The Microsoft partner ecosystem plays a central role in our joint customers’ success and allows us to scale more quickly. Our partners develop innovative solutions across a range of industries and lead customers on their digital imperatives journey. I am looking forward to our biggest partner event, Microsoft Inspire, where you will learn how Microsoft enables you, the partners, to scale your solutions to help customers in every industry transform. Join me and my colleagues live from July 19 to 20 (or on-demand) to hear from Microsoft leaders on industry products, partner opportunities, and successes, and have the chance to put questions to our team of experts.
Our promise to partners
To help our partners benefit from the tremendous growth that we are seeing across industries, we have developed four primary value propositions:
Build. Our partners build on the Microsoft Cloud for industries (Manufacturing, Retail, Financial Services, Healthcare, Nonprofit) as a platform, using their capabilities to enrich solutions already in the market—either for a specific customer or at scale. The Microsoft Industry Cloud Platform helps industries transform with speed and agility, with solutions that address customer business needs.
Enrich. Partners make more of the Microsoft Cloud for Industry by building or updating software as a service (SaaS) or platform as a service (PaaS) solutions that take advantage of unmet customer needs. With unified data and analytics, partners can now remove traditional data siloes for customers and extend the core capabilities of the Cloud for Industry.
Unlock. Partners can unlock new revenue and high-value service opportunities, including adapting the Microsoft Cloud for Industry to each customer’s environment and business processes. Partners are empowered to start new conversations and solve new customer scenarios by leveraging our go-to-market (GTM) offers and incentives.
Scale. We facilitate strong partner-to-partner connections so they can bring the best value to our customers. They also can work with Microsoft to provide the best solutions for customers, and co-sell with Microsoft to understand customer needs and leverage the Microsoft sales team to advance customer opportunities.
Make the most of your Microsoft Inspire journey
Microsft Inspire has a lot to offer; here are a few recommendations for you:
Join Judson Althoff, Microsoft EVP and Chief Commercial Officer, as he kicks off day two of Microsoft Inspire. You will hear about the outsized opportunities partners have as we bring the unique value of the Microsoft Cloud to more customers than ever, together. Judson will also share the importance of digital perseverance in navigating uncertainty and why leaning into innovation is the only path forward.
Join Nick Parker, President, Industry and Partner Sales, and Alysa Taylor, Corporate Vice President, Industry, Apps and Data Marketing, to discuss how to put Microsoft Industry Clouds and opportunities into perspective.
Join us for a panel discussion and gain key insights into Microsoft’s industry innovation and investments. Learn about the opportunity this creates for your business, investments we are making to enable partner solutions, and how we can help you scale through our GTM engines.
Through a series of in-depth discussions, you’ll discover details of Microsoft’s commitment to sustainability, the business opportunities that can come from adopting a comprehensive sustainability strategy, and how your organization can partner with Microsoft to implement sustainability solutions.
Attend industry-focused sessions:
On-demand sessions. We also have a wide array of sessions on-demand, so you can watch when convenient—even after Microsoft Inspire. These include:
Networking with friends. Even though Microsoft Inspire is virtual, there will be plenty of opportunities to network with peers or just see old friends. Start now with our Connection Zone and build your profile and make a contact list.
Time to get inspired!
I hope you’re looking forward to Microsoft Inspire as much as I am. It’s a chance for us to celebrate you, our partners, reaffirm our commitment to serving our customers across all industries, and demonstrate our commitment to equipping our partners with the most innovative tools and technologies in the industry.
Congratulations to our Partner of the Year winners! You exemplify what’s possible when we connect the potential of technology to the challenges of our customers – and the world.
Two years into our sustained commitment to address racial inequity both inside and outside Microsoft, it’s inspiring to see how entrepreneurs like Gilbert Campbell, Ryan Johnson, Christopher Peay, and Charisse Bremond Weaver are creating new opportunity in their communities.
We’re expanding our employee experience platform Microsoft Viva to include new capabilities to meet the needs of specific roles, with the introduction of Viva Sales.
Microsoft is reimagining the selling experience and empowering every salesperson with Viva Sales, a new application where sellers use Microsoft 365 and Teams to automatically capture data in any #CRM system. Viva Sales empowers sellers to stay in the flow of their work, where they are moving deals along using Teams and Office while enriching their CRM system with new customer data. https://lnkd.in/dKei9Rkj
With Azure Arc, we’re bringing the power of Azure anywhere, helping customers in every industry innovate across their datacenter, multi-cloud, and edge environments.
One of the things I hear most often from our customers is how new #cloud-based applications are imperative for driving business forward – which is why I’m excited to announce the general availability of #Azure Machine Learning for hybrid and multicloud deployments with Azure Arc! Our Microsoft team is committed to meeting customers where they’re at so they can efficiently and securely bring new solutions to life. I’m amazing by the ways customers have used Azure and Azure Arc to create innovative solutions. View today’s on-demand sessions to learn how you can use Azure Arc to extend Azure platform capabilities to datacenters, edge, and multicloud environments.
People with disabilities continue to be underrepresented in part because their needs and demographics aren’t widely counted. We’re working with The World Bank and other partners to help address this critical data challenge.
Understanding #disability around the world is key to tackling the disability divide. Yet data on disability remains fragmented around the world. Proud to partner with The World Bank, Charlotte McClain-Nhlapo and her incredible colleagues on a new Disability Data Hub to help tackle this.
Read more below: https://lnkd.in/geTZKx99
Xbox is on a mission to bring the joy of gaming to everyone on the planet. Over the next 12 months, fans will experience our most creative and diverse line up of back-to-back game launches yet.
Gaming is for everyone, everywhere, and we’re committed to bringing the joy and community of gaming to billions of players around the world on Xbox, PC, and other devices, with the power of Xbox Cloud Gaming.
As we make Microsoft Cloud for Sustainability generally available today, see how Grupo Bimbo, the world’s largest baking company, is already using the platform to help achieve net zero carbon emissions, one of its key sustainability goals.
We’re honoring #Pride this month with inclusive product releases, new donations, and by sharing powerful stories of colleagues who are making a difference around the world.
We’re thrilled Netflix has selected Microsoft as its advertising technology and sales partner. We want publishers to have more long-term viable ad monetization platforms, so more people can access the content they love wherever they are.
