This article is contributed. See the original author and article here.
As mentioned in previous posts, 11/11/2021 and on 11/15/2022, Office 2013 reached the end of the Extended Support lifecycle on April 11, 2023. Continuing to use Office 2013 could increase your organization’s exposure to security risks, impact your ability to meet compliance obligations, and/or affect end user productivity.
Additionally, support for other Microsoft Office products is also coming to an end in the next months. Please review the following list and act before the end of the product’s lifecycle:
Office 2019 for Mac reaches end of support on October 10, 2023. This means Office 2019 for Mac will no longer receive security updates, bug fixes, technical support, or online technical content support.
Connecting Office 2016 and Office 2019 to Microsoft 365 reaches end of support on October 10, 2023. After this end date we won’t block these Office versions from connecting to Microsoft 365 services if they are kept up to date. But after October 10, 2023, improvements to Microsoft 365 services will no longer be tested with these Office versions, so, users could experience performance or reliability issues. Read more about this in our Microsoft Learn article.
If you’re running a version affected by any of the end of support dates, we recommend upgrading to Microsoft 365 E3, which comes with Microsoft 365 Apps – the apps you’re familiar with (e.g., Word, Excel, PowerPoint, Outlook, etc.). It falls under the Modern Lifecycle Policy, so it’s continuously supported.
This article is contributed. See the original author and article here.
In today’s unpredictable market conditions, companies are looking to do more with less, and delivering exceptional customer experiences is necessary to both acquire new customers and retain and increase the lifetime value of existing customers. Faced with a larger set of choices, customers expect the companies they do business with to know them, anticipate their needs, and deliver personalized interactions. To earn their loyalty, it’s critical that every interaction, digital or in person, exceeds their expectations.
To win against their competitors, companies need to deeply understand their customers, personalize every interaction pre-sale and post-sale, and use data and AI to deliver proactive and continuous value to win the hearts and minds of their customers. Marketers and sellers must work closely together as a single unit to deliver experiences where every interaction builds upon the last. Marketers and customer experience (CX) professionals are being tasked with orchestrating these experiences seamlessly across every department, for both new and existing customers, and are being asked to do this with even fewer resources.
At Microsoft, we aspire to empower every company to create amazing experiences for their customers that translate into business success. With Microsoft Dynamics 365 Marketing, companies can orchestrate real-time, end-to-end journeys designed by business users. With Dynamics 365 Customer Insights, companies can use all its data as an enterprise asset and get insights that can be actioned across the customer’s lifecycle. AI assists every step of the way, so employees can be more efficient and have more time to focus on the things they really want to do. Companies can:
Gain deep insights into their customers to deliver relevant interactions.
Use generative AI to orchestrate impactful experiences.
Unify sales and marketing teams to accelerate the pipeline.
Discover how 2023 release wave 1 for Dynamics 365 Marketing and Dynamics 365 Customer Insights will help you delight your customers while increasing your team’s efficiency. Let’s look at some of the features in this wave that I am most excited about.
Gain insights into your customers to deliver relevant interactions
Understanding your customers is key to delivering relevant interactions that drive engagement and loyalty. The use of generative AI empowers companies to understand customers like never before. While analyzing vast amount of data previously required deep knowledge of the data and took time to prepare, thanks to Copilot in Dynamics 365 Customer Insights, companies can now get insights faster and more easily by using natural language. Marketers, sellers, and data analysts can ask questions in simple everyday words to explore, analyze, and instantly understand their customerssegment sizes, preferences, and new insights to uplevel every interaction.
To get value from insights, these must be available where they can be actioned. With the latest customer interactions compiled into a unified timeline and made available directly in Dynamics 365 Sales, Customer Service, and Marketing, each team can be guided by a complete understanding of their customers and their recent activities. Armed with relevant customer information accessible directly within the flow of their work, sellers and marketers can orchestrate next best experiences that exceed their customers’ expectations.
Use generative AI to orchestrate impactful experiences
To run successful campaigns, marketers must target the right customers. Often this means finding that one person who understands the underlying data set and can create the right segment to target. Now, using query assist, a Copilot feature in Dynamics 365 Marketing, marketers can build segments in minutes by simply describing audiences’ characteristics in natural language,for example, create a segment from contacts living in Seattle.
