Microsoft Business Hub News: Technology Solutions to Help You Grow Your Business

If you are having trouble viewing this email, please visit the online version. Microsoft Business Insights Newsletter May 2013 In This Issue   Featured News Grow Your Online Presence with Bing Places for Business Learn How to Pin Apps to the Desktop Toolbar Offers & Promotions Get Modern with Windows 8 Pro and the New Office Before June 20 The Countdown Is On! The Big Easy 10 and Cloud Easy Offer End May 31 Training & Event Resources Get the Most out of Your Business Management Solution A Beginner’s Guide to SharePoint Online – On-Demand Webinar Articles & Case Studies Serving Up Growth—Fast!—with Office 365 Businesses Choose Microsoft Office 365 over Google Apps Featured News   Grow Your Online Presence with Bing Places for Business Did you know you can use Bing to grow your online presence so local customers can find you easily? In this Insider Minute, learn how to claim your business listing with Bing Places for Business. Learn How to Pin Apps to the Desktop Toolbar With Windows 8 you can pin the applications you use most often to the taskbar in Desktop view for quick and easy access. Learn how in this new Insider Minute video. Back to top Offers & Promotions   Get Modern with Windows 8 Pro and the New Office Before June 20 In April 2014, Microsoft will end support for Windows XP and Microsoft Office 2003. Moving off Windows XP and Office 2003 couldn’t be easier. Get modern and buy Windows 8 Pro and Office 2013 Standard together and save up to 15%.* Take advantage of this offer before it ends on June 20, 2013! * Offer valid until June 20, 2013, on purchases of Windows 8 Pro and Office 2013 Standard together through the Open License program for up to 249 seats. Contact your partner for exact pricing. The Countdown Is On! The Big Easy 10 and Cloud Easy Offer End May 31 From March 1 to May 31, 2013, you can take advantage of two new offers and earn 15% back on Microsoft products to use toward future purchases with a Microsoft partner. Earn subsidy funds with the Big Easy Offer 10 (used with the new Office, Windows, Microsoft Dynamics CRM, and more) or the Cloud Easy Offer (used in conjunction with Office 365, Windows Intune, Microsoft Dynamics CRM Online, and others). In addition, the new "Hybrid IT" accelerator provides an even greater earnings opportunity. * Offer open to qualifying US commercial and government organizations participating in eligible licensing programs. Partner subsidy funds will be awarded for qualified purchases March 1–May 31, 2013. Learn more. Back to top Training & Event Resources     Get the Most out of Your Business Management Solution In this free on-demand Microsoft Dynamics webinar see how business intelligence, collaboration, and communication capabilities are embedded across your business processes. Learn how your people can quickly and easily find and analyze information, collaborate, and communicate regardless of their locations or the devices they are using. A Beginner’s Guide to SharePoint Online – On-Demand Webinar Office 365 for business allows small and midsize businesses to use the power of SharePoint Online. SharePoint Online delivers the powerful features of SharePoint without the associated overhead of managing the infrastructure on your own. In this 15-minute on-demand webinar, you will learn some of the basics. Back to top Articles & Case Studies   Serving Up Growth—Fast!—with Office 365 When Jacob Guttman, IT Manager at Menchie’s, began his search for a new productivity and collaboration solution, his decision was influenced by ease of use, anywhere access, simplified administration, and cost-effective scalability. Microsoft Office 365 became the obvious choice, and the switch was made quickly and easily. In this blog post, Jacob talks about all the capabilities Menchie’s needed to continue its rapid growth, and how the company decided on Office 365. Businesses Choose Microsoft Office 365 over Google Apps Why do businesses choose Microsoft Office 365 over Google Apps? They tell us they cannot afford to compromise. With Office 365 they get the familiarity of Office with the capabilities they need and a cloud service they can trust. The result is a cloud-based service that enables businesses to meet customer needs and gain a competitive edge. Learn more on the Office 365 blog. Back to top

Unsubscribe | Update your profile Microsoft respects your privacy. To learn more please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications, click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA

Microsoft Security Newsletter - May 2013

