Office 365

Office 365

Microsoft 365 Copilot Early Access Program.

no thumb

Microsoft has reported its Microsoft 365 Copilot Early Access Program is presently open. However, customers must also pay for this invitation-only preview. The Microsoft 365 Copilot program, which the company launched in March, is available here for the first time. An initial group of 600 global customers will have access to Early Access, and testers will be asked to provide suggestions for improving the product.

Microsoft 365 Copilot is a new feature that aims to revolutionize the way people work with artificial intelligence. Announced in March, Copilot combines the power of large language models (LLMs) with the data in the Microsoft Graph and the Microsoft 365 apps to turn natural language prompts into actions and outputs. It combines an integration of OpenAI’s GPT-4 with Microsoft’s own Bing Chat and Microsoft Graph.

With Microsoft 365 Copilot, the major Office apps on Microsoft’s productivity stack have natural language AI capabilities. Specifically, Microsoft introduced Word Copilot, Excel Copilot, PowerPoint Copilot, Teams Copilot, and Viva Copilot. There was also an announcement to launch the new Business Chat, which brings the Bing Chat chatbot into Microsoft 365.

It can help users to create documents, presentations, emails, chats, and more with just a few words or sentences. It can also generate summaries, suggestions, tones, and edits to improve the quality and clarity of the content.

One of the most innovative aspects of Copilot is Business Chat, a new experience that works across the LLMs, the Microsoft 365 apps, and the user’s data to do things that have never been possible before. Users can give Business Chat natural language prompts like “tell my team how we updated the product strategy” and it will generate a status update based on the morning’s meetings, emails, and chat threads.

New Semantics Index for Copilot Launches for AI Data Mapping

In a blog post to announce the Early Access Program, Microsoft’s Jared Spataro – CVP Modern Work & Business Applications – says the company is rolling out a new service with the program. Known as Sematic Index for Copilot, the tool provides customers with an overview map of their data:

“For example, when you ask it about the “March Sales Report,” it doesn’t simply look for documents with those words in the file name or body. Instead, it understands that “sales reports are produced by Kelly on the finance team and created in Excel.” And it uses that conceptual understanding to determine your intent and help you find what you need. The Semantic Index for Copilot is critical to getting relevant, actionable responses to prompts in Microsoft 365 Copilot.

Microsoft claims that Copilot is built with data security and privacy in mind and that it follows the existing commitments and policies of Microsoft 365 in the enterprise. Microsoft also says that Copilot is not intended to replace human workers but rather to augment their capabilities and free them from mundane tasks.

If you are interested in joining the Microsoft 365 Copilot Early Access Program, you can apply here: If you want to know more about the individual components of Microsoft 365 Copilot, check out our accompanying articies:

  • Copilot for OneNote
  • Copilot for Viva Engage
  • Copilot for Microsoft Teams
  • Copilot for Office (Word, Excel, PowerPoint, and Outlook)

Tip of the day: The Windows Sandbox gives Windows 10/11 Pro and Enterprise users a safe space to run suspicious apps without risk. In our tutorial we show you how to enable the Windows Sandbox feature.

read more
Office 365

Immersive Reader for Microsoft Excel for Web Improves Accessibility


Microsoft has declared the reconciliation of Vivid Peruser into Succeed Web/Succeed Internet, extending the openness elements of its well known accounting sheet programming. The Vivid Peruser device, already accessible in other Microsoft Office applications, means to help clients with understanding troubles, including those impacted by dyslexia. As indicated by Microsoft, Vivid Peruser for Succeed Web offers sped up and decreased blunders.

