Tag Archives: levels

Beyond our four walls: How Microsoft is accelerating sustainability progress – Microsoft on the Issues

Our planet is changing — sea levels are rising, weather is becoming more extreme and our natural resources are being depleted faster than the earth’s ecosystems can restore them. These changes pose serious threats to the future of all life on our tiny blue dot, and they challenge us to find new solutions, work together and leverage the diversity of human potential to help right the course.

The good news is that progress is being made across the globe, and non-state actors, from cities to companies to individual citizens, are setting bold commitments and accelerating their work on climate change. But it’s also clear that we all must raise our ambitions, couple that with action and work more swiftly than ever.

At Microsoft, we fully understand and embrace this challenge. That is why, this week, at the Global Climate Action Summit, Microsoft is sharing our vision for a sustainable future — one where everyone everywhere is experiencing and deploying the power of technology to help address climate change and build a more resilient future. We are optimistic about what progress can be made because we are already seeing results of this technology-first enablement approach.

Today, we are unveiling five new tools, partnerships and the results of pilot projects that are already reducing emissions in manufacturing and advancing environmental research and showing immense potential to disrupt the building and energy sectors for a lower-emission future.

These include:

  • A new, open-source tool to find, use and incentivize lower-carbon building materials: To create low-carbon buildings, we need to choose low-carbon building materials. But right now, choosing these materials is challenging because the data is not readily available and what we do have lacks transparency to ensure it’s accurate. We are the first large corporate user of a new tool to track the carbon emissions of raw building materials, introduced by Skanska and supported by the University of Washington Carbon Leadership Forum, Interface and C-Change Labs, called the Embodied Carbon Calculator for Construction (EC3). We’ll use this in our new campus remodel. Our early estimates are that a low-carbon building in Seattle has approximately half the carbon emissions of an average building, so this could have a substantial impact on reducing carbon emissions in our remodel and eventually the entire built environment. We’re proud to not only be piloting it, but that this open-source tool is also running on Microsoft Azure.
  • The results of a “factory of the future” and solar-panel deployment at one of our largest suppliers of China: We partnered with our supplier’s management team to develop and install an energy-smart building solution running on Microsoft Azure to monitor and address issues as they emerge, saving energy and money. Additionally, Microsoft funded a solar panel installation, which generated more than 250,000 kilowatt-hours of electricity in the past fiscal year. This integrated solution is estimated to reduce emissions by approximately 3 million pounds a year.

The successful pilot of a grid-interactive energy storage battery: ​Solving storage is a critical piece of transforming the energy sector. That is why we’re excited to share the results of a new pilot in Virginia, in partnership with Eaton and PJM Interconnection. We used a battery that typically sits in our datacenter as a backup system, hooked it up to the grid to receive signals about when to take in power, when to store it and when to discharge to support the reliability of the system and integration of renewable energy. With thousands of batteries as part of our backup power systems at our datacenters, this pilot has the potential to rapidly scale storage solutions, allowing datacenters to smooth out the unpredictability of wind and solar.

  • New grantees and results from our AI for Earth program: Since we first introduced this grant, training and innovation program last year, we’ve experienced 200 percent growth. We are now supporting 137 grantees in more than 40 countries around the world, as well as doubling the number of larger featured projects we support. We’ve seen early results, too, allowing many people outside the grant program to benefit from our work, allowing us to process more than 10 trillion pixels in ten minutes and less than $50.
  • New LinkedIn online training module for sustainability, the Sustainable Learning Path: LinkedIn is providing new training courses to enable people everywhere to learn and gain job skills to participate in the clean energy economy and low-carbon future. The Sustainable Learning Path offers six hours of expert-created content; initial courses include an overview of sustainability strategies and introductions to LEED credentials and sustainable design. All six courses are unlocked until the end of October, in celebration of the Global Climate Action Summit, and can be accessed here.

