Category Archives: Microsoft News

Microsoft News

‘American Horror Story: Cult’ available now in the Windows Store – The Fire Hose

Prepared to be terrified by the newest chapter in Ryan Murphy’s TV drama anthology, “American Horror Story: Cult.”

Buy a season pass now in the Movies & TV section of the Windows Store.

Also, keep up with what’s hot, new and trending in the Windows Store on Twitter and Facebook.

Athima Chansanchai
Microsoft News Center Staff

Tags: Movies & TV, Windows Store

Microsoft establishes Quantum Centre at the University of Copenhagen – University of Copenhagen

06 September 2017

Partnership

The University of Copenhagen plays a central role in an ambitious Microsoft multi-million dollar investment.
Today, the tech company and the University signed a long-term collaboration agreement on the development of a general-purpose, scalable quantum computer. This is a project which opens up tremendous new opportunities for science and technology.

The Niels Bohr Institute’s Centre for Quantum Devices (Qdev), headed by Professor Charles Marcus, will be pivotal in the collaboration between Microsoft and the University of Copenhagen.

The Niels Bohr Institute’s Centre for Quantum Devices (Qdev), headed by Professor Charles Marcus, will be pivotal in the collaboration between Microsoft and the University of Copenhagen.

By virtue of a new collaboration agreement with the University of Copenhagen, Microsoft is intensifying its investment at the Niels Bohr Institute. Microsoft employees will be working closely with the Institute’s researchers to develop and build the world’s first general-purpose, scalable quantum computer. The task for the Microsoft employees is to turn knowledge gained from research into tangible reality. The announcement of this deepened partnership, which includes the expansion of facilities at the University’s North Campus, will further establish Niels Bohr’s Copenhagen as a global epicentre for quantum mechanics in perfect alignment with the vision of Greater Copenhagen as a global hub for science and innovation.

“The University of Copenhagen’s quantum research contributes to placing Danish research at the very top, which was evidenced today by the IT giant, Microsoft, expanding its investment in a Quantum development centre in Denmark. It’s a perfect example of how a university can create value in collaboration with the business sector from all over the world,” says the Danish Minister for Higher Education and Science, Søren Pind.

Basic research and business meet

For Thomas Bjørnholm, Prorector for Research and Innovation at the University of Copenhagen, today’s multi-year agreement with Microsoft is the culmination of a sustained and extremely focused research partnership within quantum technology.

“When a company such as Microsoft chooses to situate and invest heavily into a research development center at the University of Copenhagen, it’s because we’ve had a significant focus on building up one of the world’s leading quantum research environments. We’re very proud of this and are confident that it will reinforce a strengthened perception of Denmark as an attractive destination for international investments,” the Prorector says.

It started with Bohr

The Niels Bohr Institute’s Centre for Quantum Devices (Qdev), headed by Professor Charles Marcus, will be pivotal in the collaboration between Microsoft and the University of Copenhagen. The research at the Institute draws on Niels Bohr’s own research into quantum physics and is amplified by Microsoft’s investment in state-of-the-art laboratories and specialized Quantum equipment and tools at the University of Copenhagen over the coming years. This, in turn, makes the University of Copenhagen and Denmark an increasingly attractive destination for global Quantum talent.

“The critical pillars for successful and productive Quantum research already exist at the University of Copenhagen – an aligned vision between Microsoft and the University, an exceptional team of top Quantum researchers, a broad and deep pool of post doctorate and student talent, and a solid baseline of facilities and equipment dedicated to Quantum research. We look forward to harnessing this to make impressive advancements in the research and development of a useful, scalable quantum computer capable of transforming the global economy and solving the world’s hardest problems,” says David Pritchard, Chief of Staff for the Artificial Intelligence and Research division at Microsoft.

One of four centres

Together with the effort and activities across Qdev and Microsoft, the other quantum research centres at the University of Copenhagen, including the Centre for Quantum Optics (Quantop), the Centre for Quantum Photonics, the Villum Centre for the Mathematics of Quantum Theory (Qmath) and the Quantum Innovation Centre (QuBiz), will augment the open Quantum research that the University will generate, further propelling the University into the global Quantum spotlight.

In addition to establishing ‘Station Q Copenhagen’ via this new chapter of Microsoft and the University’s partnership, Microsoft has also established partnerships with universities in the Netherlands, Australia and the United States. Station Q Copenhagen is one of only four prestigious experimental Station Q sites in the world, alongside Purdue University, Delft University of Technology, and the University of Sydney.

Computers based on quantum technology have the potential to solve and execute complex mathematical calculations much faster than any existing computer built with ordinary bits. Bits that are based on quantum particles, known as qubits, will –when stabilised and integrated into a computer– generate unprecedented performance. This will translate into the ability to create significant opportunities and tackle pressing challenges like global warming, material and drug design, IT security and encryption, and more.

