Archive

Archive for the ‘Office 365’ Category

Top 6 email security best practices to protect against phishing attacks and business email compromise

October 16th, 2019 No comments

Most cyberattacks start over email—a user is tricked into opening a malicious attachment, or into clicking a malicious link and divulging credentials, or into responding with confidential data. Attackers dupe victims by using carefully crafted emails to build a false sense of trust and/or urgency. And they use a variety of techniques to do this—spoofing trusted domains or brands, impersonating known users, using previously compromised contacts to launch campaigns and/or using compelling but malicious content in the email. In the context of an organization or business, every user is a target and, if compromised, a conduit for a potential breach that could prove very costly.

Whether it’s sophisticated nation-state attacks, targeted phishing schemes, business email compromise or a ransomware attacks, such attacks are on the rise at an alarming rate and are also increasing in their sophistication. It is therefore imperative that every organization’s security strategy include a robust email security solution.

So, what should IT and security teams be looking for in a solution to protect all their users, from frontline workers to the C-suite? Here are 6 tips to ensure your organization has a strong email security posture:

You need a rich, adaptive protection solution.

As security solutions evolve, bad actors quickly adapt their methodologies to go undetected. Polymorphic attacks designed to evade common protection solutions are becoming increasingly common. Organizations therefore need solutions that focus on zero-day and targeted attacks in addition to known vectors. Purely standards based or known signature and reputation-based checks will not cut it.

Solutions that include rich detonation capabilities for files and URLs are necessary to catch payload-based attacks. Advanced machine learning models that look at the content and headers of emails as well as sending patterns and communication graphs are important to thwart a wide range of attack vectors including payload-less vectors such as business email compromise. Machine learning capabilities are greatly enhanced when the signal source feeding it is broad and rich; so, solutions that boast of a massive security signal base should be preferred. This also allows the solution to learn and adapt to changing attack strategies quickly which is especially important for a rapidly changing threat landscape.

Complexity breeds challenges. An easy-to-configure-and-maintain system reduces the chances of a breach.

Complicated email flows can introduce moving parts that are difficult to sustain. As an example, complex mail-routing flows to enable protections for internal email configurations can cause compliance and security challenges. Products that require unnecessary configuration bypasses to work can also cause security gaps. As an example, configurations that are put in place to guarantee delivery of certain type of emails (eg: simulation emails), are often poorly crafted and exploited by attackers.

Solutions that protect emails (external and internal emails) and offer value without needing complicated configurations or emails flows are a great benefit to organizations. In addition, look for solutions that offer easy ways to bridge the gap between the security teams and the messaging teams. Messaging teams, motivated by the desire to guarantee mail delivery, might create overly permissive bypass rules that impact security. The sooner these issues are caught the better for overall security. Solutions that offer insights to the security teams when this happens can greatly reduce the time taken to rectify such flaws thereby reducing the chances of a costly breach

A breach isn’t an “If”, it’s a “When.” Make sure you have post-delivery detection and remediation.

No solution is 100% effective on the prevention vector because attackers are always changing their techniques. Be skeptical of any claims that suggest otherwise. Taking an ‘assume breach’ mentality will ensure that the focus is not only on prevention, but on efficient detection and response as well. When an attack does go through the defenses it is important for security teams to quickly detect the breach, comprehensively identify any potential impact and effectively remediate the threat.

Solutions that offer playbooks to automatically investigate alerts, analyze the threat, assess the impact, and take (or recommend) actions for remediations are critical for effective and efficient response. In addition, security teams need a rich investigation and hunting experience to easily search the email corpus for specific indicators of compromise or other entities. Ensure that the solution allows security teams to hunt for threats and remove them easily.
Another critical component of effective response is ensuring that security teams have a good strong signal source into what end users are seeing coming through to their inbox. Having an effortless way for end users to report issues that automatically trigger security playbooks is key.

Your users are the target. You need a continuous model for improving user awareness and readiness.

An informed and aware workforce can dramatically reduce the number of occurrences of compromise from email-based attacks. Any protection strategy is incomplete without a focus on improving the level of awareness of end users.

A core component of this strategy is raising user awareness through Phish simulations, training them on things to look out for in suspicious emails to ensure they don’t fall prey to actual attacks. Another, often overlooked, but equally critical, component of this strategy, is ensuring that the everyday applications that end-users use are helping raise their awareness. Capabilities that offer users relevant cues, effortless ways to verify the validity of URLs and making it easy to report suspicious emails within the application — all without compromising productivity — are very important.

