This article is contributed. See the original author and article here.
Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability.
There are currently no updates available. Atlassian is working to issue an update. CISA strongly recommends that organizations review Confluence Security Advisory 2022-06-02 for more information. CISA urges organizations with affected Atlassian’s Confluence Server and Data Center products to block all internet traffic to and from those devices until an update is available and successfully applied.
This article is contributed. See the original author and article here.
CISA has added one new vulnerability—CVE-2022-26134—to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.
There are currently no updates available. Atlassian is working to issue an update. Per BOD 22-01 Catalog of Known Exploited Vulnerabilities, federal agencies are required to immediately block all internet traffic to and from Atlassian’s Confluence Server and Data Center products until an update is available and successfully applied.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
This article is contributed. See the original author and article here.
In September 2020, we announced that the next version of Exchange Server would be available in the second half of 2021 via a subscription model and that it would include support, product updates, security updates, and time zone updates. Unfortunately, 2021 had other plans for Exchange Server. In March 2021, we confronted a serious reality: state sponsored threat actors were targeting on-premises Exchange servers.
We strongly believe that close partnerships with security researchers help make customers more secure, so we also launched a security vulnerability bounty program for Exchange Server and other Office Server products via the Microsoft Applications and On-Premises Servers Bounty Program. Individuals across the globe can now receive monetary rewards for submitting security vulnerabilities found in Exchange Server, as detailed on the program web site.
While we continue to focus on security, we are now also ready to share our long-term roadmap for Exchange Server.
Roadmap Update
We have made changes to our Exchange Server roadmap since our September 2020 announcement, and today we’re excited to share those updates with you. We know that customers and partners have reasons to run Exchange Server, and we are committed to supporting them.
We have moved the release date for the next version of Exchange Server to the second half of 2025. The next version will require Server and CAL licenses and will be accessible only to customers with Software Assurance, similar to the SharePoint Server and Project Server Subscription Editions. We will provide more details on naming, features, requirements, and pricing in the first half of 2024.
We will maintain the current support dates for Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019; however, we plan to support the next version of Exchange Server beyond October 14, 2025. We are moving the next version of Exchange Server to our Modern Lifecycle Policy, which has no end of support dates. We plan on continuing to support Exchange Server as long as there is substantive market demand.
Two of the main challenges in previous versions of Exchange Server with respect to upgrading to the next version are that (1) the next version has historically had greater hardware requirements than the previous version, and (2) customers always had to move mailboxes from the old version to the new version. We are addressing these challenges in the next version by introducing the ability to do an in-place upgrade from Exchange Server 2019. This means that you may not have to acquire new hardware or move mailboxes, and that upgrading to the next version will—by design—be much easier than previous upgrades.
With our H1 2022 CU release, we added some new features to Exchange Server 2019 (including one that might allow you to shut down your last Exchange server), we added the hybrid server license at no additional charge, and we’re adding even more features, as detailed below.
Investments in Exchange Server 2019
A key element of the Exchange Server roadmap is our investment plans for Exchange Server 2019, which we are excited to share with you today. Over the coming months and years, we will be adding features to Exchange Server 2019, and we’ll continue to support regulatory and data privacy requirements. Our continued investment in Exchange Server 2019 allows us to deliver improved security, deployment and management capabilities, and reliability—the attributes our customers tell us they need most from Exchange Server.
Security Investments
Exchange servers often contain the most sensitive company data, and they host the company address book, which is why it is critical to protect these servers and this data. So, we’re continuing to focus on Exchange Server security, and we’re making several security-related investments.
Modern Authentication Update
Historically, Exchange Server has used Basic authentication (also known as legacy authentication) for client/server and server/server connections. Basic authentication is an outdated industry standard, and it is imperative for organizations to transition away from it as quickly as possible, to reduce attack surfaces and needless risk.
We have been working to deprecate Basic authentication in Exchange Online, and to transition users to something more secure: OAuth 2.0-based authentication, or what we call Modern authentication. OAuth 2.0 is the industry-standard protocol for authorization.