Main points of the collaboration agreement

• Microsoft is establishing state-of-the-art Microsoft research and development laboratories at the University of Copenhagen North campus in close proximity to the Niels Bohr Institute.

• Presently, over a dozen Microsoft employees ranging from engineers to developers are situated at the University of Copenhagen. Over the course of the new long-term agreement, the size of this team will grow, partnered with University personnel in the development of a topological quantum computer.

• In addition to the multi-million dollar investment in state-of-the-art facilities and equipment, Microsoft is also committing to significant quantum research funding at the University of Copenhagen.

• The collaboration between the University of Copenhagen and Microsoft will be based at the Centre for Quantum Devices (Qdev) and helmed by Professor Charles Marcus. Charles Marcus is Microsoft’s Scientific Director of Station Q Copenhagen.

• An agreement capturing the elements of the collaboration has been signed covering the license rights to Microsoft and the University of Copenhagen. The agreement reflects the interests of the parties and takes into account applicable legislation and guidelines in this area.

The collaboration between the University of Copenhagen and Microsoft is a landmark example of the science and research made capable by joining public and private interests. Together, via this new phase of the partnership, the team is poised to make critical strides in topological quantum computing in furtherance of the quantum economy – locally and globally.

Contact

Prorector for Research and Innovation Thomas Bjørnholm tel.: + 45 28 75 18 35

Communications adviser Christian Hedegaard tel.: + 45 31 14 87 82



General availability of App Service on Linux and Web App for Containers

Applications are changing the pace of business today – from delivering amazing customer experiences, to transforming internal operations. To keep pace, developers need solutions that help them quickly build, deploy and scale applications without having to maintain the underlying web servers or operating systems. Azure App Service delivers this experience and currently hosts more than 1 million cloud applications. Using its powerful capabilities such as integrated CI/CD, deployment slots and auto scaling, developers can get applications to the end users much faster; and today we’re making it even better. 

I am pleased to announce that Azure App Service is now generally available on Linux, including its Web App for Containers capability. With this, we now offer built-in image support for ASP.NET Core, Node.js, PHP and Ruby on Linux, as well as provide developers an option to bring their own Docker formatted container images supporting Java, Python, Go and more.

In Azure, we continue to invest in providing more choices that help you maximize your existing investments. Supporting Azure App Service on Linux is an important step in that direction.

High productivity development

To accelerate cloud applications development, you can take advantage of the built-in images for ASP.NET Core, Node.js, PHP and Ruby, all running on Linux, letting you focus on your applications instead of infrastructure. Just select the stack your web app needs, we will set up the application environment and handle the maintenance for you. If you want more control of your environment, simply SSH into your application and get full remote access to administrative commands.

Web App

Pre-built packages including WordPress, Joomla and Drupal solutions are also available in Azure Marketplace and can be deployed with just a few clicks to App Service.

Ease of deployment

With the new App Service capability, Web App for Containers, you can get your containerized applications to production in seconds. Simply push your container image to Docker Hub, Azure Container Registry, or your private registry, and Web App for Containers will deploy your containerized application and provision required infrastructure. Furthermore, whenever required, it will automatically perform Linux OS patching and load balancing for you.

Docker Container

Apart from the portal, you also have the option to deploy to App Service using CLI or Azure Resource Management templates.

Built-in CI/CD, scale on demand

Azure App Service on Linux offers built-in CI/CD capabilities and an intuitive scaling experience. With a few simple clicks, you can integrate with GitHub, Docker Hub or Azure Container Registry, and realize continuous deployment through Jenkins, VSTS or Maven.

Deployment Slots let you easily deploy to target environments, swap staging to production, schedule performance and quality tests, and roll-back to previous versions with zero downtime.

After you promote the updates to production, scaling is as simple as dragging a slider, calling a REST API, or configuring automatic scaling rules. You can scale your applications up or down on demand or automatically, and get high availability within and across different geographical regions.

To get started with Azure App Service on Linux, check out the use cases and try App Service for free. Want to learn more? Sign up for our upcoming webinar focused on containerized applications. You can also join us and thousands of other developers at Open Source Summit North America. For more information and updates, follow @OpenAtMicrosoft. 

Azure IoT Hub Device Provisioning Service is now in public preview – Internet of Things

Setting up and managing Internet of Things (IoT) devices can be a challenge of the first order for many businesses. That’s because provisioning entails a lot of manual work, technical know-how, and staff resources. And certain security requirements, such as registering devices with the IoT hub, can further complicate provisioning.

During the initial implementation, for instance, businesses have to create unique device identities that are registered to the IoT hub and install individual device connection credentials, which enable revocation of access in event of compromise. IT staff also may want to maintain an enrollment list that controls what devices are allowed to automatically provision.

