Category: Microsoft
Category Archives: Microsoft
Excel sheet locked by password but never entered password before
When i open an unprotected excel file and try to edit the sheet, it pops out a window ask for password. I 100% sure that i never set up any protect sheet or other micro function things, just a very standard and normal excel file with standard use. And this happened to another two of my colleagues also. Can anyone help with? Thank you.
When i open an unprotected excel file and try to edit the sheet, it pops out a window ask for password. I 100% sure that i never set up any protect sheet or other micro function things, just a very standard and normal excel file with standard use. And this happened to another two of my colleagues also. Can anyone help with? Thank you. Read More
Windows 11 File Explorer Freezing
Trying to convert our AVD cluster from Windows 10 to Windows 11. We use fslogix with VHDXs on an Azure Storage blob. We have some mapped drives going to an on-prem NAS.
Windows file explorer will become complexity unresponsive. We have tried disconnecting the mapped drives, disabling OneDrive, disabling Widows Search and nothing seems to resolve the issue. Then randomly it will work and then eventually go back to being unresponsive.
Trying to convert our AVD cluster from Windows 10 to Windows 11. We use fslogix with VHDXs on an Azure Storage blob. We have some mapped drives going to an on-prem NAS. Windows file explorer will become complexity unresponsive. We have tried disconnecting the mapped drives, disabling OneDrive, disabling Widows Search and nothing seems to resolve the issue. Then randomly it will work and then eventually go back to being unresponsive. Read More
GPT-4o now available through Azure OpenAI Service
We’re happy to share that Microsoft has recently made GPT-4o available through its Azure OpenAI Service after OpenAI’s announcement of the release of GPT-4o, a new flagship, multimodal model.
This multimodal model integrates text, vision, and audio capabilities, setting a new standard for generative and conversational AI experiences. This is the first time Microsoft is announcing same-day model access as OpenAI.
Want to learn more about GPT-4o in Azure OpenAI? Check out our recent blog post:
Introducing GPT 4o: OpenAI’s new flagship model and Accessibility on Azure OpenAI
Learn, experiment, and deploy:
Check out MS Learn
Try out GPT-4o in Azure OpenAI Service Chat Playground (in preview)
Also, register to attend Microsoft Build 2024. At Microsoft Build 2024 we will continue to share updates regarding GPT-4o in Azure OpenAI Service, as well as other advancements in Microsoft AI services and capabilities.
We’re happy to share that Microsoft has recently made GPT-4o available through its Azure OpenAI Service after OpenAI’s announcement of the release of GPT-4o, a new flagship, multimodal model. This multimodal model integrates text, vision, and audio capabilities, setting a new standard for generative and conversational AI experiences. This is the first time Microsoft is announcing same-day model access as OpenAI.
Want to learn more about GPT-4o in Azure OpenAI? Check out our recent blog post:Introducing GPT 4o: OpenAI’s new flagship model and Accessibility on Azure OpenAILearn, experiment, and deploy:
Check out MS Learn
Try out GPT-4o in Azure OpenAI Service Chat Playground (in preview)
Also, register to attend Microsoft Build 2024. At Microsoft Build 2024 we will continue to share updates regarding GPT-4o in Azure OpenAI Service, as well as other advancements in Microsoft AI services and capabilities.
Read More
Data mapper improvements
This past November, we announced the general availability of our Data Mapper, a tool for developers to perform data transformation tasks inside of Azure Logic Apps. Through customer engagements, we have gathered valuable feedback and are ready to share some enhancement plans to address this feedback. These updates streamline data mapping tasks, rendering your workflow more intuitive and efficient. Let’s explore the new features and discuss how these changes can improve your data mapping experience.
Please let us know what you think in the feedback section. Your feedback helps shape future updates.
Improvements
Create data map
Upload a new schema or select an existing one. The source schema, previously floating, now docks on the opposite side of the destination schema, enhancing visibility.
Map a property to another property
Use drag-and-drop to assign source properties to destinations.
Understand a property type
Hover over a property to discover its data type.
Add a function then map to properties
Function chaining
Address more complex requirements by chaining functions together. Collapse the functions together to save valuable real estate.
Rename functions and add notes
To reduce complexity, we now allow function renaming for clarity and the option to add notes. This prevents confusion and makes editing and reviewing more straightforward.
