Microsoft

Blog Categories

Subscribe to RSS feed

Archives

Follow Microsoft Technologies on Pinterest

Posts Tagged ‘security’

Threat Resistance in Windows 10 – Ignite 2015

Enterprise and Personal Security Model revolves around:

  • Identity protection
  • Info protection
  • Threat resistance

Windows 10 addresses the threat resistance in the following three ways:

1. Windows Hello (will use fingerprints, facial recognition and biometrics.)
Unlocks your device with biometrics and gives access to your MS passport

2. EDP (Enterprise data protection)
Enrollments –> Data Ingress (everything gets protected at this file level) –> Data Genesis and Use –> Data Egress (RMS) –> Data Wipe

3. Device Guard

  • Enables Windows desktop to be locked down to only run trusted code
  • Resistant to tampering by an admin or malware
  • Requires special device configuration by either the OEM or IT

Next-Gen Information Protection Announcements – Ignite 2015

The following are my notes from the Next-Gen Information Protection announcements at Microsoft Ignite 2015.

Microsoft thinks about security in three ways:

  • Being pervasive
  • Transparent
  • People-centric

Pervasive – policy applied to data level (when its created inside the ecosystem)
so it goes with data across devices.

Unified compliance – running data through compliance center across email, SP, messaging, etc.

Pervasive -Admin goes to compliance center
Sets up files and links with security
User opens links received via email. Malicious links redirect user to a threat warning page blocking access. Read the rest of this post »

New Additions to the Office 365 Family

I’ll keep this post short and sweet in honor of Friday!

Now if you are an avid follower of Microsoft, you got to agree that the most fascinating news (other than stock news) about the company is their shift to the cloud with platforms and products like Azure and Office 365. With so much exciting features coming through it’s tough to keep track. We at Perficient here, have the privilege to work with the latest greatest and keep you updated with the same. The three new features which caught my attention last week provide a great enhancement to user experience, be it mobile or desktop. I discuss them briefly here

Office on iOS

Office 365 Message Encryption Viewer – This app allows you to open mail attachments and send back an encrypted reply. Microsoft verifies your identity to ensure you are who you say you are. Get a one time pass code on your phone.

image1 Read the rest of this post »

Microsoft Azure ExpressRoute is free through June 30, 2015

The most common way for enterprises to connect their datacenters or home offices to resources in Microsoft Azure is over VPN. Although Microsoft has made connecting to Azure quick and easy, VPNs, in general, do have their drawbacks. Because they traverse the public internet, availability and performance are difficult to control. Latency can also be an issue for those applications and connections which depend on low latency communications.expressroute

Fortunately, Microsoft realizes many companies require better connections to their Azure resources, and they offer ExpressRoute as a solution. ExpressRoute provides private connections between Azure datacenters and a company’s on-premises datacenter. These connections don’t traverse the public internet so the result is higher security, lower latency, better reliability and faster speeds.

If you are thinking of extending your existing datacenter to Azure, or if you want to take advantage of the storage, backup, and recovery benefits of the Azure cloud, now is a great time to give it a try. Up until June 30, 2015, the Microsoft Azure ExpressRoute 10 Mbps Network Service Provider (NSP) offering is free of charge. Just to sweeten the pot, some Microsoft NSP partners are offering related promotions during this period.

Read the rest of this post »

SharePoint Online eDiscovery Center For All Your Legal Needs

ediscovery Featured

Ever have requests to furnish old emails, messages, documents to your HR or legal teams? In this digital era, we experience an overflow of electronic information in forms of email, documents, IM conversations, etc. It can be chaotic when you are expected to look for content from several years in the past. Have you ever wondered what it would be like if you had a tool to help with ESI (electronic stored information) to collect, classify, and analyze? Even better, a tool that allows you to then preview and preserve for as long as your corporate policies allow?

