks, and more. Additionally, users have the ability to manage data pipelines from data sets.

Azure Purview

Microsoft has also revealed Azure Purview is arriving in preview. Previously known as “Project Bablylon” internally, this tool can be used seperately or within Azure Synapse Analytics.

Azure Purview provides more data governance to cloud customers by tapping into the Microsoft Information Protection service. According to the company, the new tool can help organizations protect data more broadly. For example, it will help protect data coming from non-Microsoft services:

“By extending Microsoft Information Protection’s sensitivity labels with Azure Purview, organizations can now automatically discover, classify, and get insight into sensitivity across a broader range of data sources such as SQL Server, SAP, Teradata, Azure Data Services, and Amazon AWS S3, helping to minimize compliance risk.”

Source Winbuzzer

read more
Azure Network

Microsoft Azure Synapse Analytics Now Widely Available

Azure-Synapse-Analytics-Microsoft-696×392

Microsoft is this week releasing a couple of handy new Azure cloud services as generally available (GA). Specifically, Azure Synapse Analytics and Azure Synapse Studio are now available for all Azure customers. Azure Purview, a new governance cloud tool is also arriving in preview this week.

Azure Synapse Analytics is an analytics service that manages data for business applications. It was launched at Ignite last year and the Studio element of the service came later and also in preview.

Microsoft says now both Azure Synapse Analytics and Synapse Studio are reaching GA. This announcement came yesterday following an online event hosted by Microsoft CEO Satya Nadella. He believes data and analytics will drive the ongoing digital transformation across enterprise.

Services like Azure Synapse make digital transitions easier by streamlining data for organizations.

automatically prepares and manages data for business intelligence applications. Microsoft describes it as an extension of Azure SQL Data Warehouse as it leverages analytic data from warehouse systems across organizations.

“Today, businesses are forced to maintain two types of analytical systems — data warehouses and data lakes. Data warehouses provide critical insights on business health. Data lakes can uncover important signals on customers, products, employees, and processes,” said Azure Data corporate vice president Rohan Kumar in a blog post at the time. “Both are critical.”

Synapse Analytics comes with a dedicated workspace called Azure Synapse studio. Here customers can access tools for managing data, big data, AI tasks, and more. Additionally, users have the ability to manage data pipelines from data sets.

Azure Purview

Microsoft has also revealed Azure Purview is arriving in preview. Previously known as “Project Bablylon” internally, this tool can be used seperately or within Azure Synapse Analytics.

Azure Purview provides more data governance to cloud customers by tapping into the Microsoft Information Protection service. According to the company, the new tool can help organizations protect data more broadly. For example, it will help protect data coming from non-Microsoft services:

“By extending Microsoft Information Protection’s sensitivity labels with Azure Purview, organizations can now automatically discover, classify, and get insight into sensitivity across a broader range of data sources such as SQL Server, SAP, Teradata, Azure Data Services, and Amazon AWS S3, helping to minimize compliance risk.”

Source Winbuzzer

read more
Azure Network

Microsoft Announces Project OneFuzz for Finding Bugs at Scale

IT-Center-Azure-Project-VAST-Microsoft-696×293

Microsoft has a new project that brings a testing framework for developers on its Azure cloud service. Known as Project OneFuzz, Microsoft says this is an extensible fuzz testing framework that works across Windows, Microsoft Edge, and internally within the company.

Users can access the open source tools under an MIT license on Microsoft’s GitHub platform. If you’re unfamiliar with fuzz testing, it is a common method for locating and deleting security flaws.

Specifically, fuzz testing has become popular because it is highly effective at maintaining the security of native code. However, fuzz has often meant developers must make compromises. Most notably, while it is effective testing is typically complicated to use.

Microsoft points out fuzz testing has been expensive for developers, despite its usefulness. The company wants dev’s to harness testing earlier, allowing them to find security problems earlier in the development cycle. In a blog post, Microsoft points out doing so will remove workloads from security teams and allow them to pursue other areas.

That’s where Project OneFuzz comes in. It allows users to constantly fuzz test code before it is released.

Project OneFuzz Features

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result deduplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux OSes: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Currently supporting Azure DevOps Work Items and Microsoft Teams messages”

Source Winbuzzer

read more
1 2 3
Page 1 of 3