Two years into our sustained commitment to address racial inequity both inside and outside Microsoft, it’s inspiring to see how entrepreneurs like Gilbert Campbell, Ryan Johnson, Christopher Peay, and Charisse Bremond Weaver are creating new opportunity in their communities.
We’re expanding our employee experience platform Microsoft Viva to include new capabilities to meet the needs of specific roles, with the introduction of Viva Sales.
Microsoft is reimagining the selling experience and empowering every salesperson with Viva Sales, a new application where sellers use Microsoft 365 and Teams to automatically capture data in any #CRM system. Viva Sales empowers sellers to stay in the flow of their work, where they are moving deals along using Teams and Office while enriching their CRM system with new customer data. https://lnkd.in/dKei9Rkj
With Azure Arc, we’re bringing the power of Azure anywhere, helping customers in every industry innovate across their datacenter, multi-cloud, and edge environments.
One of the things I hear most often from our customers is how new #cloud-based applications are imperative for driving business forward – which is why I’m excited to announce the general availability of #Azure Machine Learning for hybrid and multicloud deployments with Azure Arc! Our Microsoft team is committed to meeting customers where they’re at so they can efficiently and securely bring new solutions to life. I’m amazing by the ways customers have used Azure and Azure Arc to create innovative solutions. View today’s on-demand sessions to learn how you can use Azure Arc to extend Azure platform capabilities to datacenters, edge, and multicloud environments.
People with disabilities continue to be underrepresented in part because their needs and demographics aren’t widely counted. We’re working with The World Bank and other partners to help address this critical data challenge.
Understanding #disability around the world is key to tackling the disability divide. Yet data on disability remains fragmented around the world. Proud to partner with The World Bank, Charlotte McClain-Nhlapo and her incredible colleagues on a new Disability Data Hub to help tackle this.
Read more below: https://lnkd.in/geTZKx99
Xbox is on a mission to bring the joy of gaming to everyone on the planet. Over the next 12 months, fans will experience our most creative and diverse line up of back-to-back game launches yet.
Gaming is for everyone, everywhere, and we’re committed to bringing the joy and community of gaming to billions of players around the world on Xbox, PC, and other devices, with the power of Xbox Cloud Gaming.
As we make Microsoft Cloud for Sustainability generally available today, see how Grupo Bimbo, the world’s largest baking company, is already using the platform to help achieve net zero carbon emissions, one of its key sustainability goals.
We’re honoring #Pride this month with inclusive product releases, new donations, and by sharing powerful stories of colleagues who are making a difference around the world.
We’re thrilled to be named Netflix’s technology and sales partner to help power their first ad-supported subscription offering.
At launch, consumers will have more options to access Netflix’s award-winning content. Marketers looking to Microsoft for their advertising needs will have access to the Netflix audience and premium connected TV inventory. All ads served on Netflix will be exclusively available through the Microsoft platform. Today’s announcement also endorses Microsoft’s approach to privacy, which is built on protecting customers’ information.
This is a big day for Netflix and Microsoft. We’re excited to offer new premium value to our ecosystem of marketers and partners while helping Netflix deliver more choice to their customers.
“In April we announced that we will introduce a new lower priced ad-supported subscription plan for consumers, in addition to our existing ads-free basic, standard, and premium plans. Today we are pleased to announce that we have selected Microsoft as our global advertising technology and sales partner.
“Microsoft has the proven ability to support all our advertising needs as we together build a new ad-supported offering. More importantly, Microsoft offered the flexibility to innovate over time on both the technology and sales side, as well as strong privacy protections for our members.
“It’s very early days and we have much to work through. But our long-term goal is clear: More choice for consumers and a premium, better-than-linear TV brand experience for advertisers. We’re excited to work with Microsoft as we bring this new service to life.”
Building great relationships requires trust, honesty, mutual support, and appreciation. From our first conversation with designer and creative powerhouse Gavin Mathieu, there was an immediate sense of connection—one that was rooted in mutual respect and a shared goal: creating something together that uplifts others. This is why we’re proud to announce the launch of Hardwear, our first capsule collection of clothing and merchandise under the Microsoft brand and in partnership with Gavin.
Raised in South Central LA, Gavin spent years fostering community among creators like himself, including Jerry Lorenzo and Nipsey Hussle, before starting his own successful brand, Supervsn. When you spend any amount of time with Gavin, you’re immediately struck by his ability to make everyone in the room feel like family. The warmth and acceptance people feel in his presence is exactly what all of us look for in a community.
Cocreating with Gavin began with a shared philosophy. At Microsoft we often say, ‘You don’t work here to look cool, you work at Microsoft to make others cool.’ And Gavin’s thinking and history is right in line with that. With a focus on people rather than products, Gavin creates to uplift and empower others—a guiding principle and mission that drives everything we do at Microsoft. Therefore, the collection is reflective of the Normcore style, a lifestyle aesthetic that puts the focus on individuals and not on the clothing they wear.
What Gavin has designed for this collection captures the spirit of our discussions on enabling people to move and create in a way that helps them make the most impact. Gavin believes, “humans are at their highest level of self when they create.” And we believe that expression should be effortless. This is why Hardwear is simple and designed to reduce any distractions to creativity: it’s a nine-piece collection of tees, hats, sweats, jackets, and pants. Every piece is intentional, and there is meaning behind each item in Hardwear. Here, Gavin explains why he chose MS Paint as a design element for one of the pieces in this collection: Gavin Mathieu explains how Microsoft inspired him to be a designer.
While cocreation can be messy, this partnership brought with it a sense of ease. Maybe it was because we all leaned into the often complex and sometimes challenging process that happens when creating with passionate individuals, who all have unique suggestions and differing opinions. This collaboration was fueled by openness, vulnerability, and the belief that often the most resonant ideas are built from the inclusion of diverse perspectives.
For Hardwear, our community was a team of people who made strides daily, building each other’s confidence by having honest conversations and creating space for suggestions and improvements. This campaign tested our comfortability and challenged us at times, but what pushed us forward was seeing the inclusion of diverse voices throughout the process and the unique perspectives on what drives those who want to improve themselves and the world around them, as well as what can distract people from progressing toward their goals.
It’s important for us to work with creators who are focused on inspiring communities and making a positive impact in the world, because enabling and empowering people to achieve more is what drives everything we do at Microsoft. And with Hardwear, it’s as much of the how as it is the what. From the talent of our people to the capsule collection launch, to the diversity of those behind and in front of the camera and our agency partners, cultural nuance and perspective are the key ingredients that make this a collection we’re proud to share with our own communities.
