Archive for the ‘SharePoint and EPM’ category

Microsoft Kaizala – secure mobile chat app for the U.A.E. mobile enterprise -ask Synergy Software Systems

November 21st, 2018

What is Microsoft Kaizala?
A disconnected value chain hinders productivity, slows down decision making, prevents the ability for insights to surface from the field, and creates potential for customer dissatisfaction. Today’s workplace extends well beyond organizational boundaries, and there is an increasing need to connect your entire business value chain, including your Firstline workers, vendors, partners, suppliers, and customers..

Today, consumer messaging apps are often used between people across the value chain, but this poses security, privacy and compliance risks to company data. Microsoft Kaizala aims to solve a lot of these challenges, especially in mobile-first, developing markets.

Microsoft Kaizala is a simple and secure mobile chat app for work, with easy sign-up using just a phone number.
It enables networks of people to connect and coordinate work across their roles, spanning Firstline workers, vendors, partners, suppliers, customers, and citizens. Many organizations are already doing amazing things with Kaizala.

Communicate across dynamic networks: Kaizala supports diverse group types such as: hub and spoke, hierarchies, and public groups – which model the
communication needs of your organization. Use it to connect with your customers and partners or your Firstline workers. Temporal and geo-fenced groups make the set-up and discovery of groups easy, and large group size of up to 1 million users enables scenarios such as government-to-citizen communication.

Digitize business processes to coordinate work and gather field insights: Across every business, there is valuable data that originates at the front lines and out in the field, from sales metrics, to customer experience and operational insights. The problem is that much of it is either still paper-based or not getting recorded at all. Kaizala makes it. Gather field insights in mobile-first, dynamic environments with built-in actions such as surveys, polls, jobs and more.

Integrations with Office 365 services such as Power BI and Microsoft Flow allow you to quickly build customizable business workflows that use Kaizala’s chat interface. Kaizala allows you to integrate with existing applications and systems so you can connect your business end-to-end and digitize manual, paper-based procedures.

The built-in reports on the management portal let you visualize and analyse the data – giving you real-time insights into your business and helping drive day to day efficiencies. You can also build custom cards to support your line of business tasks using Kaizala aggregation service.

Manage and secure your data: Kaizala is served from the hyperscale global network of Azure datacentres and data is encrypted at rest and in-transit. Advanced IT administration capabilities with the Kaizala management portal allow business owners to view reports, create and manage groups, define group policies etc. Kaizala supports key compliance standards such as ISO 27001, SOC2, HIPAA, GDPR and more.

How do I get access to Kaizala?
Customers that are currently licenses on Office 365 and Microsoft 365 Business products (Office 365 Business Essentials, Office 365 Business, Office 365 Business Premium and Microsoft 365 Business) in eligible 28 markets* will be able to utilize Microsoft Kaizala starting mid-November.

Kaizala is now turned on by default in these products, with the ability for tenant administrators to opt out. A more detailed on the communications timeline is found below:
• Communications sent to tenant administrators letting them know about the Kaizala backfill (end October)
• Message Center Admin comms (11/5)
• Blog post on the Kaizala Microsoft Tech Community, outlining the product value prop, availability with Office 365 and how to access the product
• Kaizala backfilled in SMB tenants (Mid-November)

What next?
Contact your UAE Microsoft 365 partner Synergy Software Systems 0097143365589
Download the Kaizala mobile app for free from Google Play Store or App Store

ROI On Microsoft Dynamics

November 14th, 2018

what’s the true return on investment (ROI) for an average Dynamics 365 deployment?”

Thanks to a newly released independent analysis from Nucleus Research, we can reveal the answer:

For every dollar spent, companies realize an average of $16.97 in returns.

According to the report summary, “this is significantly higher than the average for both enterprise resource planning (ERP) and customer relationship management (CRM), which deliver, on average, $7.23 and $8.71 respectively. Nucleus found that companies taking advantage of Microsoft’s investments in cloud and usability, as well as integration and analytics, were able to achieve significant returns by increasing productivity and revenues and reducing costs.”