While these are just the first proof points of the potential of technology to accelerate the pace of change beyond our four walls, they build on decades of sustainability progress within our operations.  These include operating 100 percent carbon neutral since 2012, purchasing more than 1 gigawatt of renewable energy on three continents, committing to reduce our operational carbon footprint by 75 percent by 2030, and a host of other initiatives. As meaningful as this operational progress is, we know it’s not enough. As a global technology company, we have a responsibility and a tremendous opportunity to help change the course of our planet.

As we look to the future, we’ll realize this opportunity in a few ways. We will use our operations as a test bed for innovation and share new insights about what works. We will work with our customers and suppliers to drive efficiencies that lead to tangible carbon reductions. We will continue to increase access to cloud and AI tools, especially among climate researchers and conservation groups, and work together to develop new tools that can be deployed by others in the field.

We are not naïve. Technology is not a panacea. Time and resources are short, and the task immense. But we refuse to believe that it is insurmountable or too late to build a better future, and we are convinced that technology can play a pivotal role in enabling that progress.

That optimism is borne out of our experience, lessons learned and the drive to create a better future that is core to Microsoft. At GCAS, I will be joined by 10 Microsoft and LinkedIn sustainability leaders, who will be sharing more details about this approach and the news outlined at panel sessions throughout the week, showcasing some of our technology solutions at events we are hosting and supporting the effort with more than 50 employees volunteering their time at GCAS. We are also proud to be an official sponsor of GCAS.

You can find our Microsoft delegation at the following events during the summit, as well as many others throughout the week. And we encourage you to follow us @Microsoft_Green for a full view of our conference activities and engagements, and the official hashtags for news of the event at #GCAS2018 #StepUp 2018.

Find Microsoft at the Global Climate Action Summit — event highlights

September 11, 8:00 a.m. PT: Sustainable Food Services Panel (LinkedIn hosting)

September 12, 9:00 a.m. PT: We Are Still In Forum

 September 12, 2:00 p.m. PT: “Energy, Transportation & Innovation – a Conversation with U.S. Climate Alliance Governors & Business Leaders” (Microsoft hosting)

  • Speaker: Shelley McKinley, General Manager for Technology and Civic Responsibility at Microsoft
  • Watch the livestream: https://aka.ms/CEO_Governors_Live and use #USCAxGCAS to submit questions on Twitter during the event

September 13, 9:00 a.m. PT: World Economic Forum: 4th IR for Earth

  • Speaker: Lucas Joppa, Chief Environmental Officer, Microsoft

September 13, 1:30 p.m. PT: GCAS Breakout Session – “What We Eat and How It’s Grown: Food Systems and Climate”

September 13, 3:00 p.m. PT: Meeting the Paris Goal: Strategies for Carbon Neutrality (Microsoft hosting)

  • Speaker: Elizabeth Willmott, Carbon Program Lead

September 13, 6 p.m. to 8 p.m. PT: We Are Still In Reception at Microsoft

September 14, 8:30 a.m. PT: Clean Energy in Emerging Markets (Microsoft hosting)

September 14, 11:00 a.m. PT: Climate Action Career Fair (LinkedIn hosting)

  • Speaker: Lucas Joppa, Chief Environmental Officer


Attending Black Hat USA 2018? Here’s what to expect from Microsoft.

Black Hat USA 2018 brings together professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors. This is an exciting time as our Microsoft researchers, partners, and security experts will showcase the latest collaborations in defense strategies for cybersecurity, highlight solutions for security vulnerabilities in applications, and bring together an ecosystem of intelligent security solutions. Our objective is to arm business, government, and consumers with deeply integrated intelligence and threat protection capabilities across platforms and products.

Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at Black Hat USA, the Microsoft Security Response Center (MSRC) highlights the contributions of these researchers through the list of “Top 100” security researchers reporting to Microsoft (either directly or through a third party) during the previous 12 months. While one criterion for the ranking is volume of fixed reports a researcher has made, the severity and impact of the reports is very important to the ranking also. Given the number of individuals reporting to Microsoft, anyone ranked among the Top 100 is among some of the top talent in the industry.