Key Features of Immersive Reader for Excel Users

The Immersive Reader feature for Excel Web offers a range of customizable options to enhance the reading experience. Among the notable features are increased character spacing and line spacing, word syllabication, focus on specific lines, background color customization, highlighting parts of speech, an association of pictures with words through the Picture Dictionary, content reading aloud, and on-the-fly translation. Microsoft writes that “people with dyslexia read 10% faster and had 50% fewer reading errors when reading text with optimized layout, an option in Immersive Reader”. Here are the main features of Immersive Reader for Excel Web:

    • “Increasing character spacing and line spacing
    • Breaking words into syllables
    • Focusing on one or only a few lines at once
    • Changing the background color of the view
    • Highlighting certain parts of speech
    • Associating a picture with a word using the Picture Dictionary
    • Reading content aloud
    • Translating content on-the-fly”.
    • To utilize the newly integrated Immersive Reader feature in Excel for the web, users simply need to select a cell containing text. By clicking on the “View” tab in the top ribbon, they can access the Immersive Reader option. This action transforms the Excel document into a full-screen format, enabling users to benefit from the enhanced reading experience. For detailed instructions on utilizing Immersive Reader, Microsoft’s online support page offers comprehensive guidance. 

      Customizing User Interface Automation for Excel

      In addition to Immersive Reader, Microsoft is working on enhancing Excel’s compatibility with assistive technologies through User Interface Automation (UIA). UIA serves as a bridge between apps like Excel and assistive technology such as screen readers or Braille devices. By leveraging UIA, Excel provides essential information to assistive technology tools, enabling users to navigate and interact more effectively. Microsoft is continually expanding the capabilities of UIA, ensuring that assistive technology can access specific features unique to Excel, such as data validation, formulas, conditional formatting, and object descriptions. Microsoft encourages users to provide feedback and suggestions to further improve accessibility and inclusive design. For questions, suggestions, or feedback, users can reach out to the Disability Answer Desk or use the Microsoft Feedback Hub.

      As Microsoft continues its accessibility journey, the integration of Immersive Reader into Excel for the web marks another significant step toward making technology more inclusive for all users. By providing enhanced reading experiences and accommodating various accessibility needs, Microsoft strives to empower individuals to achieve their full potential in the digital realm.

      Microsoft’s dedication to making its products more accessible is evident in recent updates to its software and hardware offerings. The company’s focus on inclusive design extends beyond Excel, as it recently introduced accessibility ribbon improvements for PowerPoint on , Mac, and the web. Furthermore, Microsoft has expanded its accessibility support pages to include Xbox and PC game controllers, as well as the Xbox app on PC. By actively collaborating with partners in the development of assistive technology, Microsoft strives to create an inclusive and accessible digital ecosystem.

read more
Office 365

Transferring Domains Online Using Microsoft 365 Exchange: II. Validation Phase

no thumb

Welcome back! In the event that you missed section one, make certain to give it a read prior to proceeding. In addition, to catch up, be sure to read our previous articles on the subject.

In the previous blog in this series, we discussed how to prepare for the pilot event(s) by investigating domain acquisition options, the environment, third-party dependencies, account configurations, and properties, and forming a pilot user group using representative devices.

The who, what, where, when, and why of validating the current communication plan developed during the strategy phase of the process are covered in this edition.

Communicate the plan 

Effective communication is crucial throughout the entire Proof of Concept (POC) migration process. It is important to inform all relevant stakeholders of the project timeline, scope, objectives, and potential impact on business operations. This will help to ensure that everyone involved is on the same page and can work together to minimize any potential disruptions. 

In addition to internal stakeholders, it is also important to identify and communicate with any external parties who may be impacted by the domain migration, such as vendors or customers who rely on your systems. This will help minimize potential disruptions to your business operations and ensure a successful transition to the new tenant. 

Who should we communicate with? 

As stated previously, you should communicate with all the relevant stakeholders who are affected by the domain migration. This includes IT administrators responsible for Active Directory, Azure Active Directory, Azure AD Connect, DNS Management, Security, End User Desktop Support, and key contact persons for any third-party dependency system that will be impacted by the domain migration.  

Additionally, you should inform end-users who will be impacted by the migration and provide them with appropriate communication materials and support. It is essential to establish clear lines of communication and ensure that everyone involved is aware of the migration plan, timelines, and any potential impacts to their systems or workflows. 