Reorder source properties
Add static values and reorder properties to refine output at destination
Expand/collapse hierarchy
Support for complex schemas includes starting with nested properties in a collapsed state and expand as required to access deeper properties.
Adjust width of side panel
Modify a side panel’s width to address scaling for deep schema trees.
Search within a schema
Search functionality to discover specific elements
Favorite function
Pin frequently used functions for quick access.
View underlying code
Open the YAML file in read-only mode to read the code that powers the mapping process.
Test map
Select an existing source payload matching your schema type and check whether the mapper yields desired output.
Understand if there has been an error
Easily detect and address errors during mapping
Conditional mapping and looping improvements to follow in next part soon.
Feedback
Please use this questionnaire to provide detailed feedback or file a feature request using the Data mapper tag on our GitHub Issues.
Microsoft Tech Community – Latest Blogs –Read More
Intune Enrollment Issues – Found a workaround but it doesn’t make sense
Hello,
I am curious if anybody else has this issue and knows a fix…
Basically, we had a bunch of these devices that were originally in Intune and working fine. These were Enrolled into Intune via Group Policy. (Note: All devices get automatically converted to Autopilot devices also).
These users eventually got terminated and the devices were removed from Active Directory. Later on, the business decided to re-use these devices. Some were reimaged via WDS, some were just re-added to the domain… long story short none of them will enroll into Intune.
When I looked at the enrollment errors, I got the following error message: This device attempted to enroll via a method not allowed from the device’s Autopilot profile.
I thought it was interesting because we are not even trying to enroll it via Autopilot or even using it in this case as the device was never reset.
I decided to delete a few of them from Autopilot just to see what would happen. Now I get a new error saying: This device can’t be enrolled as a personal device while the platform is Blocked under Device Type Restrictions.
Workaround:
I eventually figured out that if you add someone as an “Enrollment manager”, they can bypass this… so I had a tech sign into some of the devices and they enroll… They just need to switch the primary user back to the new user as it registers as themselves.
What I am confused about is why is it working this way? It wasn’t like this before. Should I allow Windows (MDM) personal devices to be enrolled? If so, how do I actually block true personal devices?
These devices are in AD & Entra and those are the only “Windows” devices we want to be allowed to enroll into Intune, unless they are actually enrolled via Autopilot (resetting) of course.
Also, using Autopilot does work and does enroll the devices without issues.
What I haven’t tested: Keeping the device in Autopilot and having an “Enrollment Manager” sign in
Hello, I am curious if anybody else has this issue and knows a fix… Basically, we had a bunch of these devices that were originally in Intune and working fine. These were Enrolled into Intune via Group Policy. (Note: All devices get automatically converted to Autopilot devices also). These users eventually got terminated and the devices were removed from Active Directory. Later on, the business decided to re-use these devices. Some were reimaged via WDS, some were just re-added to the domain… long story short none of them will enroll into Intune. When I looked at the enrollment errors, I got the following error message: This device attempted to enroll via a method not allowed from the device’s Autopilot profile. I thought it was interesting because we are not even trying to enroll it via Autopilot or even using it in this case as the device was never reset. I decided to delete a few of them from Autopilot just to see what would happen. Now I get a new error saying: This device can’t be enrolled as a personal device while the platform is Blocked under Device Type Restrictions. Workaround:I eventually figured out that if you add someone as an “Enrollment manager”, they can bypass this… so I had a tech sign into some of the devices and they enroll… They just need to switch the primary user back to the new user as it registers as themselves. What I am confused about is why is it working this way? It wasn’t like this before. Should I allow Windows (MDM) personal devices to be enrolled? If so, how do I actually block true personal devices? These devices are in AD & Entra and those are the only “Windows” devices we want to be allowed to enroll into Intune, unless they are actually enrolled via Autopilot (resetting) of course. Also, using Autopilot does work and does enroll the devices without issues. What I haven’t tested: Keeping the device in Autopilot and having an “Enrollment Manager” sign in Read More
Tabs Crash When Using Drop Down Menu in Dev 126.0.2578.1
After updated to Dev Channel build 126.0.2578.1 on macOS 14.4.1 there appears to be a bug where using a drop down menu on a webpage that’s drawn using by the OS (so not something custom to the website) the tab crashes moments later. Reported this bug in-app but anyone else seeing a similar experience?
