Archive for the ‘Technology’ category

« Older Entries
Newer Entries »

June 2022 cumulative Windows Update to seal the zero-day security hole

June 18th, 2022

the June 2022 cumulative Windows Updates seal the zero-day security hole that enabled an exploit called Follina (CVE-2022-30190). 

The security flaw was in a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution bug, which allows hackers to execute arbitrary code within apps by using the tool, such as installation of programs, change or deletion of data or creation of a new Windows account with a compromised user’s rights on the affected PC.

The bug affects machines running Windows 7 and later. 

The bug appears to have been exploited by Chinese hackers to send malicious documents to Tibetans. and also to target U.S. and European Union government agencies. 

Other cyber-savvy criminals could use the same exploit on unpatched PCs to cause havoc. so we like Microsoft, recommend that you ensure your PC is patched as soon as possible. 

Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action,” said Microsoft.

With automatic updates enabled you should already protected. If not then to ensure you have the latest patch go to the Windows Settings app, navigate to the Windows Update section to see whether your PC is up to date,, or needs an update, or in some cases a restart to apply the update.

Do this to keep your PC protected from malicious and opportunistic hackers. 

Comments Off on June 2022 cumulative Windows Update to seal the zero-day security hole »

Posted in Security and Compliance, Technology

Cybercrime update – increasingly scary

June 13th, 2022

According to the recent 2022 Ransomware Trends Report” (Veeam), compiled by surveying 1,000 global IT leaders, paying a ransom for an organization’s hijacked data doesn’t ensure return of the stolen data.   

  • 24 percent of organizations that paid the amount demanded by ransomware attackers ended up not recovering their stolen data.
  • 19 percent of those affected by ransomware were able to recover their data through their own means and without having to pay off the attackers.
  • When data is eventually recovered after remediation through payment, data recovery took an average of 18 days.
  •  (22 percent) reported it took one to two months to fully recover the data,
  • 3 percent said they were down for two to four months.
  • Some time was spent decrypting the encrypted stolen data, but much of the downtime is attributed to deep scans of restored systems to confirm they were “clean” from any ransomware remnants.
  • Backup repositories were targeted 94 percent of the time.
  • Specific production platforms or application types were targeted in 80 percent of successful ransomware attacks, making ransomware prevention not just the duty of IT security
  • Phishing e-mails and malicious links and Web sites continue to be the top (44 percent) ransomware entry points,
  • Infected patches and software are close behind with 41 percent of all ransomware attacks by those surveyed.
  • The remaining entry point sources:
    • Compromised credentials and spraying attacks (35 percent).
    • Insider threats (32 percent).
    • Zero-day vulnerabilities (26 percent).
    • Only 1 percent of those who experienced a ransomware attack were not able to identify the entry point

About 25 years ago a business report indicated that a majority of companies that lost their computer system for more than one week went out of business within 18 months. A sobering thought given our increased dependence on systems in the digital age, and the surge in state sponsored cybercrime.

The 2022 Ransomware Trends Report” indicates that most organizations don’t have the tools or know-how  to recover their hijacked data before they end up paying for their data back.

  • A strong Modern Data Protection strategy requires a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,.  
  • IT should routinely test their data protection solutions and protocols and ensure that employees are well-versed in spotting possible ransomware attacks.

Veeam credits the improvements in monitoring tools and a concerted effort toward ransomware prevention by many IT shops for the high success in identifying the source of ransomware.

The report finds that.

“This alone should drive broader conversations within IT, so cyber security isn’t just the delegated to the security team; database administrators should also help ensure that database servers are secure and administrators should help ensure hypervisors are patched, that Windows updates are routinely run, etc.,”

How to protect yourself against ransomware

Whether a simple ransomware attack, a double- or triple-extortion attack, a self-contained threat family, or a RaaS attack executed by an affiliate network, the defense strategy is the same: employ the principles of zero trust to limit vulnerabilities, prevent and detect attacks, and limit the blast radius of successful breaches.

