Cybersecurity company McAfee on Tuesday announced McAfee Mvision Cloud for Containers, a product intended to help organizations ensure security and compliance of their cloud container workloads.
Mvision Cloud for Containers integrates container security with McAfee’s cloud access security broker (CASB) and cloud security posture management (CSPM) tools, according to the company.
“Data could … move between SaaS offerings, IaaS custom apps in various CPSs, containers and hybrid clouds. We want security to be consistent and predictable across the places data live and workloads are processed. Integrating CASB and CSPM allows McAfee to provide consistent configuration policies and DLP/malware scanning that does not restrict the flexibility of the cloud,” said John Dodds, a director of product management at McAfee.
According to Andras Cser, vice president and principal analyst for security and risk management at Forrester, when it comes to evaluating a product like Mvision, it’s worth looking at factors such as “price, cost of integration, level of integration between acquired components and coverage of the client’s applications.”
Mvision Cloud uses the zero-trust model application visibility and control capabilities by container security startup NanoSec for container-based deployments in the cloud. McAfee acquired NanoSec in September in a move to expand its container cloud security offerings.
Mvision Cloud for Containers builds on the existing McAfee Mvision Cloud platform, integrating cloud security posture management and vulnerability scanning for container workloads so that security policies can be implemented across different forms of cloud IaaS workloads, according to the company.
Other features of McAfee Mvision Cloud for Containers include:
Cloud security posture management: Ensures the container platforms run in accordance with Center for Internet Security and other compliance standards by integrating configuration audit checks to container workloads.
Container images vulnerability scanning: Identifies weak or exploitable elements in container images to reduce the application’s risk profile.
DevOps integration: Ensures compliance and secures container workloads; executes security audits and vulnerability scanning to identify risk and send security incidents and feedback to developers within the build process; and monitors and prevents configuration drift on production deployments of the container workloads.
The U.S. and the U.K. announced criminal charges and sanctions against alleged members of the Russian threat group Evil Corp, which is responsible for the Dridex malware.
The U.S. Department of Justice indicted Maksim Yakubets, 32, of Russia on counts of computer hacking and bank fraud. The State Department offered up to $5 million for information leading to the arrest and/or conviction of Yakubets, who is the alleged leader of Evil Corp. Additionally, the DOJ indicted Igor Turashev, 38, in relation to the Dridex banking Trojan.
The Department of Treasury announced sanctions against Evil Corp, which has been active since 2009 and has been connected to the Zeus, Bugat and Dridex malware. According to the Treasury Department announcement, “Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.”
Assistant Attorney General Brian Benczkowski of the Justice Department’s criminal division noted in the DOJ press release that the U.K. National Crime Agency (NCA) was “crucial” in efforts to identify Yakubets and other members of Evil Corp.
The DOJ unsealed two indictments — one filed on Nov. 12 in the Western District of Pennsylvania and one filed Nov. 14 in the District of Nebraska. The former indictment named both Yakubets and Turashev in multiple fraud attempts using Dridex malware beginning in Nov. 2011, including an attempted transfer of $999,000 from the Sharon City School District and an attempt to transfer nearly $2.2 million from Penneco Oil. In total, the indictment filed in Pennsylvania included 10 charges of conspiracy, fraud and intentional damage to a computer.
The indictment filed in Nebraska only named Yakubets and listed 21 businesses and local government offices targeted across the country, nine of which were financial institutions, and covered incidents dating back to 2009.
According to the DOJ, Yakubets went by the handle “aqua” online. A case from the District of Nebraska charged a John Doe “also known as ‘aqua'” and resulted in the extradition of two Ukrainian nationals from the U.K. to the U.S. in 2014. Those Ukrainians had previously been convicted in the U.K of laundering money for Evil Corp.
The Treasury Department said that its sanctions target “17 individuals and seven entities to include Evil Corp, its core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group.” The announcement went on to name Denis Gusev as a senior member of Evil Corp, as well as entities owned or controlled by Gusev, six other members of the group and eight known financial facilitators.
These actions are not the first taken against Dridex malware threat actors. In October 2015, the DOJ indicted Andrey Ghinkul in connection with spreading the malware. Ghinkul was arrested in August 2015 in Cyprus and extradited to the U.S. in February 2016.
At the time, Brad Duncan, security researcher at Rackspace, noted that Dridex incidents had disappeared in September following Ghinkul’s arrest, but new instances of the malware began appearing again before the DOJ announced the indictment.
In October 2015, both the FBI and NCA set up sinkholes in efforts to stop the malware from connecting to command and control servers. But by January 2016, IBM security researchers confirmed a new version of Dridex malware was targeting banks in the U.K.
Earlier this year, Chronicle released the results of a five-year study into crimeware, which included looking at arrests made in connection with Zeus and Dridex malware, and found that law enforcement takedown attempts had only short-lived impacts if the masterminds behind such crimeware were not apprehended.
Microsoft on Thursday announced a new Office 365 benefit, offering enterprise-sized nonprofit customers free additional Office 365 F1 seats for their volunteers.
The new Office 365 benefit enables nonprofit customers who have Enterprise Agreements with Microsoft to receive 10 free Office 365 F1 seats for their volunteers per licensed Microsoft 365 E3 or E5 seat. Office 365 F1 includes applications for email, calendars, team collaboration, messaging, intranet, file storage and sharing. Nonprofits with 250 or more users in their organization are eligible for the Enterprise Agreement. The offer starts Jan. 1, according to the company.
Microsoft Cloud Solution Providers will be able to offer the Volunteer Use Benefit to customers directly via the Cloud Solution Provider Channel in spring 2020, according to the company.
This is not the first time Microsoft has donated or provided services for free. Some of their collaboration software programs, such as Exchange, OneDrive, SharePoint and Teams, are available to qualified nonprofits. “But it does mark a significant expansion of access for nonprofits who already pay for Office 365. Keep in mind that Microsoft has long had steep discounts for students and educators, as well,” said Nicole France, principal analyst and vice president at Constellation Research.
The recent move is motivated by several factors, she said. “One is certainly ‘keeping up with the Joneses’ or Salesforces, as the case may be, in terms of publicizing and extending support for the nonprofit sector,” France said.
Another factor has to do with the way Microsoft wants to be perceived by current and potential employees, especially millennials, France said. “We know that this demographic group in particular — an increasingly important one, in terms of recruiting and retention — is strongly motivated by an employer’s mission in the world, not just its commercial business. I suspect this is a significant part of the rationale for giving the nonprofit sector some additional love and attention.”
