We also had a new blog post from @Martin Nothnagel about new capabilities for Servicing profiles that customers have been asking for. Make sure to check it out!
This week, we had a good question from @abo999 around Microsoft Project and how to display start/finish times in two different time zones, and @John-project came to the rescue with the right formula.
This article is contributed. See the original author and article here.
Citrix has released security updates to address vulnerabilities that could affect Hypervisor. An attacker could exploit one of these vulnerabilities to take control of an affected system.
This article is contributed. See the original author and article here.
CISA and the United States Coast Guard Cyber Command (CGCYBER) have released a joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches. The CSA provides information—including tactics, techniques, and procedures and indicators of compromise—derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.
This article is contributed. See the original author and article here.
Actions to take today: • Install fixed builds, updating all affected VMware Horizon and UAG systems to the latest versions. If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat all affected VMware systems as compromised. • Minimize the internet-facing attack surface by hosting essential services on a segregated demilitarized (DMZ) zone, ensuring strict network perimeter access controls, and implementing regularly updated web application firewalls (WAFs) in front of public-facing services
The Cybersecurity and Infrastructure Security Agency (CISA) and United States Coast Guard Cyber Command (CGCYBER) are releasing this joint Cybersecurity Advisory (CSA) to warn network defenders that cyber threat actors, including state-sponsored advanced persistent threat (APT) actors, have continued to exploit CVE-2021-44228 (Log4Shell) in VMware Horizon® and Unified Access Gateway (UAG) servers to obtain initial access to organizations that did not apply available patches or workarounds.
Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched, public-facing VMware Horizon and UAG servers. As part of this exploitation, suspected APT actors implanted loader malware on compromised systems with embedded executables enabling remote command and control (C2). In one confirmed compromise, these APT actors were able to move laterally inside the network, gain access to a disaster recovery network, and collect and exfiltrate sensitive data.
This CSA provides the suspected APT actors’ tactics, techniques, and procedures (TTPs), information on the loader malware, and indicators of compromise (IOCs). The information is derived from two related incident response engagements and malware analysis of samples discovered on the victims’ networks.
CISA and CGCYBER recommend all organizations with affected systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities using the IOCs provided in this CSA, Malware Analysis Report (MAR)-10382580-1, and MAR-10382254-1. If potential compromise is detected, administrators should apply the incident response recommendations included in this CSA and report key findings to CISA.
See the list below to download copies of IOCs:
Download the pdf version of this report: [pdf, 483 kb]
Note: this advisory uses the MITRE ATT&CK for Enterprise framework, version 11. See Appendix A for a table of the threat actors’ activity mapped to MITRE ATT&CK® tactics and techniques.
Log4Shell is a remote code execution vulnerability affecting the Apache® Log4j library and a variety of products using Log4j, such as consumer and enterprise services, websites, applications, and other products, including certain versions of VMware Horizon and UAG. The vulnerability enables malicious cyber actors to submit a specially crafted request to a vulnerable system, causing the system to execute arbitrary code. The request allows the malicious actors to take full control of the affected system. (For more information on Log4Shell, see CISA’s Apache Log4j Vulnerability Guidance webpage and VMware advisory VMSA-2021-0028.13.)
VMware made fixes available in December 2021 and confirmed exploitation in the wild on December 10, 2021.[1] Since December 2021, multiple cyber threat actor groups have exploited [T1190] Log4Shell on unpatched, public-facing VMware Horizon and UAG servers to obtain initial access [TA0001] to networks.
After obtaining access, some actors implanted loader malware on compromised systems with embedded executables enabling remote C2. These actors connected to known malicious IP address 104.223.34[.]198.[2] This IP address uses a self-signed certificate CN: WIN-P9NRMH5G6M8. In at least one confirmed compromise, the actors collected and exfiltrated sensitive information from the victim’s network.
The sections below provide information CISA and CGCYBER obtained during incident response activities at two related confirmed compromises.
