Category: Microsoft news

Microsoft news, features, events, and press materials

Posted on by Leave a comment

‘Wonder Woman 1984’ teams up with Xbox and Gamers Outreach to surprise children’s hospitals

This holiday season, the action-adventure film “Wonder Woman 1984” is teaming up with Xbox and Gamers Outreach to create 10 unique Gamers Outreach (GO) Karts, featuring the new Xbox Series S along with two custom Xbox Wireless Controllers inspired by the movie. Each of these GO Karts will be placed in children’s hospitals across the country starting on December 23, just in time to experience the magic of the holidays.

Children at these hospitals will be able to power their dreams as they continue the healing process, while Xbox and Gamers Outreach help bring a sense of normalcy to patients and families alike. As an extra gift of wonder, the GO Karts will include a special message from Wonder Woman herself, Gal Gadot, along with an HBO Max subscription to watch her new movie “Wonder Woman 1984,” streaming exclusively on HBO Max starting on December 25 for a limited time and available in theaters worldwide this holiday season.

The following hospitals will be receiving these specialized GO Karts:

  • Phoenix Children’s Hospital
  • Hassenfeld Children’s Hospital at NYU Langone
  • Children’s Minnesota
  • Johns Hopkins Children’s Center
  • Monroe Carell Jr. Children’s Hospital at Vanderbilt
  • Children’s Medical Center Dallas
  • Children’s Hospital New Orleans
  • SSM Health Cardinal Glennon Children’s Hospital
  • Montana Children’s Medical Center
  • Children’s National Hospital

Xbox and Gamers Outreach are once again excited to bring an unforgettable experience to children at these hospitals, giving them access to interactive entertainment and the chance to socialize via video games through an amazing collaboration with “Wonder Woman 1984,” bringing joy through the power of play with Xbox this holiday season.

Learn more about Gamers Outreach and their mission to build a world where play is accessible in hospitals by visiting www.GamersOutreach.org.

Posted on by Leave a comment

2020 in review: 6 most-read posts from Microsoft on the Issues

As Covid-19 affected our personal and working lives, 2020 was a year of unimaginable change. Microsoft on the Issues covered topics including cybersecurity, digital skills accessibility and more, and the pandemic influenced many of the stories we brought you.

As we say goodbye to 2020, here’s a look at some of this year’s most read stories, from the Puget Sound region and beyond.

Data, supplies, community: How Microsoft is supporting efforts to combat Covid-19

Family, friends and co-workers around the world are facing the effects of the Covid-19 pandemic. Managing response efforts requires the cooperation of every sector of society. Back in March, we offered this resource to communities, non-profits and government officials.

Everyone should have access to digital skills. New grants aim to help

Microsoft’s skills initiative hopes to help 25 million people around the world secure digital skills. In June, Microsoft made a public commitment to be more inclusive as an employer and to extend Microsoft’s support and outreach programs in Black and African American communities. As part of this, Microsoft’s community skills program will provide financial grants and tech enablement to community-based non-profits reaching 5 million unemployed workers who need it most.

This is a look at i.c.stars, a rigorous, tech-focused program that provides young adults from low-income communities with the tools to develop the technical and leadership skills needed for a career in technology, a field that continues to lack diversity and be in high demand.

What is ElectionGuard?

Every election year, millions of Americans are eligible to cast their ballots to elect officials ranging from members of school boards to the President of the United States. Those millions of voters need to be confident that the democratic process is carried out without interference.

However, in recent years, technology designed to help elections run smoothly has been targeted by those seeking to influence, subvert or sabotage democracy. Microsoft has been working with governments, NGOs, academics and industry on the Defending Democracy Program. One of the components is ElectionGuard, explored in this article.

An inside look at the global battle with botnets

In March, a small team at Microsoft dismantled Necurs, one of the world’s largest botnets. It was a project that was eight years in the making, and involved coordinated legal and technical action from 35 countries. Botnets are highly sophisticated, acting as a unified threat and often run by well-resourced operators. Tracking them down and preventing them from carrying out further infections and attacks is a complex task that takes coordination across geographies and organizations. This article explored the battle with botnets around the world.

Understanding accessibility through ABCs

At Microsoft, we focus on the maxim of “nothing about us, without us” in order to create technology for people with and without disabilities. Creating and developing technologies for everybody to use involves embracing diversity and an inclusive culture in Microsoft’s own workforce.

The main obstacle to inclusion and diversity is the lack of awareness. As a starting point to educate and share, we shared our ABCs of Accessibility, from A to Z.

How AI is helping map the world’s most vulnerable places

There are places in the world that have not been mapped in detail. In the event of a natural disaster that can be a problem, as rescue teams try to understand where their help might be needed. The Humanitarian OpenStreetMap Team, or HOT, is working with Microsoft’s AI for Humanitarian Action program and Bing to combine satellite mapping, machine learning and an army of volunteers to create detailed and potentially life-saving maps. This story looks at the work HOT is doing, particularly across Africa, and explains how these maps are part of the effort to contain Ebola.

Posted on by Leave a comment

Get into the holiday spirit on Skype

24/12/2020 | Skype Blogs | Holidays on Skype

The holidays are upon us! Skype has traditionally played a key role keeping people connected during the holiday season, and this year that’s more important than ever. To that end, Skype has gotten all dressed up with your favorite holiday emojis, expressions and new background designs to help make it a magical, memorable season. We like to call it the “Holidification” of Skype!

Express yourself in the spirit of the season with friends and family

There’s so much more to a conversation than speaking. A smile, a wink, a hand signal, the nod of the head, or even a quiet little chuckle: it deepens, enriches, and engages. Did the story your Uncle John just told make you sentimental? Pop a holiday tree emoji in the chat window. Talking with your cousin in London about whether reindeers really know how to fly? Give her Rudolph the Red-nosed Reindeer emoji with a blinking red nose! Get a sweet message from your Mom in the chat window? Respond to her comment with a holiday-themed reaction. Skype puts seasonal-themed emojis at your fingertips as you type!

