Archive for the ‘Security and Compliance’ category

CoPilot and Business Chat

March 17th, 2023

This week Microsoft demonstrated how its natural language AI capabilities in Microsoft 365 Copilot will extend across the company’s products and services.

Microsoft also owns a 49 percent share of OpenAI, a generative AI firm that announced  the next iteration of its natural language AI chatbot.

Microsoft has already integrated ChatGPT into its: Azure cloud,  the Bing search engine and the Edge browser, Microsoft 365 Copilot further promises to embed natural language querying capabilities into Office productivity tools in the Microsoft 365 apps like: Word, PowerPoint, Excel and Teams.

In a livestreamed presentation, CEO Satya Nadella positioned Copilot as a turning point in computer-user interactions. For years, AI has been working “behind the scenes” in search engines, auto-correct and recommendation lists. “You can say we’ve been using AI on autopilot,” Nadella said. The new generation of AI — specifically, natural language and generative AI — will let users run it “on co-pilot.”   “We believe this next generation of AI will unlock a new wave of productivity growth,” he said.  

Microsoft 365 Copilot similar to ChatGPT uses large language models (LLMs) with the Microsoft Graph API. It’s powered by the Copilot System, “a sophisticated processing and orchestration engine.”

“Copilot is more than OpenAI’s ChatGPT embedded into Microsoft 365. It’s a sophisticated processing and orchestration engine working behind the scenes to combine the power of LLMs, including GPT-4, with the Microsoft 365 apps and your business data in the Microsoft Graph — now accessible to everyone through natural language.” said  Microsoft Corporate Vice President Jared Spataro

The demos showed how a user can prompt Microsoft 365 Copilot within in minutes or even seconds to:

  • Create a personalized slide deck in PowerPoint.
  • Highlight relevant data in an Excel sheet in response to a question.     
  • Create a customized marketing document, as well as a corresponding PowerPoint presentation (with presenter notes).
  • Summarize a Teams meeting and identify calls to action.

Microsoft acknowledge that Microsoft 365 Copilot is not infallible as put it sometimes, it will “be usefully wrong”. A  user might then choose to manually make edits, corrections or stylistic changes to the file that Copilot generated. , Sumit Chauhan, head of Microsoft’s Office product group, cautioned: “Now remember — you’re not going to send this off to a customer without a review.”

Microsoft also debuted a brand-new feature on Thursday called Business Chat, which Spataro described as a “knowledge navigator” that users can access from Teams, Bing or Microsoft365.com. From his blog:

“Business Chat works across the LLM, the Microsoft 365 apps, and your data — your calendar, emails, chats, documents, meetings and contacts — to do things you’ve never been able to do before. You can give it natural language prompts like “Tell my team how we updated the product strategy,” and it will generate a status update based on the morning’s meetings, emails and chat threads. “

Jon Friedman, head of design and research at Microsoft said. “Our goal is to give people agency,” …. “You always have the option to use, discard, adjust or undo.”  

Copilot has “mitigations against mistakes, biases and misuse, said Chief Microsoft Scientist Jamie Teevan,. “Every Copilot feature has passed privacy checks … and is monitored in real time,” “We’re going to make mistakes, but when we do, we’ll address them quickly.” she said.

Copilot has two-factor authentication enabled and will fall in line with the Microsoft 365 security, compliance and privacy policies that a company already has in place. It also has protections against data leakage, Spataro wrote:

“Copilot LLMs are not trained on your tenant data or your prompts. Within your tenant, our time-tested permissioning model ensures that data won’t leak across user groups. And on an individual level, Copilot presents only data you can access using the same technology that we’ve been using for years to secure customer data “

New Penalties for violating the UAE Federal Decree by Law No 32 of 2021 concerning Commercial Companies (“Commercial Companies Law”).