As we worked on this, Gavin encouraged us to broaden the aperture for who we define as a creator. All of us create. So, check out the collection, but don’t stop at the clothes. Understand and carry the message that creativity is not on you, it’s in you, and it knows no bounds.
Like many students around the world, Eithne, 14, in Chorley, United Kingdom, was struggling to keep up in math at school after more than a year of COVID-19 related disruptions. In June 2021, her parents signed her up for a summer program offered by Eedi, an online math tutoring service.
“Just dealing with lockdown, she hadn’t had enough of a really good background,” said her mother, Arianna. “She missed most of the Year 7 Maths, then Year 8. So, we thought, ‘Let’s give it a go, let’s see where she needs a bit of help.’”
Newly enrolled students on Eedi are asked to take a dynamic quiz of 10 multiple choice diagnostic questions that the service uses to learn where students struggle most in math. This information allows the service to place students on a learning pathway to overcome those specific obstacles, or misconceptions.
“We ask them a question based roughly on their age group and then we say, ‘Well, what’s the next best question to ask them based on their previous answer?’” explained Iris Hulls, the head of operations at Eedi. “We learn as much about them as possible to predict either growth or comfort topics for them.”
The AI uses each answer to predict the probability the student will correctly answer each of thousands of other possible next questions and then weighs those probabilities to decide what question to ask next to pinpoint knowledge gaps.
The information gleaned from the quiz is akin to what a teacher might learn from a one-on-one conversation with a student, explained Cheng Zhang, a Microsoft principal researcher at the lab who led the development of the machine learning model that powers Eedi’s dynamic quiz.
“If the student doesn’t know 3 times 7, we may want to ask 1 plus 1,” Zhang said. “We want to adapt the quiz based on the previous answer.”
Once students’ misconceptions are identified, the Eedi platform slots students onto a learning pathway that helps them overcome their misconceptions and do better in math at school.
Eithne was slotted onto a pathway that included a review of topics covered in Year 8 and prepared her for success in Year 9, including geometry.
“It’s very good for finding your weaknesses and your strengths and being able to understand why you’re maybe not as good in this one area,” Eithne said. “You’re able to realize, ‘I’ve been doing this wrong for ages.’”
Eithne, 14, in Chorley, United Kingdom, gained confidence in math through lessons on Eedi, an online tutoring service that uses AI developed by Microsoft. Photo by Jonathan Banks.
Good questions, good data
The success of Microsoft’s next-best-question model hinges on the data used to train it, noted Zhang. In Eedi’s case, these are thousands of vetted, high-quality diagnostic questions developed specifically to help teachers identify student misconceptions about math topics.
“Our technology is just an enhancer that makes this high-quality data give more insights,” Zhang said.
Diagnostic questions are well-thought-through multiple choice questions that have one correct answer and three wrong answers, with each wrong answer designed to reveal a specific misconception.
“Maths lends itself quite well to this kind of multiple-choice assessment because more often than not there’s a right answer and these wrong answers; it’s much less subjective than some of the humanities subjects,” said Craig Barton, an Eedi co-founder and the company’s director of education.
Barton latched on to the power of diagnostic questions when, as a math teacher, he attended a training course on formative assessments and learned that well-formulated wrong answers can provide insight to why a student is struggling.
“In the past, it was always kids got things right, which is fine, or they got things wrong and then I had to start doing detective work to figure out where they were going wrong,” he said. “That’s okay if you work one-to-one, but if you’ve got 30 kids in a class, that’s potentially quite time consuming.”
Good diagnostic questions, Barton said, must be clear and unambiguous, check for one thing, be answerable in 20 seconds, link each wrong answer to a misconception and ensure that a student is unable to answer it correctly while having a key misconception.
“This notion that the kids can’t get it right whilst having a key misconception is the hardest one to factor in, but it’s probably the most important,” he said.
For example, consider the question: “Which of the following is a multiple of 6? – A: 20, B: 62, C: 24, or D: 26.”
According to Barton, on the surface this is a decent question. That’s because students could think a “multiple” means the “6” is the first number (B) or last number (D), or the student could have difficulty with their multiplication tables and select A. The correct answer is C: 24.
“But the major flaw in this question is if you don’t know the difference between a factor and a multiple, you could get this question right, whereas experience will tell us that the biggest misconception students have with multiples is they mix them up with factors,” he said.
A better question to ask, then, is, “Which of these is a multiple of 15? – A: 1, B: 5, C: 60 or D: 55.” That’s because the possible answers include factors and multiples. The correct answer is C: 60. A student who confuses factors with multiples might instead pick A: 1 or B: 5, and a student who needs work on multiplication might pick D: 55.
“When you write these things, you’ve really got to think, ‘What are all the different ways kids can go wrong and how am I going to capture those in three wrong answers?’” Barton explained.
In this diagnostic question, the correct answer is “B:4.” Students who answer “A:20” took the first step to find the mean, totaling the numbers. “C:3” represents confusion between the concepts of median and mean. “D:2” is a mix up of the concepts mode and mean.
Teacher tools to online tutor
After the workshop, Barton went home and wrote about 50 diagnostic questions and tested them out on students in his class. They worked.
Barton is also a math book author and podcaster with thousands of followers on social media. He used his influence to spread the word on diagnostic questions and collaborated with Eedi co-founder Simon Woodhead to build an online database with thousands of diagnostic questions for teachers to access for their lesson planning.
“Then I thought, ‘Wait a minute, we could do something a bit better than this,’” Barton said. “’Imagine if the kids could answer the questions online and we could capture that data and then, before you know it, we’ve got insights into specific areas where students struggle.’”
The website exploded in popularity and attracted investors as well as the attention of Hulls, who along with colleagues was exploring options to use data to scale and make the benefits of math tutoring accessible to more families. The team formed Eedi. An advisor introduced them to Zhang and her team’s research on the next-best-question algorithm, which aims to accelerate decision making by gathering and analyzing relevant personal information.
At the time, the Microsoft researchers were working on healthcare scenarios, using AI to help doctors more efficiently make decisions about what tests to order to diagnose patient ailments.
