Tag: Recent News

Posted on by Leave a comment

Accelerate your developer career at next week’s free Ignite virtual event

Sharpen your skills and add some new superpowers in the Learning Zone at the all-digital Microsoft Ignite September 22-24. No matter where you are in your journey as a developer, the Learning Zone has something to help you expand your toolkit. And Ignite is perfectly priced for students—it’s free 

 

Get in the zone 

The Learning Zone is filled with sessions and workshops to help you take your skill set to the next levelHere’s a taste of what’s waiting for you: 

 

Intro to Tech Skills 

Explore key topics to help you kick off a career in tech. We’ll cover a variety of interests, job roles, and Microsoft technologies. 

 

Learn Workshops 

Get hands-on with online workshops hosted by experts who walk you through a Microsoft Learn module. 

 

Cloud Skills Challenge  

Apply and expand your skills through interactive learning modules and earn a free Microsoft Certification exam. You might even win some prizes! 

 

Launch yourself into tech 

You’re considering a career in technology. Exciting! But where do you start? Intro to Tech Skills is your chance to explore different paths and find your way forward. 

Be sure to catch the Careers in Tech panels, where tech professionals from a variety of backgrounds share their own experiences. You’ll get some insight into the areas of tech that might interest you, things to expect along your journey, and what the current state of recruiting looks like, including the roles that companies are hiring for. You’ll also learn more about how Microsoft technologies and learning resources can help you get started. 

Intro to Tech Skills also includes sessions that cover development tools, cloud computing, programming languages, sustainability, and powerful ways to use data. Exploring a career in IT? Join us for sessions on topics like business management, productivity, collaboration with Microsoft Teams, and security with Microsoft 365. 

 

Watch Student Ambassadors in action 

You can even see how Microsoft Learn Student Ambassadors help to make Microsoft events unique and inclusive. Many of the Learning Zone sessions will be redelivered by Student Ambassadors in different time zones around the world, in a variety of languages. For example, Ambassadors are redelivering an intro to Python in Spanish and a session on green development in Hindi and French. 

 

Learn, grow, and enter to win 

Show off your skills and aim for a shot at the grand prize. The Microsoft Ignite Cloud Skills Challenge is made up of six individual subject-level challenges, each based on a collection of Microsoft Learn modules. You can participate in as many challenges as you’d like, and each one that you complete earns you more sweepstakes entries. 

After youve completed your first challenge, youll earn a free Microsoft Certification exam. And if the sweepstakes drawing goes your way, you could win a chance for you and four of your friends to spend time with a key leader at Microsoft! 

Registration for the Cloud Skills Challenge goes live on September 22. To be one of the first to know when the challenge begins, sign up for notifications. 

 

Let’s go! 

Ignite is coming up soon—register now so you don’t miss it! We’ll see you there. 

Posted on by Leave a comment

New features in Teams and OneNote support social-emotional learning approaches

This year, the first day of school looked very different for the tens of millions of students returning to class. But through unprecedented change and the stress that’s come with it, educators and students have led with resilience, reminding us that learning starts with connection, community, and well-being. As defined by the Committee for Children, social-emotional learning (SEL), or what happens when we’re developing self-awareness, self-control, and interpersonal skills, is vital for success in school, work, and every other facet of our lives.

“Learning is both a social and emotional process and school is an emotional roller coaster… Right now, parents, educators, and students are emotionally out of balance. We are seeing unprecedented levels of anxiety, stress, and… Click To Tweet

In Marc Brackett’s book, Permission to Feel, he describes how and why emotions matter for:

  • Attention, memory, and learning
  • The quality of our decision-making
  • Our relationships and social interactions
  • Physical and mental health
  • Performance and creativity

Technology can play a key part in enabling SEL at scale and supporting the crucial functions that impact school, work, and life. Today we’re announcing two Microsoft Teams features and a OneNote feature designed for emotional literacy and transparency, plus a virtual learning opportunity with Goldie Hawn’s MindUp organization.

New SEL features for Microsoft Education

1. New Praise Badges in Microsoft Teams recognize moments of SEL growth

Teams is the hub for learning, engagement, and collaboration, with built-in tools to tailor learning to student needs. Today, more than 230,000 education institutions use Teams for remote and hybrid learning.

Now those tools include SEL-specific Praise Badges. Educators can use Praise Badges to recognize student social skills, grow emotional vocabulary, and give valuable recognition to the daily wins in their students’ learning.

SEL Badge examplesSEL Badge examples

Praise Badges are based on the Big Five model, a well-known SEL framework recently used by the Organization for Economic Cooperation and Development (OECD) in their global assessment program. Educators can use these badges to recognize specific skills that contribute to the Big Five personality traits. These skills reflect the entire domain of social-emotional skills, and are intentionally chosen to be:

  • Predictive of success in a wide range of important life outcomes and events
  • Appropriate for 10- to 15-year-olds
  • Comparable and relevant across different cultures, languages, and social and school contexts
  • Relevant for the future

The badges were developed through a human-centered design approach that brought teachers and students directly into the product development process, ensuring that we create useful and authentic tools that will aide in their existing classroom practices.

Praise Badges are available now in chats and class team channels, with the new SEL-specific badges expected in late September. Once available, you can ask your IT admin to enable them, giving educators and students at your school all-new ways to meaningfully connect and grow together in Teams.

2. New SEL sticker pack for OneNote creates an emotion-driven feedback mechanism

The big five domainsThe big five domains

Bring SEL to life in OneNote and OneNote Class Notebooks with the SEL Sticker pack, also developed through a human-centered design process and built around the Big Five framework.

The sticker pack, which recognizes the same 12 skills shown in the SEL Praise Badges, can be used alongside other features in OneNote Class Notebook, like audio and video recording, inking, and typed notes, as an additional feedback method to help students learn.