Solutions that offer Phish simulation capabilities are key. Look for deep email-client-application integrations that allow users to view the original URL behind any link regardless of any protection being applied. This helps users make informed decisions. In addition, having the ability to offer hints or tips to raise specific user awareness on a given email or site is also important. And, effortless ways to report suspicious emails that in turn trigger automated response workflows are critical as well.

Attackers meet users where they are. So must your security.

While email is the dominant attack vector, attackers and phishing attacks will go where users collaborate and communicate and keep their sensitive information. As forms of sharing, collaboration and communication other than email, have become popular, attacks that target these vectors are increasing as well. For this reason, it is important to ensure that an organization’s anti-Phish strategy not just focus on email.

Ensure that the solution offers targeted protection capabilities for collaboration services that your organization uses. Capabilities like detonation that scan suspicious documents and links when shared are critical to protect users from targeted attacks. The ability in client applications to verify links at time-of-click offers additional protection regardless of how the content is shared with them. Look for solutions that support this capability.

Attackers don’t think in silos. Neither can the defenses.

Attackers target the weakest link in an organization’s defenses. They look for an initial compromise to get in, and once inside will look for a variety of ways increase the scope and impact of the breach. They typically achieve this by trying to compromise other users, moving laterally within the organization, elevating privileges when possible, and the finally reaching a system or data repository of critical value. As they proliferate through the organization, they will touch different endpoints, identities, mailboxes and services.

Reducing the impact of such attacks requires quick detection and response. And that can only be achieved when the defenses across these systems do not act in silos. This is why it is critical to have an integrated view into security solutions. Look for an email security solution that integrates well across other security solutions such as endpoint protection, CASB, identity protection, etc. Look for richness in integration that goes beyond signal integration, but also in terms of detection and response flows.

 

 

The post Top 6 email security best practices to protect against phishing attacks and business email compromise appeared first on Microsoft Security.

Social engineering tricks open the door to macro-malware attacks – how can we close it?

April 28th, 2015 No comments

The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity.  With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice.

The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run.

Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide.

Increasing trend of macro downloaders from April 2014 to 2015

 Figure 1: Increasing trend of macro downloaders from April 2014 to 2015

We have seen majority of the macro-malware attacks in the United States and United Kingdom.

Macro downloaders’ prevalence in affected countries

Figure 2: Macro downloaders’ prevalence in affected countries

 

Macro malware distribution heat map

Figure 3: Macro malware distribution heat map

Macro malware infection chain

As stated in the previous macro blog, macro downloaders serve as the gateway for other nasty malware to get in. The following diagram shows how a typical macro downloader gets into the system and deliver its payload.

Macro downloader infection chain

Figure 4: Macro downloader infection chain

The macro malware gets into your PC as a spam email attachment. The spam email recipient then falls for a social engineering technique, opens the attachment, thereby enabling the macro inside the document.

We have identified some of these macro downloader threats, but not limited to:

When a malicious macro code runs, it either downloads its final payload, or it downloads another payload courier in the form of a binary downloader.

We have observed the following final payload, but is not limited to:

We have also observed the following binary downloaders to be related to these macros, but not limited to:

After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader.

We have observed the following threats being downloaded by the binary downloaders, but not limited to:

 

Prevention: How do you close that door?

If you know that social engineering tricks through spam emails open the door to macro malware attacks, what can you do to help protect your enterprise software security infrastructure in closing that door?

Be careful on enabling macros

Macro threats, as payload couriers, seem to gain popularity as an effective infection vector. But unlike exploit kits, these macro threats require user consent to run. To avoid running into trouble because of these macro threats, see Before you enable those macros, for details on prevention.

You can also read more about the macro configuration options to understand the scenarios when you can enable or disable them. See Microsoft Project – how to control Macro Settings using registry keys for details.

Aside from that, be aware of the dangers in opening suspicious emails. That includes not opening email attachments or links from untrusted sources.

If you are an enterprise software security administrator, what can you do?

Most, if not all of the macro malware received are in .doc file format (D0 CF) which are seen in Microsoft Office 2007 and older versions.

If you are in charge of looking after your enterprise software security infrastructure, you can:

  • Update your Microsoft security software. Microsoft detects this threat and encourages everyone to always run on the latest software version for protection.
  • Ensure that your Trust Center settings are configured not to load older Office versions:
    1. Go to Word Options, and select Trust Center. Click Trust Center Settings.

