close

Azure Network

Azure Network

Microsoft Azure is Sharing Customer Information and Allowing Publishers to Contact Customers

privacy-policy-bluediamondgallery-reuse-646×420

A security researcher says Microsoft Azure and Canonical are creating a privacy issue by allowing sales reps to track users spinning Ubuntu Linux on Azure. Bentley Systems advisor Luca Bongiorini was stunned when a Canonical sales rep contact him shortly after he spun an instance of Ubuntu 18.04 on Microsoft’s cloud platform.

Just three hours later, he received a message from a rep saying, “I saw that you spun up an Ubuntu image in Azure.” Bongiorni was stunned that a salesperson was able to track him in such a manner. It is worth noting Canonical is the developers behind Ubuntu.

Outraged by this breach of privacy, the security expert was less than diplomatic in his response: “What the f*** is happening here? WHY [did] MICROSOFT FORWARDED TO UBUNTU THAT I SPUN A NEW VM!?!” Customer privacy, what’s that?

The situation provided Microsoft rivals with a chance to score some free points against the company. Corey Quinn, Chief Cloud Economist for Duckbill Group but also a pro-Amazon Web Services (AWS) blogger suggests Microsoft is playing fast and lose with user information:

“@azure had a GOLDEN opportunity to pull a ‘we don’t mine your data, we don’t compete with you, WHO KNOWS what @GCPcloud and @awscloud do with your confidential cloud info!’  Instead, they legit did exactly what their competitors don’t, but we worry about.”

Privacy Confusion

So, is Microsoft allowing third-party services to have almost instant access to Azure data? ZDNet reached out to the company for an explanation. According to a spokesperson, it’s withing Azure’s T&Cs to allow service/app publishers to access customer data when their product is used:

“Customer privacy and trust is our top priority at Microsoft. We do not sell any information to third-party companies and only share customer information with Azure Marketplace publishers when customers deploy their product, as outlined in our Terms and Conditions. Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes.” 

Canonical confirms this is what happened in this instance:

“As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules. On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies.”

Microsoft also adds:

“If you purchase or use a Marketplace Offering, we may share with the Publisher of such Offering your contact information and details about the transaction and your usage. We will not share your Customer Data (as defined in this Section 3) with any Publisher without your permission.”

Fuzzy Privacy

One problem here is Microsoft is clearly offering a blurry privacy setup that may confuse Azure customers. For example, how does contact information (which can be shared) not fall under the same classification as Customer Data (which requires consent)?

This probably means the original Azure wrap up agreement – you know, the one no-one reads but agrees to anyway – is all the consent Microsoft needs to share contact information. As for Bongiorini, once was enough and he is jumping to another cloud provider.

Tip of the day:

Do you get flooded by notifications in Windows 10 from apps and want to disable them completely or just the notification sound? Our tutorial shows you how to do this. As an alternative you can also configure Windows 10 Focus Assist (Do Not Disturb Mode) and set quiet hours.

Source Winbuzzer

read more
Azure Network

Microsoft Azure Synapse Analytics Now Widely Available

Azure-Synapse-Analytics-Microsoft-696×392

Microsoft is this week releasing a couple of handy new Azure cloud services as generally available (GA). Specifically, Azure Synapse Analytics and Azure Synapse Studio are now available for all Azure customers. Azure Purview, a new governance cloud tool is also arriving in preview this week.

Azure Synapse Analytics is an analytics service that manages data for business applications. It was launched at Ignite last year and the Studio element of the service came later and also in preview.

Microsoft says now both Azure Synapse Analytics and Synapse Studio are reaching GA. This announcement came yesterday following an online event hosted by Microsoft CEO Satya Nadella. He believes data and analytics will drive the ongoing digital transformation across enterprise.

Services like Azure Synapse make digital transitions easier by streamlining data for organizations.

automatically prepares and manages data for business intelligence applications. Microsoft describes it as an extension of Azure SQL Data Warehouse as it leverages analytic data from warehouse systems across organizations.