February 9th, 2023
Recently, the UAE Cabinet issued a resolution that stipulates penalties for violating the UAE Federal Decree by Law No 32 of 2021 concerning Commercial Companies (“Commercial Companies Law”).
This applies to all UAE onshore or mainland companies, including Limited Liability Companies (LLCs). Penalties for Non-Compliance
·  Accounting Registers: A fine of AED 15,000 for failing to maintain accounting registers. ·  Trade Name Change: A monthly fine of AED 500 for failing to comply with the decision to change the trade name, with a maximum annual amount of AED 5,000. ·
 Ownership: When the LLC carries out activities with strategic significance, it may face a fine of AED 100,000 for non-compliance with the required UAE national ownership percentage or minimum number of Emirati board members.
·  Memorandum of Association: A fine of AED 1,000 on the director or chairman of the board for not having updated the MOA as per the Commercial Companies Law.
·  Loss Disclosure: A fine of AED 50,000 will be given to the director, chairman of the board, or their representative when a general assembly is not called to disclose losses equal to 50% or more of its capital.
·  Data Access: A fine of AED 5,000 for refusing access to minutes of meetings, books, and other related transaction documents with respect to shareholders.
·  Board Meetings: A fine of AED 3,000 for failing to invite a director or board member to a board meeting.
·  Refusal of Information or Misleading Information: AED 5,000 fine on the director or chairman of the board of directors of the LLC, their representative, or the auditor upon refusal, concealment or providing misleading information to authority inspectors.
·  Penalties for Share Disposal: A fine of AED 20,000 may be imposed on any individual who disposes shares in violation of the Commercial Companies Law.
·  General Assembly: The director or chairman of the LLC board may be fined AED 5,000 for failing to call the annual general assembly meeting, with a fine of AED 10,000 for failing to call the meeting when requested by the Ministry.

The implementation i suggests that authorities are considering a stringent examination of companies’ adherence to the Commercial Companies Law. so thoroughly assess your corporation’s practices to minimise the likelihood of fines due to non-compliance.
 
Companies Are Required to Achieve 1% Emirationsation by 1 July 2023 to Avoid Penalties
– The penalties for private companies that fail to meet Emiratisation targets under the amended scheme will now be imposed ‘semi-annually‘.
– Firms that don’t achieve the 1 per cent Emiratisation target growth by 1 July 2023 will be fined Dh7,000 for each UAE national who has not been hired.
– Violating companies will be charged from 1 July 2023.
– Private firms are now required to increase the number of Emiratis in skilled jobs by 1 per cent every six months, while remaining on track to achieve the overall 2 percent target by the end of the year.
– The penalties for non-compliance from 2022 will continue to be collected.


Windows 10 sales to end this month

January 26th, 2023

Windows 10 use currently leads worldwide in terms of Windows desktop use.

Windows 7 with Extended Security Updates support fell out of support on Jan. 10. The same date as the end of supportfor Windows 8.1.

Both the Home and Pro Windows 10 OSes can’t be purchased from Microsoft after this month. Here’s Microsoft’s language to that effect from its Microsoft Store listings for the Home and Pro editions:

January 31, 2023 will be the last day this Windows 10 download is offered for sale. Windows 10 will remain supported with security updates that help protect your PC from viruses, spyware, and other malware until October 14, 2025.

A “get Windows 10” search currently defaults to Microsoft’s get Windows 11 page.

The statement seems to just apply to the downloadable OS product.

For the various ways to buy Windows, see this PCWorld.com article.

Federal Decree-Law No. 47 of 2022 – – the legislative framework for corporate tax on business profits in the UAE

December 21st, 2022

On December 9, 2022, the UAE published the Corporate Tax (CT) Law, which will be effective from the financial years starting on or after June 1, 2023.

https://mof.gov.ae/wp-content/uploads/2022/12/Federal-Decree-Law-No.-47-of-2022-EN.pdf

https://mof.gov.ae/corporate-tax-faq/

https://mof.gov.ae/corporate-tax-faq-ar/

Corporate Tax is a form of direct tax levied on the net income of corporations and other businesses.  Corporate Tax is sometimes also referred to as “Corporate Income Tax” or “Business Profits Tax” in other jurisdictions.