“It’s all about creating more authentic connections,” says Sam Cundall, Animator and Principal Designer for Skype, Seattle, USA. “People should be able say something like, ‘wow, that sounds exactly like my friend Sam, he’s expressing himself the same way he would if he were in front of me.’ That’s the legacy of Skype’s quirkiness and humor: our emojis and expressions help make it as authentic as possible.”

Feel like you’re in a favorite holiday spot with Background Replace

Try one of our colorful holiday-themed backgrounds to set the mood. Or upload a moonscape for an out-of-this-world holiday. With Background Replace, your imagination rules. And you know how you usually have to deep-clean your place before a social get together? Not this year. One nice thing about celebrating remotely is you can use Background Replace to hide that messy living room! 

Did you know, Skype’s new ‘Together Mode’ feature brings even more fun to the festivities and makes you feel that you are in the same room when on a video chat with your friends and family; this way you can feel closer together even when apart.

“These are the latest of a multitude of beautiful rich backgrounds and themes we created this year in partnership with myriad talented artists and designers,” says Nando Costa, Microsoft Partner Director of Design, XC Storytelling. “As customers from around the globe depend on Skype for their communication needs in life, we are committed to bringing delightful and expressive moments to their everyday interactions.”

Spend as much time as you want together, now and throughout the year

Holiday celebrations tend to be filled with fun and festivities that can go on for hours, even days. That makes it kind of hard to fit everything into 40 minutes. With Skype, you can get together – free – with up to 100 people for up to 24 hours a day every day of the year. Your friends don’t need to have a Skype account either: With the Meet Now feature, it’s even easier to create video calls with just one click. No passwords. No sign-ups. Not even a download is needed! So go wild: enjoy as much time as you want sharing stories, showing off your favorite “ugly” holiday sweaters, playing games, and more. While you’re online, make some plans not just for the holidays but for birthdays, anniversaries, and other big events in the coming year. Because the time you spend together should be more than just for the holidays!

So, make this a season to remember, not because it’s the one where we all had to stay home – but the one where we still came together in the spirit of the holidays despite it all! We wish you a season filled with family, friends, and much cheer.

Happy Holidays!

We asked our teammates here at Skype about what the holidays means to them and here’s what some of them told us:

“Holidays are my favorite time of the year, especially when it comes to making memories! I love being able to connect with friends and family, whether close or far away. It’s also the time of year where I feel the most thankful the people who make life wonderful.”

–Luis Carrasco, Skype Global Product Director, San Cristobal, Venezuela

“Holidays are always a magical time for me. It’s a chance to make wonderful memories with friends and loved ones, even from a distance. Of course, I also find time to make ALL my favorite foods and play video games. Like I said: it’s a magical time!”

–Jane Gordina, Skype Software Engineer, Prague, Czech Republic

“For me, the holidays are a wonderful time of year where we can slow down and be with those we care about. I think it’s also about enjoying lots of great food, sharing, and giving. But most of all, it’s about being together even when apart.”

–Katerina Karellas, Skype Global Product Marketing Director, London, UK

“Holidays have been my favorite time of the year since I was a kid. That magical feeling of hearing holiday music, watching the lights shimmer throughout the neighborhood, and being surrounded by family and friends, is something I’ll never forget. Now that I have a family of my own, I am even more grateful for the time we spend together. The best part, though, is the spirit of giving.”

Adam Czeisler, Skype Engineering Director, Seattle, USA

“Holidays are one of the few times in the year when I can slow down and enjoy some truly unhurried time with my friends and family, near and far. This year, it’ll have to be mostly online, but I’m still eager and thankful to reconnect and just… chat!”

–Rohit Wad, Corporate Vice President, Issaquah, USA

Posted on by Leave a comment

Virtual Reality update for Microsoft Flight Simulator now available

Microsoft Flight Simulator was built from the ground up to achieve three key goals: realism, accuracy, and authenticity of flight. Today, we’re excited to share that Virtual Reality for Microsoft Flight Simulator is now available on your favorite VR headset for PC, offering simmers the deepest and most immersive virtual flight experience in the new simulator to date.

The flight sim community has been a very active and insightful partner in shaping how the team approached VR, and continues to be a critical partner in our continued development as we make further improvements and add new features to the simulation. Adding VR to Microsoft Flight Simulator was a direct result of community feedback, and we look forward to continued involvement in the future of the franchise with us.

Our goal was to make this update accessible to as many VR players as possible. To achieve this goal, we have worked to make this free update compatible across a wide range of supported devices, including most Windows Mixed Reality headsets (including the HP Reverb G2), Oculus, Valve, and HTC headsets. To access VR, make sure you have downloaded the latest update for Microsoft Flight Simulator.

Grab your VR headset and try this captivating experience today on Xbox Game Pass for PC, Windows 10, and Steam. Feel free to share your first impressions with us on the dedicated forums or check out our FAQ if you have questions. For the latest information on Microsoft Flight Simulator, stay tuned to @MSFSOfficial on Twitter.

Microsoft Flight Simulator: StandardMicrosoft Flight Simulator: Standard
Xbox LiveXbox Live

Microsoft Flight Simulator: Standard

Xbox Game Studios

This title does not support Korean, Vietnamese, Thai or Indonesian localization. Microsoft Flight Simulator is the next generation of one of the most beloved simulation franchises. From light planes to wide-body jets, fly highly detailed and stunning aircraft in an incredibly realistic world. Create your flight plan and fly anywhere on the planet. Enjoy flying day or night and face realistic, challenging weather conditions. MICROSOFT FLIGHT SIMULATOR IS A MUST PLAY*: • 10/10 IGN – “Microsoft Flight Simulator is legitimately incredible. It’s difficult to fully describe how amazing it feels to jump into a plane and have the freedom fly to and from literally any place in the entire world.”
• Essential EUROGAMER – “a once in-a-generation wow moment”
• 100/100 GAMING TREND
• 100/100 PLAYER 2
• 5/5 GUARDIAN – “This game captures the wonder of flight”
• 5/5 VG 24/7
• 10/10 PRESS-START
• 10/10 AUSGAMERS
• 5/5 VGC – “phenomenal looking, remarkably detailed simulator”
• 9/10 AREAJUGONES
• 9/10 PC INVASION
• 4.5/5 ATTACK OF THE FANBOY
• 9/10 GAMEBLOG
• 10/10 WCCFTECH – “a technical marvel that brings the whole world to life and the best example of cloud based gaming so far.”
• 18/20 JEUXACTU
• 9/10 EVEREYE
• 9.3/10 SPAZIOGAMES
• 4/5 DAILY STAR – “the definition of revolutionary”
• 4.5/5 TWINFINITE