“Today, businesses are forced to maintain two types of analytical systems — data warehouses and data lakes. Data warehouses provide critical insights on business health. Data lakes can uncover important signals on customers, products, employees, and processes,” said Azure Data corporate vice president Rohan Kumar in a blog post at the time. “Both are critical.”

Synapse Analytics comes with a dedicated workspace called Azure Synapse studio. Here customers can access tools for managing data, big data, AI tasks, and more. Additionally, users have the ability to manage data pipelines from data sets.

Azure Purview

Microsoft has also revealed Azure Purview is arriving in preview. Previously known as “Project Bablylon” internally, this tool can be used seperately or within Azure Synapse Analytics.

Azure Purview provides more data governance to cloud customers by tapping into the Microsoft Information Protection service. According to the company, the new tool can help organizations protect data more broadly. For example, it will help protect data coming from non-Microsoft services:

“By extending Microsoft Information Protection’s sensitivity labels with Azure Purview, organizations can now automatically discover, classify, and get insight into sensitivity across a broader range of data sources such as SQL Server, SAP, Teradata, Azure Data Services, and Amazon AWS S3, helping to minimize compliance risk.”

Source Winbuzzer

read more
Azure Network

Microsoft Azure Synapse Analytics Now Widely Available

Azure-Synapse-Analytics-Microsoft-696×392

Microsoft is this week releasing a couple of handy new Azure cloud services as generally available (GA). Specifically, Azure Synapse Analytics and Azure Synapse Studio are now available for all Azure customers. Azure Purview, a new governance cloud tool is also arriving in preview this week.

Azure Synapse Analytics is an analytics service that manages data for business applications. It was launched at Ignite last year and the Studio element of the service came later and also in preview.

Microsoft says now both Azure Synapse Analytics and Synapse Studio are reaching GA. This announcement came yesterday following an online event hosted by Microsoft CEO Satya Nadella. He believes data and analytics will drive the ongoing digital transformation across enterprise.

Services like Azure Synapse make digital transitions easier by streamlining data for organizations.

automatically prepares and manages data for business intelligence applications. Microsoft describes it as an extension of Azure SQL Data Warehouse as it leverages analytic data from warehouse systems across organizations.

“Today, businesses are forced to maintain two types of analytical systems — data warehouses and data lakes. Data warehouses provide critical insights on business health. Data lakes can uncover important signals on customers, products, employees, and processes,” said Azure Data corporate vice president Rohan Kumar in a blog post at the time. “Both are critical.”

Synapse Analytics comes with a dedicated workspace called Azure Synapse studio. Here customers can access tools for managing data, big data, AI tasks, and more. Additionally, users have the ability to manage data pipelines from data sets.

Azure Purview

Microsoft has also revealed Azure Purview is arriving in preview. Previously known as “Project Bablylon” internally, this tool can be used seperately or within Azure Synapse Analytics.

Azure Purview provides more data governance to cloud customers by tapping into the Microsoft Information Protection service. According to the company, the new tool can help organizations protect data more broadly. For example, it will help protect data coming from non-Microsoft services:

“By extending Microsoft Information Protection’s sensitivity labels with Azure Purview, organizations can now automatically discover, classify, and get insight into sensitivity across a broader range of data sources such as SQL Server, SAP, Teradata, Azure Data Services, and Amazon AWS S3, helping to minimize compliance risk.”

Source Winbuzzer

read more
Azure Network

Microsoft Announces Project OneFuzz for Finding Bugs at Scale

IT-Center-Azure-Project-VAST-Microsoft-696×293

Microsoft has a new project that brings a testing framework for developers on its Azure cloud service. Known as Project OneFuzz, Microsoft says this is an extensible fuzz testing framework that works across Windows, Microsoft Edge, and internally within the company.

Users can access the open source tools under an MIT license on Microsoft’s GitHub platform. If you’re unfamiliar with fuzz testing, it is a common method for locating and deleting security flaws.