Broadly, Corporate Tax applies to the following “Taxable Persons”:
● UAE companies and other juridical persons that are incorporated or effectively managed and controlled in the UAE;
● Natural persons (individuals) who conduct a Business or Business Activity in the UAE as specified in a Cabinet Decision to be issued in due course; and
● Non-resident juridical persons (foreign legal entities) that have a Permanent Establishment in the UAE (which is explained under Section 8).
Juridical persons established in a UAE Free Zone are also within the scope of Corporate Tax as “Taxable Persons” and will need to comply with the requirements set out in the Corporate Tax Law. However, a Free Zone Person that meets the conditions to be considered a Qualifying Free Zone Person can benefit from a Corporate Tax rate of 0% on their Qualifying Income (the conditions are included in Section 14).
Non-resident persons that do not have a Permanent Establishment in the UAE or that earn UAE sourced income that is not related to their Permanent Establishment may be subject to Withholding Tax (at the rate of 0%). Withholding tax is a form of Corporate Tax collected at source by the payer on behalf of the recipient of the income. Withholding taxes exist in many tax systems and typically apply to the cross-border payment of dividends, interest, royalties and other types of income.

During this month, FTA will also be running a series of online orientation sessions for EmaraTax users. There will be two sessions per day:

• 10 – 11 am providing you an opportunity to raise specific questions about using EmaraTax;
• 3 – 4 pm focusing on specific aspects of EmaraTax, in particular password reset, returns submission and payments.

This You Tube recording has already been released and will soon also be available in Arabic.

Microsoft Edge update will permanently disable the Internet Explorer 11 desktop web browser

December 19th, 2022

Microsoft announced last week that in February. 2023 a future Microsoft Edge update will permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems.

115 June 22was the day Internet Explorer reached its end of support, and the company told customers that the legacy web browser would get disabled via a Windows update.

“The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated,” Redmond said on Friday.

“All remaining devices that have not already been redirected from IE11 to Microsoft Edge are scheduled to be redirected with the Microsoft Edge update scheduled for February 14, 2023.”

Enterprise admins should to transition from IE11 to Microsoft Edge with IE mode and remove IE visual references from the Start Menu and the Windows taskbar with the Disable IE policy before February 14 to avoid “business disruption at scale when users lose access to IE11-dependent applications.”

Next year’s May non-security preview release and the June Windows monthly security update are designed to remove those in environments where admins do not act before IE11 gets permanently disabled.

Internet Explorer will redirect users to the new Chromium-based Microsoft Edge when launching the Internet Explorer 11 desktop applications. During the process, users’ data (including settings, passwords, and favorites) will be imported into Microsoft Edge to make the switch easier.

Since October 2020, IE11 has automatically launchrd Microsoft Edge when visiting incompatible sites. The list of incompatible sites (managed by Microsoft) contains 7,562 domains, a long list of high-profile online platforms and services, including Facebook, Instagram, Google Drive, Microsoft Teams, Twitter, and many others.

Internet Explorer around for some time yet

Although officially retired from multiple Windows 10 versions on the semi-annual channel (SAC) servicing channel and not shipping with Windows 11, IE11 will still be available on Windows 7 ESU, Windows 8.1, and versions of Windows 10 LTSC client, IoT, and Server. The web browser will continue to receive technical support and security updates on systems that run these Windows versions for the lifecycle of the Windows version.

You can switch to Microsoft Edge with IE mode which enables backward compatibility and will be supported through at least 2029. To enable IE mode in Microsoft Edge, go to edge://settings/defaultbrowser, toggle on the ‘Allow sites to be reloaded in Internet Explorer‘ option, and restart the browser.

Microsoft also discontinued IE support in Teams in November 2020 and also ended support across Microsoft 365 apps and services in August 2021. Other Microsoft services and apps have also ended support for Internet Explorer during the last few years.

Why Dynamics 365 Finance and Operations technology makes a difference.