3. New Reflect tool in Microsoft Teams makes emotional check-ins a daily routine

Using Teams means collaborating—a skill of its own that requires self-regulation and self-awareness. The Reflect messaging extension in Teams helps educators connect with their students and implement SEL into the daily class flow—discussions, assignments, projects, and more—through quick check-in questions and polls.

These check-ins are a simple way to guide students to reflect on and identify how they’re feeling, helping them lead with self-awareness as they participate in collaborative environments like Teams.

Support for Reflect:

The power of Emotional Check-insThe power of Emotional Check-ins
The Reflect messaging extensionThe Reflect messaging extension

Emotional expression: The long-term impact

The opportunities created by Praise Badges, SEL stickers, and Reflect check-ins for students to grow their emotional vocabulary are more than just literacy lessons. Brackett cites the need to develop a rich emotional vocabulary and the power that it can bring.

Brackett also cites the need to develop a rich emotional vocabulary in describing how we and others are feeling.

“Critical to SEL is the cultivation of a rich emotion vocabulary,” shared Brackett. “Without the words, children’s needs can’t be met. Language also is a pathway to regulating emotions.”

Developing emotional vocabulary that enables students to express their needs and self-regulate has a long-term impact, and not just in the school context. In 30 to 40 percent of the fastest-growing occupations, technical, cognitive, and SEL skills are considered of value when evaluating job candidates—and 58 percent of employers report that current graduates aren’t delivering in the SEL area. SEL is a key future-ready skill of its own, with a place in school curricula.

Educators prioritize SEL

Educators have always known that SEL is critical for well-being, but they’re low on time, resources, and support needed to implement more SEL in curriculum. In a survey conducted by Microsoft and The Economist on emotion and cognition, 40 percent of educators say they would prioritize these skills if they had more time.

Educators aren’t the only ones expressing the need for greater SEL practice in schools. In a separate research study by Microsoft and The Economist entitled “Preparing the Class of 2030,” in which both students and teachers participated, 50 percent of teachers said they provided adequate feedback around social-emotional skills—but only 30 percent of students agreed.

The SEL journey continues

  • Turn-in celebrations: Joy is a natural part of completing and turning in assignments, but Teams for Education takes it one step further. When students turn in an assignment, they get to experience our animated turn-in celebrations. While we’re always committed to helping students achieve, we also believe in celebrating effort, heart, and every little step along the learning journey. Turn-in celebrations let students know that their efforts are seen—and that joy is just as important as hard work when it comes to learning. See how turn-in celebrations work.
  • MindUP and Microsoft collaboration: In addition to the SEL-driven solutions in Microsoft Education products, we’ve also developed an exciting new virtual learning opportunity in collaboration with Goldie Hawn’s MindUP organization. Designed for educators and parents, each session will offer tips and strategies to best prepare our children and youth for going back to school and making their mental health and well-being the priority.

“Nothing is more important right now than to provide all children with knowledge and tools they need to manage stress, regulate emotions and face challenges of the 21st century with optimism, resilience and compassion,” Goldie Hawn,… Click To Tweet

  • SELinEdu: Microsoft supports the work of the SELinEdu online community, which has grown to over 7,000 educators. We’re also a founding committee member of the Karanga Global SEL Alliance through our partnership with Salzburg Global Seminar. With the critical importance of SEL in schools, Microsoft Education is honored to be a part of this growing community working to support the well-being of students and educators.

Learn with us

Posted on by Leave a comment

Love all: Billie Jean King embraces tech and equality to make tennis even better

TRANSFORM: Ilana, I understand that you and Billie saw a vision for the collaboration with Microsoft and the ITF – a sense that new technologies could elevate play at the tournament finals, where coaching is allowed and team play is embraced. Can you tell me about that vision?

KLOSS: I have worked with Billie for probably 30 years. She’s always about technology and information. She’s always felt that tennis could really use both.

Billie always wants to know more. And she always says how she would have loved to have been born in this era, because of all the information and analytics available to the players. She believes they can help not only the players but the sport and the fans.

TRANSFORM: Do the launch of the dashboard and the rebranding of the competition signal a distinct, new era for this tournament and maybe for the game itself?

KLOSS: Absolutely. Billie is all about breaking barriers, making things better and using all the technology.  For her to have her name on the cup at a competition where the latest and the best technology is available to help the players and the team captains is, for Billie, one of the most exciting things. She believes we have to pass the baton to the next generation.

Jamie Capel-Davies looks at the camera, smiling and wearing a white button-down shirt.
The ITF’s Jamie Capel-Davies.

TRANSFORM: Jamie, the dashboard will analyze real-time data on player movement and shots, ball flight and speed – data generated by the ball-tracking cameras and 3D-radar systems used at pro tennis events. How do you see coaches and players applying this new info during the tournament finals in April?

CAPELDAVIES: If you’re a player, among the things you always want to know are: Where should I be serving and what speeds do I need to hit to be able to serve an ace? The dashboard offers those analytics.

TRANSFORM: Ilana, same question.

KLOSS: You want to know the points you are winning because certain points in a game are important. I think also knowing which side the opposing player is stronger on, where players serve on certain big points, positioning on the court – where you are and where they are.

TRANSFORM: Jamie, you work at the ITF lab, which tests rackets, balls and court surfaces to preserve the essence of the game while encouraging innovation. Is there a balance between welcoming tech advances like this dashboard with protecting the game’s traditions?

CAPELDAVIES: A while ago, there was maybe more of a conflict between innovation and tradition. Now, there’s definitely more appetite for innovation. Tennis, like a lot of sports, is looking over its shoulder at some of the other sports, at computer games, at eGames.

There’s a willingness to try stuff out and maybe not be overprotective. There’s also a realization that you can do both – maintain tradition and introduce innovation without it necessarily being disruptive.