Lastly, she said, the offering addresses the pressing need for nonprofits to provide appropriate tools to their large numbers of volunteers.
Several software-defined WAN vendors have announced integration with Amazon Web Services’ Transit Gateway. For SD-WAN users, the integrations promise simplified management of policies governing connectivity among private data centers, branch offices and AWS virtual networks.
Stitching together workloads across cloud and corporate networks is complex and challenging. AWS tackles the problem by making AWS Transit Gateway the central router of all traffic emanating from connected networks.
Cisco, Citrix Systems, Silver Peak and Aruba, a Hewlett Packard Enterprise Company, launched integrations with the gateway this week. The announcements came after AWS unveiled the AWS Transit Gateway at its re:Invent conference in Las Vegas.
SD-WAN vendors lining up quickly to support the latest AWS integration tool didn’t surprise analysts. “The ease and speed of integration with leading IaaS platforms are key competitive issues for SD-WAN for 2020,” said Lee Doyle, the principal analyst for Doyle Research.
By acting as the network hub, Transit Gateway reduces operational costs by simplifying network management, according to AWS. Before the new service, companies had to make individual connections between networks outside of AWS and those serving applications inside the cloud provider.
The potential benefits of Transit Gateway made connecting to it a must-have for SD-WAN suppliers. However, tech buyers should pay close attention to how each vendor configures its integration.
“SD-WAN vendors have different ways of doing things, and that leads to some solutions being better than others,” Doyle said.
What the 4 vendors are offering
Cisco said its integration would let IT teams use the company’s vManage SD-WAN controller to administer connectivity from branch offices to AWS. As a result, engineers will be able to apply network segmentation and data security policies universally through the Transit Gateway.
Aruba will let customers monitor and manage connectivity either through the Transit Gateway or Aruba Central. The latter is a cloud-based console used to control an Aruba-powered wireless LAN.
Silver Peak is providing integration between the Unity EdgeConnect SD-WAN platform and Transit Gateway. The link will make the latter the central control point for connectivity.
Finally, Citrix’s Transit Gateway integration would let its SD-WAN orchestration service connect branch offices and data centers to AWS. The connections will be particularly helpful to organizations running Citrix’s virtual desktops and associated apps on AWS.
Last summer we announced Microsoft Research Open Data—an Azure-based repository-as-a-service for sharing datasets—to encourage the reproducibility of research and make research data assets readily available in the cloud. Among other things, the project started a conversation between the community and Microsoft’s legal team about dataset licensing. Inspired by these conversations, our legal team developed a set of brand new data use agreements and released them for public comment on Github earlier this year.
Today we’re excited to announce that Microsoft Research Open Data will be adopting these data use agreements for several datasets that we offer.
Diving a bit deeper on the new data use agreements
The Open Use of Data Agreement (O-UDA) is intended for use by an individual or organization that is able to distribute data for unrestricted uses, and for which there is no privacy or confidentiality concern. It is not appropriate for datasets that include any data that might include materials subject to privacy laws (such as the GDPR or HIPAA) or other unlicensed third-party materials. The O-UDA meets the open definition: it does not impose any restriction with respect to the use or modiﬁcation of data other than ensuring that attribution and limitation of liability information is passed downstream. In the research context, this implies that users of the data need to cite the corresponding publication with which the data is associated. This aids in findability and reusability of data, an important tenet in the FAIR guiding principles for scientific data management and stewardship.
We also recognize that in certain cases, datasets useful for AI and research analysis may not be able to be fully “open” under the O-UDA. For example, they may contain third-party copyrighted materials, such as text snippets or images, from publicly available sources. The law permits their use for research, so following the principle that research data should be “as open as possible, as closed as necessary,” we developed the Computational Use of Data Agreement (C-UDA) to make data available for research while respecting other interests. We will prefer the O-UDA where possible, but we see the C-UDA as a useful tool for ensuring that researchers continue to have access to important and relevant datasets.
Datasets that reflect the goals of our project
The following examples reference datasets that have adopted the Open Use of Data Agreement (O-UDA).
Location data for geo-privacy research
Microsoft researcher John Krumm and collaborators collected GPS data from 21 people who carried a GPS receiver in the Seattle area. Users who provided their data agreed to it being shared as long as certain geographic regions were deleted. This work covers key research on privacy preservation of GPS data as evidenced in the corresponding paper, “Exploring End User Preferences for Location Obfuscation, Location-Based Services, and the Value of Location,” which was accepted at the Twelfth ACM International Conference on Ubiquitous Computing (UbiComp 2010). The paper has been cited 147 times, including for research that builds upon this work to further the field of preservation of geo-privacy for location-based services providers.
Hand gestures data for computer vision
Another example dataset is that of labeled hand images and video clips collected by researchers Eyal Krupka, Kfir Karmon, and others. The research addresses an important computer vision and machine learning problem that deals with developing a hand-gesture-based interface language. The data was recorded using depth cameras and has labels that cover joints and fingertips. The two datasets included are FingersData, which contains 3,500 labeled depth frames of various hand poses, and GestureClips, which contains 140 gesture clips (100 of these contain labeled hand gestures and 40 contain non-gesture activity). The research associated with this dataset is available in the paper “Toward Realistic Hands Gesture Interface: Keeping it Simple for Developers and Machines,” which was published in Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems.
Question-Answer data for machine reading comprehension
Finally, the FigureQA dataset generated by researchers Samira Ebrahimi Kahou, Adam Atkinson, Adam Trischler, Yoshua Bengio and collaborators, introduces a visual reasoning task for research that is specific to graphical plots and figures. The dataset has 180,000 figures with 1.3 million question-answer pairs in the training set. More details about the dataset are available in the paper “FigureQA: An Annotated Figure Dataset for Visual Reasoning” and corresponding Microsoft Research Blog post. The dataset is pivotal to developing more powerful visual question answering and reasoning models, which potentially improve accuracy of AI systems that are involved in decision making based on charts and graphs.
The data agreements are a part of our larger goals
Microsoft Research Open Data project was conceived from the start to reflect Microsoft Research’s commitment to fostering open science and research and to achieve this without compromising the ethics of collecting and sharing data. Our goal is to make it easier for researchers to maintain provenance of data while having the ability to reference and build upon it.