 Here are some best practices recommendations to safeguard your organization against ransomware:

  • Get your applications off of the internet. Ransomware actors start their attacks by performing reconnaissance on your environment, looking for vulnerabilities to exploit, and to calibrate their approach. The more applications you have published to the internet, the easier you are to attack.
  • Use a zero trust architecture to secure internal applications, make those invisible to attackers.
  • Enforce a consistent security policy to prevent initial compromise. With a distributed workforce, it is important to implement a security services edge (SSE) architecture that can enforce consistent security policy no matter where your users are working (in office or remotely). 
  • Use sandboxing to detect unknown payloads. Signature-based detection is not enough in the face of rapidly changing ransomware variants and payloads. Protect against unknown and evasive attacks with an inline, AI-powered sandbox that analyzes the behavior rather than the packaging of a file.
  • Implement a zero trust network access (ZTNA) architecture. Implement granular user-to-application and application-to-application segmentation, brokering access using dynamic least-privileged access controls to eliminate lateral movement. This allows you to minimize the data that can be encrypted or stolen, reducing the blast radius of an attack. 
  • Deploy inline data loss prevention. Prevent exfiltration of sensitive information with trust-based data loss prevention tools and policies to thwart double-extortion techniques.
  • Keep software and training up to date. Apply software security patches and conduct regular security awareness employee training to reduce vulnerabilities that can be exploited by cybercriminals.
  • Have a response plan. Prepare for the worst with cyber insurance, a data backup plan, and a response plan as part of your overall business continuity and disaster recovery program.
  • To strengthen defences against ransomware, embrace layered defenses that can disrupt the attack at each stage—from reconnaissance to initial compromise, lateral movement, data theft, and ransomware execution.

The amount of time cyber criminals intruders are spending inside victims’ networks is increasing, providing them with the ability to carry out higher complexity campaigns and more damaging cyber attacks.

According to analysis by cybersecurity researchers at Sophos, who examined incidents targeting organisations around the world and across a wide range of industry sectors, the median dwell time which cyber criminals spend inside compromised networks is now 15 days, up from 11 days the previous year.

The 2022 ThreatLabz State of Ransomware report breaks down a year’s worth of intelligence from a variety of sources, including over 200 Billion daily transactions and 150M daily blocked threats across the Zscaler Zero Trust Exchange, and shows that ransomware is becoming even more attractive to criminals. Attackers are able to wage increasingly profitable campaigns based on three major trends:

  • Supply chain attacks,
  • ransomware-as-a-service ecosystems,
  • multi-extortion tactics.

Ransomware attacks increased by 80% year-over-year, accounting for all ransomware payloads observed in the Zscaler cloud.

  • Double extortion ransomware overall increased by 117%.
  • Manufacturing was the most targeted industry for the second year running, – almost 20% of double-extortion ransomware attacks.

 Some industries saw particularly high growth of double-extortion attacks, including:

  • healthcare (643%),
  • food service (460%),
  • mining (229%),
  • education (225%),
  • media (200%),
  • manufacturing (190%).

Some recent events………

The DeadBolt ransomware started 2022 with attacks that targeted internet-facing Network-Attached Storage (NAS) devices.

  • First target was QNAP Systems, Inc. in January 2022. According to a report from Censys.io, Jan. 26, 2022, out of 130,000 QNAP NAS devices that were potential targets, 4,988 services showed signs of a DeadBolt infection.
  • ASUSTOR, another NAS devices and video surveillance solutions vendor, also experienced DeadBolt ransomware attacks that targeted an unknown number of its devices.
  • In March, DeadBolt attackers again targeted QNAP devices; and  the number of infections reached 1,146 by March 19, 2022.
  • On May 19,2022, QNAP released a product security update stating that internet-connected QNAP devices were again bargeted by DeadBolt, this time aiming at NAS devices using QTS 4.3.6 and QTS 4.4.1.
  • The number of DeadBolt-infected devices is very high for a ransomware family that exclusively targets NAS devices.

LockBit 2.0 is ransomware as a service (RaaS)

  • This first emerged in June 2021 as an upgrade to its predecessor LockBit (aka ABCD Ransomware), which was first observed in September 2019.
  • Since its inception, the LockBit 2.0 RaaS attracted affiliates via recruitment campaigns in underground forums, and thus became particularly prolific during the third quarter of calendar year 2021. The LockBit 2.0 operators claimed to have the fastest encryption software of any active ransomware strain as of June 2021, claiming accordingly that this added to its effectiveness and ability to disrupt the ransomware landscape.

An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it’s only getting bigger.

  • Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page – out of around 400 Pixm found – got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022.
  • The flow of this phishing campaign isn’t unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account.

The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.

  • The attack occurred last Friday, and all internet-relying services remain unavailable, impacting 1.3 million people and many tourists visiting the city.
  • The authorities admitted the severity of the incident on Monday and explained that all systems had to be taken offline to contain the damage, warning that the outages might last a few more days.