Specifically, fuzz testing has become popular because it is highly effective at maintaining the security of native code. However, fuzz has often meant developers must make compromises. Most notably, while it is effective testing is typically complicated to use.

Microsoft points out fuzz testing has been expensive for developers, despite its usefulness. The company wants dev’s to harness testing earlier, allowing them to find security problems earlier in the development cycle. In a blog post, Microsoft points out doing so will remove workloads from security teams and allow them to pursue other areas.

That’s where Project OneFuzz comes in. It allows users to constantly fuzz test code before it is released.

Project OneFuzz Features

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result deduplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux OSes: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Currently supporting Azure DevOps Work Items and Microsoft Teams messages”

Source Winbuzzer

read more
Azure Network

Microsoft Brings Windows Forms to .NET 5 Preview for Windows ARM64

Microsoft-Logo-Microsoft-768×497

Microsoft has today confirmed .NET 5 Preview 6 is now available. This latest dotnet release brings some interesting new features, alongside some unnamed performance improvements. Probably the standout addition is support for Windows Form on Windows ARM64.

Yes, this means Windows Forms applications now works on Windows 10 on ARM. If you’re unfamiliar with Windows Forms, it is an open source solution framework for building applications in Windows 10. Microsoft has been working on bringing the tool to dotnet for some time.

Until now, Windows ARM64 users could only leverage ASP.NET Core applications. With this new announcement for .NET 5 Preview 6, developers can create Windows Forms apps on Windows 10 on ARM machines like Microsoft’s own Surface Pro X.

However, there are still some gaps. Microsoft says WPF support is not available and is still being worked on. You can check out the new preview for .NET 5 through Windows and macOS installers, Binaries, Docker images, and Snap installer.

In May, Microsoft announced Windows Forms Designer was available for .NET Core projects.

.NET 5.0

Microsoft announced .NET 5.0 last May as a replacement for .NET Core. Microsoft says .NET 5 will be a merger of classic NET Framework with the open source .NET Core. This will create a single .NET platform, something users of the software framework have been asking for.

This will create a single .NET platform, something users of the software framework have been asking for.

“There will be just one .NET going forward, and you will be able to use it to target Windows, Linux, macOS, iOS, Android, tvOS, watchOS, and WebAssembly, and more,” Microsoft said at the time. “We will introduce new .NET APIs, runtime capabilities and language features as part of .NET 5.”

Source Winbuzzer

read more
Azure Network

How to Use DISM and SFC Scannow, Windows 10’s Native Repair Tools

FEATURED-How-to-repair-the-Windows-10-system-using-DISM-and-SFC-696×353

Accidents happen, drivers fail, and corrupted system files manifest. If you’re reading this, there’s a good chance you’re having issues and are wondering how to repair Windows 10. SFC, or the system file checker, is a native windows repair tool to fix your system files, while DISM (Deployment Image Servicing and Management) can resolve issues with the hidden repair image.

These tools are technically intended for IT professionals, but their ease of use makes them accessible to basically anyone. Though you’ll have to spend a bit of time in PowerShell, using DISM and ‘sfc scannow’ to repair Windows 10 can save you a lot of time and avoid the data loss of Microsoft’s more user-friendly tools.

As SFC will only run into issues if your Windows 10 repair image is damaged, we recommend running it first to save a lot of hassle. If ‘sfc scannow’ fails, you can then move onto DISM and repeat the process.

How to use SFC to Repair Windows 10 and Corrupted System Files

To repair Windows 10, we first need to open PowerShell with elevated permissions. Press “Windows + X” to open the start context menu and select “Windows PowerShell (Administrator)”.

Windows 10 - WindowsPowershell (Administrator)
Windows 10 – WindowsPowershell (Administrator)

Once the command line loads, enter sfc /scannow and press Enter.

Windows 10 - Command Line - sfc scannow
Windows 10 – Command Line – sfc scannow

The Windows repair tool will now check your system files for corruption and automatically replace the ones that are damaged or missing. Though it warns you “This process will take some time”, it’s really quite fast on an SSD. If the command window does inform you it replaces files, restart and run the command two more times to make sure it catches everything.