For example, if a patient walks into an emergency room with a hurt arm, the doctor will ask a series of questions leading up to an X-ray, such as “How did you hurt your arm?” and, “Can you move your fingers?” instead of, “Do you have a cold?” because the answer will reveal relevant information for this patient’s treatment. The next-best-question algorithm automates this information gathering process.
The advisor thought the model would work well with Eedi’s dataset of diagnostic questions, automating the collection of information a tutor could glean from a one-on-one conversation with a student.
“We were aware that we had collected a lot of data. We wanted to do smarter stuff with our data; we wanted to be able to predict what misconceptions students might have before they even answer questions,” said Woodhead, who is Eedi’s chief data scientist.
The Eedi team worked with the Microsoft researchers to train the model on their diagnostic questions to efficiently pinpoint where students need the most support in math.
The model works without collecting any personal identifying information from the students, Woodhead noted.
“It doesn’t need to know a name. It doesn’t need to know an email address. It’s looking at patterns,” he said.
From this information, the system can pinpoint the best lessons for students to take on Eedi. Without that guidance, students tend to rely on strategies they’re already using at school, which isn’t the right starting point for the majority of students who are looking for a private tutor, according to Hulls.
“It really helps direct the children and their families at home to know where to start,” she said.
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets. Based on our threat data, the AiTM phishing campaign attempted to target more than 10,000 organizations since September 2021.
Figure 1. Overview of AiTM phishing campaign and follow-on BEC
Phishing remains to be one of the most common techniques attackers use in their attempts to gain initial access to organizations. According to the 2021 Microsoft Digital Defense Report, reports of phishing attacks doubled in 2020, and phishing is the most common type of malicious email observed in our threat signals. MFA provides an added security layer against credential theft, and it is expected that more organizations will adopt it, especially in countries and regions where even governments are mandating it. Unfortunately, attackers are also finding new ways to circumvent this security measure.
In AiTM phishing, attackers deploy a proxy server between a target user and the website the user wishes to visit (that is, the site the attacker wishes to impersonate). Such a setup allows the attacker to steal and intercept the target’s password and the session cookie that proves their ongoing and authenticated session with the website. Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses.
Microsoft 365 Defender detects suspicious activities related to AiTM phishing attacks and their follow-on activities,such as session cookie theft and attempts to use the stolen cookie to sign into Exchange Online. However, to further protect themselves from similar attacks, organizations should also consider complementing MFA with conditional access policies, where sign-in requests are evaluated using additional identity-driven signals like user or group membership, IP location information, and device status, among others.
While AiTM phishing isn’t new, our investigation allowed us to observe and analyze the follow-on activities stemming from the campaign—including cloud-based attack attempts—through cross-domain threat data from Microsoft 365 Defender. These observations also let us improve and enrich our solutions’ protection capabilities. This campaign thus also highlights the importance of building a comprehensive defense strategy. As the threat landscape evolves, organizations need to assume breach and understand their network and threat data to gain complete visibility and insight into complex end-to-end attack chains.
In this blog, we’ll share our technical analysis of this phishing campaign and the succeeding payment fraud attempted by the attackers. We’ll also provide guidance for defenders on protecting organizations from this threat and how Microsoft security technologies detect it.
How AiTM phishing works
Every modern web service implements a session with a user after successful authentication so that the user doesn’t have to be authenticated at every new page they visit. This session functionality is implemented through a session cookie provided by an authentication service after initial authentication. The session cookie is proof for the web server that the user has been authenticated and has an ongoing session on the website. In AiTM phishing, an attacker attempts to obtain a target user’s session cookie so they can skip the whole authentication process and act on the latter’s behalf.
To do this, the attacker deploys a webserver that proxies HTTP packets from the user that visits the phishing site to the target server the attacker wishes to impersonate and the other way around. This way, the phishing site is visually identical to the original website (as every HTTP is proxied to and from the original website). The attacker also doesn’t need to craft their own phishing site like how it’s done in conventional phishing campaigns. The URL is the only visible difference between the phishing site and the actual one.
Figure 2 below illustrates the AiTM phishing process:
Figure 2. AiTM phishing website intercepting the authentication process
The phishing page has two different Transport Layer Security (TLS) sessions—one with the target and another with the actual website the target wants to access. These sessions mean that the phishing page practically functions as an AiTM agent, intercepting the whole authentication process and extracting valuable data from the HTTP requests such as passwords and, more importantly, session cookies. Once the attacker obtains the session cookie, they can inject it into their browser to skip the authentication process, even if the target’s MFA is enabled.
The AiTM phishing process can currently be automated using open-source phishing toolkits and other online resources. Among the widely-used kits include Evilginx2, Modlishka, and Muraena.
Tracking an AiTM phishing campaign
Using Microsoft 365 Defender threat data, we detected multiple iterations of an AiTM phishing campaign that attempted to target more than 10,000 organizations since September 2021. These runs appear to be linked together and target Office 365 users by spoofing the Office online authentication page.
Based on our analysis, these campaign iterations use the Evilginx2 phishing kit as their AiTM infrastructure. We also uncovered similarities in their post-breach activities, including sensitive data enumeration in the target’s mailbox and payment frauds.
Initial access
In one of the runs we’ve observed, the attacker sent emails with an HTML file attachment to multiple recipients in different organizations. The email message informed the target recipients that they had a voice message.
Figure 3. Sample phishing email with HTML file attachment
When a recipient opened the attached HTML file, it was loaded in the user’s browser and displayed a page informing the user that the voice message was being downloaded. Note, however, that the download progress bar was hardcoded in the HTML file, so no MP3 file was being fetched.
Figure 4. HTML file attachment loaded in the target’s browserFigure 5. Source code of the HTML attachment
Instead, the page redirected the user to a redirector site:
Figure 6. Screenshot of the redirector site
This redirector acted as a gatekeeper to ensure the target user was coming from the original HTML attachment. To do this, it first validated if the expected fragment value in the URL—in this case, the user’s email address encoded in Base64—exists. If the said value existed, this page concatenated the value on the phishing site’s landing page, which was also encoded in Base64 and saved in the “link” variable (see Figure 7 below).
Figure 7. A redirection logic included in the <script> tag of the redirector site
By combining the two values, the succeeding phishing landing page automatically filled out the sign-in page with the user’s email address, thus enhancing its social engineering lure. This technique was also the campaign’s attempt to prevent conventional anti-phishing solutions from directly accessing phishing URLs.
