| | | | Trustworthy Computing | September 2014 |  | | Microsoft Security Newsletter | | | | | | | | | | Welcome to September’s Security Newsletter! | This month’s newsletter focuses on mobile security for the enterprise. With the explosion of devices available to people today, many of the organizations I talk with are interested in learning how they can better manage the security of those devices in an effort to keep company data protected. For organizations that might be grappling with this issue, there are a few security fundamentals which can go a long way in helping to protect data.
Enable multi-factor authentication. For devices or services that offer multi-factor authentication, this can be an effective way to help protect against some types of malicious activity. This feature can help protect accounts by making it more difficult for an attacker to hijack an account, even if they have somehow learned of the account's password. Microsoft devices and services offer the ability to enable multi factor authentication. For more information on how to add multi-factor authentication to Microsoft Windows, Office, and Online Services to better protect your corporate identities, see Windows Virtual Smartcards, Azure Multi-Factor Authentication, Windows Azure Multi-Factor Authentication Overview, and Multi-Factor Authentication for Office 365.
Create strong passwords and diversify them. Account holders should avoid using the same password for multiple applications, websites, or services as they can expose an organization to increased risk. For example, I commonly hear that people use the same credentials for both social media accounts and line of business applications. This reduces the number of credentials that users need to remember, but increases the impact if the credentials are stolen. The problem with this scenario is that if one of those applications is compromised, the others are also at increased risk of compromise. Using a strong password that is unique for each application, website, and service can help reduce the risk should one of an employee’s accounts become compromised.
Keep your devices and applications up to date. The importance of keeping devices and all the applications they run up to date cannot be overstated. As past cybersecurity reports have shown, this is one of the most common ways in which a cybercriminal will try and penetrate an organization's environment.
Of course these are just a few security fundamentals that can help prevent cybercriminals from successfully compromising a system or online accounts. For more in-depth information on mobile security for the enterprise, I encourage you to check out the many great resources included in this month’s newsletter.
 | | Best regards,
Tim Rains, Director
Microsoft Trustworthy Computing |
Have feedback on how we can improve this newsletter? Email us at secnlfb@microsoft.com and share your ideas. | | |  | | Top Stories |  |  | | | | Microsoft Cloud Protection: An Overview for Developers
Software developers often ask us how Microsoft cloud protection works and how they can improve our cloud’s impression of their software. Read this Microsoft Malware Protection Center blog post for helpful tips.
Microsoft Online Services Bug Bounty Program Launches with Office 365
Microsoft recently launched a Bug Bounty program for Office 365, the first program of its type for Microsoft Online Services. Through the program, Microsoft will be able to reward and recognize security researchers by offering a bounty for qualifying security vulnerabilities that are reported to Microsoft. For more information, see Microsoft Bounty Programs and the Microsoft Bug Bounty Programs FAQ.
| | | | | Security Guidance | | | | Security Tip of the Month: How to Disable SD Cards on Windows Phone Devices
By Robert Hoover, Project Management Professional, Technical Writer, Windows Phone
Many Windows Phone devices have an SD card slot that allows users to store apps and data on an SD card; the installation of apps on an SD card is a new feature in Windows Phone 8.1. Windows Phone stores the apps on an encrypted SD card partition that is specifically designated for apps and this feature is always enabled, so there is no need to explicitly set a policy to have this level of protection. While the app partition on the SD card is encrypted and hidden, other items that a user may have stored on the card are not. This can include music, videos, and pictures (with location data) as well as files that a user can store on the device and access using the Office apps or the recently released Files app for Windows Phone, which allows users to manage the contents of their device.
For maximum data and information protection, disabling the AllowStorageCard either in your mobile device management (MDM) solution or Exchange ActiveSync policy can prevent users from using SD cards altogether. This can be done easily in the Exchange Management Shell by using the following command:
Set-MobileDeviceMailboxPolicy -Identity:Default –AllowStorageCard:$False
Figure. AllowStorageCard option set to False
Editor’s note: In case you are unfamiliar with the Exchange Management Shell, it is based on Windows PowerShell and provides a powerful command-line interface for executing and automating administrative tasks for Exchange Server.
Windows Phone 8.1 Security Overview
From highly secure identity features, such as Multi-Factor Authentication (MFA) with virtual smart cards and PINs to its defense-in-depth, multilayered approach that addresses organizational security requirements in numerous ways, Windows Phone 8.1 is designed with security in mind. Download this guide to explore these features in more detail and learn how Windows Phone 8.1 devices can be securely used and managed in an enterprise environment.
Windows Phone 8.1 Mobile Device Management Overview
Download a guide to the built-in mobile device management client in Windows Phone 8.1 that lets you manage your Windows Phone devices with the mobile device management system of your choice.
Windows Phone Security Forum for IT Pros
Have a technical question about Windows Phone security? Visit the security forum for Windows Phone on TechNet. Here you can find assistance with your specific issue, or browse insights and best practices from IT pros familiar with Windows Phone or who've deployed it in their corporate environment.
Create Stronger Passwords and Protect Them
A good reminder for IT professionals and end users alike, this article offers tips on creating passwords that are "difficult to crack" and offers a link to a free online tool offered by Microsoft Research, called Telepathwords, for those that would rather have a randomly generated strong password created for them.
