Tag Archives: Apps

Electron framework flaw puts popular desktop apps at risk

A new vulnerability found in an app development tool has caused popular desktop apps made with the tool to inherit a risky flaw.

The Electron framework uses node.js and Chromium to build desktop apps for popular web services — including Slack, Skype, WordPress.com, Twitch, GitHub, and many more — while using web code like JavaScript, HTML and CSS. Electron announced that a remote code execution vulnerability in the Electron framework (CVE-

2018-1000006
) was inherited by an unknown number of apps.

Zeke Sikelianos, a designer and developer who works at Electron, wrote in a blog post that only apps built for “Windows that register themselves as the default handler for a protocol … are vulnerable,” while apps for macOS and Linux are not at risk.

Amit Serper, principal security researcher at Cybereason, said a flaw like the one found in the Electron framework “is pretty dangerous since it allows arbitrary command execution by a simple social engineering trick.”

A flaw like this is pretty dangerous since it allows arbitrary command execution by a simple social engineering trick.
Amit Serperprincipal security researcher at Cybereason

“Electron apps have the ability to register a protocol handler to make it easier to automate processes for the Electron apps themselves (for example, if you’ll click a link that starts with slack:// then Slack will launch. It makes it easier to automate the process of joining a Slack group,” Serper told SearchSecurity by email. “The vulnerability is in the way that the protocol handler is being processed by the Electron app, which allows an attacker to create a malicious link to an Electron app which will execute whatever command that the attacker wanted to run.”

Sikelianos urged developers to update apps to the most recent version of Electron as soon as possible.

There are more than 460 apps that have been built using the flawed Electron framework, but it is unclear how many of those apps are at risk and experts noted that code reviews could take a while.  

Security audits

Lane Thames, senior security researcher at Tripwire, said mechanisms for code reuse like software libraries, open source code, and the Electron framework “are some of the best things going for modern software development. However, they are also some of its worst enemies in terms of security.”

“Anytime a code base is in use across many products, havoc will ensue when (not if) a vulnerability is discovered. This is inevitable. Therefore, developers should ensure that mechanisms are in place for updating downstream applications that are impacted by the vulnerabilities in the upstream components,” Thames told SearchSecurity. “This is not an easy task and requires lots of coordination between various stakeholders. In a perfect world, code that gets used by many other projects should undergo security assessments with every release. Implementing a secure coding practice where every commit is evaluated at least with a security-focused code review would be even better.”

Serper said developers need to “always audit their code and be mindful to security.”

“However, in today’s software engineering ecosystem, where there is a lot of use of third party libraries it is very hard to audit the code that you are using since many developers today use modules and code that was written by other people, completely unrelated to their own project,” Serper said. “These are vast amounts of code and auditing third party code in addition to auditing your own code could take a lot of time.”

Justin Jett, director of audit and compliance at Plixer International Inc., a network analysis company based in Kennebunk, Maine, said the Electron framework flaw was significant, given that “affected applications like Skype, Slack, and WordPress are used by organizations to host and share their most critical information”

“If these applications were to be compromised, the impact could be devastating. Developers that use third-party frameworks, like Electron, should audit their code on a regular basis, ideally quarterly, to ensure they are using an up-to-date version of the framework that works with their application and has resolved any security issues from previous releases,” Jett told SearchSecurity. “Additionally, platform developers, like Electron, should complete routine audits on their software to ensure that the developers taking advantage of their platform don’t expose users to security vulnerabilities — vulnerabilities which, left unresolved, could cause profound damage to businesses that rely on these applications.”

Digital Design is Never Done – Microsoft Design – Medium


Digital Design is Never Done

How our team made Windows 10 Mail and Calendar apps more Fluent

Before and after animation of the redesigned app

Two years ago we introduced completely rewritten and redesigned Mail and Calendar apps in Windows 10. (Not the screens pictured above.) While the apps were functional and modern looking, they still lacked a more refined and delightful look and feel. In the “software as a service” era, we’re able to improve our features and designs with a cadence that customers have come to expect. Even before the 2015 release, we began thinking about the next app iterations.

Our early redesign set the goals to visually align with Windows, reduce chrome, give the app a fresh, more refined, and beautiful look, while raising the bar of “craftsmanship” (the internal name for our efforts). The team established design guidelines grounded in a purposeful use of typography, color, and motion, to convey a delightful and highly functional app.

Timing plays a part in every story

It wasn’t until early 2017, engineering resources became available to work on our redesign. About the same time, the Fluent team (code named NEON) was launching, and actively driving adoption of the new Fluent Design System into Microsoft apps. That meant we had a refreshed design challenge; (Thank you Satya) rethinking what we kept, what we left behind, and how we became more Fluent going forward.

While the Fluent launch was exciting, our team remained mindful that we were redesigning apps that had millions of users and fans. Altering things they were used to—like title bar, ribbon, and key functionality—had to be carefully considered. Obviously, we didn’t want to alienate our users, and we were not interested in any backwards steps in usability.

One insight we gained early on in user testing was that “different” did not necessarily mean “problem.”

Integrating fresh cues from early Fluent Design mail work with the aforementioned redesign ideas turned out to be fairly straightforward — as some of the overarching principles were already aligned. Even some of the Fluent design elements, namely “acrylic” with its translucent surface treatment, were already present in some form in our existing app (semi-transparent navigation pane).

