Jump to content

Search the Community

Showing results for tags 'office 365'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Microsoft will alert Office 365 admins of Forms phishing attempts Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants. Microsoft Forms is an app that enables web and mobile users to create surveys, polls, and quizzes for collecting feedback and data online. It has recently been made available for personal use to anyone with a Microsoft account after previously being available only to business users with Microsoft 365 Personal and Microsoft 365 Family subscriptions. Forms phishing activity alerts Microsoft Forms detects phishing attempts with the help of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019). This phishing protection feature will proactively identify malicious password collection in forms and surveys. To do that, it uses automated machine reviews to "proactively detect malicious password collection in forms and surveys" to block phishers from abusing Microsoft Forms to create phishing landing pages. Admins receive alerts of any users or forms blocked in their tenants for potential phishing. Microsoft is now working on also adding these phishing activity alerts to SCC's Alert center. "We are now adding Microsoft Forms’ phishing activities alert (for blocked forms and users due to confirmed and suspicious phishing) to the default alert policies in Microsoft’s Security and Compliance Center (SCC)," the company explains in a Microsoft 365 Roadmap entry. "If there is any user restricted from sharing forms and collecting responses from Microsoft Forms because of confirmed phishing activities, or any form identified/detected as phishing form, IT admins will receive an alert in the SCC Alert center." Rolling out later this month Microsoft is planning on making this new feature generally available worldwide in all environments by the end of this month. Microsoft also added an option in November allowing Office 365 admins to review Microsoft Forms phishing attempts to confirm or unblock forms tagged as suspicious for potentially attempting to maliciously harvest sensitive data. Once the notifications are added to the message center, admins can unblock the users if they consider that no malicious intent was behind their data collection attempts. "If you believe a form has malicious intent, no further action from you is required. The form will stay blocked until its owner removes the content flagged for the malicious collection of sensitive data," Microsoft explains. Later this month, Microsoft will also begin notifying Microsoft Defender for Office 365 users of suspected nation-state hacking activity detected within their tenants. Source: Microsoft will alert Office 365 admins of Forms phishing attempts
  2. Office 365 will help admins find impersonation attack targets Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap. Defender for Office 365 (previously known as Office 365 Advanced Threat Protection) protects the emails of Office 365 enterprise accounts from various threats including but not limited to credential phishing and business email compromise. Impersonation happens when a threat actor uses a sender or domain in an email message designed to closely resemble a real sender or domain ([email protected] instead of [email protected] and ćóntoso.com instead of contoso.com). Impersonation attacks take advantage of this tactic with the end goal of deceiving recipients that the email they just read comes from a trusted source. New impersonation detection filters Security admins will be able to use new filters dubbed Impersonated user and Impersonated domain together with the Threat Explorer and real-time detections to detect organization users and domains targeted in impersonation attacks. These filters add to already present capabilities that make it possible to get a list of phishing emails caught by Defender for Office 365's existing impersonation detection filters. "Today we provide filters for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection," Microsoft explains. "We are adding new filters called Impersonated user and Impersonated domain to enable Security Operations teams to explicitly hunt for specific users or domains within their organization that are targets of impersonation attacks." The new information will be available for security team admins via the Impersonation insight pages as well as on a newly added Email Entity page. Microsoft Defender for Office 365 support for hunting impersonated domains and users is still currently in development. However, Microsoft is working on making it generally available worldwide in all environments, to all Microsoft Defender for Office 365 users, by the end of February. Impersonation protection not enabled by default Even though Microsoft Defender for Office 365 comes with built-in anti-phishing protection, impersonation protection is not configured or enabled in the default policy. To take advantage of the new capabilities, admins have to also enable impersonation protection features by modifying the default anti-phishing policies settings. Later this month, Microsoft will also start to notify users of Microsoft Defender for Office 365 of suspected nation-state hacking activity detected within their tenants. The company also added priority protection for accounts of high-profile employees including executive-level managers who are frequently targeted in attacks. Source: Office 365 will help admins find impersonation attack targets
  3. Bad actors are leveraging legitimate services and tools within Microsoft’s productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds. Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from a persistent position inside the cloud-based suite, new research has found. Office 365 user account takeover – particularly during the COVID-19 pandemic with so many working from home – is one of the most effective ways for an attacker to gain a foothold in an organization’s network, said Chris Morales, head of security analytics at Vectra AI. From there, attackers can move laterally to launch attacks, something that researchers observed in 96 percent of the 4 million Office 365 customers sampled between June to August 2020. The company revealed the findings of this research in a 2020 Spotlight Report, released Tuesday. “We expect this trend to magnify in the months ahead,” Morales said in an email interview with Threatpost. The report takes a dive into some of the most popular ways that attackers leverage Office 365 services and tools to compromise corporate networks. Indeed, Office 365 presents a wide playing field for attackers; the leading software-as-a-service (SaaS) productivity suite has more than 250 million active users each month, which has made it a historically consistent target for attacks. Many of those users are currently working from home due to COVID-19 restrictions, often on networks that don’t have the same protections as the corporate cloud. This adds another aspect of accessibility for attackers, Morales said. Cybercriminal Tactics Researchers found three key features of the suite that attackers exploit to take over accounts and go on to perform a variety of attacks: OAuth, Power Automate and eDiscovery. “OAuth is used for establishing a foothold, Power Automate is used for command and control and lateral movement, and eDiscovery is used for reconnaissance and exfiltration,” Morales told Threatpost. OAuth is an open standard for access authentication used in Office 365 and already has been observed by researchers as a way for attackers to gain access to the cloud-based suite. Third-party applications use the standard to authenticate users by employing Office 365 login services and the user’s associated credentials so that they don’t have “to continuously log into every app every time the user and app requires access,” Morales said. Unfortunately, this convenience also is a boon for threat actors because it allows an attacker to steal OAuth credentials or access them by convincing a legitimate user to approve a malicious app (via phishing email), he said. This can allow attackers to maintain persistent and undetected access to Office 365 accounts. Power Automate lets users create custom integrations and automated workflows between Office 365 applications, is enabled by default, and includes connectors to hundreds of third-party applications and services—also giving it appeal for both users and hackers, Morales noted. It allows users to automate mundane tasks but can also be leveraged by attackers, not only because of its default on status, but also because it allows them to make lateral movements within the app and execute malicious command-and-control behaviors, he said. “There is no way to turn off individual connectors — it is all or nothing,” Morales told Threatpost. “Attackers can sign up for free trials to get access to premium connectors that do even more.” Vectra found that 71 percent of customers sampled in their research exhibited suspicious Office 365 Power Automate behaviors. Meanwhile, Microsoft eDiscovery searches across Office 365 applications and data and exports the results. Once inside Office 365, attackers are using this feature as an internal reconnaissance and data exfiltration tool to find critical data to steal that can be used with malicious intent. Fifty-six percent of customers sampled in Vectra’s research exhibited suspicious Office 365 eDiscovery behaviors, researchers found. Account Compromise Impact Once attackers use these features and services to take over Office 365 accounts, there are a number of techniques they use to compromise networks. They can