      Trust Center settings

                                                                  

    2. In the Trust Center dialog box, select File Block Settings. Then, select the Word versions that you need to block. 

Trust Center file block settings

Doing so blocks older Office versions from opening.

You can check if MAPS feature is enabled in your Microsoft security product by selecting the Settings tab and then MAPS.

System Center Endpoint Protection MAPS settings

MMPC

Social engineering tricks open the door to macro-malware attacks – how can we close it?

April 28th, 2015 No comments

The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person's curiosity.  With subjects that include sales invoices, federal tax payments, courier notifications, resumes, and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice.

The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run.

Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide.

Increasing trend of macro downloaders from April 2014 to 2015

 Figure 1: Increasing trend of macro downloaders from April 2014 to 2015

We have seen majority of the macro-malware attacks in the United States and United Kingdom.

Macro downloaders’ prevalence in affected countries

Figure 2: Macro downloaders’ prevalence in affected countries

 

Macro malware distribution heat map

Figure 3: Macro malware distribution heat map

Macro malware infection chain

As stated in the previous macro blog, macro downloaders serve as the gateway for other nasty malware to get in. The following diagram shows how a typical macro downloader gets into the system and deliver its payload.

Macro downloader infection chain

Figure 4: Macro downloader infection chain

The macro malware gets into your PC as a spam email attachment. The spam email recipient then falls for a social engineering technique, opens the attachment, thereby enabling the macro inside the document.

We have identified some of these macro downloader threats, but not limited to:

When a malicious macro code runs, it either downloads its final payload, or it downloads another payload courier in the form of a binary downloader.

We have observed the following final payload, but is not limited to:

We have also observed the following binary downloaders to be related to these macros, but not limited to:

After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader.

We have observed the following threats being downloaded by the binary downloaders, but not limited to:

 

Prevention: How do you close that door?

If you know that social engineering tricks through spam emails open the door to macro malware attacks, what can you do to help protect your enterprise software security infrastructure in closing that door?

Be careful on enabling macros

Macro threats, as payload couriers, seem to gain popularity as an effective infection vector. But unlike exploit kits, these macro threats require user consent to run. To avoid running into trouble because of these macro threats, see Before you enable those macros, for details on prevention.

You can also read more about the macro configuration options to understand the scenarios when you can enable or disable them. See Microsoft Project – how to control Macro Settings using registry keys for details.

Aside from that, be aware of the dangers in opening suspicious emails. That includes not opening email attachments or links from untrusted sources.

If you are an enterprise software security administrator, what can you do?

Most, if not all of the macro malware received are in .doc file format (D0 CF) which are seen in Microsoft Office 2007 and older versions.

If you are in charge of looking after your enterprise software security infrastructure, you can:

  • Update your Microsoft security software. Microsoft detects this threat and encourages everyone to always run on the latest software version for protection.
  • Ensure that your Trust Center settings are configured not to load older Office versions:
    1. Go to Word Options, and select Trust Center. Click Trust Center Settings.

      Trust Center settings

                                                                  

    2. In the Trust Center dialog box, select File Block Settings. Then, select the Word versions that you need to block. 

Trust Center file block settings

Doing so blocks older Office versions from opening.

You can check if MAPS feature is enabled in your Microsoft security product by selecting the Settings tab and then MAPS.

System Center Endpoint Protection MAPS settings

MMPC

A cornerstone to trust in technology – compliance – proves foundational as more U.S. government organizations adopt cloud services

April 13th, 2015 No comments

Government agencies want the economic benefits of cloud computing, but this alone isn’t always enough to make the case for change. To move forward, decision makers want to understand the security, privacy and compliance commitments of their cloud service provider. We continue to track and complete a number of attestations and compliance certifications, confirming controls are in place that help enable cloud solutions for government organizations. And, while compliance represents a necessary set of requirements for many governments prior to Cloud adoption, customers also tell us that these investments are helping increase IT security and are therefore integral to decision-making.

One recent example in the United States, is the Criminal Justice Information System (CJIS), a division of the U.S. Federal Bureau of Investigation that operates systems to provide state, local, and federal law enforcement, and criminal justice agencies, with access to criminal justice information. In April, the California Department of Justice confirmed that Microsoft Azure Government cloud solutions complied with CJIS standards for handling criminal justice information in the cloud. In addition to the State of California, Microsoft has signed CJIS agreements for Office 365, Azure, or Dynamics CRM Online in 11 states, including Texas, Michigan, Kansas, and Pennsylvania, and more are still to come.