Creating compelling emails can be hard and often getting started is the hardest part. Copilot can assist marketers in finding inspiration and generating engaging emails within minutes. With Content ideas, a Copilot feature in Dynamics 365 Marketing, marketers can easily craft engaging emailsit’s like brainstorming with their team. After marketers specify the type of email they want to send and select the tone of voice that is the right fit with their brand, Copilot generates high-quality content that marketers can easily adjust. With the assistance of Copilot in Dynamics 365 Marketing, marketers can significantly reduce the amount of time spent copywriting, and shipping engaging emails is faster, more efficient, and fun.
In order to maximize marketing ROI, it is important to know what activities are having a positive impact. Out-of-the-box AI-powered dashboards help marketers understand how their activities contribute to defined milestones, for example, number of webinar registrations, qualified leads, or opportunities created. Thanks to AI-powered milestones and rules-based attribution models, marketers can easily identify their best performing activities and journeys, drop ineffective tasks, and optimize their marketing spend.
Unify sales and marketing to accelerate your funnel
It is no longer enough for sales and marketing teams to just be “aligned,” they must now be unified so together they can effectively nurture leads, close pipelines, and build a loyal customer base. With the new lead scoring model and qualification model in real time marketing, marketers can define criteria and identify leads to prioritize so every single qualified lead gets attention at the right time from the sales teams.
Furthermore, to make sure leads are actioned immediately, marketers can automatically assign leads to the seller in Dynamics 365 Sales. Leads are identified, prioritized, and while they are still hot, they are seamlessly passed to the relevant or available expert on the sales team to increase the chances of closing the deal.
To ensure the seller is enabled to deliver value in every interaction, sellers can access valuable insights directly within their Dynamics 365 Sales workflow. They can for instance use average transaction amount, total sales, loyalty reward points, and customer lifetime value for each contact, account, or lead and use these insights to hyper-personalize the interaction. This kind of interaction builds relationships, exceeds expectations, and leads to loyal customers.
Start using Dynamics 365 Marketing and Customer Insights wave 1 2023 features
We aim to help you capitalize on your data to better understand your customers. We aim to democratize the use of generative AI so you can deliver experiences that build customer loyalty while improving employee productivity. We aim to facilitate seamless collaboration across departments so your organization can operate as one seamless unit. And we are excited to bring solutions in this wave designed to do just this, while making your work easier and enabling you to transform customer experiences so you can grow your business.
Business Applications Launch Event
Discover new capabilities for Dynamics 365 Marketing and Customer Insights
This article is contributed. See the original author and article here.
Two years ago, we shared that “It’s Time to Hang Up on Phone Transports for Authentication.” Today, we’re adding the public preview of Authenticator Lite to the tools we are offering to help you move from text message (SMS) and voice-based authentication. Our priority is getting every user to sign in with modern strong authentication – passwordless, hardened against phishing, easy to use and adaptable to evolving attacks.
Our top recommendation for modern strong authentication is the Authenticator, which offers the most robust security features, updated the most frequently, for free. Microsoft Authenticator app has over 100 million users worldwide who trust it as a secure and easy way to authenticate, making it the most popular way to sign in with strong authentication in Azure.
Because modern strong authentication is so important, we’re making it even more accessible by embedding it right into the Outlook client! We call this embedded experience Authenticator Lite – and we’re excited to announce it is now in public preview! For users that haven’t yet downloaded Authenticator, they can now complete MFA for their work or school account for free using the Outlook app on their iOS or Android devices. Users can approve authentication requests and receive TOTP codes, bringing the security of Authenticator to a convenient location while simplifying users’ move off phone transports for authentication.
During public preview, admins can choose to enable or disable this capability for a group of users or to leave the feature in a Microsoft managed state. Enabling a group for Authenticator Lite is possible from the Entra portal via the Authenticator configuration page. It’s also possible to enable the feature through MS Graph.