search through emails, chat histories, and files looking for passwords or interesting data to exfiltrate, or set up forwarding rules to get access to a steady stream of email without needing to sign-in again, researchers said. Threat actors also can leverage the trusted communication channel to send socially engineered phishing emails to employees, customers, or partners. For instance, researchers observed (and helped mitigate) an incident where a medical research unit at a university was targeted with a phishing lure that promoted a free calendar optimization and time-management app. After one person took the bait and installed the malicious OAuth app, the attackers had complete access to Office 365 and used it to send internal phishing emails, taking advantage of trusted identities and communications to spread further inside the university. Other attacks that can occur due to Office 365 account takeover include the ability to plant malware or malicious links in documents that many people trust and use; or steal or hold files and data for ransom. To mitigate these threats, researchers recommend that organizations move away from employing static, prevention-based, policy control-centric or one-off mitigations and move to a more contextual security approach, Morales said. “These approaches continue to fail,” he told Threatpost. “Security teams must have detailed context that explains how entities utilize their privileges – known as observed privilege – within SaaS applications like Office 365. Just as attackers observe or infer interactions between entities, defenders should think similarly about their adversaries. It is about the usage patterns and behaviors, not the static access.” Source
  4. Microsoft Office 365 users targeted in SurveyMonkey phishing SurveyMonkey used to hide phishing attacks against Microsoft Office 365 users Online polling service SurveyMonkey was used as a disguise for a potentially damaging phishing attack that targeted Microsoft Office 365 users. Researchers at Abnormal Security recently uncovered attempts to steal Office 365 user credentials using SurveyMonkey as cover. In the campaign, the victim receives an email from a genuine SurveyMonkey site, stating it is conducting a survey among company employees. However the message contains a hidden redirect link, appearing as the text “Navigate to access statement” with the brief message “Please do not forward this email as its survey link is unique to you”. SurveyMonkey phishing However when clicked on, this link instead redirects the victim away from SurveyMonkey to a Microsoft form submission page, which tells the user to submit their Office 365 email and password to proceed. However doing so allows the criminals to steal the unsuspecting user’s Microsoft account security credentials. Abnormal Security notes that this attack may be particularly effective due to its use of a real SurveyMonkey link to hide the nefarious goals within. The email messages carrying the phishing link also use official SurveyMonkey phrases and content, tricking users into believing the message is genuine. Since the phishing URL isn’t visible within the body text, it's also easy for victims to be tricked and miss this at first glance. "Phishing is one of the most successful and long-standing cybercriminal tactics, and the constant evolution in the methodology as seen in these attacks goes some of the way to understanding why," noted Niamh Muldoon, senior director of trust and security at OneLogin. "As phishing attacks become increasingly common, and increasingly sophisticated — often tailored to a targeted team with an organisation — companies and consumers cannot rely on defending against 100% of attacks. Applying Multi-Factor Authentication (MFA) supports user awareness and conscious behaviour when it comes to phishing threats and associated risk of clicking on suspicious links." Microsoft Office 365 users targeted in SurveyMonkey phishing
  5. New phishing attack targets Zoom users to steal Office 365 credentials A new phishing attack is targeting Microsoft 365 (formerly Office 365) users in the form of an email notification for a Zoom account suspension. The email aims to steal users’ Microsoft 365 credentials. The attack was spotted and documented by Abnormal Security (via BleepingComputer). The attack seems familiar to the one that was spotted in May, where a fake Teams email would navigate users to a duplicate Office 365 login page. With the popularity and adoption of Zoom increasing due to increased remote collaboration in the times of the pandemic, such account suspension emails spike users’ interest and warrant immediate attention. In this case, users mostly rush to correct the problem without any suspicion to avoid losing access to the tool that may hinder their work. The email for the Zoom suspension notification interestingly comes from an email address that spoofs the official domain, says the source. It mimics an automated email notification that links to a face Microsoft 365 login page, prompting users to enter their Office 365 credentials. The credentials are then compromised by hackers. The research firm adds that the phishing email has been served to more than 50,000 users. One sign that points to the illegitimacy of the email is the “zoom” branding in the email body without the capitalization of the first letter. Even if users click on the ‘Activate Account’ link in the email, the ‘Outlook’ logo or the domain of the Office 365 login page are telltale signs. The stolen credentials could be used in Business Email Compromise (BEC) scams that exploit cloud email services like Microsoft 365 and Google G Suite. New phishing attack targets Zoom users to steal Office 365 credentials
  6. Who knew spreadsheets could be exciting? Microsoft Microsoft is still finding ways to inject drama into spreadsheets. The Verge reports that Microsoft is giving Excel support for custom live data types, expanding the content you can include well past text, numbers and the occasional stock quote. You could slip a country’s data into a cell and create a formula that extracts the most recent population for your sheet, for example. The approach works by using logic to structure the data you insert into a given cell, using Power BI to connect data types with Excel for business users. Existing cells can even be turned into linked data types, and you can use a Power Query feature to turn imported data into its own type. Access is limited at first. If you’re an everyday user, you can only use Wolfram Alpha data as part of an Office Insider preview — Microsoft 365 users will have to wait. The corporate crowd can use Power BI data types in Excel for Windows for Microsoft 365 and Office 365 subscribers that also have Power BI Pro service plans. How well this works will depend on how Microsoft interprets data. You might still have to tweak a dataset if Excel doesn’t know what to make of it. All the same, this could make Excel spreadsheets much more useful for putting data to work — you can easily use live, evolving info instead of painstakingly entering it by hand. Source
  7. Limit Office 365 Telemetry with this undocumented setting Office 365, just like Microsoft Windows, Microsoft Office and other Microsoft products collect and submit telemetry data to Microsoft servers by default. Only a few options to limit data collection are provided to most users of Windows and other Microsoft products; Enterprise customers do get more options. When it comes to Office 365, there is an undocumented setting that administrators may set on Windows devices to limit telemetry. The setting was revealed by Aleksandar Milenkoski on Twitter. Milenkoski analyzed telemetry in Microsoft Office and published a report about his findings for the German Federal Office for Information Security. The English version of the report is available as a PDF document that you can download / view with a click on this link. It includes a treasure trove of information about telemetry in Office, including an entire chapter on disabling the output of diagnostic data. The chapter lists Microsoft endpoint servers that telemetry data is submitted to and an undocumented Registry setting that will limit telemetry when enabled. Here is what needs to be done: Use Windows-R to open the run box on the Windows system. Type regedit.exe and click OK to load the Registry Editor. Confirm the UAC prompt if it is displayed. Go to HKEY_CURRENT_USER\Software\Policies\Microsoft\office\ common\clienttelemetry\. Create missing keys by right-clicking on the previous key and selecting New > Key. Name them according to the path information. Right-click on clienttelemetry and select New > Dword (32-bit) Value. Name it DisableTelemetry. Set its value to 1 to disable some of the data collecting that goes on normally. Milenkoski notes: Setting the registry value HKEY_CURRENT_USER\Software\Policies\Microsoft\office\ common\clienttelemetry\DisableTelemetry to 1 disables the Aria and Nexus Office telemetry modules (see Section 2). For example, if DisableTelemetry is set to 1, Office applications do not load the MSOARIANEXT.dll library file, which implements Aria (see Section 2.1) He goes on to note that the setting does not impact Office functionality. Not all data collecting is disabled when the Registry value is set to 1. However, it disables the output of diagnostic data only from the Aria and Nexus Office telemetry modules. It does not disable, for example, the output of diagnostic data produced by connected experiences, sent to Microsoft by Windows telemetry modules (see Section 2). For example, when DisableTelemetry is set to 1, OLE32 Extensions for Win32 still sends diagnostic events to hubblecontent.osi.office.net/contentsvc/api/telemetry when a user uses the Insert Icon connected experience in Word. The undocumented Registry setting cannot be configured using the Group Policy editor. Milenkoski lists policies that are relevant for limited telemetry as well in the document. Limit Office 365 Telemetry with this undocumented setting