The addition of the new data agreements to Microsoft Research Open Data’s feature set is an exciting step in furthering our mission.
Acknowledgements: This work would not have been possible without the substantial team effort by — Dave Green, Justin Colannino, Gretchen Deo, Sarah Kim, Emily McReynolds, Mario Madden, Emily Schlesinger, Elaine Peterson, Leila Stevenson, Dave Baskin, and Sergio Loscialo.
Aviso announced version 2.0 of its artificial intelligence guided sales platform last week. The new version is aimed at lowering costs and reducing the time that sales reps spend working on CRM databases by providing them with AI tools that predict deal close probabilities and guide next best actions.
Algorithmic-guided selling using AI technology and existing sales data to guide sellers through deals is a new but increasingly popular technology. Nearly 51% of sales organizations have already deployed or plan to deploy algorithmic-guided selling in the next five years, according to a 2019 Gartner survey.
Aviso’s 2.0 sales platform uses AI tools to prioritize sales opportunities and analyze data from sources including CRM systems, emails, user calendars, chat transcripts and support and success tools to deliver real-time insights and suggest next best action for sales teams. The support and success tools are external offerings that Aviso’s platform can connect with, including customer support tools like Zendesk or Salesforce Service Cloud, and customer success tools like Gainsight or Totango, according to Amit Pande, vice president of marketing at Aviso.
The forecasting and sales guidance vendor claims the new version will help sales teams close 20% more deals and reduce spending on non-core CRM licenses by 30% compared with conventional CRM systems. The cost reduction calculation is based on “the number of non-core licenses that can be eliminated, as well as additional costs such as storage and add-ons that can be eliminated when underutilized or unused licenses are eliminated,” Pande said.
According to Aviso, new AI-based features in version 2.0 of its sales platform include:
Deal Execution Tools, a trio of tools meant to assist in finalizing deals. Bookings Timeline uses machine learning to calculate when deals will close based on an organization’s unique history. Each booking timeline also includes the top factors that influence the prediction. Opportunity Acceleration helps sales teams determine which opportunities carry the highest probability of closing early if they are pulled into the current quarter. Informed Editing is intended to limit typos and unsaved changes during entry of data. The tool gives users contextual help before they commit to edits, telling them what quarter or whose forecast they are updating. Changes and edits are automatically saved by the software.
Deal and Forecast Rooms enable users to do what-if analysis, use scenario modeling and automatically summarize forecast calls and deal review transcripts.
Coaching Rooms help sales managers improve sales rep performance with data from past and current deals and from team activity in Deal and Forecast Rooms.
Nudges provide reminders for sales reps through an app on mobile devices. Nudges also offer recommendation for course corrections, and potential next steps based on insights from the specific deal.
Aviso’s 2.0 sales platform is currently in beta with select customers.
Cybersecurity company FireEye has been using the Aviso platform for several years and is among the selected customers. Andy Pan, director of Americas and public sector sales operations at FireEye, said the Aviso platform has helped FireEye operate in a more predictive measure through some of its new AI-driven features. “The predictive features helps us review both the macro business as a whole, and the deal-specific features provides guided pathways towards the inspection of deals.”
Other sales forecasting tools vendors in the market include Salesforce and Clari. Sales forecasting feature from Salesforce enables organizations to make forecasts specific to their needs and let managers track their team’s performance. Clari’s product includes features such as predictive forecasting, which uses AI-based projection to see the team’s achievement at the end of the quarter, and history tracking to see who last made changes to the forecast.
In August 2019, Microsoft announced the general availability of a new Managed Disks tier: Ultra Disk Storage. The new offering represents a significant step up from the other Managed Disks tiers, offering unprecedented performance and sub-millisecond latency to support mission-critical workloads.
The Ultra Disk tier addresses organizations reluctant to move data-intensive workloads to the cloud because of throughput and latency requirements.
According to Microsoft, Azure Ultra Disk Storage makes it possible to support these workloads by delivering next-generation storage technologies geared toward performance and scalability, while providing you with the convenience of a managed cloud service.
Understanding Azure Ultra Disk
Managed Disks is an Azure feature that simplifies disk management for infrastructure-as-a-service storage. A managed disk is a virtual hard disk that works much like a physical disk, except that the storage is abstracted and virtualized. Azure stores the disks as page blobs, in the form of random I/O storage objects.
To use managed disks, you only have to provision the necessary storage resources and Azure does the rest, deploying and managing the drives.
Azure offers four Managed Disks tiers: Standard HDD, Standard SSD, Premium SSD and the new Ultra Disk Storage, which also builds on SSD technologies. Ultra Disk SSDs support enterprise-grade workloads driven by systems such as MongoDB, SQL Server, SAP HANA and high-performing, mission-critical applications. The latest storage tier comes with configurable performance attributes, making it possible to adjust IOPS and throughput to meet evolving performance requirements.
Azure Ultra Disk Storage implements a distributed block storage architecture that uses NVMe to support I/O-intensive workloads. NVMe is a host controller interface and storage protocol that accelerates data transfers between data center systems and SSDs over a computer’s high-speed PCIe bus.
Along with the new storage tier, Azure introduced the virtual disk client (VDC), a simplified client that runs on the compute host. The client has full knowledge of the virtual disk metadata mappings in the Azure Ultra Disk cluster. This knowledge enables the client to communicate directly with the storage servers, bypassing the load balancers and front-end servers often used to establish initial disk connections.
With earlier Managed Disk storage tiers, the route was much less direct. For example, Azure Premium SSD storage is dependent on the Azure Blob storage cache. As a result, the compute host runs the Azure Blob Cache Driver, rather than the VDC. The driver communicates with a storage front end, which, in turn, communicates with partition servers. The partition servers then talk to the stream servers, which connect to the storage devices.
The VDC, on the other hand, supports a more direct connection, minimizing the number of layers that read and write operations traverse, reducing latency and increasing performance.
Deploying Ultra Disk Storage
Azure Ultra Disk Storage lets you configure capacity, IOPS and throughput independently, providing the flexibility necessary to meet specific performance requirements. For capacity, you can choose a disk size ranging from 4 GiB to 64 TiB, and you can provision the disks with up to 300 IOPS per GiB, to a maximum of 160,000 IOPS per disk. For throughput, Azure supports up to 2,000 MB per second, per disk.