Authenticator Lite, as the name suggests, will extend a subset of the Authenticator’s capabilities into Outlook. Each verification notification will include a number matching prompt and biometric or pin verification if enabled on the device. More information on the Authenticator Lite notification configurations can be found here.
Once enabled for Authenticator Lite, users on the latest version of Outlook without the Authenticator app will be prompted to register Outlook as an MFA method when they launch the app on their device.
Once users are registered, during their next authentication, users will be prompted to authenticate using a push notification in their Outlook app.
Registered users will also have access to a TOTP code found in their Outlook settings under Authenticator.
For more information on enabling this feature for your users, see here. Rollout to support this feature in Outlook is currently underway.
This feature will roll out to tenants in the state ‘Microsoft managed’. For the duration of public preview, leaving the feature set to ‘Microsoft managed’ will have no impact on your users and the feature will remain turned off unless you explicitly change the state to enabled. In late April 2023, we will remove preview tags and enter general availability. On May 26, 2023, if the feature is left set to ‘Microsoft managed,’ your tenant will be enabled for Authenticator Lite by Microsoft. If you do not wish for this feature to be enabled on May 26, set the state to ‘disabled’ or assign users to include and exclude groups prior to May 26.
We hope you and your users enjoy this new feature, and, as always, please let us know of any questions or feedback by leaving comments down below or reaching out to us at aka.ms/AzureADFeedback.
Regards,
Alex Weinert
VP Director of Identity Security, Microsoft
Microsoft Identity Division
Learn more about Microsoft identity:
Get to know Microsoft Entra – a comprehensive identity and access product family
This article is contributed. See the original author and article here.
The role of the seller is evolving. Buyers expect a blend of digital and personalized experiences throughout their journey. To achieve this, sellers must be efficient and effectiveprioritizing who to engage, identifying how and when to connect, and spending more time becoming trusted advisors to their customers. Sellers can’t be overwhelmed trying to make sense of too much data and information; rather, they need the data to work for them by providing value in every customer interaction.
With Microsoft Dynamics 365 Sales, sellers can improve their sales by prioritizing their best bets, collaborating with their sales team in the moment with Microsoft Teams built-in, knowing when they should engage with prospective customers, and then seeing how it went after ending the call. Sellers are given the gift of time, plus intelligence, so they can close more deals faster than before.
For years, customer relationship management (CRM) systems have asked sellers to enter data so sales managers could forecast revenue and assess seller performance. With Dynamics 365 Sales and Microsoft Viva Sales, we have put the applications to work for youusing AI to simplify data capture and recommend in-the-moment interactions whether selling from Dynamics 365 Sales or in Microsoft 365 productivity tools. Starting today, we will begin to roll out new capabilities for Dynamics 365 Sales and Viva Sales that use the power of AI to help sellers:
Prioritize your work to land more deals faster.
Stay productive and collaborate in the flow of work with Viva Sales.
Let’s take a closer look at what’s in store for sellers in the weeks and months ahead.
2023 release wave 1 for Dynamics 365 Sales and Viva Sales
Learn about the new sales capabilities helping sellers with the power of AI.
The sales accelerator in Dynamics 365 Sales helps sellers to sell with intent by building a prioritized worklist and surfacing automated activity recommendations to speed the sales process. Sequences enable sales organizations to automate these processes, tailoring them to their unique sales approach and best practices. Sequences are powered by our common customer journey orchestration engine shared across Dynamics 365 applications. We are enhancing the sequence capabilities to support account-centric selling with multiple sequences to a record, improve effectiveness with actionable AI-powered suggestions, and analyze performance using sequence insights.
Time with customers is precious, so every sales interaction matters. Conversation intelligence helps sellers make the most of their sales calls by transcribing the dialog and using AI to detect sentiment, questions, and actions to ensure no follow-up is missed. In this release, we have enabled text message as an additional channel for sellers to engage with customers and added additional AI capabilities to redact sensitive personally identifiable information (PII) data from phone calls and provide in-the-moment suggestions to guide sales conversations.