  8. Microsoft is working on adding a new Microsoft Forms phishing attempt review feature that will allow Office 365 admins to confirm and block forms that try to maliciously harvest sensitive data. Microsoft Forms is a web and mobile app that enables users to create surveys, quizzes, and polls designed for collecting feedback and data online. Previously it was only available to business users with Microsoft 365 Personal and Microsoft 365 Family, but it has recently been made available for personal use to anyone with a Microsoft account. Block potential form-based phishing attempts "When managing Microsoft Forms, IT admins now have two options in response to possible phishing: you can either click 'unblock' or 'confirm phishing', a new option that is now available," Redmond explains in a new Microsoft 365 Roadmap entry. Phishing attempts are detected by Microsoft Forms with the help of proactive phishing detection (available for all public forms since July 2019 and for enterprise forms from September 2019), a protection feature that will proactively identify malicious password collection in forms and surveys. Such attempts are automatically and temporarily blocked from continuing to collect answers to preemptively block threat actors from abusing forms as phishing landing pages. Global and/or security administrators receive alerts of all forms detected and blocked for potential phishing in their tenant. Reviewing potentially malicious forms Starting with the feature's roll-out to all standard multi-tenants during November 2020, IT admins can examine all forms automatically tagged as phishing attempts to make sure that those that try to harvest the users' sensitive info for use in future malicious campaigns. To review and unlock phishing forms, admins will have to go through the following steps: Sign in to the Microsoft 365 admin center at admin.microsoft.com. Go to the Message center and look for the notification, Prevent/Fix: Microsoft Forms Detected Potential Phishing (this notification contains a daily summary of any and all blocked forms created in your tenant) Click on the Forms admin review URL link in the notification to review blocked forms. For each form you review, go to the upper right corner of the page and select whether to unblock it or confirm its phishing attempt (unblock those wrongfully tagged and confirm those that you want blocked for malicious intent) Reviewing Forms phishing detections (Microsoft) Unblocking Microsoft Forms users Microsoft Forms will also automatically block users if they repeatedly try to collect information by distributing forms. Such attempts are logged and admins will be informed via the Microsoft 365 message center. Once the notifications are added to the message center, admins can unblock the users if they consider that no malicious intent was behind their data collection attempts. To remove restrictions for any blocked Microsoft Forms users in their tenant, admins will have to follow this procedure: Sign in to the Microsoft 365 admin center at admin.microsoft.com. Go to the Message center and look for the notification, Prevent/Fix: Microsoft Forms Detected Potential Phishing. Click on the link provided in the notification to review blocked users. For each user you believe has no malicious intent, you can choose to click the Unblock link in the Actions column that is associated with that user. Source
  9. Spin Technology announced the next generation of SpinOne, an AI-powered ransomware and backup solution for Google Workspace and Office 365. In the last year alone, 51 percent of organizations were targeted by ransomware, and cybersecurity continues to be a top concern for business leaders. Including advanced new security features, a completely redesigned user interface, and improved platform functionality, the latest version of SpinOne will help organizations better protect against ransomware attacks in the cloud. Over the last seven months, cloud adoption has accelerated as the number of remote workers spiked dramatically due to the COVID-19 pandemic. This increased reliance on the cloud has resulted in more ransomware attacks on public cloud and SaaS services. In fact, according to a recent report, six in ten successful attacks include data in the public cloud. SpinOne offers industry-leading ransomware protection for G Suite and Microsoft 365, backup capabilities, and application management. “As organizations add additional cloud services, they need solutions that are simple to deploy and manage. These updates make it even easier for IT and security professionals to protect their employees from the risks associated with ransomware, all while allowing them to scale the SpinOne platform over time,” said Dmitry Dontov, Chief Executive Officer. “As G Suite shifts to Google Workspace, SpinOne continues to protect your organization’s data against ransomware and now includes additional summaries that explain the levels of risk and required action. In addition, we’ve enhanced our cloud monitoring capabilities and introduced advanced auditing.” Comprehensive new security summaries From the dashboard view, an admin can now quickly scan their Google Workspace environment, including what security incidents have occurred to their data. Each data feed is summarized in a widget outlining security incidents, incident history, account summary, and more. Cloud monitoring Google Workspace has various ongoing activities operating within it, and SpinOne Cloud Monitor now provides a comprehensive overview of all actions, including Data Sharing, Application Installed, and Drive File Deleted. SpinOne now includes six additional cloud monitoring capabilities, detailing the admin activities within the SpinOne platform. The Cloud Monitor Incident Report details actions from users that exceed the rules set by Admins in their policies. Advanced auditing SpinOne now expands its monitoring of OAuth access, including Android, Native, iOS. Historical risk scoring reviews are now expanded, and organizations can review an add-on’s risk over time. Enhancements to backup and recovery Users and Groups are now separated in the new SpinOne. APIs are now available for major third-party applications. Source
  10. Tool allows managers to use Microsoft 365 to track their employees’ activity Microsoft has been criticised for enabling “workplace surveillance” after privacy campaigners warned that the company’s “productivity score” feature allows managers to use Microsoft 365 to track their employees’ activity at an individual level. The tools, first released in 2019, are designed to “provide you visibility into how your organisation works”, according to a Microsoft blogpost, and aggregate information about everything from email use to network connectivity into a headline percentage for office productivity. But by default, reports also let managers drill down into data on individual employees, to find those who participate less in group chat conversations, send fewer emails, or fail to collaborate in shared documents. “This is so problematic at many levels,” tweeted the Austrian researcher Wolfie Christl, who raised alarm about the feature. “Employers are increasingly exploiting metadata logged by software and devices for performance analytics and algorithmic control,” Christl added. “MS is providing the tools for it. Practices we know from software development (and factories and call centres) are expanded to all white-collar work.” In a statement, a Microsoft spokesperson said: “Productivity score is an opt-in experience that gives IT administrators insights about technology and infrastructure usage. Insights are intended to help organisations make the most of their technology investments by addressing common pain points like long boot times, inefficient document collaboration, or poor network connectivity. Insights are shown in aggregate over a 28-day period and are provided at the user level so that an IT admin can provide technical support and guidance.” “We are committed to privacy as a fundamental element of productivity score,” wrote Jared Spataro, the corporate vice-president for Microsoft 365, in online documentation. “Let me be clear: productivity score is not a work monitoring tool. Productivity score is about discovering new ways of working, providing your people with great collaboration and technology experiences … For example, to help maintain privacy and trust, the user data provided in productivity score is aggregated over a 28-day period.” But the response has not reassured all critics. “The word dystopian is not nearly strong enough to describe the fresh hellhole Microsoft just opened up,” tweeted David Heinemeier Hansson, co-founder of the office productivity suite Basecamp. “Just as the reputation of a new and better company was being built, they detonate it with the most invasive workplace surveillance scheme yet to hit mainstream. “Being under constant surveillance in the workplace is psychological abuse,” Heinemeier Hansson added. “Having to worry about looking busy for the stats is the last thing we need to inflict on anyone right now.” Employee surveillance “has really ramped up” alongside remote working during the coronavirus pandemic, as companies seek more oversight of workers away from the office, Dr Claudia Pagliari, a researcher into digital health and society at the University of Edinburgh, told the Guardian in September. Source
