security
4161 TopicsLinux and Open Source on Azure Quarterly Update - February 2025
As we venture into 2025, it's exhilarating to reflect on the astonishing strides we've made in the domain of Linux and Open Source Software (OSS) on Azure. Let us dive into another edition of the quarterly update to learn more! Microsoft Ignite 2024 Linux on Azure took center stage at Microsoft Ignite 2024 with dedicated session and a meet-up booth. Our breakout session, theater session, and lab session drew over 500 attendees. This engagement is a testament to the enthusiasm and interest in Linux-based solutions on Azure. Check out the on-demand recording available on the Ignite website: What’s new in Linux: How we’re collaborating to help shape its future We announced that the Azure security baseline through Azure Policy and Machine Configuration for Linux has moved to public preview, and we are expanding the capabilities with built-in auto-remediation feature (limited public preview). Red Hat on Azure announcements at Ignite are captured here. Linux Promotional Offer The promotional offer for the latest Linux VMs in Azure is currently live. For a limited time, you can save an additional 15% on one-year Azure Reserved Virtual Machine (VM) Instances for the latest Linux VMs. This means you could save up to 56% compared to running an Azure VM on a PAYG (pay-as-you-go) basis. This offer is available until March 31, 2025. To learn more, read the blog and refer to the terms and conditions. Azure Linux 3.0 in preview on Azure Kubernetes Service v1.31 We are excited to announce that Azure Linux 3.0, the next major version release of the Azure Linux container host for Azure Kubernetes Service (AKS), is now available in preview on AKS version 1.31. Azure Linux 3.0 offers increased package availability and versions, an updated kernel, and improvements to performance, security, and tooling and developer experience. SUSE LTSS on Azure Marketplace Many of our customers rely on SUSE Linux Enterprise Server (SLES) for running their mission-critical SAP and HPC (high-performance computing) workloads on Azure. We’re excited to share that SUSE Long Term Service Pack Support (LTSS) is available in the Azure Marketplace, providing customers with options for managing the support lifecycle of their SUSE images in Azure. The blog announcement is here. Linux VM Image Quality on Azure In the continuously evolving landscape of cloud computing and AI, the quality and reliability of virtual machines (VMs) plays a vital role for businesses running mission-critical workloads. With over 65% of Azure workloads running Linux, our commitment to delivering high-quality Linux VM images and platforms remains unwavering. Find out how Microsoft ensures the quality of Linux VM images and platform experiences on Azure. Learn how LISA (an open-source tool) enhances the testing and validation processes for Linux kernels and guest OS images on Azure. MIT Technology Review Article We recently commissioned a sponsored article in collaboration with AMD on the topic of “Accelerating AI innovation through application modernization” published on MIT Technology Review. The article delves into AI driving new requirements for application modernization. Red Hat Summit Connects Microsoft’s sponsorship of the Red Hat Summit Connect global event series proved to be a resounding success. Spanning cities from Melbourne to Mexico City, we engaged with over 6,500 attendees. By partnering with key organizations, we reinforced the strength of our strategic alliance with Red Hat. What’s coming up next Migrate to Innovate Summit This event aims to showcase how cloud migration and modernization can build a platform for AI innovation. In 2.5 hours, the event will feature thought leaders and experts from Microsoft and Intel who will share their perspectives, present real-world case studies, and showcase product demonstrations to help customers accelerate their cloud journey. The event will be live on March 11, 2025. Register to check out the great content! SUSECON 2025 We will be at SUSECON 2025, which will take place in Orlando, Florida, from March 10th – 14th, 2025. We look forward to sharing insights, learning, and collaborating with everyone attending. Discover why Microsoft Azure is a trusted and proven cloud platform and explore the benefits of Azure-optimized solutions co-developed by Microsoft and SUSE for your business-critical Linux workloads. Check out one of the Microsoft sessions and meet with us at our booth. We recently published a recap covering some of Microsoft partners’ latest offerings on Linux and PGSQL. Stay tuned for more updates and thank you for being a part of this journey!26Views0likes0CommentsGeneral Availability: Dynamic watermarking for sensitivity labels in Word, Excel, and PowerPoint
In today's digital age, protecting sensitive information is more critical than ever. Sensitivity labels from Microsoft Purview Information Protection offer highly effective controls to limit access to sensitive files and to prevent users from taking innapropriate actions such as printing a document, while still allowing unhindered collaboration. However, these controls don't prevent users from taking pictures of sensitive information on their screen or of a presentation being shared either online or in-person, and some forms of screen-shottting can't be blocked with existing technology. This loophole presents an easy way to bypass protections that sensitivity labels enforce on a document, and these pictures can end up in the wrong hands of competitors or the public. Dynamic Watermarking helps address this gap in document security by deterring unauthorized sharing and enabling traceability of leaks. What is Dynamic Watermarking? Dynamic watermarking is a feature that overlays watermarks containing user-specific information on documents. These watermarks are visible when the document is viewed, edited, or shared in Word, Excel, or