Note that on other instances, we observed that the redirector page used the following URL format:
hxxp://[username].[wildcard domain].[tld]/#[user email encoded in Base64]
The phishing site proxied the organization’s Azure Active Directory (Azure AD) sign-in page, which is typically login.microsoftonline.com. If the organization had configured their Azure AD to include their branding, the phishing site’s landing page also contained the same branding elements.
Figure 10. A mockup of a phishing landing page that retrieves the Azure AD branding of an organization
Once the target entered their credentials and got authenticated, they were redirected to the legitimate office.com page. However, in the background, the attacker intercepted the said credentials and got authenticated on the user’s behalf. This allowed the attacker to perform follow-on activities—in this case, payment fraud—from within the organization.
Post-breach BEC
Payment fraud is a scheme wherein an attacker tricks a fraud target into transferring payments to attacker-owned accounts. It can be achieved by hijacking and replying to ongoing finance-related email threads in the compromised account’s mailbox and luring the fraud target to send money through fake invoices, among others.
Based on our analysis of Microsoft 365 Defender threat data and our investigation of related threat alerts from our customers, we discovered that it took as little time as five minutes after credential and session theft for an attacker to launch their follow-on payment fraud. From our observation, after a compromised account signed into the phishing site for the first time, the attacker used the stolen session cookie to authenticate to Outlook online (outlook.office.com). In multiple cases, the cookies had an MFA claim, which means that even if the organization had an MFA policy, the attacker used the session cookie to gain access on behalf of the compromised account.
Finding a target
The following days after the cookie theft, the attacker accessed finance-related emails and file attachments files every few hours. They also searched for ongoing email threads where payment fraud would be feasible. In addition, the attacker deleted from the compromised account’s Inbox folder the original phishing email they sent to hide traces of their initial access.
These activities suggest the attacker attempted to commit payment fraud manually. They also did this in the cloud—they used Outlook Web Access (OWA) on a Chrome browser and performed the abovementioned activities while using the compromised account’s stolen session cookie.
Once the attacker found a relevant email thread, they proceeded with their evasion techniques. Because they didn’t want the compromised account’s user to notice any suspicious mailbox activities, the attacker created an Inbox rule with the following logic to hide any future replies from the fraud target:
“For every incoming email where sender address contains [domain name of the fraud target], move the mail to “Archive” folder and mark it as read.”
Conducting payment fraud
Right after the rule was set, the attacker proceeded to reply to ongoing email threads related to payments and invoices between the target and employees from other organizations, as indicated in the created Inbox rule. The attacker then deleted their replies from the compromised account’s Sent Items and Deleted Items folders.
Several hours after the initial fraud attempt was performed, the attacker signed in once every few hours to check if the fraud target replied to their email. In multiple instances, the attacker communicated with the target through emails for a few days. After sending back responses, they deleted the target’s replies from the Archive folder. They also deleted their emails from the Sent Items folder.
On one occasion, the attacker conducted multiple fraud attempts simultaneously from the same compromised mailbox. Every time the attacker found a new fraud target, they updated the Inbox rule they created to include these new targets’ organization domains.
Below is a summary of the campaign’s end-to-end attack chain based on threat data from Microsoft 365 Defender:
Figure 11. AiTM phishing campaign and follow-on BEC in the context of Microsoft 365 Defender threat data
Defending against AiTM phishing and BEC
This AiTM phishing campaign is another example of how threats continue to evolve in response to the security measures and policies organizations put in place to defend themselves against potential attacks. And since credential phishing was leveraged in many of the most damaging attacks last year, we expect similar attempts to grow in scale and sophistication.
While AiTM phishing attempts to circumvent MFA, it’s important to underscore that MFA implementation remains an essential pillar in identity security. MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place. Organizations can thus make their MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0 and certificate-based authentication.
Defenders can also complement MFA with the following solutions and best practices to further protect their organizations from such types of attacks:
Enable conditional access policies. Conditional access policies are evaluated and enforced every time an attacker attempts to use a stolen session cookie. Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices or trusted IP address requirements.
Invest in advanced anti-phishing solutions thatmonitor and scan incoming emails and visited websites. For example, organizations can leverage web browsers that can automatically identify and block malicious websites, including those used in this phishing campaign.
Continuously monitor for suspicious or anomalous activities:
Hunt for sign-in attempts with suspicious characteristics (for example, location, ISP, user agent, use of anonymizer services).
Hunt for unusual mailbox activities such as the creation of Inbox rules with suspicious purposes or unusual amounts of mail item access events by untrusted IP addresses or devices.
Coordinated threat defense with Microsoft 365 Defender
Microsoft 365 Defender provides comprehensive protection against this AiTM phishing campaign by correlating threat data from various domains. It also coordinates threat defense against the end-to-end attack chain using multiple solutions and has advanced hunting capabilities that allow analysts to inspect their environments further and surface this threat.
Leveraging its cross-signal capabilities, Microsoft 365 Defender alerts customers using Microsoft Edge when a session cookie gets stolen through AiTM phishing and when an attacker attempts to replay the stolen session cookie to access Exchange Online:
Figure 12. Microsoft 365 Defender detecting an attempt to use a stolen session cookie to sign into Exchange Online
Microsoft 365 Defender’s unique incident correlation technology also lets defenders see all the relevant alerts related to an AiTM phishing attack pieced together into a single comprehensive view, thus allowing them to respond to such incidents more efficiently:
Figure 13. Microsoft 365 Defender incident page correlating all relevant alerts related to an AiTM phishing attempt
Microsoft 365 Defender is backed by threat experts who continuously monitor the computing landscape for new attacker tools and techniques. Their expert monitoring not only helps alert customers of a possible incident (such as a potential cookie theft during an authentication session), their research on the constantly evolving phishing techniques also enriches the threat intelligence that feeds into the abovementioned protection technologies.
Microsoft Defender for Office 365 detects threat activity associated with this phishing campaign through the following email security alerts. Note, however, that these alerts may also be triggered by unrelated threat activity. We’re listing them here because we recommend that these alerts be investigated and remediated immediately.
Email messages containing malicious file removed after delivery. This alert is generated when any messages containing a malicious file are delivered to mailboxes in an organization. Microsoft removes the infected messages from Exchange Online mailboxes using zero-hour auto purge (ZAP) if this event occurs.