  11. Access is sold for $100 to $1500 per account, depending on the company size and exec role. A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week. The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as: CEO - chief executive officer COO - chief operating officer CFO - chief financial officer or chief financial controller CMO - chief marketing officer CTOs - chief technology officer President Vice president Executive Assistant Finance Manager Accountant Director Finance Director Financial Controller Accounts Payables Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user's role. The seller's ad on Exploit.in Image via KELA A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain. The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker. Sample login provided by the seller as public proof The seller refused to share how he obtained the login credentials but said he had hundreds more to sell. According to data provided by threat intelligence firm KELA, the same threat actor had previously expressed interest in buying "Azor logs," a term that refers to data collected from computers infected with the AzorUlt info-stealer trojan. Infostealer logs almost always contain usernames and passwords that the trojan extracts from browsers found installed on infected hosts. This data is often collected by the infostealer operators, who filter and organize it, and then put it on sale on dedicated markets like Genesis, on hacking forums, or they sell it to other cybercrime gangs. "Compromised corporate email credentials can be valuable for cybercriminals, as they can be monetized in many different ways," KELA Product Manager Raveed Laeb told ZDNet. "Attackers can use them for internal communications as part of a 'CEO scam' - where criminals manipulate employees into wiring them large sums of money; they can be used in order to access sensitive information as part of an extortion scheme; or, these credentials can also be exploited in order to gain access to other internal systems that require email-based 2FA, in order to move laterally in the organization and conduct a network intrusion," Laeb added. But, most likely, the compromised emails will be bought and abused for CEO scams, also known as BEC scams. According to an FBI report this year, BEC scams were, by far, the most popular form of cybercrime in 2019, having accounted for half of the cybercrime losses reported last year. The easiest way of preventing hackers from monetizing any type of stolen credentials is to use a two-step verification (2SV) or two-factor authentication (2FA) solution for your online accounts. Even if hackers manage to steal login details, they will be useless without the proper 2SV/2FA additional verifier. Source
  12. Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update Microsoft has acknowledged that a combination of the June 2-or-later version of Microsoft 365 (nee Office 365) and the June Win10 cumulative updates cause Outlook to disavow its PST files. The source of the problem seems to be a bug in the cumulative updates. Microsoft / lVcandy / Aleksei Derin / Getty Images Internecine conflict seems to be a recurring theme at Microsoft, but this one takes it to new levels. Somehow, somebody forgot to test the latest patched version of Outlook with the latest patched version of Windows. The result is an error message that makes Outlook inoperable. The official announcement appears on the Microsoft 365 support site: After updating to Version 2005 Build 12827.20268 or higher and starting Outlook you may see the following error prompt: The Outlook Team is investigating this issue with the Windows Team. We are not sure yet if the primary fix will come from Outlook or Windows. When we have more information on fix details we will add them here. Microsoft If you click OK, the ScanPST Inbox Repair Tool starts. Go through the repair process, reboot, and - surprise! - you get the error message again. Wash. Rinse. Repeat. No telling how many hours have been wasted over the weekend on this one. The good news, though, is that your PST file is fine – and always has been. As best I can tell, the show-stopper bug only occurs on machines that: Use PST, not OST, files; Run Microsoft 365 version 2005 Current Channel release 12827.20268 (from June 2) or Current Channel release 12827.20336 (from June 9); And have installed the June 2020 Win10 cumulative update (KB 4557957 for version 2004, KB 4560960 for versions 1903 or 1909, or KB 4561608 for version 1809). Microsoft’s solution – published in that Microsoft 365 support article – involves manually editing the Registry to make Outlook disregard the bogus “corrupt” PST file on startup. In fact, the “corrupt” PST file isn’t corrupt at all. It’s just Windows messin’ with Outlook. If you don’t want to pummel your Registry, Diane Poremsky at Slipstick has an easy downloadable solution. The insider report I have says that the bug is actually in the June cumulative updates, but that it’ll be easier for Microsoft to fix the problem by working around it in a new Microsoft 365 Current Channel release. You might expect that the Office people aren’t particularly happy about this one. Tell me once again…, who tests this stuff? Solace for muzzled Outlook devs available on the AskWoody.com Lounge. Debilitating 'Outlook needs to close' bug linked to a bad Windows cumulative update
  13. As the son of a field police officer, I grew up with firsthand knowledge of how teamwork and tools go together to facilitate great police work. In my 25 years as a police officer and 17 years at the Belgian Federal Police, I’ve worked with our IT team to help create a safer society for the 11.4 million people who live in Belgium and a more secure workplace for our 55,000 employees. Since 2015, we have been building a modern, efficient work environment for police officers through digital tools that support collaboration. Today, more than ever, our police officers depend on secure, mobile access to good information and the ability to share that information to solve crimes. We chose Microsoft 365 E3 to support our workplace modernization journey. A unified Microsoft cloud platform delivers strategic value for a police organization because it creates a sustainable, agile, and highly secure workplace culture. As we take a leadership role in our journey to the cloud, we’re using Microsoft 365 tools to improve collaboration—and help solve crimes in the process. When we launched Yammer, police officers who hadn’t seen each other since graduating from the academy began to reconnect. Colleagues now use Yammer to share project-based data while investigators use it to pose questions about their ongoing cases. Police coworkers contribute their knowledge and expertise to answer those questions, which can help resolve investigations faster. It’s been a huge step forward to see how suddenly the whole police organization can help each other in real time. We recently used the online meetings capabilities in Office 365 as an improvised “war room” to brainstorm how to solve a sudden emergency. The meeting occurred in the evening, but no one had to come into the office to participate. The operational chief managed the call, and people used the video and chat functions to make important decisions as quickly as possible. We also collaborate more effectively because we use Microsoft Teams to better support units within the force. For example, our Belgian Dog Support Group has 35 dog teams that are dispatched to join local units when needed. This means that the teams lose their connection to the central canine support office. Today, we use Office 365 and Teams to create a digital central dog unit. The dog teams connect to this space from their mobile devices to share their experiences in the field. This builds important team comradery and provides a platform to increase our collective knowledge. We plan to use Teams and other Microsoft 365 tools to bridge projects across the organization. We are digitizing our IT department and introducing a goal-oriented project management approach to our workplace culture. The collaborative Teams environment with unified communications will help us manage our daily business more efficiently. To support this modern, cloud-based workplace, we need to protect our environment in a new way. The move to a solid, highly secure IT environment was a big factor in our decision to adopt Microsoft 365. We feel that Microsoft meets the complex security and compliance needs of a national police service. With Enterprise Mobility + Security, we have the tools to improve our security posture and keep us aligned with General Data Protection Regulation (GDPR) requirements. Today, police officers carry smartphones and mobile devices loaded with proprietary police applications, and we use Microsoft Intune to manage 5,000 devices. We’ve deployed Azure Active Directory Premium Plan 1 for conditional multifactor authentication and access and identity management. In addition to our other cybersecurity protection measures, we also use Microsoft Advanced Threat Analytics to mitigate the risk of cyberattacks. We retain control of security and access to information through this combination of authentication, device management, and authorization services. Additionally, we’re speeding up our national deployment on Windows 10, so 55,000 employees will soon benefit from having Windows Defender Antivirus on their devices. As the Belgian police rise to the challenge of digital transformation, we are confident that we have the tools to promote teamwork in a highly secure modern environment. And we’re in a better position to fulfill our responsibilities to citizens who expect us to solve crimes faster and our services to adapt to the digital world. The future of our force lies in the interconnection between police officers and the citizens they serve—we are ready. source