Victim 1
CGCYBER conducted a proactive threat-hunting engagement at an organization (Victim 1) compromised by actors exploiting Log4Shell in VMware Horizon. After obtaining access, threat actors uploaded malware, hmsvc.exe, to a compromised system. During malware installation, connections to IP address 104.223.34[.]198 were observed.
CISA and CGCYBER analyzed a sample of hmsvc.exe from the confirmed compromise. hmsvc.exe masquerades as a legitimate Microsoft® Windows® service (SysInternals LogonSessions software) [T1036.004] and appears to be a modified version of SysInternals LogonSessions software embedded with malicious packed code. When discovered, the analyzed sample of hmsvc.exe was running as NT AUTHORITYSYSTEM, the highest privilege level on a Windows system. It is unknown how the actors elevated privileges.
hmsvc.exe is a Windows loader containing an embedded executable, 658_dump_64.exe. The embedded executable is a remote access tool that provides an array of C2 capabilities, including the ability to log keystrokes [T1056.001], upload and execute additional payloads [T1105], and provide graphical user interface (GUI) access over a target Windows system’s desktop. The malware can function as a C2 tunneling proxy [T1090], allowing a remote operator to pivot to other systems and move further into a network.
When first executed, hmsvc.exe creates the Scheduled Task [T1053.005], C:WindowsSystem32TasksLocal Session Updater, which executes malware every hour. When executed, two randomly named *.tmp files are written to the disk at the location C:Users<USER>AppDataLocalTemp and the embedded executable attempts to connect to hard-coded C2 server 192.95.20[.]8 over port 4443, a non-standard port [TT571]. The executable’s inbound and outbound communications are encrypted with a 128-bit key [T1573.001].
For more information on hmsvc.exe, including IOCs and detection signatures, see MAR-10382254-1.
Victim 2
From late April through May 2022, CISA conducted an onsite incident response engagement at an organization (Victim 2) where CISA observed bi-directional traffic between the organization and suspected APT IP address 104.223.34[.]198. During incident response, CISA determined Victim 2 was compromised by multiple threat actor groups.
The threat actors using IP 104.223.34[.]198 gained initial access to Victim 2’s production environment in late January 2022, or earlier. These actors likely obtained access by exploiting Log4Shell in an unpatched VMware Horizon server. On or around January 30, likely shortly after the threat actors gained access, CISA observed the actors using PowerShell scripts [T1059.001] to callout to 109.248.150[.]13 via Hypertext Transfer Protocol (HTTP) [T1071.001] to retrieve additional PowerShell scripts. Around the same period, CISA observed the actors attempt to download [T1105] and execute a malicious file from 109.248.150[.]13. The activity started from IP address 104.155.149[.]103, which appears to be part of the actors’ C2 [TA0011] infrastructure.
After gaining initial access to the VMware Horizon server, the threat actors moved laterally [TA0008] via Remote Desktop Protocol (RDP) [T1021.001] to multiple other hosts in the production environment, including a security management server, a certificate server, a database containing sensitive law enforcement data, and a mail relay server. The threat actors also moved laterally via RDP to the organization’s disaster recovery network. The threat actors gained credentials [TA0006] for multiple accounts, including administrator accounts. It is unknown how these credentials were acquired.
After moving laterally to other production environment hosts and servers, the actors implanted loader malware on compromised servers containing executables enabling remote C2. The threat actors used compromised administrator accounts to run the loader malware. The loader malware appears to be modified versions of SysInternals LogonSessions, Du, or PsPing software. The embedded executables belong to the same malware family, are similar in design and functionality to 658_dump_64.exe, and provide C2 capabilities to a remote operator. These C2 capabilities include the ability to remotely monitor a system’s desktop, gain reverse shell access, exfiltrate data, and upload and execute additional payloads. The embedded executables can also function as a proxy.