To outline how U.S. government IT departments are using the cloud to become more secure, we’ve also produced an infographic. For U.S. government entities who want to learn more about the cloud in general, and the cloud services available today, I encourage a visit to our dedicated site.

Obtaining new certifications or updating current ones can be a complicated task. Whether CJIS requirements, FedRAMP, IRS 1075, or HIPAA, organizations rely on their cloud service provider to adhere to these requirements as well as provide the tools necessary to confirm compliance. If you’re interesting in learning more about what we’re doing in the area of compliance, the Azure Trust Center, the Office 365 Trust Center and the Dynamics CRM Trust Center all provide summary level and detailed information.

Microsoft achieves globally recognized ISO/IEC 27018 privacy standard

February 16th, 2015 No comments

Today Microsoft announced its continued commitment to further protect customers’ privacy by obtaining the globally recognized ISO/IEC 27018 privacy standard for Microsoft Azure, Office 365, and Dynamics CRM Online. This achievement is designed to help assure customers of all sizes, that their most sensitive personal data will receive the strong privacy protections detailed in this standard.

We know that our customers rely on us as their cloud service provider, to continually enhance security, ensure data privacy and manage compliance expectations. There are a lot of certifications to pursue; you can be confident we’ll cut through the clutter and focus on what’s important. Microsoft’s achievement of the ISO 27018 standard will ensure additional practices are put in place to help protect your data. For more details on this important milestone, please read Brad Smith’s blog.

 

Weekend Reading: Dec. 20th Edition–‘Biggest holiday season yet’ for Windows Phone and Windows Store apps

December 20th, 2013 No comments

In this edition of Weekend Reading, we’ve got stories on the momentum building behind Windows Store and Windows Phone Store app downloads, how Bing broke out of the (search) box in 2013 and a Microsoft researcher who uses data to power his predictions.

Buoyed by new gift cards and other promotions, as well as the “biggest holiday season yet,” app development for the Windows Phone Store and Windows Store is going strong. “We’re already seeing momentum build with the (Windows) Store surpassing 12 million transactions per day and Windows Phone Store surpassing 200,000 apps,” writes Todd Brix on the Windows Phone Developers Blog, who encouraged developers to finish and update apps to meet these demands. “Taking into consideration the Microsoft and partner promotions and consumer purchase of Microsoft and Xbox gift cards in retail locations, we are forecasting over $100 million to be available for consumers to buy apps and games this holiday season across 100 retailers in 41 markets.” Some apps and games we highlighted this week include the NORAD Tracks Santa apps, the Staff App Pick: American Airlines and LiveATC, the Amtrak app, Phriz.be, the Gameloft Games collection, “Girls Like Robots,” “Subway Surfers,” “Nemo’s Reef,” Zinio, “Avengers Alliance,” Viber, “Catan” and “Riptide GP2.” To show that you don’t have to be a professional developer to get in on the action, small business owner Holly Shore created her mobile app within hours with Windows Phone App Studio.

In 2013, Bing broke out of the search box. It evolved to power a wider range of services and devices than ever, from voice search in Xbox One to Siri’s Web search results. In Windows 8.1, you can use the Search Charm to explore your files, Web results and more with a single query. Third-party developers can now benefit from Bing technology, including optical character recognition, translation, maps and voice controls, using the new Bing Developer Center. These are just some of the many ways Bing redefined search in this breakout year. You can also check out this infographic for some surprising 2013 stats.

clip_image002

Microsoft researcher David Rothschild is legendary for his ability to literally predict the future using a unique and rigorous approach to data analysis. He correctly called the results of the 2012 presidential election in every state but one. He nailed 19 of the 24 Oscar categories this past year. And he’s constantly pushing the boundaries of predictive science through experimental live polling, online prediction games and more. In this interview, David Rothschild tells you what to expect in 2014, breaks down his forecasting philosophy, and explains why you should trust professional gamblers more than cable news pundits.

clip_image004

On Wednesday, University of Colorado Health (UCHealth), one of the state’s largest healthcare providers, announced its migration to Microsoft Office 365. This decision was made in large part due to Microsoft’s long-standing commitment to data security and privacy and because the company supports HIPAA requirements beyond what other vendors provide. Microsoft was the first major IT cloud provider to offer a comprehensive, peer-reviewed Business Associate Agreement (BAA) for all of its customers. The BAA, and its subsequent updates to reflect new product offerings and changes in the law, has been widely accepted within the industry as a best practice, and has helped Microsoft establish itself as a trusted healthcare data steward.