The report dives in the value drivers for the cases, and revels that the common elements to the financial success of deployments include:

• The ability to integrate Microsoft solutions with existing applications and data sources
• The enablement of new lines of business, such as cross-selling and up-selling with field service
• A focus on a standardized, easy-to-use user interfaces—the familiar Microsoft look and feel that can help speed up onboarding and user adoption
• Cost savings and greater innovation realized by deploying cloud-based Microsoft business applications
• The focus on improving user productivity by automating, or standardizing, repeatable manual processes

The report is a fascinating read that we invite you to explore on your own. If you are interested in investing in the modern Dynamics enterprise system system then contact Synergy Software Systems and we will send you a copy.

0097143365589

End of Support for SQL Server 2008 and 2008 R2 on July 9, 2019

November 2nd, 2018

End of Support for:
- SQL Server 2008, and 2008 R2, on July 9, 2019
and
- Windows Server 2008, and 2008 R2, on January 14, 2020

Risks with an outdated data platform include:
• Non-compliance with GDPR and other market standards
• Exposure to unexpected attacks and security breaches
• Higher costs and inefficient data management
• Incompatibility with modern releases of business applications
• Missed opportunities for innovation and business intelligence

Options:
Upgrade to SQL 2012 or 2017
Ask us about our Advanced SQL database tools – and our special discounted bundled price offer to year end to support GDPR compliance.

Migrate to the azure cloud platform
If it also time to upgrade your servers then now might be a good time to look at a move to the cloud.

Azure Hybrid Benefit
• Save up to 40% on windows Server with Azure Hybrid benefit
• Save up to 55% on migration to Azure SQL database with Azure hybrid benefit
• Go at your own pace – move a few workloads or entire datacenters
• Maximize your investment in Microsoft software.

Paths to Upgrade and Stay Protected
Migrate apps to Azure VMs: get free extended security updates for Windows Server 2008 and 2008 R2 VM’s for 3 years after deadline.

Migrate Data to Azure managed instances or VMs
Azure SQL Database Managed Instance offers a version-free option.
Get free Extended Security Updates for SQL Server 2008 and 2008 R2 in Azure VM’s for three years after the deadline

Modernize when ready
Upgrade in Azure when ready
Or transform apps and data with Azure services

To reduce the cost of on premise servers ask about our Firewall Solutions that provides may other integrated features. Reduce the number of servers needed and the cost of supporting multiple server systems, vpn, sms, ftp, anti virus, and more all in one solution.

To discuss your options contact Synergy Software Systems a Microsoft partner since 1993.
If you are considering a Microsoft Dynamics solution on the cloud then when comparing costs do’t forget that the subscription includes not only the hardware platform but also the significant cost savings of the database, Windows server, and firewall and anti-malware software licenses, but also the savings in server rooms and electricity boils both to power the servers and the server room air conditioning. Nor is there any extra cost is for license enhancements fee for continuous upgrade versions of the ljcences. That also redcues yoru GDPR compliance challenges.

If your SQL database, or your servers, or your Windows Server licenses are due for renewal, or its time to move an any time anywhere, any device new business system then call Synergy Software Systems to discuss your options

Microsoft partner since 1994
Dynamics Partner since 2003

SQL 2014 SP3 now released

November 1st, 2018

Fixes include:

• Less TempDB contention
• Improved memory grant diagnostics using Extended Events
• Trace flags show up in query plans
• Wait stats, CPU time, elapsed time show up in query plans
• Query_hash and query_plan_hash data types now match between XE and DMVs
• Scalar UDF stats show up in query plans
• Row goals show up in…oh, you get the point
• Unified showplan schema for all supported versions
• MAXDOP hint for creating and updating statistics
• Faster restores on disks with 4K sectors

Microsoft Ignite agenda insights to the future road map

August 14th, 2018

Microsoft recently published the session list for its annual Ignite IT Pro conference happening at the end of the September. Alook at the topcis gives a clue to its roadmap. There sessionson on the next version of SQL Server. Surface Hub 2 and Surface Go with LTE, Intune and Windows Autopilot, Windows Server 2019. New Remote Desktop services.