Trustworthy Computing | May 2013 Microsoft Security Newsletter Welcome to May’s Security Newsletter! This month’s newsletter focuses on compliance. Part of being compliant is making sure you are staying ahead of the game in understanding threats and countermeasures. A few weeks ago we released our Microsoft Security Intelligence Report Volume 14 (SIRv14). One of the most interesting things to surface from the report is the change in threats detected in enterprise environments. Over the last several years, network worms have been the top threat detected in enterprise environments. Customers have managed these with mitigations like configuration and policy changes, passwords and network share access control. While still a threat to organizations, our latest threat intelligence report shows worms are being superseded by malware and exploits delivered through malicious and compromised websites. The proportion of Conficker and Autorun threats reported by enterprise computers decreased by 37% from 2011 to the second half of 2012. By the end of 2012, web-based attacks became the top threats affecting enterprises today. In the second half of 2012, 7 out of the top 10 threats affecting enterprises were associated with malicious or compromised websites. These threats included IframeRef, Blacole, BlacoleRef, Zbot, Sirefef, Dorkbot and Pdfjsc. Learn more about the web-based attacks and what can be done to help protect against them in our latest Microsoft Security Intelligence Report. Best regards, Tim Rains, Director Microsoft Trustworthy Computing Top Stories The Countdown Begins: Support for Windows XP Ends on April 8, 2014 We are now less than one year away from the end of extended support for Windows XP Service Pack 3 (SP3). If your infrastructure still includes machines running Windows XP, learn about the security implications of end of support and the importance of migrating to a modern operating system with increased protection. The Time is Now: Security Development Must be a Priority for Everyone While the Internet has created many new opportunities and ways to do business, it has also spawned a digital underground for online crime. Security breaches that have financial consequences or lead to intellectual property loss, website defacement or espionage have become a reality in today’s computing landscape. Despite this, the evidence suggests that the vast majority of organizations still have not adopted security development as a fundamental professional discipline. Learn more about this troubling trend, and resources that can help you integrate security into your development practices. Security Guidance Microsoft Security Compliance Manager: Overview Microsoft Security Compliance Manager (SCM) is a free tool that enables you to quickly configure and manage your desktops, traditional datacenter, and private cloud using Group Policy and System Center Configuration Manager. Read this overview for a list of key features and setup requirements, then consult the Getting Started guide, FAQ, and release notes for more detailed information and installation steps. Microsoft Security Compliance Manager: Security Baselines Microsoft SCM offers security baselines to help you manage configuration drift, address compliance requirements, and reduce security threats. Security baselines include: a detailed view of security vulnerabilities related to certain servers, applications, operating systems, and/or browser settings; details on the potential impact of configuring significant settings in these areas; recommended countermeasures to address vulnerabilities; technical data required to implement and assess the state of each countermeasure that you implement; and product-specific security guides with detailed instructions and recommendations to help strengthen the security of your servers and computers. Download Microsoft SCM 3.0 to access security baselines for the following Microsoft products: • Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003 • Windows 8, Windows 7, Windows Vista, and Windows XP • Internet Explorer 10, Internet Explorer 9, and Internet Explorer 8 • Exchange Server 2010 and Exchange Server 2007 • Microsoft Office 2010 and Microsoft Office 2007 SP2 Ensure the Compliance of Devices with System Center Configuration Manager Configuration Manager provides tools to manage the compliance of devices in your organization to ensure that they all contain consistent configurations and settings. Configuration Manager can automatically remediate many settings when they are found to be noncompliant. Learn about compliance settings in Configuration Manager and get step-by-step guidance on how to create configuration data, and deploy and monitor configuration baselines. What’s New in Security Auditing in Windows 8 and Windows Server 2012 Explore the auditing enhancements in Windows 8 and Windows Server 2012 that can assist IT professionals who work with Windows 8 and Windows Server 2012 to monitor, troubleshoot, and enforce security compliance in a network. File Access Auditing in Windows Server 2012 Security Auditing is one of the most powerful tools to help maintain the security of an enterprise. Security audits help establish the presence of data security and privacy policies and prove compliance with industry standards. Additionally, security audits help detect anomalous behavior, identify and mitigate gaps in security policies, and deter irresponsible behavior by creating a trail of user activity that can be used for forensic analysis. Learn how to plan for and deploy the security auditing capabilities in Windows Server 2012. Windows Azure Compliance Programs Find detailed information about Windows Azure security compliance programs to help you determine if Windows Azure, and the particular applications you intend to run in Windows Azure, comply with the specific laws and regulations applicable to your industry and use scenarios. The Compliance Benefits of Better Application Security The shift toward software dependence has forced businesses to reexamine application security strategies