by Scott Muniz | Oct 28, 2022 | Security, Technology
This article is contributed. See the original author and article here.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.
by Contributed | Oct 28, 2022 | Dynamics 365, Microsoft 365, Technology
This article is contributed. See the original author and article here.
Last April I shared that Microsoft is working on an initiative that encourages partners to invest in a cloud-first strategy. Today, we are excited to announce that the Business Central Universal Code initiative went into effect with the launch of Dynamics 365 Business Central 2022 release wave 2.
The Universal Code initiative is designed to encourage the use of a modern architecture in customer implementations of Business Central. It gives all on-premises customers the choice to select a cloud (SaaS) implementation when desired while also finding the right apps on the Microsoft AppSource marketplace. The initiative reduces the friction around potentially complex, lengthy, and expensive upgrades and frees up partner capacity over time. Partners can use the additional capacity for activities beyond (re)implementing customizations, providing more value to their customers.
Microsoft partners share the impact of Universal Code
On AppSource, you can easily discover the success of our modern Universal Code initiative. As of October 2022, more than 2,800 Business Central apps are available to respond to the unique requirements of customers. Our partner channel is sharing the positive impact a modern architecture has on their business:
“It was scary to change our industry solution from a customized code to Universal Code as we didn’t want to compromise its rich functionality, but our team succeeded faster than expected because of their great expertise and out-of-the-box thinking. The impact has been enormous! Today, we are able to serve 14 localizations through fully automated means and we are able to generate weekly releases. In the past this took us a month of manual work. Universal Code in combination with our tooling is providing us the agility to stay in front!”
Richard Postborg, CTO, TRIMIT Group A/S
“For us here at LS Retail, Universal Code is all about sustainability for the customer. With Universal Code and the move to the extensibility framework, customers can upgrade their environments with a fraction of the effort it required before. This is good for everyone involved. The customer can stay current with a minimal effort. The partners can add value in other areas, such as providing business insights. This is a win-win for everyone involved.”
Dadi Karason, CTO, LS Retail
The future of Business Central on-premises is Universal Code
The modern architectural choice of Universal Code is key to the success of our customers, partners, and Microsoft. We encourage customers to have the Universal Code conversation with their implementing partner.
As of October 2022, new Dynamics 365 Business Central customers deploying on-premises and customers transitioning to Dynamics 365 Business Central on-premises deployments will have to deploy a “cloud-optimized extensions” architecture (Universal Code) or license payable modules that unlock classic customization behavior.
Learn more
Find supporting materials with details about the Universal Code initiative at https://aka.ms/BCUniversalCode.
Partners can also learn more about next steps by watching the Universal Code session at the Dynamics 365 Business Central virtual launch event. Register to watch on-demand at https://aka.ms/BCLE.
The post The Dynamics 365 Business Central Universal Code initiative is live appeared first on Microsoft Dynamics 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Contributed | Oct 28, 2022 | Technology
This article is contributed. See the original author and article here.
Adoption and usage of data governance tools are critical and lack of user engagement can be a serious blocker for the whole organization in its data governance journey. When it comes to solution adoption, fortunately Microsoft Purview comes with the built-in ability to analyze it.
This functionality is very useful to answer the following questions:
- Are users actively using Microsoft Purview?
- How is usage changing over time?
- What is activity type e.g., data curation or search data?
- Which assets are the most viewed ones in an organization?
- What are we missing in the catalog?
How to track the adoption?
Adoption tracking is part of Data estate insights functionality in Microsoft Purview. To be able to use it, the user needs to have appropriate permissions assigned. There is a dedicated Insights Reader role that can be assigned to any Data Map user, by the Data Curator of the root collection. More information about required permissions can be found in Permissions for Data Estate Insights in Microsoft Purview – Microsoft Purview | Microsoft Docs.
Let’s start with some basics
Going into the Insights area and choosing Catalog adoption, we can find information about monthly active users.
In our case, we can see that currently we have 254 distinct users and the number dropped 7% in the last month. Microsoft Purview counts active users as a user who took at least one intentional action across all feature categories in the Data Catalog within a 28-day period. It’s also possible to determine how active our users are in total as Microsoft Purview aggregates number of total searches performed by users
Note
Data estate insights functionality in Microsoft Purview shows information based on user permissions, which means data seen in Insights is limited to collections to which the user has permission to access. In this case, the user used to see insights has access to all collections, meaning the information visible in the catalog adoption is the overall number of users in the organization.
Even more information about catalog users
More adoption data means more insights into how the catalog is used.
This option shows the breakdown of active users by feature category. Feature category was divided into:
- All (which covers all kinds of users)
- Search and browse (which indicates users who are reading data from the catalog by searching them or directly browsing the catalog assets)
- Asset curation (activities related to data curation like assigning data owner, description, applying classification, etc.)
Information on the chart can be shown in Daily/Weekly/Monthly time range.
Increase catalog adoption by giving users more precise information…
Among the information that you get as part of adoption reports is information about which assets are the most viewed in the organization. If you are wondering why it is important to have a look at the following summary:
The most viewed asset (231 views) “TicketReportTable” is fully curated (more about curation in the 2nd part of the article) which means the asset has an assigned owner, description, and at least one classification. On the other hand, the 2nd most viewed asset (136 views in last 30 days) “YearlySalesBySegment” is not curated at all. This can lead to situations where users are accessing catalogs and get poor-quality information. As a result, users may step back from using data catalog and adoption will be dropping. Based on such insights you can intensively work on asset curation and only provide users with high-quality information about data in your organization.
Adoption insights available in Microsoft Purview also give the ability to identify the most searched keywords.
It is interesting that one of the most searched assets is only partially curated. Based on this information it is possible to help data stewards and owners set priorities and identify the most important areas in an organization. On the other hand, it’s also possible to get information about keywords that were searched by users but yielded no results.
In this example, it looks like users are looking for information related to “sales” and couldn’t find it. This is an important tip for a data governance team and shows the next possible areas to investigate.
Summary
Now you should have a better understanding of how to identify the progress of Microsoft Purview adoption, You should also have learned how to improve it by converting provided insights into actions, like a better data curation process or by adding new assets to your catalog, which are searched by users.
by Scott Muniz | Oct 28, 2022 | Security, Technology
This article is contributed. See the original author and article here.
CISA, the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released Understanding and Responding to Distributed Denial-of-Service Attacks to provide organizations proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks. The guidance is for both network defenders and leaders to help them understand and respond to DDoS attacks, which can cost an organization time, money, and reputational damage.
Concurrently, CISA has released Capacity Enhancement Guide (CEG): Additional DDoS Guidance for Federal Agencies, which provides federal civilian executive branch (FCEB) agencies additional DDoS guidance, including recommended FCEB contract vehicles and services that provide DDoS protection and mitigations.
CISA encourages all network defenders and leaders to review:
by Scott Muniz | Oct 28, 2022 | Security, Technology
This article is contributed. See the original author and article here.
VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2022-002 and apply the necessary updates and workarounds.
Recent Comments