Last year, Microsoft used Ignite to highlight AI, intelligent edge and its futuristic quantum-computing technologies but overall the listed sessions, look more down to earth. There are two mixed-reality sessions — including “Visio Immersive,” Almost 100 listed sessions touch on AI . At Inspire Microsoft told partners the “AI Accelerate Kit”would be coming in October and include AI use cases, best practices and “Ethical AI” guidance so that seems lilley to be included.

At Ignite Microsoft will again focus on Microsoft 365,- the bundle of Windows 10, Office 365 and Intune security/management technologies.

Expect to a lot of Dynamics 365 CRM and ERP content — because October is when the next feature update will arrive for the suite of Dynamics products.

There seems to be more developer content: . ASP.NET, Visual Studio Code and Visual Studio 2017, Node.js, and sessions on linux and Docket containers, Progressive Web Apps and MSIX, the new Windows 10 application-packaging technology Microsoft is rolling out.

There are 115 sessions listed for SQL Server /Azure SQL. Mayeb we will get an insight into the successor to SQL Server 2017 — codenamed “Aris,” which is currently in private Community Technology Preview testing.

Microsoft wil lalso show the new the Surface Hub 2 and Surface Go.

Expect Windows Server 2019, Microsoft’s next major release of Windows Server, to be a hot topic -it’s due to start roll out before year end.

https://www.microsoft.com/en-us/ignite

https://www.microsoft.com/en-us/ignite/faq

September 24–28, 2018 | Orlando, Florida

SQL Server 2016 SP2 CU2, SP1 CU10

July 18th, 2018

Fixes and improvements:
• DAG improvement – automatically seed replicas – when you add a database to an existing AG, SQL Server can automatically seed it across the secondary replicas. .
• AGs – configurable session_timeouts
• AGs – slow transactions with 1 sync and 1 async secondary
• AGs – on cross-data-center AG failover, you get a non-yielding scheduler and a crash
• AGs – queries on secondary take twice as long
• AGs – VSS backups fail on secondary replicas in a Basic Availability Group (which technically you’re not supposed to do, but you can still back up the entire secondary VM, and that’s where the problem looks like it’s coming in)
• AGs – fixing error 19432 for duplicate log blocks
• Log shipping – add support for Transparent Data Encryption by configuring MAXTRANSFERSIZE.
• Dynamic data masking doesn’t
• SSAS crashes when Process Full follows Process Clear –“you will notice that the SSAS may crash.” .
• Memory dump when you merge partitioned temporal tables .
• Stats updates can get a “corrupted index” message and a disconnect
• Assertion error when you add a database
• Slow performance when Query Store is enabled
• Non-yielding schedulers require a reboot – not the most informative KB article ever. “Assume that you have a Microsoft SQL Server 2016 installed.” .

See KB articles for more information . Download SQL 2016 SP2 CU2 and/or SP1 CU10.

https://support.microsoft.com/en-us/help/4341569/cumulative-update-10-for-sql-server-2016-sp1

End of life for SQL 2008 and 2008 r2 is only a year away

July 14th, 2018

On July 9, 2019, Microsoft will end Extended Support, for SQL Server 2008 and 2008 R2hich means no more updates or support of any kind, potentially leaving you vulnerable to security and compliance issues.
Some considerations:
That is only a year away. So time to start planning and to get it into your 2019 budget.
What applications are affected? With what new SQL version are they compatible?
Will you need to rebuy licenses? The SQL license cost is now core based and it might prove lot higher than last time so take the time to consider all options.
Should any of your applications move to the cloud?
Should you also look at upgrades to Hardware? Windows, Office, Exchange, or Business finance/erp systems in conjunction with SQL?
Is now the time to review your security solutions?
Are you going to expand, or implement heavy new processes like consolidation, budgeting, BI in then next 2-3 years?
Is your mobile network growing?

There are major enhancements at QL 2016 sp1 so we recommend you should not consider any version lower than that. By next year SQL 2017 will also have settled down.