Repair Windows 10 with DISM

Using DISM is a little more complex, which is another reason we recommend it as a second step. Using it is a three-step process, and the first is checking the component memory of Windows for errors.

Press “Windows + X” and select Windows PowerShell (Admin)”.

Windows 10 - WindowsPowershell (Administrator)
Windows 10 – Windows Powershell (Admin)

Now check the component memory with Dism /Online /Cleanup-Image /ScanHealth. Wait for the process to finish.

Windows 10 - Command Line - dism ScanHealth
Windows 10 – Command Line – dism ScanHealth

Now we can run DISM /Online /Cleanup-Image /CheckHealth to do an advanced scan for any fixable damage.

Windows 10 - Command Line - dism CheckHealth
Windows 10 – Command Line – dism CheckHealth

Finally, if DISM finds any errors, we can try to repair Windows with Dism /Online /Cleanup-Image /RestoreHealth.

Windows 10 – Command Line – dism RestoreHealth

This one could actually take a while, so feel free to grab a drink while you wait. With hope, you’ll return to an uncorrupted Windows.

Source Winbuzzer

read more
Azure Network

Brad Anderson joins Satya Nadella in dogfooding the Microsoft Surface Duo

AnyConv.com__EU8elv4UEAUoFRw

We reported in January that Satya Nadella has been spotted testing the Microsoft Surface Duo, and now Microsoft Vice president Brand Anderson has also tweeted a picture of himself and his family using the Surface Duo.

View image on Twitter

In the tweet, he praises the multitasking capabilities of the device, with the ability to view items on one screen and draw in another application on the other.

Last year in October Microsoft announced its first Android device, Surface Duo. The Surface Duo comes with two 5.6” displays connected with a revolutionary 360-degree hinge that will allow you to use the device in various modes.

Microsoft has released an emulator for the OS, which is built on Android 10 and its existing support for dual-screen apps, and a customized version of the Microsoft Launcher.

It is notable that we have not seen any Microsoft exec dogfooding the Surface Neo, the Windows 10X-based folding tablet which is also expected this year, and there are some rumors that the Surface Duo may be ready already while the Neo is somewhat delayed.

The Surface Duo will be available in holiday season 2020.

Source Mpoweruser

read more
Azure Network

Microsoft Sunsets RDCMan Remote Desktop Tool Following Security Flaw

RDCMan-Download-Closure-Microsoft-WinBuzzer-768×307

Microsoft has this week announced the closure of its Remote Desktop Connection Manager (RDCMan) app. The company says it took the decision following the disclosure of a critical vulnerability in the service.

If you’re unfamiliar with RDCMan, it is an application that gives users the ability to remotely connect from Windows PC to Windows PC using the Remote Desktop Protocol (RDP). It was originally part of the Windows Live Experience and used internally within Microsoft. The tool received a dedicated website for third-parties around 10 years ago.

While it was a standalone tool not bundled with Windows, RDCMan became popular when it was initially released. Not least because it was a functional remote desktop tool that was free. These days, the app is not unique and is aged.
Indeed, Microsoft has not updated the tool since 2014 when version 2.7 was rolled out. Redmond has introduced more robust and well-featured remote desktop tools since the introduction of RDCMan, so it makes sense the app is going away.
Discontinued
The demise of the app took on an air or certainty during March Patch Tuesday this week. Microsoft confirmed a bug report that disclosed a flaw in RDCMan that would allow bad actors to take data from PCs using the tool.
“To exploit the vulnerability, an attacker could create an RDG file containing specially crafted XML content and convince an authenticated user to open the file,” Microsoft said in a security advisory for CVE-2020-0765.

Because of its age and a lack of support, Microsoft decided against patching the vulnerability. Instead, the company decided to discontinue the tool.