When should things be communicated? 

Here is an example timeline for communicating with stakeholders during an Exchange Online domain migration: 

  1. Pre-migration: At least 4 weeks before the planned migration start date, send out an initial communication to all stakeholders. This communication should introduce the migration project, explain the reason for the migration, and provide an overview of the expected impact on end-users and business operations. 
  1. Technical implementation: 2 weeks before the migration start date, send out a communication to IT administrators. This communication should provide details on the technical implementation of the migration, including any necessary changes to DNS records or firewall rules, and highlight any potential risks or issues that may arise during the migration. 
  1. User Awareness: 1 week before the migration start date, send out a communication to end-users. This communication should explain the reason for the migration, provide an overview of the expected impact on their email access and usage, provide details on any changes to their login credentials, and outline any necessary steps they need to take to prepare for the migration. 
  1. Migration starts: On the day of the migration start date, send out a communication to all stakeholders. This communication should confirm that the migration is starting and provide any necessary updates or changes to the migration plan. 
  1. Post-migration: Within 24 hours of completing the migration, communicate to all stakeholders. This communication should confirm that the migration is complete, provide an overview of any known issues or concerns, and outline any necessary steps for users to access their email in the new domain. 

What should be communicated to the stakeholders? 

When communicating about the domain migration pilot, it’s important to provide clear and concise information about the purpose of the pilot, what it will involve, and what stakeholders can expect throughout the process. 

At a minimum, communicate the following to stakeholders: 

  1. Purpose and scope of the pilot: Explain the goals and objectives of the pilot and what specific areas it will cover. This should include information on which systems or services will be migrated and any expected downtime. 
  1. Timeline: Provide a detailed timeline for the pilot, including key milestones and deadlines. This will allow stakeholders to plan accordingly and be aware of any potential disruptions. 
  1. Roles and responsibilities: Clearly define the roles and responsibilities of each stakeholder involved in the pilot, including IT administrators, end users, and any third-party providers. 
  1. Communication plan: Outline how and when you will communicate with stakeholders throughout the pilot. This should include details on what channels you will use to communicate, such as email, meetings, or a dedicated project management tool. 
  1. Contingency plan: Explain what will happen if there are any issues or unexpected problems during the pilot. This should include details on how you will identify and address issues and what the plan is if the pilot needs to be delayed or canceled. 
  1. Feedback and evaluation: Explain how you will gather feedback from stakeholders and evaluate the success of the pilot. This can help you identify areas for improvement and ensure a smoother migration process when it comes time to migrate the entire domain. 

What should be communicated to end-users? 

For end-users, communicate the following: 

  1. high-level overview of the domain migration project, including the reasons behind the migration and the benefits it will bring to the organization. 
  1. A timeline of the migration, including when it will begin and end, as well as any specific dates or times when there may be service disruptions. 
  1. Any actions that end-users need to take before, during, or after the migration. For example, if they need to update any passwords or settings, or if they need to log in to a different portal or system. 
  1. A list of available resources for end-users needing help or support during the migration process. This can include IT support contact information, FAQs, or other documentation. 
  1. Reassurance that their data and information will be protected during the migration process and that they will be able to access their resources once the migration is complete. 
  1. A reminder that communication channels will be available for users to report any issues they may experience during or after the migration. 

Overall, it’s important to communicate the changes and impacts of the migration to end-users concisely, addressing any concerns they may have and providing support as needed. 

Here is a very basic example of communication that could be sent to end-users before the migration begins: 

Subject: IMPORTANT: Upcoming Email Migration and Impact to Your Login Credentials 
Dear [User], 

We wanted to let you know that we will be performing a migration that will impact you starting on 2023. This migration will enable us to better serve you and provide improved features and functionality within Microsoft 365. 

During this migration, there will be a temporary suspension of your email service, which means that you will not be able to access your email for a period. We understand that this may be inconvenient, but we will work to keep the downtime to a minimum. 