After updated to Dev Channel build 126.0.2578.1 on macOS 14.4.1 there appears to be a bug where using a drop down menu on a webpage that’s drawn using by the OS (so not something custom to the website) the tab crashes moments later. Reported this bug in-app but anyone else seeing a similar experience? Read More
New Blog | Microsoft Entra Private Access for on-prem users
By Ashish Jain
The emergence of cloud technology and the hybrid work model, along with the rapidly increasing intensity and sophistication of cyber threats, are significantly reshaping the work landscape. As organizational boundaries become increasingly blurred, private applications and resources that were once secure for authenticated users are now vulnerable to intrusion from compromised systems and users. When users connect to a corporate network through a traditional virtual private network (VPN), they’re granted extensive access to the entire network, which potentially poses significant security risks. These challenges have introduced new demands that traditional network security approaches struggle to meet. Even Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.
Microsoft Entra Private Access, part of Microsoft’s Security Service Edge (SSE) solution, securely connects users to any private resource and application, reducing the operational complexity and risk of legacy VPNs. It enhances the security posture of your organization by eliminating excessive access and preventing lateral movement. As traditional VPN enterprise protections continue to wane, Private Access improves a user’s ability to connect securely to private applications easily from any device and any network—whether they are working at home, remotely, or in their corporate office.
Enable secure access to private apps that use Domain Controller for authentication
With Private Access (Preview), you can now implement granular app segmentation and enforce multifactor authentication (MFA) on any on-premises resource authenticating to domain controller (DC) for on-premises users, across all devices and protocols without granting full network access. You can also protect your DCs from identity threats and prevent unauthorized access by simply enabling privileged access to the DCs by enforcing MFA and Privileged Identity Management (PIM).
To enhance your security posture and minimize the attack surface, it’s crucial to implement robust Conditional Access controls, such as MFA, across all private resources and applications including legacy or proprietary applications that may not support modern auth. By doing so, you can safeguard your DCs—the heart of your network infrastructure.
A closer look at the mechanics of Private Access for on-prem user scenario
Here’s how Private Access helps secure access to on-prem resources and applications and provides a seamless way for employees to access the on-premises resources when they’re locally accessing these resources, while ensuring the security of the company’s critical services. Imagine a scenario where an employee is working on-premises at their company’s headquarters. They need to access the company’s DCs to retrieve some important information for their project or make some changes. However, when they try to access the DC directly, they find that access is blocked. This is because the company has enabled privileged access, which restricts direct access to the DC for security reasons.
Instead of accessing the DC directly, the employee’s traffic is intercepted by the Global Secure Access Client and routed to the Microsoft Entra ID and Private Access Cloud for authentication. This ensures that only authorized users can access the DC and its resources.
When the employee attempts to access the private resources they need, they’re prompted to authenticate using MFA. This additional layer of security ensures that only legitimate users can gain entry to the DC. Private Access also extends MFA to all on-premises resources, even those that lack built-in MFA support. This means that even legacy applications can benefit from the added security of MFA. With Private Access, the company has also enabled granular app segmentation, which allows them to segment access to specific applications or resources within their on-premises environment. This means that the employee can only interact with the services they’re authorized to access, ensuring the security of critical services.
Despite these added security measures, the employee’s user experience remains seamless. Only authentication traffic leaves the corporate network, while application traffic remains local within the corporate network. This minimizes latency and ensures that the employee can access the information they need quickly and efficiently.
Read the full post here: Microsoft Entra Private Access for on-prem users
By Ashish Jain
The emergence of cloud technology and the hybrid work model, along with the rapidly increasing intensity and sophistication of cyber threats, are significantly reshaping the work landscape. As organizational boundaries become increasingly blurred, private applications and resources that were once secure for authenticated users are now vulnerable to intrusion from compromised systems and users. When users connect to a corporate network through a traditional virtual private network (VPN), they’re granted extensive access to the entire network, which potentially poses significant security risks. These challenges have introduced new demands that traditional network security approaches struggle to meet. Even Gartner predicts that by 2025, at least 70% of new remote access deployments will be served predominantly by ZTNA as opposed to VPN services, up from less than 10% at the end of 2021.
Microsoft Entra Private Access, part of Microsoft’s Security Service Edge (SSE) solution, securely connects users to any private resource and application, reducing the operational complexity and risk of legacy VPNs. It enhances the security posture of your organization by eliminating excessive access and preventing lateral movement. As traditional VPN enterprise protections continue to wane, Private Access improves a user’s ability to connect securely to private applications easily from any device and any network—whether they are working at home, remotely, or in their corporate office.