Shields Health Care Group Inc., which provides imaging and ambulatory surgical services at dozens of locations, said in a notice on its website Tuesday that data including names, Social Security numbers, dates of birth, and medical or treatment details is among the information that may have been compromised.

  • The breach has been reported to federal law enforcement and the U.S. Department of Health and Human Services Office for Civil Rights.
    • That agency reported on its website that 2 million people were affected.
    •  An FBI spokesperson said the agency had no comment.

The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.

  • Cuba ransomware’s activity reached a peak in 2021 when it partnered with the Hancitor malware gang for initial access.
  • By the end of the year, it had breached 49 critical infrastructure organizations in the United States.

Russia-Ukraine

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was “one of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare,” according to Dmitri Alperovitch, co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator.

  • An obvious purpose of the attack was to  disrupt Ukrainian communications during the invasion, by wiping the modems’ firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.
  •  The attack disrupted satellite connectivity for thousands, and disabled remote monitoring of 5,800 wind turbines in Germany.

The Russia-Ukraine conflict has the world on high alert.

  • Several attacks associated with the Russia-Ukraine conflict, combined multiple tactics, such as HermeticWiper and PartyTicket ransomware.
  • Most of this activity has targeted Ukraine.
  • Government agencies have warned organizations to be prepared for more widespread attacks as the conflict persists.

Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India.

  • The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.
  • “Bohrium actors create fake social media profiles, often posing as recruiters,” said Amy Hogan-Burney, GM of Microsoft’s Digital Crimes Unit. “Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target’s computers with malware.”

Last month the notorious Russian ransomware gang Conti threatened that if a ransom wasn’t paid it would overthrow Costa Rica’s government.

This month, the Hive ransomware gang hit Costa Rica’s Social Security system, and also struck the country’s public health agency, which had to shut down its computers on Tuesday to prevent the spread of a malware outbreak.

The Costa Rican government said at least 30 of the agency’s servers were infected, and its attempt at shutting down systems to limit damage appears to have been unsuccessful. Hive is asking for $5 million in Bitcoin to unlock infected systems.

As ransomware becomes less profitable or carries a higher risk for attackers It is logical for ransomware actors to eventually convert their operations to business email compromise (BEC) attacks.

In the US, the Federal Bureau of Investigation has repeatedly found that total money stolen in BEC scams far exceeds that pilfered in ransomware attacks—though ransomware attacks can be more visible and cause more disruption and associated losses.

The newer Industrial Spy group is applying greater pressure on victims by hacking their websites to display ransom notes.

The Canadian Department of National Defence confirmed recently that a key supplier – CMC Electronics  a key supplier to a critical defence initiative.–  reported that they were victim of a ransomware attack.

  • CMC makes cockpit systems integration, avionics, display solutions, and high-performance microelectronics for military and commercial aircraft.
  • It was recently selected to supply the avionics and software applications for the Royal Canadian Air Force’s new Calidus B-250 turboprop light attack combat and training aircraft
  • It was reportedly attacked by a gang calling itself AlphV. The FBI say the gang also operate under the name BlackCat. and had compromised over 60 organizations worldwide as of March of this year.

Comments Off on Cybercrime update – increasingly scary »

Posted in Corporate Perfomance Management, Security and Compliance, Technology

Power Apps April release wave 1 2022 for Model-driven apps

March 12th, 2022

The Power Apps April release wave 1 for Model-driven apps is now available for you to take advantage of. In this release wave you can take advantage of cohesive and modern experiences while collaborating with team members in Power Apps.

Collaboration with colleagues and task productivity is more important than ever before for business users.   These are two main focuses of the Wave 1 release, and we have several features you can opt into in order to streamline productivity.

Task productivity updates include:

  • Modern Power Apps grid and view pages have been enhanced and will be auto enabled during this wave

Opt-In Updates:

  • Modern Advanced Find allows users to access any table and use advanced filters to explore data
  • Users can be alerted to key items to address, which makes them more likely to be successful leveraging In App Notifications

Collaboration opt-in updates include:

  • See colleagues who are currently working on the record and easily start chats with them
  • See on-line status of colleagues in-app and easily start chats with them via improved people card
  • Easily share links to records with colleagues

Task Productivity

Power Apps grid

Model-driven apps are first to feature the new Power Apps grid, a new read-only grid control, both inside the view page and inside forms (sub-grids). The new grid control follows Microsoft Accessibility Standard and will be auto enabled as part of this wave release.