To discuss options callus o 0097143365589

Sharepoint Updates

July 8th, 2018

Idle-Session Timeout Policy
The general availability release of the new Idle-Session Timeout Policy feature, will help businesses to avoid the risk of data leaks and theft.

When devices are left unattended or are shared among multiple users organizations can set timeout thresholds to automatically sign out users when SharePoint Online remains inactive. The Idle-Session Timeout Policy feature is available for both SharePoint Online and OneDrive, ,
Companies that use SharePoint Online tend to keep some sensitive information on the collaboration platform.

Bill Baer, Senior Technical Product Marketing Manager for SharePoint at Microsoft, in a July 2 announcement said:. “Idle session timeout provides [a way for] an Office 365 administrator to configure a threshold at which a user is warned and subsequently signed out of SharePoint or OneDrive after a period of inactivity.”

SharePoint Migration Tool-compatible cmdlets
Administrators can migrating from on-premise to the cloud can now use PowerShell “cmdlets”, or single-function commands, to create, start and add tasks to a migration session, among other actions. The complete list of new SharePoint Migration Tool-compatible cmdlets is available in the online support document.

Page Diagnostics Tool for SharePoint.
SharePoint content renders well on PCs, smartphones and tablets, but some legacy pages can give problems. The Page Diagnostics Tool for SharePoint runs older pages through a set of baseline rules, and e.g. checks for large image sizes, alerts users when it encounters an issue, and points them to a support page to help solve the issue. The Chrome browser extension helps users get to the bottom of performance problems affecting Classic SharePoint pages hosted in SharePoint Online.

SharePoint 2019 – coming soon ask Synergy Software Systems

July 1st, 2018

Microsoft recently announced SharePoint 2019 with lots of new features and capabilities, which are backed by Azure and Artificial Intelligence.

With the release of SharePoint 2019, the new platform provides features from the SharePoint Online world to on-premises users. SharePoint 2019 supports powerful, integrated hybrid scenarios out-of-the-box, and delivers user interface improvements: modern team sites, communication sites, list and libraries, pages, and news.

the SharePoint Framework eliminates major differences between sites on-premises and in Office 365.

The new SharePoint migration tool supports automated migration using PowerShell.

Any device: SharePoint 2019 helps ensure that you have access to the information regardless of the screen by which you access.

Navigation: The SharePoint 2019 navigation model aligns with Office 365.

New sites: Compelling communication and collaboration experiences for both cloud and on-premises.
- Communication Sites, Team News and modern Team Sites to include lists and libraries with broader data mobility. Use the Next Generation Sync Client support for reliable access to documents anywhere, anytime.

Business process improvements: With InfoPath for customising forms, Microsoft added PowerApps and Flow in the cloud. In SharePoint 2019, Microsoft has further improved support for building business processes with PowerApps and Flow.

SharePoint Home: A user can visit SharePoint Home and find all relevant sites or news in one place. Users in SharePoint 2019 will also be able to utilise this feature.

Prepare for cloud: SharePoint 2019, provides for improved hybrid scenarios and support.

Developers: Microsoft rolled out the SharePoint Framework capabilities from SharePoint 2016 via updates. In SharePoint 2019, expect to have SharePoint Framework web parts and extensions available to enable developers to build solutions aligned with a cloud model. This is the recommended path- especially if you are planning to take the road to the cloud soon.

Availability: SharePoint 2019 will be generally available in the second half of 2018. The new Office 2019 contains the well-known Office apps like Word, Excel and PowerPoint as well as the Office server products such as Exchange, SharePoint and Skype for Business. Previews of the new products will start shipping mid-year 2018, the final release will be late 2018.

The SharePoint Server 2019 on-premises version is built on the foundational release of SharePoint Server 2016. The goal is to bring you closer to the cloud and the cloud closer to you.

What you can expect from SharePoint Server 2019 on-premises:
• NextGen OneDrive Sync Client, no support for SharePoint 2016
• PowerApps integration
• Team News and Communication sites, but no Hub Sites
• Modern UI
• InfoPath is still supported

Apply for the SharePoint Server on-premises TAP: https://aka.ms/sptap (Code: SPT232)

“Meltdown” and “Spectre and azure.”

February 10th, 2018

Last month as reported on this blog, Intel revealed two critical vulnerabilities they found in Intel chips. These vulnerabilities allow cyber-attackers to steal data from the memory of running apps. This data can include passwords, emails, photos, or documents. Intel dubbed these as: “Meltdown” and “Spectre.”

Microsoft released a patch for Azure the very next day. Just as well because Microsoft Azure is a shared-computing environment by default. One server hosts applications and development of applications, and various Virtual Machines tap into the server to allow employees to and others to access these applications. As such, the Meltdown vulnerability allows an attacker to compromise the host and read all the data from every operating system tapping into it. Around 3-10 million physical servers host Azure, and these servers in turn host tens of millions of Virtual Machines. So impressively Microsoft developed deployed a patch for these vulnerabilities in less than a week’s time. Azure is a cloud-based application and so Microsoft could focus their security team to work on the cloud servers and only the cloud servers. This way, these millions of servers and users had a patch and all applications hosted on the Azure cloud-platform were immediately protected.

A good business case example for business to move to Azure cloud services.

Malware developers are still out there. German antivirus testing firm AV-Test reported 139 samples of malware trying to attack the Meltdown vulnerability in January to exploit those who have not patched.

Microsoft patched their cloud servers, but non-Azure users (as well as all Windows users, period) still need to apply their operating system patches to ensure complete protection. This is one vulnerability you definitely don’t want cyber-attackers to exploit, whether it’s your personal computer or your business’s server.

SQL version – when should you upgrade – ask your Dynamics U.A.E. Partner, Synergy Software Systems

December 23rd, 2017

SQL Server for many years on a two-year release cycle. SQL Server 2017 arrived less than 18 months after SQL Server 2016 became available.

Since 2005 each release of SQL Server brings exciting new features and improvements to existing capabilities. Many organizations are running instances that are several versions of SQL Server behind.

To keep up with the latest SQL Server versions is a challenge, but risks losing mainstream support and missing out on beneficial features. Often database administrators must support multiple versions at once, and consultants face an even greater range of versions across their customers.

Microsoft has not committed to any specific release cadence for ersions of SQL Server. Many clients it seems are still running SQL Server 2008 R2. One reason why companies are hesitant to make the move off 2008 R2 is because of the change to per core licensing. The effort to test and to upgrade is discouraging, but it is best to do this on a planned basis than a reaction to a crisis..

It was a painful experience to upgrade from SQL Server 2000, but the compatibility gap between versions is much narrower once past 2005. To make upgrading easier, provides a tool called The Upgrade Advisor for each new version that will spot issues and provide a chance to resolve them before starting the upgrade process. Virtualization also makes setting up testing environments much simpler and quicker.

With each new version there are enhancements to T-SQL, improved availability and disaster recovery functionality, more security options, and additional ways to get better performance. 2016 service pack 1, was a game change – many previously Enterprise only features were ported down to more affordable editions.

Another consideration is support. It doesn’t take long to reach the end of mainstream support. SQL Server 2008 R2, for example, has been out of mainstream support since 2014. While it’s still in extended support, which will ensure security hotfixes, other support features are available only on a paid basis.

When you look at erp upgrades it makes sense to also review your SQL upgrade plans.

Inside a Microsoft cloud data centre with Synergy Software Systems

November 22nd, 2017

Get the reach and local presence you need with Microsoft’s global datacenters – https://azure.microsoft.com/en-us/regions/ Azure is generally available in 36 regions around the world, with plans announced for 6 additional regions.

Go beyond the limits of your on-premises datacenter using the scalable, reliable infrastructure that powers the Microsoft Cloud.

Transform your business and reduce maintenance costs with an energy-efficient infrastructure spanning more than 100 highly secure facilities worldwide, linked by one of the largest networks on earth.

The engine that powers Microsoft’s cloud services, the is designed to support smart growth, high reliability, operational excellence, cost-effectiveness, environmental sustainability, and a trustworthy online experience for customers and partners worldwide.

Microsoft deliver the core infrastructure and foundational technologies for Microsoft’s over numerous online businesses including: Dynamics 365, Power Bi, Cortana analytics, IoT, Bing, MSN, Office 365, Xbox Live, Skype, OneDrive and the Windows Azure platform.

The infrastructure is comprised of a large global portfolio of more than 100 datacenters and 1 million servers, content distribution networks, edge computing nodes, and fiber optic networks.

The portfolio is built and managed by a team of subject matter experts working 24x7x365 to support services for more than 1 billion customers and 20 million businesses in over 90 countries worldwide

Those are 2014 figures and the Microsoft cloud has expanded greatly since then for example the acquisition of Linked in and the launch of Dynamics 365.

To help you comply with national, regional, and industry-specific requirements governing the collection and use of individuals’ data, Microsoft offers the most comprehensive set of compliance offerings of any cloud service provider. Microsoft business cloud services operate with a cloud control framework, which aligns controls with multiple regulatory standards (https://www.microsoft.com/en-us/trustcenter/guidance/risk-assessment#Audit-reports)

Argentina PDPA – Microsoft has implemented the security measures in the Argentina Personal Data Protection Act.

BIR 2012 – Agencies operating in the Netherlands government sector must comply with the Baseline Informatiebeveiliging Rijksdienst standard.

Canadian Privacy Laws – Microsoft contractually commits to implementing security that helps protect individuals’ privacy.

CCSL (IRAP) – Microsoft is accredited for the Australian Certified Cloud Services List based on an IRAP assessment.

CDSA – Azure is certified to the Content Delivery and Security Assoc. Content Protection and Security standard.

China DJCP – Azure and Office 365 operated by 21Vianet are rated at Level 3 for information security protection.

China GB 18030 – Azure and Office 365 operated by 21Vianet are certified as compliant with the Chinese character standard.

China TRUCS – Azure and Office 365 operated by 21Vianet obtained Trusted Cloud Service certification.

CJIS – Microsoft government cloud services adhere to the US Criminal Justice Information Services Security Policy.

CS Mark (Gold) – Microsoft received the CS Gold Mark in Japan for Azure (IaaS and PaaS) and Office 365 (SaaS).

CSA STAR Attestation -Azure and Intune were awarded Cloud Security Alliance STAR Attestation based on an independent audit.

CSA STAR Certification – Azure, Intune, and Power BI were awarded Cloud Security Alliance STAR Certification at the Gold level.

CSA STAR Self-Assessment – Microsoft STAR Self-Assessment details how cloud services fulfill Cloud Security Alliance requirements.

DFARS – Microsoft Azure Government supports Defense Federal Acquisition Regulation (DFARS) requirements.

DoD – Microsoft received Department of Defense (DoD) Provisional Authorizations at Impact Levels 5, 4, and 2.

EN 301 549 – Microsoft meets EU accessibility requirements for public procurement of ICT products and services.

ENISA IAF – Azure aligns with the ENISA framework requirements through the CSA CCM version 3.0.1.

EU Model Clauses – Microsoft offers EU Standard Contractual Clauses, guarantees for transfers of personal data.

EU-U.S. Privacy Shield – Microsoft complies with this framework for protecting personal data transferred from the EU to the US.

FACT – Microsoft Azure achieved certification from the Federation Against Copyright Theft in the UK.

FDA CFR Title 21 Part 11 – Microsoft helps customers comply with these US Food and Drug Administration regulations.

FedRAMP – Microsoft was granted US Federal Risk and Authorization Management Program P-ATOs and ATOs.

FERPA – Microsoft aligns with the requirements of the US Family Educational Rights and Privacy Act.

FIPS 140-2 – Microsoft certifies that its cryptographic modules comply with the US Federal Info Processing Standard.

FISC – Microsoft meets the requirements of the Financial Industry Information Systems v8 standard in Japan.