CISA found the following loader malware:
SvcEdge.exe is a malicious Windows loader containing encrypted executable f7_dump_64.exe. When executed, SvcEdge.exe decrypts and loads f7_dump_64.exe into memory. During runtime, f7_dump_64.exe connects to hard-coded C2 server 134.119.177[.]107 over port 443.
odbccads.exe is a malicious Windows loader containing an encrypted executable. When executed, odbccads.exe decrypts and loads the executable into memory. The executable attempts communication with the remote C2 address 134.119.177[.]107.
praiser.exe is a Windows loader containing an encrypted executable. When executed, praiser.exe decrypts and loads the executable into memory. The executable attempts connection to hard-coded C2 address 162.245.190[.]203.
fontdrvhosts.exe is a Windows loader that contains an encrypted executable. When executed, fontdrvhosts.exe decrypts and loads the executable into memory. The executable attempts connection to hard-coded C2 address 155.94.211[.]207.
winds.exe is a Windows loader containing an encrypted malicious executable and was found on a server running as a service. During runtime, the encrypted executable is decrypted and loaded into memory. The executable attempts communication with hard-coded C2 address 185.136.163[.]104. winds.exe has complex obfuscation, hindering the analysis of its code structures. The executable’s inbound and outbound communications are encrypted with an XOR key [T1573.001].
For more information on these malware samples, including IOCs and detection signatures, see MAR-10382580-1.
Additionally, CISA identified a Java® Server Pages (JSP) application (error_401.js) functioning as a malicious webshell [T505.003] and a malicious Dynamic Link Library (DLL) file:
error_401.jsp is a webshell designed to parse data and commands from incoming HTTP requests, providing a remote operator C2 capabilities over compromised Linux and Windows systems. error_401.jsp allows actors to retrieve files from the target system, upload files to the target system, and execute commands on the target system. rtelnet is used to execute commands on the target system. Commands and data sent are encrypted via RC4 [T1573.001]. For more information on error_401.jsp, including IOCs, see [MAR-10382580 2].
newdev.dll ran as a service in the profile of a known compromised user on a mail relay server. The malware had path: C:Users<user>AppDataRoamingnewdev.dll. The DLL may be the same newdev.dll attributed to the APT actors in open-source reporting; however, CISA was unable to recover the file for analysis.
Threat actors collected [TA0009] and likely exfiltrated [TA0010] data from Victim 2’s production environment. For a three week period, the security management and certificate servers communicated with the foreign IP address 92.222.241[.]76. During this same period, the security management server sent more than 130 gigabytes (GB) of data to foreign IP address 92.222.241[.]76, indicating the actors likely exfiltrated data from the production environment. CISA also found .rar files containing sensitive law enforcement investigation data [T1560.001] under a known compromised administrator account.
Note: the second threat actor group had access to the organization’s test and production environments, and on or around April 13, 2022, leveraged CVE-2022-22954 to implant the Dingo J-spy webshell. According to trusted third-party reporting, multiple large organizations have been targeted by cyber actors leveraging CVE-2022-22954 and CVE-2022-22960. For more information on exploitation of CVE-2022-22954 and CVE-2022-22960, see CISA CSA Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control.
Incident Response
If administrators discover system compromise, CISA and CGCYBER recommend:
Immediately isolating affected systems.
Collecting and reviewing relevant logs, data, and artifacts.
Considering soliciting support from a third-party incident response organization that can provide subject matter expertise, ensure the actor is eradicated from the network, and avoid residual issues that could enable follow-on exploitation.
Reporting incidents to CISA via CISA’s 24/7 Operations Center (report@cisa.gov or 888-282-0870). To report cyber incidents to the Coast Guard pursuant to 33 CFR Section 101.305, contact the U.S. Coast Guard (USCG) National Response Center (NRC) (NRC@uscg.mil or 800-424-8802).
CISA and CGCYBER recommend organizations install updated builds to ensure affected VMware Horizon and UAG systems are updated to the latest version.
If updates or workarounds were not promptly applied following VMware’s release of updates for Log4Shell in December 2021, treat those VMware Horizon systems as compromised. Follow the pro-active incident response procedures outlined above prior to applying updates. If no compromise is detected, apply these updates as soon as possible.
Note: until the update is fully implemented, consider removing vulnerable components from the internet to limit the scope of traffic. While installing the updates, ensure network perimeter access controls are as restrictive as possible.