Wouldn’t it be great if there was a secure, automated way to remotely deploy and configure devices during registration to the IoT hub—and throughout their lifecycles? With Microsoft’s IoT Hub Device Provisioning Service (DPS), now in public preview, you can.

In a post on the Azure blog, [Title], Sam George explains how the IoT Hub Device Provisioning Service can provide zero-touch provisioning that eliminates configuration and provisioning hassles when onboarding IoT devices that connect to Azure services. This allows businesses to quickly and accurately provision millions of devices in a secure and scalable manner. In fact, IoT Hub Device Provisioning Service simplifies the entire device lifecycle management through features that enable secure device management and device reprovisioning. Next year, we plan to add support for ownership transfer and end-of-life management.

DPS is now available in the Eastern U.S., Western Europe, and Southeast Asia. To learn more about how Azure IoT Hub Device Provisioning Service can take the pain out of deploying and managing an IoT solution in a secure, reliable way, read our blog post announcing the public preview. And for technical details, check out Microsoft’s DPS documentation center.

Tags: Announcement, Azure IoT Hub, Device Provisioning Service

Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene

In the first six months of 2017, ransomware threats reached new levels of sophistication. The same period also saw the reversal of a six-month downward trend in ransomware encounters. New ransomware code was released at a higher rate with increasing complexity. Two high-profile ransomware incidents brought cybersecurity to the forefront of mainstream conversations as the impact of attacks was felt around the world by organizations and individuals alike.

The recently released Microsoft Security Intelligence Report summarizing movements in different areas of the threat landscape in the first quarter of the year showed the continued global presence of ransomware. The highest encounter rates, defined as the percentage of computers running Microsoft real-time security products that report blocking or detecting ransomware, were registered in the Czech Republic, Korea, and Italy from January to March 2017.

Sustained ransomware campaigns and high-profile attacks continued to highlight the need for advanced comprehensive cybersecurity strategy. In this blog entry, we share our key observations on the ransomware landscape and offer insights on what can be learned from trends and developments so far in 2017.

Ransomware growth rallies

In March of 2017, the volume of ransomware encounters started to pick up again after several months of decline. The growth is driven to a certain extent by sustained activities from established ransomware operations like Cerber, with an onslaught of attacks powered by ransomware-as-a-service.

Figure 1. Total ransomware encounters by month, July 2016-June 2017 (source: Ransomware FAQ page)

In part, this surge is also driven by the emergence of new ransomware families, which are being released into the wild at a faster rate. In the first half of 2017, we discovered 71 new ransomware families, an increase from the 64 new families we found in the same period in 2016.

Some of these new ransomware families stand out because they exhibit new behaviors that make them more complex. For instance, the latest Microsoft Security Intelligence Report shows that in March 2017, two-month old Spora overtook Cerber as the most prevalent ransomware family.

Figure 2. Trends for several commonly encountered ransomware families in 1Q17, by month (source: Microsoft Security Intelligence Report 22)

Spora’s quick rise to the top may be traced to its capability to spread via network drives and removable drives, such as USB sticks. Initial versions targeted Russia and featured a ransom note in the local language. It has since gone global, spreading to other countries with a ransom note in English.

Other notable new ransomware families in 2017 include Jaffrans, Exmas, and Ergop. While these families have not quite achieved the prevalence of Spora, they show signs of persistence and periodic improvements that are observed in older, successful families.

Microsoft protects customers from new and emerging ransomware like Spora using a combination of advanced heuristics, generics, and machine learning, which work together to deliver predictive, real-time protection. In a recent blog post, we demonstrated how we could better protect from never-before-seen ransomware with enhancements to the Windows Defender Antivirus cloud protection service.

The rise of global ransomware outbreaks

WannaCrypt (also known as WannaCry) is one of the most well-known new ransomware to surface so far this year. It emerged in May carrying an exploit for a patched vulnerability and quickly spread to out-of-date Windows 7 computers in Europe and later the rest of the world (the exploit did not affect Windows 10). The attack left several impacted organizations, high-tech facilities, and other services affected in its aftermath.

Only a few weeks after the WannaCrypt outbreak, a new variant of Petya wreaked havoc in June. This Petya variant applied some of the propagation techniques used by WannaCrypt, but incorporated more methods to spread within a network. The outbreak started in Ukraine, where a compromised supply-chain delivered the ransomware through a software update process. The Petya infections swiftly spread to other countries in the course of a few hours. Petya’s impact was not as widespread as the WannaCrypt outbreak; however, as our in-depth analysis of Petya revealed, its upgrades made it so much more complex and caused more damage to organizations affected.