Two-Factor Authentication for Office 365
Typical authentication practices that require only a password to access IT resources may not provide the appropriate level of protection for information that is sensitive or vulnerable. Two-factor authentication is an authentication method that applies a stronger means of identifying the user. It requires a user to submit two of the following three types of identify proofs. Explore a few two-factor authentication options for Office 365.
Multi-Factor Authentication for Office 365
Multi-Factor Authentication for Office 365, powered by Azure Multi-Factor Authentication, works exclusively with Microsoft Office 365 applications at no additional cost and is managed from the Office 365 portal. Learn how to enable and enforce multi-factor authentication for end users, and set up additional authentication factors.
Configuring Two-Factor Authentication in Lync Server 2013
Get step-by-step guidance on how to configure smart card authentication, virtual smart cards, Active Directory Federation Services, and other possible components of a two-factor authentication solution for Lync.
Adding Multi-Factor Authentication to Azure Active Directory
With multiple out-of-band methods and a one-time passcode option, Azure Multi-Factor Authentication provides flexibility for users and backup options in the event the user is not able to authenticate using their preferred method. Learn how to secure Microsoft and 3rd party applications hosted in Azure using Azure Multi-Factor Authentication. Unfamiliar with Azure Multi-Factor Authentication? Learn more.
Enabling Multi-Factor Authentication for On-Premises Applications and Windows Server
Find on how to secure your on premise resources and Active Directory using Azure Multi-Factor Authentication Server and integrate with IIS authentication to secure Microsoft IIS web applications, RADIUS authentication, LDAP authentication, and Windows authentication.
Building Multi-Factor Authentication into Custom Apps
Developers: learn how to build multi-factor authentication into your Azure application sign-in or transaction processes with the Azure Multi-Factor Authentication Software Development Kit (SDK).
Get Started with Virtual Smart Cards
Virtual smart cards are a technology from Microsoft, which offer comparable security benefits in two-factor authentication to physical smart cards. They also offer more convenience for users and lower cost for organizations to deploy. By utilizing Trusted Platform Module (TPM) devices that provide the same cryptographic capabilities as physical smart cards, virtual smart cards accomplish the three key properties that are desired by smart cards: non-exportability, isolated cryptography, and anti-hammering. Learn how to use and deploy virtual smart cards in your organization.
| | | | | Community Update | | | | Office 365: Multi-Factor Authentication and Password Security Gotcha’s
Explore some best practices around passwords for Office 365 users, including guidance on how to set up a temporary password for a specific user, and how to set password policy.
| | | | | This Month's Security Bulletins | | | | | | September 2014 Security Bulletins
| | | September 2014 Security Bulletin Resources:
| | | | | Security Events and Training | | | | | | Microsoft Virtual Academy (MVA): User Experience Virtualization Deep Dive
Microsoft User Experience Virtualization (UE-V) makes it easier to give mobile users access to their unique profiles, data, and settings across their Windows PC devices. It provides users with a consistent, personal, Windows experience that matches their unique work style, while making it easy for you to deliver this user-defined experience across many devices. In this 300-level course, you’ll take a deep dive into the latest version of UE-V, and learn how to plan for deployment, use UE-V templates to synchronize application settings, and leverage best practices for managing your UE-V infrastructure.
MVA: Enable the Consumerization of IT Jump Start
Learn how to responsibly support Bring Your Own Device (BYOD) scenarios in your environment, and safely enable users to work and communicate anywhere, anytime, on a device of their choice. This course will paint the entire picture at a 200 level, then provide some 300-level knowledge on specific scenarios across the various Microsoft products that support BYOD options, such as how to configure mobile device management (MDM) in System Center Configuration Manager.
Dimension Data Series - Transform your Datacenter through the Cloud OS based Off-Premise Hosted Private Cloud (Part 1)
Thursday, October 2, 2014 – 10:00 AM Pacific Time
Are you an IT professional looking for cloud-based services that offer the dual advantage of security and ownership of traditional solutions? Join us for the two part webinar series and learn how you can move workloads off-premise to the cloud via the Microsoft Cloud OS approach with Windows Server 2012 R2, System Center 2012 R2, Microsoft Azure, and SQL Server 2014. In the first webinar we will cover an overview of Microsoft Cloud OS and the Dimension Data Hosted Private Cloud solutions that complement Azure to deliver a security enhanced hosted environment for high-performance enterprise cloud computing.
Dimension Data Series - Transform your Datacenter through the Cloud OS based Off-Premise Hosted Private Cloud (Part 2)
Thursday, October 16, 2014 – 10:00 AM Pacific Time
In this second webinar, we will expand on webinar 1 by providing a deep dive (level 200) into Dimension Data’s Hosted Private Cloud solutions that offer an enterprise-class hosted database solution with business continuity to meet complex SLA’s.
| | | | | | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2014 Microsoft Corporation Terms of Use | Trademarks
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer not to receive the Microsoft Security Newsletter from Microsoft and its family of companies please click here. These settings will not affect any other newsletters you've requested or any mandatory service communications that are considered part of certain Microsoft services.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052 USA | | | | | | | | |