Source Winbuzzer

read more
Azure Network

Microsoft Azure Cosmos DB Receives Free Version

Cosmos-DB-Own-768×433

Microsoft says it has created a new free tier of its Azure Cosmos DB tool. The new tier was accidentally leaked on March 4, but Microsoft says it will not become officially available until today (March 6).

“You may have seen that we have announced a Free-Tier for Azure Cosmos DB,” the official Cosmos DB Twitter account confirmed. “Due to a technical glitch, this announcement went out early. Free Tier will officially be announced and available on March 6. Stay tuned. We hope you like it.”

Azure Cosmos DB was announced at Build 2017. This is a cloud database service is a brand-new platform created from the ground up. It allows customers to power planet-scale cloud services and huge data applications.
The company says this is a first of its kind service with guaranteed uptime, consistency, throughput, and latency at the 99th percentile. Customers can use Azure Cosmos DB to elastically scale across global regions and maintain power and performance.

Pricing
Under the previous pricing model, Cosmos DB was charged by the hour to Azure customers based on throughput and consumed storage. It is worth noting customers have been able to test the service for free since its launch. This was achieved through an emulator use to locally test production-ready applications.
Microsoft also allowed customers to use a “global commitment-free Cosmos DB database for a month. This means users did not need an Azure account to test the service.

Source Winbuzzer

read more
Azure Network

Preliminary permission clean-up steps for a successful mailbox migration

24-02-2020-463-Practical-365-Blog-Header-An-image-of-an-IT-admin-taking-steps-before-migrating-mailboxes-using-coding-LOW

In this article, I’m going to outline the essential steps to ensure a smooth and successful mailbox migration by using the Get-RecipientPermissions and Search-RecipientPermissions script.
If you’re a mailbox migration novice, think of it like this, doctors and dentists alike will tell you that prevention is easier to manage than a cure. For me growing up in the sunburnt country of Australia we were ingrained with the motto of ‘slip on a shirt, slop on sunscreen, and slap on a hat’ for this very reason. Similar to all big Office 365 and Exchange projects, prior planning and thought are the cornerstones of success, and a relatively small amount of preparation is worth the effort when planning your migration batches.
Correctly Scope your Migration Batches
There is a saying Forewarned is Forearmed meaning that prior knowledge of possible dangers or problems will give you a tactical advantage, which is something you should bear in mind during your migration project.
Although we’ve seen a lot of progression to enhance collaboration between users in an Exchange Hybrid environment it’s important to note that not all permissions are supported.
“If a mailbox receives permissions from multiple mailboxes, that mailbox, and all of the mailboxes granting permissions to it, need to be moved at the same time.”
To aid this process, the Get-RecipientPermissions script was created to provide all the information required to identify not only who has access to which information but, more importantly, who has access to the mailboxes that are about to be moved. Users may have a raft of different permissions on a broad range of objects from a ‘mailbox folder permission’ on a shared mailbox to a ‘Send As’ permission on a Distribution List.
Note: The Microsoft Fasttrack team has also created a script that provides a good set of data that may also be used for a similar purpose.
To identify all the dependencies, all permissions for the Exchange organization should be collected. This may take some time, a general estimate on a single thread is 1 hour per 500 mailboxes although other objects such as distribution lists and contacts should be a lot faster.
Note: For those running Large Exchange Organisations, consider utilizing PowerShell Workflows for multithreading or splitting up the recipients and merging content back into a single CSV file.
Our initial goal is to have a CSV which provides a point in time snapshot of all the Exchange recipient permissions in our organisation.
To do so let’s run the following commands.
You should now see a new CSV file with a timestamp from today’s date. Open this file in Excel and note the headings.
SourceRecipient
Is the source object where the permission is applied
Recipient
Is the object that has permission to the source object
You’re probably thinking this needs a bit more clarification, let’s look at an example which will give you more clarity on this.

To view who has permission to our User called ‘Bill’, type in the SamAccount using the excel filter in the column named ‘SourceRecipientSamAccountName’.