Additionally, we would like to make you aware that once the migration is complete, you will continue to use the same email domain to access your email and other company resources. Your old email domain will no longer provide access to resources in the old tenant. However, you can temporarily switch to your domain to authenticate to the old resources while available. 

To help prepare for the migration, we have created a list of frequently asked questions (FAQs) and “How Tos” that you may find useful. You can access these FAQs [insert link to FAQs]. 

We apologize for any inconvenience this may cause, and we appreciate your patience and understanding during this transition. If you have any questions or concerns, please do not hesitate to reach out to our IT support team at [support email/phone number]. 

Thank you for your cooperation and understanding while we continue to improve privacy, safety, and productivity! 

Best regards, 
[Department and Name] 

This example may not reflect the impacts on your environment, so please only use it as a baseline template to communicate with your end-user population.

read more
Office 365

A New Tool to Manage Exchange-related Attributes Without Exchange Server


Presenting the Exchange Recipient Admin Center

Microsoft delivered Exchange Server 2019 Cumulative Update 12, which permits you to eliminate your last Exchange Server so you can run Active Directory with Azure AD Connect and oversee Exchange-related ascribes in an upheld way.

In any case, in light of the fact that the UI, the Exchange Admin Center, is important for Exchange Server, it implies that the administration apparatuses are PowerShell as it were. Realizing that not every person likes to deal with their Exchange-related ascribes with PowerShell scripts, I fostered an open-source GUI to assist you with dealing with your post boxes.

Called the Exchange Recipient Admin Center (ERAC), it’s a free, open-source GUI that utilizes the new cmdlets in the engine, and is intended to run locally for you on request when you really want it. The main delivery is essentially intended for organizations with under 200 letter drops. On the whole, let me set the stage.

Getting ready for your post-Exchange Active Directory

However long you run Azure AD Connect to synchronize your AD clients to Azure AD, and in this way Microsoft 365 and Exchange Online, you are running in a crossover personality state. This implies that the expert of your Exchange Online post box ascribes is the nearby Active Directory.

Microsoft requires Exchange-related characteristics to be set and overseen appropriately with the goal that they can uphold you assuming there are issues. As of not long ago, this implied that you expected to run an Exchange Server on-premises to deal with the Exchange Online letter drops, appropriation gatherings, contacts, and other related things (like email address approaches). The progressions you make utilizing the Exchange Server on-premises would be put away in the neighborhood AD, then, at that point, Azure AD Connect synchronizes them to the cloud. Dealing with the qualities straightforwardly utilizing AD instruments like ADSIEDIT takes a chance with possible issues, and thusly, stays unsupported.

Trade Server 2019, Cumulative Update 12 (or more) consider the establishment of simply the Management Tools, and furthermore permit you to forever eliminate (not uninstall) your last Exchange Server 2019. Also, assuming you are working out a new greenfield climate that incorporates Active Directory and Azure AD Connect, you can now expand the mapping and set up the AD backwoods for Exchange credits, however at that point just introduce the administration tooling.

The administration tooling itself is just a subset of beneficiary administration instruments intended for use subsequent to moving from Exchange your last post boxes to Exchange Online. The tooling is intended for overseeing far-off letterboxes, appropriation gatherings, mail contacts, acknowledged areas, and email address strategies.

However, eliminating the keep going on-premises Exchange Server isn’t ideal for everybody. Regardless of whether you moved every one of your post boxes to Exchange Online, you are probably going to save at least one Exchange Server for continuous SMTP mail hand-off for inheritance on-premises application servers, basically for the present. In the event that you’re uncertain about whether you can eliminate your last Exchange Server yet, read more about eliminating the last Exchange Server.the stage.


Trade-related traits the board: The Exchange Recipient Admin Center (ERAC)

In the event that you are glad to eliminate the last Exchange Server, however overseeing beneficiaries exclusively utilizing PowerShell isn’t so much for you, and you’d like to have a GUI, then I trust you’ll find the Exchange Recipient Admin Center valuable.