Sellers are routinely managing many deals at the same time. As sales engagements progress and sellers learn more about their customers, they need to regularly adjust and review this data while, at the same time, keeping an eye on how they are performing. Sellers can easily maintain the various stakeholders for an account with the new org chart capability, identify and analyze the activity of key decision makers, and ensure they stay on top of their performance and update their pipeline with the new opportunity management experience. The new opportunity experience eliminates many processes that sellers would normally need to do and streamlines everything into a single workspace.
Stay productive and collaborate in the flow of work
Not all sellers spend all their time in a CRM system. Many spend much of their time in productivity tools, emailing, calling, and collaborating with colleagues and customers. In October 2022, we launched Microsoft Viva Sales. We are empowering salespeople with AI-driven insights and data automation right in the flow of workin the productivity and collaboration tools millions are already using every day: Microsoft 365 and Teams.
Selling is a team sport. Enabling sales team members to collaborate with each other effectively with the right tools is key to their success. Collaboration spaces bring together the right users, contextual insights, and productivity apps to boost seller collaboration in Teams. Collaboration spaces makes internal and external collaboration take center stage. Sellers can use sales templates to create a collaboration space. Sales templates speed up structured team/channel creation with predefined channels, pre-pinned apps, and integrated access to CRM data.
For sales teams, the adage “time is money” is more relevant than ever before. Sellers are busy people who find it challenging to balance the time and effort required to respond to customer emails with their other responsibilities. Pain points include:
Pulling data from a CRM system is time-consuming with complicated navigation and menus.
Keeping track of customer opportunities and the history is difficult and increases for sellers managing many accounts.
Responding to a high volume of emails can be overwhelming and might cause the seller to miss important details.
With the help of Copilot in Viva Sales, alongside the context of the email or meeting and CRM data, we will now generate suggested email content for a variety of scenariossuch as replying to an inquiry, creating a proposal, or summarizing the action items from meetings. Viva Sales brings together Microsoft 365 data and CRM data to help sellers quickly generate responses using the power of Microsoft Azure OpenAI Service.
Organizations have taken pride in the customization of their CRM systems, considering it to be critical to their business success. These customized experiences allow sellers to engage and capture customer data effectively within their CRM system. In October, we introduced Viva Sales, which lets sellers use Microsoft 365 and Teams to automatically capture data into any CRM system, eliminating manual data entry and giving more time to focus on selling.
In February, we released the ability for CRM administrators to customize CRM forms, fields, and behavior in Viva Sales for accounts, contacts, and opportunities. With this release, we will add the ability to configure additional out-of-the-box entities as well as custom entities using queries defined in the CRM system. CRM administrators will be able to add or remove relevant custom and out-of-the-box entities to Viva Sales forms and control filtering and sorting behavior of lists using CRM-defined queries. Sellers will be able to see custom and out-of-the-box entities in the Outlook side pane in Viva Sales, share custom entities with colleagues in Teams, search for custom entities in the Teams messaging extension, and connect Outlook email and meeting activities to custom or out-of-the-box entities.
Learn more about 2023 release wave 1 for Dynamics 365 Sales and Viva Sales
These are just a few of the new capabilities that we are rolling out for sellers in 2023 release wave 1. To learn more about these new capabilities in Dynamics 365 Sales and Viva Sales, click on the links below.
If you are not yet a Dynamics 365 Sales customer, check out our Dynamics 365 Sales webpage where you can take a guided tour or get a free 30-day trial.
This article is contributed. See the original author and article here.
In our previous blog about hunting for network signatures in Microsoft 365 Defender, we described how we used device discovery capabilities to capture some network event information in deeper detail and expose them in advanced hunting with the NetworkSignatureInspected action type. Since then we have made several developments, the most significant being the integration with Zeek. This release has expanded what is possible for generating network detections across Microsoft Defender for Endpoint. That announcement, shared examples of detections created for PrintNightmare and NTLM password spraying attempts.
Today, we would like to share a variety of Zeek-based events in advanced hunting that will help you expand your investigation, hunting, and detection capabilities for identifying and addressing network-layer anomalies across HTTP, SSH and ICMP protocols. Using the new Zeek events, we will demonstrate how to perform network threat hunting while also covering some of the MITRE ATT&CK Matrix.