Enable secure access to private apps that use Domain Controller for authentication
With Private Access (Preview), you can now implement granular app segmentation and enforce multifactor authentication (MFA) on any on-premises resource authenticating to domain controller (DC) for on-premises users, across all devices and protocols without granting full network access. You can also protect your DCs from identity threats and prevent unauthorized access by simply enabling privileged access to the DCs by enforcing MFA and Privileged Identity Management (PIM).
To enhance your security posture and minimize the attack surface, it’s crucial to implement robust Conditional Access controls, such as MFA, across all private resources and applications including legacy or proprietary applications that may not support modern auth. By doing so, you can safeguard your DCs—the heart of your network infrastructure.
A closer look at the mechanics of Private Access for on-prem user scenario
Here’s how Private Access helps secure access to on-prem resources and applications and provides a seamless way for employees to access the on-premises resources when they’re locally accessing these resources, while ensuring the security of the company’s critical services. Imagine a scenario where an employee is working on-premises at their company’s headquarters. They need to access the company’s DCs to retrieve some important information for their project or make some changes. However, when they try to access the DC directly, they find that access is blocked. This is because the company has enabled privileged access, which restricts direct access to the DC for security reasons.
Instead of accessing the DC directly, the employee’s traffic is intercepted by the Global Secure Access Client and routed to the Microsoft Entra ID and Private Access Cloud for authentication. This ensures that only authorized users can access the DC and its resources.
When the employee attempts to access the private resources they need, they’re prompted to authenticate using MFA. This additional layer of security ensures that only legitimate users can gain entry to the DC. Private Access also extends MFA to all on-premises resources, even those that lack built-in MFA support. This means that even legacy applications can benefit from the added security of MFA. With Private Access, the company has also enabled granular app segmentation, which allows them to segment access to specific applications or resources within their on-premises environment. This means that the employee can only interact with the services they’re authorized to access, ensuring the security of critical services.
Despite these added security measures, the employee’s user experience remains seamless. Only authentication traffic leaves the corporate network, while application traffic remains local within the corporate network. This minimizes latency and ensures that the employee can access the information they need quickly and efficiently.
Read the full post here: Microsoft Entra Private Access for on-prem users
Help us shape Windows Server (survey)
Help us shape Windows Server
Complete a 10-minute survey to help shape the future of Windows Server. Your feedback is crucial in helping us understand your needs and preferences with our product.
We will not ask for your personal information and your responses will contribute directly to the development of Windows Server. The survey will be closed on May 23, 2024.
Help us shape Windows Server
Complete a 10-minute survey to help shape the future of Windows Server. Your feedback is crucial in helping us understand your needs and preferences with our product.
We will not ask for your personal information and your responses will contribute directly to the development of Windows Server. The survey will be closed on May 23, 2024.
Survey Link
Privacy Statement Read More
Ctrl+click to follow hyperlink
Hi!
Recently, my excel web app enabled the function “use ctrl+click to follow hyperlink” previously it was disabled by default, How can I disable it for online/web version? I do not have access to “options” menu in my web app, May be caused due to my company settings and privacy.
Hi! Recently, my excel web app enabled the function “use ctrl+click to follow hyperlink” previously it was disabled by default, How can I disable it for online/web version? I do not have access to “options” menu in my web app, May be caused due to my company settings and privacy. Read More
SUMIFS formula
Hi, I’m trying to write a SUMIFS formula that will sum a total duration based off of a condition rating but stop once it hits a duration value of zero.
For example please see my current formula:
=IF($AQ2=5,SUMIFS(‘2.0_Durations’!$U$2:$U$100000,’2.0_Durations’!$C$2:$C$100000,$F2,’2.0_Durations’!$L$2:$L$100000,”=5″),”-“)
AQ = “Condition Rating” so I only want it to sum duration based on condition rating equal to 5
U = “Duration” in years
C = Unique numerical digit range assigned to that asset
F = Unique numerical digit assigned to that asset
L = Condition rating range
My issue is that let’s say there are 23 rows of values for this specific asset, the first 19 are in condition rating 5, the next two in condition rating 6, and the last two back to condition rating 5 . My current formula is summing all durations for that asset that are in condition rating 5 and returning a total duration of 29.2 years. I only want the formula to sum column ‘U’ up to row 20 the most recent durations of the asset when it was consecutively in condition rating 5 and/or until it first changes from a 5 to a 6 condition rating (please see screenshot below of data).