Consumers found big savings on Xbox 360 games, adds-ons, avatars and more with the “Countdown to 2014” daily deals from the Xbox Game Store that began Tuesday, Dec. 17. In addition to those great deals, we saw the debut of the Xbox Video and Xbox Music apps for in the Windows Phone Store. Windows Phone 8 is the only phone that offers Xbox Video support this holiday season, which means you can buy and download favorite movies and TV shows from the Xbox Video service and watch them wherever you go. Use your Xbox Music Pass to stream from a catalog of tens of millions of songs using the Xbox Music service. Also, you can use the Verizon FiOS TV app now on Xbox One and Snap View to watch two programs at the same time.

This week on the Microsoft Facebook page, we helped out last-minute shoppers with eight tech gifts that won’t break the bank and five no-stress downloadable gifts.

clip_image008

Thanks for stopping by this edition of Weekend Reading. Happy holidays, wherever you are!

Posted by Athima Chansanchai
Microsoft News Center Staff

Office 365 hjälper Coop sänka kostnaderna

December 17th, 2013 No comments

Låga matpriser och hållbar miljö är två viktiga ingredienser i Coops affärsidé.  För att uppnå dessa mål har man tagit Microsofts Office 365 till hjälp. Utrullningen skedde just före sommaren och har redan gett resultat.

I livsmedelsbranschen är priset en viktig konkurrensfaktor. Där såg Coop, med CIO Stefan Hasselgren i spetsen, ett värde i Office 365. Med smidiga kommunikationsverktyg blir företaget mer effektiva, vilket gör att de kan hålla nere priserna i butikerna. Några månader efter implementeringen syns redan minskade kostnader. 

– Tidigare betalade vi en leverantör för driften av servrar ovanpå att vi betalade licenser till Microsoft. I och med övergången till Office 365 betalar vi istället en fast avgift per användare. Där ser vi en besparing och en modell som stödjer vårt behov av flexibilitet, säger Stefan Hasselgren.

Varumärket Coop är starkt förknippat med hållbar utveckling. Målet är att butiker, sortiment och leverantörer ska stå för hållbarhet. Smidigare kontaktvägar mellan anställda istället för utskrifter på anslagstavlor är såklart en del i det hela. Men åtagandet går längre än så. Att Microsoft är miljöcertifierade var inte en bonus, utan ett krav.

För oss är det viktigt att säkerställa att partners lever upp till de krav som vi har, till exempel när det gäller miljövänliga datahallar, säger Magnus Schenström, Contract Manager och ansvarig för arbetsplatstjänsten.

Stefan Hasselgren fyller i:

– Centraliserad IT-drift leder automatiskt till hållbarare miljö. Vi har tidigare haft servrar på 800 platser. Och det kommer ju aldrig vara lika miljövänligt som att ha servrar på få platser.

Ett annat krav från Coops sida gällde kundernas säkerhet. Företaget har ett så kallat PCI-certifikat, vilket innebär att kunders kreditkortsuppgifter inte får lagras elektroniskt. Detta möter Office 365 genom ett inbyggt filter som hittar och rensar bort dessa uppgifter innan de lagras på servern.

I våras skedde utrullningen. 3900 tjänstemän omfattades. Beslutet om att köpa in Office 365 togs i mars och enligt tidsplanen skulle implementeringen vara i hamn tre månader senare. Tidsplanen höll tack vare ett nära samarbete mellan Coop och Microsoft.

– Vi var bland annat på väg att gå över det antal licenser vi hade sedan tidigare. Där hjälpte Microsoft oss genom att sätta in temporära licenser så att vi täckte det behov vi hade, säger Magnus Schenström och fortsätter:

­–Det finns också en del fallgropar som hänger ihop med hur väl dokumenterad din nuvarande systemmiljö är, och därmed hur lätt omläggningen kan ske.

Med facit i hand finns det ändå saker som Stefan och Magnus skulle gjort annorlunda om de skulle göra om det hela. Framförallt när det kommer till kommunikationen med användarna.