Posted on by Leave a comment

CVP Tom Burt: Cyber mercenaries don’t deserve immunity

A growing industry of companies called private-sector offensive actors – or PSOAs – is creating and selling cyberweapons that enable their customers to break into people’s computers, phones and internet-connected devices. Now, one of these 21st-century mercenaries, called the NSO Group, is attempting to cloak itself in the legal immunity afforded its government customers, which would shield it from accountability when its weapons inflict harm on innocent people and businesses. The firm also contributes to the urgent cybersecurity challenges discussed by our president Brad Smith last week. We believe the NSO Group’s business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities or repercussions. That’s why today we filed an amicus brief – along with Cisco, GitHub, Google, LinkedIn, VMWare and the Internet Association – in a legal case brought by WhatsApp against the NSO Group.

The NSO Group sold governments a program called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device’s owner did not even have to answer. According to WhatsApp, the NSO Group used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights defenders. We believe companies like NSO Group selling tools like Pegasus are concerning for three reasons.

First, their presence increases the risk that the weapons they create fall into the wrong hands. Previously, sophisticated nation-state hacking capabilities resided in a small number of governments with well-funded agencies focused on developing these weapons. Even then, government-created espionage tools got into the hands of other governments who used them in attacks like WannaCry and NotPetya that spread like wildfire beyond the targeted victims and ultimately devastated lives and disrupted businesses around the world. Lowering the barrier for access to these weapons would guarantee that such catastrophes would be repeated.

Even if the tools are sold to governments who use them for narrowly targeted attacks, there are a variety of ways they can still fall into the wrong hands. For example, private actors like the NSO Group and their less sophisticated customers may lack the defenses some governments use to protect the weapons, making them more susceptible to cyber-theft. For example, an Italian company called Hacking Team – one of NSO’s competitors – was itself hacked in 2015. Additionally, targets of these weapons can observe, reverse-engineer and then use these tools for their own purposes.

Second, private-sector companies creating these weapons are not subject to the same constraints as governments. Many governments with offensive cyber capabilities are subject to international laws, diplomatic consequences and the need to protect their own citizens and economic interests from the indiscriminate use of these weapons. Additionally, some governments – like the United States – may share high-consequence vulnerabilities they discover with impacted technology providers so the providers can patch the vulnerability and protect their customers. Private actors like the NSO Group are only incented to keep these vulnerabilities to themselves so they can profit from them, and the exploits they create are constantly recycled by governments and cybercriminals once they get into the wild.

Third, companies like the NSO Group threaten human rights whether they seek to or not. An analysis of recent cyber-attacks was able to identify five countries using offensive cyber capabilities between 2012 and 2015: Russia, China, North Korea, France and Israel. Between 2016 and 2018, however, the cast of characters changed to include countries like the United Arab Emirates and Uzbekistan. And public reporting has identified clients of cyber-surveillance companies like the NSO Group to include Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Mexico, Morocco, Nigeria, Oman, Saudi Arabia and Sudan. Reporting also shows foreign governments are using those surveillance tools, bought from PSOAs, to spy on human rights defenders, journalists and others, including U.S. citizens. These tools allow the user to track someone’s whereabouts, listen in on their conversations, read their texts and emails, look at their photographs, steal their contacts list, download their data, review their internet search history and more. Just yesterday The Citizen Lab reported that between July and August of this year NSO’s Pegasus program was used to hack 36 phones belonging to journalists, producers, anchors and executives at Al Jazeera. Privacy is fundamental to the ability of journalists to report, of dissidents to speak their voices and of democracy to flourish and these tools threaten their rights and their lives.

The expansion of sovereign immunity that NSO seeks would further encourage the burgeoning cyber-surveillance industry to develop, sell and use tools to exploit vulnerabilities in violation of U.S. law. Private companies should remain subject to liability when they use their cyber-surveillance tools to break the law, or knowingly permit their use for such purposes, regardless of who their customers are or what they’re trying to achieve. We hope that standing together with our competitors today through this amicus brief will help protect our collective customers and global digital ecosystem from more indiscriminate attacks.

Tags: , ,

Posted on by Leave a comment

Start the new year with 3 ways to better organize your life

Our homes have never worked harder for us than they are right now. A home is our office, school, gym, sanctuary, and safe retreat from the world. That means it’s more important than ever to have organization systems in place to keep key parts of your home humming along.

See how these organization tips can help you achieve some of your New Year’s resolutions.

Discover an easier way to organize and manage your finances

Managing personal finances can be an unwelcome task for some people, but having the right tools can help make it easier. Join the millions of people who use Microsoft Excel to track their budgets, help simplify the task of managing finances, and to help stay on track with longer-term financial goals.

If you’re not a Microsoft 365 subscriber, there are some free templates you can use if you just want a simple tracking template or want to track your family’s monthly expenses. Just add your income and spending information and let the spreadsheets do the rest of the math for you.

Save time, organize and protect your computer files

Get the peace of mind that comes from knowing your computer files and photos are backed up and accessible to you wherever you go and whenever you need them. With OneDrive, your files sync between your computer and the cloud, so if you make changes on your computer, those changes are reflected in the file in the cloud—and vice versa.