The most-affected workgroups are Legal, IT, and the governance, risk, and compliance folks, who must manage all of the data legal and compliance groups are desperately trying to search. Now with Office 365, you can do just that and more. Office 365 equips you with an eDiscovery center to manage preservation, search, and export of content stored in Exchange and SharePoint, across SharePoint farms and Exchange servers.

eDiscovery2

Your SharePoint Online tenant comes with a pre-created eDiscovery center. What it needs from you is, configuring discovery sets and setting up your search queries in order to export the results. With SharePoint Online you can run an eDiscovery case on SharePoint, Exchange, Lync, and on premises File Shares at the same time, from one management console. This lets you search, preserve, and export all relevant content from all these repositories. For every discovery case, you would create a new case site where it is possible to conduct searches, place content on hold, and export content. There are new capabilities in eDiscovery you need to be aware of:

  • eDiscovery Sets: Combinations of sources, filters, and whether to preserve content. eDiscovery Sets are used to identify and preserve content.
  • In-Place Hold: Now you can preserve sites and mailboxes using search filters. Preservation works behind the scenes… people can work on their documents and delete email and not even know it is turned on, but for eDiscovery, you have the data you need in an immutable store.

eDiscovery3

 

  • Query: Search experience which is eDiscovery focused. This reduces the output data and help you find the content you are looking for.
  • Export: Download all of the data  directly to a local machine with an offline copy of native documents, email PSTs, archived MHT web pages, and CSV files for SharePoint lists.

eDiscovery4

eDiscovery5

After searching for relevant content in a eDiscovery set, you may want to put content on hold. This enables the original content to always there when your legal department asks for it. The eDiscovery center allows you to put SharePoint sites and Exchange mailboxes on hold, without disrupting the business.  Putting a SharePoint site on hold creates a hidden document library. This enables the user to still modify any content item subject to the legal hold while keeping the original copy of the item in that hidden library. Exchange mailboxes apply the same principle by creating a hidden folder where items are actually moved to when a user deletes an item.

This post guided you through the benefits and process to setup eDiscovery and empower your legal department to query and export content to help in any litigation or compliance needs. In the next few posts, I’ll dive into some other advanced security features in Office 365.

How Secure is Your Cloud? – Introduction to Office 365 Security

Who owns the data we store in your service? Will you use our data to build advertising products? Do you offer privacy controls in your service? Do we have visibility to know where our data is stored? Can we get our data out of your service if we decide to leave?

These questions are top of mind for any organization that is considering Office 365. Luckily for you, Microsoft publishes the Office 365 Trust Center to answer those and many more questions about security on the Office 365 service.

Office 365Microsoft has 4 core tenants for its approach to earning and maintaining your trust:

1. Built-in Security

  • Service-level security through defense-in-depth
  • Customer controls within the service
  • Security hardening and operational best practices

At the service level, Office 365 uses the defense-in-depth approach to provide physical, logical, and data layers of security features and operational best practices. In addition, Office 365 gives you enterprise-grade, user and admin controls to further secure your environment.

Physical Security – 24-hour monitoring of data centers, Multi-factor authentication, including biometric scanning for data center access, Internal data center network is segregated from the external network, Role separation renders location of specific customer data unintelligible to the personnel that have physical access, Faulty drives and hardware are demagnetized and destroyed

Logical Security – Lock box processes for strictly supervised escalation process greatly limits human access to your data, Servers run only processes on whitelist, Read the rest of this post »

SharePoint Online (O365) adds security and compliance services

In the past month, Microsoft has added two key new service capabilities to SharePoint Online and Rights Management that provide a more robust secure computing experience.  The first is the introduction of data loss prevention and the second is the improvements in protecting content across all platforms including OS X Support.

Data Loss Prevention

DLPSharePoint Online now provides the ability to perform a legal audit to determine the amount of risk posed by data stored on SharePoint sites and OneDrive, commonly known as data loss prevention or DLP. This capability provides the ability to identifying 51 built-in sensitive information types such as credit cards, passport numbers, and Social Security numbers. Once discovered there is the ability to perform an audit and export a report with suspect content.