Thanks!
Justin
Hi, I’m trying to write a SUMIFS formula that will sum a total duration based off of a condition rating but stop once it hits a duration value of zero. For example please see my current formula: =IF($AQ2=5,SUMIFS(‘2.0_Durations’!$U$2:$U$100000,’2.0_Durations’!$C$2:$C$100000,$F2,’2.0_Durations’!$L$2:$L$100000,”=5″),”-“) AQ = “Condition Rating” so I only want it to sum duration based on condition rating equal to 5U = “Duration” in yearsC = Unique numerical digit range assigned to that assetF = Unique numerical digit assigned to that assetL = Condition rating range My issue is that let’s say there are 23 rows of values for this specific asset, the first 19 are in condition rating 5, the next two in condition rating 6, and the last two back to condition rating 5 . My current formula is summing all durations for that asset that are in condition rating 5 and returning a total duration of 29.2 years. I only want the formula to sum column ‘U’ up to row 20 the most recent durations of the asset when it was consecutively in condition rating 5 and/or until it first changes from a 5 to a 6 condition rating (please see screenshot below of data). Thanks!Justin Read More
New Blog | Loop DDoS Attacks: Understanding the Threat and Azure’s Defense
By Amir Dahan
In the realm of cybersecurity, Distributed Denial-of-Service (DDoS) attacks are a significant concern. The recent holiday season has unveiled a complex and evolving threat landscape, marked by sophisticated tactics and diversification. From botnet delivery via misconfigured Docker API endpoints to the NKAbuse malware’s exploitation of blockchain technology for DDoS attacks, the tactics and scale of these attacks have shown significant sophistication and diversification.
Understanding and staying abreast of recent DDoS trends and attack vectors is crucial for maintaining robust network security and ensuring the availability of services. One such example is the recent HTTP/2 Rapid Reset Attack, where Microsoft promptly provided fixes and recommendations to safeguard web applications. This vulnerability exploits the HTTP/2 protocol, allowing attackers to disrupt server connections by rapidly opening and closing connection streams. This can lead to denial of service (DoS) conditions, severely impacting the availability of critical services and potentially leading to significant downtime and financial losses. Another example we wrote about were reflected TCP attack vectors that recently emerged in ways that were not believed possible before.
By closely monitoring these emerging threats, security professionals can develop and implement timely and effective countermeasures to protect their networks. This proactive approach is essential for anticipating potential vulnerabilities and mitigating risks before they can be exploited by malicious actors. Furthermore, understanding the evolving landscape of DDoS attacks enables the development of more resilient security architectures and the enhancement of existing defense mechanisms, ensuring that networks remain secure against both current and future threats.
In this blog, we focus on the newly revealed Application Loop DDoS attack vector. Microsoft hasn’t witnessed this vulnerability translated to actual DDoS attacks yet. However, we believe it’s important to highlight the threat landscape we see in Azure for UDP reflected attacks, as they present a prevalent attack vector with similar base pattern as Loop attacks. We then discuss what protection strategies Microsoft employs to protect Azure platform, our online services, and customers from newly emerging threats.
The Emergence of Loop DDoS Attacks
The Loop attack vulnerability was disclosed last month by CISPA. The attack exploits application-layer protocols relying on User Datagram Protocol (UDP). CISPA researchers found ~300,000 application servers that may be vulnerable to this attack vector. The published advisory describes Loop attacks as a sophisticated DDoS vector, exploiting the interaction between application servers to create a never-ending (hence the term Loop) cycle of communication that can severely degrade or completely halt their functionality. This attack method uses spoofed attack sources to create a situation where two or more application servers get stuck in a continuous loop of messages, usually error responses, because each server is programmed to react to incoming error messages with an error message.
Amongst the vulnerable applications, TFTP, DNS, NTP as well as legacy protocols, such as Echo, Chargen, QOTD, are at risk. The researchers provided a practical example of this, when two DNS resolvers automatically reply to error messages with their own errors. An attacker can start a loop by sending one fake spoofed DNS error to one resolver. This makes it send an error to the spoofed resolver, which does the same, creating an endless cycle of errors between them. This wastes the DNS servers’ resources and fills up the network links between them, with the potential to cause serious problems in service and network quality. Depending on the exact attack topology, Loop attacks may generate excessive amounts of traffic like other volumetric DDoS floods (e.g. DNS reflected amplified attacks).
How Loop DDoS differs from other volumetric DDoS attacks
The Loop attack is a kind of DDoS attack vector that targets applications and may manifest as a large-scale flood at the network layer as well. The cause is that attackers can set up multiple attack loops among multiple servers in a network or across networks in the peering links, overwhelming the servers and networks with traffic floods.
Like UDP reflected attacks, Loop attacks use a basic UDP weakness – the possibility to fake a source IP address to initiate the attack Loop. One of the most common attack vectors nowadays is the reflected UDP-based floods. It’s similar to Loop attack in that the malicious actor sends spoofed-source packets to an application server that replies to the spoofed IP, i.e. the victim. By generating many of these requests to an application server, the victim gets many of the responses they didn’t ask for. The impact of the reflected attack may be significantly more disastrous if the attacked application generates more traffic in response that it receives in the request. When this happens, it becomes a reflected amplified attack. Amplification is the secret sauce of why these attacks are dangerous. Loop attack is different than reflected amplified attacks in that the response may not necessarily be amplified. That is, for each spoofed packet sent to the application server, there may be a single response. However, Loop attacks are way more dangerous when the victim server who gets the response replies with its own response, which in turn is answered with another response in a loop that never ceases. For the malicious actor, it takes only a single well-crafted packet to create a Loop attack. If the attack is sent between multiple application servers, it is becoming a volumetric DDoS flood that may risk not only the application, but also the underline networks. Another interesting difference between reflected amplified UDP attacks and the Loop attack is that with Loop attack the malicious actor doesn’t control the attack lifecycle. Once the first packet is generated the Loop starts, and there’s no way for the attacker to stop it.
Reflected Amplified Attack Landscape in Azure
Since reflected amplified UDP attacks are similar to Loop attacks in their basic reflection pattern and their volumetric nature, we provide recent reflected attack landscape in Azure. As we see in the figure, UDP reflected amplification attacks account for 7% of all attacks in the first quarter of 2024.
Figure 1 – distribution of main attack vectors in Azure, January-March 2024
Read the full post here: Loop DDoS Attacks: Understanding the Threat and Azure’s Defense
By Amir Dahan
In the realm of cybersecurity, Distributed Denial-of-Service (DDoS) attacks are a significant concern. The recent holiday season has unveiled a complex and evolving threat landscape, marked by sophisticated tactics and diversification. From botnet delivery via misconfigured Docker API endpoints to the NKAbuse malware’s exploitation of blockchain technology for DDoS attacks, the tactics and scale of these attacks have shown significant sophistication and diversification.
Understanding and staying abreast of recent DDoS trends and attack vectors is crucial for maintaining robust network security and ensuring the availability of services. One such example is the recent HTTP/2 Rapid Reset Attack, where Microsoft promptly provided fixes and recommendations to safeguard web applications. This vulnerability exploits the HTTP/2 protocol, allowing attackers to disrupt server connections by rapidly opening and closing connection streams. This can lead to denial of service (DoS) conditions, severely impacting the availability of critical services and potentially leading to significant downtime and financial losses. Another example we wrote about were reflected TCP attack vectors that recently emerged in ways that were not believed possible before.
By closely monitoring these emerging threats, security professionals can develop and implement timely and effective countermeasures to protect their networks. This proactive approach is essential for anticipating potential vulnerabilities and mitigating risks before they can be exploited by malicious actors. Furthermore, understanding the evolving landscape of DDoS attacks enables the development of more resilient security architectures and the enhancement of existing defense mechanisms, ensuring that networks remain secure against both current and future threats.
In this blog, we focus on the newly revealed Application Loop DDoS attack vector. Microsoft hasn’t witnessed this vulnerability translated to actual DDoS attacks yet. However, we believe it’s important to highlight the threat landscape we see in Azure for UDP reflected attacks, as they present a prevalent attack vector with similar base pattern as Loop attacks. We then discuss what protection strategies Microsoft employs to protect Azure platform, our online services, and customers from newly emerging threats.
The Emergence of Loop DDoS Attacks
The Loop attack vulnerability was disclosed last month by CISPA. The attack exploits application-layer protocols relying on User Datagram Protocol (UDP). CISPA researchers found ~300,000 application servers that may be vulnerable to this attack vector. The published advisory describes Loop attacks as a sophisticated DDoS vector, exploiting the interaction between application servers to create a never-ending (hence the term Loop) cycle of communication that can severely degrade or completely halt their functionality. This attack method uses spoofed attack sources to create a situation where two or more application servers get stuck in a continuous loop of messages, usually error responses, because each server is programmed to react to incoming error messages with an error message.
Amongst the vulnerable applications, TFTP, DNS, NTP as well as legacy protocols, such as Echo, Chargen, QOTD, are at risk. The researchers provided a practical example of this, when two DNS resolvers automatically reply to error messages with their own errors. An attacker can start a loop by sending one fake spoofed DNS error to one resolver. This makes it send an error to the spoofed resolver, which does the same, creating an endless cycle of errors between them. This wastes the DNS servers’ resources and fills up the network links between them, with the potential to cause serious problems in service and network quality. Depending on the exact attack topology, Loop attacks may generate excessive amounts of traffic like other volumetric DDoS floods (e.g. DNS reflected amplified attacks).
How Loop DDoS differs from other volumetric DDoS attacks
The Loop attack is a kind of DDoS attack vector that targets applications and may manifest as a large-scale flood at the network layer as well. The cause is that attackers can set up multiple attack loops among multiple servers in a network or across networks in the peering links, overwhelming the servers and networks with traffic floods.
Like UDP reflected attacks, Loop attacks use a basic UDP weakness – the possibility to fake a source IP address to initiate the attack Loop. One of the most common attack vectors nowadays is the reflected UDP-based floods. It’s similar to Loop attack in that the malicious actor sends spoofed-source packets to an application server that replies to the spoofed IP, i.e. the victim. By generating many of these requests to an application server, the victim gets many of the responses they didn’t ask for. The impact of the reflected attack may be significantly more disastrous if the attacked application generates more traffic in response that it receives in the request. When this happens, it becomes a reflected amplified attack. Amplification is the secret sauce of why these attacks are dangerous. Loop attack is different than reflected amplified attacks in that the response may not necessarily be amplified. That is, for each spoofed packet sent to the application server, there may be a single response. However, Loop attacks are way more dangerous when the victim server who gets the response replies with its own response, which in turn is answered with another response in a loop that never ceases. For the malicious actor, it takes only a single well-crafted packet to create a Loop attack. If the attack is sent between multiple application servers, it is becoming a volumetric DDoS flood that may risk not only the application, but also the underline networks. Another interesting difference between reflected amplified UDP attacks and the Loop attack is that with Loop attack the malicious actor doesn’t control the attack lifecycle. Once the first packet is generated the Loop starts, and there’s no way for the attacker to stop it.
Reflected Amplified Attack Landscape in Azure
Since reflected amplified UDP attacks are similar to Loop attacks in their basic reflection pattern and their volumetric nature, we provide recent reflected attack landscape in Azure. As we see in the figure, UDP reflected amplification attacks account for 7% of all attacks in the first quarter of 2024.
Figure 1 – distribution of main attack vectors in Azure, January-March 2024
Read the full post here: Loop DDoS Attacks: Understanding the Threat and Azure’s Defense
May V1 Title Plan out now!
The Monthly Title Plan for May V1 is attached to this post. The Title Plan can also be found in the following locations:
MPN Partner Portal Learning Resources page Resource page for Training Services Partners (Title Plan publishing takes 2-3 business days)
MCT Lounge Brand-new lounge for MCTs
Thank you
The Monthly Title Plan for May V1 is attached to this post. The Title Plan can also be found in the following locations:
MPN Partner Portal Learning Resources page Resource page for Training Services Partners (Title Plan publishing takes 2-3 business days)
MCT Lounge Brand-new lounge for MCTs
Thank you Read More
Trying to call Azure rest api by using managed identity in Azure synapse notebook but failed
I’m trying to call Azure rest api by using managed identity in Azure synapse notebook but get following error.
As you can see, I already enabled the managed identity run on my notebook and the contributor role also assigned to MSI for the corresponding azure devops project. Not quite sure where is the issue. May be I used wrong scopes? Should I turn on something before execute the notebook?
Thanks for your help in advance!
I’m trying to call Azure rest api by using managed identity in Azure synapse notebook but get following error.