TRANSFORM: Ilana, you played in the 1970s at Wimbledon, the U.S. Open, French Open, the Fed Cup and more. How do you see the addition of new tech meshing with the sport’s adherence to its traditions and lore?

KLOSS: I feel like sometimes the men’s and women’s tours are very conservative in terms of trying new things. Players hate change. Most people hate change.

But sometimes actually not changing is the greater risk. Billie and I have always believed that our sport could be so much better if it embraces technology.

TRANSFORM: Jamie, there are 17 Microsoft Azure services powering the data repository and data filtering inside the dashboard. That offers players and coaches quite an in-the-moment plan for how to win their match.

CAPELDAVIES: Yes, it’s the combination of real-time data with a historical perspective. We have data going back several years. You might have already played this particular player. So what happened in that previous match? What are their strengths and weaknesses? What did you do that was effective and that you might want to try and repeat?

Billie Jean King sitting and holding a tablet that shows the handwritten words
King celebrates the cup’s new name.

TRANSFORM: Ilana, Billie has long fought for the idea that everyone should get an opportunity and a seat at the table. Strictly on a tennis level, does this platform meet that lofty philosophy by offering a new way to share data and analytics – and maybe give more players a chance at greatness?

KLOSS: That’s a very good point. In this team competition, it’s huge because everyone will have access to the information.

Sometimes, on the tour, if you can’t afford the best coach, you’re not getting access to the same information that, say, Serena Williams gets from her team.

A wonderful thing about this partnership with Microsoft, the Billie Jean King Cup and the ITF is that over 116 countries participate in this competition. Their ability to now tap into the data – and to use that information for their federations and their local teams – can be a game-changer. It’s about providing access. That’s where we can really make a difference.

Top photo: Billie Jean King, left, and two teammates accept their trophy for winning the 1963 Fed Cup. (Photo courtesy of the International Tennis Federation.)

Posted on by Leave a comment

Announcing Project OneFuzz framework, an open source developer tool for finding and fixing bugs at scale

Microsoft is dedicated to working with the community and our customers to continuously improve and tune our platform and products to help defend against the dynamic and sophisticated threat landscape. Earlier this year, we announced that we would replace the existing software testing experience known as Microsoft Security and Risk Detection with an automated, open-source tool as the industry moved toward this model. Today, we’re excited to release this new tool called Project OneFuzz, an extensible fuzz testing framework for Azure. Available through GitHub as an open-source tool, the testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world.

Fuzz testing is a highly effective method for increasing the security and reliability of native code—it is the gold standard for finding and removing costly, exploitable security flaws. Traditionally, fuzz testing has been a double-edged sword for developers: mandated by the software-development lifecycle, highly effective in finding actionable flaws, yet very complicated to harness, execute, and extract information from. That complexity required dedicated security engineering teams to build and operate fuzz testing capabilities making it very useful but expensive. Enabling developers to perform fuzz testing shifts the discovery of vulnerabilities to earlier in the development lifecycle and simultaneously frees security engineering teams to pursue proactive work.

Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment. The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult.

Recent advancements in the compiler world, open-sourced in LLVM and pioneered by Google, have transformed the security engineering tasks involved in fuzz testing native code. What was once attached—at great expense—can now be baked into continuous build systems through:

  • Crash detection, once attached via tools such as Electric Fence, can be baked in with asan.
  • Coverage tracking, once attached via tools such as iDNA, Dynamo Rio, and Pin can be baked in with sancov.
  • Input harnessing, once accomplished via custom I/O harnesses, can be baked in with libfuzzer’s LLVMFuzzerTestOneInput function prototype.

These advances allow developers to create unit test binaries with a modern fuzzing lab compiled in: highly reliable test invocation, input generation, coverage, and error detection in a single executable. Experimental support for these features is growing in Microsoft’s Visual Studio. Once these test binaries can be built by a compiler, today’s developers are left with the challenge of building them into a CI/CD pipeline and scaling fuzzing workloads in the cloud.

Project OneFuzz has already enabled continuous developer-driven fuzzing of Windows that has allowed Microsoft to proactively harden the Windows platform prior to shipment of the latest OS builds. With a single command line (baked into the build system!) developers can launch fuzz jobs ranging in size from a few virtual machines to thousands of cores. Project OneFuzz enables:

  • Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
  • Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
  • Programmatic triage and result deduplication: It provides unique flaw cases that always reproduce.
  • On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
  • Observable and Debug-able: Transparent design allows introspection into every stage.
  • Fuzz on Windows and Linux OSes: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
  • Crash reporting notification callbacks: Currently supporting Azure DevOps Work Items and Microsoft Teams messages

Project OneFuzz is available now on GitHub under an MIT license. It is updated by contributions from Microsoft Research & Security Groups across Windows and by more teams as we grow our partnership and expand fuzzing coverage across the company to continuously improve the security of all Microsoft platforms and products. Microsoft will continue to maintain and expand Project OneFuzz, releasing updates to the open-source community as they occur. Contributions from the community are welcomed. Share questions, comments, and feedback with us: fuzzing@microsoft.com

To learn more about Microsoft Security solutions visit our website.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Posted on by Leave a comment

More than 150 games will be available at Sept. 15 launch of cloud gaming with Xbox Game Pass Ultimate

Today, I’m pleased to share the initial launch line-up of more than 150 games that Xbox Game Pass Ultimate members can play via the cloud in 22 countries starting September 15 at no additional cost. You will find a fantastic, curated selection of games available in the Xbox Game Pass library, including popular Xbox Game Studios titles such as Tell Me Why, Grounded, Forza Horizon 4, and Battletoads, along with favorites from our content partners like Spiritfarer, Untitled Goose Game, and Destiny 2. Similar to Xbox Game Pass for Console and PC, you can expect the library to evolve over time based on members’ feedback, with new games added all the time.