If upgrading is not immediately feasible, see KB87073 and KB87092 for vendor-provided temporary workarounds. Implement temporary solutions using an account with administrative privileges. Note that these temporary solutions should not be treated as permanent fixes; vulnerable components should be upgraded to the latest build as soon as possible.
Prior to implementing any temporary solution, ensure appropriate backups have been completed.
Verify successful implementation of mitigations by executing the vendor supplied script Horizon_Windows_Log4j_Mitigations.zip without parameters to ensure that no vulnerabilities remain. See KB87073 for details.
Additionally, CISA and CGCYBER recommend organizations:
Minimize the internet-facing attack surface by hosting essential services on a segregated DMZ, ensuring strict network perimeter access controls, and not hosting internet-facing services non-essential to business operations. Where possible, implement regularly updated WAFs in front of public-facing services. WAFs can protect against web based exploitation using signatures and heuristics that are likely to block or alert on malicious traffic.
Use best practices for identity and access management (IAM) by implementing multifactor authentication (MFA), enforcing use of strong passwords, and limiting user access through the principle of least privilege.
Contact Information
Recipients of this report are encouraged to contribute any additional information related to this threat.
To request incident response resources or technical assistance related to these threats, email CISA at report@cisa.gov. To contact Coast Guard Cyber Command in relation to these threats, email maritimecyber@uscg.mil.
To report cyber incidents to the Coast Guard pursuant to 33 CFR Section 101.305 contact the USCG NRC (NRC@uscg.mil or 800-424-8802).
Resources
For more information on Log4Shell, see:
See National Security Agency (NSA) and Australian Signals Directorate (ASD) guidance Block and Defend Web Shell Malware for additional guidance on hardening internet-facing systems.
See MAR-10382580-1 and MAR-10382254-1 and Table 1 for IOCs. See the list below to download copies of these IOCs:
Table 1: Indicators of Compromise
Type
Indicator
Description
IP Address
104.223.34[.]198
IP address closely associated with the installation of malware on victims.
92.222.241[.]76
Victim 2 servers communicated with this IP address and sent data to it during a three-week period.
109.248.150[.]13
Actors attempting to download and execute a malicious file from this address.
104.155.149[.]103
Appears to be a part of the actors’ C2 infrastructure.
Network Port
192.95.20[.]8:80
Same description as IP 192.95.20[.]8, but includes the specific destination port of 80, which was identified in logs and during malware analysis.
1389
This was the most common destination port for Log4Shell exploitation outbound connections. Multiple unique destination addresses were used for Log4Shell callback.
104.223.34[.]198:443
IP address closely associated to the installation of malware on victims with the specific destination port of 443.
Scheduled Task
C:WindowsSystem32TasksLocal Session Update
Scheduled task created by hmsvc.exe to execute the program hourly.
File Path
C:WindowsTemplnk{4_RANDOM_CHARS}.tmp
File created by hmsvc.exe with a random four-character filename.
C:WindowsTemplnk<4_RANDOM_NUMS_CHAR S>.tmp
File created by hmsvc.exe with a random four-character filename.
Appendix B: Threat Actor TTPs
See Table 2 for the threat actors’ tactics and techniques identified in this CSA. See the MITRE ATT&CK for Enterprise framework, version 11, for all referenced threat actor tactics and techniques.
This article is contributed. See the original author and article here.
“The tyranny of the default” has been a phrase that has worried many a security professional over the years; the constant struggle to make sure their systems are configured for optimal security, which often requires them to examine each feature individually.
To help security teams keep on top of monitoring where these configurations are, we are happy to report that we are adding a new identity-based security assessment called “Unsecure domain configurations” to the growing list of Microsoft Defender for Identity posture assessments.
Why are we adding this assessment?
Configuring Active directory optimal security has always been top of mind for the Microsoft Defender for Identity team and its research them, recent attacks, such as KrbRelayUp, had repeatedly shown us how certain, often default, settings can be used against their intended purpose and result in an identity compromise.
What configurations are we evaluating first?
We will be evaluating two distinct configurations as part of this assessment
Set ms-DS-MachineAccountQuota to “0” – Limiting the ability of non-privileged users to register devices in domain.