and prompted important questions about the security processes of software suppliers. Looking at true operational security, the risk is too great for software security to be just a line item in a compliance checklist. This paper explores this overlap between compliance and software security, and explains why having a mature software security approach is vital to ensuring broader enterprise IT compliance. Aligning the Microsoft SDL with PCI DSS/PCI PA-DSS Compliance Activity This paper demonstrates how the Microsoft Security Development Lifecycle (SDL) can help you meet some of the requirements of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS). Community Update MVP Article of the Month: Threat Modeling Made Easy Dan Griffin, Microsoft MVP – Enterprise Security Managing risk in the enterprise is of utmost importance. The good news is that threat modeling is easier than most people think and is an effective process for systematically identifying and mitigating risk. Get some quick tips to help you kick start your own threat modeling project the right way. Cloud Security Corner Evaluating Security Needs for Private Cloud Companies often ask: public or private cloud – which has greater security risk? While there are different sets of risks depending on the organization and their compliance needs, this blog post outlines a few reasons why you might prefer a private cloud. This Month’s Security Bulletins Microsoft Security Bulletin Summary for May 2013 Critical • MS13-037: 2829530 Cumulative Security Update for Internet Explorer • MS13-038: 2847204 Security Update for Internet Explorer Important • MS13-039: 2829254 Vulnerability in HTTP.sys Could Allow Denial of Service • MS13-040: 2836440 Vulnerabilities in .NET Framework Could Allow Spoofing • MS13-041: 2834695 Vulnerability in Lync Could Allow Remote Code Execution • MS13-042: 2830397 Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution • MS13-043: 2830399 Vulnerability in Microsoft Word Could Allow Remote Code Execution • MS13-044: 2834692 Vulnerability in Microsoft Visio Could Allow Information Disclosure • MS13-045: 2813707 Vulnerability in Windows Essentials Could Allow Information Disclosure • MS13-046: 2840221 Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation Of Privilege May 2013 Security Bulletin Resources: • Microsoft Security Response Center (MSRC) Blog Post • Security Bulletin Quick Overview (MP4) – 3000k | 600k | 400k • Security Bulletin Webcast (MP4) – 3000k | 600k | 400k • Security Bulletin Webcast Q&A Security Events and Training TechEd North America 2013 June 3-6, 2013 – New Orleans, LA Learn how you can achieve your business goals while still protecting your assets and infrastructure. With the Architecture & Trustworthy Computing and Windows Client, Access & Management tracks at this year’s TechEd, you’ll learn how to provide consistent and secure user experiences for corporate- or employee-owned devices, while also helping to safeguard corporate data and resources through policy compliance and optimized application delivery. Learn how to leverage Microsoft identity and access management solutions for corporate boundary control and information protection, manage a user’s identity across the datacenter and the cloud, provide secure remote access, and define the resources they have access to, based on who they are, what they are accessing, and from what device. Windows Intune: Manage and Secure Your PCs and Mobile Devices from the Cloud Tuesday, June 11, 2013 Deploying patches and software updates while validating your environments security status is important, to not only protect this environment but ensure the devices are operating correctly. Learn how Windows Intune helps organizations keep their PCs and mobile devices well-managed and more secure from virtually anywhere with cloud-based management tools. Can’t make it on June 11th? Join the June 25th session instead. TechNet Webcast: Information about the June 2013 Security Bulletin Release Wednesday, June 12, 2013 Join this webcast for a brief overview of the technical details of June’s Microsoft security bulletins. Ask questions and get answers from Microsoft security experts. Essential Tools • Microsoft Security Bulletins • Microsoft Security Advisories • Security Compliance Manager • Microsoft Security Development Lifecycle Starter Kit • Enhanced Mitigation Experience Toolkit • Malicious Software Removal Tool • Microsoft Baseline Security Analyzer Security Centers • Security TechCenter • Security Developer Center • Microsoft Security Response Center • Microsoft Malware Protection Center • Microsoft Privacy • Microsoft Security Product Solution Centers Additional Resources • Trustworthy Computing Security and Privacy Blogs • Microsoft Security Intelligence Report • Microsoft Security Development Lifecycle • Malware Response Guide • Security Troubleshooting and Support Resources microsoft.com/about/twc Trustworthy Computing This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter. © 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Microsoft respects your privacy. To learn more please read our online Privacy Statement. If you would prefer to no longer receive this newsletter, please click here. To set your contact preferences for other Microsoft communications click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA