This article is contributed. See the original author and article here.
Are you looking to modernize your on-premises databases to Azure SQL? Join Alexandra Ciortea, Raymond Truong, Wenjing Wang, and Anna Hoffman to understand how you can size your Azure SQL target accordingly, based on the current performance and business requirements. We will walk you through several approaches and models that can suit your needs.
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.This article is contributed. See the original author and article here.
In coordination with the Office of Management and Budget (OMB), the Federal Chief Information Security Officer Council (FCISO) Trusted Internet Connections (TIC) Subcommittee, and the General Services Administration, CISA has released Trusted Internet Connections 3.0 Remote User Use Case. The Remote User Use Case provides federal agencies with guidance on applying network and multi-boundary security for agencies that permit remote users on their networks. In accordance with OMB Memorandum M-19-26, this use case builds off TIC 3.0 Interim Telework Guidance originally released in Spring 2020.
The TIC 3.0 Remote User Use Case considers additional security patterns agencies may face with remote users and includes four new security capabilities:
In conjunction with the Remote User Use Case, CISA has also released Response to Comments on TIC 3.0 Remote User Use Case and the Pilot Process Handbook. These additional documents provide feedback on the Remote User Use Case and describes the process by which agencies should conduct TIC 3.0 pilots.
CISA encourages all federal government agencies and organizations to review the TIC 3.0 Remote User Use Case and visit the CISA TIC page for updates and additional information on the TIC program.
This article is contributed. See the original author and article here.
Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR . An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2.
This article is contributed. See the original author and article here.
The Apache Software Foundation has released Apache HTTP Server version 2.4.50 to address two vulnerabilities. An attacker could exploit these vulnerabilities to take control of an affected system. One vulnerability, CVE-2021-41773, has been exploited in the wild.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4.50 vulnerabilities page and apply the necessary update.
This article is contributed. See the original author and article here.
Building a great product means listening to what our customers need, and we’ve heard loud and clear from our customers that Zero Trust adoption is more important than ever. In the 2021 Zero Trust Adoption Report, we learned that 96% of security decision-makers state that Zero Trust is critical to their organization’s success, and 76% of organizations have at least started implementing a Zero Trust strategy. In the next couple years, Zero Trust strategy is expected to remain the top security priority and organizations anticipate increasing their investment.
Zero Trust adoption has been accelerated by the U.S. government as well. In May 2021, the White House signed an executive order calling for improvement to the nation’s cybersecurity, including advancing towards a Zero Trust architecture. More recently, the Office of Management and Budget released a draft federal strategy for moving towards Zero Trust architecture, with key goals to be achieved by 2024. Microsoft has published customer guidance and resources for meeting Executive Order objectives.
These government and industry imperatives create a huge opportunity for Microsoft and our partners to enhance support for our customers as they move towards an end-to-end Zero Trust security posture. At Microsoft, we strive to make it easy for partners, such as independent software vendors, to integrate with us so customers can easily adopt the most comprehensive security solutions. We recognize that customers take varied paths on their journey to Zero Trust and have multiple security solutions in their environment. When we work together to meet these needs, we build stronger protections for our companies and nations.
To support partner integration and Zero Trust readiness, we recently released partner integration guidance at our Zero Trust Guidance Center. This guidance is organized across the pillars of Zero Trust, supporting integrations across a wide variety of products and partners. Examples include:
We applaud those who are embracing a Zero Trust approach for security solutions. We will close out with a few examples of how ISV partners, F5 and Yubico, have benefited from this integration guidance in the Zero Trust Guidance Center.
Many companies rely line-of-business applications that were developed before adoption of the latest authentication protocols like SAML and OIDC. This means organization must manage multiple ways to authenticate users, which complicates user experience and increases costs.
BIG-IP Access Policy Manager (APM) is F5’s access management proxy solution that centralizes access to apps, APIs and data. BIG-IP APM integrated with Microsoft Azure AD to provide conditional access to the BIG-IP APM user interface.
Last year, Durham County enhanced security across a hybrid environment with Azure AD and F5 BIG-IP APM in the wake of a serious cybersecurity incident. F5 BIG-IP APM gave employees the unified solution they needed to access legacy on-premises apps. F5 used Azure AD to apply security controls to all their apps, enforce multifactor authentication, and use finetuned policies based on circumstances like employee login location. In addition, self-service password reset powered by the solution reduced help desk calls for passwords by 80%.
In 2019, the Canadian government of Nunavut experienced a spear phishing attack that took down critical IT resources for the territory. In the wake of the attack, protecting identities and applications was a top priority.
Together, Azure AD and YubiKey offered a solution that upgraded the security of the Government of Nunavut and fit their unique needs. The Government of Nunavut wanted to implement a phishing-resistant authentication solution. In addition, the government agencies used a variety of Windows-based systems, and, because of their remote locations, had inconsistent network access. To address these needs, they adopted YubiKeys, which are a hardware device that can be used for multi-factor authentication with no network, power source, or client software. You can read the full story from Yubico and learn more from the video below.
We are incredibly proud of the work our partners are doing to provide customers with critical cybersecurity solutions using the principles of Zero Trust. Check out our newly published partner integration guidance for Zero Trust readiness to learn more about opportunities.
Learn more about Microsoft identity:
This article is contributed. See the original author and article here.
Getting started with Azure Purview for data governance is quick and easy. First, if you don’t already have an Azure account, get instant access and $200 of credit to try Azure Purview by signing up for a free account.
After you create an Azure account, sign into the Azure portal and search for Purview accounts.
Then select Create to start an Azure Purview account. Note that you can add only one Azure Purview account at a time.
In the Basics tab, select an existing Resource group or create a new one.
Now, enter a name for your Azure Purview account. Note that spaces and symbols are not allowed.
Next, choose your Location.
Finally, select the Review + Create button, then the Create button. Your Azure Purview account will be ready in a few minutes!
Once you’ve launched an Azure Purview account, be sure to first visit the Knowledge center in the Azure Purview Studio.
The Knowledge center can be accessed via the home page.
Here, you can watch videos to learn more about the capabilities of Azure Purview, read blog posts about the latest product announcements, and do tutorials to get started with registering and scanning new data sources. Learn how to set up a business glossary and take a tour of the Azure Purview Studio to familiarize yourself with key features.
Try Azure Purview today
This article is contributed. See the original author and article here.
Many organizations face supply chain challenges that can be addressed through digital transformation, yet organizational limitations make this transformation difficult. Disparate and disconnected enterprise systems can prohibit companies from gaining end-to-end visibility into their supply chains, while outdated technology can create a lack of business continuity during disruptions or lead to an inability to rapidly adapt to changing customer demand. New technologies that enable and automate data-driven decision-making should be central to any strategy designed to meet these challenges. Microsoft Dynamics 365 Intelligent Order Management is a nimble and modern, open platform that empowers businesses to do exactly that.
Dynamics 365 Intelligent Order Management comes with a fulfillment optimization engine that intelligently manages order complexities, while also providing real-time end-to-end visibility into all inventory and order flows. Companies that ship direct-to-consumer, such as retailers, manufacturers, and distributors, face considerable challenges in this arena. This is one reason that in a recent Economist survey sponsored by Microsoft, ninety-nine percent of OEMs (original equipment manufacturers) believe that the digital transformation of their supply chain is important to meeting their organizations’ strategic objectives.1
The challenge comes from the complexity created by combining a myriad of order sources such as e-commerce marketplaces, physical stores, and call centers. Plus, a growing number of options to fulfill, including distribution centers, third-party logistics providers, and supplier drop-shipping. And finally, any number of inventory holding locations from which physical inventory can be pulled to fulfill customer orders. Leveraging and optimizing the use of these options and assets is crucial for businesses seeking to profitably deliver on their order promise.
With our rules-based, event-driven, AI-infused fulfillment optimization engine, we make it easier than ever to connect to any of these enterprise applications via simple API interfaces. The result is that companies can quickly connect their existing order management systems, such as ERP and WMS, and extend these with our pre-built partner connectors. By giving businesses this unprecedented flexibility, Intelligent Order Management plays a pivotal role in digitally transforming the supply chain while also making supply chains more resilient.
Learn more in our recent e-book: The Savvy CSCO’s Guide to Transforming Order Management.
Last month we introduced our new integration with ShipStation. This month, we want to look at how ShipStation is used within Intelligent Order Management with a simple walkthrough.
Learn more in our recent blog post: Dynamics 365 Intelligent Order Management accelerates adaptability.
For those who haven’t had an opportunity to check out the recent blog above, ShipStation is a cloud-based e-commerce shipping platform specializing in creating shipping labels. With ShipStation, users can automatically import all e-commerce orders, create labels with discounted rates, send out shipping notification emails to customers, and send shipment details back to the order source. By integrating ShipStation with the Intelligent Order Management platform, users can bring all their carriers and order sources together within one unified solution.
When an order is received and ShipStation is selected for use, carrier service and delivery timeline information from ShipStation are captured in real-time by Intelligent Order Management to provide users with visibility of the shipment details.
The following screenshot shows the ShipStation information integrated into the Intelligent Order Management application. As you can see, Intelligent Order Management gives you visibility into the full details on the creation of the fulfillment order, including its unique timeline, which is added as a map to show how the delivery route looks.
In the screenshot below, you can see that ShipStation has also generated a tracking number that is automatically shown in Intelligent Order Management.
And the shipping label is also available from a single click without ever leaving the application, as shown below.
The label information generated by ShipStation is then passed back to the warehouse, which receives the pick list of items that need to be shipped to fulfill the order.
By combining new partner connectors like ShipStation with our fulfillment optimization engine, users of Intelligent Order Management can fulfill orders better, faster, and cheaper than ever before.
Organizations that ship direct-to-consumer need technology solutions to have end-to-end visibility into their supply chains, which will help them to achieve supply chain resiliency. A central part of a supply chain digital transformation is an order management solution with a fulfillment optimization engine. Dynamics 365 Intelligent Order Management comes with a powerful fulfillment optimization engine that allows companies to simplify the complexity of managing numerous orders, fulfillment, and inventory sources. On top of this, we have added new provider connectors such as ShipStation so that companies can act before orders become late, gain access to discounted shipping rates, and offer customers greater visibility into order delivery status with email notifications.
If you would like to discover how you can turn order fulfillment into a competitive advantage and enhance your customers’ experience, you can get started today with a free trial of Dynamics 365 Intelligent Order Management or check out our recent webinar to learn more.
1The Economist Intelligence Unit. Putting customers at the centre of the OEM supply chain. 2019
The post Dynamics 365 Intelligent Order Management enables fulfillment optimization and supply chain resiliency appeared first on Microsoft Dynamics 365 Blog.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article was originally posted by the FTC. See the original article here.
For-profit colleges sometimes use overblown — or flat-out false — promises to attract new students and their money. The FTC is ramping up its efforts to stop shady practices on campus. The Commission is sending a Notice of Penalty Offenses to the largest 70 for-profits, warning them that the FTC will not stand for unfair or deceptive practices.
Why the heads-up? Under federal law, the FTC may put companies on notice that some practices have been found to be unfair or deceptive in administrative cases with final cease and desist orders, other than consent orders. If a company knows about (the law says has “actual knowledge” about) the orders and uses those same deceptive marketing tactics, the FTC can sue the company in federal court for civil penalties. The Notice outlines those prohibited practices: claims about the career or earning prospects of their graduates, the percentage of graduates that get jobs in their chosen field, whether the school can help a graduate get a job, and more. These are just the kinds of information a student would want to know before committing to a program — and it’s exactly how some for-profit schools market their programs.
The FTC has been going after false and misleading claims in education for nearly a century, but fraud in this sector persists. Most recently, the University of Phoenix agreed to a $191 million judgment to settle the FTC’s charges that, to attract students, it used deceptive ads that falsely touted its relationships with and job opportunities at companies such as AT&T, Yahoo!, Microsoft, Twitter, and The American Red Cross. In another matter, DeVry University paid $100 million to settle the FTC’s charges that the for-profit misrepresented the employment and salary prospects of its graduates. Additionally, the Commission has published a guide for vocational schools describing practices that the agency determined are deceptive.
Servicemembers and student veterans are often the targets of schools’ deceptive marketing. For-profit schools have had a strong incentive to enroll veterans because of the education benefits servicemembers can use to pay for college. This has led to aggressive targeting of servicemembers, veterans, and their families. For example, the FTC’s case against Career Education Corporation (“CEC”) charged it with recruiting prospective students using marketers who falsely claimed to be affiliated with the U.S. military, tricking students who were looking to serve their country.
There are tools to help veterans, servicemembers, and all kinds of students navigate the education marketplace and blow the whistle on bad actors. If you have a federal student loan and feel like a school misled you or broke the law, apply for loan forgiveness through the Department of Education’s (ED’s) Borrower Defense to Repayment procedures. If you’re getting started (or re-started), ED’s Opportunity Centers are designed to help prospective students (including people of modest means, first-generation college students, and veterans) apply for admission to college and arrange for financial aid and loans. Find one near you.
Servicemembers: talk with your Personal Financial Manager to get hands-on help with your next steps. And vets can call the VA’s GI Bill Hotline to discuss questions about education benefits: 1-888-GIBILL (1-888-442-4551), or visit the VA site to learn more. Before enrolling, you can find out important information about any school — including whether it’s a for-profit school — at the U.S. Department of Education’s sites, College Scorecard or College Navigator. The FTC’s Military Consumer site also has helpful advice on finding and paying for school.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
This article is contributed. See the original author and article here.
Over the last few years, we have invested heavily in Microsoft Graph to enable developers to access the rich data available in Microsoft 365. Microsoft Graph, along with OAuth 2.0, provides increased security and seamless integration with other Microsoft cloud services.
In August 2018, we announced that we were no longer going to actively invest in Exchange Web Services (EWS) APIs for Exchange Online. We also gave a strong recommendation to start migrating to Microsoft Graph for Exchange Online data access.
Today, we are announcing that we are going to remove the ability to create new EWS apps starting September 30, 2022. We are also announcing the deprecation of the 25 least used APIs of EWS for Exchange Online (as determined by the call volume into the service). We are deprecating these APIs to begin the process of reducing the surface area of the EWS protocol for maintenance and security purposes. Support for these APIs will no longer exist after deprecation.
The list of deprecated APIs is at the end of this post. We will introduce sunset headers in the response for these APIs that are marked for deprecation. As per our deprecation policy, we will decommission these APIs by March 31, 2022.
This set of deprecations is the first in a series of steps we will take as we sunset EWS for Exchange Online. Over time, we will identify additional APIs for deprecation when and where we see adequate parity with Microsoft Graph APIs.
EWS is a legacy API surface that has served us well, but no longer meets the security and manageability needs of modern app development. We strongly urge our ecosystem partners accessing Exchange Online data to migrate to Microsoft Graph APIs.
APIs scheduled for deprecation:
The Exchange Team and Microsoft Graph Team
Recent Comments