PowerPoint, deterring leaks and making it easier to trace any unauthorized dissemination of sensitive information. This feature can be configured by the compliance admin on any senstivity label with admin-defined permissions via the Microsoft Purview compliance portal or PowerShell. When the setting is enabled for a label, files with that label will render dynamic watermarks when opened in Word, Excel, and PowerPoint. Key Features User-Specific Watermarks: Watermarks display the UPN (usually email address) of the user currently viewing the document. Watermark Customizability: Watermarks can be configured to also include the device date-time, enabling admins to know precisely when leaked information was captured, as well as a custom string. Cross-Platform Support: Available on Word, Excel, and PowerPoint for the web, Windows, Mac, iOS, and Android. Seamless Integration: Configurable on sensitivity labels with admin-defined permissions via the Microsoft Purview compliance portal or PowerShell. Enhanced Security: Prevents users from accessing documents with labels configured for dynamic watermarking on Word, Excel, and PowerPoint clients that cannot render dynamic watermarks. Benefits & Differentiators Although there are existing security solutions that may offer different aspects of dynamic watermarking, Microsoft provides the most comprehensive offering with the following differentiators: Broad support in many views (e.g., slide view, notes view, etc.) so it’s not the only the primary application view that’s protected for more comprehensive coverage. Ability to set dynamic watermarking for a sensitivity label and have it apply to all Word, Excel, and PowerPoint files with that sensitivity label (rather than a separate setting), making it easier for admins to apply dynamic watermarking across applications and files all at once. Ability to edit (and coauthor) a watermarked file. Coauthoring enables users to collaborate on Word, Excel, and PowerPoint files that are labeled with sensitivity labels across Web, Windows, Mac, iOS, and Android. Cross-platform support: Web, Windows, Mac, iOS, and Android. When a user attempts to open a file with dynamic watermarks on a version of Office that doesn’t support the feature, they will see an access denied message. Users who don’t have an Office client installed that is capable of dynamic watermarking should use Office for the web to work with watermarked files. Get Started with Dynamic Watermarking When setting up a label in the Purview compliance portal, you can select “Use Dynamic Watermarking” when configuring encryption. You can also configure dynamic watermarking on a sensitivity label using the Set-Label cmdlet in PowerShell. Learn more about configuring sensitivity labels for dynamic watermarking here. For dynamic watermarking for Word, Excel, and PowerPoint, this will require a Microsoft 365 E5, Microsoft 365 E5 Compliance, Microsoft Information Protection and Governance E5, Microsoft Enterprise Mobiity and Security E5, or Microsoft Security and Compliance for Frontline Workers F5 license. These license requirements are necessary to configure dynamic watermarks and apply labels configured for dynamic watermarking. There is no licensing requirement for users to open files with dynamic watermarks. To view the minimum versions needed to open files with dynamic watermarks on all platforms, see Minimum versions for sensitivity labels in Microsoft 365 Apps | Microsoft Learn.117Views0likes0CommentsShowcase your skills with this new Security Certification
Introducing the Microsoft Certified: Information Security Administrator Certification Designed specifically for data security and information protection professionals, our new Microsoft Certified: Information Security Administrator Certification validates the skills needed to plan and implement information security for sensitive data by using Microsoft Purview and related services. It also validates the skills needed to mitigate risks from internal and external threats by protecting data inside collaboration environments that are managed by Microsoft 365. Plus, it verifies subject matter expertise needed to participate in information security incident responses. The Microsoft Certified: Information Security Administrator Certification is currently in Beta and will become available in April 2025, and you can earn the Certification by passing Exam SC-401: Administering Information Security in Microsoft 365. While this new Certification’s study material includes learning modules from SC-400, it also includes new modules tailored to data security and information protection skillsets. Understand Microsoft Purview Insider Risk Management Microsoft Purview Insider Risk Management is a compliance solution designed to minimize internal risks by detecting, investigating, and acting on malicious and inadvertent activities within your organization. This training module provides an in-depth understanding of how to identify potential risks using analytics and create policies to manage security and compliance. By the end of this module, you'll be equipped with the knowledge to implement insider risk management effectively, ensuring user-level privacy through pseudonymization and role-based access controls. Prepare for Microsoft Purview Insider Risk Management Preparation is key to successfully implementing any security solution. The "Prepare for Microsoft Purview Insider Risk Management" training module guides you through the strategies for planning and configuring the solution to meet your organizational needs. You'll learn how to collaborate with stakeholders, understand the prerequisites for implementation, and configure settings to align with compliance and privacy requirements. This module is essential for administrators and risk practitioners looking to protect their organization's data and privacy. Create and Manage Insider Risk Management Policies Creating and managing effective policies is crucial for mitigating insider risks. This training module covers the process of developing and implementing insider risk management policies using Microsoft Purview. You'll learn how to define the types of risks to identify, configure risk indicators, and customize event thresholds for policy indicators. The module also provides insights into using templates for quick policy creation and configuring anomaly detections to identify unusual user activities. By mastering these skills, you can ensure that your organization is well-protected against potential internal threats. Identify and Mitigate AI Data Security Risks As artificial intelligence (AI) becomes increasingly integrated into business operations, understanding and mitigating AI-related data security risks is vital. The "Identify and Mitigate AI Data Security Risks" training module offers a comprehensive overview of AI security fundamentals. You'll learn about the types of security controls applicable to AI systems and the security testing procedures that can enhance the security posture of AI environments. This module is perfect for developers, administrators, and security engineers looking to safeguard their AI-driven systems. Retiring the Information Protection and Compliance Administrator Associate Certification We’re retiring the Microsoft Certified: Information Protection and Compliance Administrator Associate Certification and its related Exam SC-400: Administering Information Protection and Compliance in Microsoft 365. The Certification, related exam, and renewal assessments will all be retired on May 31, 2025. For data security and information protection professionals: We’re introducing a new Certification – more on that in the section below! For compliance professionals: We don’t have plans to create a new Certification for compliance-related roles, however we do offer Microsoft Applied Skills that can validate these skills. You can find more details in this blog. The following questions and answers can help you determine how these retirements could impact your learning goals: Q: What if I’m studying for Exam SC-400? A: If you’re currently preparing for Exam SC-400, you should take and pass the exam before May 31, 2025. If you’re just starting your preparation process, we recommend that you explore the new Information Security Administrator Certification and its related Exam SC-401: Administering Information Security in Microsoft 365. Q: I’ve already earned the Information Protection and Compliance Administrator Associate Certification. What happens now? A: If you’ve already earned the Information Protection and Compliance Administrator Associate Certification, it will stay on the transcript in your profile on Microsoft Learn. If you’re eligible to renew your Certification before May 31, 2025, we recommend that you consider doing so, because it won’t be possible to renew the Certification after this date. Find the right resources to support your security journey Whether you are looking to build on your existing expertise, need specific product documentation, or want to connect with like-minded communities, partners, and thought leaders, you can find the latest security skill-building content on our Security hub on MS Learn.75Views0likes0CommentsSetting up Microsoft Entra Verified ID, step by step
Are you confident who the people in your organization are interacting with online? Identity verification is fundamental in protecting your organization from impersonation. Get the knowledge you need to bring strong identity verification to your organization and improve confidence that digital interactions are safe and secure. The Microsoft Entra Verified ID team will kick off with a comprehensive understanding of how to set up Verified ID. We'll walk through key concepts, including Verified ID's significance in enhancing digital identity, security, and trust. Then we'll show you how to configure your environment, set up and issue your first credential, and use the Microsoft Entra admin center to manage credentials across your organization. This session is part of the Microsoft Entra Verified ID webinar series. Post your questions in the Comments in advance and during the live broadcast. The event will be recorded and available on demand shortly after the broadcast concludes.816Views3likes2CommentsSecurity Admin Center Tenant Allow/Block List Not Able to Block IPv4?
While using the Security Admin Center Tenant Allow/Block List we have been able to block specific email addresses and IPv6 IP addresses but are unable to block IPv4 IP addresses. We have tried both using the console and the CLI but have turned up unsuccessful both times when it comes to IPv4. A large majority of the phishing attempts that we encounter come from IPv4 addresses but we have been unable to block any of these. Will there ever be functionality for IPv4 within the Tenant Allow/Block list or is the only option to use conditional access policies? Also why is this enterprise tool only functional with IPv6 and without documentation stating that it does not work for IPv4?302Views2likes2Comments"Caller does not have permissions to execute the stored procedure" based on sys procedure
Did create the following procedure on my DB to read SQL Server Log: USE [MyDB] GO ALTER PROCEDURE [OMEGACA].[P_SYS_READ_POL_DEBUG] ( @p_log_no int, @p_search_1 nvarchar(4000), @p_search_2 nvarchar(4000) ) AS BEGIN EXEC sys.sp_readerrorlog @p_log_no, 1, @p_search_1, @p_search_2 ; END; Schema, DB user and Login is granted server role "sysadmin". Execute on the above procedure is granted to a certain MyDB's role. This role is granted to a certain DB user X (and login). When this user tries to execute the procedure above, it receives error: Caller does not have permissions to execute the stored procedure based on sys procedure Question: How can I get the needed permission for user X? ps. Granting sysadmin to X is not liked.20Views0likes1Comment