Tag Archives: Policy

Microsoft Partner Network licensing changes put channel on alert

Pending Microsoft Partner Network policy changes affecting product licensing have alarmed some partners, with more than 5,000 people signing a petition to register their disapproval.

A key area of contention is Microsoft’s plan to eliminate the internal use rights (IUR) association with product licenses included in Microsoft Action Pack and those included with a competency. Action Pack gives partners access to product licenses and technical enablement services, through which they can create applications and develop service offerings. Microsoft positions Action Pack, which ranges from OSes to business applications, as a way for new MPN members to get started. Competencies are business specializations in areas such as cloud business applications and data analytics.

The revised IUR association policy will compel Microsoft partners to pay for licenses they have been using in-house under the current Microsoft Partner Network membership terms. The new policy goes into effect July 1, 2020.

Paul Katz, president and chief software architect at EfficiencyNext, a software developer in Washington, D.C., said the policy change will cause the company to purchase five Office 365 Enterprise E3 seats. In addition, EfficiencyNext stands to lose the Microsoft Azure credits the company uses to run its website, although Katz said the policy change’s effect on the Azure benefit is somewhat ambiguous at this point. The licensing fees coupled with the potential loss of Azure credits would result in an annual net cost of about $2,400 a year, he added.

“That’s a thorn in the side, but it doesn’t change our world,” Katz said.

The stakes are much higher, he said, for larger partners with more licenses they will need to pay for. A partner with 100 Office 365 E3 licenses, for example, would need to shell out $24,000 annually, based on the $20 per user, per month seat fee.

Charles WeaverCharles Weaver

Charles Weaver, CEO of MSPAlliance, an association representing managed service providers (MSPs), said he found out about the Microsoft policy change when a board member sent him the online petition. “It’s going to sting most of them,” he said of the licensing shift’s effect on service providers. “It is probably not going to be received well by the rank-and-file MSPs.”

The partner petition, posted on Change.org, stated Microsoft’s policies represent unfair treatment, noting partners “have been so loyal to the Microsoft business.” Microsoft couldn’t be reached for comment.

Microsoft Partner Network: Policy consequences

Katz advised partners to “get licensed up” in light of the IUR change, noting that Microsoft has been aggressive in the past with software asset management engagements.

Weaver, however, said he hopes that won’t be the case.

“I can’t think of anything more destructive to the relationship between Microsoft and the channel than that,” he said, noting the audits software vendors pursue tend to target large customers, where millions of dollars are at stake.

People don’t want to come to terms with the fact that we are resellers and we don’t, in any way, shape or form, control the products.
Stanley LouissaintPresident, Fluid Designs Inc.

In addition to causing some partners to incur higher licensing costs, the Microsoft IUR policy shift could also hinder partners’ use-what-you-sell strategies. Resellers and service providers that use a vendor’s products to help run their business gain technology experience, which they can transfer to end customers when deploying those products.

Katz said “dogfooding” — as in, eating one’s own dog food — is the best way to test products, especially for companies that can’t afford to set up a separate test environment.

But the restriction on IUR would discourage this approach and could cause Microsoft to miss out on opportunities down the road.

Weaver pointed to a potential unintended consequence of Microsoft’s action: “They stop the freeloading of MSPs from using their software, as they look at it, and they lose potentially thousands of MSPs who no longer try that stuff out and no longer have access to it and may go to different vendors and different solutions.”

A part of doing business

Stanley LouissaintStanley Louissaint

Stanley Louissaint, president of Fluid Designs Inc., an IT services provider in Union, N.J., said the MPN policy changes don’t affect his company but noted the unease among partners. Louissaint suggested changes in vendor policies are simply part of doing business as a channel partner.

“People don’t want to come to terms with the fact that we are resellers and we don’t, in any way, shape or form, control the products,” he said. “If [Microsoft] changes how they want to deal with us, it is what it is.”