Early “Craftsmanship” refresh for mail (never shipped)
Early “Craftsmanship” refresh for calendar (never shipped)

Fluent Mail & Calendar explorations

The design explorations coming from the recently launched Fluent team didn’t meet all of the requirements we had for our apps in terms of workflow, personalization, localization, accessibility, etc. Our team examined each of those requirements, applying aspects of the Fluent Design System into our own explorations.

The first Fluent design elements we looked to implement were “acrylic” which is the translucent, glassy surface treatment for panels and “reveal”, the light effect that appears on hover to reveal actionable elements. Each of them presented their own set of challenges and we remained in close communication with Fluent and the other Office teams, learning what worked and what didn’t.

Early exploration for Fluent Mail in light theme
Early Fluent exploration for Calendar
Experimenting with a blue top bar, aligning more to the Outlook brand

Acrylic — Background or no background, that is the question

Acrylic is a Fluent Design System component that allows incorporation of light, depth, motion, material, and scale into the UI. It adds a partially transparent texture (material) to certain UI elements like panes. With its introduction one natural question that arose was: “If I can see through it, what do I see? What is in the background?” Having already established a background picture as a default within our app we asked ourselves “Does our background clash with the desktop background? Are we going to get rid of our background picture in favor of the user’s desktop picture? What about other app windows in the background that might not look pretty? How does it work with (brand) colors?” This lead to an array of explorations.

Early “empty state”-explorations (when no email is selected) with the user’s desktop showing through the acrylic and wide panel margins
Later “empty state”-exploration with less translucency and another window showing through
Later “empty state”-exploration with in-app background picture

Ultimately, we decided in favor of the in-app background photo because we knew it delighted our users. It also reduced visual background clutter in the empty state when no email is selected. (However, our users have the options of changing the picture or turning it off in personalization settings.)

Reveal on white with “brickwork”-effect between panes did not work for us

To Reveal — or not to reveal?

Reveal is a lighting effect that brings depth and focus to interactive elements. By showing borders of controls and buttons on hover it reveals actionable elements and helps understanding the UI. While the concept of reveal is great- the devil is always in the details. In the first iteration reveal not only exposed interactive elements, but also exposed the borders of controls in neighboring panels and brought attention to previously invisible different alignments of controls. For example, elements in the left navigation pane didn’t necessarily align to elements in the message list because they scroll differently. That, in turn, created sort of a brickwork-effect visible with reveal that added more visual noise to the app, something we actually wanted to get rid of. So in order to avoid all that we decided to turn off reveal in the message list- only apply it on the navigation pane and also turn off reveal on vertical lines in the folder list.

“How do I move my window?”

A key part of the redesign was giving the user a clear information hierarchy and reducing visual clutter by removing the app window’s title bar. While not only aesthetically pleasing, it reduced the calls to action present on the screen and let the user focus on their content.

An obvious concern was that this change might cause confusion by removing users’ visual affordance for how to move the app window. Our design still allowed users to move the app by clicking and dragging the top 32 pixels, but we were worried that users might be confused if the visual affordance wasn’t present. We debated running a user study to determine the consequences of this change but realized that since other apps in Windows 10 had previously made similar changes, we could reach out to them and see if their users had experienced difficulty when their app’s title bar was removed.

What we discovered was very encouraging. The Edge team shared the experience they had using their app’s title bar exclusively to organize webpage tabs. They told us that initial user feedback was mixed, and while some users did initially have reservations, that feedback had dissipated quickly and overall opinion of the design choice was positive.

When Mail and Calendar instituted the change we saw virtually no feedback about the removal of the title bar. To the contrary, feedback referred to the app as ‘modern’ and ‘fresh’. It turned out that dragging the top of an app window was such a common pattern that our app remained completely usable without that legacy UI element.

Exploration with folder flyout

Moments of truth in code

After we designed everything and handed off specifications and comps to our partner in engineering there came the critical “moments of truth in code.” There are often deltas when it comes to fonts, colors, transparency values etc. between designing in a design program and building in code. Applying and tweaking in the real thing becomes an essential part of the process working directly with the engineers to iron out all the little kinks.

Through the testing phase (called dogfood at Microsoft), we went through multiple iterations, either to address things we had obviously missed, or things that were accessibility related based on feedback. These issues included font color contrast on acrylic, selection color with actual acrylic in code, as well as testing with different background images.

(The background colors for selected items in the navigation pane were important as fallback solution in scenarios where Fluent is not supported due to hardware or software restrictions or if it is turned off by the user.)

Reminder: Designers are not the customers

A constant point of discussion had been the selected state for accounts and folder in the left navigation pane. Fluent Design controls use a small vertical selection indicator to the left of the selected item which appears not unlike the proven unread mail bar in the message list. Despite initial concerns that the similar appearances but different meanings might confuse users, and after multiple design iterations for the unread marker and the selected state, we went ahead and implemented and tested it in dogfood. Interestingly enough, there was very little feedback about this. Users did not have problems distinguishing the two.

User testing is always a good reminder that the things we designers perceive as inconsistencies might not be perceived as such by users. In one of the discussions with a user I heard “It’s a thing that is marked because it’s important.” We learned that when seen in use context, what we perceive as inconsistencies become less important and users quickly adapt.

Details: Lines in message list

A good example where we tried to adhere to Fluent Design principles by celebrating just the content and remove as much chrome as possible from the UI are the horizontal lines in the message list. Users found it difficult to distinguish between individual messages and, based on feedback, we had to gradually bring lines back to increase usability. It turned out that just using the spacing to separate messages from each other wasn’t clear enough, especially since we had introduced a new feature of small previews of attachments (photos) in the message list and messages with varying heights started to bleed into each other. Similarly, we reintroduced the line between message list and reading pane. Sometimes the eye needs those subtle visual cues not to stumble.

Evolving story

The design of the apps today is a snapshot in time. The design will constantly improve and evolve. We’re already working on fine-tuning with information density settings, Fluent connected animations and a light theme. Expect to see more evolution from Fluent Design and the Windows Mail and Calendar apps in the months and years to come!

These apps are just two chapters in a much larger story—where the Fluent Design provides intelligence and consistency across apps and devices from 0D to 4D. The cool thing to consider as a designer is this: whether you are chatting with Cortana on Invoke, using launcher on your Android phone, inking with Edge on your Surface, or creating with Paint 3D in your Cliff House with a head mounted display, Fluent Design ensures that you (and your users) will have consistently delightful experiences.


Fluent is a collaborative effort

Find out more about Fluent Design and join the diverse community of creators!

Check out #FluentFridays on twitter @MicrosoftDesign

Follow Microsoft Design on Dribbble, twitter, and Medium

Follow me on twitter

Thanks to the team

This story reflects the effort and dedication of a great number of teams and teammates. I took on adoption for Mail and the overall communication with the Fluent and Office teams for the framework and shared components while Hiroshi Tsukahara looked at it from the Calendar perspective. Chris Bimm drove the effort from the PM side. Andrew Falk helped with the motion design and Barry Li was a great dev collaborator with more patience than you can imagine! Last but not least, a special shout-out to March Rogers and Jason Blackheart, former colleagues who laid a lot of the groundwork for this.

At Dreamforce, Salesforce applications take center stage

Apps, Einstein and Quip are expected to be the focus at Dreamforce, with Salesforce keeping any new clouds it may be building under wraps.

For its first 18 years, Salesforce focused inward, building its clouds and the infrastructure to support them. This year, with many business processes covered by one cloud product or another, Salesforce is turning its attention outward — to the applications side of the aisle — hoping that building out its community of developers will help propel new growth.

Salesforce applications will be a big focus at the start of Dreamforce, the company’s annual conference, which is expected to draw more than 170,000 attendees, according to a recently published report by USA Today. In its initial announcements ahead of Dreamforce, Salesforce focused on existing products and how to improve the user experience, including a bevy of app-building tools.

Einstein apps and bots

The company’s apps can now be embedded into Einstein with the release of myEinstein, which allows users to create custom AI models. Salesforce Einstein AI bots can also employ artificial intelligence to assist with customer service workflows. Einstein Prediction Builder enables admins to craft AI models that predict business outcomes.

Salesforce Einstein AI was the big reveal at last year’s Dreamforce — the accumulation spending more than $1 billion on AI-centric companies. And while no new clouds or platform-wide products were unveiled this year, some analysts see this year’s Dreamforce as a Part Two to last year’s Part One.

“It’s an evolution from what [Salesforce] talked about last year,” said John Bruno, principal analyst at Forrester Research. “Right now, Einstein is still in the early adopter phase. That being said, the stuff Salesforce has done has matured [Einstein] over the past year.”

Apps extend to Apple, Google stores

One key example of that, according to Bruno, is the availability of Einstein Prediction Builder, which allows companies to embed AI functionality into its own business processes.

“Prediction Builder is Salesforce stepping out and saying, ‘Everything you’ve known Salesforce to be as a platform is in the past,'” Bruno said. “Prediction Builder is the next generation of that. Salesforce placed its bets on AI being the future, and, if that’s the case, you can’t rely on the first-party capabilities you put out there.”

Beyond improving and building out Einstein, Salesforce released several other upgrades, many of which focused on building Salesforce applications and company branding.

The Salesforce mobile application will go from Salesforce1 to mySalesforce — allowing for employees at all levels to build custom Salesforce applications. App builders can also publish Salesforce applications to the App Store or Google Play with a Listing Wizard capability. Lightning received the app upgrade with myLightning, including better branding capabilities and an improved App Builder.

Quip makes collaboration push

Quip also received an application-centric upgrade, with Live Apps embedding real-time collaboration and document viewing, a calendar app that can be used to track projects, and workflow templates for quick document and spreadsheet use for specific industries and projects.

The added collaboration features for Quip can lead to the question of whether this is Salesforce positioning itself to challenge the Slacks and Microsoft Teams of the world. Salesforce denies any posturing, saying that Slack remains a partner.

Salesforce wants to be the one place where employees conduct all of their work-related activities.
Bill Quinn, director of customer experience solutions, Tata Consultancy Services

“Slack and Quip are allies in changing the way people work, and Slack continues to be a great partner of ours,” said Rafael Alenda, vice president of marketing at Quip. “Slack has seen success in communication, while the Quip Collaboration Platform is focused on document, collaboration and, in the end, transforming the enterprise culture into something much more modern, less reliant on emails and less reliant on meetings.”

Alenda added that with an open API, Quip could be embedded into other document-based tools that customers use.

While Salesforce continues to play nice with Slack, others see it as the company subtly positioning itself into the growing collaboration market.

“I think they’re essentially working to make Salesforce the ‘hub’ for all the work you do as an employee,” said Bill Quinn, director of customer experience solutions at Tata Consultancy Services, based in Mumbai, India. “Salesforce wants to be the one place where employees conduct all of their work-related activities. It started with Chatter but has grown with Quip.”

To help companies with development of Salesforce applications, Trailhead has also been expanded into myTrailhead. The move allows customers to create custom learning pages with their own content and branding to assist with onboarding and company-specific skills.

More information regarding these features and other future features will be released throughout the week at Dreamforce. Be sure to check back to SearchSalesforce for updates.

Helping customers compete and accelerate innovation with the cloud, AI and a new approach to Talent

Ever since the mainframe, customers have been dealing with business apps that were little more than forms, over siloed data, tied to monolithic CRM and ERP suites that were hard to customize. We believe we can do better. Today, at our Business Forward event in Chicago, Judson Althoff, James Philips and I are excited to meet with business leaders from a range of industries to share how Microsoft Dynamics 365’s modern, unified, intelligent and adaptive business apps can help them innovate and compete.

Dynamics 365 is already helping more organizations, than ever before – in fact, more than 60 percent of the Fortune 500 industrial companies. Last week, we highlighted how several of these organizations plan to accelerate their own digital transformation, including HP, Inc., who will be using Dynamics 365 AI solutions for intelligent customer care and service, along with the U.S. Department of Veterans Affairs and the Seattle Seahawks who are using Dynamics 365 to reinvent ways they connect with people and deliver improved experiences.

United Technologies enhances customer experiences with Dynamics 365 intelligence

Today we’re excited to welcome United Technologies Corporation (UTC), to that family of customers, and announce a strategic agreement designed to help UTC leverage Dynamics 365 and Azure to optimize its sales, customer care and field service operations.  For example, UTC will use Dynamics 365 to empower service technicians and sales teams in its Otis Elevator business. This will provide them with a unified view of the customer relationship and real-time elevator health data to enable predictive maintenance, dynamic field dispatching and a more seamless customer experience.

UTC manufactures and services millions of products for customers in the commercial aerospace and building industry that move the world forward. We are excited to partner with them to respond more quickly to sales opportunities with automation and intelligence, predict maintenance by operationalizing product data and empower thousands of service technicians in the field with mobile connectivity.

Make modern talent experiences a competitive differentiator

Extending our momentum with customers – and the incredible customer experiences we can deliver together – I’m also excited to share new innovations we are delivering to help our customers transform how they empower their people – arguably their most important resource.

Today’s human capital management systems are subject to the same challenges I see in most business applications – siloed, complicated and difficult to extend to embrace new opportunities. With Dynamics 365 for Talent, we take a modern approach helping you start where you are, allowing you to transform HR at your pace. We augment your existing systems of record with modular, intelligent cloud apps focused on critical scenarios. The result: immediate benefits, little to no disruption, and the flexibility to add new capabilities however and whenever you want.

Generally available today – Dynamics 365 for Talent: Attract and Onboard modular apps

These new modular applications can help you capture the best talent and shorten time to impact by offering a smooth and transparent candidate and new hire experience, then streamlining the hire to onboarding experience for employees and hiring managers.

Dynamics 365 for Talent: Attract puts LinkedIn knowledge, Office 365 integration and Microsoft AI to work to help hiring managers capture top talent and streamline a time-consuming, expensive hiring process, from initial candidate application to offer acceptance. Attract offers a simple out-of-the box process flow, configurable for more sophisticated needs, with centralized candidate profiles, scheduling intelligence, and engaging web and mobile experiences for both interviewers and candidates alike.

Dynamics 365 for Talent: Onboard integration with Office 365 and LinkedIn helps set new employees up for success. With it, you can create personalized onboarding experiences that get new hires engaged before they even join the team. A clear onboarding checklist, important resources and a pre-built network of key contacts help accelerate their ability to deliver impact and we give you an up-to-date view of their experience through a consolidated HR profile.

Customers can purchase and deploy the modular apps on their own to rapidly augment the rest of your human resources technology. They are also included as part of our comprehensive human capital management platform, Dynamics 365 for Talent.

Start with your own team and evolve your company’s conversation about talent

You can even get started using Attract and Onboard for just your team, or department, while continuing to work with HR and official systems of record by signing up for a free 60 day trial of Dynamics 365 for Talent: Attract or Dynamics 365 for Talent: Onboard.

Attract and Onboard are available for purchase directly from the web:

In closing

From new modular applications to transform how you engage with new hires, to cutting edge AI deployed against streams of data from IoT devices that quite literally move the world around us, Dynamics 365 offers our customers a platform to transform their business, one critical business process at a time. Learn how we can help by visiting our comprehensive overview of Dynamics 365 or finding out more about new capabilities we are bringing to market through our long term Dynamics 365 Roadmap.

Scality Connect ports S3 apps to Azure Blob storage

Object storage vendor Scality is moving to connect Amazon S3 apps to Microsoft Azure Blob storage in multicloud setups.

Scality Connect software, which launched last week, can help customers overcome the hurdle of porting an application based on the Simple Storage Service (S3) API to Azure Blob storage.

Scality plans to announce in December advanced Amazon S3 API support, along with versioning and a bucket website, said Wally MacDermid, vice president of business development for cloud at Scality, based in San Francisco.

John Webster, a senior partner at Evaluator Group in Boulder, Colo., said the multicloud play will be of particular interest to the DevOps groups within organizations. Many developers spend a great deal of time doing API modifications to applications.

“Anytime you can relieve the user of that burden is good. [Lack of interoperability] is a big issue. This is the last thing customers want,” Webster said of the need to modify APIs. “They just hate it. They have to modify APIs to work with other APIs.”

MacDermid said there is no hardware requirement for Scality Connect.  It is included as a stateless container inside an Azure subscription. Connect stores data in the Microsoft Azure Blob storage native format, and the container runs in a virtual machine within the customer’s subscription.