Email messages from a campaign removed after delivery. This alert is generated when any messages associated with a campaign are delivered to mailboxes in an organization. Microsoft removes the infected messages from Exchange Online mailboxes using ZAP if this event occurs.
Suspicious inbox manipulation rule. The attackers set an Inbox rule to hide their malicious activities. Defender for Cloud Apps identifies such suspicious rules and alerts users when detected.
Impossible travel activity. The attackers used multiple proxies or virtual private networks (VPNs) from various countries or regions. Sometimes, their attack attempts happen at the same time the actual user is signed in, thus raising impossible travel alerts.
Activity from infrequent country. Because the attackers used multiple proxies or VPNs, on certain occasions, the egress endpoints of these VPN and proxy servers are uncommon for the user, thus raising this alert.
Azure AD Identity Protection automatically detects and remediates identity-based risks. It detects suspicious sign-in attempts and raises any of the following alerts:
Anomalous Token. This alert flags a token’s unusual characteristics, such as its token lifetime or played from an unfamiliar location.
Unfamiliar sign-in properties. In this phishing campaign, the attackers used multiple proxies or VPNs originating from various countries or regions unfamiliar to the target user.
Unfamiliar sign-in properties for session cookies. This alert flags anomalies in the token claims, token age, and other authentication attributes.
Anonymous IP address. This alert flags sign-in attempts from anonymous IP addresses (for example, Tor browser or anonymous VPN).
In addition, Continuous Access evaluation (CAE) revokes access in real time when changes in user conditions trigger risks, such as when a user is terminated or moves to an untrusted location.
When an attacker uses a stolen session cookie, the “SessionId” attribute in the AADSignInEventBeta table will be identical to the SessionId value used in the authentication process against the phishing site. Use this query to search for cookies that were first seen after OfficeHome application authentication (as seen when the user authenticated to the AiTM phishing site) and then seen being used in other applications in other countries:
let OfficeHomeSessionIds = AADSignInEventsBeta
| where Timestamp > ago(1d)
| where ErrorCode == 0
| where ApplicationId == "4765445b-32c6-49b0-83e6-1d93765276ca" //OfficeHome application | where ClientAppUsed == "Browser" | where LogonType has "interactiveUser" | summarize arg_min(Timestamp, Country) by SessionId;
AADSignInEventsBeta
| where Timestamp > ago(1d)
| where ApplicationId != "4765445b-32c6-49b0-83e6-1d93765276ca"
| where ClientAppUsed == "Browser" | project OtherTimestamp = Timestamp, Application, ApplicationId, AccountObjectId, AccountDisplayName, OtherCountry = Country, SessionId
| join OfficeHomeSessionIds on SessionId
| where OtherTimestamp > Timestamp and OtherCountry != Country
Use this query to summarize for each user the countries that authenticated to the OfficeHome application and find uncommon or untrusted ones:
AADSignInEventsBeta | where Timestamp > ago(7d) | where ApplicationId == "4765445b-32c6-49b0-83e6-1d93765276ca" //OfficeHome application | where ClientAppUsed == "Browser" | where LogonType has "interactiveUser" | summarize Countries = make_set(Country) by AccountObjectId, AccountDisplayName
Use this query to find new email Inbox rules created during a suspicious sign-in session:
//Find suspicious tokens tagged by AAD "Anomalous Token" alert
let suspiciousSessionIds = materialize(
AlertInfo
| where Timestamp > ago(7d)
| where Title == "Anomalous Token"
| join (AlertEvidence | where Timestamp > ago(7d) | where EntityType == "CloudLogonSession") on AlertId
| project sessionId = todynamic(AdditionalFields).SessionId);
//Find Inbox rules created during a session that used the anomalous token
let hasSuspiciousSessionIds = isnotempty(toscalar(suspiciousSessionIds));
CloudAppEvents
| where hasSuspiciousSessionIds
| where Timestamp > ago(21d)
| where ActionType == "New-InboxRule"
| where RawEventData.SessionId in (suspiciousSessionIds)
With summer in full swing, students and parents are preparing to kick off back-to-school shopping to get ready for the exciting year ahead. We know parents and students are always on the hunt for a great deal, and this year, as inflation continues to rise, parents’ stress over the shopping season has increased by 7% in recent weeks alone.
To help families breeze through shopping with confidence, Microsoft Store is offering back-to-school savings – starting July 11 through Sept. 11 – including discounted laptops, PCs and accessories, all supported by an extended price promise and return window.
Microsoft Store’s top back-to-school deals and savings include:
Save up to 50% off on select Windows 11 PCs
Deals extend beyond Surface devices at Microsoft Store. Families and students can choose from a variety of Windows 11 PCs, including the Lenovo Ideapad 5 Pro. The Lenovo Ideapad 5 Pro is perfect for streaming and entertainment, making it a great choice for students looking for a device that can be used for work and play.
For a full list of select Windows 11 PCs on sale, visit microsoft.com. Offers ends July 18.
Save up to $339.99 on the Surface Pro 8 and Surface Pro Keyboard Bundle
You can get one of Microsoft’s best flexible devices for over $400 off. The Surface Pro 8 and Surface Pro Keyboard Bundle is perfectly portable with tablet-to-laptop versatility, making it a must-have for whatever the school year has in store. Offer ends Aug. 21.
Save up to $300 on select Surface Laptop 4
The sleek Surface Laptop 4 is available at $300 off. Built for even the longest night of studying, the Surface Laptop 4 has a battery life that lasts all day and serious multitasking power. Offer ends July 24.
Save up to 30% off select Microsoft PC Accessories, including the Microsoft Bluetooth Ergonomic Mouse
Get the most out of a new device by pairing it with accessories like the premium wireless Microsoft Bluetooth Ergonomic Mouse, designed to help people learn or work in comfort all day with precision navigation and two programmable buttons. Offer ends July 31.
Save $125 on the Bang & Olufsen Beoplay Portal Headset
Save big on headphones sure to bring any gaming experience to the next level with a sophisticated aesthetic that makes them wearable at the library, at home and everywhere in between. Packed with quick-access gaming functions, rock-solid connectivity for mobile gaming and Dolby Atmos virtualized surround sound for an immersive gaming experience. Offer ends July 31.