You can learn more about this particular property and how it affects device registration here
This evaluation will be available from launch, today.
Enforce LDAP Signing policy to “Require signing” – Unsigned network traffic is susceptible to man-in-the-middle attacks
This evaluation will be available in the next two weeks
This new assessment is part of our existing effort to secure your identity infrastructure alongside existing assessments such as the recommendation to disable the print spooler service on domain controllers
How do I use this security assessment?
This new security assessment will be part of Microsoft Defender for identity list of improvement actions under Secure Score, you can click on the assessment and evaluate the list of affected domains and their configurations.
If you have the appropriate permissions to view the identity posture assessments, you can directly access this assessment on your tenant using this link.
Take appropriate action on the affected domain, you can learn more here
We are working on adding more configurations to this Defender for Identity security posture assessments to help customers proactively secure their environments from exploitation, stay tuned!
For more information about Identity Security Posture assessments and Microsoft secure score, see
This article is contributed. See the original author and article here.
CISA has released its Cloud Security (CS) Technical Reference Architecture (TRA) to guide federal civilian departments and agencies in securely migrating to the cloud. Co-authored by CISA, the United States Digital Service, and the Federal Risk and Authorization Management Program, the CS TRA defines and clarifies considerations for shared services, cloud migration, and cloud security posture management as it fulfills a key mandate in delivering on Executive Order 14028, Improving the Nation’s Cybersecurity.
CISA encourages federal program and project managers involved in cloud migration to review and implement the CS TRA.
This article is contributed. See the original author and article here.
The world has changed a lot in two years. Even as offices and other workspaces open up again, the flexible nature of hybrid work continues to prove indispensable. We’ve become accustomed to a decentralized workplace where in-person collaboration is complemented with real-time and asynchronous online solutions. Microsoft Loop components extend the capabilities of Microsoft Teams and Outlook, supporting small-group collaboration and flexibility so you can remain in sync—anywhere, anytime.
Last year we shared ways you can get started using Loop components. Loop components are live and can be copied and pasted across Teams and Outlook — staying in sync in all the places they exist. Loop components enable your team to go from unfinished ideas to great outcomes quickly while staying in the flow of their work.
Loop component types include task list, bulleted list, checklist, numbered list, paragraph list, and table.
An image providing an example of the Loop components pop-up menu in Microsoft Teams.
These components are available in Microsoft Teams chat and coming soon to Outlook (and currently available in preview for Office Insiders). Keep reading for some examples of how teams can use Loop components!
Loop task list components are a great way to help teams stay in sync and accomplish tasks in a flexible way. Let’s look at an example:
Jóhanna is leading a team that is planning a product announcement in a couple of weeks. There is a lot that needs to be accomplished, but she has a great team! Although Jóhanna lives in the U.S., her team is spread out across several time zones, making it difficult to find a convenient meeting time for all. Instead, Jóhanna begins a Loop task list component in chat, capturing actions the team needs to complete, and assigning responsibilities and due dates – setting clear expectations for each person. She pins the task list component to the chat for easy reference later.
Tip: Pin a Loop component to a chat by right clicking on the component and choosing “Pin”. It’s now visible at the top of the window so you can quickly reference it later.
Because Loop components are always live and in sync, team members can add new tasks and check off completed tasks when it’s best for them. No matter when and where changes are made, the task list component remains the source of truth for what needs to get done.
Cameron, a team member in the U.S., begins completing tasks after he drops off his kids at school and continues working throughout the day. By the time he leaves to pick up his kids, Cameron has checked off several completed tasks and added a few new tasks assigned to his team member, Pradeep, in India.
Cameron doesn’t have to take time to write a message to Pradeep detailing where he left off. Pradeep simply sees the new tasks as he begins his day several hours later. To complete one of the tasks, Pradeep needs help from Joni who works on a different team. Joni wasn’t involved in the original meeting, but it’s easy to involve her with Loop components and Outlook. Pradeep adds a task and assigns it to Joni, then Pradeep copies and pastes the task list component into an email where he includes some context and asks Joni for her help. Joni reads the email after she returns from lunch and begins helping Pradeep. Typically, an email with a list of tasks would become obsolete quickly as the task list changes. But since this is a Loop component, it stays live and up to date – there is no need for a long chain of emails!