  14. Last year, we updated Office.com with a new experience focused on two simple things: helping users get the most out of Office and getting them back into their work quickly. The streamlined site has clearly resonated with customers, and now more than 40 percent of Office 365 web users start their work by visiting Office.com. Starting today, we’re bringing this experience to Windows 10 in the form of an app, simply called Office. It’s now available to Windows Insiders (Fast) and will roll out to all Windows 10 users soon. The app itself is free and it can be used with any Office 365 subscription, Office 2019, Office 2016, or Office Online—the free web-based version of Office for consumers. A few key reasons to use the app include: Quickly switch between apps. See all your Office apps in one place and switch between them with a single click. Get back into your work. Jump to your most recently used documents, pinned documents, and documents shared with you—whether they’re on your local machine or stored in OneDrive or SharePoint. Find what you need. With Microsoft Search integrated prominently, you can quickly find the apps, documents, people, and sites you need to get your work done. Tailor it to your organization. Organizations can apply company branding and integrate other line of business applications through single sign-on to customize the experience for their users. The Office app will replace the My Office app, which currently helps users manage their Office 365 subscriptions. If you already have the My Office app, you will get the new Office app through an automatic update in the coming months. Otherwise, you can download it from the Microsoft Store. Starting this summer, new Windows 10 devices will come with the Office app already installed—making it easier than ever to start using Office on a new PC. Let us know what you think We are excited to share this initial release with the Windows Insiders, and we’ll continue to improve the experience based on your feedback. Please let us know what you think via the feedback link under Settings within the app. source
  15. Microsoft to drop support for Office 365 apps on macOS 10.13 starting in November Microsoft has posted a message on the Office 365 message center notifying Mac users that the Office suite of apps for macOS 10.13 High Sierra and older will stop being supported starting November 10, 2020. The company has also updated the support pages to reflect the change, adding that as of the November 2020 update to Microsoft 365 for Mac and Office 2019 for Mac, only macOS 10.14 Mojave or newer will be supported. The change is in line with the Redmond giant’s support life cycle for Apple’s OS offerings. The company supports the three most recent versions of macOS. With macOS 11 Big Sur closer to launch, the company recommends that users upgrade to the newer versions of the OS to continue receiving support for Word, Excel, PowerPoint, Outlook, and OneNote. While users of macOS 10.13 or older will still be able to use the said apps, they will no longer receive updates for security or feature additions after the said date. Apple typically releases new macOS versions in September, which is when these support lifecycles change. However, this year is different, as the Cupertino giant is yet to release the OS to all supported devices. It is not clear if the November 10 date will change when macOS Big Sur makes it to general availability, or if the timeframe itself hints at the possible release schedule for Apple’s next OS update. Source: Microsoft Support via OnMSFT Microsoft to drop support for Office 365 apps on macOS 10.13 starting in November
  16. DoJ says SolarWinds hackers breached its Office 365 system and read email Department discovered the intrusion 9 days after SolarWinds hack came to light. Enlarge Gregory Varnum 72 with 41 posters participating The US Justice Department has become the latest federal agency to say its network was breached in a long and wide-ranging hack campaign that’s believed to have been backed by the Russian government. In a terse statement issued Wednesday, Justice Department spokesman Marc Raimondi said that the breach wasn’t discovered until December 24, which is nine days after the hack campaign came to light. The hackers, Raimondi said, took control of the department’s Office 365 system and accessed email sent or received from about 3 percent of accounts. The department has more than 100,000 employees. Investigators believe the campaign started when the hackers took control of the software distribution platform of SolarWinds, an Austin, Texas-based maker of network management software that’s used by hundreds of thousands of organizations. The attackers then pushed out a malicious update that was installed by about 18,000 of those customers. Only a fraction of the 18,000 customers received a follow-on attack that used the backdoored SolarWinds software to view, delete, or alter data stored on those networks. So far, about a half-dozen federal agencies have said they were among those singled out. Private companies including Microsoft and security firm FireEye have also said they were part of this group. On Tuesday, officials with the National Security Agency, FBI, Cybersecurity and Infrastructure Security Agency, and Office of the Director of National Intelligence issued a joint statement saying that the Kremlin was ”likely” behind the hack, which began no later than October 2019. Wednesday’s statement said that investigators have no indication that the department’s classified network has been breached. While that’s good news, sensitive information routinely flows through non-classified systems. A second software maker investigated While SolarWinds software has been widely suspected as the initial way hackers got in, The New York Times on Wednesday reported that investigators are examining the role another software supplier, JetBrains, may have played. The company, which was founded by three Russian engineers in the Czech Republic, makes a tool called TeamCity that helps developers test and manage software code. TeamCity is used by developers at 300,000 organizations, including SolarWinds and 79 of the Fortune 100 companies. The Wall Street Journal reported that investigators believe the hackers gained access to a TeamCity server used by SolarWinds but that it was unclear how the system was accessed. In a statement, JetBrains co-CEO Maxim Shafirov said it hasn’t been contacted by SolarWinds or any government agency about any role TeamCity may have played. DoJ says SolarWinds hackers breached its Office 365 system and read email
  17. Microsoft points to October end-of-support for older Office apps accessing 365 services As of Oct. 13 the company will stop supporting older versions of Office applications connecting to Office 365 and Microsoft 365 services. Martyn Williams/IDG Microsoft recently reminded customers that starting Oct. 13 the company will not support older versions of Office applications connecting to Office 365 and Microsoft 365 services. In a support document dated July 20, Microsoft listed the applications that will be "supported for connecting to Office 365 (and Microsoft 365) services" such as Exchange Online, SharePoint Online and OneDrive for Business. Microsoft 365 Apps for enterprise, formerly known as "Office 365 ProPlus;" Microsoft 365 Apps for business, previously "Office 365 Business;" Office 2019; Office 2016, but only the Windows version. The Office editions left in the cold are those provided with "perpetual" licenses – ones customers paid for once, not repeatedly as for Office or Microsoft 365 subscriptions – including Office 2013 on Windows, which is to receive support until April 11, 2023; Office 2010 for Windows; and Office 2016 for Mac. The last two exhaust general support on Oct. 13. (Mac versions of Office are supported for only five years, rather than the decade Windows' editions receive.) Although excluding some Office applications from Office 365 service support may seem harsh – especially when those applications are owed years of support – Microsoft softened the blow considerably. "We won't take any active measures to block other versions of the Office client, such as Office 2013, from connecting to Office 365 services, but these older clients may encounter performance or reliability issues over time," the Redmond, Wash. developer stated in the support document. With support lost more from omission than commission, Microsoft argued that customers "will almost certainly face an increased security risk" and "find themselves out of compliance" rather than be suddenly suspended from accessing, say, OneDrive. Microsoft has long played with the support of Office applications connecting to Office 365 services. Three years ago, the company said that perpetual-license versions of Office would be able to connect to Microsoft's cloud-based services only during the first half of their 10-year support lifecycle. It set Oct. 13, 2020 as the date when the new policy would take effect. But in September 2018, Microsoft gave Office 2016 a reprieve, saying that that suite would be able to connect to the services through October 2023. Office 2019's support for Office and Microsoft 365 services also expires in October 2023. Microsoft Microsoft's matrix spells out what Office is supported until when for connecting to Office and Microsoft 365 services. Microsoft points to October end-of-support for older Office apps accessing 365 services