WannaCrypt and Petya defied the trend of more targeted and localized attacks and became the first global malware attacks in quite a while. They generated worldwide mainstream interest. Interestingly, this attention might have added more challenges for attackers. For instance, the Bitcoin wallets used in these attacks were closely monitored by security researchers.

WannaCrypt and Petya showed that ransomware attacks powered by sophisticated exploits on a global scale can be particularly catastrophic. Global attacks emphasize the need to avert ransomware epidemics by enabling responders to detect, respond to, and investigate attacks so infections can be contained and not allowed to swell. Security patches need to be applied as soon as they become available.

Figure 3. Global distribution of ransomware encounters by month, January-June 2017

Increasing sophistication

The trend of global outbreaks is likely a result of more techniques incorporated by ransomware. WannaCrypt, Petya, Spora, and other new ransomware variants sported new capabilities that allowed them to spread faster and wreak more havoc than other malware.

Lateral movement using exploits

Spora’s aforementioned ability to spread via network drives and removable drives made it one of the most widespread ransomware. Though it was not the first ransomware family to integrate a worm-like spreading mechanism, it was able to use this capability to infect more computers.

With worm capabilities, ransomware attacks can have implications beyond endpoint security, introducing challenges to enterprise networks. This was particularly true for WannaCrypt, which spread by exploiting a vulnerability (CVE-2017-0144, dubbed EternalBlue, previously patched in security update MS17-010), affecting networks with out-of-date computers.

Petya expanded on WannaCrypt’s spreading mechanism by exploiting not one, but two vulnerabilities. Apart from CVE-2017-0144, it also exploited CVE-2017-0145 (known as EternalRomance, and fixed in the same security update as EternalBlue), affecting out-of-date systems.

These two attacks highlighted the importance of applying security patches as they become available. They likewise highlight the importance of immediately detecting and stopping malicious behavior related to exploits.

It is important to note that the EternalBlue and EternalRomance exploits did not affect Windows 10, underscoring the benefits of upgrading to the latest, most secure version of platforms and software. Even if the exploits were designed to work on Windows 10, the platform has multiple mitigations against exploits, including zero-days. In addition, Windows Defender Advanced Threat Protection (Windows Defender ATP) detects malicious activities resulting from exploits without the need for signature updates.

Credential theft

One of Petya’s more noteworthy behaviors is its credential-stealing capability, which it does either by using a credential dumping tool or by stealing from the Credential Store. This capability poses a significant security challenge for networks with users who sign in with local admin privileges and have active sessions opens across multiple machines. In this situation, stolen credentials can provide the same level of access the users have on other machines.

The Petya outbreak is testament to the importance of credential hygiene. Enterprises need to constantly review privileged accounts, which have unhampered network access and access to corporate secrets and other critical data. Credential Guard uses virtualization-based security to protect derived domain credentials and stop attempts to compromise privileged accounts.

Network scanning

Armed with exploits or stolen credentials, ransomware can spread across networks through network scanning. For example, Petya scanned affected networks to establish valid connections to other computers. It then attempted to transfer copies of the malware using stolen credentials. Petya also scanned for network shares in an attempt to spread through those shares.

WannaCrypt, on the other hand, ran massive scanning of IP addresses to look for computers that are vulnerable to the EternalBlue exploit. This gave it the ability to spread to out-of-date computers outside the network. Network defenders can uncover and stop unauthorized network scanning behaviors.

Destructive behavior

In most ransomware cases, the attacker motivation is clear: victims need to pay the ransom or never gain back access to encrypted files. While there is no guarantee that files are decrypted after payment is made, most ransomware infections make their intention clear through a ransom note. In August, WannaCrypt actors wrapped up their campaign by withdrawing ransom pain in Bitcoins from online wallets.

Petya behaved like other ransomware in this aspect. Attackers emptied the Petya online wallets earlier in July. However, Petya had far more destructive routines: it overwrote or damaged the Master Boot Record (MBR) and Volume Boot Record (VBR), rendering affected computers unusable. This started a conversation about whether this Petya variant was primarily a ransomware like WannaCrypt or a destructive cyberattack like Depriz (also known as Shamoon).

Figure 4. Petya incorporated complex behaviors not typical of ransomware

The debate is not settled, but the Petya attack does raise an important point—attackers can easily incorporate other payloads into ransomware code to facilitate targeted attacks and other types of destructive cyberattacks. As the threat of ransomware escalates, enterprises and individuals alike need a sound cybersecurity strategy and a protection suite that will defend against the end-to-end ransomware infection process.

Integrated end-to-end security suite against ransomware

With high-profile global outbreaks and other notable trends, the first six months of 2017 can be considered one of the more turbulent periods in the history of ransomware. The observations we summarized in this blog highlight the potency of the ransomware threat. Unfortunately, given the trends, we may see similarly sophisticated or even more complex attacks in the foreseeable future. More importantly, however, we should learn from these attacks and developments, because they highlight the areas of cybersecurity that need to be improved and reevaluated.

At Microsoft, we’re always hard at work to continuously harden Windows 10 against ransomware and other attacks. In the upcoming Windows 10 Fall Creators Update, we will integrate Microsoft security solutions into a powerful single pane of glass—centralized management that will allow customers to consume, manage, and integrate security for devices in the network. Windows Defender ATP will be expanded to include seamless integration across the entire Windows protection stack. The suite of tools will include the new Windows Defender Exploit Guard and Windows Defender Application Guard, as well as the enhanced Windows Defender Device Guard and Windows Defender AV.

Today, Windows 10 Creators Update has next-gen technologies that protect against ransomware attacks.

Figure 5. Windows 10 end-to-end protection stack (source: Next-gen ransomware protection with Windows 10 Creators Update)

Windows 10 has multiple exploit mitigations, including control flow-guard for kernel (kFCG), kernel mode code integrity (KMCI), better kernel address space layout randomization (KASLR), NX HAL, and PAGE POOL (non-executable kernel regions). These mitigations help make Windows 10 resilient to exploit attacks, such as those used by WannaCrypt and Petya.

Intelligent Security Graph and machine learning

Security built into Windows 10 is powered by the Microsoft Intelligent Security Graph, which correlates signals from billions of sensors. Unique insights from this vast security intelligence enable Microsoft to deliver real-time protection through Windows Defender AV, Windows Defender ATP, and other next-gen security technologies.

The increasing magnitude and complexity of ransomware require advanced real-time protection. Windows Defender AV uses precise machine learning models as well as generic and heuristic techniques, improved detection of script-based ransomware, and enhanced behavior analysis to detect common and complex ransomware code. Using the cloud protection service, Windows Defender AV provides real-time protection. In recent enhancements, the cloud protection service can make a swift assessment of new and unknown files, allowing Windows Defender AV to block new malware the first time it is seen.

Windows Defender Advanced Threat Protection empowers SecOps personnel to stop ransomware outbreaks in the network. Both WannaCrypt and Petya showed how critical it is to detect, investigate, and respond to ransomware attacks and prevent the spread. Windows Defender ATP’s enhanced behavioral and machine learning detection libraries flag malicious behavior across the ransomware infection process. The new process tree visualization and improvements in machine isolation further help security operations to investigate and respond to ransomware attacks.

Online safety with Microsoft Edge and Office 365 Advanced Threat Protection

Microsoft Edge can help block ransomware infections from the web by opening pages within app container boxes. It uses reputation-based blocking of downloads. Its click-to-run feature for Flash can stop ransomware infections that begin with exploit kits.

To defend against ransomware attacks that begin with email, Microsoft Exchange Online Protection (EOP) uses built-in anti-spam filtering capabilities that help protect Office 365 customers. Office 365 Advanced Threat Protection helps secure mailboxes against email attacks by blocking emails with unsafe attachments, malicious links, and linked-to files leveraging time-of-click protection. Outlook.com anti-spam filters also provide protection against malicious emails.

Virtualization-based security and application control

Credential Guard can protect domain credentials from attacks like Petya, which attempted to steal credentials for use in lateral movement. Credential Guard uses virtualization-based security to protect against credential dumping.

Enterprises can implement virtualization-based lockdown security, which can block all types of unauthorized content. Windows Defender Device Guard combines virtualization-based security and application control to allow only authorized apps to run. Petya, whose first infections were traced back to a compromised software update process, was blocked on devices with Device Guard enabled.

Microsoft-vetted security with Windows 10 S and more security features in Windows 10 Fall Creators Update

Devices can achieve a similar lockdown security with Windows 10 S, which streamlines security and performance by working exclusively with apps from the Windows Store, ensuring that only apps that went through the Store onboarding, vetting, and signing process are allowed to run.

All of these security features make Windows 10 our most secure platform. Next-gen security technologies in Windows 10 provide next-gen protection against ransomware.

Figure 6. Windows 10 next-gen security

But the work to further harden Windows 10 against ransomware and other threats continues. Expect more security features and capabilities in the upcoming Windows 10 Fall Creators Update.

Tanmay Ganacharya (@tanmayg)

Principal Group Manager, Windows Defender Research


Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community.

Follow us on Twitter @MMPC and Facebook Microsoft Malware Protection Center

What story does your timeline tell? Introducing the Timeline Storyteller custom visual for Microsoft Power BI | Microsoft Power BI Blog | Microsoft Power BI

Use the new Timeline Storyteller custom visual in a report, and win a Power BI Super Swag Prize Pack! See details.

——————————————————————————–

Timeline Storyteller, a new custom visual for Power BI I created with a team of other researchers at Microsoft, is now available in the Office Store for anyone to use.

Alberto Cairo, Knight Chair at the University of Miami and renowned data visualization professor, author, designer and practitioner, shared his thoughts on the new visual after seeing it presented at a recent Microsoft event.

When humans began transforming information and pictures to enhance understanding, two of the first things they visualized were space and time. Timeline Storyteller is the latest landmark in a tradition that spans centuries, and what a great accomplishment it is,” says Cairo.

The work on this visual began in 2015 when we drew on our expertise in information visualization and data-driven storytelling and set out to explore ways to help people tell expressive data stories with timelines while maintaining perceptual and narrative effectiveness.

People have been using timelines for centuries to visually communicate stories about sequences of events, from historical and biographical data, to project plans and medical records. From hand-drawn illustrations to contemporary infographics, storytellers have employed a wide range of visual forms for communicating with timelines. Depending on how a timeline is drawn, different types of insights and temporal characteristics can be emphasized, including periodicity and synchronicity.

In recent years, there has been an emergence of interactive timeline visualization tools used for data-rich presentations and storytelling, especially within the data journalism community. Yet, most of these presentation tools adopt the linear, chronological timeline design popularized by Joseph Priestley in the late 18th century, and thus lack the expressivity to communicate a range of timeline narratives or allow viewers to visualize timeline data themselves in new and interesting ways.

timeline2
The linear, chronological form of Joseph Priestley’s Chart of Biography (1765 has dominated the design of contemporary timelines. Click to enlarge. (Source: https://en.wikipedia.org/wiki/A_Chart_of_Biography)

We conducted a survey of hundreds of timelines published over the course of history from a broad range of sources including timeline visualization tools and visualization techniques proposed in academic research literature, as well as bespoke dataset-specific interactive timelines and timeline infographics.

We identified 14 design choices characterized by three dimensions: representation, scale, and layout. Representation, which refers to the overall shape of the path across the display, is the most visually salient aspect of a timeline. Scale is used to convey relations between events (e.g. order, duration, & synchronicity), and refers to the correspondence between temporal distances and distances on the display. Layout is used to communicate relations between groups of events, and describes how the timeline is partitioned into separate regions of the display. Given these dimensions, we also identified viable combinations of representation, scale, and layout that correspond to different narrative purposes. This design space for timelines became the basis for the initial design of Timeline Storyteller.

timeline1
The 14 design choices characterized by three dimensions (representation, scale, and layout) for expressive storytelling with timelines.

Timeline Storyteller is a flexible tool that enables designers, journalists, and scientists to visualize time in multiple ways, some clear and straightforward —my preferred ones— others quirky and expressive. It’s a very flexible and easy to use tool that fills an underserved niche,” says Cairo.

The data storytelling tool was developed to realize the expressive potential of the timeline design space, combining a wide range of visual design ideas with modern techniques for presenting, annotating, and interacting with data. To create a data story with Timeline Storyteller, an author creates a series of scenes, where each scene has a unique filter state, design specification, and a set of associated annotations, images, and captions. Additionally, Timeline Storyteller uses animated transitions between the scenes of a story to promote a cohesive and engaging storytelling experience.

Timeline Storyteller was initially released as a standalone web application in January 2017. Within the next few months, I demonstrated Timeline Storyteller at the Tapestry data storytelling Conference and at OpenVisConf, a practitioner conference centered on visualizing data on the web. Meanwhile at Microsoft, we partnered with the Power BI product team as well as Principal Researcher Chris White and his team to bring Timeline Storyteller to Power BI as a custom visual. Following in the footsteps of SandDance, a custom visual for Power BI that originated as a Microsoft Research project, we worked to make the custom visual available to Power BI users for free in the Office Store. Both Timeline Storyteller and SandDance are examples of the growing library of custom visuals that provide experiences beyond Power BI’s out-of-the-box visualization types and set Power BI apart as a robust tool for data storytelling.

Throughout the development process of the Timeline Storyteller custom visual, we were motivated and informed by clients’ timeline stories. Using the initial prototype version of Timeline Storyteller, we worked with the UK National Trust to produce a timeline story about some of the most famous historic sites in their portfolio. During James Phillips’ keynote at the 2017 Data Insights Summit, the National Trust’s Jon Townsend presented this story, providing an audience of thousands with a first glimpse of the storytelling capabilities of the new custom visual.

We have continued to showcase Timeline Storyteller in stories ranging from the history of the U.S. Open golf tournament to the progress of Artificial Intelligence at a variety of industry events.

See how 2016 U.S Open champion Dustin Johnson stacks up against previous tournament winners.

We are seeing a lot of excitement and interest in the Timeline Storyteller custom visual for Power BI. For the first time, a single visual can help people tell stories about the history of epidemics spanning centuries, the development of severe hurricanes over the past several decades, or even the daily routines of famous creative people. Timeline Storyteller is of particular interest to data journalists, and has been featured on several industry sites including Storybench and Visualizing Data.

We understand that interactive, data-rich stories are in high demand, and that journalists need to be able to easily create unique data stories that not only inform and educate, but also engage and entertain. Power BI is a powerful data storytelling tool, and with Timeline Storyteller, journalists can now visualize a sequence of events in a compelling way using the large palette of design options that Timeline Storyteller provides. Plus, with Power BI publish to web functionality, journalists can easily publish their interactive timeline stories to their website, reaching an unlimited number of readers with the scale of the Microsoft cloud.

Tools like Timeline Storyteller serve another purpose: they bridge the gap between code and presentation. Many graphic designers and journalists aren’t able to code visualizations from scratch. Timeline Storyteller, and other tools like it, abstract creation process through a graphical user interface and, at the same time, allow people to customize the results in an almost unlimited manner,”  says Cairo.

We encourage you to keep learning more about how Power BI can be used to tell your data stories.

[embedded content]

How we secure your data in Azure AD

Howdy folks,

With all the breaches of cloud identity services over the last few years, we get a lot of questions about how we secure customer data. So today’s blog is a dive into the details of how we protect customer data in Azure AD.

Datacenter and Service Security

Let’s start with our datacenters. First, all of Microsoft’s datacenter personnel must pass a background check. All access to our datacenters is strictly regulated and every entry and exit are monitored. Within these datacenters, the critical Azure AD services that store customer data are located in special locked racks—their physical access is highly restricted and camera-monitored 24 hours a day. Furthermore, if one of these servers is decommissioned, all disks are logically and physically destroyed to avoid data leakage.

Next, we limit the number of people who can access the Azure AD services, and even those who do have access permissions operate without these privileges day-to-day when they sign in. When they do need privileges to access the service, they need to pass a multi-factor authentication challenge using a smartcard to confirm their identity and submit a request. Once the request is approved, the users privileges are provisioned “just-in-time”. These privileges are also automatically removed after a fixed period of time and anyone needing more time must go through the request and approval process again.

Once these privileges are granted, all access is performed using a managed admin workstation (consistent with published Privileged Access Workstation guidance). This is required by policy, and compliance is closely monitored. These workstations use a fixed image and all software on the machine is fully managed. To minimize the surface area of risks, only selected activities are allowed, and users cannot accidentally circumvent the design of the admin workstation since they don’t have admin privileges on the box. To further protect the workstations, any access must be done with a smartcard and access to each one is limited to specific set of users.

Finally we maintain a small number (fewer than five) of “break glass” accounts. These accounts are reserved for emergencies only and secured by multi-step “break glass” procedures. Any use of those accounts is monitored, and triggers alerts.

Threat detection

There are several automatic checks we do regularly, every few minutes to ensure things are operating as we expect, even as we are adding new functionality required by our customers:

  • Breach detection: We check for patterns that indicate breach. We keep adding to this set of detections regularly. We also use automated tests that trigger these patterns, so we are also checking if our breach detection logic is working correctly!
  • Penetration tests: These tests run all the time. These tests try to do all sorts of things to compromise our service, and we expect these tests to fail all the time. If they succeed, we know there is something wrong and can correct it immediately.
  • Audit: All administrative activity is logged. Any activity that is not anticipated (such as an admin creating accounts with privileges) causes alerts to be triggered that cause us to do deep inspection on that action to make sure it not abnormal.

And did we say we encrypt all your data in Azure AD? Yes, we do – we use BitLocker to encrypt all Azure AD identity data at rest. What about on the wire? We do that as well! All Azure AD APIs are web-based using SSL through HTTPS to encrypt the data. Access to information is restricted through token-based authorization and each tenant’s data is only accessible to accounts permitted in that tenant. In addition, our internal APIs have the added requirement to use SSL client/server authentication on trusted certificates and issuance chains.

A final note

Azure AD is delivered in two ways, and this post described security and encryption for the public service delivered and operated by Microsoft. For similar questions about our National Cloud instances operated by trusted partners, we welcome you to reach out to your account teams.

(Note: As a simple rule of thumb, if you manage or access your Microsoft Online services through URLs ending with .com, this post describes how we protect and encrypt your data.)

The security of your data is a top priority for us and we take it VERY seriously. I hope you found this overview of our data encryption and security protocol reassuring and useful.

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of Program Management

Microsoft Identity Division

Here’s a 3-minute guide to get started with Minecraft: Education Edition |

Minecraft: Education Edition is an open-world game that promotes creativity, collaboration, and problem-solving in an immersive environment where the only limit is your imagination. Over the last year, the Education Blog has shared how Minecraft can help your students learn to code with Code Builder, or how it might help them shed their shells and explore a virtual horizon together.