In about 120 days, on Oct 1, 2022, we’re going to start turning off Basic authentication for specific protocols in Exchange Online for those customers still using it. If you are an Exchange Online or Exchange hybrid customer, be sure to read our latest announcement to learn what you need to do to prepare for this change.
Modern authentication enables stronger authentication features, like multi-factor authentication (MFA), smart cards, certificate-based authentication, and third-party security identity providers. Among the many benefits and improvements in modern authentication is that it helps mitigate the security issues with Basic authentication. For example, enabling Modern authentication is an important step toward protecting your organization from brute force and password spray attacks.
We’ve also enabled Modern authentication for all Exchange Server customers in hybrid environments:
In September 2017, we shared our roadmap for adding Hybrid Modern Authentication (HMA) support to Exchange Server.
In December 2017, we announced the availability of HMA for Exchange Server 2013 and Exchange Server 2016 hybrid deployments.
In February 2019, we released Exchange Server 2019 CU1, which added support for HMA.
In October 2020, we added support for Modern authentication to the Microsoft Remote Connectivity Analyzer.
In May 2022, we announced that our public folder migration scripts now support Modern authentication.
In June 2019, we said that we would not be adding support for Modern authentication to pure on-premises Exchange environments, and that HMA would be our only solution for Exchange Server customers.
Today, we want to provide you with an update on that. We know the HMA requirement for cloud-based authentication in on-premises environments places a burden on some customers, and simply isn’t possible for others.
So, we are excited to announce that, in a reversal of our June 2019 announcement, we are working to add Modern authentication to pure on-premises Exchange Server environments (e.g., no cloud or hybrid). We expect to share our timeline for Modern auth support for each Outlook client later this year.
Support for TLS 1.3
We recently introduced support for Exchange Server 2019 on Windows Server 2022. By default, Windows Server 2022 uses Transport Layer Security (TLS) 1.3, which encrypts data to provide a secure communication channel between two endpoints. TLS 1.3 eliminates obsolete cryptographic algorithms, enhances security over older versions, and aims to encrypt as much of the handshake as possible.
While Exchange Server 2019 supports Windows Server 2022, we’re still working on adding support for TLS 1.3. We expect to support TLS 1.3 in Exchange Server 2019 next year.
Software Update Dashboards for Exchange Online and Exchange Server
Keeping Exchange Server current is a critical security practice, so we’re also making investments to help you stay current with the latest updates for Exchange Server.
Later this year we are introducing a new experience in the Microsoft 365 admin center for viewing the update status of Exchange servers in hybrid environments. This new experience is designed to show admins which Exchange servers need updates, and which servers are approaching or at the end of support.
This experience provides a view of on-premises Exchange servers that is curated using data from multiple sources, such as data customers opt-in to sending to us, data in the Microsoft Online Services processing logs, and publicly available data, such as DNS records.
A similar experience is expected to be added to Exchange Server 2019 early next year.
Exchange Emergency Mitigation Service Rollback
The Exchange Emergency Mitigation Service (EEMS) we added to Exchange Server last year helps keep your servers secure by applying mitigations from Microsoft to address any potential threats against your servers. EEMS is a built-in version of the EOMT that provides protection against security threats that have known mitigations.
After a mitigation applied by EEMS is no longer required, an admin can manually roll back that mitigation. To simplify the process, we’re developing a PowerShell script that admins will be able to use to remove any mitigations that are no longer needed. We expect to release the script next year.
Deployment and Manageability Investments
We know that Exchange Server updates can be complex to deploy for some customers, especially in environments without dedicated Exchange admins or IT staff. We are working to ease these challenges by enhancing Setup to preserve custom config settings, and we’re continuing to work to improve the Hybrid experience by addressing common customer pain points.
Custom Configuration Preservation
We understand that it’s very common for admins to customize their Exchange server settings after Setup has successfully completed. For example, admins often configure client-specific message size limits. These customizations are made in web.config, sharedweb.config, and other files on the Exchange server. One of the challenges for admins is that each time a CU is installed, their customizations are overwritten by Setup. Today, admins need to backup these files and restore them after each CU.
To address this issue, we’re working on changing Setup to preserve these customizations after a CU is installed. We hope to release these changes in the H2 2022 CU or the H1 2023 CU.
Hybrid Experience Improvements
To help admins manage hybrid environments, we’re making even more changes to the Hybrid Configuration Wizard (HCW). Today, the HCW performs several tasks, including configuring the Federation Trust, updating connectors and email address policies, and configuring endpoints and OAuth between on-premises and Exchange Online. After the wizard has completed its tasks, admins often customize the environment.
During a re-run of the HCW, most of the first-time configuration tasks are not required. But since the HCW doesn’t allow skipping steps, custom configurations made after the first HCW run can be lost, possibly leading to a bad hybrid state.
To address this issue, we’re modifying the HCW to allow an admin to choose the steps to perform and skip unnecessary ones. We expect to release an updated HCW with these changes later this year.
MEC features experts from Microsoft and the Exchange community talking about Exchange Online, Exchange Hybrid, and Exchange Server. This is a free technical airlift for IT pros that work with Exchange day-to-day, and developers who create solutions that integrate with Exchange.
Feedback Forums for Exchange Server and Exchange Online
Your feedback matters to Microsoft, and we have a lot of ways for you to share it with us. In the past, Exchange customers and partners used a platform called UserVoice for community driven feedback, but we moved off that platform last year.
Last year we also announced the Microsoft Feedback Portal, which provides a new community feedback experience from Microsoft. Built on Dynamics 365 Customer Service, Feedback is where users can go to provide feedback on popular Microsoft apps and services in one place.
Today, we’re excited to announce the availability of two new Feedback forums for Exchange:
We’re always striving to better serve our customers and partners. You can directly influence change at Microsoft by sharing your feedback. We look forward to hearing from you.
Exchange Server Technology Adoption Program Open Enrollment
Today, we’re also announcing open enrollment for the Exchange Server 2019 Technology Adoption Program (TAP) for customers and partners! The TAP is designed to validate Exchange Server updates by having customers and partners test deployments of pre-release builds of Exchange Server in lab, production, and development environments.
If you are interested in early (pre-release) access to Exchange Server 2019 builds, we invite you to join our TAP. You can find out how to sign up at Exchange TAP Announcement.
As we said earlier, we know that customers have reasons to run Exchange Server, and we are committed to supporting them.
Our guidance for customers who run Exchange Server is to move to Exchange Server 2019 now.
Exchange Server 2019 already includes several features not available in previous versions, including:
Support for Windows Server 2022 and Windows Server Core
Client/server connections use TLS 1.2 by default
New search infrastructure based on Exchange Online
Modern hardware support
Improvements in calendaring, client experience, compliance (in-place archiving, retention, eDiscovery), data loss prevention, and performance and scalability
Exchange Management Tools update that eliminates the need for Exchange Servers used only for recipient management purposes
The latest hybrid experience updates, including support for using MFA-enabled admin credentials with Hybrid Agent cmdlets
Soon, Exchange Server 2019 will include support for TLS 1.3, Modern authentication, and more, and it will provide the smoothest and easiest path to the next version of Exchange Server in 2025.
Upgrading to Exchange Server 2019
You can use the Exchange Deployment Assistant (EDA) at https://assistants.microsoft.com/exchangedeployment to upgrade from Exchange Server 2013 and/or Exchange Server 2016 to Exchange Server 2019. The EDA is a web-based tool that asks you a few questions about your current environment and then generates a custom step-by-step checklist that will help you deploy Exchange Server 2019, the smoothest and quickest path to the future.
Before you deploy Exchange 2019 in your organization, you need to do some careful planning, so be sure to carefully review the information provided by the EDA.
If you are planning an Exchange hybrid environment, be sure to review Exchange Server hybrid deployments and the accompanying information.
Scott Schnoll Senior Product Marketing Manager Exchange Online / Exchange Server
CISA encourages organizations to review the latest update to AA22-138B and update impacted VMware products to the latest version or remove impacted versions from organizational networks.
This article is contributed. See the original author and article here.
This June 6 to 7, 2022, we are excited to attend and exhibit in person at the Gartner CFO & Finance Executive Conference. The conference provides a forum where leading finance professionals gather to network, share best practices, and prepare their teams for an autonomous future. Today’s chief financial officers (CFOs) allocate 80 percent of new investment dollars for digital growth.1 Clearly, despite the challenges of the past two years, organizations continue to invest heavily in digital transformation.
Changing market and environmental conditions, varying from recession threats to technology innovations like the digital twin, impact finance professionals and the organizations they lead. To remain competitive and successful post-pandemic, CFOs need exposure to fresh thinking and timely insights in order to digitally elevate their platforms and drive the finance function forward to an increasingly autonomous future. This year, a central aim is to help CFOs leapfrog ahead on their digital journey by understanding what successful teams are and are not building, buying, and borrowing in the market.1
At the Gartner CFO & Finance Executive Conference, Microsoft will showcase how Dynamics 365 Finance helps organizations bring the future of finance into focus. We will cover how to:
Adapt faster by designing a digital roadmap that stays ahead of evolving business models.
Work smarter by balancing maximum profitability with accelerated growth.
Perform better at your business innovation and transformation initiatives.
To see how successful organizations are using digital platforms to innovate and grow, register to attend our June 6, 2022 session from 11:45 AM to 12:15 PM Eastern Time (details below).
Microsoft: The CFOs role in balancing business model innovation with growth acceleration
With global market volatility threatening profitability, CFOs must drive growth and innovation initiatives while accelerating margin improvement. Successful CFOs are continuing to push the limits of business model innovation across the entire operations experiencefinancial (the way you capture value), operational (the way you deliver value to your customers), and organizational (the way you align people to impact). Join us at our event session to hear how top business model innovation trends and technology can help you embrace disruption while keeping the focus on financial excellence.
The strategies we cover will also require solutions that reinforce decision-making with real-time data, predictive analytics, and additional AI capabilities, all of which help:
Future proof your business.
Innovate across the entire operations experience.
Facilitate and propel new business model trends.
Predict and gain insights through AI-driven analytics.
One way that Microsoft is helping organizations leverage AI to improve business insights for finance leaders is through our recent acquisition of Suplari. Suplari’s AI capabilities allow companies to:
Make comprehensive enterprise spend data and insights available to all.
Unlock new financial insights to help with strategic procurement decisions.
Get up and running with predictive insights in weeks, not months.
You can speak with Microsoft executives at our booth to discuss how Dynamics 365 drives digital growth and initiatives while accelerating margin improvement. Also, scan your badge at the kiosk to participate in the Microsoft Surface Headphones giveaway.
See you at the Gartner CFO & Finance Executive Conference
We hope to see you and your team at the conference and that you check out our session and visit our booth.
If you are unable to make it this year but are still interested in learning strategies that help you realize new product and service-based revenue streams, check out our comprehensive e-book, The Futurist CFO’s Guide to Business Model Innovation.
This article is contributed. See the original author and article here.
The “changing technology landscape” has become a common trope when discussing the cloud. I understand whyit helps contextualize the disruption and advancement we’re experiencing. But you know as well as I do, this “change” has happened. The on-premises solutions and infrastructure you built your business on, though once state-of-the-art, are now less adaptable, less useful, and less secure by the day.
Elasticity, scalability, and accessibility have never been more important, especially as new disruptions continue to test organizations, solutions, and processes alike. Moving to the cloud should be a business priority. Like any large project, it should not happen overnight. Build a plan, prepare your organization, and take manageable steps.
Start by understanding the Microsoft Dynamics 365 Power of the Cloud and the benefits it offers. Challenge the legacy thinking and misconceptions within your organization on whether your on-premises enterprise resource planning (ERP) or customer relationship management (CRM) can deliver on future needs and expectations. Don’t let nostalgia hold you back.
1. Good enough is no longer good enough
The first, and most common thing some business leaders say is, “What we have works just fine.” This can be especially true of customers in the finance and operations spaces, those utilizing Dynamics AX or other on-premises ERP solutions.
The idea of change or adopting something new can trigger this “good enough” reaction. The problem, of course, is that “good enough” masks complacencybecause it maintains the familiar. Within business, complacency is often the death of innovation and growth. Though some leaders still insist their on-premises solution is getting the job done, it’s becoming increasingly clear that the competition is using the cloud to accelerate growth.
Dynamics 365 customers are taking advantage of data integrations, out-of-the-box functionality, plus advanced machine learning and predictive analytic capabilities to optimize legacy processes in real time, outpacing, outmaneuvering, and out-earning their on-premises peers.
2. Your needs are not as unique as you think
Another barrier to migration is the idea that your organizational needs are unique. This claim is common among on-premises organizations whose solutions have been heavily customized over the years, often addressing specific, point-in-time business needs.
Migration can enable an organization to eliminate cumbersome customization and their underlying expenses, infrastructure, and processes. Often what a customer views as a “unique” situation is less about the specialized needs of a given IT environment and more about what is perceived to be proprietary and a limited understanding of what is possible in the cloud.
Moreover, Microsoft works hard to advance our cloud solutions and ensure agility and adaptability to meet modern business requirements. Moving to the cloud is no small decisionthese are large technology projects that take planning and resources. While customizations do add complexity, these modifications should not preclude you from moving to the cloud. Out-of-the-box functionality; low-code, no-code; code-extensions; and ISV applications often eliminate the need for your legacy customizations.
Dynamics 365 offers flexibility and scalability designed to grow with customers’ businesses, allowing them to manage their organizations with unified data in real time.
3. Siloed doesn’t ensure security or compliance
Data preservation is a concern for most organizations. Vulnerabilities within your IT infrastructure and processes can leave systems susceptible to external threats and exploitation. Due to media mentions, many organizations believe the cloud is not safe.
The impenetrable solution is a myth, driven by the misconception that most attacks originate from outside an organization. No doubt traditional on-premises data solutions have been the stalwart cornerstone of many businesses’ IT operations. This firewall thinking served us well for a time. Not anymore. The threats have changed. On-premises solutions are reliant on existing policies, technology, and softwarewhich may or may not be up to datealong with their IT staff ensuring that the latest security processes and protocols are being maintained.
Within a modern cloud based solution, customers are able to take advantage of a Zero-Trust security framework. Zero Trust assumes potential threats have already “breached the gates.” Microsoft is proactive in verifying and reverifying credentials and authentications to minimize risks and threats.
Consider that cloud-based systems have millions of programs designed to check and update customers’ systems, creating backups and adjusting to current conditions, while on-premises solutions are reliant on IT staff to do those things individually. When measured against the increasing sophistication, speed, adaptability, and sheer criminal organization of cyber-attacks, it is nearly impossible for any company to protect itself in a siloed, non-cloud environment. Microsoft Cloud solutions regularly provide localized compliance, security, and governance updates. This translates into greater institutional and organizational efficiency and cost savings, allowing your teams and IT staff to focus on other projects and strategic priorities aligning to growth, leaving the security “burden” on Microsoft.
Your business resiliency may depend on when and how you adopt cloud functionality
Migrating to the cloud makes sense for efficiency and growth62 percent of companies that have migrated to the cloud reported an increase in customer satisfaction. Migrating to the cloud makes sense for customization and adaptabilitycompanies that have transitioned to cloud solutions reported a 44 percent increase in the speed of new product launches due to utility and specialized tools available to them. Migrating to the cloud makes sense for security and reliabilitycompanies that have transitioned to the cloud reported a 60 percent reduction in security incidents compared to their on-premises solutions.
Bear in mind that the benefits of the cloud can only fully be realized through successful migration, and Microsoft has developed the tools, resources, and expert support to help companies make the move in a quick, efficient, and cost-effective way.
Recent Comments