  18. OneDrive / SharePoint Online to become the default save location for Office 365 files It is never pleasant to lose Office files you’ve been working on for a long time due to software problems (or worse), and Microsoft is well aware of it. Indeed, the company wants to make it virtually impossible to lose your work files by automatically saving them to the Microsoft cloud. Last week, the company announcedthat starting in February, all documents created in Office 365 on Windows and Mac will be automatically be saved to OneDrive or SharePoint Online (via Neowin). This will apply to Word, Excel and PowerPoint documents that will all be directly saved to the cloud, though it will still be possible to choose another location if you want to. This announcement complements the Known Folder Move feature that Microsoft unveiled in January, which allows users on Windows 7, 8.1 and Windows 10 to protect their important files by redirecting their desktop documents and folders to OneDrive. “These features, along with OneDrive Files On-Demand for Mac, are part of our investments in making it easier for you to get your files into the cloud. By saving to the cloud, you will be able to securely access your most important documents from any device and start collaborating with others from the get go,” the company explained. Source
  19. Microsoft Office may be the most common productivity tool for corporate users, but it's no one-size-fits-all suite. Here's how to decide which version is best for you: Office 2019 or Office 365. Microsoft Office may be the de facto productivity tool for millions of workers worldwide, but it's no monolith. Rather than a single, towering smooth-black Office, there's a whole Stonehenge of options: Office on the iPhone, on iPad, Office on Android smartphones, Office on personal computers, Windows and macOS, Office with a handful of applications, Office with fist-fulls of apps. But when you get down to it, there are really only two kinds of Office. One, labeled Office 2019, is the stand-alone suite that traces its roots back to the last century. The other, Office 365, is the subscription service that debuted in 2011. How they differ can be confusing, especially since each includes, more or less, the same applications. Here are three ways to tell these tools apart, and a look at what's coming, based on Microsoft's new support policies for both Office 2019 and Office 365. JD Sartain / IDG Worldwide Microsoft Office 365 Desktop subscription version How Office is paid for Of the differences between Office 2019 and Office 365, purchase plans are among the most striking. Office 2019, whether bought one copy at a time in retail or in lots of hundreds via volume licensing, has been dubbed a "one-time purchase" by Microsoft to spell out how it's paid for. (Labels like "perpetual," which have been widely used by Computerworld, technically note the type of license rather than payment methodology, but in Office's case, the kind of license is tied to whether it was bought outright or simply "rented.") Microsoft defines the term as when "...you pay a single, up-front cost to get Office applications for one computer." Up-front is the key adjective there; Office 2019's entire purchase price must be laid out before receiving the software. That purchase, actually of a license to legally run the software, gives the buyer the right to use Office 2019 in perpetuity. In other words, the license has no expiration date, and users may run the suite as long as they want. Pay for Office 2019 this year and use it for the next seven years? Fine. Run it until 2030? Nothing to stop you. One-time purchases include Office Standard 2019 and Office Professional Plus 2019 (Windows) and Office Standard 2019 for Mac (macOS), the enterprise-grade SKUs available only via volume licensing; and retail packages such as Office Professional 2019 (Windows) and Office Home & Business 2019 (macOS). Office 365, the purchase method Microsoft pushes most aggressively, is a subscription service, so payments are made monthly or annually. In some rare instances, annual payments may produce savings in exchange for a commitment: Office 365 Business Premium, for example, costs $12.50 per month per user when paid in an annual lump sum ($150 per user), but $15 per month per user on a month-to-month plan ($180). All enterprise plans - from Enterprise E1 to E5, as well as ProPlus - do not offer a monthly option but require an annual commitment. Like any subscription, Office 365 provides a service - in this case, the right to run the suite's applications and access the associated services - only as long as payments continue. Stop paying, and rights to run the apps and services expire. (Actually, they don't immediately stop working; everything will continue to operate normally for 30 days past the previous payment's due date.) A license for Office 365, then, is contingent on sustained payments. Halt the latter and the license is revoked. Restarting the payments restores the license. Office 365 plans range from one for individual consumers (Office 365 Personal) and small businesses (Office 365 Business) to educational institutions (Office 365 Education E5) and corporations (Office 365 Enterprise E3). Office 365 is also part of Microsoft 365, an even more expensive subscription. The latter comes with labels resembling those of Office 365, including Microsoft 365 Business and Microsoft 365 Enterprise E3. How each version of Office is serviced Although payments define one difference between Office 2019 and Office 365, Microsoft's turn to a faster development and release pace is ultimately more important to users - and the IT professionals who support them. Think of Office 2019 as traditional software made and sold in traditional ways. That holds for servicing, too. Microsoft provides monthly security updates for Office applications, usually on the second Tuesday of each month, and also fixes non-security bugs for the first five years of the SKU's lifecycle. But Office 2019 does not receive upgrades with new features and functionality. What you get when you buy the suite, feature-wise, is it. If you want to run a new edition, say, Office 2022 (Microsoft has only said it will do another perpetual version, not that it will be so named), you will need to pay another up-front fee to run it. Office 365, on the other hand, has a completely different servicing model. While the Office applications licensed to users through Office 365 receive the same security patches (and non-security fixes) distributed to Office 2019, they also acquire new features and functionality on a twice-a-year schedule. Those upgrades are issued first in September and March of each year as "Semi-Annual Channel (Targeted), then followed in January and July with "Semi-Annual Channel" releases. This support document explains the update channels of Office 365 ProPlus, the application bundle included in Office 365. As new features and functionality accrete, the applications evolve until, at some point, Microsoft says they are sufficiently different to warrant a new numerical moniker, such as Office 2022 or Office 2025 (if the perpetual version goes on that long). It will then package those versions into an upgraded suite for customers who continue to make one-time, up-front purchases. How Office hooks up with cloud services Neither Office 2019 or Office 365 is truly cloud-based, but both are able to connect with Microsoft's cloud services (and to a very limited extent, some third-party services). Currently, both the applications awarded in a one-time purchase of Office 2019 and those installed as part of an Office 365 subscription can connect with services such as Microsoft-hosted Exchange, OneDrive storage and Skype for Business. However, in April 2017 Microsoft announced a major change in the rights of perpetual Office. Office 2019's applications - acquired through an up-front purchase of the suite - must be in their "Mainstream" support period, the first five years of the guaranteed lifecycle, to connect with Microsoft's cloud services. "Office 2019 connections to Office 365 services will be supported until October 2023," Microsoft stated in one support document. (For a while, Microsoft pegged the service cut-off for Office 2016 at October 2020 but within a few months it retreated and said that, like Office 2019, the older suite would connect to Microsoft's cloud services until October 2023.) The change clearly took aim at customers who mixed cloud services with traditional one-time payment software, because it effectively halved the time the latter could be used in those organizations. At the same time, the post-2023 rule advanced Microsoft's efforts to push business customers toward subscriptions. The company hasn't been shy about saying that Office 365 is, in the end, inevitable. "Most of our cloud-powered innovation is coming to Office 365 and Microsoft 365. However, we recognize that some customers can't move to the cloud in the near term. We want to support all our customers in their journey to the cloud, at the pace that makes the most sense to them," Microsoft said. Applications obtained from an Office 365 subscription will never have a connect cutoff date. How Office will be supported in the future On Feb. 1, 2018, Microsoft revealed changes in support for Office 2019, even though the "one-time purchase" product had not yet been released. The company also previewed a shape-shift in support for Office 365, specifically the ProPlus component - the desktop productivity applications - slated to take effect in January 2020. Microsoft plans to slash support for Office 2019. "Office 2019 will provide 5 years of mainstream support and approximately 2 years of extended support," wrote Jared Spataro, the general manager for Office, in a Feb. 1, 2018, post to a company blog. "This is ... to align with the support period for Office 2016. Extended support will end 10/14/2025." As Spataro implied, Office 2016's support also will come to a stop Oct. 14, 2025. Office 2016 is to get 10 years of support (five in the "Mainstream" support stretch, five in "Extended"). Office 2019 will get just 7, representing a decrease of 30%. Because Office 2019's Mainstream support will end Oct. 10, 2023, that will be the cut-off for connecting Office 2019's applications to Microsoft's cloud services (see "How Office hooks up with cloud services" above). Spataro also dissed perpetual Office more explicitly. "It has become imperative to move our software to a more modern cadence," he wrote, implying that years of support for one-time payment software was either onerous for Microsoft or put customers at risk (or both). Along with the reduction of the support timeline, Microsoft also announced that Office 2019 would be supported only on Windows 10. Even though Windows 7 has until Jan 14, 2020, before it's retired, and Windows 8.1 will have over four years remaining, Office 2019 will not be supported on either. Meanwhile, Microsoft initially vowed to curtail support for Office 365's ProPlus, too. A year ago, Microsoft said that after Jan. 14, 2020, only Windows 10 would be supported for running Office 365 ProPlus; that date is the head-to-assisted-living deadline for Windows 7. Windows 8.1 was also to fall off the ProPlus supported list, as was the Windows 10 LTSC (Long-term Servicing Channel) version. Again, Microsoft blinked. In September, the company changed its mind about cutting off Windows 8.1's access to Office 365 ProPlus. "To support customers already on Office 365 ProPlus through their operating system transitions, we are ... revising some announcements that were made in February," said Spataro in a Sept. 6, 2018 blog post. "Office 365 ProPlus will continue to be supported on Windows 8.1 through January 2023, which is the end-of-support date for Windows 8.1."_ The no-support rule for Windows 10 LTSC remained in place, however. Source: What are the differences between Microsoft Office 2019 and Office 365? (Computerworld - Gregg Keizer)
  20. If you're using Microsoft's cloud-based Office 365 and the subscription lapses, here's how much time you have to renew -- or backup your data and move on. April Montgomery / IDG Microsoft's pay-as-you-go Office 365 is, first and foremost, a subscription. And like other subscriptions - think newspapers (remember them?) or an online storage service - missing a payment doesn't immediately mean you're cut off. Because it's less expensive to retain a current subscriber than find a new subscriber as a replacement, providers will go to great lengths to keep customers on the rolls. When a business misses an Office 365 payment, or cancels the service, the applications and data don't immediately disappear. Instead, Microsoft steps a customer through a three-stage process that gradually decreases both employee and administrator access, but for months leaves the door open to a renewal. Here are the stages of an Office 365 breakup. And for good measure, here's how to salvage a canceled subscription and get back in Microsoft's good graces. 1-30 days after subscription ends: Expired Microsoft dubs the first stage "expired," but it could just as well be called "grace period" since everything works as if the customer's payments remain up to date. Users have normal access to all Office 365 applications and services under the company's plan. Already-installed applications can be launched, no data will be scrubbed from Microsoft's servers - such as email messages or files stored on OneDrive for Business - and additional applications can be added to a user's devices. Note: macOS versions of Office provided via an Office 365 subscription do not include the 30-day grace period; they immediately enter the "Disabled" state. See below for details. Administrators can access all functions from the Office 365 admin center portal, including assigning licenses to new or existing employees. If the firm plans to depart Office 365, data may be backed up. The subscription can be renewed by the global or billing administrator during this 30-day span. Note: Microsoft does things differently with Office 365 subscriptions acquired via all volume licensing plans (with the exception of Microsoft Open). For those subs, the Expired period lasts 90 days. In effect, Microsoft is minimizing the disruption of a payment gap or gaffe for its most important customers, enterprises and other large organizations, just another sign of who really rates in Redmond. 31-120 days after subscription ends: Disabled During months two through four, the subscription sits in the "disabled" state. Another label could be "admin only," as administrators can continue to access the admin portal. The IT staff can most effectively use this period to back up employee data stored on Microsoft's servers. Admins cannot assign licenses to workers during the 90 days. Users are unable to log into their Office 365 accounts and so are blocked from Office 365 services included in the plan, ranging from hosted email to OneDrive for Business. The locally-installed applications will drop into what Microsoft calls "reduced functionality," meaning that most features and tools are unavailable. Files may be opened, viewed and printed, but not edited or saved. The applications may not launch from the desktop, but they will open after clicking on an appropriate document. macOS Office applications provided via an Office 365 subscription immediately enter this state as soon as payment lapses. There is no Expired period for Mac users. A subscription can still be reactivated by the global or billing administrator during this stretch. Note: Microsoft balances the extra Expired time for volume licensing customers by limiting their Disabled stretch to just 30 days. Everyone receives the same 120 days before things go completely to pot, but the timelines are flipped for most corporate customers. 121 days and up: Deprovisioned At the Day 121 mark, the Office 365 subscription is not only dead, it's really, really dead. No one, administrators included, can access service or applications, so backing up employee data is impossible. In fact, Microsoft will begin to delete the subscription's data from its servers starting on this date. The company does not provide a done-by deadline, saying, "You can expect data to be permanently deleted in a reasonable timeframe after the 120 days have elapsed." Enterprises that want data erased as soon as possible may request "expedited deprovisioning" by calling support. Microsoft will then issue a "lockout" code, which IT then enters in the admin portal. Microsoft then deletes the pertinent data, documents and mailboxes. Expedited deprovisioning, says Microsoft, "ensures your users' data is deleted within 3 days." Global or billing admins may not restore a subscription – and thus access to the cloud-based data and the Office applications – during this period. Assuming the firm wants to continue using Office, it must purchase new Office 365 subscriptions or standalone, perpetual Office 2019 licenses. Restart a subscription Although it may seem impossible to miss the message about a soon-to-expire Office 365 subscription -- Microsoft duns customers with a flood of email as the date approaches and the admin portal also gets in on the act -- there may be instances when things slip through the cracks. To reactivate a subscription in the Expired or Disabled states, select Billing > Subscriptions from the Admin center, select the Office 365 subscription, then choose Reactivate. If Reactivate does not show, the global or billing administrator will have to phone support instead. Payment information will have to be re-entered or given to the support representative. Source: What happens when an Office 365 subscription expires? (Computerworld - Gregg Keizer)
  21. A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials. A new Office 365 phishing campaign delivers a fake voicemail message to redirect victims to a Web page that prompts them to enter login credentials, McAfee researchers discovered. Researchers initially thought one phishing kit was being used to steal users' data; however, an investigation revealed three separate kits and proof of several high-profile companies targeted. The attack starts with an email informing victims they missed a phone call and instructing them to log into their accounts to access a voicemail. When they load the attached HTML file, it redirects them to a phishing website. Researchers note this attachment varies; in most recent attacks, it contains an audio recording disguised to sound like the beginning of a real voicemail. When redirected, victims sees a phishing page prompting them to log into their Microsoft accounts. The page is prepopulated with their email addresses, researchers say, a tactic intended to make the scam seem legitimate. Victims who enter their passwords are sent to another page saying the account was "successfully confirmed" before they're redirected to the Office login page. Researchers were surprised to see three phishing kits used in this attack and say they are "almost identical." They differentiated the kits by analyzing the generated HTML code and parameters accepted by the PHP script. Attackers are primarily after the service industry (18%), followed by finance (12%), IT services (12%), retail (10%), and insurance (9%). A wide range of employees were targeted, they report, from middle management to executive staff. Read more details here. Source