Louissaint said the bottom line is Microsoft wants partners to become paying customers when using the vendor’s products to run their businesses. As for creating test beds to assess products, channel partners still can download software on a trial basis — for up to 180 days, in some cases, he added.

Jeff Aden, executive vice president of marketing and business development at 2nd Watch, a Seattle MSP, said the new policy “is not going to change what we do” unless there is an unforeseen effect. 2nd Watch is a Microsoft Gold partner and an AWS Premier Consulting Partner.

EfficiencyNext’s Katz said the licensing changes don’t mean Microsoft is greedy. He noted Windows Insider members can download preview versions of Windows for free, and there is a community version of Visual Studio that is free for up to five users in nonenterprise organizations.

“They are still a great company, and we are still happy to be working with them,” he said.

Go to Original Article
Author:

Fortnite vulnerability on Android causes disclosure tension

Google’s disclosure policy and Android security in general came under question after the company disclosed a flaw in the Android installer for the world’s most popular game, Fortnite. The flawed installer is only for Android users because Fortnite developer Epic Games bypassed security protections available for apps distributed through the Google Play Store, in order to maximize profits and avoid paying distribution fees to Google.

On Friday, Google disclosed the Fortnite vulnerability and described it as a risk for a man-in-the-disk attack where any “fake [Android Package Kit] with a matching package name can be silently installed” by the Fortnite installer. Google disclosed the flaw to Epic Games on Aug. 15, and Epic had produced a patch within 24 hours.

After testing the patch and deploying it to users on Aug. 16, Epic asked Google on the issue tracker page if they could have “the full 90 days before disclosing this issue so our users have time to patch their devices.” Google did not respond on the issue tracker until Aug. 24, when it noted that “now the patched version of Fortnite Installer has been available for 7 days we will proceed to unrestrict this issue in line with Google’s standard disclosure practices.”

Epic Games founder Tim Sweeney accused Google on Twitter of wanting “to score cheap PR points” by disclosing the Fortnite vulnerability because Epic Games had released the game outside of the Google Play Store.

Epic Games had previously claimed the reason for not releasing Fortnite for Android through the Play Store was twofold: to maintain a “direct relationship” with customers and to avoid the 30% cut Google would take from in-app purchases. Security experts immediately expressed skepticism about the move because of the security checks in Android that need to be turned off in order to sideload an app from outside of the Play Store and the risk of malicious fakes.

Sweeney admitted on Twitter that the Fortnite vulnerability was Epic’s responsibility, but took issue with Google’s fast disclosure.

It is unclear if Epic Games contacted users directly regarding the Fortnite vulnerability and the need to update. And the company did not respond to requests for comment at the time of this post.

Sweeney did note on Twitter that the “Fortnite installer only updates when you run it or run the game” and said Google was monitoring the Fortnite vulnerability situation.

Liviu Arsene, senior e-threat analyst at Romania-based antimalware firm Bitdefender, said that “from a security perspective there’s no right or wrong in this scenario.”

From a security perspective there’s no right or wrong in this scenario.
Liviu Arsenesenior e-threat analyst, Bitdefender

“As soon as the vulnerability was reported, Epic fixed [it] within 24 hours, which is commendable, and then Google publicly disclosed it according to their policy. Technically, users are now safe and informed regarding a potential security vulnerability that could have endangered their privacy and devices,” Arsene wrote via email. “Granted, not all users will receive and install the update instantly, but the same can be said for most security patches and updates. As long as Epic is committed to delivering patches for their apps, regardless if they’re in Google Play or not, and Google is committed to finding and responsibly disclosing vulnerabilities, security is enforced and users are the ones that benefit most.”

My views on U.S. immigration policy

Below is an e-mail I sent to all Microsoft employees today sharing my views on U.S. immigration policy.  This is an incredibly important topic and one I care deeply about.

Team,

Like many of you, I am appalled at the abhorrent policy of separating immigrant children from their families at the southern border of the U.S. As both a parent and an immigrant, this issue touches me personally.

I consider myself a product of two amazing and uniquely American things — American technology reaching me where I was growing up that allowed me to dream the dream and an enlightened immigration policy that then allowed me to live that dream. My story would not have been possible anywhere else.

This new policy implemented on the border is simply cruel and abusive, and we are standing for change. Today Brad detailed our company’s position on this issue, as well as the immigration legislation currently being considered in Congress, and I encourage you to read his blog post.

I want to be clear: Microsoft is not working with the U.S. government on any projects related to separating children from their families at the border. Our current cloud engagement with U.S. Immigration and Customs Enforcement (ICE) is supporting legacy mail, calendar, messaging and document management workloads.

Microsoft has a long history of taking a principled approach to how we live up to our mission of empowering every person and every organization on the planet to achieve more with technology platforms and tools, while also standing up for our enduring values and ethics. Any engagement with any government has been and will be guided by our ethics and principles. We will continue to have this dialogue both within our company and with our stakeholders outside.

The immigration policy of this country is one of our greatest competitive advantages, and this is something we must preserve and promote. America is a nation of immigrants, and we’re able to attract people from around the world to contribute to our economy, our communities and our companies. We are also a beacon of hope for those who need it the most. This is what makes America stronger. We will always stand for immigration policies that preserve every person’s dignity and human rights. That means standing with every immigrant who works at Microsoft and standing for change in the inhumane treatment of children at the U.S. border today. 

Satya  

My views on U.S. immigration policy

Below is an e-mail I sent to all Microsoft employees today sharing my views on U.S. immigration policy.  This is an incredibly important topic and one I care deeply about.

Team,

Like many of you, I am appalled at the abhorrent policy of separating immigrant children from their families at the southern border of the U.S. As both a parent and an immigrant, this issue touches me personally.

I consider myself a product of two amazing and uniquely American things — American technology reaching me where I was growing up that allowed me to dream the dream and an enlightened immigration policy that then allowed me to live that dream. My story would not have been possible anywhere else.

This new policy implemented on the border is simply cruel and abusive, and we are standing for change. Today Brad detailed our company’s position on this issue, as well as the immigration legislation currently being considered in Congress, and I encourage you to read his blog post.

I want to be clear: Microsoft is not working with the U.S. government on any projects related to separating children from their families at the border. Our current cloud engagement with U.S. Immigration and Customs Enforcement (ICE) is supporting legacy mail, calendar, messaging and document management workloads.

Microsoft has a long history of taking a principled approach to how we live up to our mission of empowering every person and every organization on the planet to achieve more with technology platforms and tools, while also standing up for our enduring values and ethics. Any engagement with any government has been and will be guided by our ethics and principles. We will continue to have this dialogue both within our company and with our stakeholders outside.

The immigration policy of this country is one of our greatest competitive advantages, and this is something we must preserve and promote. America is a nation of immigrants, and we’re able to attract people from around the world to contribute to our economy, our communities and our companies. We are also a beacon of hope for those who need it the most. This is what makes America stronger. We will always stand for immigration policies that preserve every person’s dignity and human rights. That means standing with every immigrant who works at Microsoft and standing for change in the inhumane treatment of children at the U.S. border today. 

Satya  

BlackBerry and Microsoft partner to empower the mobile workforce

Companies deliver seamless Mobile App experience and policy compliance; BlackBerry Secure platform now available on Azure

WATERLOO, ONTARIO and REDMOND, Wash. – March 19, 2018 BlackBerry Limited (NYSE: BB; TSX: BB) and Microsoft Corp. (NASDAQ: MSFT) today announced a strategic partnership to offer enterprises a solution that integrates BlackBerry’s expertise in mobility and security with Microsoft’s unmatched cloud and productivity products.

BlackBerry logoThrough this partnership, the companies have collaborated on a first-of-its-kind solution: BlackBerry Enterprise BRIDGE. This technology provides a highly-secure way for their joint customers – the world’s largest banks, healthcare providers, law firms, and central governments – to seamlessly use native Microsoft mobile apps from within BlackBerry Dynamics.

By making Microsoft’s mobile apps seamlessly available from within BlackBerry Dynamics, enterprise users will now have a consistent experience when opening, editing, and saving a Microsoft Office 365 file such as Excel, PowerPoint, and Word on any iOS® or Android™ device. This enables users to work anytime, anyplace, with rich file fidelity. At the same time, corporate IT departments benefit from a greater return on their existing investments, and added assurance that their company’s data and privacy is secured to the highest standards and in compliance with corporate and regulatory policies.

“BlackBerry has always led the market with new and innovative ways to protect corporate data on mobile devices,” said Carl Wiese, president of Global Sales at BlackBerry. “We saw a need for a hyper-secure way for our joint customers to use native Office 365 mobile apps. BlackBerry Enterprise BRIDGE addresses this need and is a great example of how BlackBerry and Microsoft continue to securely enable workforces to be highly productive in today’s connected world.”

Microsoft logo“In an era when digital technology is driving rapid transformation, customers are looking for a trusted partner,” said Judson Althoff, executive vice president of Worldwide Commercial Business at Microsoft. “Our customers choose Microsoft 365 for productivity and collaboration tools that deliver continuous innovation, and do so securely. Together with BlackBerry, we will take this to the next level and provide enterprises with a new standard for secure productivity.”

“Along with a number of our peers in the Financial Services industry, we see strategic partnerships like this one as key to enhancing and bringing new products to market,” said George Sherman, Managing Director, CIO Global Technology Infrastructure, JPMorgan Chase. “This partnership will help create a more seamless mobile experience for end-users, which is a top priority for us at JPMorgan Chase.”

Lastly, the companies shared that the BlackBerry Secure platform for connecting people, devices, processes and systems, has been integrated with the Microsoft Azure cloud platform. Specifically, BlackBerry UEM Cloud, BlackBerry Workspaces, BlackBerry Dynamics, and BlackBerry AtHoc are now available on Azure.

To learn more, please visit  BlackBerry.com.

About Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) is the leading platform and productivity company for the mobile-first, cloud-first world, and its mission is to empower every person and every organization on the planet to achieve more.

About BlackBerry

BlackBerry is a cybersecurity software and services company dedicated to securing the Enterprise of Things. Based in Waterloo, Ontario, the company was founded in 1984 and operates in North America, Europe, Asia, Australia, Middle East, Latin America and Africa. The Company trades under the ticker symbol “BB” on the Toronto Stock Exchange and New York Stock Exchange. For more information, visit www.BlackBerry.com.

BlackBerry and related trademarks, names and logos are the property of BlackBerry Limited and are registered and/or used in the U.S. and countries around the world. All other marks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

###

Media Contacts:

BlackBerry

(519) 597-7273

[email protected]

Microsoft Media Relations

WE Communications for Microsoft

(425) 638-7777

[email protected]

Investor Contact:

BlackBerry Investor Relations

(519) 888-7465

[email protected]

 

The post BlackBerry and Microsoft partner to empower the mobile workforce appeared first on Stories.

VeloCloud SD-WAN made more responsive to network troubles

VeloCloud Networks Inc. has added to its SD-WAN software policy options that make the technology more responsive to network problems that could affect application performance in branch and remote offices.

The enhancements, introduced this week, are delivered through software upgrades to the company’s cloud-based orchestrator and gateway and the VeloCloud SD-WAN appliance deployed at the branch and data center.

In general, VeloCloud’s technology lets companies combine T1 lines, MPLS links and other enterprise network connections with cheaper broadband, DSL and 4G consumer links. The subscription-based SD-WAN provides continuous monitoring, packet-by-packet traffic steering and link remediation to maintain network performance and reliability.

The new 3.1 version lets companies dedicate segments of the network for specific traffic, such as VoIP, a guest Wi-Fi or sensitive credit-card data heading from a retail store to the corporate data center. Organizations can set policies that provide multiple paths for a traffic flow. If performance for a connection falters, the VeloCloud SD-WAN will steer packets elsewhere to maintain a user-defined quality of service.

The on-the-fly correction is targeted at performance-sensitive applications, such as VoIP. “Not only can you set things up quickly, but once you set it up, the network will adjust,” said Bob Laliberte, an analyst at Enterprise Strategy Group, based in Milford, Mass.

Other improvements include a more straightforward process for setting up an IPsec VPN between a VeloCloud SD-WAN and a non-VeloCloud location. Customers can also use the vendor’s orchestration software to deploy security services from VeloCloud partners and to apply group profiles when adding VeloCloud Edge appliances.

In April, VeloCloud introduced a partner program that lets third-party security vendors integrate their products with the SD-WAN service. Partners include Check Point Software Technologies, Fortinet, IBM, Palo Alto Networks and Zscaler.

VeloCloud claims outcome-driven networking in SD-WAN

VeloCloud is marketing its latest upgrade as “outcome-driven networking,” a term not widely used in the industry. Instead, networking vendors and some analyst firms are pushing an approach called “intent-based networking,” which uses GUI-based tools to abstract the many complicated technical steps underpinning the delivery of services.

Earlier this month, virtualization vendor VMware announced plans to acquire VeloCloud for an undisclosed sum. If completed in early February as planned, the acquisition would place VMware in head-to-head competition with Cisco in the branch office. In August, Cisco acquired VeloCloud rival Viptela for $610 million.

Twelve Windows 10 GPOs IT must know about

Microsoft provides an extensive set of Group Policy Objects for managing Windows 10 computers. Only a handful — 12 to be exact — are specific to Windows 10 Enterprise.

Even so, those 12 Windows 10 GPOs can go a long way in IT’s quest to control users’ desktops. The group policies allow IT to enable Windows Spotlight, prevent the lock screen from displaying, manage the Start layout and more.

The administrative template files (ADMX), which are where the group policies live, are made up of structured Extensible Markup Language (XML) that provides a language-neutral reference to each policy. The files work in conjunction with language-specific resource files (ADML) that provide the actual display name and help descriptions for those policies.

A quick introduction to the ADMX file

Each ADMX file includes a set of related policies that corresponds to a policy path within the Group Policy structure. For example, the CloudContent.admx file includes the policy Configure Windows spotlight on lock screen. If IT pros use the Group Policy Editor on a Windows 10 machine to view the local group policies, they would find the policy at the following path:

User Configuration > Administrative Templates > Windows Components > Cloud Content

User Configuration indicates the scope of the policy, which, in this case, is User. If the scope were Machine, the first element would read Computer Configuration. A policy can be available at the User scope, Machine scope or both.

Windows 10 GPOs can go a long way in IT’s quest to control users’ desktops.

Administrative Templates is common to all policies in the ADMX files. As a result of this structure, the Computer Configuration node and the User Configuration node are both in the Group Policy Editor, with each node containing the Administrative Templates subnode.

The remaining elements in the policy path are specific to the policies within a particular ADMX file. In this case, the elements Windows Components > Cloud Content correspond to the CloudContent.admx file, which includes the Configure Windows spotlight on lock screen policy, along with other policies.

Each policy has a friendly display name and a formal reference name. Configure Windows spotlight on lock screen is the display name in this example. The reference name is ConfigureWindowsSpotlight. The ADMX and ADML files use the reference names to sync with one another. The display name appears only in the applicable ADML file and is the name that shows up within the local Group Policy Editor in Windows.

The following sections provide an overview of the Windows 10 Enterprise Group Policy that is specific to that version of the OS based on their ADMX files.

CloudContent.admx template file

Policy path: [scope] > Administrative Templates > Windows Components > Cloud Content

The CloudContent.admx file contains several policies related primarily to Windows Spotlight, an option for displaying different background images on the lock screen and for automatically displaying suggestions about Windows 10 features. A few of them are Windows 10 GPOs exclusively.