In addition to unveiling the Top 100 and showcasing Microsoft security solutions at Booth #652, there are a number of featured Microsoft speakers and sessions:

Join us at these sessions during the week of August 4-9, 2018 in Las Vegas and continue the discussion with us in Booth #652, where we will have product demonstrations, theatre presentations, and an opportunity to learn more about our Top 100 and meet with some of Microsoft’s security experts and partners.

Report: ERP security is weak, vulnerable and under attack

ERP systems are seeing growing levels of attack for two reasons. First, many of these systems — especially in the U.S. — are now connected to the internet. Second, ERP security is hard. These systems are so complex and customized that patching is expensive, complicated and often put off. 

Windows systems are often patched within days, but users may wait years to patch some ERP systems. There are old versions of PeopleSoft and other ERP applications, for instance, that are out-of-date and connected to the internet, according to researchers at two cybersecurity firms, which jointly looked at the risks faced in ERP security.

These large corporate systems, which manage global supply chains and manufacturing operations, could be compromised and shut down by an attacker, said Juan Pablo Perez-Etchegoyen, CTO of Onapsis, a cybersecurity firm based in Boston.

“If someone manages to breach one of those [ERP] applications, they could literally stop operations for some of those big players,” Perez-Etchegoyen said in an interview. His firm, along with Digital Shadows, released a report, “ERP Applications Under Fire: How Cyberattackers Target the Crown Jewels,” which was recently cited as a must-read by the U.S. Computer Emergency Readiness Team within the Department of Homeland Security. This report looked specifically at Oracle and SAP ERP systems.

Warnings of security vulnerabilities are not new

Cybersecurity researchers have been warning for a long time that U.S. critical infrastructure is vulnerable. Much of the focus has been on power plants and other utilities. But ERP systems are managing critical infrastructure, and the report by Onapsis and Digital Shadows is seen backing up a broader worry about infrastructure risks.

“The great risk in ERP is disruption,” said Alan Paller, the founder of SANS Institute, a cybersecurity research and education organization in Bethesda, Md.

If the attackers were just interested in extortion or gaining customer data, there are easier targets, such as hospitals and e-commerce sites, Paller said. What the attackers may be doing with ERP systems is prepositioning, which can mean planting malware in a system for later use.

In other words, attackers “are not sure what they are going to do” once they get inside an ERP system, Paller said. But they would rather get inside the system now, and then try to gain access later, he said.

The report by Onapsis and Digital Shadows found an increase among hackers in ERP-specific vulnerabilities. This interest has been tracked on a variety of sources, including the dark web, which is a part of the internet accessible only through special networks.

Complexity makes ERP security difficult

The complexity of ERP applications makes it really hard and really costly to apply patches.
Juan Pablo Perez-EtchegoyenCTO, Onapsis

The problem facing ERP security, Perez-Etchegoyen said, is “the complexity of ERP applications makes it really hard and really costly to apply patches. That’s why some organizations are lagging behind.”

SAP and Oracle, in emailed responses to the report, both said something similar: Customers need to stay up-to-date on patches.

“Our recommendation to all of our customers is to implement SAP security patches as soon as they are available — typically on the second Tuesday of every month — to protect SAP infrastructure from attacks,” SAP said.

Oracle pointed out that it “issued security updates for the vulnerabilities listed in this report in July and in October of last year. The Critical Patch Update is the primary mechanism for the release of all security bug fixes for Oracle products. Oracle continues to investigate means to make applying security patches as easy as possible for customers.”

One of the problems is knowing the intent of the attackers, and the report cited a full range of motives, including cyberespionage, which is sabotage by a variety of groups, from hacktivists to foreign countries.

Next wave of attacks could be destructive

But one fear is the next wave of major attacks will attempt to destroy or cause real damage to systems and operations.

This concern was something Edward Amoroso, retired senior vice president and CSO of AT&T, warned about.

In a widely cited open letter in November 2017 to then-President-elect Donald Trump, Amoroso said attacks “will shift from the theft of intellectual property to destructive attacks aimed at disrupting our ability to live as free American citizens.” The ERP security report’s findings were consistent with his earlier warning, he said in an email.

Foreign countries know that “companies like SAP, Oracle and the like are natural targets to get info on American business,” Amoroso said. “All ERP companies understand this risk, of course, and tend to have good IT security departments. But going up against military actors is tough.”

Amoroso’s point about the risk of a destructive attack was specifically cited and backed by a subsequent MIT report, “Keeping America Safe: Toward More Secure Networks for Critical Sectors.”  The MIT report warned that attackers enjoy “inherent advantages owing to human fallibility, architectural flaws in the internet and the devices connected to it.”

Ransomware 1H 2017 review: Global outbreaks reinforce the value of security hygiene

In the first six months of 2017, ransomware threats reached new levels of sophistication. The same period also saw the reversal of a six-month downward trend in ransomware encounters. New ransomware code was released at a higher rate with increasing complexity. Two high-profile ransomware incidents brought cybersecurity to the forefront of mainstream conversations as the impact of attacks was felt around the world by organizations and individuals alike.

The recently released Microsoft Security Intelligence Report summarizing movements in different areas of the threat landscape in the first quarter of the year showed the continued global presence of ransomware. The highest encounter rates, defined as the percentage of computers running Microsoft real-time security products that report blocking or detecting ransomware, were registered in the Czech Republic, Korea, and Italy from January to March 2017.

Sustained ransomware campaigns and high-profile attacks continued to highlight the need for advanced comprehensive cybersecurity strategy. In this blog entry, we share our key observations on the ransomware landscape and offer insights on what can be learned from trends and developments so far in 2017.

Ransomware growth rallies

In March of 2017, the volume of ransomware encounters started to pick up again after several months of decline. The growth is driven to a certain extent by sustained activities from established ransomware operations like Cerber, with an onslaught of attacks powered by ransomware-as-a-service.

Figure 1. Total ransomware encounters by month, July 2016-June 2017 (source: Ransomware FAQ page)

In part, this surge is also driven by the emergence of new ransomware families, which are being released into the wild at a faster rate. In the first half of 2017, we discovered 71 new ransomware families, an increase from the 64 new families we found in the same period in 2016.

Some of these new ransomware families stand out because they exhibit new behaviors that make them more complex. For instance, the latest Microsoft Security Intelligence Report shows that in March 2017, two-month old Spora overtook Cerber as the most prevalent ransomware family.

Figure 2. Trends for several commonly encountered ransomware families in 1Q17, by month (source: Microsoft Security Intelligence Report 22)

Spora’s quick rise to the top may be traced to its capability to spread via network drives and removable drives, such as USB sticks. Initial versions targeted Russia and featured a ransom note in the local language. It has since gone global, spreading to other countries with a ransom note in English.

Other notable new ransomware families in 2017 include Jaffrans, Exmas, and Ergop. While these families have not quite achieved the prevalence of Spora, they show signs of persistence and periodic improvements that are observed in older, successful families.

Microsoft protects customers from new and emerging ransomware like Spora using a combination of advanced heuristics, generics, and machine learning, which work together to deliver predictive, real-time protection. In a recent blog post, we demonstrated how we could better protect from never-before-seen ransomware with enhancements to the Windows Defender Antivirus cloud protection service.

The rise of global ransomware outbreaks

WannaCrypt (also known as WannaCry) is one of the most well-known new ransomware to surface so far this year. It emerged in May carrying an exploit for a patched vulnerability and quickly spread to out-of-date Windows 7 computers in Europe and later the rest of the world (the exploit did not affect Windows 10). The attack left several impacted organizations, high-tech facilities, and other services affected in its aftermath.

Only a few weeks after the WannaCrypt outbreak, a new variant of Petya wreaked havoc in June. This Petya variant applied some of the propagation techniques used by WannaCrypt, but incorporated more methods to spread within a network. The outbreak started in Ukraine, where a compromised supply-chain delivered the ransomware through a software update process. The Petya infections swiftly spread to other countries in the course of a few hours. Petya’s impact was not as widespread as the WannaCrypt outbreak; however, as our in-depth analysis of Petya revealed, its upgrades made it so much more complex and caused more damage to organizations affected.

WannaCrypt and Petya defied the trend of more targeted and localized attacks and became the first global malware attacks in quite a while. They generated worldwide mainstream interest. Interestingly, this attention might have added more challenges for attackers. For instance, the Bitcoin wallets used in these attacks were closely monitored by security researchers.

WannaCrypt and Petya showed that ransomware attacks powered by sophisticated exploits on a global scale can be particularly catastrophic. Global attacks emphasize the need to avert ransomware epidemics by enabling responders to detect, respond to, and investigate attacks so infections can be contained and not allowed to swell. Security patches need to be applied as soon as they become available.

Figure 3. Global distribution of ransomware encounters by month, January-June 2017

Increasing sophistication

The trend of global outbreaks is likely a result of more techniques incorporated by ransomware. WannaCrypt, Petya, Spora, and other new ransomware variants sported new capabilities that allowed them to spread faster and wreak more havoc than other malware.

Lateral movement using exploits

Spora’s aforementioned ability to spread via network drives and removable drives made it one of the most widespread ransomware. Though it was not the first ransomware family to integrate a worm-like spreading mechanism, it was able to use this capability to infect more computers.

With worm capabilities, ransomware attacks can have implications beyond endpoint security, introducing challenges to enterprise networks. This was particularly true for WannaCrypt, which spread by exploiting a vulnerability (CVE-2017-0144, dubbed EternalBlue, previously patched in security update MS17-010), affecting networks with out-of-date computers.

Petya expanded on WannaCrypt’s spreading mechanism by exploiting not one, but two vulnerabilities. Apart from CVE-2017-0144, it also exploited CVE-2017-0145 (known as EternalRomance, and fixed in the same security update as EternalBlue), affecting out-of-date systems.

These two attacks highlighted the importance of applying security patches as they become available. They likewise highlight the importance of immediately detecting and stopping malicious behavior related to exploits.

It is important to note that the EternalBlue and EternalRomance exploits did not affect Windows 10, underscoring the benefits of upgrading to the latest, most secure version of platforms and software. Even if the exploits were designed to work on Windows 10, the platform has multiple mitigations against exploits, including zero-days. In addition, Windows Defender Advanced Threat Protection (Windows Defender ATP) detects malicious activities resulting from exploits without the need for signature updates.

Credential theft

One of Petya’s more noteworthy behaviors is its credential-stealing capability, which it does either by using a credential dumping tool or by stealing from the Credential Store. This capability poses a significant security challenge for networks with users who sign in with local admin privileges and have active sessions opens across multiple machines. In this situation, stolen credentials can provide the same level of access the users have on other machines.

The Petya outbreak is testament to the importance of credential hygiene. Enterprises need to constantly review privileged accounts, which have unhampered network access and access to corporate secrets and other critical data. Credential Guard uses virtualization-based security to protect derived domain credentials and stop attempts to compromise privileged accounts.

Network scanning

Armed with exploits or stolen credentials, ransomware can spread across networks through network scanning. For example, Petya scanned affected networks to establish valid connections to other computers. It then attempted to transfer copies of the malware using stolen credentials. Petya also scanned for network shares in an attempt to spread through those shares.

WannaCrypt, on the other hand, ran massive scanning of IP addresses to look for computers that are vulnerable to the EternalBlue exploit. This gave it the ability to spread to out-of-date computers outside the network. Network defenders can uncover and stop unauthorized network scanning behaviors.

Destructive behavior

In most ransomware cases, the attacker motivation is clear: victims need to pay the ransom or never gain back access to encrypted files. While there is no guarantee that files are decrypted after payment is made, most ransomware infections make their intention clear through a ransom note. In August, WannaCrypt actors wrapped up their campaign by withdrawing ransom pain in Bitcoins from online wallets.