“We don’t hold any data. We just pass it to the Azure cloud,” MacDermid said. “An application that works on S3 can run in Azure without requiring any modification in the code.

“Once the data is up in Azure, you can use the Azure management services on top of it.”

Scality Connect makes it easier for developers to deploy applications within Microsoft Azure and use its advanced services. The software is available through the Azure Marketplace.

The Microsoft Azure and Google clouds do not support the Amazon S3 API, which has become the de facto cloud standard in the industry. That means the Azure Blob storage does not talk to the Amazon S3 API, which limits a customer’s ability to use multiple clouds.

“One side talks S3, and the other side talks the Azure API, and neither talks to each other,” MacDermid said. “This is a problem not only for customers, but for Azure, as well. [Microsoft] would admit that. The Scality Connect runs in the Azure Cloud. It gets your data up to the Azure Cloud and allows you to use the Azure services. We are the translation layer.”

Scality Connect is not the vendor’s first multicloud initiative. Scality in July unveiled its Zenko open source software controller for multicloud management to store data and applications under a single user interface no matter where they reside, including Scality Ring. It helps customers match specific workloads to the best cloud service. Zenko is based on the Scality S3 Server.

Your favorite apps—now available in Outlook on Android

Earlier this year, we launched add-ins for Outlook on iOS—bringing your favorite apps right in Outlook—so you can get more done on the go. We are now rolling out add-ins to Outlook on Android customers with Outlook.com and Office 365 commercial email accounts. Additionally, we’ll be bringing add-ins to Gmail customers on iOS and Android soon.

This launch will bring some of the most loved Outlook add-ins from iOS to Android, including Evernote, Microsoft Dynamics 365, Microsoft Translator, Nimble, OnePlaceMail, Outlook Customer Manager, Smartsheet, and Trello. We will also be launching several new add-ins for Outlook—including Wrike, JIRA, MeisterTask, Gfycat, and MojiLala. These add-ins will be available for Outlook customers across the web, Windows, Mac, iOS, and Android.

Get more done on the go with add-ins for Outlook

Add-ins help you accomplish tasks quickly—right from Outlook. Whether you want to save an email to your customer relationship management app, quickly add email content to your project board, translate emails on the fly, or add a bit of flair and personality to emails—add-ins have you covered. There is no need to switch back and forth between apps or copy/paste email information. With add-ins, your favorite apps are just a tap away in Outlook.

To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable.

Here’s a closer look at the new add-ins:

Wrike—A powerful online project management software for teams. The Wrike add-in for Outlook keeps you on top of work projects by enabling you to quickly capture your team’s communications in one place—giving team members greater visibility into work and making the team more productive. To use the Wrike add-in, tap the Open Wrike add-in icon to create Wrike tasks from emails, view and edit tasks, and collaborate in real-time—without leaving Outlook.

Animated image showing the how to convert an email to a task using the Wrike add-in.

Stay on top of your work projects by quickly associating any email with a Wrike project.

JIRA (by Yasoon)—Designed specifically for software teams, JIRA provides best-in-class agile tooling, deep developer tool integrations, and a single repository for every step in your software project’s lifecycle. The JIRA add-in for Outlook helps you stay on top of software project issues and communication with customers, partners, or vendors by enabling easy tracking of your project’s progress, right from Outlook. Tap the New issue or Add to issue icon to create a new issue or update an issue using content from email and attachments. Tap View issues for an overview of open issues and due dates for the current conversation or sender.

To keep your business data safe, your JIRA administrator must configure a secure connection to JIRA first. See Getting started with JIRA for Outlook for more information.

Animated image showing how to open an issue related to a project using the JIRA add-in.

Use the JIRA add-in to create and update issues using email content.

MeisterTask—A highly intuitive task manager that adapts to your team’s workflow. The MeisterTask add-in lets you quickly save emails as tasks in your project board—without needing to copy/paste or re-enter the content into another app. To use the MeisterTask add-in, tap the Create Task icon to quickly create new tasks from incoming emails, assign them to your coworkers, and easily access task details.

Animated image showing how to convert an email to a task using the MeisterTask add-in.

Stay on top of your work projects using the MeisterTask add-in.

Gfycat—Discover and share awesome GIFs to make your emails more engaging, expressive, and fun. Congratulate your coworkers or thank them for a job well done with the new Gfycat add-in for Outlook. To use the Gfycat add-in, tap React with Gfycat to search for the GIF you are looking for, such as “Congratulations” or “Thank you.” The selected GIF will then be sent as your reply—adding a touch of your personality to the conversation.

Animated image showing how to search for a GIF image to send as a reply to an email using the Gfycat add-in.

Easily discover and share awesome GIFs, right from Outlook using the Gfycat add-in.

MojiLaLa—Designers bring you their best stickers to help you share emotions and communicate with one another around the world. The MojiLaLa add-in adds color, imagination, and humor to your emails. To use the MojiLaLa add-in, tap the Reply with MojiLaLa icon and then search for a sticker, such as “Great work” or “Happy Birthday.” The selected sticker will be sent as your reply.

Animated image showing how to search for a sticker to send as a reply to an email using the MojiLaLa add-in.

Add fun, humor, and a touch of personality to your emails using the MojiLaLa add-in.

In addition to these new add-ins, several existing add-ins available for Outlook on iOS will now be available on Outlook for Android, including:

  • Evernote—Easily save emails from Outlook to a project notebook in Evernote.
  • Microsoft Dynamics 365—Quickly look up customer contacts, associate an email or appointment with an existing opportunity, or create new records with just a few taps.
  • Microsoft Translator—Translate email messages on the fly, with support for 60+ languages powered by Microsoft Translator.
  • Nimble—Get insights on any contact in Outlook, including broad social profiles, shared relationships, mutual interests, industry and company profile, revenue, and more.
  • OnePlaceMail—Seamlessly save emails and attachments to SharePoint without leaving the familiar Outlook environment.
  • Smartsheet—Easily manage your work and collaborate with stakeholders in real-time by quickly creating, assigning, and updating tasks and capturing other project information right from your email.
  • Trello—Quickly associate any incoming email with an existing board, create cards, and edit descriptions. In addition, the Trello add-in has now been updated to save email attachments to your Trello board.
  • Outlook Customer Manager (coming soon)—Track and grow customer relationships right from Outlook.

Try the new Outlook add-ins and send us your feedback

Add-ins bring your favorite apps right into Outlook, so you can accomplish more, faster. We hope you give them a try. If you have feedback or suggestions on adding your favorite apps in Outlook, visit the Outlook for Android UserVoice—we’re eager to hear from you!

Developers—If you are a developer looking to build add-ins for Outlook, check out the Outlook Dev Center for more resources.

—The Outlook team

Frequently asked questions

Q. How do I enable add-ins for Outlook on iOS and Android?

A. To start using add-ins for Outlook on iOS or Android, go to Settings > Add-ins and then tap the + sign next to the add-ins you want to enable. For detailed steps, refer to our support article. Note that add-ins for Outlook on iOS and Android are currently available when reading email.

Q. Why do the animated images in the blog look different from what I currently see on my Outlook on Android device?

A. The animated images in the blog show the new conversation experience that is coming to Outlook on Android customers over the next few weeks. It is already available to customers using Outlook on iOS.

Q. I have Outlook on Android with an Outlook.com or Office 365 commercial email account, but I still don’t see the add-ins.

A. Add-ins for Outlook on iOS and Android are rolling out to all Office 365 commercial customers and Outlook.com customers over the next few weeks. If you have an Office 365 commercial email account (a mailbox in Exchange Online) or Outlook.com email account, you should be able to see the Add-ins section in the settings tab over the next few weeks.

Q. When will add-ins be available to Gmail users?

A. Add-ins for Outlook on iOS and Android will be available to customers with Gmail accounts in the next few months.

Q. As an administrator, how do I manage access to add-ins for my organization?

A. Administrators can manage access to add-ins for users in your organization using the Exchange admin center. For more details, refer to the Add-ins for Outlook TechNet article.

Windows DevOps tools rehab legacy enterprise applications

As Microsoft shops struggle to modernize legacy apps that weren’t designed for distributed cloud environments, they must also rethink the infrastructure where these apps are deployed.

Most enterprises have at least one application that’s so old, no one on the current IT team recalls how it was written, nor understands the finer intricacies of its management. Now, these companies must weigh the risks and costs to refactor these apps for a cloud-first, continuously developed world.

“It’s always an investment to replace something which does exactly what you need, but it’s just old software,” said Thomas Maurer, cloud architect for Switzerland-based itnetX, a consulting firm that works with large enterprise clients in Europe. “Traditional, classic enterprise apps cannot just be migrated into the DevOps world in a nice way — they may have dependencies on legacy code, or they’re not designed to scale out.”

Windows DevOps tools have improved, and IT shops are finding ways to link them together. But many client-server apps in the Windows world, particularly rich-client apps, don’t lend themselves well to continuous development or rapid provisioning, said Chris Riley, DevOps analyst at Fixate IO, a content strategy consulting firm based in Livermore, Calif., and a TechTarget contributor. Riley has developed Windows applications, such as SharePoint.

Some standard client-server applications must be compiled before they are tested. Dependencies and prerequisites also bog down legacy Windows apps; installing older versions of SQL Server or SharePoint takes days. Some legacy Windows environments also function best when apps are installed locally on the developer’s machine, whereas web and mobile applications typically integrate with REST APIs and avoid binary codes on a local machine, Riley said.

Without the ability to spin up development and test environments easily, organizations tend to reuse one test bed.

“This severely limits when you can do your testing, because you don’t want to pollute that environment, or make a mistake and rebuild it,” Riley said. “Whereas in DevOps, it should be easy to make a mistake — you actually want to do that and move forward.”

Windows DevOps tools give legacy apps a makeover

If organizations decide to refactor legacy apps to run in a more cloud-native fashion, they can first use tools and services from Microsoft partners to help make those apps more efficient to test and deploy.

“Skytap and CloudShare provide on-demand environments for these tools,” Riley said. “So, you can spin up a new database environment in 15 minutes instead of days, and then delete it, then spin it up again.”

The two companies take different approaches to hosting legacy apps on flexible cloud infrastructure. For example, Skytap Cloud supports more, older versions of Windows than Microsoft does, so customers can modernize apps at their own pace. CloudShare’s on-demand versions of Windows apps, meanwhile, are “somewhere between hard [and] impossible to run on the commodity clouds like Amazon [Web Services],” said Muly Gottlieb, the company’s vice president of R&D.

CloudShare, a 10-year-old privately funded Israeli SaaS company, lets users set policies and spin up and down dev and test environments with complex traditional apps, such as SharePoint and SQL Server. The service can accommodate customers that aren’t a good fit for Azure Cloud services, such as VMware shops that support legacy Microsoft apps.

Legacy apps set up in CloudShare’s environment can circumvent problems around fast and ephemeral provisioning and provide workable dev and test services in Windows DevOps shops.

“In the past, developers would all share five or 10 master labs, which is bad for velocity, and lab scarcity is a productivity-killer,” Gottlieb said. With this approach, code is not always reproducible, and environments spun up from snapshots aren’t always consistent.

Electric Cloud has a similar offering in the Windows DevOps tools arena, called ElectricAccelerator, which automatically parses legacy apps into distributed form and speeds up dev and test. Startups such as IncrediBuild and Thriftly also look to optimize dev and test for legacy Windows apps. Third-party services, such as Zapier, attach REST APIs to legacy applications and bring them a step closer to the Windows DevOps world.

Good ol’ trusty VMs can give Windows apps a leg up

For on-premises IT organizations, advanced automation features within virtual machines also provide a steppingstone to modernize with containers and microservices.

“There are ways to build this agility, and it’s going back to taking another look at how we use virtual machines,” Riley said. “Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.”

Companies can treat VMs exactly how they were supposed to be treated, which is more like containers.
Chris RileyDevOps analyst, Fixate IO

Enterprises can use a VM template with heavy applications to spin up and delete environments for virtualized legacy apps. It’s not as fast as containers, but there’s much more agility than what users may have had previously, Riley said. VM templates can call for Microsoft Visual Studio to be automatically installed at startup and linked to a source repository, so developers could pull down a branch, write code, test it, commit and destroy the environment — and then do it all over again in a new VM.

VM-based automation works well with rich-client apps, where heavy dependencies and prerequisites make it tricky to test functions with Windows DevOps tools, said Anthony Terra III, manager of software architecture and development at a law firm in the Philadelphia area.

“The only difference is that you need to run that rich-client application in a shell or a separate VM,” Terra said. “Normally, we have that VM already built, deploy the code to the VM and run it that way.”

Terra’s company also uses a Microsoft database tool called a Data-tier Application Component Package (DACPAC) to smooth the delivery of updates to SQL Server VMs.

“You have the ability to create, change and delete tables, but it never actually interacts with the database,” Terra said of DACPAC. “It creates a change set file, which can be run against any database that has the same structure.”

When code is deployed to dev, test or quality-assurance infrastructures, the Windows Microsoft DevOps tool Team Foundation Server calls on DACPAC’s change set file and applies the changes to the database environment. Terra’s firm has added some safety guards: If a change could cause data loss, for example, the build fails.

The firm plans a move to containers in the coming year, but for now, VMs can slot in with Windows DevOps pipeline tools for a more consistent process.

“You’re not having people build VMs anymore because a tool is building them,” Terra said. “There is some fear in adopting something like that, but I think it’s misplaced, because it’s not like there’s less work because of it — the work you’re doing is just more focused on what’s around it.”

Beth Pariseau is senior news writer for TechTarget’s Data Center and Virtualization Media Group. Write to her at bpariseau@techtarget.com or follow @PariseauTT on Twitter.

Better team messaging app security could boost enterprise adoption

Team messaging tools have been available for a few years, but use of these apps has been departmental in nature. Typically, small and agile project-based teams have picked one of many vendors and worked more efficiently than with traditional collaboration tools. Other business communication tools went through similar adoption cycles. 

Remember the early days of chat? Business users downloaded AOL Instant Messenger, Yahoo Messenger or a range of other applications. Eventually, many businesses standardized on certain tools, such as Cisco Jabber and Microsoft Office Communications Server, Lync or Skype for Business.

The transition from ad hoc adoption to an enterprise standard happens when businesses need enhanced control, security and analytics to understand the use of the app and protect the organization from unnecessary risk. 

Tighter security for enterprise-wide adoption

As the use of team messaging becomes more widespread, businesses must choose a product with enterprise-grade controls and security. Without these features, a company might find its data scattered over multiple platforms, making it difficult to secure and to meet compliance requirements. 

Also, purchasing apps in an ad hoc manner might be fine with a small amount of users. But, as the population grows, corporate standardization has a number of benefits, such as policy development, application integration and license agreements.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable.

IT and business leaders should get a handle on team messaging now, as the number of users is still relatively manageable. Decision-makers should ensure their service — whichever one they choose — offers the required level of security and management to scale the product across the company.

Highlighting this need for security, Cisco recently beefed up its Spark collaboration service, hoping to get it ready for the next phase of adoption. The Cisco Spark updates, announced this week, include:

Enhanced security. Security has always been a differentiator for Spark, as it’s the only platform to encrypt data from the cloud to the device. This security feature is critical for groups that want to share sensitive information, such as financial data or patient records.

Cisco has now added an e-discovery tool to search through Spark messages by email address, date range or keywords. This feature has been standard with email for many years and is important for legal reasons.

Compliance improvements. Spark now has configurable retention policies, so data can be purged from Spark spaces as determined by company policy.  Activities, shared whiteboards, files and messages can be deleted.

Also, through APIs, Spark can integrate with third-party data loss prevention vendors and cloud access security brokers. Third-party vendors that integrate with Spark for compliance or data loss prevention include Actiance, Symantec, Skyhigh Networks, Global Relay and Cisco Cloudlock.

Administrator portal and analytics. The Cisco Spark Control Hub provides administrators with information that could improve the end-user experience. For example, administrators can use the portal to see who had poor call quality, where the person was calling from and whether it was isolated to that individual or more widespread.

Also, the portal shows usage information for Cisco Spark, WebEx and Spark Hybrid, which can be helpful for different business-related tasks. For example, if Spark was provisioned across a company, the business unit leader can find out who is not using the service and determine if training is required or the license should be revoked.

Another use case might be to compare the use of WebEx and Spark to worker productivity. The business leader may find a direct correlation and mandate the usage of the collaboration tools. Through the portal, enterprises can access a range of data that can deliver insights to business unit leaders, security officers and other responsible parties.

Cisco Spark updates
Cisco Spark updates include extensive analytics and usage reports.

BYOD enablement. The use of personal devices by business users is rampant today. Almost every professional carries some combination of a laptop, tablet and mobile phone, often owned by the individual. With personal devices, it’s often difficult to enforce such things as password-protected screens. Since IT can’t control the endpoint, Cisco moved some of the security to the app. 

Cisco Spark now includes PIN lock and Web Smart Timeouts; the latter lets the Spark web app automatically lock after a certain time when running off the company network. The updates also include Enterprise Certificate Pinning, which protects users from breached public hotspots without requiring the use of a virtual private network.

On-premises key server. All Spark data is stored in the cloud, and that seems to be fine with most customers. However, many organizations, such as regulated verticals or ones that are ultra-security-conscious, may want better control over that content. For those customers, Cisco offers an on-premises key management server where the data may still be stored in Spark Cloud, but the key management is done on premises.

Now, if the Cisco Spark service is attacked, the data will appear encrypted and unreadable. This essentially creates the security equivalent to maintaining the storage on premises.

Cisco Spark is not for everyone, as there is a wide range of controls. However, the features Cisco has built into Spark do prepare it for enterprise-wide usage.

Editor’s note: Cisco is a client of ZK Research.

Cross-platform app support settles on web development

SAN DIEGO — Cross-platform apps are the future of enterprise software, but it’s not that easy for many organizations to adopt them.

To create an application that works across different operating systems and form factors, developers must focus on making its internal architecture compatible with multiple platforms, not necessarily focus on its front-end interface. But the options for deploying these types of apps can be expensive, so a compelling alternative for many organizations is to develop web apps.

“Web technologies are more than capable of delivering really high-end user experiences,” said Kirk Knoernschild, research vice president at Gartner. “Web has maximum portability to different form factors.”

Knoernschild and IT professionals discussed the challenges of cross-platform app development and deployment here at this week’s Gartner Catalyst Conference.

Cross-platform apps a hard sell

Whether an organization builds a cross-platform app in-house, hires third-party developers or purchases the app from a software provider, it can be a costly proposition. And it’s difficult to convince the business to spend money on technology that does not directly provide a financial return on investment.

“The savings are hard to quantify,” said Chris Haaker, director of end user computing innovation at Relx Group, a business information and analytics provider in Miamisburg, Ohio. “If this made you 20% more productive, can you show that?”

The last thing you want to do is deliver a compromised user experience.
Kirk Knoernschildresearch vice president, Gartner

Haaker’s branch of the global company has no in-house or third-party developers and instead buys any software it needs directly from vendors. Eighty percent of employees there use smartphones for work, mostly for corporate email access, but the office can’t afford to hire mobile developers, Haaker said. So a few tech-savvy interns are building web apps that can work across different operating systems instead.

“If we could have an app for all endpoints, that’s a place I would love to get to,” Haaker said. “That’s wonderful.”

But for now, unified app development is too new of a concept for the company to invest in, he said.

“There’s got to be somebody at the top that’s going to buy into that,” he added.

Low-code cross-platform app dev

One way organizations can develop cross-platform apps with less cost and effort is through low-code development tools. Rollins Inc., a global pest control services company based in Atlanta, used OutSystems to create a web app that helps employees track service information and communicate with customers.

The responsive web app adjusts the interface to suit the endpoint, whether it’s a desktop in Rollins’ offices or on salespeople’s iPads out in the field. OutSystems, which allows companies to build web, mobile or cloud apps, lets Rollins build dashboards that show customer site maps, the pests prevalent at those sites and other information.

“You can see, does this customer’s contract cover bees?” said David Christian, manager and senior architect at Rollins. “If it does, we can send out a technician to deal with that.”

The web approach is common today because it means developers can use a single code base to write an app that works across multiple endpoints. When organizations don’t have to write multiple versions of the same app, it often results in cost savings.

“It’s something we’re seeing more and more of in development teams, but it has to be for the right use case,” Knoernschild said. “The last thing you want to do is deliver a compromised user experience.”

Native mobile apps often provide more device-specific capabilities, however, so responsive web apps aren’t always the best choice.

“You’ve got more things available when you code for native mobile,” Christian said. “[A web app] won’t be quite as responsive. The phone format is not the best format for some of the larger dashboard views.”

Cross-platform app support

To make it easier to deploy cross-platform apps and ensure their security, IT must limit users’ device and operating system choices, said Andrew Garver, research director at Gartner, in a Catalyst session.

“This is not giving users what they want all the time,” he said. “It’s an art to maximize productivity through the benefits of end user choice while balancing your risk requirements.”

To prepare for a future where apps are independent of operating systems and devices, organizations must also ensure that they don’t rely on a single OS or OS version, plug-in, browser or browser version, Garver said. They should also plan for emerging device types, such as wearables, he said.

For successful cross-platform app support, IT departments should follow these steps, Garver said:

  • Identify gaps in IT skills and start to fill them.
  • Make it clear to business leaders that cross-platform computing is not a single project, but rather a long-term approach that will evolve.
  • Merge disparate IT teams that need to work together, such as desktop and mobile groups.

“It’s just a matter of getting all of us moving in the same direction,” Haaker said.