December 7th, 2022

Microsoft has invested billions of dollars into Dynamics 365 technology and security, which has produced many great new features.

When you move to the cloud, everyone is maintained on the same version, and you will always be in lockstep with Microsoft updates. You can be proactive and flexible in promoting those upgrades into your production environment to enhance your user experience.

Your integrations will become extensions-based, rather than relying on over-layering. This will give you several benefits because Extensions make rolling updates much easier

  • Easier to apply new releases, updates, and hotfixes without affecting customization
  • ISVs provide new releases quicker
  • Reduce the cost and effort involved with an upgrade
  • – all of this without impacting the core code of your environment

We understand why some businesses are hesitant to move to the cloud, but from our view, the benefits outweigh the risk. Microsoft has invested heavily in Azure. It is built on the latest hardware, has 24-7 monitoring year-round, and is consistently updated.

With this move, you will have peace of mind not having to worry about the hardware, energy, labour costs and work associated with backup and disaster recovery. While many businesses feel they have control over their on-site servers, this can lead to a false sense of security. Cyber threats are prevalent and getting faster and more sophisticated. Whether a business has on-site servers with a backup plan or not, many simply aren’t prepared for the worst-case scenario unless they have a large internal IT team or pay for a costly third-party IT service.

Microsoft recognizes this and has over 3,500 Azure cybersecurity professionals working to protect its cloud and has invested in it to the tune of over $1 billion annually. Simply put, upgrading takes that load off your shoulders and puts it onto a specially trained Microsoft team.

Azure also has thousands of connectors, and a Dataverse ( Common data model) to integrate non-Microsoft systems with your Dynamics 365 Finance and Operations environment.

One of the greatest benefits of upgrading is you can create low/no-code applications using the Power Platform. Power BI, PowerApps, Power Automate, and the Dataverse combine to form the Power Platform, a program that integrates seamlessly with Dynamics 365 solutions.

It lets you compile, design, and publish your data very easily into visually appealing reports and dashboards that can be used internally and externally and published to workspaces or organizational/public-facing apps.

Create apps for your team to have the information they need to work from wherever they are, on whatever device they use..

One of the best features of the Power Platform is that data changes synchronise across your system. For example, go into a system to update a client’s contact information, and that change will update in all your connected systems.

Power BI is a cloud-based analytics tool that gives you a single visual view of your most critical business data. You can create reports on the health of your business, dashboards displaying critical numbers and figures that help your staff work, and rich and interactive visualizations. It is easy to use and integrates seamlessly with Dynamics 365 technologies. There are out of the box embedded dashboards and Synergy has created many client specific dashboards.

Time to move to Dynamics 365 Finance and Operations with Synergy Software Systems

December 7th, 2022

No more Dynamics Ax support

Most versions of Dynamics AX are off both Mainstream and Extended Support, which means they have no access to new features, and will not get fixes for either non-security or security issues, and cannot reach out to Microsoft for one-on-one support.

AX 2012 R3 is on extended support, but that support cycle will end on January 10, 2023. Extended support means you still get security fixes. However, you have no access to new features, and need to pay an annual fee plus a per-incident charge for non-security fixes and access to support.

AX TO FO 2 SUPPORT LIFECYCLE

From January 2023, all Dynamics AX customers will be on their own for Microsoft core code and security threats, or for issues about compatibility with database or operating system changes. It’s essential to have a proven partner to support local builds and customisations and to help explain and manage the upgrade process.

That’s why if you have not already moved to Dynamics 365 Finance and Operations then time has run out. Urgent action is advised. It takes time to review options, to understand the different licences, the many new features, the new technology platform, and to mobilise resources and to reimplement an enterprise company.

Chrome flaw-urgent update

September 7th, 2022

An urgent warning has been issued for BILLIONS of Google Chrome users by Google to warn that its web browser users that there is a vulnerable flaw.

 Chrome has launched a new update – across Windows, Max and Linux computers.