Note: As the integration with Zeek continues to mature, more action types will gradually be released over time. With the Zeek integration only supported on Windows devices, these action types will surface for connections to and from Windows device.
To identify these action types in your tenant, look for the value ConnectionInspected in the ActionType field of the DeviceNetworkEvents table of advanced hunting. The extra information is stored in the AdditionalFields column as a JSON data structure and has the commonly known Zeek fields per event, which can be parsed. These field names are identical to those that Zeek uses, which are documented on Zeek’s site. You can also check the Schema Reference flyout page on the advanced hunting pages to check for any new action types that were recently released.
The result of this query looks something like this:
Figure 1 – Sample result upon checking for ConnectionInspected in the ActionType table
The format of the action type will follow the [Protocol_Name]ConnectionInspected standard.
Inspecting HTTP connections
The HttpConnectionInspected action type contains extra information about HTTP connections, inbound or outbound. In cases where you click on an event of the HttpConnectionInspected action type, the page flyout will parse the additional fields and present them in a format like the example below:
Figure 2 – Sample result of an HttpConnectionInspected action type
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
Field Name
Description
direction
The direction of the conversation relevant to the Microsoft Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’
host
The host header content
method
The HTTP method requested
request_body_len
Length of the HTTP message body in bytes
response_body_len
Length of the HTTP response body in bytes
status_code
The HTTP response code
status_msg
The full text message of the response
tags
A set of indicators of various attributes discovered and related to a particular request/response pair.
trans_depth
Represents the pipelined depth into the connection of the request/response transaction
uri
The complete URI that was requested
user_agent
The user_agent header of the request
version
The HTTP version used
Let’s look at a few examples of using the HttpConnectionInspected action type. In the first example, you want to look for rare user agents in the environment to identify potentially suspicious outbound web requests and cover the “T1071.001: (Application Layer Protocol) Web Protocols” technique.
// Identify rare User Agent strings used in http conversations
DeviceNetworkEvents
| where ActionType == ‘HttpConnectionInspected’
| extend json = todynamic(AdditionalFields)
| extend direction = tostring(json.direction), user_agent = tostring(json.user_agent)
| where direction == ‘Out’
| summarize Devices = dcount(DeviceId) by user_agent
| sort by Devices asc
Suppose you have identified a suspicious-looking user-agent named “TrickXYZ 1.0” and need to determine which user/process/commandline combination had initiated that connection. Currently, the HttpConnectionInspected events, as with all Zeek-related action types, do not contain that information, so you must execute a follow-up query by joining with events from ConnectionEstablished action type. Here’s an example of a follow-up query:
In another example, let’s look for file downloads from HTTP, particularly files of executable and compressed file extensions to cover the “T1105: Ingress tool transfer” technique:
| where uri matches regex @”.(?:dll|exe|zip|7z|ps1|ps|bat|sh)$”
The new HTTP action type will unlock a variety of possibilities for detection on this protocol. We look forward to seeing the queries you come up with by sharing your contributions with the community.
Looking at SSH connections
The SshConnectionInspected action type will display information on SSH connections. While decrypting the entire SSH traffic is not possible, the cleartext part of the SSH session initiation can provide valuable insights. Let’s look at the data found in the AdditionalFields section.
Figure 3 – Screenshot of additional fields that SshConnectionInspected generates.
The fields depend on the activity that was observed. Some of these fields might not appear depending on the connection. For example, if the client disconnected before completing the authentication, you will not have an auth_success field populated for that event..
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
Field Name
Description
direction
The direction of the conversation relevant to the Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’
auth_attempts
The number of authentication attempts until the success or failure of the attempted session.
auth_success
The success or failure in authentication, where ‘true’ means successful user authentication and ‘false’ means the user-provided credentials are incorrect.
client
The version and type of client used to authenticate to the SSH session.
host_key
Host public key value
server
SSH server information
version
SSH protocol major version used
uid
The unique ID of the SSH session attempt
Let’s look at a few advanced hunting examples using this action type. In the first example, you want to look for potentially infected devices trying to perform “T1110: Brute-Force” against remote servers using SSH as an initial step to “T1021.004: Lateral Movement – Remote Services: SSH”.