Petya behaved like other ransomware in this aspect. Attackers emptied the Petya online wallets earlier in July. However, Petya had far more destructive routines: it overwrote or damaged the Master Boot Record (MBR) and Volume Boot Record (VBR), rendering affected computers unusable. This started a conversation about whether this Petya variant was primarily a ransomware like WannaCrypt or a destructive cyberattack like Depriz (also known as Shamoon).

Figure 4. Petya incorporated complex behaviors not typical of ransomware

The debate is not settled, but the Petya attack does raise an important point—attackers can easily incorporate other payloads into ransomware code to facilitate targeted attacks and other types of destructive cyberattacks. As the threat of ransomware escalates, enterprises and individuals alike need a sound cybersecurity strategy and a protection suite that will defend against the end-to-end ransomware infection process.

Integrated end-to-end security suite against ransomware

With high-profile global outbreaks and other notable trends, the first six months of 2017 can be considered one of the more turbulent periods in the history of ransomware. The observations we summarized in this blog highlight the potency of the ransomware threat. Unfortunately, given the trends, we may see similarly sophisticated or even more complex attacks in the foreseeable future. More importantly, however, we should learn from these attacks and developments, because they highlight the areas of cybersecurity that need to be improved and reevaluated.

At Microsoft, we’re always hard at work to continuously harden Windows 10 against ransomware and other attacks. In the upcoming Windows 10 Fall Creators Update, we will integrate Microsoft security solutions into a powerful single pane of glass—centralized management that will allow customers to consume, manage, and integrate security for devices in the network. Windows Defender ATP will be expanded to include seamless integration across the entire Windows protection stack. The suite of tools will include the new Windows Defender Exploit Guard and Windows Defender Application Guard, as well as the enhanced Windows Defender Device Guard and Windows Defender AV.

Today, Windows 10 Creators Update has next-gen technologies that protect against ransomware attacks.

Figure 5. Windows 10 end-to-end protection stack (source: Next-gen ransomware protection with Windows 10 Creators Update)

Windows 10 has multiple exploit mitigations, including control flow-guard for kernel (kFCG), kernel mode code integrity (KMCI), better kernel address space layout randomization (KASLR), NX HAL, and PAGE POOL (non-executable kernel regions). These mitigations help make Windows 10 resilient to exploit attacks, such as those used by WannaCrypt and Petya.

Intelligent Security Graph and machine learning

Security built into Windows 10 is powered by the Microsoft Intelligent Security Graph, which correlates signals from billions of sensors. Unique insights from this vast security intelligence enable Microsoft to deliver real-time protection through Windows Defender AV, Windows Defender ATP, and other next-gen security technologies.

The increasing magnitude and complexity of ransomware require advanced real-time protection. Windows Defender AV uses precise machine learning models as well as generic and heuristic techniques, improved detection of script-based ransomware, and enhanced behavior analysis to detect common and complex ransomware code. Using the cloud protection service, Windows Defender AV provides real-time protection. In recent enhancements, the cloud protection service can make a swift assessment of new and unknown files, allowing Windows Defender AV to block new malware the first time it is seen.

Windows Defender Advanced Threat Protection empowers SecOps personnel to stop ransomware outbreaks in the network. Both WannaCrypt and Petya showed how critical it is to detect, investigate, and respond to ransomware attacks and prevent the spread. Windows Defender ATP’s enhanced behavioral and machine learning detection libraries flag malicious behavior across the ransomware infection process. The new process tree visualization and improvements in machine isolation further help security operations to investigate and respond to ransomware attacks.

Online safety with Microsoft Edge and Office 365 Advanced Threat Protection

Microsoft Edge can help block ransomware infections from the web by opening pages within app container boxes. It uses reputation-based blocking of downloads. Its click-to-run feature for Flash can stop ransomware infections that begin with exploit kits.