We want you to feel that creativity and spirit of discovery for yourself soon, so we’ve put together a 3-minute step-by-step video tutorial for introducing Minecraft: Education Edition into your classroom today. You’ll also catch some tips on how you can take advantage of our Minecraft: Education Edition website, which features tutorials, lesson plans and guidance from other educators.

[embedded content]

One more thing: Beyond our offer of a free trial, you can check out our Minecraft: Education Edition sign-up page to learn how you can receive a one-year, single-user subscription for Minecraft: Education Edition for each new Windows 10 device purchased for your K-12 school.

Democratizing technology for an inclusive revolution – Asia News Center

Tuminez points to the Seeing AI app, which is designed for the blind and low vision community. The app uses artificial intelligence and the phone’s camera to perform a number of useful functions including the reading of documents, identifying products at the supermarket, and recognizing people based on their faces.

“This technology gives the visually impaired hope, allowing them to work as professionals, or just to function in everyday life”, she adds.

The M-Powered platform, active in Thailand, Malaysia, Indonesia and Vietnam, is another instance of technology being leveraged to empower the disabled and other marginalized groups. Through a partnership between the public and private sector, the M-Powered portal helps users pick up skills relevant to the digital economy and, eventually, qualify for jobs. Besides a range of e-learning modules, users will also get access to online and in-person mentoring and job listings.  In Malaysia, where the government has a declared policy to have at least 1% of civil service jobs go to People with Disability (PWD), the M-Powered portal will help prepare a pool of potentially qualified workers that can fill the government’s need.

Microsoft has partnered with Genashtim, an online tech support business and a Certified B Corporation, to design, build and launch most of the M-Powered portals. Interestingly, 90% of Genashtim’s employees are disabled, including those who are blind, deaf or wheel-chair bound. They are part of its growing workforce. The brainchild of Thomas Ng, Genashtim proves that PWD, through their own strength, talent and persistence, can be successful professionals living full lives and contributing to their families and countries.

[embedded content]

The LV Prasad Eye Institute in India is another example of technology, especially the cloud, being used for public good. The institute has treated over 20 million patients with cataracts, which is a leading cause of blindness. It uses Microsoft’s Azure cloud platform to both store and analyze data to drive clinical interventions for pre-emptive care. Through the digitization of medical records, information such as socio-economic data can be used to pinpoint the required procedures more effectively and improve patient outcomes.

The 4th Industrial Revolution has also cast a spotlight on technology’s role in the push for gender equality. According to a study by the World Economic Forum, the impact of the digital economy is likely to be disproportionately negative for women. Knowing this, Tuminez is passionate about ensuring women having equal access to opportunities.

“There is often a misconception that technology and careers related to science, technology engineering, and mathematics (STEM) are only for men and mainly involve engineering work. But this isn’t true,” Tuminez explains.

This slideshow requires JavaScript.

One of the first steps is to expose young girls and women to coding, and inspire them to pursue STEM education so that they develop confidence and interest in these subjects. They will then be more likely to pursue, or consider, a career in the science and tech industries, she believes. In Myanmar, for example, Microsoft works with the Myanmar Book Aid and Library Preservation Foundation to train young women, aged 16-20 and affiliated with libraries throughout the country, in digital literacy and technology. In Cambodia, Microsoft supports Passerelles Numeriques, which trains young women and men for two years in technology, English and values. When they graduate, they have a 100% employment rate.

Technology has the power not only to transform lives, but also give hope and even protect vulnerable populations.

In China, it is being used to help parents find their missing children, of which there are tens of thousands in the country. “We had a recent case, where a father nearly four years ago lost his then 14-year-old son, who had Down syndrome and was unable to speak. They were in a restaurant, the father went to use the bathroom, and, when he returned, his son had disappeared,” shares Tuminez.

Junxiu Wang reunited with his son after a search of nearly four years

It was an agonizing search for the father, who eventually turned to Baby Come Home, a leading nonprofit organization dedicated to finding missing children. The NPO worked with Microsoft, which had developed an application called Photo Missing Children, or PhotoMC – powered by its publicly available facial recognition technology.

Baby Come Home used a photo the father provided to scan a government database of 13,000 images of children living in shelters across the country. Within seconds, a list of 20 possible matches were found, leading eventually to the happy reunion of father and son.

Tuminez believes there is a role for everyone to play in democratizing technology so that all communities can access its benefits and opportunities.

“Businesses, governments and non-profit organizations must come together with a shared vision, relentless passion, and pragmatic thinking to help improve the human condition. Only then will it be possible to drive more inclusive and truly shared growth in Asia,” Tuminez says.