As Xbox Game Pass Ultimate members, you can discover the freedom and flexibility the cloud brings to your gaming experience. One of the key benefits of cloud gaming is that it gives you more choices in how to play. Because your Xbox profile resides in the cloud, you can easily continue your Wasteland 3 play through that you began on your living-room Xbox console on your Android phone or tablet. It’s perfect for those times when you want to get in a gaming session while away from home or when your shared TV or console is occupied. With the cloud, a game like Sea of Thieves can transform into a great couch co-op experience with multiple people playing across console, PC, and mobile devices in the same room.

Additionally, cloud gaming as part of Xbox Game Pass Ultimate now opens up the world of Xbox to those who may not own a console at all. With an Xbox Game Pass Ultimate membership, gamers need only an Android phone or tablet and a supported controller to join in on the fun of Xbox gaming while enjoying the full benefits of the Xbox ecosystem. This includes friends, achievements, parties and voice chat, cloud saves and the ability to enjoy multiplayer with other gamers, irrespective of whether they are playing on console or via the cloud. You can also play with PC players in games where cross-play with Xbox One consoles is supported, such as Forza Horizon 4, Gears 5 and more.  

Finally, cloud gaming with Xbox Game Pass Ultimate makes it easier than ever before to play games with your friends. Because members have access to a common library, members immediately have dozens of multiplayer games at their disposal that they can play together. And best of all, if you’re all playing together via the cloud, the games are all ready to go, so you and your friends can all jump in and start playing in seconds. Whether you’re playing with friends on an Xbox One, or if you’re playing with someone experiencing Xbox for the first time through cloud gaming on a mobile device, Xbox Game Pass Ultimate brings you together and makes for the best gaming experience.

New members can join Xbox Game Pass Ultimate today for $1 for the first month, then $14.99 per month after that, which is a great way to ensure you’re ready to take advantage of cloud gaming next week. To play games on your phone or tablet, download the Xbox Game Pass app from the Samsung Galaxy Store (which includes a complete, full-featured experience with in-app purchase capabilities), or the Google Play Store. And if you want to enhance your cloud gaming experience, you can order a new Samsung Galaxy device and select the Gaming Bundle at purchase, which includes three months of Xbox Game Pass Ultimate and the all-new Power A MOGA XP5-X Plus Bluetooth Controller with an attachable phone clip. We’ll launch cloud gaming in beta for Xbox Game Pass Ultimate members in 22 countries to ensure stability as we scale the feature to millions of gamers globally. And this holiday, some of the best EA Play games will be available for Xbox Game Pass Ultimate members to play on Android devices via the cloud at no additional charge.

This is a pivotal step on our journey to put the player at the center of their experience and empower gamers to play the games they want, with the people they want, anywhere they want. What you’ll see on day one is just the beginning. Over time we’ll continue to innovate and add more games that you want. Stay tuned to Xbox Wire and @XboxGamePass on Twitter for more cloud gaming updates.

Cloud gaming launch titles:

  • A Plague Tale: Innocence
  • Absolver
  • Afterparty
  • Age of Wonders: Planetfall
  • ARK: Survival Evolved
  • Astroneer
  • Batman: Arkham Knight
  • Battletoads
  • Battle Chasers: Nightwar
  • Black Desert
  • Blair Witch
  • Bleeding Edge
  • Bloodstained: Ritual of the Night
  • Bridge Constructor Portal
  • Carrion
  • Children of Morta
  • ClusterTruck
  • Crackdown 3: Campaign
  • Crosscode
  • Darksiders Genesis
  • Darksiders III
  • DayZ
  • de Blob
  • Dead by Daylight
  • Dead Cells
  • Dead Island Definitive Edition
  • Death Squared
  • Deliver us the moon
  • Demon’s Tilt
  • Descenders
  • Destiny 2: Shadowkeep & Forsaken expansion (September 22)
  • DiRT 4
  • Don’t Starve
  • Double Kick Heroes
  • Drake Hollow
  • Dungeon of the Endless
  • Enter The Gungeon
  • F1 2019
  • Fallout 76
  • Farming Simulator 17
  • Felix the Reaper
  • Fishing Sim World: Pro Tour
  • For the King
  • Forager
  • Forza Horizon 4
  • Fractured Minds
  • Frostpunk: Console Edition
  • Gato Roboto
  • Gears of War 1: Ultimate Edition
  • Gears of War 4
  • Gears of War 5
  • Goat Simulator
  • Golf with Your Friends
  • Grounded
  • Guacamelee! 2
  • Halo 5: Guardians
  • Halo Wars 1: Definitive Edition
  • Halo Wars 2
  • Halo: The Master Chief Collection
  • Halo: Spartan Assault
  • Hellblade: Senua’s Sacrifice
  • Hello Neighbor
  • Hollow Knight (Renewal)
  • Hot Shot Racing
  • Human Fall Flat
  • Hyperdot
  • Hypnospace Outlaw
  • Indivisible
  • Journey to the Savage Planet
  • Katana ZERO (Coming soon)
  • Killer Instinct DE
  • Kona
  • Levelhead
  • Lonely Mountains: Downhill
  • Marvel vs. Capcom: Infinite
  • Metro 2033 Redux
  • Middle Earth: Shadow of War
  • Minecraft: Dungeons
  • MINIT
  • Momodora: Reverie Under the Moonlight
  • Moonlighter
  • Mortal Kombat X (Not available in Korea)
  • Mount & Blade: Warband
  • Moving Out
  • Mudrunner
  • Munchkin: Quacked Quest
  • Mutant Year Zero: Road to Eden
  • My Time At Portia
  • Neon Abyss
  • New Super Lucky’s Tale
  • NieR:Automata
  • Night Call
  • Night in the Woods (Coming soon)
  • No Man’s Sky
  • Nowhere Prophet
  • Observation
  • Ori and the Blind Forest: Definitive Edition
  • Ori and the Will of the Wisps
  • Overcooked! 2
  • Oxenfree
  • Pathologic 2
  • Pikuniku
  • Pillars of Eternity: Complete Edition
  • Power Rangers: Battle for the Grid
  • ReCore: Definitive Edition
  • Remnant: From the Ashes
  • Resident Evil 7 Biohazard
  • Rise & Shine
  • River City Girls (Coming soon)
  • Sea of Thieves: Anniversary Edition
  • Sea Salt
  • Secret Neighbor
  • Shadow Warrior 2
  • Slay the Spire
  • Sniper Elite 4
  • Spiritfarer
  • State of Decay 2: Juggernaut Edition
  • Stellaris
  • Stranger Things 3: The Game
  • Streets of Rage 4
  • Streets of Rogue
  • Subnautica
  • Surviving Mars
  • Tacoma
  • Tell Me Why Episode 1 – 3
  • Terraria
  • The Bard’s Tale IV: Directors Cut
  • The Bard’s Tale Remastered and Resnarkled
  • The Bard’s Tale Trilogy
  • The Dark Crystal: Age of Resistance Tactics
  • The Elder Scrolls Online
  • The Gardens Between
  • The Jackbox Party Pack 4
  • The Long Dark
  • The Lord of the Rings: Adventure Card Game
  • The Messenger
  • The Outer Worlds
  • The Surge 2
  • The Touryst
  • The Witcher 3: Wild Hunt
  • The Escapists 2
  • The Talos Principle
  • The Turing Test
  • The Walking Dead: A New Frontier – Episode 1 through 5
  • The Walking Dead: Michonne – Episode 1 – 3
  • The Walking Dead: Season Two
  • theHunter: Call of the Wild
  • Thronebreaker: The Witcher Tales
  • Totally Accurate Battle Simulator
  • Totally Reliable Delivery Service
  • Touhou Luna Nights
  • Tracks – The Train Set Game
  • Trailmakers
  • Train Sim World 2020
  • Two Point Hospital
  • Undermine
  • Untitled Goose Game
  • Void Bastards
  • Wandersong
  • Warhammer Vermintide 2 (Coming soon)
  • Wasteland Remastered
  • Wasteland 2: Director’s Cut
  • Wasteland 3
  • We Happy Few
  • West of Dead
  • Wizard of Legend
  • World War Z
  • Worms W.M.D
  • Xeno Crisis
  • Yakuza 0
  • Yakuza Kiwami
  • Yakuza Kiwami 2