GxP – Microsoft cloud services adhere to Good Clinical, Laboratory, and Manufacturing Practices (GxP).

HIPAA/HITECH – Microsoft offers Health Insurance Portability & Accountability Act Business Associate Agreements (BAAs).

HITRUST – Azure is certified to the Health Information Trust Alliance Common Security Framework.

IRS 1075 – Microsoft has controls that meet the requirements of US Internal Revenue Service Publication 1075.

ISO 9001 – Microsoft is certified for its implementation of these quality management standards.

ISO 20000-1:2011 – Microsoft is certified for its implementation of these service management standards.

ISO 22301 – Microsoft is certified for its implementation of these business continuity management standards.

ISO 27001 – Microsoft is certified for its implementation of these information security management standards.

ISO 27017 – Microsoft cloud services have implemented this Code of Practice for Information Security Controls.

ISO 27018 – Microsoft was the first cloud provider to adhere to this code of practice for cloud privacy.

IT Grundschutz Compliance Workbook – Azure Germany published this Workbook to help our clients achieve IT Grundschutz certification.

ITAR – Azure Government supports customers building US International Traffic in Arms Regs-capable systems.

MARS-E – Microsoft complies with the US Minimum Acceptable Risk Standards for Exchanges (MARS-E).

MeitY – The Ministry of Electronics and Info Technology in India awarded Microsoft a Provisional Accreditation.

MPAA – Azure successfully completed a formal assessment by the Motion Picture Association of America.

MTCS – Microsoft received certification for the Multi-Tier Cloud Security Standard for Singapore.

My Number (Japan) – Microsoft does not have standing access to My Number data, a number unique to each resident of Japan.

NEN 7510:2011 – Organizations in the Netherlands must demonstrate control over patient health data in accordance with the NEN 7510 standard.

NHS IG Toolkit – Azure is certified to the Health Information Trust Alliance Common Security Framework.

NIST 800-171 – Microsoft DoD certifications address and exceed US NIST 800-171 security requirements.

NIST CSF – Microsoft Cloud Services meet the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

NZ CC Framework – Microsoft NZ addresses the questions published in the New Zealand cloud computing framework.

PCI DSS – Azure complies with Payment Card Industry Data Security Standards Level 1 version 3.1.

Section 508 – Microsoft cloud services offer Voluntary Product Accessibility Templates.

Shared Assessments – Microsoft demonstrates alignment of Azure with this program through the CSA CCM version 3.0.1.

SOC 1- Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 2 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

SOC 3 – Microsoft cloud services comply with Service Organization Controls standards for operational security.

Spain ENS – Microsoft received Spain’s Esquema Nacional de Seguridad (National Security Framework) certification.

UK Cyber Essentials PLUS – Cyber Essentials PLUS is a UK government-defined scheme to help organizations protect against common cyber-security threats.

UK G-Cloud – The Crown Commercial Service renewed the Microsoft cloud services classification to Government Cloud v6.

WCAG 2.0 – Microsoft cloud services comply with the Web Content Accessibility Guidelines 2.0.

SQL Server 2012 Service Pack 4 (SP4) is available

October 16th, 2017

SQL Server 2012 Service Packs, Service Pack 4 (SP4). This release of SQL 2012 Service Pack has 20+ improvements centered around performance, scalability and diagnostics to enable SQL Server 2012 to perform faster and scale out of the box on modern hardware design.

SQL Server 2012 SP4 includes all the fixes up to and including SQL Server 2012 SP3 CU10

Security security security

September 26th, 2017

You never know when some item that queries or alters data in SQL Server will cause issues.

Bruce Schneier recently commented on FaceID and Bluetooth security, the latter of which has a vulnerability issue. I was amazed to see his piece on infrared camera hacking. A POC on using light to jump air gaps is truly frightening. It seems that truly anywhere that we are processing data, we need to be thinking (see https://arstechnica.com/information-technology/2017/09/attackers-can-use-surveillance-cameras-to-grab-data-from-air-gapped-networks/)

Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. With BlueBorne, attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities

Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack.