You can work directly with your synced files anytime and can access your files even when you’re offline. Whenever you go online next, any changes you made while offline will sync automatically.

Organize and collect your thoughts while online

We all do it: While researching something online, we lose track of the key information we found. This year, discover a fun and visual way to track your ideas on the web by using Collections in Microsoft Edge. Collections allow you to easily identify your saved webpages by displaying the name, a quick summary, and a picture so you can find what you’re looking for at a glance.

Create collections to help you accomplish your New Year’s resolutions. Plan to eat better? Create a collection of recipes to try. Want to work out more? Create a collection of your favorite workout videos so you can easily find the video you want to watch each day. Looking to learn something new this year? Create a collection with videos and how-to pages to get you started.

You can also easily add Pinterest inspiration to your existing collection or export your entire collection to a new board on Pinterest. Whatever to-do list you have for 2021, you can capture it in a visually delightful way using Collections in Microsoft Edge.

Whether you’re looking to track and understand your spending better, to help protect your important files are protected, or to keep track of your ideas on the web, Microsoft has tools to help you take control and take charge in the new year.

Posted on by Leave a comment

A moment of reckoning: the need for a strong and global cybersecurity response

The final weeks of a challenging year have proven even more difficult with the recent exposure of the world’s latest serious nation-state cyberattack. This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms. It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous. As much as anything, this attack provides a moment of reckoning. It requires that we look with clear eyes at the growing threats we face and commit to more effective and collaborative leadership by the government and the tech sector in the United States to spearhead a strong and coordinated global cybersecurity response.

The evolving threats

The past 12 months have produced a watershed year with evolving cybersecurity threats on three eye-opening fronts.

The first is the continuing rise in the determination and sophistication of nation-state attacks. In the past week this has again burst into the headlines with the story of an attack on the firm FireEye using malware inserted into network management software provided to customers by the tech company SolarWinds. This has already led to subsequent news reports of penetration into multiple parts of the U.S. Government. We should all be prepared for stories about additional victims in the public sector and other enterprises and organizations. As FireEye CEO Kevin Mandia stated after disclosing the recent attack, “We are witnessing an attack by a nation with top-tier offensive capabilities.”

As Microsoft cybersecurity experts assist in the response, we have reached the same conclusion. The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them. The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft. As our teams act as first responders to these attacks, these ongoing investigations reveal an attack that is remarkable for its scope, sophistication and impact.

There are broader ramifications as well, which are even more disconcerting. First, while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy. As SolarWinds has reported, the attackers installed their malware into an upgrade of the company’s Orion product that may have been installed by more than 17,000 customers.

The nature of the initial phase of the attack and the breadth of supply chain vulnerability is illustrated clearly in the map below, which is based on telemetry from Microsoft’s Defender Anti-Virus software. This identifies customers who use Defender and who installed versions of SolarWinds’ Orion software containing the attackers’ malware. As this makes clear, this aspect of the attack created a supply chain vulnerability of nearly global importance, reaching many major national capitals outside Russia. This also illustrates the heightened level of vulnerability in the United States.

world map

The installation of this malware created an opportunity for the attackers to follow up and pick and choose from among these customers the organizations they wanted to further attack, which it appears they did in a narrower and more focused fashion. While investigations (and the attacks themselves) continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures.

While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries. This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It’s certain that the number and location of victims will keep growing.

Additional analysis sheds added light on the breadth of these attacks. The initial list of victims includes not only government agencies, but security and other technology firms as well as non-governmental organizations, as shown in the chart below.

cybersecurity chart

It’s critical that we step back and assess the significance of these attacks in their full context. This is not “espionage as usual,” even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency. While the most recent attack appears to reflect a particular focus on the United States and many other democracies, it also provides a powerful reminder that people in virtually every country are at risk and need protection irrespective of the governments they live under.

As we have now seen repeatedly, Silicon Valley is not the only home of ingenious software developers. Russian engineers in 2016 identified weaknesses in password protection and social media platforms, hacked their way into American political campaigns, and used disinformation to sow divisions among the electorate. They repeated the exercise in the 2017 French presidential campaign. As tracked by Microsoft’s Threat Intelligence Center and Digital Crimes Unit, these techniques have impacted victims in more than 70 countries, including most of the world’s democracies. The most recent attack reflects an unfortunate but similarly ingenious capability to identify weaknesses in cybersecurity protection and exploit them.

These types of sophisticated nation-state attacks are increasingly being compounded by another technology trend, which is the opportunity to augment human capabilities with artificial intelligence (AI). One of the more chilling developments this year has been what appears to be new steps to use AI to weaponize large stolen datasets about individuals and spread targeted disinformation using text messages and encrypted messaging apps. We should all assume that, like the sophisticated attacks from Russia, this too will become a permanent part of the threat landscape.

Thankfully, there is a limited number of governments that can invest in the talent needed to attack with this level of sophistication. In our first Microsoft Digital Defense Report, released in September, we reviewed our assessment of 14 nation-state groups involved in cybersecurity attacks. Eleven of the 14 are in only three countries.

All this is changing because of a second evolving threat, namely the growing privatization of cybersecurity attacks through a new generation of private companies, akin to 21st-century mercenaries. This phenomenon has reached the point where it has acquired its own acronym – PSOAs, for private sector offensive actors. Unfortunately, this is not an acronym that will make the world a better place.

One illustrative company in this new sector is the NSO Group, based in Israel and now involved in U.S. litigation. NSO created and sold to governments an app called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device’s owner did not even have to answer. According to WhatsApp, NSO used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights activists.

NSO represents the increasing confluence between sophisticated private-sector technology and nation-state attackers. Citizen Lab, a research laboratory at the University of Toronto, has identified more than 100 abuse cases regarding NSO alone. But it is hardly alone. Other companies are increasingly rumored to be joining in what has become a new $12 billion global technology market.