Posted on by Leave a comment

Microsoft finds underwater datacenters are reliable, practical and use energy sustainably

Algae, barnacles and sea anemones

The Northern Isles underwater datacenter was manufactured by Naval Group and its subsidiary Naval Energies, experts in naval defense and marine renewable energy. Green Marine, an Orkney Island-based firm, supported Naval Group and Microsoft on the deployment, maintenance, monitoring and retrieval of the datacenter, which Microsoft’s Special Projects team operated for two years.

The Northern Isles was deployed at the European Marine Energy Centre, a test site for tidal turbines and wave energy converters. Tidal currents there travel up to 9 miles per hour at peak intensity and the sea surface roils with waves that reach more than 60 feet in stormy conditions.

The deployment and retrieval of the Northern Isles underwater datacenter required atypically calm seas and a choreographed dance of robots and winches that played out between the pontoons of a gantry barge. The procedure took a full day on each end.

The Northern Isles was gleaming white when deployed. Two years underwater provided time for a thin coat of algae and barnacles to form, and for sea anemones to grow to cantaloupe size in the sheltered nooks of its ballast-filled base.

“We were pretty impressed with how clean it was, actually,” said Spencer Fowers, a principal member of technical staff for Microsoft’s Special Projects research group. “It did not have a lot of hardened marine growth on it; it was mostly sea scum.”

Crew cleans off the Project Natick datacenter
A member of the Project Natick team power washes the Northern Isles underwater datacenter, which was retrieved from the seafloor off the Orkney Islands in Scotland. Two years underwater provided time for a thin coat of algae and barnacles to form on the steel tube, and for sea anemones to grow to cantaloupe size in the sheltered nooks of its ballast-filled triangular base. Photo by Simon Douglas.

Power wash and data collection

Once it was hauled up from the seafloor and prior to transportation off the Orkney Islands, the Green Marine team power washed the water-tight steel tube that encased the Northern Isles’ 864 servers and related cooling system infrastructure.

The researchers then inserted test tubes through a valve at the top of the vessel to collect air samples for analysis at Microsoft headquarters in Redmond, Washington.

“We left it filled with dry nitrogen, so the environment is pretty benign in there,” Fowers said.

The question, he added, is how gases that are normally released from cables and other equipment may have altered the operating environment for the computers.

The cleaned and air-sampled datacenter was loaded onto a truck and driven to Global Energy Group’s Nigg Energy Park facility in the North of Scotland. There, Naval Group unbolted the endcap and slid out the server racks as Fowers and his team performed health checks and collected components to send to Redmond for analysis.

Among the components crated up and sent to Redmond are a handful of failed servers and related cables. The researchers think this hardware will help them understand why the servers in the underwater datacenter are eight times more reliable than those on land.

“We are like, ‘Hey this looks really good,’” Fowers said. “We have to figure out what exactly gives us this benefit.”

The team hypothesizes that the atmosphere of nitrogen, which is less corrosive than oxygen, and the absence of people to bump and jostle components, are the primary reasons for the difference. If the analysis proves this correct, the team may be able to translate the findings to land datacenters.

“Our failure rate in the water is one-eighth of what we see on land,” Cutler said.

“I have an economic model that says if I lose so many servers per unit of time, I’m at least at parity with land,” he added. “We are considerably better than that.”

Posted on by Leave a comment

Microsoft study shows bullying remains an issue with 4 in 10 teens involved; adults, too

The new school year is beginning for many across the globe and, although COVID-19 continues to necessitate at least some distance-learning, the realities of bullying – both online and off – remain. A new Microsoft study shows 4 in 10 teens in 32 countries report being “involved” in a bullying incident and, perhaps surprisingly, nearly the same percentage of adults, as well.

Some 40% of teenagers in 32 countries1 say they’ve been involved in a bullying incident as the target of the bullying, someone who displayed bullying behaviors or as a bystander. Meanwhile, 37% of adults said they were involved in a “bullying” incident. Combining both teens and adults, 38% of respondents say they were involved, with 19% identifying as the “target,” 21% as a “bystander” and 1% each as both “contributor” and “bully.” Respondents were asked about both online and offline bullying, and adults were asked about “bullying” (perhaps better termed “harassment”) both inside and outside the workplace.

Interestingly, those who admitted to either contributing to or exhibiting bullying behaviors responded overwhelmingly that they felt social pressure to act (68%) and they said that they regret their actions (79%). Among those who felt significant pressure to act, regret was even higher at nearly 9 in 10 (89%).online bullying graphs

The findings are from Microsoft’s latest research into aspects of digital civility ­– encouraging safer, healthier and more respectful online interactions among all people. The study, “Civility, Safety and Interaction Online ­­– 2020,” polled teens ages 13-17 and adults ages 18-74 about their exposure to 212 different online risks. This latest research builds on similar studies undertaken annually from 2016 to 2019. Previous years’ projects polled the same demographic groups in 14, 22, 23 and 25 countries, respectively. A total of 16,051 individuals participated in this latest study, and we have surveyed more than 58,000 people over the last five years. Full results from this latest installment will be made available on international Safer Internet Day 2020 on Feb. 9.

Most common response: block “bullies”

For nearly a decade, young people around the world have been advised to “Stop, Block and Tell” when it comes to online bullying, and that was the predominant response reported in this study. Two-thirds of respondents (66%) said they blocked the instigator while more than half (54%) said they talked to a friend, and more than 4 in 10 either ignored the person (44%) or told a trusted adult (42%). Sadly, given the importance of reporting unwelcome behavior to tech companies to help keep online communities safe and collegial, less than a third of respondents (30%) said they told a service provider, such as a social media company, about the incident.

We’ve all seen various webforms and online tools for reporting instances of cyberbullying, harassment, or other forms of digital abuse to tech companies. But how many of us have experienced or witnessed cruel or malicious treatment online or stumbled upon harmful content and actually submitted a report? In addition to specific in-product or service links to report abuse or concerns to Microsoft, we also make available a series of topic-specific webforms to report non-consensual pornography (unartfully referred to as “revenge porn”), terrorist content and hate speech. These issues, as well as bullying, harassment and other inappropriate behavior are all violations of Microsoft’s Code of Conduct as detailed in the Microsoft Services Agreement. On the other hand, if consumers feel their content was removed or their account was closed in error, they can complete this form to request reinstatement.

Microsoft and other online service providers have a business interest in protecting our customers and the integrity of our services by removing illegal and harmful content and addressing prohibited conduct. Furthermore, customer-reporting plays an important role in achieving those aims. So, we encourage people who participate in our communities to make us aware of content that is illegal or violates our code of conduct. General research shows that many users are reluctant to report terms-of-service violations because they feel their reports will go unnoticed or they would simply prefer to let someone else do the reporting.

At Microsoft, reports are reviewed, evaluated and actioned as appropriate. Depending on the severity of the offense, different Microsoft consumer services undertake different enforcement actions.

So, as the new – largely virtual – school year begins, pledge to be an “upstander.” Embrace the Microsoft Digital Civility Challenge and, if it’s safe and prudent to do so, stand up for yourself and others online who may be targeted for abuse or cruel treatment. Make use of technology companies’ reporting features, and promote good digital citizenship and digital civility in all communities.

To learn more about responding to online bullying and harassment, consult this resource, and for more on digital safety and digital civility generally, visit our website and resources page.

1 Countries polled in 2020 were: Argentina, Australia*, Belgium, Brazil, Canada, Chile, Colombia, Denmark*, France, Germany, Hungary, India, Indonesia*, Ireland, Italy, Malaysia, Mexico, Netherlands, Peru, Philippines*, Poland, Russia, Sweden*, Singapore, Spain*, South Africa, Taiwan, Thailand*, Turkey, U.K., U.S., Vietnam. *Indicates country was added (or re-added) to the study in 2020

2 The 21 risks span four broad categories: behavioral, sexual, reputational and personal/intrusive. Specifically: Reputational – “Doxing” and damage to personal or professional reputations; Behavioral – Being treated meanly; experiencing trolling, online harassment or bullying; encountering hate speech and microaggressions; Sexual – Sending or receiving unwanted sexting messages and making sexual solicitations; receiving unwanted sexual attention and being a victim of sextortion or non-consensual pornography (aka “revenge porn”); Personal/intrusive – Being the target of unwanted contact, experiencing discrimination, swatting, misogyny, exposure to extremist content/recruiting, or falling victim to hoaxes, scams or fraud.

Tags: , , , ,

Posted on by Leave a comment

Considering a career in cybersecurity? Baseline tools can give you a quick start

I wrote a series of blogs last year on how gamified learning through cyber ranges can create more realistic and impactful cybersecurity learning experiences and help attract tomorrow’s security workforce. With the global talent shortage in this field, we need to work harder to bring people into the field. This blog is for new cyber professionals or perhaps younger aspirants considering getting into cyber. From an employee’s perspective, it can seem daunting to know where to start, especially when you’re entering an organization with established technology investments, priorities, and practices. Having come to this field later in my career than others, I say from experience that we need to do a better job collectively in providing realistic and interesting role-based learning, paths toward the right certifications and endorsements, and more definitive opportunities to advance one’s career.

I’m still a big fan of gamified learning, but if gaming isn’t your thing, then another way to acquire important baseline learning is to look at simpler, more proactive management tools that up-level different tasks and make your work more efficient. Microsoft has recently released two important cloud security posture management tools that can help a newer employee quickly grasp basic yet critically important security concepts AND show immediate value to your employer. They’re intuitive to learn and deserve more attention.  I’m talking about Azure Security Defaults and Microsoft Secure Score (also including Azure Secure Score). While tools like these don’t typically roll off the tongue, and your experience won’t grab you like an immersive gaming UI, their purpose-built capabilities that focus on commonly-accepted cyber hygiene best practices reinforce solid foundational practices that are no less important than SecOps, incident response, or forensics and hunting. Learning how to use these tools can make you a champion and influencer, and we encourage you to learn more below. These capabilities are also built directly into our larger Azure and M365 services, so by using built-in tools, you’ll help your organization maximize its investments in our technologies and help save money and reduce complexity in your environment.

Azure Security Defaults is named for what it does—setting often overlooked defaults. With one click, you automatically enable several foundational security controls that if left unaddressed are convenient and time-tested targets for attackers to go after your organization. One question that I frequently receive is why Microsoft doesn’t simply pre-configure these settings by default and force customers to turn them off. Several large, high-threat customers have asked specifically that we do that. It’s tempting, but until or unless we make such a move, this is a great self-service add-on. As explained in this blog, ASD does the following:

  • Requires all users to register for Azure Multi-Factor Authentication.
  • Requires admins to perform MFA.
  • Blocks legacy authentication protocols.
  • Requires users to perform MFA when necessary.
  • Protects privileged activities to access the Azure Portal.

A recent important addition to ASD is that Microsoft announced on August 12th that ASD is now also available through Azure Security Center. This is an important and beneficial addition in that it adds another opportunity for your IT organization—whether identity and access management, or security operations—to implement the defaults. I’ve noticed on several occasions when briefing or providing a demo on Azure Security Center to a CISO team that a challenge in effectively using this service may come down to organizational issues, specifically, Who OWNS it?  Is ASC a CISO tool? Regardless of who may own the responsibility, we want to provide the capability upfront.

MICROSOFT SECURE SCORE is a relatively new feature that is designed to quantify your security posture based on how you configure your Microsoft resources. What’s cool and impactful about it is that it provides in a convenient top-down meu approach the relative approach your organization has taken compared (anonymously) with your industry segment’s peers (given in many cases similar reference architectures), and provides clear recommendations for what you can do to improve your score. From a Microsoft perspective, this is what we’d say all carrot and no stick. Though as covered above we provide Azure Security Defaults, customers are still on point to make a proactive decision to implement controls based on your particular work culture, compliance requirements, priorities, and business needs. Take a look at how it works:

This convenient landing page provides an all-up view into the current state of your organization’s security posture, with specific recommendations to improve certain configuration settings based on an art-of-the-possible. In this demo example, if you were to turn enable every security control to its highest level, your score would be 124, as opposed to the current score of 32, for a percentage of 25.81. Looking to the right of the screen, you get a sense of comparison against peer organizations. You can further break down your score by categories such as identity, data, device, apps, and infrastructure; this in turn gives a security or compliance team the opportunity to collaborate with hands-on teams that control those specific resources and who might be operating in silos, not necessarily focused on security postures of their counterparts.

An image of Microsoft Secure Score.

Azure Secure Score

You’ll also find Secure Score in the Azure Security Center blade where it provides recommendations front and center, and a color-coded circular graph on important hybrid infrastructure configurations and hygiene.

An image of Secure Score in the Azure Security Center.

Drilling deeper, here we see a variety of recommendations to address specific findings.  For example, the top line item is advice to ‘remediate vulnerabilities’, indicating that 35 of 59 resources that ASC is monitoring are in some way not optimized for security. optimized for security.

An image of variety of recommendations to address specific findings.

Going a level further into the ‘secure management ports’ finding, we see a sub-heading list of actions you can take specific to these resources’ settings. Fortunately, in this case, the administrator has addressed previously-discovered findings, leaving just three to-do’s under the third subheading. For added convenience, the red/green color-coding on the far right draws your attention.

An image of the ‘secure management ports’ finding.

Clicking on the third item above shows you a description of what ASC has found, along with remediation steps.  You have two options to remediate:  more broadly enable and require ‘just in time’ VM access; or, manually enable JIT for each resource. Again, Microsoft wants to incentivize and make it easier for your organization to take more holisitic and proactive steps across your resources such as enabling important settings by default; but we in no way penalize you for the security settings that you implement.

An image of a description of what ASC has found, along with remediation steps.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Posted on by Leave a comment

Microsoft statement on TikTok

ByteDance let us know today they would not be selling TikTok’s US operations to Microsoft. We are confident our proposal would have been good for TikTok’s users, while protecting national security interests. To do this, we would have made significant changes to ensure the service met the highest standards for security, privacy, online safety, and combatting disinformation, and we made these principles clear in our August statement. We look forward to seeing how the service evolves in these important areas.

Posted on by Leave a comment

New cyberattacks targeting US elections

In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below. We have and will continue to defend our democracy against these attacks through notifications of such activity to impacted customers, security features in our products and services, and legal and technical disruptions. The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others have reported. We also report here on attacks against other institutions and enterprises worldwide that reflect similar adversary activity.