The ERAC is written in PowerShell, so you can check how it will respond, however you don’t need to utilize PowerShell to utilize it.

Initial, an expression of caution: Because the ERAC is a neighborhood just, it runs as the client you would run the Exchange beneficiary administration devices as. When you send off it, it dispatches a neighborhood internet browser for access and doesn’t need a login. Hence, don’t run this on a common VDI climate or leave it running on any multi-client machine. It isn’t planned as a solid web server, so if you need to run an organization open server with an online point of interaction for Exchange Management: continue to run Exchange Server 2019.

If this sounds great and you have any desire to test the principal adaptation either clone or download the ZIP and concentrate from the GitHub webpage:

Trade Recipient Admin Center on GitHub

You should be endorsed as a client who’s an individual from the Recipient Management EMT security bunch in AD. Then right-snap and run the PowerShell script. In the same way as other PowerShell scripts, you could have to unblock the document first.











Figure 1: Launching the Exchange Recipient Admin Center
At the point when you send off the ERAC, it makes a localhost-just web server on an arbitrary high port. It is written in PowerShell, inexactly founded on the PowerShell Web Server undertaking and uses the open-source Bootstrap front-end toolbox.

The ERAC is planned with a natural connection point so it will be recognizable in the event that you utilize the new Exchange Admin Center in Microsoft 365:



Figure 2: The ERAC landing page
The ERAC UI is intended to give you admittance to the new administration cmdlets, with areas for overseeing far-off letterboxes, circulation gatherings, contacts, email address strategies, and acknowledged spaces.

For far-off post box executives, the underlying rendition permits you to see beneficiaries, acknowledged areas, and email address properties, empower new far-off letter drops for existing AD clients, and presently, oversee existing distant post boxes. For new AD clients, keep on utilizing Active Directory Users and Computers, then empower the new client as a Remote Mailbox in the ERAC.


Figure 3: Remote Mailbox the executives and empower new clients for Exchange Online
The idea is rehashed across each segment. You can see objects across each, and in practically no time, empower existing AD contacts as mail contacts and oversee gatherings, acknowledged spaces, and email address arrangements.


Figure 4: Additional beneficiary and arrangement segments, adjusted to beneficiary administration cmdlets
Since this is the main delivery, anticipate more highlights sooner rather than later.

You can report issues and make highlight demands by means of my GitHub repo or in the remarks beneath.

On my underlying rundown for forthcoming highlights:

  • Moving the online UI to a nearby application, utilizing Electron (like Teams does today) or WebView2 to eliminate the need to run a web server utilizing PowerShell.
    Adding controls for result size, search/sifting, and pagination to Remote Mailbox, Distribution Group, and Contact the board segments
    Adding the capacity to make and erase AD clients, assuming that you have consents to do as such.
    Adding a design document to store customizations, like pagination and greatest outcomes or default OUs for object creation.
    Adding the capacity to see the “Consider the possibility that” consequence of an activity
    Adding an EAC-style PowerShell cmdlet log to assist you with realizing what cmdlets to utilize
    Including the capacity to interface with Exchange Online as a feature of introduction, so you can see the consolidated outcomes, oversee cloud-side design, for example, authorizations and client access settings, and see when a change is duplicated to Exchange Online
    Feel free to me know which of those you’d see as generally helpful, and add a remark

beneath assuming you find the Exchange Recipient Admin Center instrument valuable.



read more
Office 365

Microsoft Planning Office 365 Government Secret Coming This Year

download – 2022-03-30T164210.677


Microsoft has this week announced Office 365 Government Secret, a new version of its cloud productivity suite. In a blog post, the company describes the product as a software-as-a-service that will offer bespoke functionality for U.S. federal agencies. It will be available by mid-2022, although will likely begin as a preview.