Ultra Disk Storage makes it possible to utilize a VM’s maximum I/O limits using only a single ultra disk, without needing to stripe multiple disks. You can also configure disk IOPS or throughput without detaching the disk from the VM or restarting the VM. Azure automatically implements the new performance settings in less than an hour.
To deploy Ultra Disk Storage, you can use the Azure Resource Manager, Azure CLI or PowerShell. Ultra Disk Storage is currently available in three Azure regions: East US 2, North Europe and Southeast Asia. Microsoft plans to extend to other regions, but the company has not provided specific timelines. In addition, Ultra Disk Storage supports only the ESv3 and DSv3 Azure VMs.
Azure Ultra Disk handles data durability behind the scenes. The service is built on Azure’s locally redundant storage (LRS), which maintains three copies of the data within the same availability zone. If an application writes data to the storage service, Azure will acknowledge the operation only after the LRS system has replicated the data.
When implementing Ultra Disk Storage, you must consider the throttling limits Azure places on resources. For example, you could configure your VM with a 16-GiB ultra disk at 4,800 IOPS. However, if you’re working with a Standard_D2s_v3 VM, you won’t be able to take full advantage of the storage because the VM gets throttled to 3,200 IOPS as a result of its limitations. To realize the full benefits available to Ultra Disk Storage, you need hardware that can support its capabilities.
Where Ultra Disk fits in the Managed Disk lineup
Azure Managed Disks simplify disk management by handling deployment and management details behind the scenes. Currently, Azure provides the following four storage options for accommodating different workloads.
The Standard HDD tier is the most basic tier, providing a reliable, low-cost option that supports workloads in which IOPS, throughput and latency are not critical to application delivery. For this reason, the Standard HDD tier is well suited to backup and other non-critical workloads. The maximum disk size for this tier is 32,767 GiB, the maximum IOPS is 2,000 and the maximum throughput is 500 MiB per second.
The Standard solid-state drive tier offers a step up from the Standard HDD tier to support workloads that require better consistency, availability, reliability and latency. The Standard SSD tier is well suited to web servers and lightly used applications, as well as development and testing environments. The maximum disk size for this tier is 32,767 GiB, the maximum IOPS is 6,000 and the maximum throughput is 750 MiB per second.
Prior to the release of the Ultra Disks tier, the Premium SSD tier was the top offering in the Managed Disks stack. The Premium tier is geared toward production and performance-sensitive workloads that require greater performance than the lower tiers. This tier can benefit mission-critical applications that support I/O-intensive workloads. The maximum disk size for this tier is 32,767 GiB, the maximum IOPS is 20,000 and the maximum throughput is 900 MiB per second.
The Ultra Disks tier is the newest Managed Disks service available to customers. The new tier takes performance to the next level, delivering high IOPS and throughput, with consistently low latency. Customers can dynamically change performance settings without restarting their VMs. The Ultra Disks tier targets data-intensive applications such as SAP HANA, Oracle Database and other transaction-heavy workloads. The maximum disk size for this tier is 65,536 GiB, the maximum IOPS is 160,000 and the maximum throughput is 2,000 MiB per second.
Because Ultra Disk Storage is a new Azure service, it comes with several limitations. The service is available in only a few regions and works with only a couple types of VMs. Additionally, you cannot attach an ultra disk to a VM running in an availability set. The service also does not support snapshots, VM scale sets, Azure disk encryption, Azure Backup or Azure Site Recovery. You can’t convert an existing disk to an ultra disk, but you can migrate the data from an existing disk to an ultra disk.
Despite these limitations, Azure Ultra Disk Storage could prove to be an asset to organizations that plan to move their data-intensive applications to the cloud. No doubt Microsoft will continue to improve the service, extending their reach to other regions and addressing the lack of support for other Azure data services, but that hasn’t happened yet, and some IT teams might insist that these issues be resolved before they consider migrating their workloads. In the meantime, Ultra Disk Storage promises to be a service worth watching, especially for organizations already committed to the Azure ecosystem.
Today at the Microsoft Ignite conference in Orlando, Florida, we announced new Microsoft 365 innovations in six key investment areas: productivity, knowledge, workflow, security, compliance, and management. Microsoft 365 is the world’s productivity cloud, and the consistent theme across these new features is how we’re using artificial intelligence (AI) to deliver amazing new experiences that push the boundaries of productivity. From new Microsoft Teams enhancements to the first new service we’ve launched since Teams, we have a lot to share with you—so let’s get to the news.
Microsoft 365’s productivity tools use AI to help people create, collaborate, analyze, write, present, organize, and manage their work. Our innovations in core productivity are focused on two opportunities: creating entirely new experiences that take advantage of the latest innovations and breathing new life into familiar apps and experiences with powerful cloud services.
Microsoft Teams is the hub for teamwork. In response to requests from Teams customers, we’re pleased to announce Private channels, Multiwindow chats, meetings and calls, pinned channels, and task integration with To Do and Planner. We’re improving collaboration capabilities between Outlook and Teams, making it easy to send an email thread to a Teams channel for further discussion.
And we’re bringing the Yammer app into Teams, adding the ability for users to pin the app to the left-hand rail and making Teams the hub for both focused team collaboration and broad, open communities. We are also delivering new industry-tailored innovations and experiences including tools for Healthcare and Firstline workers. Healthcare providers can now schedule and conduct B2C virtual consultations through Teams with new Virtual Consults capabilities, and new features like SMS Sign-In and Global Sign-Out make it quick and easy for Firstline workers to securely access Teams from their mobile devices.
The all-new Microsoft Edge offers the enterprise new tab page, where you’ll have direct access to your Microsoft 365 files, sites, and intranet search, making every tab you open a portal to productivity. And with the new Microsoft Search in Bing integration, searching for information at work is as easy as searching the web. You can now access files, people, office floorplans, acronym definitions, and more company information from across your Microsoft 365 ecosystem right from the search bar.
Finally, Microsoft Edge is now available across all your devices—including Windows 10, Windows 8x, Windows 7, macOS, iOS, and Android. Your passwords and favorites will roam seamlessly across all your devices—and with native Azure Active Directory (Azure AD) sign-in, you can search for work files right from your phone.