Fully patched Windows and iOS systems are protected

– the Equifax breach for example must worry everyone who has ever had credit in the USA. (Hackers broke into Equifax’s computer systems in March, which is two months earlier than the company had previously disclosed, according to a Wall Street Journal report.)

The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted on the SEC’s website, Chairman Jay Clayton said a review of the agency’s cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system (which processes over 1.7 million electronic filings in any given year.) The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information.

So let me suggest take a good look at your systems and be honest – do you feel safe?

Microsoft has released Microsoft 365, a complete, intelligent solution, including Office 365, Windows 10, and Enterprise Mobility + Security, that empowers everyone to be creative and work together, securely. Watch Satya introduce it.

What about your websites?
Although acts of vandalism such as defacing corporate websites are still commonplace, hackers prefer to gain access to the sensitive data residing on the database server and then to sell the data.

The costs of not giving due attention to your web security are extensive and apart form direct financial burden and inconvenience also risks:
• Loss of customer confidence, trust and reputation with the consequent harm to brand equity
• Negative impact on revenues and profits arising e.g. from falsified transactions, or from
employee downtime
• Website downtime – is in effect the closure of one of the most important sales and marketing channels
especially for an e-business
• Legal battles and related implications from Web application attacks and poor security
measures including fines and damages to be paid to victims.

Web Security Weaknesses
Hackers will attempt to gain access to your database server through any way they can e.g. out of date protocols on a router. Two main targets are :
• Web and database servers.
• Web applications.

Information about such exploits are readily available on the Internet, and many have been reported on this blog previously.

Web Security Scanning
So no surprise that Web security should contain two important components: web and database server security, and web application security.

Addressing web application security is as critical as addressing server security.

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web
attacks.
Since your website needs to be public, security mechanisms allow public web traffic to
communicate with your web and databases servers (i.e. over port 80).

It is of paramount importance to scan the security of these web assets on the network for possible vulnerabilities. For example, modern database systems (e.g. Microsoft SQL Server, Oracle and MySQL) may be
accessed through specific ports and so anyone can attempt direct connections to the databases to try and bypass the security mechanisms used by the operating system. These ports remain open to allow communication with legitimate traffic and therefore constitute a major vulnerability.

Other weaknesses relate to the database application itself and the use of weak or default passwords by
administrators. Vendors patch their products regularly, and equally regularly find new ways of
attack.

75% of cyber attacks target weaknesses within web applications rather than directly at the
servers. Hackers launch web application attacks on port 80 . Web applications are more open to uncovered vulnerabilities since these are generally custom-built and therefore pass through a lesser degree of
testing than off-the-shelf software.

Some hackers, for example, maliciously inject code within vulnerable web applications to trick users
and redirect them towards phishing sites. This technique is called Cross-Site Scripting (XSS) and may
be used even though the web and database servers contain no vulnerability themselves.

Hence, any web security audit must answer the questions “which elements of our network
infrastructure are open to hack attacks?”,
“which parts of a website are open to hack attacks?”, and “what data can we throw at an application to cause it to perform something it shouldn’t do?”

Ask us about Acunetix and Web Security
Acunetix ensures web site security by automatically checking for SQL Injection, Cross Site Scripting,
and other vulnerabilities. It checks password strength on authentication pages and automatically
audits shopping carts, forms, dynamic content and other web applications. As the scan is being
completed, the software produces detailed reports that pinpoint where vulnerabilities exist

SQL Server 2014 SP2 CU7

September 3rd, 2017

The 7th cumulative update release for SQL Server 2014 SP2 is available for download at the Microsoft Downloads site.
Registration is no longer required to download Cumulative updates.

• CU#7 KB Article: https://support.microsoft.com/en-us/help/4032541/cumulative-update-7-for-sql-server-2014-sp2
• Microsoft® SQL Server® 2014 SP2 Latest Cumulative Update: https://www.microsoft.com/en-us/download/details.aspx?id=53592
• Update Center for Microsoft SQL Server: http://technet.microsoft.com/en-US/sqlserver/ff803383.aspx