“Office 365 Government Secret which is currently in government review pending accreditation and targeting availability starting mid-2022This environment is built to support the US Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and US government partners working within the Secret enclave with our best-in-class software as a service (SaaS) capabilities.”

Of course, the big difference here compared to regular Office 365 is compliance and security specifically for use in government agencies. For example, Office 365 Government Secret supports Impact Level 6 (IL6) work.

This means classified/secret data can be stored without being compromised. Furthermore, IL6 support allows the data to “only be processed in a DoD private/community or Federal government community cloud.”


Microsoft is also leveraging dedicated datacenter infrastructure to process and store government data. The company describes this as “self-contained,” so it is closed and specifically for Government Secret customers. IL6 workloads on Office 365 are separate from non-DoD data.

Furthermore, government agencies have access to Microsoft ExpressRoute, a solution for private internet.

“Governments face many challenges in today’s globally connected workspaces, including increasing employee engagement and productivity with the latest tools, securing and controlling sensitive data, and managing multiple applications, devices, and workloads,” Microsoft adds.

Office 365 Government Secret will sit alongside the company’s existing Government Secret products, including Azure Top Secret and Government Secret on the cloud.

Tip of the day: When you boot Windows it delays the launch of startup programs for ten seconds so your desktop and Windows services will have finished loading. If you want to speed up boot time, have a look at our tutorial about how to disable startup delay.

Source Winbuzzer

read more
Office 365

Microsoft Office 365 Targeted by New Phishing Attack

download (55)

Back in July, Microsoft acquired cloud security firm CloudKnox to bolster protection on the Microsoft Azure platform. This week, Microsoft is back to explain exactly how CloudKnox will work on Azure and how the service will function moving forward. Specifically, Microsoft says CloudKnox will continue to be available as a separate product for new and existing customers. For those who are using the service outside Azure, “sales, engineering, and service support” will now come from Microsoft. Pricing will also remain the same, says Alex Simons, corporate vice president for identity program management at Microsoft. Instead of lock down the service to Azure exclusivity, CloudKnox will continue as a multi-cloud security tool:

Security researchers are warning of an ongoing phishing campaign that is utilizing fake Office 365 notifications to fool unwitting users. The notifications warns users of blocked spam messages and asks them to review the messages. Of course, the links are nefarious and are loaded with spyware that will steel the users’ Microsoft account details.

These emails are especially dangerous because they look legitimate with the address quarantine[at] Display names also match the domain of the recipient, making it even more believable.

Furthermore, each email has the Office 365 logo and links to Microsoft’s real privacy statement. However, users who pay close enough attention will see some standard problems that giveaway the nature of the mails. Specifically, shoddy formatting and strange spaces in the body.

The email subject is ‘Spam Notification: 1 New Messages,’ alluding to the body of the email that informs the recipient that a spam message has been blocked and is being held in quarantine for them to review,” cloud email security firm MailGuard says. The company found the campaign and reported it.

“Details of the ‘Prevented spam message’ are provided, with scammers personalizing the subject heading as ‘[company domain] Adjustment: Transaction Expenses Q3 UPDATE’ to create a sense of urgency and using a finance-related message.”


When a user clicks a link, they are sent to the landing page of the phishing campaign which is designed to mimic Microsoft’s Security and Compliance Center. If they enter their Microsoft Account credentials when asked, the details are sent to servers run by the attack group.

“Providing your Microsoft account details to cybercriminals means that they have unauthorised access to your sensitive data, such as contact information, calendars, email communications, and more,” MailGuard adds.

Tip of the day: To prevent attackers from capturing your password, Secure Sign-in asks the user to perform a physical action that activates the sign-in screen. In some cases, this is a dedicated “Windows Security” button, but the most common case in Windows is the Ctrl+Alt Del hotkey. In our tutorial, we show you how to activate this feature.