Shop with confidence with the Microsoft Store Promise
You’ll also receive peace of mind shopping at Microsoft Store as all purchases come with the Microsoft Store Promise, which includes free shipping and free, extended 60-day returns, a 60-day price promise on Surface devices, personal support with back-to-school shopping and helpful videos from product experts. Additionally, purchasing select Surfaces comes with 20-30% off Microsoft Complete, Microsoft Store’s hardware warranty plan, between July 11 – 17.
Driving equity with online-ready, not online-dependent devices
Providing continuity of learning in low and intermittent connectivity scenarios
Millions of students have limited access to the internet at home, leaving them struggling to access interactive online lessons and forcing them to find offline workarounds on devices lacking storage for video and other resources. Today, devices and education technology tools are more integrated into education than ever before, and learning opportunities happen not just at school, but at home and everywhere in between. In this landscape, the ability to work online and offline is key so that learning can continue regardless of a student’s ability to connect to the internet.
In the third in a series of Accelerate Learning Kits from Microsoft Education, “Accelerating Learning for Students with Limited Internet Access,” the authors compare how Microsoft Windows 11 devices and Chromebooks support offline access to educational content and material. Their finding: when comparing based on factors such as access to learning content, accessibility, on-device storage, and the ability to create and edit content, they found that Windows 11 devices provide a better experience for learners than the equivalent experiences on Google Chrome OS.
In a study conducted by Michigan State University in 2020, researchers found that students who have no home access or rely upon cell phone data plans have the digital skills equivalent of a three-year deficit when compared to their peers with home internet access1.
According to UNICEF, up to 1.3 billion children and young people worldwide have no access to internet at home2. This issue disproportionately affects students of color, those living in poverty, and in rural communities. Additionally, a 2020 study by Michigan State University found that students who have limited or no internet access at home can fall up to three years behind classmates with full access, have a lower grade point average, score lower on college admissions tests like the SAT, and are less likely to pursue a college degree.3 This highlights the importance of ensuring that students have equitable access to tools and that there’s flexibility for those who may not have consistent access to the internet outside of school.
For the latest Microsoft learning kit comparing Windows 11 devices and Chromebooks, researchers created a learning scenario in which they used identical versions of a presentation to compare the process a student would complete to access and edit learning materials while disconnected from the internet. This included setting up offline access to the file, disconnecting the internet connection, opening and making changes to the presentation, and then reconnecting and accessing the updated online file. The comparison of the Windows 11 and Chromebook processes can help educators see some of the benefits Windows 11 devices deliver for students, including simpler and faster setup of offline capabilities.
Evaluators noted that in the side-by-side test, Microsoft Office was a faster, easier, and richer experience for students than the comparable solution. Beyond simply editing and saving files, students with limited online access can benefit from using the built-in flexibility of features such as translation and Accessibility Checker, which work online or offline.
Since schools made the unexpected and rapid shift to online instruction in 2020, existing inequities in connectivity have highlighted the challenges of making sure that all students can participate in digital learning. Microsoft Education is committed to developing solutions to advance equity in learning. And the built-in, accessible, equitable, easy-to-use tools in the Microsoft Office suite provide students the opportunity to focus on learning and explore their academic interests without having to worry about connectivity.
Nearly 400 wind farms in Ireland today collectively generate more than 35% of the island’s electricity. These carbon-free electrons travel on power transmission lines to farms, businesses and homes, helping utilities avoid emissions of carbon dioxide and other greenhouse gases from burning fossil fuels to generate electricity.
Like everywhere around the world, the intensity of the wind in Ireland fluctuates throughout the day and over the course of the seasons, which causes variable power production. As the supply of renewable energy increases, a growing problem for electric power grid operators is created. That’s because they need to only put on the exact amount of energy that users are pulling out. No more, no less.
Banks of lithium-ion batteries at a Microsoft datacenter in Dublin will be a part of the solution to this problem later this year.
These batteries, which typically provide backup power for the datacenter in case of emergency, have been certified, tested and approved for connection to the grid in a way that helps grid operators provide uninterrupted service when demand exceeds the supply generated elsewhere on the grid by wind, solar and other sources.
Providing this grid service “is a way for us to unlock the value of the datacenter,” said Nur Bernhardt, a senior program manager for energy at Microsoft.
Grid decarbonization
Power grid operators around the world typically rely on running coal and natural gas fired power plants to maintain what is called spinning reserve, or excess capacity, that can respond quickly to provide grid services.
The ability to use the datacenter’s batteries to provide these services reduces the need to maintain spinning reserve at power plants, which lowers power sector carbon emissions, Bernhardt explained.
The batteries are part of what’s called the uninterruptible power supply, or UPS, for the datacenter. The UPS in Microsoft’s Dublin datacenter includes new technology that enables real-time interaction with the electric power grid.
If grid-interactive UPS systems replace the grid services currently provided by fossil fuel power plants in Ireland and Northern Ireland, about two million metric tons of carbon dioxide emissions could be avoided in 2025, according to Baringa, an energy advisory firm that Microsoft commissioned to analyze the potential impact of the technology.
“This is definitely moving the dial on emissions at a national level,” said Mark Turner, a partner in Baringa’s energy practice who helped perform the analysis.
Two million metric tons of carbon dioxide emissions is about one-fifth of the total emissions expected across the island of Ireland from the power sector in 2025, he explained.
What’s more, by relying on grid-interactive UPS technology for grid services, end consumers across Ireland would save tens of millions of dollars on fuel and other costs required to maintain the spinning reserve at coal and natural gas fired power plants.
“The third win is you reduce the amount you have to turn down renewables,” Turner said. “That’s because if you turn gas-fired power stations on to provide this service, you’ve got to turn something else off. Often that’s renewables. If you provide this with UPS, you no longer have to do that.”
John Byrne (right), head of operations for Enel X UK & Ireland, and Michal Frąckowiak, field operations engineer at Enel X UK & Ireland examine data on computer screens during a system test of the grid-interactive UPS inside a Microsoft datacenter in Dublin, Ireland. Photo by Naoise Culhane.
Datacenters as grid assets
People who run datacenters often talk about the “five nines” of reliability, which is shorthand for a promise to customers that the datacenter is online 99.999% of the time. To do that, datacenter operators rely in part on the batteries in the UPSs to kick on the moment a power outage occurs and provide power to the servers while the backup generators are fired up.
The main purpose of the UPS system is to provide power conditioning for the servers. The UPS system is always on, providing protection to the servers. In 2017, Microsoft started to explore the potential to leverage these assets.