– Information är jätteviktigt och får aldrig underskattas. Oavsett hur man kommunicerar läser de flesta inte all information och följer inte alla instruktioner. Man bör därför ha en Service Desk som är beredd att hantera en ökad volym av den här typen av ärenden. Det kommer mer än vad man tror, oavsett hur mycket information man skickar ut, säger Magnus Schenström.

Är då allting guld och gröna skogar? Stefan Hasselgren och Magnus Schenström tycker att det fungerar utmärkt i den miljö de jobbar i, men Stefan vet att det finns ett missnöje bland vissa användare. Ett missnöje som inte är kopplat till produkten i sig.

– Många jobbar i en datamiljö där vi fortfarande har en massa gamla system kvar, vilket gör att det inte är helt kompatibelt med den nya miljön, säger Stefan Hasselgren.

Däremot har de nya användarna haft lätt att ta programmen till sig. Stefan Hasselgren tror att det har med Office-paketets popularitet att göra.

– Vi älskar Microsofts verktyg eftersom de används av användarna privat. Det ger oss en mycket kortare startsträcka, för de känner igen sig i programmen och vet redan hur allting fungerar. Det gör det tusen gånger lättare.

För mer information, vänligen kontakta:

Niklas Danell
Microsoft AB
Produktchef Office 365
Tel: 08-7523240
niklas.danell@microsoft.com

 

Weekend Reading: Dec. 6th Edition – Microsoft stands up for customer privacy

December 6th, 2013 No comments

In this edition of Weekend Reading, we’ve got stories on Microsoft’s role in protecting customer data, how 150,000 students, administrators and staff members in Canada have started using Office 365 and Microsoft Research’s first Artist in Residence.

Brad Smith, general counsel and executive vice president of Microsoft’s Legal & Corporate Affairs, wrote about how “many of our customers have serious concerns about government surveillance of the Internet.” He added, “We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data. Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data.”

On Wednesday, Microsoft announced that Canada’s second-largest public school board – the Peel District School Board – has deployed Microsoft Office 365 to more than 150,000 students, administrators and staff members. And, in another big boost for educators, schools and universities that use Office 365 ProPlus for faculty and staff can now extend the service to students for free. Small businesses also received more help in setting up Office 365 from the latest video in the Garage Series, as you can see below.

James George is Microsoft Research’s first Artist in Residence, who is as at home amongst algorithms and software code as he is in galleries and behind a camera. For three months, the Idaho native relocated to Redmond from his current home in Brooklyn as the first Microsoft Research Artist in Residence (AiR). And in a way, it was a homecoming for the University of Washington alum, who graduated with a computer science degree. George straddles that border between art and technology, and has no problem blurring those lines in his work. Starting Dec. 3, his art installation, “Instance,” will inhabit the Studio 99 art space in Redmond, right in the heart of Microsoft Research.

clip_image002

James George, Microsoft Research’s first Artist in Residence

The week after U.S. Thanksgiving continues the holiday gift-giving frenzy, and we gave you some great ideas to make it less crazy for you. For the DIY set, nifty gifts are close at hand with these tech tips and tools. For the voyagers in your life, these holiday gifts brighten and lighten globe-trotters’ travels. And for that ultimate gift-giver – you know, that jolly guy in the sleigh who makes lots of stops around the world – Microsoft has put a fresh spin on the annual tracking of Santa’s journey through the launch of the 3D, touch-optimized NORAD Tracks Santa project.

clip_image004

The Bing Maps Preview app for Windows 8.1 brings the world to your fingertips – in 3D. It gives you personalized local recommendations via Local Scout and smart notifications, real-time traffic updates and a 3D mapping experience of more than 70 cities (and counting) across the globe. Read more about it on Next at Microsoft and the Bing Search Blog. Bing also released a report of its top searches in 2013 – with lots of familiar names and faces (Beyonce, Tim Tebow and the Dallas Cowboys among them).

The Windows Store and Windows Phone Store gained apps and games that satisfied both adventure seekers, home buyers and many more shoppers. You had a lot of new choices to shop from this week, including the Staff App Pick: Zillow and the App of the Week: (download NOOK and take advantage of special offers in the U.S., the U.K. and Spain). You can also find “Dungeon Hunter 4” for free from the Windows Store and the Windows Phone Store and manage personal finances through Mint.com from the Windows Store and the Windows Phone Store. A new Lync app for Windows 8.1 now gives you control of a shared screen and other improvements. Yammer – Microsoft’s social networking service for the workplace – just updated all of its apps with an updated design and a long list of handy new features.