Chrome users need to relaunch the browser to activate the update. This will update Chrome to version 105.0.5195.102 for Windows, Mac, and Linux. 

To update Chrome, click on the three-dot menu on the top-right of your Chrome window. Then users should go to Help > About Google Chrome to see if the update is available, before clicking the download button.

Please see the Chrome Security Page for more information.

This latest update comes just days after Google released Chrome version 105 on August 30th. That update already came with 24 security fixes. Apparently, that still wasn’t enough. This is the sixth zero-day vulnerability Chrome has faced so far this year. The last vulnerability that was actively exploited was just flagged in mid-August,

Xcitium – the new Comodo zero threat solution

July 31st, 2022

Every 11 seconds a new ransom incident occurs and every day the AV-TEST Institute registers over 450,000 new malicious malware and unwanted applications.

What if you could provide 100% protection from those unknown ransomware and malware attacks?

Well, – Now you can!

Comodo Security Solutions has rebranded as Xcitium as it unveils its patented ‘ZeroThreat‘ technology, to be the first in this new Gartner Domain Space “Containment for Endpoints”

Xcitium will have an official launch at the Black Hat USA Exhibition (Aug 6-11, 2022). 

ZeroThreat’ technology employs Kernel API Virtualization to isolate and eliminate threats such as zero-day ransomware and other malware before those can cause damage, all without interfering with a customer’s operations. 

“Xcitium’s ZeroThreat Technology, utilizing patented Kernel API Virtualization, prevents unknown malware from accessing critical system resources that cause damage, while providing complete use of the unknown file or application—this is a distinct departure from all existing vendors which terminate the offending unknown once their engine makes a threat determination,” 

Sarah Pavlak, Industry Principal at Frost & Sullivan

(In 2018, as Comodo, the company expanded beyond its original business strategy of keeping the Internet secure through SSL certificates. It focus was on unified managed endpoint protection in response to the increasing, advanced threat, landscape.

Since its inception, Xcitium has a track record of zero security breaches when completely configured.

The ZeroThreat technology is the cornerstone of the Xitium endpoint suite.

It is built with a signature role to keep the Internet safe with:

  • advanced endpoint protection (AEP),
  • endpoint detection and response (EDR),
  • managed detection and response (MDR).

For more information, contact: Synergy Software Systems 0097143365589

Microsoft Purview – a family of data governance, risk, and compliance solutions

June 28th, 2022

The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. New connections help us to be more collaborative; and to routinely edit and share documents in real-time from wherever we work. Instant messaging a tool of convenience is now a cornerstone of communication. People in business, operations, and technical roles are adept at combining disparate solutions to meet changing needs. Multiple mobile and smart devices, go beyond secure corporate networks.

Constant connectivity brings evolving, inherent risks. Organizations have seen a massive increase in their digital footprint, often with data fragmentation and growth across a multitude of applications, devices, and locations.  Dark data, which organizations pay to store, but goes underutilized in decision making, is growing at a rate of 62 percent per year.  The virtual office and new collaboration mediums open doors to harassment, sensitive data leaks, and other workplace policy infractions. It’s a big digital world for any organization to manage. 

Microsoft Purview is a family of data governance, risk, and compliance solutions that can help your organization to govern, to protect, and to manage your entire data estate. Microsoft Purview solutions provide integrated coverage and help address the recent increases in remote user connectivity, the fragmentation of data across organizations, and the blurring of traditional IT management roles.

Microsoft Purview combines the former Azure Purview and Microsoft 365 compliance solutions and services together into a single brand. Together, these solutions help your organization to:

  • Gain visibility into data assets across your organization
  • Enable access to your data, security, and risk solutions
  • Safeguard and manage sensitive data across clouds, apps, and endpoints
  • Manage end-to-end data risks and regulatory compliance
  • Empower your organization to govern, protect, and manage data in new, comprehensive ways

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates-list?view=o365-worldwide

https://www.microsoft.com/security/blog/2022/04/19/the-future-of-compliance-and-data-governance-is-here-introducing-microsoft-purview/