In addition to improved performance, the new control supports:

  • Remembering grid view settings across the session
  • Ability to resize columns
  • Ability to reorder columns (via column options UI)

The grid view page in Model-driven apps now features column options settings that let app users customize which columns are shown in the grid. Additional text make sit easy for your end users to discover this capability.

With this feature, users can:

  • Add new columns, from current or related tables.
  • Remove columns.
  • Change the order of columns in the grid

When the grid is auto enabled with this release, the classic jump bar experience is disabled by default, but can be enabled.  Infinite scrolling will be an option in future waves. To opt out of the new Power Apps read-only grid control, the Power Platform Admin Center to toggle the “Enable the modern-read only grid experience” switch under the “Grids and views” section.

Modern Advanced Find

With modern advanced find, you can access any table in a model-driven app through search and use advanced filters to explore the data easily. The new view management experience will provide you with options to share views so you can collaborate with your team easily. Managing views is simpler with personalization options to build your own set of views.

In App Notifications are Generally Available starting in April 2022

The in-app notification feature that was announced for public preview July 2021 with Model-driven app adds in-app notifications will reach general availability in April 2022. A maker can opt-in to this feature using the modern app designer preview.  Open the settings > Upcoming features and then enable “In-app notifications”.

Multiplayer App Collaboration

Co-presence in records and Owner field online presence

Now you can see who’s currently working on a record including their online status. You can also start a chat or send them an email and take collaboration to the next level.  This feature is currently available on the Account, Case, Opportunity, and Contact tables.

Avatar and on-line availability of colleagues is immediately obvious in the UI with the new persona card shown in the form owner field, lookups and grids. Click on the avatar to expose the improved contact card to start a chat or email.

Easy record sharing

Share records as easy as Office documents. Use the new share button to email a link or copy the link and share it with someone else. A link to the record can only be shared with users who have permissions to access the record currently, but we are working on expanding this in the future.

Get started today by opting your environment into the 2022 April Release Wave 1, learn how ( https://docs.microsoft.com/power-platform/admin/opt-in-early-access-updates  ).

Comments Off on Power Apps April release wave 1 2022 for Model-driven apps »

Posted in Corporate Perfomance Management, Dynamics 365, Microsoft, Technology

Attackers compromising Microsoft Teams

February 19th, 2022

Security researchers at Avanan, a cyber security company warns that attackers are compromising Microsoft Teams accounts to slip into chats and to spread malicious programs to participants in the conversation.

Since January, hackers have accessed compromised accounts and shared executable files titled ‘User Centric’.

The file is a Trojan malware that can eventually take control of a user’s computer should a user click on it. The virus is usually hidden as an attachment in an email or a free-to-download file, then transfers onto the user’s device

Most users trust Microsoft Teams implicitly. However, Microsoft Teams is used both by professionals working from home for sharing files, or with invited external users, so users may click on files attachments with less regard to question the authenticity. 

Microsoft Teams surpassed 270 million monthly active users last month. The number of daily active users of Microsoft Teams have almost doubled the past year, increasing from 75 million users in April 2020 to 145 million as of the second quarter of 2021.

When working outside your secure corporate network on your own device you still need an antivirus program that scans and inspects files for malicious content.

Sr its an email or inside Microsoft Teams if are get sent a file, then before clicking on it make sure you carefully read the name of the file and file extension , and the details of who sent it . Contact your workplace’s IT department if you receive any strange files.

If you need to improv your security then ask Synergy Software Systems about Microsoft Defender and other tools like Kasperksy. Data security and data privacy is of increasing concern , and compliance with legislation is increasingly import for example for data privacy.

With Microsoft Defender for Oce 365 you are also protected within SharePoint, OneDrive, and Microsoft Teams. ATP (Advanced Threat Protection) for SharePoint, OneDrive, and Teams helps detect and block existing files that are identified as malicious in team sites and document libraries by locking them and preventing users from accessing such files.

https://www.microsoft.com/en-gb/security/business/threat-protection/office-365-defender

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/introducing-the-microsoft-defender-for-office-365-migration/ba-p/2952369

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/migrate-to-defender-for-office-365?view=o365-worldwide

call: 0097143365589

Comments Off on Attackers compromising Microsoft Teams »

Posted in Microsoft, Security and Compliance, Teams collaboration remote access, Technology

New Commerce experience – ask Synergy Software Systems

February 15th, 2022

Microsoft is making major changes in its approach to its licensing. The wide-reaching changes are coming in under the title of the new commerce experience.