This represents a growing option for nation-states to either build or buy the tools needed for sophisticated cyberattacks. And if there has been one constant in the world of software over the past five decades, it is that money is always more plentiful than talent. An industry segment that aids offensive cyberattacks spells bad news on two fronts. First, it adds even more capability to the leading nation-state attackers, and second, it generates cyberattack proliferation to other governments that have the money but not the people to create their own weapons. In short, it adds another significant element to the cybersecurity threat landscape.

There is a third and final sobering development worth noting from what has obviously been a challenging year. This comes from the intersection between cyberattacks and COVID-19 itself.

One might have hoped that a pandemic that cut short millions of lives might at least have received a pass from the world’s cyberattacks. But that was not the case. After a brief lull in March, cyberattackers took aim at hospitals and public health authorities, from local governments to the World Health Organization (WHO). As humanity raced to develop vaccines, Microsoft security teams detected three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for Covid-19. A crisis always seems to bring out the best and worst in people, so perhaps we should not be surprised that this global crisis was no exception.

Put together, however, these three trends point to a cybersecurity landscape that is even more daunting than when the year began. The most determined nation-state attackers are becoming more sophisticated. Risks are both growing and spreading to other governments through new private sector companies that aid and abet nation state attackers. And nothing, not even a pandemic, is off limits to these attackers.

We live in a more dangerous world, and it requires a stronger and more coordinated response.

A more effective strategy as we enter a new year

Put simply, we need a more effective national and global strategy to protect against cyberattacks. It will need multiple parts, but perhaps most important, it must start with the recognition that governments and the tech sector will need to act together.

The new year creates an opportunity to turn a page on recent American unilateralism and focus on the collective action that is indispensable to cybersecurity protection. The United States did not win World War II, the Cold War or even its own independence by fighting alone. In a world where authoritarian countries are launching cyberattacks against the world’s democracies, it is more important than ever for democratic governments to work together – sharing information and best practices, and coordinating not just on cybersecurity protection but on defensive measures and responses.

Unlike attacks from the past, cybersecurity threats also require a unique level of collaboration between the public and private sectors. Today’s technology infrastructure, from data centers to fiberoptic cables, is most often owned and operated by private companies. These represent not only much of the infrastructure that needs to be secured but the surface area where new cyberattacks typically are first spotted. For this reason, effective cyber-defense requires not just a coalition of the world’s democracies, but a coalition with leading tech companies.

To be successful, this coalition will need to do three things more effectively in the future:

First, we need to take a major step forward in the sharing and analysis of threat intelligence. In a new year that will mark the 20th anniversary of 9/11, we should remember one of the lessons from the tragic day that the 9/11 Commission called “a shock but not a surprise.” A recurring theme of the commission’s findings was the inability across government agencies to build collective knowledge by connecting data points together. The commission therefore focused its first recommendation on “unifying strategic intelligence” and moving from the “need to know” to the “need to share.”

If there is an initial question for the incoming Biden-Harris Administration and America’s allies, it is this: Is the sharing of cybersecurity threat intelligence today better or worse than it was for terrorist threats before 9/11?

In the wake of this most recent attack, perhaps no company has done more work than Microsoft to support agencies across the federal government. As much as we appreciate the commitment and professionalism of so many dedicated public servants, it is apparent to us that the current state of information-sharing across the government is far from where it needs to be. It too often seems that federal agencies currently fail to act in a coordinated way or in accordance with a clearly defined national cybersecurity strategy. While parts of the federal government have been quick to seek input, information sharing with first responders in a position to act has been limited. During a cyber incident of national significance, we need to do more to prioritize the information-sharing and collaboration needed for swift and effective action. In many respects, we risk as a nation losing sight of some of the most important lessons identified by the 9/11 Commission.

One indicator of the current situation is reflected in the federal government’s insistence on restricting through its contracts our ability to let even one part of the federal government know what other part has been attacked. Instead of encouraging a “need to share,” this turns information sharing into a breach of contract. It literally has turned the 9/11 Commission’s recommendations upside down.

It will be critical for the incoming Biden-Harris Administration to move quickly and decisively to address this situation. One ready-made opportunity is to establish a national cybersecurity director as recommended by the Solarium Commission and provided for in the National Defense Authorization Act.

Effective progress will also require a second realization that goes beyond anything the 9/11 Commission needed to confront. Cybersecurity threat intelligence exists in even more disconnected silos than more traditional information about national security threats. This is because it is spread not only among different agencies and governments but across multiple private sector companies as well. Even within a large company like Microsoft, we have learned that it is critical for our Threat Intelligence Center to aggregate and analyze data from across our data centers and services. And when there is a major threat, we need to share information and collective assessments with other tech companies.

Recent years have brought several important steps to better share cybersecurity information, and we greatly appreciate the dedication and support of many key people across the U.S. government. But we still lack a formal and cohesive national strategy for the sharing of cybersecurity threat intelligence between the public and private sectors. While there need to be important safeguards to protect government secrets and private citizens’ privacy, the time has come for a more systemic and innovative approach to the sharing and analysis of threat intelligence with those best positioned to act.

Second, we need to strengthen international rules to put reckless nation-state behavior out of bounds and ensure that domestic laws thwart the rise of the cyberattack ecosystem. While the world has important international norms and laws to address nation-state attacks, we continue to believe it is important to fill in gaps and continue to develop clear and binding legal obligations for cyberspace.

This should build on the lessons of 2020 and prioritize key and specific areas. For example, it should include the continued development of rules to expressly forbid the type of broad and reckless activity used against SolarWinds and its customers, which tampered with legitimate software and threatened the stability of a broader software supply chain. The international community has been moving in this direction, building on a 2015 report by a United Nations Group of Governmental Experts that received broad UN endorsement last year, as well as multi-stakeholder support by the Global Commission on the Stability of Cyberspace (GCSC). The U.S. government and its allies need to make crystal clear their views that this type of supply chain attack falls outside the bounds of international law.