In this example, these are the permissions for our User Bill’s Mailbox.
In the first permission, we see that the (1) Recipient Tip Top User has (2) Full Mailbox Permission on the (3) SourceRecipient UserMailbox for Bill.

But what about the permissions Bill has access too? This has always been the difficult question to answer but now we can reach a conclusion. Once more type the SamAccount using the excel filter but this time in the column named RecipientSamAccountName.

And there you have it, a list is produced showing not only who has access to Bill’s mailbox but more importantly what permissions Bill has access to.

In the first permission, we see that the (1) Recipient user Bill has (2) Send-As Permission on the (3) Distribution Group ‘DL – APAC All Staff’.

On a per-user basis this works efficiently, but what about when you are dealing with larger migration batches how can we simplify the results without wading through thousands of permissions? This is where the companion script Search-RecipientPermissions helps. It allows us to input the data collected from the Get-RecipientPermissions script and will remove all objects not related to our users in the migration batch.

For example, let’s say that Bill and Jane are in the same migration batch. We need all the permissions they have access to, and we also need all the permissions of users that have access to Bill and Jane’s mailboxes. This is a simple task once you’ve completed all the collecting of the permissions and evaluating these results can happen at lightning speed.

But do I really need all permissions related to users even in the same migration batch? Perhaps not. It’s unlikely permissions for users between users in the same batch will be required. So, we can also strip these out of our results as well by adding the -ExcludeUserBatchPermissions switch.

As you can see, we now have a reduced number of permissions allowing us to focus on the most important things first such as remove orphaned or invalid permissions.

Orphaned or invalid permissions remain when an object is deleted leaving the unknown SID. But I suppose the question is, why would I care about those inactive permissions and how could they affect my mailbox migration?

About midway through 2016, a change was introduced to Exchange Online whereby if a security principal could not be successfully validated/mapped to an Exchange Online object, it would be marked as a bad item. This means when moving mailboxes to Exchange Online you will likely see the error message TooManyBadItemsPermanentException. Further details about the issue can be found here.

The suggested solution is to start the migration and basically wait and see. Once the migration batch fails you will have two options.

  1. Fix the permissions and start a new batch or
  2. The fool’s way out, simply increase the bad item count. Most administrators in this predicament always choose option 2 but if you have ever had to explain to your CEO why he missed a key meeting after his mailbox was migrated you really should think twice but alternately telling the CEO that you have postponed his migration may also be a PR disaster. What a dilemma!

I’d suggest that we need to rethink this approach and I’m glad that the Migration Team for Microsoft was on the same wavelength and recently released a new feature Data Consistency Scoring for mailbox migrations. This new feature allows us to investigate these corrupt items before finalizing the migration batch and provides a new set of data that helps us make better decisions moving forward.

No doubt this new feature has great value, but perhaps one could still argue that it would be better if we cleaned up those invalid permissions before migrating them to Exchange Online? But the question is how? If like me you’re a bit of perfectionist, let’s continue.

Once more back to the Get-RecipientPermissions script. We can remove any deleted objects with an unresolved SID by adding the -PerformRemoval switch. But before we do let’s find those orphaned permissions.

Of interest in the export is the column PeformRemoval values which tells you which permissions will be removed.

Note: By default only permissions identified as a ‘Deleted User’ will be removed but this can be adjusted to remove other identified objects such as ‘ADObjectNotFound’ by updating the decisions matrix within the script.

Once you have reviewed the permissions (PerformRemoval -eq $True) simply rerun the script and add the -PerformRemoval switch.

.\Search-RecipientPermissions.ps1 -Identity Bill -PerformRemoval

Once completed successfully review the ScriptAction column which should state the removal completed successfully.

Note: We would recommend first testing the removal process using the -WhatIf Parameter. If you need to remove the prompts for large batch removal please use the -confirm:$false switch.

And for the final round up, these simple yet important steps can contribute to a truly successful migration with the end user so delighted, they will want to shout the next round of drinks. Remember progress does not always equal success.

Source Practical365

 

read more
1 2
Page 1 of 2