  22. Microsoft announces Surface Earbuds with Office 365 integration Microsoft is holding a special devices event today, where it has announced a refresh to the Surface Laptop and Surface Pro. The firm also announced the brand new Surface Pro X running a custom chipset. In addition to these devices, the company also announced the Surface Earbuds. The Earbuds are Microsoft’s answer to Apple AirPods and products from other competitors such as Samsung and Google. The Earbuds can be controlled using touch, gesture, or voice. The company claims a 24-hour battery life for the earbuds and as with other competitors, it comes in its own charging case. The device has 2 directional microphones on each bud to pick up voice commands and can be paired with a single click, says the company. On Android devices, users can perform a double tap on the surface of the device to open and play music on Spotify. The company also adds that it has designed the device to fit comfortably in the ears all day. In addition to the usual set of capabilities, what sets the device apart is that it can tie in with Microsoft’s Office apps for dictation, and in combination with Azure Cognitive Services, can transcribe user speech into captions in Office. Along with this, the device also supports over 60 languages for real-time translation. The Surface Earbuds will be available later this year and will cost $249. Source: Microsoft announces Surface Earbuds with Office 365 integration (Neowin)
  23. Microsoft starts selling extra OneDrive space to Office 365 subscribers Customers who subscribe to Microsoft's consumer-grade Office 365 plans can now buy additional OneDrive storage. One terabyte will cost $10 a month. Microsoft Microsoft today began selling additional space on its OneDrive cloud-based storage service to customers who subscribe to its consumer-grade Office 365 plans. The extra storage starts at $2 per month for 200GB and climbs to $10 per month for 1TB (terabyte). The additional support is available only to customers who already subscribe to Office 365 Personal or Office 365 Home, the two consumer-targeted plans whose primary benefit is the right to run Office on Windows or macOS. The consumer Office 365 plans provide 1TB of OneDrive storage space for the account holder, in the case of the single-user Personal, or for each of six possible users, under Home's rules. The additional OneDrive space would be atop the 1TB. In fine print at the bottom of the plans' presentation page, Microsoft said that the additional space would not be accessible to every user on an Office 365 Home plan. "For Home subscriptions, only the primary subscription holder may purchase additional storage, and only for that user's account," the tiny type read. In June, Microsoft announced plans to provide supplementary storage to Office 365 Personal and Office 365 Home subscribers but did not tip to a timetable. Around the same time, Microsoft also touted something it called OneDrive Personal Vault, a protected partition for storing the most sensitive and important files. Personal Vault, Microsoft said, would be accessible only through a second step of identity verification, such as a fingerprint, face scan or one-time codes texted to the user's smartphone. Personal Vault has debuted in some markets, and should be available globally by year's end, according to Microsoft. Some Computerworld staffers based in the U.S. have been offered the feature. Microsoft's prices for added storage are higher than its main rivals in the consumer market, Apple and Google. Both those companies lease 2TB of space for $2 per month, or twice the amount from Microsoft but for the same number of dollars. Business-grade Office 365 subscriptions also come with a standard 1TB of OneDrive space but unlike the lower-priced consumer deals, many - yet not all - corporate subscribers do not have to pay for additional storage. Office 365 Enterprise E3 and Microsoft 365 E5, along with 17 other subscriptions, are allowed, with caveats, an unlimited amount of cloud storage. This support document spells out the per-user storage space for each subscription service Microsoft offers. Company administrators can boost OneDrive from 1TB per user to 5TB per user without intervention by Microsoft through the admin center. Microsoft Microsoft has started selling additional storage space on its cloud-based OneDrive service, but only to subscribers of its consumer-grade Office 365 plans. Source: Microsoft starts selling extra OneDrive space to Office 365 subscribers (Computerworld - Gregg Keizer)
  24. Back in June, alongside an updated PowerPoint Designer, Microsoft unveiled Presenter Coach, an AI-powered PowerPoint feature designed to provide guidance with respect to pacing, tone, and attention. Today, the company announced that Presenter will launch this week for Office 365 customers on the web, alongside inking in Office for the web, new Whiteboard templates, and 3D lesson plan models. Presenter Coach is in public preview, and the inking features are now generally available in PowerPoint for Windows and Mac. Digital pen annotation in Slide Show on PowerPoint hit the web this week, as did Whiteboard templates in public preview on Windows 10 (rolling out to iOS within a few days). As for the 3D models and lesson plans, they’re generally available to Office 365 subscribers in Windows. Presenter As you might recall, Presenter Coach walks users slide by slide through presentations and provides real-time feedback on cadence, profanity, and phrases that might be considered culturally insensitive. It also alerts presenters when they appear to be reading slides verbatim. At the end of each rehearsal session, it provides a detailed report with metrics like filler words used and their frequency, problematic slides, words per minute, and speed over time. For instance, Presenter Coach detects the pace of speech and recommends changes that might help audiences better retain facts and figures. If a user inserts a disfluency like “um,” “ah,” “like,” “actually,” or “basically” or makes a potentially gender-charged reference like “you guys” or “the best man for the job” it will recommend alternatives. “Public speaking doesn’t have to be nerve-wracking,” wrote Microsoft 365 corporate vice president Jared Spataro. “Our public preview of Presenter Coach in PowerPoint for the web uses the power of AI to help business professionals, teachers, and students become more effective presenters.” Ink in Office PowerPoint has long supported inking features in some form or another, enabling users to handwrite words and convert them into text or draw shapes like hearts or clouds. But annotating slides directly while presenting hasn’t been possible — until now. Above: Inking in PowerPoint. Starting this week, Office users on the web can dispense with laser pointers in favor of real-time scribbling directly on slides. Annotation complements the Ink Relay feature in Slide Show, which conceals and reveals inked content written on slides and exposes the order in which ink was drawn. Whiteboard templates and lesson plans Templates in Microsoft’s class-platform Whiteboard sketchpad are as they sound: Each provides tips for running activities, along with structures and outlines that expand to fit content. At launch, you’ll find templates for KANBAN sprint planning, SWOT (strengths, weaknesses, opportunities, and threats) analysis, project planning, learning, and more, all of which can be added with a tap of the insert button in the app’s toolbar. Above: Templates in Whiteboard. In somewhat related news, Office 365 now boasts a set of 23 education-based 3D models, which live in the existing 3D model gallery. They join the new lesson plans by Lifelique, a company creating interactive 3D K-12 science curriculum aligned to NGSS and Common Core standards. Topics range from geology and biology to outer space. Above: 3D educational content in Office 365 “These engaging models help parents and teachers quickly communicate comprehensible and retainable information to students,” wrote Spataro. “The new lesson plans complement the models to create a comprehensive learning experience.” Source
  25. Excel's new XLOOKUP function is now generally available Today, Microsoft announced that the new XLOOKUP function for Microsoft Excel is now generally available for Office 365 users. XLOOKUP was first announced back in August of last year and in November, at Ignite, Microsoft said it would hit general availability in the following months. It has been in testing with Office Insiders in the meantime. As the name might suggest to those already familiar with Excel, XLOOKUP is a successor to VLOOKUP, but it can also replace HLOOKUP, since it combines the features of both. That means you can use XLOOKUP to find values both vertically and horizontally across the spreadsheet. What's more, XLOOKUP can find values to the left of the cell where you insert the function, so you won't be as restricted as you would be with the previous functions. Additionally, the function supports column insertions and deletions, so the changes you make to your spreadsheet won't break the outcome. If you'd rather stick to the old VLOOKUP function, it isn't going away, at least for now. However, Microsoft says the new XLOOKUP is faster and more efficient, so you may want to give it a spin. Source: Excel's new XLOOKUP function is now generally available (Neowin)
  • Create New...