There is future capabilities for policy creation that automatically detects sensitive content and applies protection, such as deletion or quarantine for review.

For more information about Using DLP in SharePoint Online, review this TechNet article
For more information about the Using 51 DLP Information Types, review this TechNet article.

Read the rest of this post »

Top Five Reasons to Upgrade from Windows XP

# 5 – Familiarity

One of the reasons organizations have tended to stay with XP for so long is their employees are familiar with it. Like an old friend, it’s comfortable and easy to deal with. However churn among your IT administrators and other employees has changed the dynamic. Most people are now more familiar with newer operating systems. When new associates sit down in front of XP, it is likely to be dramatically different (and disappointing) than the more up to date operating systems they use at home and at their previous job.

#4 – Speed and Productivity

Windows XP typically takes at least 30 seconds to boot and often much longer. Windows 8.1 can boot in about 10 seconds. That 20 seconds can easily turn into 5 minutes or more of lost productivity every day when you walk away to do something else while XP boots.

#3 – Web Browsers and New Applications

More applications, business and personal, will be developed to be used via a web browser. It takes extra time to develop new applications which are compatible with old browser versions. Over the short term, many new applications just won’t work with XP.

#2 – Office 2013 and Office 365

Office 2013 and Office 365 ProPlus are not supported on Windows XP. Office 365 only supports software and operating systems which are still in mainstream support. The cloud and other popular software packages are leaving you behind!

 

(Drumroll please…)

#1 – Security

The XP operating system came to market in 2001. Time Warner and AOL merged that year. Although XP lasted longer than that disaster, the security implications of sticking with XP any longer could likely create a security disaster in your desktop environment. Hackers now know every way to compromise your OS. Do you think they are not already taking advantage of this potential bonanza?

 Conclusion

Don’t put it off any longer. Perficient has the experience and talented staff to help you ease this transition.

Integrating ASP.NET MVC authentication with SiteMinder SSO

SiteMinder is an enterprise-class secure single sign-on solution by CA (Computer Associates) which is employed by many large companies to secure their intranet access and provide single sign-on functionality to various intranet applications.  SiteMinder has a broad support for different application frameworks which is making possible to use in heterogeneous enterprise environment.
For example, when SiteMinder is used to secure ASP.NET/IIS application then it’s normally configured as IIS handler. For example (in web.config):

<add name="handler-wa-32" path="*" verb="*" modules="IsapiModule" scriptProcessor="C:\Program Files\CA\webagent\win32\bin\ISAPI6WebAgent.dll" resourceType="Unspecified" requireAccess="None" preCondition="classicMode,bitness32" />
sso SiteMinder module is intercepting every request to ASP.NET application resource and authenticating and authorizing user. If user is authenticated and authorized successfully then SiteMinder is passing the request further down the pipeline to ASP.NET.
So, how too integrate SiteMinder authentication with ASP.NET MVC authentication? SiteMinder is doing a great job for handling it on it’s own, but quite often MVC application will need to doit’s own, custom authorization in order to grant or deny user access to different resources, depending on user role.

Read the rest of this post »

ASP.NET MVC anti-forgery token demystified – part 3: AJAX

AJAX This blog post is third and final in series about MVC anti-forgery (CSRF) token.
Part 1.
Part 2.As we talked about it earlier, MVC have a great built-in functionality for securing form posts with anti-forgery tokens and it’s even possible make it work across multiple web applications.

However, these days modern web applications tend to have more asynchronous (AJAX) communication between browser and web server   than traditional HTML form posts where the whole page is reloaded. The question is, can built-in MVC components to be used for CSRF validation when browser code is using AJAX to post to the server?

Obviously, it can’t be used directly because @Html.AntiForgeryToken only works when it’s placed inside HTML form and that form is submitted to the server. In case of AJAX post there is no form, so the AJAX controller method will not receive a form CSRF token (cookie token though will flow with the AJAX post normally).  However,  we can make it work with a little of extra coding…

Read the rest of this post »