The query below will give you a list of Local/Remote IP combinations with at least 12 failed attempts (three failed authentications on four sessions) of SSH connections in the last hour. Feel free to use this example and adapt it to your needs.
In the next example, let’s suppose you are looking to identify potentially vulnerable SSH versions and detect potentially unauthorized client software being used to initiate SSH connections and operating systems that are hosting SSH server services in your environment:
// Identify Server/Client pairs being used for SSH connections
DeviceNetworkEvents
| where ActionType == “SshConnectionInspected”
| extend json = todynamic(AdditionalFields)
| project Server = tostring(json.server),Client = tostring(json.client)
| distinct Server ,Client
Figure 4 – An example result with a short description of the different components
The results above describe breaking down the SSH banners to identify the different components. A short analysis of the banners shows that the server is Ubuntu 22.04, running OpenSSH version 8.9, and the client software is WinSCP version 5.21.3. Now, you can search these versions online to verify if they are vulnerable.
Note: The query above can be used to surface potential “T1046: Network Service Discovery” attempts, as attackers may try to search for unpatched or vulnerable SSH services to compromise.
Reviewing ICMP connections
The IcmpConnectionInspected action type will provide details about ICMP-related activity. The breadth of fields generated creates opportunities for some interesting detections. Here’s an example of the human-readable view of the event as shown on the event flyout page
Below, you will find a complete list of fields that this action type can expose and the respective descriptions:
Field Name
Description
direction
The direction of the conversation relevant to the Defender for Endpoint-onboarded device, where the values are either ‘In’ or ‘Out’
conn_state
The state of the connection. In the screenshot example OTH means that no SYN packet was seen. Read the Zeek documentation for more information on conn_state.
duration
The length of the connection, measured in seconds
missed_bytes
Indicates the number of bytes missed in content gaps, representing packet loss.
orig_bytes
The number of payload bytes the originator sent. For example, in ICMP this designates the payload size of the ICMP packet.
orig_ip_bytes
The number of IP level bytes that the originator sent as seen on the wire and taken from the IP total_length header field.
orig_pkts
The number of packets that the originator sent.
resp_bytes
The number of payload bytes the responder sent.
resp_ip_bytes
The number of IP level bytes that the responder sent as seen on the wire.
resp_pkts
The number of packets that the responder sent.
Uid
Unique Zeek ID of the transaction.
Let’s explore a few examples of hunting queries that you can use to leverage the ICMP connection information collected by Defender for Endpoint.
In the first example, you wish to look for potential data leakage via ICMP to cover the “T1048: Exfiltration Over Alternative Protocol” or “T1041: Exfiltration Over C2 Channel” techniques. The idea is to look for outbound connections and check the payload bytes a device sends in a given timeframe. We will parse the direction, orig_bytes, and duration fields and look for conversations over 100 seconds where more than 500,000 were sent. The numbers are used as an example and do not necessarily indicate malicious activity. Usually, you will see the download and upload are almost equal for ICMP traffic because most devices generate “ICMP reply” with the same payload that was observed on the “ICMP echo” request.
Below is an example result after exfiltrating a large file over ICMP to another device on the network:
In the last example, you wish to create another hunting query that helps you detect potential Ping sweep activities in your environment to cover the “T1018: Remote System Discovery” and “T1595: Active Scanning” techniques. The query will look for outbound ICMP traffic to internal IP addresses, create an array of the targeted IPs reached from the same source IP, and display them if the same source IP has pinged more than 5 IP Addresses within a 10-minute time window.
| where Direction == “Out” and ipv4_is_private(RemoteIP)
| summarize IpsList = make_set(RemoteIP) by DeviceId, bin(Timestamp, 10m)
| where array_length(IpsList) > 5
Identifying the origin process of ICMP traffic can be challenging as ICMP is an IP-Layer protocol. Still, we can use some OS-level indications to narrow down our search. We can use the following query to identify which process-loaded network, or even ICMP-specific, binaries:
Recent Comments