If you’re looking for Windows Phone apps, you’ve got a lot to choose from with these deals and new offerings: Super Photo, “Crumble Zone” and “Final Fantasy” (the latest Red Stripe Deals collection in the Windows Phone Store), MyFitnessPal, “Wheel of Fortune” and Cisco WebEx Meetings.

clip_image006

This week on the Microsoft Facebook page, we watched an internationally renowned wedding and lifestyle photographer capture a wedding using a Lumia 1020.

Thanks for stopping by this edition of Weekend Reading, which is heading into the homestretch as we say the long goodbye to 2013. See you next week!

Posted by Athima Chansanchai
Microsoft News Center Staff

Office 365 makes the grade with Canada’s second-largest public school system

December 4th, 2013 No comments

On Wednesday, Microsoft announced that Canada’s second-largest public school board – the Peel District School Board – has deployed Microsoft Office 365 to more than 150,000 students, administrators and staff members.

“The launch provides the district with the capabilities once reserved for the world’s largest corporations and, according to a recent IDC study, allows the board to give students the technology needed to gain the third most-valued skill, Microsoft Office proficiency, for the high-growth, high-wage jobs of the future,” according to a press release over on the Microsoft News Center.

The district considered offerings from other companies, but chose Office 365 because it supports multiple operating systems and mobile platforms, thereby supporting the district’s bring-your-own-device (BYOD) initiative.

Office 365 includes Exchange, SharePoint and Lync, all of which have been instrumental in creating a more productive working environment for the district’s employees, as well as delivering cost-saving benefits.

The district serves approximately 153,000 students in kindergarten through grade 12 at 242 schools in the Peel Region, which includes Brampton, Caledon and Mississauga, Ontario.

Head on over to the Microsoft News Center for the whole story.

You might also be interested in:

· Recorded calls and meetings work more smoothly with additional changes to Lync 2013
· Xbox One so far: 3 billion zombies killed, 90 million miles driven and more than 415 million Gamerscore points achieved
· NORAD Tracks Santa project goes 3D, touch-device optimized with some help from Microsoft

Posted by Jeff Meisner
Editor, The Official Microsoft Blog

Categories: Office 365 Tags:

Molnsatsning lyfter SATS

En aggressiv molnstrategi med tyngdpunkt på produkter från Microsoft ger träningskedjan SATS en bättre IT-miljö. Därmed underlättas företagets fortsatta expansion samtidigt som kunderna erbjuds bättre service.

Träningstrenden i Sverige håller i sig med oförminskad styrka. Ett tecken på detta är att antalet deltagare i utmanande lopp slår alla rekord – nästa års upplaga av Vasaloppet blev fulltecknat bara tio minuter efter att biljetterna släpptes i mars.

Det betyder också att det finns en god marknad för landets träningskedjor. Tätplatsen i Norden innehavs av SATS som har 108 träningscenter med 275.000 medlemmar. På nordisk nivå har SATS cirka 4.500 medarbetare som arbetar hel-eller deltid. En majoritet av dessa tillbringar sina arbetsdagar ute på träningscentren vilket kräver att IT-miljön ska fungera även i en decentraliserad verksamhet.

För att bättre kunna möta den utmaningen har SATS valt en molnlösning med Microsoft Office 365 och Microsoft CRM Online.

– Det handlar om alla delar i lösningen: mail, Sharepoint intranät, Lync och CRM. Alla medarbetare har snabb och smidig tillgång till mail och eftersom vi är spridda över flera orter och flera länder används Lync i stor utsträckning för den interna kommunikationen, säger Arvid Johansson, CIO på SATS.

Tidigare använde SATS samma produkter men lokalt och i egen drift. Den nya lösningen gör det möjligt för företaget att fokusera mer på att utveckla själva träningsverksamheten.

– Vi är en relativt liten organisation och vi har stort fokus på att driva utvecklingen framåt gentemot verksamheten. Basteknik är dyrt och vi jobbar för att tjänstefiera den bland annat genom att använda molntjänster. I och med att vi växer kan vi nu hantera det på ett mycket bättre sätt, det blir mycket lättare att öppna nya center.

Övergången till en molnbaserad IT-miljö har tagits emot väl av personalen, enligt Arvid Johansson.

– Skiftet att gå över till molnet är i sig inget som användarna egentligen ser annat än att systemen förhoppningsvis blir snabbare. På sikt innebär det att underhåll och uppgraderingar kommer att kunna ske per automatik.

 SATS har också vävt in den digitala tekniken i sina tjänster, 2012 lanserades introduktionsprogrammet SATS YouTM som är byggt på CRM Online. Genom denna får medlemmarna ett skräddarsytt träningsprogram på åtta veckor samt tillgång till en personlig tränare för att få hjälp att komma igång och anpassa programmet.  Träningen följs upp digitalt genom att medlemmar via webb eller mobilapp kan nå sitt träningsprogram samt titta på inspirerande videor och få tillgång till instruktioner och träningstips.

– Den personlige tränaren kan sköta hela dialogen med medlemmen via dator eller mobil och kunden har möjlighet att enkelt följa upp sin egen utveckling och sina framsteg, säger 
Arvid Johansson.  

Och den digitala utvecklingen kommer att fortsätta hos SATS.

– Det är definitivt en bana som vi kommer att följa och vi ser just nu på en massa olika möjligheter. De digitala tjänsterna inspirerar våra medlemmar att träna mer och gör att det trivs ännu bättre hos oss, säger Maja Thermaenius, Projektledare för utvecklingen hos SATS.

Kontaktperson

Arvid Johansson, CIO, SATS
Tel: 073-373 24 06
arvid.johansson@sats.se

Categories: CRM, Getitdone, Lync, Office 365, sats, SharePoint Tags:

Golfanläggningar lyfter med molnet

November 18th, 2013 No comments

Golfservices Norden arbetar sedan starten 2011 med att ge golfanläggningar nöjdare medlemmar samt att öka anläggningarnas lönsamhet. För att detta ska vara möjligt är en väl fungerande IT-plattform en förutsättning.

Golfservices har valt att erbjuda golfanläggningarna Office 365 eftersom det ger både lägre driftkostnader och enklare hantering för anläggningarna.

Golfservice erbjuder golfanläggningarna analysstöd, utbildningsstöd och support. Många av anläggningarna har ett nätverk med upp till tio år på nacken. Det är både kostsamt och tidskrävande menar Carl-Johan Ekman, vd på Golfservices Norden.

För att kunna erbjuda anläggningarna den bästa IT-plattformen gjorde Golfservice under 2012 en undersökning för att se vilka leverantörer och produkter som fanns på marknaden.

Det viktigaste var att lösningen bidrog till att främja lönsamhet, kommunikation och kunde fungera som en grund för vårt koncept. Microsoft Office 365 möter de krav som vår BI-plattform ställer. Med Office 365 kan användarna dela information och få tillgång till lösningen via telefoner, plattor och datorer. Det är precis vad vi vill erbjuda så det var en bra matchning, fortsätter Carl Johan Ekman.

Intresset för Golfservice har ökat sedan de började erbjudande Office 365, enligt Carl-Johan Ekman uppskattas konceptet och anläggningarna köper tjänster i högre utsträckning än förr.

– Men även kalkylen lockar. Att köra Office 365 kostar under 250 kronor per månad och användare för en anläggning, vilket kan jämföras med de 60 000 kronor som en ny server kostar med uppsättning och underhåll. Med elkostnader blir det en kostnad på cirka 2 500 kronor i månaden, påpekar Carl-Johan Ekman.

It-företaget Allieros introducerade Office 365 för Golfservice. För Alliero är det ett naturligt val av IT-plattform.

– Lösningen ligger i molnet och man slipper det extra jobb som egna servrar kan innebära. Det blir lättare att interagera med andra i affärssystemet vilket leder till effektivisering, säger Allieros Tobias Lindstedt. Dessutom leder det till en minskad miljöpåverkan eftersom elförbrukningen minskar.

 Läs mer om varför Golfservices Norden erbjuder Office 365 till golfanläggningar i Norden

Categories: Alliero, Getitdone, Golfservices, Office 365 Tags:

Privacy in Office 365

September 18th, 2012 No comments

Office 365 is a cloud-based version of Microsoft Office that includes business-class email, web conferencing, and file sharing. It includes no advertising, and all of your data is kept separate from consumer services. Your data belongs to you and you can remove it whenever you want to.

If your organization is considering moving productivity services to the cloud and has questions about protecting the safety of your data, we have answers about Office 365.

More information about privacy and security in Office 365