To defend against ransomware attacks that begin with email, Microsoft Exchange Online Protection (EOP) uses built-in anti-spam filtering capabilities that help protect Office 365 customers. Office 365 Advanced Threat Protection helps secure mailboxes against email attacks by blocking emails with unsafe attachments, malicious links, and linked-to files leveraging time-of-click protection. Outlook.com anti-spam filters also provide protection against malicious emails.

Virtualization-based security and application control

Credential Guard can protect domain credentials from attacks like Petya, which attempted to steal credentials for use in lateral movement. Credential Guard uses virtualization-based security to protect against credential dumping.

Enterprises can implement virtualization-based lockdown security, which can block all types of unauthorized content. Windows Defender Device Guard combines virtualization-based security and application control to allow only authorized apps to run. Petya, whose first infections were traced back to a compromised software update process, was blocked on devices with Device Guard enabled.

Microsoft-vetted security with Windows 10 S and more security features in Windows 10 Fall Creators Update

Devices can achieve a similar lockdown security with Windows 10 S, which streamlines security and performance by working exclusively with apps from the Windows Store, ensuring that only apps that went through the Store onboarding, vetting, and signing process are allowed to run.

All of these security features make Windows 10 our most secure platform. Next-gen security technologies in Windows 10 provide next-gen protection against ransomware.

Figure 6. Windows 10 next-gen security

But the work to further harden Windows 10 against ransomware and other threats continues. Expect more security features and capabilities in the upcoming Windows 10 Fall Creators Update.

Tanmay Ganacharya (@tanmayg)

Principal Group Manager, Windows Defender Research

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community.

Follow us on Twitter @MMPC and Facebook Microsoft Malware Protection Center

How can IT put PowerShell Integrated Scripting Environment to use?

PowerShell Integrated Scripting Environment is a tool that can benefit all levels of users, which is why many developers and administrators use it almost exclusively when working with PowerShell — often skipping the original console altogether.

With PowerShell ISE, which provides a graphical user interface (GUI) for writing and fixing PowerShell scripts, IT administrators and developers can write, edit and run PowerShell scripts and commands. It provides a more user-friendly way to work with the wide range of features available for creating and testing PowerShell codes.

For example, PowerShell ISE includes IntelliSense for autocompleting commands and for matching cmdlets, variables, parameters and other language elements. The GUI also provides quick access to a variety of snippets that make it easier to construct command logic, such as looping structures. In addition, admins get multiple execution environments, selective code execution and the ability to run commands from either the PowerShell script or the console pane.

What else can PowerShell ISE do?

PowerShell script development

PowerShell Integrated Scripting Environment provides many other features to support PowerShell script development, such as drag-and-drop editing, tab completion, block selection, syntax coloring, keyboard shortcuts and Unicode support. Plus, admins can open PowerShell script files by dragging them from Windows Explorer to the PowerShell ISE GUI. They can even extend the PowerShell Integrated Scripting Environment object model to customize the deployment and add functionality.


Admins can also use PowerShell Integrated Scripting Environment to troubleshoot and debug PowerShell scripts. Although this goes hand in hand with script development, sometimes admins must fix an existing script and want to use PowerShell ISE’s debugging capabilities. Not only do they get features such as selective execution and multiple execution environments, but they can also set up breakpoints, step through code, check variable values and display call stacks. In addition, PowerShell Integrated Scripting Environment displays parsing errors as admins type.

PowerShell Integrated Scripting Environment is also useful as a learning tool.

Running complicated commands

Admins might also use PowerShell Integrated Scripting Environment when they want to run complex ad hoc commands and prefer to avoid the inherent clunkiness of the PowerShell console. With PowerShell ISE, they can type all their code in the script pane and then, when they’re ready, run part or all of the code. This also makes it easier to tweak the script if admins need to run it multiple times, incorporating slight modifications with each execution.


PowerShell Integrated Scripting Environment is also useful as a learning tool. Someone new to PowerShell can benefit a great deal from built-in features, such as IntelliSense, snippet access and parse error displays.

Powered by WPeMatico