We have observed that:

  • Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties and political consultants
  • Zirconium, operating from China, has attacked high-profile individuals associated with the election, including people associated with the Joe Biden for President campaign and prominent leaders in the international affairs community
  • Phosphorus, operating from Iran, has continued to attack the personal accounts of people associated with the Donald J. Trump for President campaign

The majority of these attacks were detected and stopped by security tools built into our products. We have directly notified those who were targeted or compromised so they can take action to protect themselves. We are sharing more about the details of these attacks today, and where we’ve named impacted customers, we’re doing so with their support.

What we’ve seen is consistent with previous attack patterns that not only target candidates and campaign staffers but also those they consult on key issues. These activities highlight the need for people and organizations involved in the political process to take advantage of free and low-cost security tools to protect themselves as we get closer to election day. At Microsoft, for example, we offer AccountGuard threat monitoring, Microsoft 365 for Campaigns and Election Security Advisors to help secure campaigns and their volunteers. More broadly, these attacks underscore the continued importance of work underway at the United Nations to protect cyberspace and initiatives like the Paris Call for Trust and Security in Cyberspace.

Strontium

Strontium is an activity group operating from Russia whose activities Microsoft has tracked and taken action to disrupt on several previous occasions. It was also identified in the Mueller report as the organization primary responsible for the attacks on the Democratic presidential campaign in 2016. Microsoft’s Threat Intelligence Center (MSTIC) has observed a series of attacks conducted by Strontium between September 2019 and today. Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations. Many of Strontium’s targets in this campaign, which has affected more than 200 organizations in total, are directly or indirectly affiliated with the upcoming U.S. election as well as political and policy-related organizations in Europe. These targets include:

  • U.S.-based consultants serving Republicans and Democrats;
  • Think tanks such as The German Marshall Fund of the United States and advocacy organizations;
  • National and state party organizations in the U.S.; and
  • The European People’s Party and political parties in the UK.

Others that Strontium targeted recently include businesses in the entertainment, hospitality, manufacturing, financial services and physical security industries.

Microsoft has been monitoring these attacks and notifying targeted customers for several months, but only recently reached a point in our investigation where we can attribute the activity to Strontium with high confidence. MSTIC’s investigation revealed that Strontium has evolved its tactics since the 2016 election to include new reconnaissance tools and new techniques to obfuscate their operations. In 2016, the group primarily relied on spear phishing to capture people’s credentials. In recent months, it has engaged in brute force attacks and password spray, two tactics that have likely allowed them to automate aspects of their operations. Strontium also disguised these credential harvesting attacks in new ways, running them through more than 1,000 constantly rotating IP addresses, many associated with the Tor anonymizing service. Strontium even evolved its infrastructure over time, adding and removing about 20 IPs per day to further mask its activity.

We are also working with our customers to assist them in proactively hunting for these types of threats in their environments and have published additional detail and guidance on Strontium activity.

Zirconium

Zirconium, operating from China, has attempted to gain intelligence on organizations associated with the upcoming U.S. presidential election. We’ve detected thousands of attacks from Zirconium between March 2020 and September 2020 resulting in nearly 150 compromises. Its targets have included individuals in two categories.

First, the group is targeting people closely associated with U.S. presidential campaigns and candidates. For example, it appears to have indirectly and unsuccessfully targeted the Joe Biden for President campaign through non-campaign email accounts belonging to people affiliated with the campaign. The group has also targeted at least one prominent individual formerly associated with the Trump Administration.

Second, the group is targeting prominent individuals in the international affairs community, academics in international affairs from more than 15 universities, and accounts tied to 18 international affairs and policy organizations including the Atlantic Council and the Stimson Center.

Zirconium is using what are referred to as web bugs, or web beacons, tied to a domain they purchased and populated with content. The actor then sends the associated URL in either email text or an attachment to a targeted account. Although the domain itself may not have malicious content, the web bug allows Zirconium to check if a user attempted to access the site. For nation-state actors, this is a simple way to perform reconnaissance on targeted accounts to determine if the account is valid or the user is active.

Phosphorus

Phosphorus is an activity group operating from Iran that MSTIC has tracked extensively for several years. The actor has operated espionage campaigns targeting a wide variety of organizations traditionally tied to geopolitical, economic or human rights interests in the Middle East region. Microsoft has previously taken legal action against Phosphorus’ infrastructure and its efforts late last year to target a U.S. presidential campaign. Last month, as part of our ongoing efforts to disrupt Phosphorus activity, Microsoft was again given permission by a federal court in Washington D.C. to take control of 25 new internet domains used by the Phosphorus. Microsoft has since taken control of these domains. To date, we have used this method to take control of 155 Phosphorus domains.

Since our last disclosure, Phosphorus has attempted to access the personal or work accounts of individuals involved directly or indirectly with the U.S. presidential election. Between May and June 2020, Phosphorus unsuccessfully attempted to log into the accounts of administration officials and Donald J. Trump for President campaign staff.

Bolstering Cybersecurity

We disclose attacks like these because we believe it’s important the world knows about threats to democratic processes. It is critical that everyone involved in democratic processes around the world, both directly or indirectly, be aware of these threats and take steps to protect themselves in both their personal and professional capacities. We report on nation-state activity to our customers and more broadly when material to the public, regardless of the actor’s nation-state affiliation. We are taking extra steps to protect customers involved in elections, government and policymaking. We’ll continue to disclose additional significant activity in our efforts to defend democracy.

We also believe more federal funding is needed in the U.S. so states can better protect their election infrastructure. While the political organizations targeted in attacks from these actors are not those that maintain or operate voting systems, this increased activity related to the U.S. electoral process is concerning for the whole ecosystem. We continue to encourage state and local election authorities in the U.S. to harden their operations and prepare for potential attacks. But as election security experts have noted, additional funding is still needed, especially as resources are stretched to accommodate the shift in COVID-19-related voting. We encourage Congress to move forward with additional funding to the states and provide them with what they need to protect the vote and ultimately our democracy.

Tags: , , , , , , ,