“The concept was to use the UPS, which is providing continuous protection, change the controller on the UPS and provide services back to the grid,” said Ehsan Nasr, a senior design researcher who works in Microsoft’s datacenter advanced development group.
Grid frequency is becoming more volatile as the supply of variable renewable energy on the grid increases, noted Christian Belady, distinguished engineer and vice president of Microsoft’s datacenter advanced development group.
This increase in volatility, in turn, increases the value of assets such as batteries that can help maintain the balance between supply and demand, he explained.
“We have this battery asset in the datacenter that is just sitting there,” Belady said. “Why don’t we offer it to the grid and come up with a dynamic way of managing it as a dual-purpose asset and thus drive more efficiency and asset utilization? That’s what drove this win-win situation.”
To that end, his team partnered with intelligent power management company, Eaton, to develop and test a grid-interactive UPS. They performed proof-of-concept experiments in 2020 at a Microsoft datacenter in Chicago and have continued to refine the technology at Microsoft’s datacenter in Quincy, Washington.
“We are making sure that we can provide the exact functionality of the UPS and, at the same time, provide ancillary services back to the grid with secure communication between the datacenter and the utility,” Nasr said.
Christian Belady, distinguished engineer and vice president of Microsoft’s datacenter advanced development group, stands next to a two-phase immersion cooling tank at a Microsoft datacenter. Photo by Gene Twedt for Microsoft.
A business case in Ireland
With the grid-interactive UPS technology demonstrated as a viable provider of grid services, the next step was to find a market with a business case for deployment, said Mycah Gambrell-Ermak, a principal program manager at Microsoft who worked on this project and is now on the supply chain strategy team.
Microsoft found an opportunity in Ireland, where variable renewables already account for more than 35% of the island’s electricity and that figure is expected to grow to 80% by 2030. This level of variable power production requires grid-stabilization services typically provided by fossil fuel power plants.
“In areas where municipalities or utilities are trying to get away from fossil-based solutions, if there is a dip in renewable reserves, what we can do as a company is take our large amount of load and we can reduce our load by putting our own batteries to use,” Gambrell-Ermak said.
EirGrid, the transmission system operator in Ireland, runs a market for grid services that prioritizes non-carbon-emitting solutions. Microsoft is participating in this market through Enel X, an energy services and solutions provider that aggregates industrial and commercial energy consumers into virtual power plants.
“Utilities, by way of aggregators, can give us a signal that tells us to discharge our batteries to compensate for our load, which then takes the burden off of the grid,” Gambrell-Ermak explained.
John Byrne, head of operations for Enel X UK & Ireland, performs a system test on the grid-interactive UPS inside a Microsoft datacenter in Dublin, Ireland. Photo by Naoise Culhane.
Blueprint for the world
EirGrid’s market for grid services is a blueprint for how technologies, such as grid-interactive UPS systems at datacenters and other industrial facilities, can help decarbonize electric power grids around the world, according to Paul Troughton, senior director of regulatory affairs for Enel X.
“I often think of Ireland as a vision of the future of what other systems’ grids will be like,” he said.
As other countries transition to a greater reliance on renewable energy, they will encounter a similar situation.
“As you add renewables, your conventional plants will retire and you can’t call on them to provide the services they would traditionally provide,” Troughton said. “You need to do something to get better at managing frequency.”
Microsoft is exploring opportunities to provide grid-stabilization services with grid-interactive UPS technology at its datacenters around the world to further accelerate progress toward grid-decarbonization, Bernhardt said.
The grid-interactive UPS initiative is part of the company’s commitment to be carbon negative by 2030, which also includes experiments at datacenters with liquid immersion cooling for servers, hydrogen fuel cells for backup power generation, along with changes in operation to increase efficiency and design such as high-density cold plate solutions.
“The long-term vision is to turn the datacenter assets into something that can provide social benefit outside of our own operations,” Bernhardt said.
EirGrid’s grid-services market, he explained, provides an opportunity for companies like Microsoft to deploy solutions that address grid reliability concerns associated with the growth of renewables.
“We can still maintain our requirements around reliability to our customers but at the same time utilize our infrastructure to provide reliability to the grid, as well as lower CO2 emissions and reduce costs for all energy consumers.”
Related
John Roach writes about Microsoft research and innovation. Follow him on Twitter.
Top image: Top image: Nearly 400 wind farms in Ireland generate more than 35% of the island’s electricity. Microsoft’s grid-interactive UPS system helps balance the electric power grid at times when demand outstrips available supply from wind and other sources. Photo by Paul Briden, Adobe Stock.
Building great relationships requires trust, honesty, mutual support, and appreciation. From our first conversation with designer and creative powerhouse Gavin Mathieu, there was an immediate sense of 
Raised in South Central LA, Gavin spent years fostering community among creators like himself, including Jerry Lorenzo and Nipsey Hussle, before starting his own successful brand, Supervsn. When you spend any amount of time with Gavin, you’re immediately struck by his ability to make everyone in the room feel like family. The warmth and acceptance people feel in his presence is exactly what all of us look for in a community.
What Gavin has designed for this collection captures the spirit of our discussions on enabling people to move and create in a way that helps them make the most impact. Gavin believes, “humans are at their highest level of self when they create.” And we believe that expression should be effortless. This is why Hardwear is simple and designed to reduce any distractions to creativity: it’s a nine-piece collection of tees, hats, sweats, jackets, and pants. Every piece is intentional, and there is meaning behind each item in Hardwear. Here, Gavin explains why he chose MS Paint as a design element for one of the pieces in this collection: 
For Hardwear, our community was a team of people who made strides daily, building each other’s confidence by having honest conversations and creating space for suggestions and improvements. This campaign tested our comfortability and challenged us at times, but what pushed us forward was seeing the inclusion of diverse voices throughout the process and the unique perspectives on what drives those who want to improve themselves and the world around them, as well as what can distract people from progressing toward their goals.
It’s important for us to work with creators who are focused on inspiring communities and making a positive impact in the world, because enabling and empowering people to achieve more is what drives everything we do at Microsoft. And with Hardwear, it’s as much of the how as it is the what. From the talent of our people to the capsule collection launch, to the diversity of those behind and in front of the camera and our agency partners, cultural nuance and perspective are the key ingredients that make this a collection we’re proud to share with our own communities.