Source Winbuzzer

read more
Office 365

Microsoft Edge 96 Reaches Stable Channel with Office File Viewer


Microsoft Edge 96 is now rolling out to users on Windows, Linux, and macOS. This is a Stable channel release of the latest version, bringing Microsoft’s web browser up-to-date with a number of interesting new features.

For example, there is now an integrated Office file viewer to make it easier to open documents directly within Microsoft Edge. Elsewhere, Edge has now become the default PDF viewer for Windows 11 and Windows 10.

Microsoft Edge 96 improves the integration, including the introduction of freeform highlighters to the viewer. Furthermore, the web browser is getting a new Dictionary that is embedded in the toolbar within the Immersive Reader.

There is also a Math Solver tool, which first landed in preview earlier this year. Math Solver works by the student taking a photo of a math problem (hand-written or printed) and Edge will read the image and provide a solution. It will also show how the answer is built with instructions. Yes, Microsoft Edge will now do your math homework for you.

More Additions

Users are also able to type problems, while other features include video tutorials, quizzes, and worksheets.

Another interesting addition in Microsoft Edge 96 is the ability to launch Progressive Web Apps (PWAs) through protocol links. This means they behave more like native apps, something Microsoft has been pushing towards.

Microsoft is also bringing Super Duper Secure Mode to the Stable channel. One of the core abilities of the tool is it can disable JavaScript just-in-time (JIT) compiler. This provides the benefit of adding several new security services to the Edge browser.

Tip of the day: Did you know you can use Windowss built in antivirus Microsoft Defender also with scheduled scans? In our tutorial we give you step-by-step instructions on how to program your personal scan-schedule to keep your free of malware.

Source Winbuzzer

read more
Office 365

Kaspersky Confirms Phishing Attacks Microsoft Office 365



Threat actors are increasing phishing attacks against Microsoft Office 365 users, according to cybersecurity firm Kaspersky. In a report, the company says there are two phishing kits being used, “MIRCBOOT” and “Iamtheboss” in the ongoing threat from multiple attackers.

Emails are in fax notification form and are masking themselves by looking like the come from major brands. Kaspersky points out Office 365 users could be fooled into thinking the emails are from legitimate sources, including Kaspersky itself.

“The phishing e-mails are usually arriving in the form of ‘fax notifications’ and lure users to fake websites collecting credentials for Microsoft online services,” the company says.

At least one of the campaigns takes advantage of Amazon Simple Email Services (SES), which allows developers to send emails from their applications. Kaspersky points out attackers are using stolen SES tokens from a third-party, that were used during the website development.

Attack is a Kaspersky website that uses an interactive map showing what futurologist believe technology will look like in the future, focusing on its impact. Threat actors were able to steal SES tokens related to the project from a third party.

“These emails have various sender addresses, including but not limited to They are sent from multiple websites including Amazon Web Services infrastructure,” Kaspersky cautions.

However, the researcher says there was no damage caused by the attack:

“No server compromise, unauthorized database access or any other malicious activity was found at and associated services.”

Microsoft Office 365 is one of the most targeted software platforms in the world, with phishing for credentials a big part of threats against the suite. In 2019, Kaspersky reported attacks on Microsoft’s Office brand accounted for 70% of all cyberattacks.

Tip of the day: Do you know that Windows 10 allows creating PDFs from basically any app with printing support? In our tutorial, we show you how this works via Microsoft Print to PDF and Bullzip PDF Printer to save a PDF from any app, even with advanced options like adjusted quality, multi-page printing, and password protection.

Source Winbuzzer

read more
Office 365

Microsoft 365 Privacy Management Reaches General Availability

download (12)

Microsoft has this week released Privacy Management for the Microsoft 365 service. Specifically, the company is moving the tool from preview to general availability. Starting Tuesday, organizations who use Microsoft 365 can automate privacy processes to more efficiently comply with regulations.

In the past businesses have had to handle their own privacy processes manually when using Microsoft 365 apps and platforms. For example, tracking data that could impact privacy of users is something organizations can struggle with.