As progress is made by the team members in India, the rest of the team can see the completed tasks wherever they are viewing it. So, when Cameron gets back online the following day, he knows which task to jump into next without needing to bother Pradeep during his evening.
Throughout the week, Jóhanna reviews the status of the project without needing to interrupt her team’s workflow. She sends out an email update with the task list component to her manager early in the week. Because the component in Jóhanna’s email stays up to date throughout the week, there’s no need for her to send additional updates as the project moves forward. Even though the list has been shared many times, Jóhanna does not have to worry about updating multiple sources since the task list component syncs across all the places it lives.
Although organizing the announcement is a lot of work involving various tasks, the Loop task list component enables flexibility so each team member can contribute while maintaining their preferred schedules. It also reduces the number of ad hoc check-ins and interruptions to workflows required since everyone related to the announcement can see the task list component as it’s updated in real time.
Tip: For each Loop component, you can decide which team members can access or edit the component.
An image providing an example of available permission settings for Loop components in Microsoft Teams.
Loop table components are excellent for gathering evolving information from various people all in one place. Here’s one example:
Adele runs a daily stand-up meeting for her Research and Design team. She wants to ensure everyone has a chance to provide input and flag any concerns, but it’s difficult to find a time that works for all team members because of conflicting schedules and varied time zones.
So, Adele begins a Loop table component in a group Teams chat. She includes objectives, notes, and next steps in the table component. Adele loves that each team member can provide input when it’s convenient for them, wherever they are, and it’s all one place – no one needs to compile the information.
Tip: In a table component, use shift+enter to start a new line in the same cell.
Some team members, like Lee, need input from partners they work with. Lee starts an Outlook email to his research partner in another group. He copies and pastes the table component into it. Lee’s partner can provide input directly into the table component in Outlook while Adele, along with other team members, can see the new input immediately in the table component in Teams chat.
In Adele’s weekly meeting with her manager, she shares the table component in the Teams chat. Adele’s manager would like to know the timing of some critical pieces. Adele simply adds a column for timing to the table component in her current chat, and @mentions her team members asking them to add input for the new column. The team members immediately see the new category in their original Teams chat.
Tip: Loop components are saved automatically to your OneDrive, which means you can find them on Office.com in addition to Teams. Try giving your components easy-to-remember titles (the title is also used for the file name) to help you search for and find them quickly.
Adele can stay focused on the information because it’s in one place even though it came from several people across different apps. Her team members appreciate getting to provide their feedback and raise concerns in a way that works best for them, allowing for the team to prioritize their time without missing out on the conversation.
Tip: When editing a Loop component, type a forward-slash “/ “ to insert an @mention, date, or another component.
Here’s a few more quick suggestions of how to use Loop components:
A Loop numbered list component can help you develop consensus about the order of priorities with the rest of the team.
The Loop paragraph component can be used to take notes or construct a report draft that everyone in the Teams channel can collaborate on. Some users find that using a Loop component is preferable to saving a Word document for just a few sentences because Loop components are less formal, and people feel more comfortable making suggestions or changes.
A Loop checklist component can help you brainstorm activities or items needed for group events.
Tip: In the upper right corner you can track who is viewing and editing the component. To understand who can view or edit the component, select the See who has access button.
Microsoft Loop lets you work flexibly
Loop components allow groups to collaborate wherever they are, whether it’s across town or spanning multiple time zones—all with a single click within a Teams chat or Outlook email. When you @mention people, Loop will send that person a Teams notification along with an email. And for peace of mind, every component you create in Teams is automatically saved to a file in OneDrive. You can easily find all your Loop components on Office.com.
We look forward to hearing your feedback to help us make the Microsoft Loop experience even better. To learn more about Loop components, check out these helpful resources:
Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected.
This article is contributed. See the original author and article here.