We need similar strong and effective endorsements of rules that put attacks on health care institutions and vaccine providers off limits. (The recently convened Oxford Process has done important work to highlight the protections existing international law affords in this context.) And international rules should include stronger protections of democratic and electoral processes, as reflected in the principles of the Paris Call for Trust and Security in Cyberspace, which now has more than 1,000 signatories – the largest multi-stakeholder group ever assembled in support of an international cybersecurity-focused agreement.

In addition, governments should take new and concerted steps to thwart the rise of private sector offensive actors. As described above, these companies in effect have created a new ecosystem to support offensive nation-state attacks. The sooner governments take action to put this ecosystem out of business, the better.

An early opportunity for the Biden-Harris Administration will come in an appellate judicial case involving the NSO Group itself. NSO has appealed a lower court finding that it is not immune from claims that it violated the U.S. Computer Fraud and Abuse Act by accessing mobile devices without permission. Its argument is that it is immune from U.S. law because it is acting on behalf of a foreign government customer and hence shares that government’s legal immunity. NSO’s proposed recipe would make a bad problem even worse, which is why Microsoft is joining with other companies in opposing this interpretation. The Biden/Harris Administration should weigh in with a similar view.

NSO’s legal approach, while disconcerting, does the world a service by highlighting the path needed to thwart this new cyberattack ecosystem. It’s to ensure that domestic laws clearly and strongly prohibit companies from helping governments engage in unlawful and offensive cyberattacks and investors from knowingly financing them.

Consider the analogy to other forms of societally harmful activity, like human trafficking, narcotics or terrorism itself. Governments not only take strong steps to prohibit the illegal activity itself – such as engaging in drug trafficking – but also ensure that airlines don’t transport the drugs and investors don’t finance the activity.

A similar approach is needed to deter private sector offensive actors. We need steps to ensure, for example, that American and other investors don’t knowingly fuel the growth of this type of illegal activity. And the United States should proactively pursue discussions with other countries that are giving rise to these companies, including Israel, which has a strong cybersecurity ecosystem that can be drawn into dangerous support of authoritarian regimes.

Finally, we need stronger steps to hold nation-states accountable for cyberattacks. Governments and private companies have taken stronger steps in recent years to hold nation-states publicly accountable for cyberattacks. We need to build on this course and continue to press forward with it, with governments ensuring that there are greater real-world consequences for these attacks to promote stability and discourage conflict.

The world’s democracies took important steps in 2017 and 2018, led by the United States. With public statements about WannaCry and NotPetya, multiple governments attributed these attacks publicly to the North Korean and Russian governments, respectively. These types of coordinated public attributions have become an important tool to respond to nation-state attacks. The United States followed with stronger deterrent steps to protect the 2018 mid-term elections, and an even more concerted effort to successfully deter foreign tampering with voting in the 2020 Presidential elections.

In the private sector, circumstances have also changed dramatically since the early days in 2016 when we at Microsoft took legal action to thwart Russian cyberattacks on American political campaigns but were reluctant to speak publicly about it. In the years since, companies such as Microsoft, Google, Facebook and Twitter have all acted and spoken directly and publicly when responding to nation-state cyberattacks. Moreover, a coalition of more than 145 global technology companies have signed on to the Cybersecurity Tech Accord – committing themselves to upholding four principles of responsible behavior to promote peace and security online, including opposing cyberattacks against innocent civilians and enterprises.

The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies. The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks. It will become even clearer that they reflect not just the latest technology applied to traditional espionage, but a reckless and broad endangerment of the digital supply chain and our most important economic, civic and political institutions. It is the type of international assault that requires the type of collective response that shows that serious violations have consequences.

If there is a common lesson from the past few years, it’s the importance of combining ongoing learning with new innovations, greater collaboration, and constant courage. For four centuries, the people of the world have relied on governments to protect them from foreign threats. But digital technology has created a world where governments cannot take effective action alone. The defense of democracy requires that governments and technology companies work together in new and important ways – to share information, strengthen defenses and respond to attacks. As we put 2020 behind us, the new year provides a new opportunity to move forward on all these fronts.

Editor’s note: 12/17/2020, 7:50pm PT

Following news reports about the impact on Microsoft of the SolarWinds issue, the company issued the following statement:

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others.”

Tags: , , , ,

Posted on by Leave a comment

20 ways classrooms came together in 2020 with Microsoft Education


This year, we saw millions of classrooms come together in unexpected ways. While it might not have been easy from behind a mask or computer screen, everyone in the Microsoft Education community—from principals and teachers to students and parents—have shown flexibility and resilience this year. The community has worked together to create engaging and inclusive learning environments, support one another, and even have fun. As we reflect on the year, we’re sharing 20 highlights from Microsoft Education in 2020, and the technology that helped us get through it together.

Bringing the online classroom to life for students

  1. It’s important for students to see their teacher and classmates at the same time during remote learning. That’s why Teams expanded to a 7×7 Gallery View, allowing up to 49 students to be visible on video at one time.
  2. Another way to mimic the classroom setting is through Together Mode. An alternative to Gallery View, this feature has brought students out of their individual tiles and transported them into a shared setting—whether that’s a virtual auditorium, conference room, or coffee shop.
  3. A smaller setting can also help foster student participation. Breakout Rooms have helped students work within smaller groups for a discussion or assignment, just like they would in an in-person classroom.
  4. The new Spotlight feature has allowed teachers to control the main video feed that students see during class. This can help students focus on the presenter, rather than on the many faces on the screen.
  5. It has also been critical to provide students with the right devices during remote and hybrid learning. Windows 10 devices have been crucial in giving reliable, secure technology to learn from anywhere.

Staying organized and productive while teaching and learning from home

  1. Education Insights in Microsoft Teams uses at-a-glance data views to catch teachers up on their students’ activity, from turning in assignments to engaging in class conversations. The Insights dashboard can save teachers time in planning, giving feedback to students, and providing help.
  2. Microsoft Lists have made it easy for both teachers and students to stay organized, assign responsibilities, manage their schedules, and more. These virtual to-do lists provide a simple and smart way to make sure everyone meets their deadlines.
  3. Teachers can use the Rubrics tool in Assignments to create customizable, reusable rubrics. These help students understand the criteria they’ll be graded against and enable teachers to better evaluate their students’ work.
  4. Assignment Notifications have allowed teachers to notify students about upcoming assignments, giving teachers more flexibility in how they choose to communicate with students and assign them projects.

Supporting students and developing their social-emotional learning

  1. Technology can play a key part in developing social-emotional learning (SEL) from home. SEL-specific Praise Badges and Stickers have helped teachers recognize student social skills, grow emotional vocabulary, and give valuable recognition to the daily wins in their students’ learning.
  2. It can be difficult to gauge well-being during remote learning, but with tools like Reflect Messaging in Teams, educators can create a quick check-in to get insights on their students and offer support as needed.
  3. To spread positivity and encouragement, teachers can share Kindness Cards with students. Each virtual card has ideas, reminders, or inspiration that teachers can use to model kind behavior.
  4. Many milestone moments for students, like graduation ceremonies and sports finals, were cancelled this spring. Graduation Kits gave students a chance to virtually celebrate their accomplishments at the end of the school year, and Orientation Kits helped students with the return to school through online welcome and information sessions.

Preparing students for the future while still having (virtual) fun

  1. Many summer camps were canceled due to social distancing recommendations, so Microsoft created Passport to Digital Fun, a free virtual summer camp with weeks of interactive workshops. We also created winter camps to keep students engaged and learning during the winter break.
  2. Students from around the world imagined solutions to some of today’s most pressing issues through a virtual coding competition with Minecraft: Education Edition.  
  3. To keep students engaged during online learning in other ways, we hosted multiple events such as Global Learning Week, Hack the Classroom, Hour of Code, Imagine Cup Junior, and Global Read Aloud, each attended by thousands of students and educators from around the world. Teachers have also been empowered to create their own virtual events through Flipgrid, which offers advanced features such as augmented reality and video blogs.
  4. We participated in incredible partnerships to help make online learning fun for students. Learn more about our exciting collaborations with NASA, Wonder Woman 1984, the Smithsonian museums, and Space Jam: A New Legacy.

Building community among educators

  1. We’ve been inspired by educators’ drive to learn and grow amid this year’s challenges, including through Microsoft Innovative Educator (MIE) programs. This community of educators has continued to thrive as teachers shared their experiences and resources.
  2. Throughout the year, we participated in a variety of in-person and virtual events for teachers, including BETT, EDUCAUSE, Education Transformation Summit, and ISTE20 Live. Each of these events helped educators find community, support, and resources during an unpredictable year.
  3. Global connections were perhaps more important in this year than any. Microsoft continued to build connections with educator communities, seeking to empower teachers with training resources through the Microsoft Educator Center and events like the Global Training Partners Summit, where Microsoft-trained educators help others around the world meet their unique challenges.

We will carry each of these highlights with us as we look to 2021, and hope you will too. We are optimistic about what the next year will bring for the Microsoft Education community—and know that we will continue to learn and grow together.

Browse affordable devices starting at $219Browse affordable devices starting at $219

Related Stories


Student with a computer on their lap

Before COVID-19 disrupted the education journeys of more than 1.5 billion students around the world, higher education institutions…

Read Full Article


Screenshot of what Lists looks like in Teams

With the school year well underway, educators have settled into remote and hybrid learning routines. As focus turns…

Read Full Article


Spark your student’s curiosity with free virtual winter break camps

Winter break may look different this year, but that doesn’t mean it has to be any less fun.…

Read Full Article

Posted on by Leave a comment

A breakthrough year for passwordless technology

As 2020 draws to a close, most of us are looking forward to putting this year in the rearview mirror. Since we depend even more on getting online for everything in our lives, we’re more than ready to be done with passwords. Passwords are a hassle to use, and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month. According to the Gartner Group, 20 to 50 percent of all help desk calls are for password resets. The World Economic Forum (WEF) estimates that cybercrime costs the global economy $2.9 million every minute, with roughly 80 percent of those attacks directed at passwords.

In November 2019 at Microsoft Ignite, we shared that more than 100 million people were already using Microsoft’s passwordless sign-in each month. In May of 2020, just in time for World Password Day, that number had already grown to more than 150 million people, and the use of biometrics to access work accounts is now almost double what it was then. We’ve drawn strength from our customers’ determination this year and are set to make passwordless access a reality for all our customers in 2021.

2020: A banner year for passwordless technology

Infograph describing the passwordless technology achievements in 2020

February: We announced a preview of Azure Active Directory support for FIDO2 security keys in hybrid environments. The Fast Identity Online (FIDO) Alliance is a “cross-industry consortia providing standards, certifications, and market adoption programs to replace passwords with simpler, stronger authentication.” Following the latest FIDO spec, FIDO2, we enabled users with security keys to access their Hybrid Azure Active Directory (Azure AD) Windows 10 devices with seamless sign-in, providing secure access to on-premises and cloud resources using a strong hardware-backed public and private-key credential. This expansion of Microsoft’s passwordless capabilities followed 2019’s preview of FIDO2 support for Azure Active Directory joined devices and browser sign-ins.

June: I gave a keynote speech at Identiverse Virtual 2020 where I got to talk about how Microsoft’s FIDO2 implementation highlights the importance of industry standards in implementing Zero Trust security and is crucial to enabling secure ongoing remote work across industries. Nitika Gupta, Principal Program Manager of Identity Security in our team, showed how Zero Trust is more important than ever for securing data and resources and provided actionable steps that organizations can take to start their Zero Trust journey.

September: At Microsoft Ignite, the company revealed the new passwordless wizard available through the Microsoft 365 Admin Center. Delivering a streamlined user sign-in experience in Windows 10, Windows Hello for Business replaces passwords by combining strong MFA for an enrolled device with a PIN or user biometric (fingerprint or facial recognition). This approach gives you, our customers, the ability to deliver great user experiences for your employees, customers, and partners without compromising your security posture.

November: Authenticate 2020, “the first conference dedicated to who, what, why and how of user authentication,” featured my boss, Joy Chik, CVP of Identity at Microsoft, as the keynote speaker. Joy talked about how FIDO2 is a critical part of Microsoft’s passwordless vision, and the importance of the whole industry working toward great user experiences, interoperability, and having apps everywhere support passwordless authentication. November also saw Microsoft once again recognized by Gartner as a “Leader” in identity and access management (IAM).

MISA members lead the way

The Microsoft Intelligent Security Association (MISA) is an ecosystem of security partners who have integrated their solutions with Microsoft to better defend against increasingly sophisticated cyber threats. Four MISA members—YubiKey, HID Global, Trustkey, and AuthenTrend—stood out this year for their efforts in driving passwordless technology adoption across industries.

Yubico created the passwordless YubiKey hardware to help businesses achieve the highest level of security at scale.

“We’re providing users with a convenient, simple, authentication solution for Azure Active Directory.”—Derek Hanson, VP of Solutions Architecture and Alliances, Yubico

HID Global engineered the HID Crescendo family of FIDO-enabled smart cards and USB keys to streamline access for IT and physical workspaces—enabling passwordless authentication anywhere.

“Organizations can now secure access to laptops and cloud apps with the same credentials employees use to open the door to their office.”—Julian Lovelock, VP of Global Business Segment Identity and Access Management Solutions, HID

TrustKey provides FIDO2 hardware and software solutions for enterprises who want to deploy passwordless authentication with Azure Active Directory because: “Users often find innovative ways to circumvent difficult policies,” comments Andrew Jun, VP of Product Development at TrustKey, “which inadvertently creates security holes.”

AuthenTrend applied fingerprint-authentication technology to the FIDO2 security key and aspires to replace all passwords with biometrics to help people take back ownership of their credentials.

Next steps for passwordless in 2021

Our team has been working hard this year to join these partners in making passwords a thing of the past. Along with new UX and APIs for managing FIDO2 security keys enabling customers to develop custom solutions and tools, we plan to release a converged registration portal in 2021, where all users can seamlessly manage passwordless credentials via the My Apps portal.

We’re excited about the metrics we tracked in 2020, which show a growing acceptance of passwordless among organizations and users:

  • Passwordless usage in Azure Active Directory is up by more than 50 percent for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys.
  • More than 150 million total passwordless users across Azure Active Directory and Microsoft consumer accounts.
  • The number of consumers using Windows Hello to sign in to Windows 10 devices instead of a password grew to 84.7 percent from 69.4 percent in 2019.

We’re all hoping the coming year will bring a return to normal and that passwordless access will at least make our online lives a little easier.

Learn more about Microsoft’s passwordless story. To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Posted on by Leave a comment

‘Xbox: Beyond Generations’ filmed experiment launches

Perhaps one of the greatest struggles older people face today is a lack of human connection; whether it’s due to living far apart from family members, or even a lack of close family and friends at all, loneliness among our older generation is a growing problem world-wide. While it’s no surprise that the virtual worlds of gaming have become places where gamers can build and maintain real-world relationships, these worlds can also provide a vital connection between older and younger family members. In gaming we believe in the power of play to bring people together.

“Games are a source of joy, inspiration, and social connection,” says Head of Xbox Phil Spencer. “They have the power to bring us together, create empathy, and strengthen our social fabric.”

With Xbox: Beyond Generations, our aim is to highlight the relationship-building potential of modern games, and to encourage younger people to start gaming with older family members.

For older people, loneliness has become a serious problem — one that has a knock-on effect on their physical health. According to Age UK, almost 2 million older people in the UK are expecting to feel lonely this holiday. And it is a global issue; a sense of isolation is something many older people all over the world face daily.

Xbox: Beyond Generations aims to bridge that generational divide in families. The initiative launches with a short documentary film, “Howard & Dhillon’s Story,” which follows the story of a real family on their journey towards re-connecting with each other via gaming. Grandfather Howard and his grandson Dhillon, who live nearly three hours’ driving distance apart, used to have a close relationship when both were younger. But as Howard became less physically able to do activities with Dhillon, they drifted apart. 

“My grandad, with his knee injury, can’t run around with us in the garden anymore. We stopped doing the things that kept us really close,” says Dhillon.

Over the course of four weeks, we witness the rekindling of the relationship they once had. Howard and Dhillon’s ability to go on virtual road trips in Forza or sail on virtual ships together in Sea of Thieves—shared activities that are no longer possible for them to do in real life—becomes the catalyst for opening up to each other about their lives and forming a deeper bond, something hard to replicate via regular calls.

To help ignite this spark of connection within families, Xbox is partnering with multiple charities around the globe dedicated to supporting the needs of older people. In the UK, Xbox will support Age UK, and their work internationally through Age International. Donations are being made to enable our charity partners to carry out vital work for older people and their communities providing emotional, social and practical support.

Everyone can bring about change. There are a number of ways in which you can help play a part.  Age UK and Age International are in need of donations to fund their vital work, so if you’re able, please donate today. Or consider becoming an Age UK Digital Buddy – someone who helps older people get familiar with technology and use it to connect with friends, family, and get the support they most need.

“At Age UK and Age International our mission is simple – we support older people who need us the most, especially those who have no one else to turn to,” says Age UK Fundraising Director Laurie Boult. “Technology can really help us all connect, but sometimes the most vulnerable older people need more than that. That’s where we come in. We help provide emotional, social, and practical support to older people in more than 25 countries, with programmes ranging from emergency humanitarian aid, to access income and pensions, healthcare, advocacy and influencing governments to consider the needs of older people.”

Perhaps one of the simplest things many of you can do to make a difference is to see the value and potential in older people, quite literally. This holiday season—a time when many will be booting up a new console- rather than leave an old console to gather dust, consider giving it to an older family member. And maybe challenge them to a game or two. It could be the thing that sparks a whole new chapter in your relationship.