While many organisations will be focused on how this will impact on their Microsoft 365 and Office 365 licensing, changes have the potential to impact the pricing of Dynamics 365 and Power Platform for organisations.

What Is The New Commerce Experience?

The new commerce experience is an attempt, Microsoft says, to simplify its many licensing models.

Subscription licensing for Microsoft products has now existed for over a decade. Over this time, both the supplier model and licensing structures have sprawled as more and more products have been brought in to the model. As such, the new commerce experience is said to offer “a consistent, simplified, and flexible purchase experience for customers and partners”.

The new commerce experience is already in place for Azure services. However, the application of this approach to wider licensing will come at an additional cost to some organisations

Changes To Partner Models

In terms of the provision of licensing, most organisations purchase licensing from organisations linked to the Cloud Solution Provider programme (CSP). But in fact, there are actually six partner licence supply models at present.

This will now be folded into just three retail models:

Breadth motion – Designed for the SME market, this will span the bulk of the current CSP model.

Enterprise motion – Large organisations will now be able to purchase licensing from a Microsoft account manager.

Self-service motion – For organisations wishing to purchase their own licences.

These changes will simplify the overly complex partner model, though some partners will now find their enterprise customers will now transact with Microsoft directly.

Customer Licensing Subscriptions

For customers, the new commerce experience will see the emergence of three subscription models:

Monthly subscription:

  • Under this model, seats can be increased or decreased each month to meet the organisation’s needs.
  • However, the flexibility of this model will carry a 20% price premium.
  • Organisations would also not be protected from any future licence price rises.

12-month subscription:

Under this option, organisations commit to licences on a 12-month term.

Licences can’t be cancelled after the first 72 hours, and can only be terminated at the end of the 12 month term.

Licence numbers can be increased during the 12-month term (with pro-rata billing), but not decreased.

Organisations will not be exposed to price rises during their 12-month term.

36-month subscription:

This option commits customers to a 36-month term, with cancellation only available in the first 72 hours. Licences will be able to be reassigned, however.

Licence numbers can be increased on a pro-rata rate during the term, but not decreased.

Organisations will receive price protection from cost increases for the full 36-months.

Organisations will be able to mix and match licensing based on their requirements. However, the changes will mean that any organisation previously trying to operate on a flexible model will have to pay more for the benefit.

When Will The New Commerce Experience Come Into Effect?

Organisations can purchase licences from the new commerce experience now, but the new model will come into full effect from March 2022.

Any licencing purchased at or after this time is subject to the new model.

Any existing Microsoft licences will move over to the new model at their point of expiry. This is expected to be complete by February 2023.

In addition to the NCE, there will be a price increase that will take effect from 1st March 2022 for the following licences: 

  • Office 365 Business Basic – 20%
  • Office 365 Business Premium – 10%
  • Office 365 E1 – 25%
  • Office 365 E3 – 15%
  • Office 365 E5 – 8.5%
  • Microsoft 365 E3 – 12.5%

Microsoft is offering a 5% discount for annual Microsoft 365 commitments. The annual discount will be available until the end of March 2022. Committing to your licences before the end of March 2022 will not only allow you to benefit from the discount, but also avoid the price increase. 

To discuss your renewals or licensing options call us: 0097143365589

Comments Off on New Commerce experience – ask Synergy Software Systems »

Posted in Dynamics 365, Microsoft, Technology

Teams meetings with chat bubbles

January 3rd, 2022

With covid omicron rampaging across the globe wishing you all a Happy New Year sounds a somewhat hollow message. So let me pass on some good news.

Microsoft is working on a new update for Teams, for users to see both the messages in chat and the participants in a video call at the same time.

Last year Microsoft , added chat bubbles   so that users don’t miss private messages sent during a video call. Similar to WhatsApp or Facebook Messenger, chat bubbles display a floating notification on your screen.

You may not find don’t this is an improvement if it distracts you from the important content discussed in the meeting. It forces you to constantly look around the screen to find and quickly the chat bubbles as they appear and before they disappear.

To turn off the chat bubbles and return to the previous behavior of opening the chat pane, click on the three dots in the control bar to open the menu. Click on the Don’t show chat bubbles item to turn off chat bubbles, see this video: https://www.youtube.com/watch?v=MkR8T8pZfyU)

Using chat bubbles is a personal choice and it doesn’t replace the regular chat window. Microsoft says that chat bubbles make chat more central to a conversation, but it really depends on the type of meeting, the topic being discussed, and the number of participants

Microsoft is now planning to make chat bubbles available for group chats so that everyone can simaltaneously see the conversations happening via text as well as the participants in a video call .

Microsoft soft Teams rooms i was previously called Skype Rooms. With a Teams Rooms display set up in a meeting or conference room, the in-person attendees can focus on one screen rather than have to each stare down at their individual laptop.

With chat bubbles on a Teams Room display, remote workers will also be able to add to the conversation in a meeting room and attendees will see their messages in chat alongside a meeting’s video feed.

This new feature is set to roll out in April of next year and will l be a welcome addition for organizations that have implemented hybrid work practices.

Comments Off on Teams meetings with chat bubbles »

Posted in Microsoft, Teams collaboration remote access, Technology

Windows 10 version 21H2, -the “November 2021 Update -Generally Available

November 30th, 2021

This marks the start of a new update release cadence for the Windows 10 operating system. The new OS can be accessed on eligible devices by “seeking” it through the Windows Update service

. Windows 10 systems running version 2004 or later can undergo a fast “in-place upgrade” in which the underlying OS bits get automatically replaced.

It’s also available for IT pros in the usual places, namely, “Windows Server Update Services (including Configuration Manager), Windows Update for Business and the Volume Licensing Service Center (VLSC),”

Microsoft is promising one reboot to activate the new OS because of the use of “enablement packages” implemented with Windows 10 version 2004 and later versions. New OS bits are already present on machines (in a dormant state) with the enablement package approach.

New Features
Windows 10 version 21H2 has some improvements, that include:

  • The addition of virtual private network APIs for the Universal Windows Platform, which facilitate the use of “common web-based authentication schemes.”
  • Wi-Fi 6 support with “Wi-Fi Protected Access 3 Hash-to-Element protocol (WPA3 H2E),” which promises “better protection from Wi-Fi side-channel attacks that could steal Wi-Fi passwords and other sensitive information,” particularly from home networks.
  • Mobile device management (MDM) parity with Group Policy settings, with 1,400 added MDM settings.
  • Universal Print support for 1GB print jobs per individual user, plus integration with OneDrive for Web, as well as Excel for Web (happening at “end of 2021”).
  • Automatic provisioning of apps for Azure Virtual Desktop users, with copy and paste capabilities between “remote and local apps.”

Windows 10 version 21H2 delivers security updates to other Microsoft products. The list includes the “Windows AI Platform, Windows App Platform and Frameworks, Windows Apps, Windows Cryptography, Windows Fundamentals, Windows Input and Composition, Windows Kernel, Windows Media, Windows Office Media, and Windows Virtualization.”

A major perk for IT pros, though, is the switch to a once-per-year feature update model, which starts with Windows 10 version 21H2 to usher in a new “service channel” change of a once-per-year feature update release cycle, with the update arriving in the second half of a particular year. Microsoft’s next Windows 10 feature update release is planned for release in H2 2022. There will not be an H1 2022 OS release.

Microsoft had been releasing Windows 10 feature updates twice per year, in the spring and fall. A feature update is a completely new version of the Windows operating system. When Windows 11 was released, Microsoft switched to once-per-year feature updates for that OS, and it’s now doing the same thing for Windows 10. The old “sem-iannual channel” term used to describe Windows 10 feature updates is now dropped. Microsoft refers to this release of Windows 10 version 21H2 as a “general availability channel” release.

Support for Windows 10 Version 21H2 Editions
Despite the switch to a once-per-year release model with Windows 10 version 21H2, nothing is changed for how long a feature update will be supported before requiring an upgrade. Microsoft varies the support length based on the Windows 10 edition that’s used. Windows 10 Home and Pro editions will be supported on the November 2021 Update for 18 months, while Enterprise and Education edition users will have 30 months of support. Those support terms didn’t change with this release.

The Windows 10 version 2004 is nearing its end-of-support phase, – Dec. 14, 2021 and when support ends, security updates from Microsoft don’t arrive. The support clock, started (Nov. 11) for Windows 10 version 21H2, Microsoft’s announcement.

General Availability Channel Release
Microsoft recommends that organizations initiate “targeted” deployments of Windows 10 version 21H2 before performing an organization-wide OS rollout. In the past, Microsoft referred to targeted Windows 10 OS releases, which were designed for testing purposes. A targeted release came before a general availability commercial release. Lots of organizations waited for the general availability release to start their OS testing, which wasn’t optimal from Microsoft’s standpoint. Microsoft dropped that targeted nomenclature long ago and started using weirder terms, like “commercial preview.” -even more confusing. Circumstances are clearer now with the Windows 10 version 21H2 general availability channel release stamp. which implies commercial release.

Comments Off on Windows 10 version 21H2, -the “November 2021 Update -Generally Available »

Posted in Microsoft, Technology

Microsoft Teams for phone calls

November 30th, 2021

Organizations that want to use Microsoft Teams for phone calls will have a new option, starting in January.   

Microsoft is introducing a new product, “Teams Phone with Calling Plan.” that combines the “Microsoft 365 Business Voice” product offering with enterprise capabilities of the “Teams Calling Essentials” product. Those two products will disappear after the new Teams Phone with Calling Plan product gets released.

These product changes will simplify purchasing and bring “enterprise-grade capabilities to SMBs,”.

The overall product changes and pricing are shown in the following diagram from a Microsoft FAQ document (Word doc download):

[Click on image for larger view.]Figure 1. Consolidation and pricing changes for Microsoft Teams products (source: Microsoft FAQ document). The new Teams Phone with Calling Plan product, coming Jan. 1, 2022, will supplant the Business Voice and Teams Calling Essentials products.

Microsoft Business Voice Ending in March
Microsoft Business Voice is a Teams product that sets up Microsoft as an organization’s telephony service provider. It’s for Microsoft 365 and Office 365 users having “300 or fewer people,”

Microsoft is planning to phase out its Business Voice product on March 1, 2022, according to the FAQ document. However, existing Microsoft Business Voice users will be able to renew their subscriptions “until June 30, 2022” or they can choose the Teams Phone with Calling Plan option instead.

While the Teams Calling Essentials product also is going away, no dates were described by Microsoft for its end.

New Teams Phone with Calling Plan Coming Jan. 1
Organizations with Microsoft 365 and Office 365 subscriptions that include Microsoft Teams will be offered Teams Phone with Calling Plan. It’s not available yet as a standalone product.

Users of Teams Phone with Calling Plan get 3,000 minutes for domestic calls in the United States and Canada, but just 1,200 minutes for domestic calls in other markets. for Organizations that call outside their domestic zones, Microsoft sells an add-on international calling plan that offers 600 minutes per user per month,.

The calls, conducted from Microsoft Teams, work across mobile networks and the public switched telephone network.

Teams Phone with Calling Plan will be offered through Microsoft’s partners in 33 markets starting on Jan. 1, 2022.

Teams Phone with Calling Plan also will be directly available from the Teams Phone website in the US, UK, and Canada on January 3rd, and in the remainder of markets later in January,” To add Teams Phone with Calling Plan, organizations will need to have one of the following qualifying subscriptions, per the FAQ: “Microsoft 365 Business Basic, Business Standard, Business Premium, F1, F3, E3, A3 and Office 365 F1, F3, E1, E3, A1, A3.”

Teams Phone Option and Calling Plan Option
Alternatively, organizations can buy a “standalone” product called Teams Phone, which “allows them to purchase dial tone from a third-party provider.”

Microsoft also alternatively offers a separate Calling Plan product for Microsoft 365 and Office 365 Teams users to connect to the public switched telephone network (that is, landline phones).

Audio Conferencing Realignment in March
Audio Conferencing is a Teams feature that lets users start conferences with their phones, even when the phones lack the bandwidth for a Teams session.  Microsoft in August to broaden access to the Audio Conferencing beyond Microsoft 365 E5 and Office 365 E5 plans. That announcement came in the context of price hikes for Microsoft 365 and Office 365 subscriptions, expected to occur on March 1, 2022.

In its Friday announcement, Microsoft clarified that Audio Conferencing “will be available as part of all Teams-inclusive Microsoft 365 and Office 365 subscriptions starting on March 1, 2021.”

Comments Off on Microsoft Teams for phone calls »

Posted in Microsoft, Teams collaboration remote access, Technology

SharePoint news from Insight 2021

November 9th, 2021

The SharePoint Server Subscription Edition became generally available this week, Customers install it on their own server hardware, but Microsoft leases it via a subscription.

Microsoft documents on SharePoint Server Subscription Edition,  here.

Subscription-Based App Servers
Current SharePoint Server users can now only purchase the latest SharePoint Server products by subscription. There’s no “SharePoint Server 2022” product .

Expect future releases of Exchange Server, Skype for Business Server and Project Server products to be sold by subscription as Microsoft mentioned this shift of its new application server products to a subscription model last year in October

You can upgrade from SharePoint Server 2019 or SharePoint Server 2016 to the SharePoint Server Subscription Edition.

SharePoint Ignite Improvements
SharePoint Admin Center :

  • Ability to rename a SharePoint Online tenant URL name (preview).
  • OneDrive sync reports now support Mac devices.
  • IT pros can manage Teams and channel-connected team sites.
  • Migration Manager now has file scanning for Box online storage moves.
  • SharePoint Server workflows can be migrated to Power Automate directly.

For sensitivity labels are “more granular. It’s possible to use a label that requires multifactor authentication,. Microsoft is also previewing new “Data Access Governance rights” to monitor sharing activities.

SharePoint users are getting faster upload (5x) and download (10x) speeds, , presumably versus the SharePoint Online service. (

SharePoint Online stores 100 petabytes per month of data. Microsoft has more than 200 datacenters across 34 countries for its SharePoint Online service.)

Other new features include:

New SharePoint Site templates – for retail, healthcare, and non-profit

The latest update will bring three new SharePoint site templates to retail customers, non-profits, and healthcare organisations. All allow organisations to better track, manage information, and collaborate.

HRetail: The new retail management and store collaboration templates allow retail employees to manage the store operation more efficiently and foster a better collaboration environment.

Non-profit: The new volunteer centre template will allow organisers to point volunteers to one place to find key information, access learning materials, and connect with other volunteers.

Healthcare: The new healthcare collaboration template provides medical practices and healthcare agencies with a safe, secure way to share information that can help you provide better patient care and reduce operational costs.

Modern SharePoint site-level term store

An updated experience when creating and managing site-level taxonomy terms; which matches the previously updated, central term store in the SharePoint admin centre. This makes it easier to navigate taxonomies and to create and to edit terms when classifying and discovering Syntex and SharePoint content.

Edit images in SharePoint and OneDrive

Rotate, crop (both freeform crop and fixed aspect ratio crop) and flip your images – horizontally and vertically. This update also includes options to adjust the light and colour saturation of your images. Watch an image transform from muted colours and low contrast to richly coloured and stunning. Make those transformations easily with adjustments for brightness, exposure, contrast, highlights, shadows, and colour saturation.

Calendar view in List web part

To build a mini-dashboard for an internal event or project schedule and to represent your list of information as a calendar use the latest SharePoint List web part in Microsoft 365 to display a list from your team or site on a page and to customise it with your own title, view, and even size.

It is a great visual tool for internal communications – especially when things are date-driven.

Comments Off on SharePoint news from Insight 2021 »

Posted in Microsoft, Office tips, SharePoint and EPM, Technology

Metaverse

November 5th, 2021

Digital transformation over the last 2 years brought a tsunami of change to every industry – from ubiquitous e commerce, to the adoption of telehealth in healthcare to digital wallets in financial services to curbside pickup and contactless shopping in retail – and cybercrime, digital technology has been at the forefront of this seismic shift.

There has been much talk recently about Facebooks recent renaming itself to focus on the metaverse. Microsoft has also long been evolving solutions for the metaverse. So what is it?

It is not the metaverse first imagined by Neal Stephenson in 1992’s “Snow Crash.” Instead, it is a persistent, digital world that is connected to many aspects of the physical world, including people, places and things. In this short video and in this announcement it’s described as a sort of inhabitable Internet (via 3-D avatars instead of people.

During his keynote talk at the Microsoft Ignite event, taking place virtually this week, CEO Satya Nadella described an emerging “metaverse” of digital experiences that will sustain businesses in the new world of hybrid work. Microsoft defines a metaverse as “a digital space inhabited by digital representations of people and things

Nadella’s concluding statement about the metaverse suggested that it would not evolve into an inhuman digital world, reminiscent of “The Matrix” movie:

In a sense, the metaverse enables us to embed computing into the real world and to embed the real world into computing, bringing real presence to any digital space. For years we’ve talked about creating this digital representation of the world. But now we actually have the opportunity to go in that world and participate in it. What’s most important is that we are able to bring our humanity with us and choose how we want to experience this world and who we want to interact with.

4 comments »

Posted in Microsoft, Teams collaboration remote access, Technology