The Office mobile app
We all want to be able to work on the go from mobile devices and we’re always looking to simplify and improve the experience. Today, we’re announcing a new mobile experience for Office that combines three of the suite’s most popular apps—Word, Excel, and PowerPoint—into a single go-to app for mobile productivity. Now you no longer need to download each app separately and will have everything you need to be productive on the go. And with the new Actions pane, you can intuitively complete a variety of common on-the-go tasks, such as creating and signing PDFs and sharing files between devices.
At Build 2019, we announced Fluid Framework, a new technology and set of experiences that will make collaboration seamless by breaking down the barriers between apps. It offers three key capabilities. First, experiences powered by the Fluid Framework will support multi-person coauthoring on web and document content at industry-leading speed and scale. Second, it provides a componentized document model that allows authors to deconstruct content into collaborative building blocks, use them across applications, and combine them in a new, more flexible kind of document. Third, the Fluid Framework makes room for intelligent agents to work alongside humans to translate text, fetch content, suggest edits, perform compliance checks, and more.
Today, we are announcing a public preview of the Fluid Framework end user experience and a private preview for developers. Over time, we expect these capabilities to light up in experiences across Microsoft 365, including within chat in Teams, mail in Outlook, portals in SharePoint, notes in OneNote, and documents in Office.
We’re using AI to bring you personalized experiences in Outlook and making Cortana your personal productivity assistant. Today, we announced Play My Emails in Outlook for iOS to help you catch up and act on emails hands-free. With new natural voice and language recognition, Cortana can intelligently read out your new emails and share changes to your day. A masculine voice option is also now available with Play My Emails, further customizing your personal productivity assistant experience. We’re also announcing that Scheduler in Outlook is shipping in preview; you can use it to hand off scheduling meetings and coordinating participants to Cortana.
Beginning next month, Cortana can also help you prepare for your day by sending you a briefing email that includes a summary of your meetings, relevant documents for your day, and reminders to follow up on commitments you’ve made in email.
AI in Office
You’re busy and have a lot on your mind—and even more on your to-do list. We get it, and over the past year, we brought the magic of AI to Office to help you get more done. With innovations that include entering data into Excel with a digital pen, audio transcription in Word—which converts a new or existing audio file into a written transcription—and Presenter Coach in PowerPoint (in public preview for the web), which helps business professionals, teachers, and students become more effective presenters, we committed to enlightening Office with AI to help you be more productive.
Today our journey continues. Now Excel supports natural language queries, so users can now ask a question of their data, just like they would if they were talking to a person, and get quick answers—all without having to write a formula. Available to Office Insiders, this new natural language ability is another step towards making data insights and visualization more approachable and accessible to users with various levels of Excel experience.
We’re also making it easier for you to plan time away from work and continue to improve your work best practices. For example, MyAnalytics can help you prepare for time off by automating out of office notification setup, informing collaborators of your time away, resolving meetings you’ll miss, and more. Integrated into the Insights pane in Outlook, MyAnalytics is now able to encourage best practices like booking meetings promptly, adding an agenda, and meeting follow ups, and adding new AI-powered suggestions in Outlook that allow you to delay email delivery when working outside the recipient’s working hours.
Last week, we announced a major step toward achieving our new vision for project management with the general availability of the new Microsoft Project. The new Project offers a redesigned user experience that is simple and intuitive. Teams can quickly add new members and set up tasks, and then easily switch between grids, boards, or timeline (Gantt) charts to track progress. And because Project is part of the Microsoft 365 family, project teams can save time and do more with built-in connections to familiar apps like Teams and Office. In addition, the new service provides greater visibility into your projects and powerful tools to help you anticipate future needs. Create stunning interactive reports in Power BI, so you can visualize every aspect of each project at a glance. And get the big picture view of all your projects across your organization with visual, interactive cards.
Over the next year, we’ll release more exciting capabilities in the new Project, including resource management, budget analysis, and time and expense tracking. These powerful features will enable you to streamline more complex initiatives and help your business maximize ROI.
We’re excited to announce a brand-new investment area for Microsoft 365—knowledge. Moving your productivity infrastructure to the cloud has many benefits, including cost savings and streamlined operations. But it also unlocks new scenarios. Using AI, Microsoft 365 will now be able to identify, organize, and deliver knowledge across your organization—providing just the right information at just the right time. Productivity isn’t just about being more efficient. It’s also about aggregating and applying the collective knowledge of your organization so that together you can achieve more.
Today, we’re announcing Project Cortex, the first new service in Microsoft 365 since the launch of Teams. Project Cortex uses AI to create a knowledge network that reasons over your organization’s data and automatically organizes it into shared topics like projects and customers. It also delivers relevant knowledge to people across your organization through topic cards and topic pages in the apps they use every day.
In addition, Project Cortex enables business process efficiency by turning your content into an interactive knowledge repository—with innovations in smart content ingestion—to analyze documents and extract metadata to create sophisticated content models; machine teaching, to allow subject matter experts to teach the system how to understand semi-structured content; and knowledge retrieval, to make it easy for people to access the valuable knowledge that’s so often locked away in documents, conversations, meetings, and videos. Building on the content you already have in SharePoint, Project Cortex connects content across Microsoft 365 and external systems and enables you to manage information and streamline processes with built-in security, compliance, and workflow.
The new Yammer
Yammer has been completely redesigned, with dozens of new capabilities that empower people to connect, build communities, and share knowledge across the organization. The new Yammer delivers a beautiful, intelligent experience across devices and introduces new integrations with Teams, SharePoint, and Outlook. You can now use Yammer to broadcast live and on-demand events with a streamlined production option that uses webcams and desktop sharing. And you can also share video shorts directly from the Yammer mobile app. In addition, we’ve now centralized e-Discovery, data governance, and Yammer administration in the Microsoft 365 admin center.
Today, we announced new innovations for Microsoft Search to enhance productivity; empower greater discovery of information, insights, and people; develop search driven applications; and extend the benefits of Microsoft Search to content outside of Microsoft 365. We recognize search works best when it brings together information from across your organization. Now with over 100 new Microsoft Search connectors from Microsoft and our partners, you can consolidate information from disparate system into a single search experience in Microsoft 365.
In addition, you can use our new Graph APIs to develop custom applications on top of Microsoft Search to tailor search to your organizations’ needs. We’re also bringing more powerful search experiences to Microsoft 365, including advanced people search using attributes and skills, video search, acronym search, and semantic search.
Video is an increasingly powerful medium for capturing and sharing knowledge and learning. Microsoft Stream applies AI to unlock the content in video—including meeting recordings—with automatic transcription. AI also powers the new voice enhance feature, allowing you to focus on the spoken word by reducing background noise. And now people can create short videos from mobile devices and share in Yammer, Teams, and PowerApps, mainstreaming video as the new content type for communications and learning.
Workplace Analytics is making it even easier to gain knowledge about the way people work and its impact on business and organizational outcomes. Business leaders will get at-a-glance insights to quickly understand and improve meeting culture, manager practices, organizational networks, and customer relationships. Industry benchmarks help contextualize common patterns that influence productivity, such as focus time and the ability to unplug outside of working hours. We also enriched the analyst toolset. AI-driven process analysis uses key words like “quarterly business review” to shed light on time and resources invested in specific business activities, enabling improvement over time.
Workflow innovations empower you to streamline and improve business processes with little or no code. This approach not only saves time and money, it also ensures process automation is done by the people who are closest to the way things actually work.
Power Platform integration with Teams
With Power Platform, users can automate routine tasks, create custom apps, and easily engage with data. Power Platform integration with Teams makes these tools more discoverable and accessible to users and unlocks a conversational approach to streamlining productivity scenarios—from managing approvals directly in chat to pinning a custom app where a team needs it.
Today, we announced new features to enhance these capabilities. Power Apps creators can now publish their apps as Teams apps, and users will be able to pin those apps to their left rail in Teams. We’re also adding new Power Automate triggers and actions, allowing users to streamline the completion of common team and personal tasks, such as setting custom message actions and sending notifications. And coming soon, rich Power BI previews in Teams chat and an enhanced Power BI tab will allow users to see all their data in Teams and effortlessly discuss data, to speed data-driven decision making.
Office Scripts simplifies clunky processes and automates repetitive tasks so you can work less while doing more. Today, we introduced scripting in Excel, a new process automation feature that allows you to record your actions inside a workbook and save it to a script. The saved script can then be integrated with Power Automate and scheduled to run automatically or integrate with a larger flow. Office Scripts will be available as a public preview by the end of the year.
New AI-powered features make it easy for you to secure your organization’s valuable assets while empowering employees to collaborate freely.
Any customer with any Azure AD plan, including a free plan, can now use the Microsoft Authenticator app for secure, passwordless access to both Microsoft and non-Microsoft apps. Passwords continue to be the weakest link in cybersecurity. With Azure AD and Microsoft Authenticator, enterprises can go passwordless for a great user experience and lower support costs while also implementing two-factor or multi-factor authentication (MFA) for greater security. Deploying MFA reduces the risk of phishing and other identity-based attacks by 99.9 percent and is the best thing you can do to improve your security. Customers with more than 150 seats can also now contact Microsoft to set up the capability via FastTrack.
New value in Azure AD
Azure AD Cloud Provisioning now makes it easier to move identities to the cloud by eliminating the need for an on-premises sync server though a lightweight on-premises agent. This enables provisioning from multiple, disconnected on-premises Active Directory (AD) forests and harnesses the power of the cloud to tackle common directory challenges like sync complexity and data transformation logic. This capability addresses one of the top needs for large enterprise customers that manage complex organizations or mergers and acquisitions and enables greater availability and decreases implementation and operation costs.
Microsoft Defender Advanced Threat Protection (ATP)
Microsoft Defender ATP endpoint detection and response (EDR) capabilities are now available in preview for Mac OS devices. We’ll be adding support for Linux servers next. This is part of our commitment to extending multi-platform coverage in our threat protection solutions. Our customers depend on Microsoft for world-class endpoint protection and EDR capabilities for Windows, and most large organizations manage a complex mix of technology platforms, including several operating systems. They need coverage for the full breadth of their environment. This ongoing investment gives them the breadth of coverage they need, with a single unified view for administrators and security operations professionals, enabling enterprise-wide investigation and response to security incidents.
Application Guard for Office
Now available in private preview, Application Guard for Office provides hardware-level and container-based protection against potentially malicious Word, Excel, and PowerPoint files. It utilizes Microsoft Defender ATP to establish whether a document is either malicious or trusted.
Simplify and automate risk management with new innovations that use AI as a force multiplier to keep you one step ahead of the increasingly complex compliance requirements and ever-evolving insider threats.
Insider Risk Management
A staggering 53 percent of organizations have experienced an insider attack in the last 12 months. The effort required to identify these risks and violations is not trivial, and it requires effective collaboration across security, human resources (HR), and legal—as well as a balanced approach across privacy and risk management. Today, we announced Insider Risk Management in Microsoft 365 to help organizations quickly identify and remediate insider threats, risks, and code of conduct policy violations across Office, Windows, Azure and third-party apps such as HR systems. Insider Risk Management leverages the Microsoft Graph and other services to intelligently correlate multiple signals to identify hidden patterns and potential risks, and provide real-time insight into file activity, communications sentiment, and abnormal user behaviors. Insider Risk Management includes a set of configurable playbooks tailored specifically for risks—such as digital IP theft and confidentiality breach—to help you effectively identify threats and take action. We also designed for privacy, so display names for risky users can be anonymized by default at early stages of investigation.
It’s more important than ever to have the knowledge and tools you need to work across compliance and risk management teams to effectively assess and monitor risks. To help you implement more effective data protection controls, we’re announcing the public preview of Microsoft Compliance Score, which enables you to simplify and automate risk assessments. With Microsoft Compliance Score, you can now continuously assess and monitor data protection controls, get clear guidance on how to improve the score, and leverage the built-in control mapping to scale your compliance efforts across regulations and standards.
Even if you’re not an expert in complex regulations like General Data Protection Regulation (GDPR) or ISO 27001, you can still quickly learn the actions needed for compliance and contribute towards progress. We also introduced new assessments for California Consumer Privacy Act (CCPA), and for other GDPR-style regulations. Compliance Score is available now in public preview for all Microsoft 365 enterprise plans in the Microsoft 365 compliance center.
With new management innovations, Microsoft 365 puts the cloud and AI to work to help you set-up, secure, monitor, and manage all your devices.
