This article is contributed. See the original author and article here.
The pandemic has fundamentally changed how people value where they work, how they work, and most importantly—why they work. One year ago today, we announced Microsoft Viva to help accelerate this transformation.
This article was originally posted by the FTC. See the original article here.
Lots of people recently got an email or letter about free credit monitoring through the Equifax settlement. That’s because the settlement with Equifax was just approved by a court. So now, if you signed up for credit monitoring as part of that settlement, you can take a few steps to switch it on. The email or letter tells you how. Learn more at the FTC’s official site for information: ftc.gov/Equifax.
Remember that you don’t have to pay for credit monitoring as part of this settlement, and nobody will call, text, or email out of the blue to ask you for your credit card or bank account numbers, or to “help” you get your free credit monitoring. Anyone who does is a scammer, so please tell the FTC at ReportFraud.ftc.gov.
Learn more about the settlement and free credit monitoring at ftc.gov/Equifax.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CVE Number
CVE Title
Required Action Due Date
CVE-2022-21882
Microsoft Win32k Privilege Escalation Vulnerability
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
This article is contributed. See the original author and article here.
Overview
Charting in Excel has long been an important tool our customers use to explore, analyze, and tell stories about their data. Until a few years ago however, Excel for the Web primarily served as consumption-based companion app to our desktop versions – this meant that users were limited in their ability to create and edit charts on the web. As part of the broader effort to evolve Excel for the Web, the team has been working hard to elevate the charting experience and is excited to share several major improvements we have made over the last couple years that are available to all free and paid customers. In this blog post, we’ll cover some of the most significant upgrades we’ve made, which provide users with a more robust chart editing experience.
The Format Pane and On-Chart Interactions
You can now leverage the format task pane and on-chart interactions to format charts on the web. The format pane provides formatting support for critical chart properties (axes, legend, data series, etc.) and makes it easy to view and navigate to each editable chart element. You are now able to make property edits to elements of a chart such as the fill/outline color, number format, axis bounds, and more.
You can now also directly select the individual elements within a chart to launch and navigate to their respective formatting options in the format pane. Previously, users could only select the entire chart but not any contents within the chart.
To explore these new capabilities, launch the task pane by double-clicking anywhere on the chart or by right-clicking and selecting “Format”. From there, you can view each chart element’s formatting options by either selecting an element within the chart or expanding the options in the format pane.
Launch and navigate the Chart Format Pane by directly interacting with chart elements
Support for Adding & Removing Chart Elements
You can now also add and remove chart elements without having to leave the format pane. Users can leverage the new on/off toggles in the pane to choose whether to include a chart element in the chart. Alternatively, you can use the delete/backspace keys to remove a chart element that is selected. We have also added support for adding/removing trendlines and error bars.
Use the Chart Format Pane’s toggles to add/remove chart elements from your chart
Other Improvements
You can now select data from non-adjacent rows to create a chart. Previously, users were limited to creating charts from a continuous range of cells.
You can now freely change between all different chart types. Previously, some chart type changes were not supported.
We have also added undo/redo support for all chart commands and enabled sheet duplication for worksheets containing any chart type.
Stay tuned as we continue to improve Excel’s web charting experience – we’ll be sharing more updates as new features become available!
Your feedback is important for us! Tell us what you think about these improvements to the charting experience in Excel for the web by writing a comment on this blog post or Send us a smile or frown. You can also submit new ideas or vote for other ideas via Microsoft Feedback.
This article is contributed. See the original author and article here.
If sales were simple, then every seller and every sales organization would be successful. But there’s more to it, especially in the current landscape.
We’re seeing a fundamental shift in the way customers want to engageinstead of relying only on direct contact with sellers, customers more frequently use digital channels to get answers to questions and even to make purchasing decisions. The seller is moving from guiding every step of the sales process to being a trusted advisor. To fill this role, sellers must regroup and look for other ways to make a difference to their customers.
One way is through understanding the complete 360-degree view of the customer. The seller is not limited to just information from their sales force automation system, but can use data and insights on customers from across the organization. A 360-degree view provides a way to maximize the limited time a seller has with a customer and to engage them in a personalized, relevant conversation for a greater chance of success. But sellers today are suffering with digital overload from disparate systems that draw focus and time away from their customer engagements. How do we help sellers focus on actions that accelerate revenue?
The cutting-edge AI and collaborative capabilities of Microsoft Dynamics 365 Sales take the 360-degree view of the customer and give sellers the power to focus on the highest priority activity that has the best chance of moving the opportunity forward. Sellers can learn from customer history, access information from external data sources, and get next best actions to takeall within one tool, all within the sellers’ control.
And now, four AI-powered and collaborative digital selling capabilities, previously available only to Dynamics 365 Sales Premium customers, are available for all Dynamics 365 Sales Enterprise customers. You can now use these capabilities in your current environment, with your data and in real sales calls, transforming how your sellers engage with customers.
Digital selling capabilities in action:
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
The AI capabilities in Dynamics 365 Sales are a seller’s superpower. Sellers see, and can act on, suggested actions and collaborate with colleagues all within their flow of work. AI assists in that flow of work, identifying and suggesting actions, but the seller is in control on what to do next.
AI recommendations aren’t just in the context of working on an active deal. Sellers and managers can be proactive and drive successful deal closures with prioritized AI driven recommendations on at-risk or stalled deals. Sellers can see account relationships that are at risknot just customers with active deals.
We believe sellers will be more productive and close more deals with these digital selling tools assisted by AI. That is why we are enabling them for Dynamics 365 Sales Enterprise customers. We want sellers to be able to experience this new level of productivity and customer connection.
It’s easy to activate these features on your existing Dynamics 365 Sales product, just follow the in-app ‘Get started with digital sales’ guidance, complete with step-by-step videos.
Help sellers accelerate revenue in these four ways
1. Allow real-time call insights to drive better call outcomes. Conversation intelligence uses analytics and data science to help a seller be more efficient and productive. Calls are recorded and analyzed in real time with key insight and committed actions generated in the call conversation. We even programmatically generate meeting summaries to save time in capturing the outcome of a call.
2. Enable sellers to collaborate more effectively in the moments that matter. Sales is a team sport. Sellers need to access subject matter expertise in the context of a deal, collaborate with account teams across the globe, and share artifacts with customers throughout the sales lifecycle. With Microsoft Teams chat embedded within Dynamics 365, you can collaborate with stakeholders directly from within Dynamics 365. This allows you to use Dynamics 365 data as an organizing layer for your Teams collaboration activity and link chats to Dynamics 365 records, such as leads or opportunities, for convenient access for all participants.
3. Help sellers prioritize activities that will have the highest impact. The sales accelerator in Dynamics 365 Sales helps sellers to sell smartly by building a strong and prioritized pipeline, offering context, and surfacing automated recommendations throughout a sales sequence that helps to speed the sales process.
4. Help sellers focus on the leads and opportunities that are most likely to close. Predictive lead and opportunity scoring uses machine learning models to calculate a score for open leads and opportunities. The score is designed to help a seller prioritize their day and identify records which require immediate attention. With effective prioritization sellers should be able to quickly tackle the right leads and opportunities to increase conversion and close rates.
Conversation intelligence, sales accelerator, and lead and opportunity scoring are available in limited capacity each month, with enough quantity to see the daily productivity difference. Customers who hit the monthly limits, or simply want to enable broader use of these benefits, can upgrade to Dynamics 365 Sales Premium. Note that Microsoft Teams chat is not limited in capacity and is available to all Sales Enterprise and Sales Premium customers.
Digital selling is here to stay
With conversation intelligence, sales accelerator, and lead and opportunity scoring, sellers get best-in-class AI capabilities to remember the actions they have committed to, summarize meetings, and help prioritize their worklist. All of this helps your sellers to be more productive and save time by removing manual effort, spending more time selling.
I’m excited to share this update and encourage you to switch to these Dynamics 365 Sales Premium capabilities to take your business to the next level with best-in-class selling solutions.
Learn more
To learn more about these digital selling capabilities, click the links to these online documentation and video resources.
If you’re not already a Dynamics 365 Sales customer, to learn more about how your organization can supercharge your digital sellers, visit the Dynamics 365 Sales webpage and sign up for a free trial.
This article was originally posted by the FTC. See the original article here.
During Identity Theft Awareness Week 2022, we’ve talked about reducing your risk of identity theft. Credit freezes and fraud alerts can help. Both are free and make it harder for identity thieves to open new accounts in your name. One may be right for you.
Credit freezes
A credit freeze is the best way you can protect against an identity thief opening new accounts in your name. When in place, it prevents potential creditors from accessing your credit report. Because creditors usually won’t give you credit if they can’t check your credit report, placing a freeze helps you block identity thieves who might be trying to open accounts in your name.
A freeze also can be helpful if you’ve experienced identity theft or had your information exposed in a data breach. And don’t let the “freeze” part worry you. A credit freeze won’t affect your credit score or your ability to use your existing credit cards, apply for a job, rent an apartment, or buy insurance. If you need to apply for new credit, you can lift the freeze temporarily to let the creditor check your credit. Placing and lifting the freeze is free, but you must contact the national credit bureaus to lift it and put it back in place.
Place a credit freeze by contacting each of the three national credit bureaus, Equifax, Experian, and TransUnion. A freeze lasts until you remove it.
Fraud alerts
A fraud alert doesn’t limit access to your credit report, but tells businesses to check with you before opening a new account in your name. Usually, that means calling you first to make sure the person trying to open a new account is really you.
Place a fraud alert by contacting any one of the three national credit bureaus. That one must notify the other two. A fraud alert lasts one year and you can renew it for free. If you’ve experienced identity theft, you can get an extended fraud alert that lasts for seven years.
This article is contributed. See the original author and article here.
CISA has released an Industrial Controls Systems Advisory (ICSA) that details vulnerabilities in the Airspan Networks Mimosa product line. An attacker could exploit these vulnerabilities to achieve remote code execution, create a denial-of-service condition, or obtain sensitive information.
This article is contributed. See the original author and article here.
Cisco has released security updates to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review Cisco advisory cisco-sa-smb-mult-vuln-KA9PK6D and apply the necessary updates.
This article is contributed. See the original author and article here.
The SMTP protocol isn’t secure and wasn’t designed to be. Email sent in the early days of the Internet were the digital equivalent of sending a postcard through the postal system. Eventually, Transport Layer Security (TLS) encryption was added to protect SMTP communications. But to maintain backward compatibility, it was never made compulsory and even today it’s used only opportunistically by senders.
TLS uses certificates for encryption, but they aren’t used for verifying the identity of the destination server. This exposes SMTP connections to DNS tampering that can redirect connections to an attacker’s server. Senders have no way to confirm that destination server is the intended email server. Even worse, after intercepting traffic, a savvy attacker can relay it to the intended destination, and neither the sender nor the recipient would be aware that a man-in-the-middle attack ever took place.
The SMTP MTA Strict Transport Security (MTA-STS) standard was developed to ensure that TLS is always used, and to provide a way to for sending servers to refuse to deliver messages to servers that don’t support TLS and have a trusted certificate. The MTA-STS standard was developed by several email industry companies brought together by the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). We have been validating our implementation and are now pleased to announce support for MTA-STS for all outgoing messages from Exchange Online.
Outbound Protection
All outbound Exchange Online email traffic is covered by this new security feature, and there’s nothing admins need to do to leverage it. Our outbound implementation respects the wishes of the recipient domain owners via their MTA-STS policy. MTA-STS now forms part of the security infrastructure of Exchange Online, and it’s always on (like other core SMTP features).
Inbound Protection
Nothing new is needed from Exchange Online to leverage MTA-STS protection for your own domains. Exchange Online supports TLS1.2 and offers the TLS certificates that are required by the standard. As domain owners ourselves, we secured several of our own domains, including primary domains such as outlook.com, hotmail.com, and live.com. Therefore, we’re now assured that connections from senders who support MTA-STS are much better protected against man-in-the-middle attacks. If a sender does not perform MTA-STS validations, email will still be delivered as normal, and TLS will be used if the sender chooses to use it.
NOTE: Messages will be delivered when only one party supports MTA-STS. For example, when an MTA-STS-protected domain receives a message from a sender domain that doesn’t support MTA-STS, the message is delivered. The message is also delivered when the recipient domain doesn’t support MTA-STS, but the sender domain does. The only scenario where messages aren’t delivered is when both sides are using MTA-STS and MTA-STS validation fails.
How To Adopt MTA-STS
MTA-STS allows a domain to declare support for TLS and communicate the MX record and destination certificate to expect. It also indicates what a sending server should do if there’s a problem. This is done through a combination of a DNS TXT record and a policy file that’s published as an HTTPS web page. The HTTPS-protected policy introduces another security protection that attackers must overcome.
A domain’s MTA-STS TXT record indicates MTA-STS support to a sender, after which the domain’s HTTPS-based MTA-STS policy is retrieved by the sender. The following TXT record is an example that declares support for MTA-STS:
_mta-sts.contoso.com. 3600 IN TXT v=STSv1; id=20211201000000Z;
A domain’s MTA-STS policy is located at a predefined URL that’s hosted by the domain’s web infrastructure. The URL syntax is https://mta-sts.<domain name>/.well-known/mta-sts.txt. For example, Microsoft.com’s policy is found at: https://mta-sts.microsoft.com/.well-known/mta-sts.txt
Any customers whose MX records point directly to Exchange Online can use this same policy. The unique, required information in the policy is the MX record that points to Exchange Online, and the same certificate is shared by Exchange Online customers.
To be protected by MTA-STS, a domain owner needs to create the DNS TXT domain record and host the policy file at the required HTTPS URL with a valid certificate that contains their domain. Details about MTA-STS are available in RFC 8461.
Staying Informed Through TLS-RPT Reports
Accompanying MTA-STS is an extremely useful industry specification that outlines a standard mechanism to allow email services to report sending issues that occur when sending to a specific domain. This is the first time a channel is available for domain owners to get direct reports of actual issues that senders encounter when sending email to the domain. This reporting mechanism can avoid the need for senders to report issues related to sending email to your domain.
The TLS-RPT standard provides reporting for MTA-STS (and DANE for SMTP) with a single daily report from each email service that supports it. To receive TLS-RPT reports, a domain owner can create a DNS TXT entry to indicate where they would like to receive reports. For most admins, it means sending the reports to an email address, as shown in the following example:
TXT Record example: _smtp._tls.example.com. 3600 IN TXT TLSRPTv1;rua=mailto:reports@example.com
Email services that send email to your domain and that support both MTA-STS and TLS-RPT send daily reports to the provided email address. Details about TLS-RPT are available in this RFC 8460. Microsoft has started sending TLS-RPT reports to domains that have requested them.
MTA-STS Failures
If an MTA-STS check fails and the domain’s policy is set to enforce, an NDR will be generated and the message will not be sent. The following list describes the errors that might occur due to MTA-STS failures:
Destination server does not support TLS
551 5.7.4 STARTTLS is required by recipient domain’s MTA-STS policy
Destination server does not support TLS 1.2 or above
We try to respect RFCs to the best of our abilities. The goal is to achieve the best interoperability possible. In a small number of scenarios, there may be unexpected behavior, and we’ll do our best to document that behavior.
For example, one difference in behavior involves CNAME records and MX records. Having a CNAME record for an MX record doesn’t comply with the SMTP RFC, but in the interest of successfully sending the email of our customers, we currently resolve CNAMEs to the servers that they point to for message deliveries. For MTA-STS, we’ve taken a stricter approach to supporting the RFC. We do not support CNAMEs when MTA-STS is used. If a domain uses a CNAME and follows the MTA-STS RFC, that domain will fail our MTA-STS checks, and will not receive emails from us. However, it’s possible for a domain to include the final server in their MTA-STS policy and pass our MTA-STS checks, even though that would not strictly follow the MTA-STS RFC.
MTA-STS Vs SMTP DANE
MTA-STS came about because of the slow roll out of DNSSEC to protect the DNS records that are associated with SMTP. MTA-STS can be seen as a lighter-weight mechanism to secure your mail flow. Although MTA-STS offers a much-needed upgrade to current SMTP protections, DANE for SMTP (with the support of DNSSEC) is the gold standard for securing SMTP connections. However, many customers might find MTA-STS good enough for their security needs.
We’ve been working on support for both MTA-STS and DANE for SMTP. At the very least, we encourage customers to secure their domains with MTA-STS. You can use both standards on the same domain at the same time, so customers are free to use both when Exchange Online offers inbound protection using DANE for SMTP by the end of 2022. By supporting both standards, you can account for senders who may support only one method.
Both MTA-STS and DANE require adoption from domain owners on the receiving side and services/servers that send email. We strongly encourage everyone to adopt these standards to improve the overall security of SMTP connections. Currently, we successfully validate connections to over 35K MTA-STS-protected domains, and this number is growing every month.
Future Work
We’re actively working on features that are related to the MTA-STS and DANE for SMTP standards with the goal of making it easier for our customers to make the most of them. We’ll announce these features as they become available.
During 
Recent Comments