This post is co-authored by Tony Lorentzen, Senior Vice President and General Manager Intelligent Engagement, Nuance.
Since Microsoft and Nuance joined forces earlier this year, both teams have been clear about our commitment to putting our customers first. Microsoft and Nuance are dedicated to ensuring our products complement each other, accelerate better business outcomes, and continue to deliver value well into the future.
We have never been more confident in our ability to continue offering organizations exceptional AI-powered customer engagement solutions. There’s a good reason why a majority of the Fortune 100 companies worldwide rely on Nuance customer engagement solutions, and we are excited by the significant potential Nuance’s pioneering, industry-specific technology has in the Microsoft ecosystem. Nuance solutions complement and enhance Microsoft’s portfolio, delivering value across every engagement channel. Microsoft’s continued investment in cloud and AI innovation offers massive opportunity to bolster Nuance solutions with new capabilities.
We are investing in Nuance’s proven customer engagement solutions that combine advanced conversational AI with a full spectrum of technologies to achieve market-leading accuracy and containment rates. Nuance has the unique capabilities to enable organizations to automate, personalize, and secure customer interactions, only now with the power of Microsoft behind it. This spans Nuance products and services inclusive of:
Nuance Digital Engagement Platform (NDEP): The powerful functionality of NDEP comes from deep expertise in conversational AI and experience delivering AI-powered innovations in key vertical markets. Nuance digital engagement solutions are vendor-agnostic, offering complete flexibility and investment protection for organizations that: want to integrate best-of-breed virtual assistant or live chat solutions with a third-party customer relationship management (CRM) from any vendor; have a third-party virtual assistant, but need to integrate it with an industry-leading live agent platform; want to add powerful new messaging capabilities to a third-party agent desktop; or need to surface third-party product recommendations, next-best actions, knowledgebase information, tech support, or order management systems to their agents on a unified desktop.
Nuance Conversational Interactive Voice Response (IVR): Nuance has deep roots in delivering powerful IVR solutions and shares Microsoft’s vision for enabling an intelligent, personalized, and secure customer experience through advanced AI. Customers should expect Nuance Conversational IVR to continue to deliver innovations in automation to enable self-service with high containment rates while further increasing the speed, efficiency, and ability of agents to resolve most incoming calls successfully using real-time data and context. Our shared goal is to enable enterprise-grade, secure, conversational applications for the IVR that are capable of handling everything from straightforward customer queries to complex, demanding interactions. And we are committed to flexibly working with our ISV and channel partners to make our market-leading, vertical-specific Natural Language Understanding available to global organizations.
Nuance security and biometrics: One of the most exciting things that Nuance brings to customer experience engagements is its market-leading biometric authentication and fraud prevention solutions. These technologies are helping enterprises make customer interactions not only more enjoyable but also more secure while helping to prevent fraudboth critical to successfully providing the outcomes-driven customer engagement Microsoft and Nuance are committed to delivering together. Cloud-native Nuance Gatekeeper is a differentiator in the market, and we will continue to invest in advancing its capabilities, while exploring its huge potential in the Microsoft ecosystem.
Nuance Mix: Microsoft and Nuance share a vision to provide the most complete and compelling AI-driven customer engagement and contact center portfolio, with secure tools that span no-code, low-code, and pro-code to accelerate transformation. Nuance Mix makes it easier to create sophisticated, human-like engagements that enable customers to self-serve with a chatbot, speak to the IVR in a conversational way as if they were speaking to human agents, and help maximize self-service adoption and containment across any channel.
Learn more about Microsoft and Nuance
Our goal with “Microsoft + Nuance: Better Together” is to deliver lasting business value to the market. Together, with our trailblazing customers and partners, we will bring to market new innovations, while also ensuring our customers’ existing investments are protected and continue to flourish. As we look at adding new capabilities, together, Microsoft and Nuance will ensure clear paths forward providing customers future-proof solutions that continue to deliver outcomes today and tomorrow.
We are excited to share more about how we’ll bring the full power of Microsoft and Nuance to organizations worldwide.
Recent Comments