Microsoft Endpoint Manager
Microsoft Endpoint Manager is an integrated solution to centrally and securely manage all the endpoints in your technology estate. Bringing together Microsoft Intune and System Center Configuration Manager functionality and data—plus new intelligent actions and analytics—Endpoint Manager delivers seamless, end-to-end management for Windows, Android and Apple devices, apps, and policies without the complexity of a migration or disruption to productivity. Look for Microsoft Endpoint Manager features and experiences to appear in the product over the coming months. And, to help ensure that all our customers are able to take advantage of Microsoft Endpoint Manager, we’re making Intune available to our existing SCCM customers for Windows PC management. Starting December 1, 2019, you can co-manage these devices in Microsoft Endpoint Manager, and start using cloud-powered features like Autopilot and Desktop Analytics.
Microsoft Productivity Score
Microsoft Productivity Score focuses on two areas: the Employee experience and the Technology experience. Both provide visibility into how your organization works, insights to identify where you can enable improved experiences, and actions you can take to update skills and systems—so everyone can do their best work.
The Employee experience shows you how Microsoft 365 is helping to create a productive and engaged workforce. By quantifying how people are collaborating on content, working from anywhere, developing a meeting culture, and communicating with each other, you can see the different ways that work gets done. Meanwhile, the Technology experience provides insights by assessing policies, device settings, and hardware and application performance within the organizational environment and recommends actions in Microsoft Endpoint Manager.
Managed Meeting Rooms
Productive meetings are essential to success in the modern workplace. Coupled with the rise in remote collaboration, business leaders increasingly associate more effective meetings with having the right meeting room technology and environment. Today, we’re announcing a private preview of Managed Meeting Rooms from Microsoft, a new offer for managing meeting rooms. This cloud-based IT management and security monitoring service ensures that Teams meeting rooms are secured, up to date, and proactively monitored for a great in-room experience. To date, we’ve been working with more than 100 customers to manage more than 1,500 meeting rooms. Now, a private preview is opening this experience to more of you! If you’re interested in participating, let us know.
You told us you want to improve your security posture by scoping admin permissions to only those needed to do their jobs. In fact, this is one of our top customer requests. We’re announcing new admin roles in Azure AD and the Microsoft 365 admin center to help you reduce the number of Global admins in your organization. For example, the Global reader role lets an admin view information across Microsoft 365, but does not allow the admin to change any settings or data. Now you can assign the Global reader role to admins in your organization to support reporting, planning, audits, and investigations, without having to grant a higher level of privileges than is necessary. The Global reader role can also be combined with other administrative roles (for example, Exchange admin) to more granularly control and scope the assignment of admin privileges in your organization.
You also told us that you want guidance from Microsoft for improving security and increasing admin efficiency. The Onboarding Hub, in the Microsoft 365 admin center’s setup area, includes new experiences to help you discover, learn about, and use features across Microsoft 365, including Azure AD and other admin portals such as the Security and Compliance Center. We provide intelligent recommendations—based on your current configuration and admin activities—to help you improve your security posture, maintain compliance with data regulations, keep apps up to date, and reduce costs.
New recommendations in the Microsoft 365 admin center (admin.microsoft.com).
Using the Global reader role to access the Onboarding Hub is a powerful and safe way to perform planning and auditing activities for Microsoft 365, as a Global reader can view and assess the recommendations, learn about implementation steps and user impact, and see current administrative assignments without making any tenant or configuration changes.
Office 365 Groups
Office 365 Groups is the membership service that powers collaboration and drives teamwork across Microsoft 365. It’s a core underpinning of more than 20 applications, including Teams, SharePoint, Outlook, Yammer, Microsoft Stream, and more. We’re pleased to announce a number of improvements to the Groups admin experience with new lifecycle management and compliance capabilities, including the ability to quickly create teams for a group, browse and restore deleted groups, edit the group email alias, and use sensitivity labels. You can also enable self-service group creation and management, which empowers users to create teams and Yammer channels that are controlled with guardrails and policies set by IT.
Send us your feedback
Every innovation we make with Microsoft 365, the world’s productivity cloud, is designed to help you and your organization unlock new forms of productivity to achieve more. We’re excited to share these new features with you, and look forward to your feedback and insights.
Threat Stack has announced Python support for its Threat Stack Application Security Monitoring product. The update comes with no additional cost as part of the Threat Stack Cloud Security Platform.
With Python support for Application Security Monitoring, Threat Stack customers who use Python with Django and Flask frameworks can ensure security in the software development lifecycle with risk identification of both third-party and native code, according to Tim Buntel, vice president of application security products at Threat Stack.
In addition, the platform also provides built-in capabilities to help developers learn secure coding practices and real-time attack blocking, according to the company.
“Today’s cloud-native applications are comprised of disparate components, including containers, virtual machines and scripts, including those written in Python, that serve as the connective tissue between these elements,” said Doug Cahill, senior analyst and group Practice Director, Cybersecurity at Enterprise Strategy Group. Hence, the lack of support for any one layer of a stack means a lack of visibility and a vulnerability an attacker could exploit.
Application Security Monitoring is a recent addition to Threat Stack Cloud Security Platform. Introduced last June, the platform is aimed at bringing visibility and protection to cloud-based architecture and applications. Threat Stack Cloud Security Platform touts the ability to identify and block attacks such as cross-site scripting (XSS) and SQL injection by putting the application in context with the rest of the stack. It also allows users to move from the application to the container or the host, where it is deployed with one click when an attack happens, according to the company.
“[Application Security Monitoring] … provides customers with full stack security observability by correlating security telemetry from the cloud management console, host, containers and applications in a single, unified platform,” Buntel said.
To achieve full stack security and insights from the cloud management console, host, containers, orchestration and applications, customers can combine Threat Stack Application Security Monitoring with the rest of the Threat Stack Cloud Security Platform, according to the company.
Cahill said customers should look for coverage of the technology stack as well as the lifecycle when looking to secure cloud-native applications, because such full stack and lifecycle support allows for threat detection and prevention capabilities “from the code level down to the virtual machine or container to be implemented in both pre-deployment stages and runtime.”
“Cloud security platforms, which integrate runtime application self-protection functionality with cloud workload protection platforms to provide full-stack and full lifecycle visibility and control, are just now being offered by a handful of cybersecurity vendors, including Threat Stack,” he added.
Threat Stack competitors include CloudPassage, Dome9 and Sophos. CloudPassage Halo is a security automation platform delivering visibility, protection and compliance monitoring for cybersecurity risks; the platform also covers risks in Amazon Web Services and Azure deployments, according to the company. CloudGuard Dome9 is a software platform for public cloud security and compliance orchestration; the platform helps customers assess their security posture, detect misconfigurations and enforce security best practices to prevent data loss, according to the company. Sophos Intercept X enables organizations to detect blended threats that merge automation and human hacking skills, according to the company.
Today, at the IoT Solutions World Congress, we announced that Azure Sphere will be generally available in February of 2020. General availability will mark our readiness to fulfill our security promise at scale, and to put the power of Microsoft’s expertise to work for our customers every day—by delivering over a decade of ongoing security improvements and OS updates delivered directly to each device.
Since we first introduced Azure Sphere in 2018, the IoT landscape has quickly expanded. Today, there are more connected things than people in the world: 14.2 billion in 2019, according to Gartner, and this number is expected to hit 20 billion by 2020. Although this number appears large, we expect IoT adoption to accelerate to provide connectivity to hundreds of billions of devices. This massive growth will only increase the stakes for devices that are not secured.
Recent research by Bain & Co. lists security as the leading barrier to IoT adoption. In fact, enterprise customers would buy at least 70 percent more IoT devices if a product addresses their concerns about cybersecurity. According to Bain & Co., enterprise executives, with an innate understanding of the risk that connectivity opens their brands and customers to, are willing to pay a 22 percent premium for secured devices.
Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. We believe that for innovation to deliver durable value, it must be built on a foundation of security. Our customers need and expect reliable, consistent security that will set innovation free. To deliver on this, we’ve made several strategic investments and partnerships that make it possible to meet our customers wherever they are on their IoT journey.
Delivering silicon choice to enable heterogeneity at the edge
By partnering with silicon leaders, we can combine our expertise in security with their unique capabilities to best serve a diverse set of customer needs.
MediaTek’s MT3620, the first Azure Sphere certified chip produced, is designed to meet the needs of the more traditional MCU space, including Wi-Fi-enabled scenarios. Today, our customers across industries are adopting the MT3620 to design and produce everything from consumer appliances to retail and manufacturing equipment—these chips are also being used to power a series of guardian modules to securely connect and protect mission-critical equipment.
In June, we announced our collaboration with NXP to deliver a new Azure Sphere certified chip. This new chip will be an extension of their popular i.MX 8 high-performance applications processor series and be optimized for performance and power. This will bring greater compute capabilities to our line-up to support advanced workloads, including artificial intelligence (AI), graphics, and richer UI experiences.
Earlier this month, we announced our collaboration with Qualcomm to deliver the first cellular-enabled Azure Sphere chip. With ultra-low-power capabilities this new chip will light up a broad new set of scenarios and give our customers the freedom to securely connect anytime, anywhere.
Streamlining prototyping and production with a diverse hardware ecosystem
Manufacturers are looking for ways to reduce cost, complexity, and time to market when designing new devices and equipment. Azure Sphere development kits from our partners at Seeed Studios and Avnet are designed to streamline the prototyping and planning when building Azure Sphere devices. When you’re ready to shift gears into production mode, there are a variety of modules by partners including AI-Link, USI, and Avnet to help you reduce costs and accelerate production so you can get to market faster.
Adding secured connectivity to existing mission-critical equipment
Many enterprises are looking to unlock new value from existing equipment through connectivity. Guardian modules are designed to help our customers quickly bring their existing investments online without taking on risk and jeopardizing mission-critical equipment. Guardian modules plug into existing physical interfaces on equipment, can be easily deployed with common technical skillsets, and require no device redesign. The deployment is fast, does not require equipment to be replaced before its end of life, and quickly pays for itself. The first guardian modules are available today from Avnet and AI-Link, with more expected soon.
Empowering developers with the right tools
Developers need tools that are as modern as the experiences they aspire to deliver. In September of 2018, we released our SDK preview for Visual Studio. Since then, we’ve continued to iterate rapidly, making it quicker and simpler to develop, deploy, and debug Azure Sphere apps. We also built out a set of samples and solutions on GitHub, providing easy building blocks for developers to get started. And, as we shared recently, we’ll soon have an SDK for Linux and support for Visual Studio Code. By empowering their developers, we help manufacturers bring innovation to market faster.
Creating a secure environment for running an RTOS or bare-metal code
As manufacturers transform MCU-powered devices by adding connectivity, they want to leverage existing code running on an RTOS or bare-metal. Earlier this year, we provided a secured environment for this code by enabling the M4 core processors embedded in the MediaTek MT3620 chip. Code running on these real-time cores is programmed and debugged using Visual Studio. Using these tools, such code can easily be enhanced to send and receive data via the protection of a partner app running on the Azure Sphere OS, and it can be updated seamlessly in the field to add features or to address issues. Now, manufacturers can confidently secure and service their connected devices, while leveraging existing code for real-time processing operations.
Delivering customer success
Deep partnerships with early customers have helped us understand how IoT can be implemented to propel business, and the critical role security plays in protecting their bottom line, brand, and end users. Today, we’re working with hundreds of customers who are planning Azure Sphere deployments, here are a few highlights from across retail, healthcare, and energy:
Starbucks—In-store equipment is the backbone of not just commerce, but their entire customer experience. To reduce disruptions and maintain a quality experience, Starbucks is partnering with Microsoft to deploy Azure Sphere across its existing mission-critical equipment in stores globally using guardian modules.
Gojo—Gojo Industries, the inventor of PURELL Hand Sanitizer, has been driving innovation to improve hygiene compliance in health organizations. Deploying motion detectors and connected PURELL dispensers in healthcare facilities made it possible to quantify hand cleaning behavior in a way that made it possible to implement better practices. Now, PURELL SMARTLINK Technology is undergoing an upgrade with Azure Sphere to deploy secure and connected dispensers in hospitals.
Leoni—Leoni develops cable systems that are central components within critical application fields that manage energy and data for the automotive sector and other industries. To make cable systems safer, more reliable, and smarter, Leoni uses Azure Sphere with integrated sensors to actively monitor cable conditions, creating intelligent and connected cable systems.
We want to empower every organization on the planet to connect and create secure and trustworthy IoT devices. While Azure Sphere leverages deep and extensive Microsoft heritage that spans hardware, software, cloud, and security, IoT is our opportunity to prove we can deliver in a new space. Our work, our collaborations, and our partnerships are evidence of the commitment we’ve made to our customers—to give them the tools and confidence to transform the world with new experiences. As we close in on the milestone achievement of Azure Sphere general availability, we are already focused on how to give our customers greater opportunities to securely shape the future.