Microsoft points to a 2020 study by IAPP-FTI Consulting that shows 53 percent of organizations manage subject requests manually. 42 percent have already moved to a semi-automatic system, while just 2 percent are handling responses entirely by automation.

Privacy Management is a solution that aims to change this and bring more businesses into automated privacy processing. Microsoft says the service works in SharePoint, OneDrive for Business, Microsoft Teams, and Exchange Online.

However, the feature is only available to companies on the E5 licensing plan for M365, which is the top tier license.


To achieve accurate automation, Microsoft taps into artificial intelligence models that can quickly assess risks posed to user privacy:

“Privacy Management automatically and continuously discovers personal data in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the volume, category, location, and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into the current status and trends of the associated privacy risks arising from personal data being overshared, transferred, or unused.”

Essentially, Privacy Management in Microsoft 365 works across three privacy processes. Firstly, it can sport potential risks when personal data is stored by an organization. Secondly, it allows organizations to automate responses to subject requests. Thirdly, the platform provides employee education towards improved handling of private data.

Tip of the day: Due to the various problems that arise with microphones, it can often be necessary to perform a mic test, but those wondering how to hear yourself on mic in Windows 10 are often left stumped. Microsoft’s OS doesn’t make it especially intuitive to listen to microphone playback or play the microphone through speakers. In our tutorial we show you how to hear yourself on mic with just a few clicks.

Source Winbuzzer

read more
Office 365

Microsoft October 2021 Patch Tuesday Fixes Exploited Win32K Zero-Day

download (3)

Cybersecurity Lock Notebook Keyboard via Pixabay

This week is that time of the month when Microsoft turns its attentions to cumulative updates. For the October 2021 Patch Tuesday, Microsoft has sent 71 security fixes covering four zero-day flaws. The company says three of those vulnerabilities are already public.

Among those fixes is a patch for one Win32K zero-day that has already been exploited in the wild.

October 2021 Patch Tuesday covers fixes for a wide range of Microsoft products, such as Exchange Server, Visual Studio, Edge browser, Microsoft Office, and MSHTML.

Microsoft is tracking the zero-day vulnerabilities as CVE-2021-41335, CVE-2021-41338, CVE-2021-40469, and CVE-2021-40449.

The latter of those is the vulnerability that already has an active exploit. Microsoft says CVE-2021-40449 has a CVSS severity rating of 7.8 and is found in the Win32K kernel driver. It was discovered by a Kaspersky researcher. The company published a blog today after already informing Microsoft of the issue and allowing a fix to be created.

Kaspersky calls the exploit MysterySnail and says it is tapping into the Win32K flaw:

“Besides finding the zero-day in the wild, we analyzed the malware payload used along with the zero-day exploit, and found that variants of the malware were detected in widespread espionage campaigns against IT companies, military/defense contractors, and diplomatic entities,” Kaspersky says.

Other Vulnerabilities

Looking at the other zero-days, CVE-2021-41338 (CVSS 5.5), is a Windows AppContainer Firewall issue. It would allow threat actors to bypass security on the Windows platform. Next is CVE-2021-40469 (CVSS 7.2), which is a RCE in Windows DNS Server. Finally, CVE-2021-41335 (CVSS 7.8) is an elevation of privilege problem found in the Windows Kernel.

You can check out all Microsoft’s fixes in October 2021 Patch Tuesday at the official update page here

Tip of the day: Windows Aero Shake is a handy feature that lets you quickly reduce screen clutter with a shake of an app’s title bar. Doing so minimizes all windows other than the one in focus, allowing you to focus solely on what’s at hand. Another wiggle lets you undo Aero Shake, maximizing the other Windows again so you can continue working.

Unfortunately, the feature can also have unintended consequences. Those who move their windows about or have dual monitors may notice that they’re accidentally activating Windows shaking. Luckily, enabling or disabling Aero shake isn’t too hard.

Source Winbuzzer

read more
1 2 3 11
Page 1 of 11