Configure Windows spotlight on lock screen
Reference name: ConfigureWindowsSpotlight
Scope: User

Implements Windows Spotlight on the lock screen and prevents users from modifying the lock screen. IT can also set up the lock screen to display internal communications.

Turn off all Windows Spotlight features
Reference name: DisableWindowsSpotlightFeatures
Scope: User

Turns off Windows Spotlight on the lock screen. It also turns off Microsoft consumer features, Windows tips and other related features.

Turn off Microsoft consumer experiences
Reference name: DisableWindowsConsumerFeatures
Scope: Machine

Prevents users from receiving notifications about their Microsoft accounts or personalized recommendations from Microsoft.

Do not show Windows Tips
Reference name: DisableSoftLanding
Scope: Machine

Prevents users from receiving Windows tips, which are contextual pop-up messages explaining how to use Windows.

ControlPanelDisplay.admx template file

Policy path: [scope] > Administrative Templates > Control Panel > Personalization

The ControlPanelDisplay.admx file contains a number of policies for managing personalization settings on the desktop.

Do not display the lock screen
Reference name: CPL_Personalization_NoLockScreen
Scope: Machine

Allows users to see their selected tiles after locking their PCs, rather than seeing the lock screen. This policy only applies to users who do not have to press CTRL+ALT+DEL when they log on.

Force a specific default lock screen and logon image
Reference name: CPL_Personalization_ForceDefaultLockScreen
Scope: Machine

IT can specify the default image users see on their lock and logon screens. When configuring this policy, IT must provide the fully qualified path and file name for the image.

Logon.admx template file

Policy path: [scope] > Administrative Templates > System > Logon

The Logon.admx file contains a number of policies specific to users starting up and logging onto their systems. Although none of these are Windows 10 GPOs only, there is an important issue IT should be aware of related to the policy Turn off app notifications on the lock screen.

If IT enables this policy and also enables the local security policy Do not require CTRL+ALT+DEL — in the Windows Settings node — Windows automatically disables lock screen apps. As a result, IT cannot configure assigned access on the device, which limits users to interacting with only one application, something IT might want to do when setting up a device in kiosk mode.

Turn off app notifications on the lock screen
Reference name: DisableLockScreenAppNotifications
Scope: Machine

Prevents applications from appearing on the lock screen. Otherwise, users can choose which notifications appear on the lock screen.

Do not require CTRL+ALT+DEL
Policy path: Computer Configuration > Windows Settings > Local Policies > Security Options
Scope: Machine

The policy is not part of the Logon.admx template file. That said, if IT enables it, the user is not required to press CTRL+ALT+DEL when logging on. This policy is disabled by default on domain-controlled computers.

Search.admx template file

Policy path: [scope] > Administrative Templates > Windows Components > Search

The policies in the Search.admx file let IT control search-related features on users’ desktops.

Don’t search the web or display web results
Reference name: DoNotUseWebResults
Scope: Machine

Prevents Search from querying the web and prevents Search from displaying web results.

StartMenu.admx template file

Policy path: [scope] > Administrative Templates > Start Menu and Taskbar

The StartMenu.admx file includes a wide range of policies related to the Start menu, only one of which applies exclusively to Windows 10 Enterprise.

Start layout
Reference name: LockedStartLayout
Scope: User and Machine

IT can specify the Start layout for managed devices and prevent users from modifying the Start configuration. IT must first generate the XML files necessary to store the Start layout configuration.

WindowsStore.admx template file

Policy path: [scope] > Administrative Templates > Windows Components > Store

The WindowsStore.admx file includes several policies related to the Windows Store application and application updates.

Turn off the Store application
Reference name: RemoveWindowsStore
Scope: User and Machine

Prevents users from accessing the Windows Store application. Access to the Windows Store application is required to install application updates.

Only display the private store within the Windows Store app
Reference name: RequirePrivateStoreOnly
Scope: User and Machine

This policy prevents users from viewing the retail catalog in the Windows Store app. It does not affect users’ ability to view apps in a private store.

Powered by WPeMatico