As you can see, I already enabled the managed identity run on my notebook and the contributor role also assigned to MSI for the corresponding azure devops project. Not quite sure where is the issue. May be I used wrong scopes? Should I turn on something before execute the notebook?Thanks for your help in advance! Read More
Outlook won’t open or is stuck at loading profile
When I click on the outlook icon to open my mail, it won’t open, it is stuck on loading profile.
I have uninstalled Microsoft 365, reinstalled it. Closed out the processes in task manager, reset to default settings and noting works.
When I click on the outlook icon to open my mail, it won’t open, it is stuck on loading profile.I have uninstalled Microsoft 365, reinstalled it. Closed out the processes in task manager, reset to default settings and noting works. Read More
Editing a pleading paper with 28 lines
I am trying to edit a 28-line pleading paper. When I try to edit the names in the caption, it moves the line numbers. Can anyone help with this problem?
I am trying to edit a 28-line pleading paper. When I try to edit the names in the caption, it moves the line numbers. Can anyone help with this problem? Read More
HoloLens 2 + Mixed Reality Applications | Technical Datasheet
Click below to download HoloLens 2 Technical Datasheet
Microsoft HoloLens 2 is an untethered, self-contained holographic device that allows users to leverage enterprise ready mixed reality (MR) solutions and Azure Mixed Reality while working heads-up and hands-free. By merging the real world with the digital world, MR users across industries can benefit from enriched remote collaboration, increased precision of work, minimized human error, fewer resource gaps, better knowledge retention, and more. Pair HoloLens 2 with a comprehensive ecosystem of apps and services from Microsoft and third-party partners for maximum ROI and productivity impact.
Click below to download HoloLens 2 Technical Datasheet
Microsoft HoloLens 2 is an untethered, self-contained holographic device that allows users to leverage enterprise ready mixed reality (MR) solutions and Azure Mixed Reality while working heads-up and hands-free. By merging the real world with the digital world, MR users across industries can benefit from enriched remote collaboration, increased precision of work, minimized human error, fewer resource gaps, better knowledge retention, and more. Pair HoloLens 2 with a comprehensive ecosystem of apps and services from Microsoft and third-party partners for maximum ROI and productivity impact. Read More
Exploring Alternative Solutions for Location-Specific Policy Application in Intune with Android
I would like to know if there is an alternative option for a specific use case of Intune with Android devices.
Objective: To create security groups with dynamic assignment using the device’s Wi-Fi IPv4 address as a criterion.
Reason: Application of specific settings and policies by location, such as stores and distribution centers.
Why Wi-Fi IPv4? The IP ranges by location are fixed, with specific VLANs for device use.
Are there alternatives that can help us achieve this result?
******
Gostaria de saber se existe uma opção alternativa para um caso de uso específico do Intune com dispositivos Android.
Objetivo: Criar grupos de segurança com atribuição dinâmica usando o endereço IPv4 Wi-Fi do dispositivo como critério.
Motivo: Aplicação de configurações e políticas específicas por localidade, como lojas e centros de distribuição.
Porque Wi-Fi IPv4? Os intervalos de IP por localização são fixos, com VLANs específicas para uso do dispositivo.
Existem alternativas que nos ajudem a alcançar esse resultado?
I would like to know if there is an alternative option for a specific use case of Intune with Android devices.Objective: To create security groups with dynamic assignment using the device’s Wi-Fi IPv4 address as a criterion.Reason: Application of specific settings and policies by location, such as stores and distribution centers.Why Wi-Fi IPv4? The IP ranges by location are fixed, with specific VLANs for device use.Are there alternatives that can help us achieve this result?******Gostaria de saber se existe uma opção alternativa para um caso de uso específico do Intune com dispositivos Android.Objetivo: Criar grupos de segurança com atribuição dinâmica usando o endereço IPv4 Wi-Fi do dispositivo como critério.Motivo: Aplicação de configurações e políticas específicas por localidade, como lojas e centros de distribuição.Porque Wi-Fi IPv4? Os intervalos de IP por localização são fixos, com VLANs específicas para uso do dispositivo.Existem alternativas que nos ajudem a alcançar esse resultado? Read More
Prevent comments from being deleted in Excel
Is there a way to prevent comments from being deleted? Or better yet, assign permissions in the sheet so that only a certain person/s could delete comments?
Thanks!
Is there a way to prevent comments from being deleted? Or better yet, assign permissions in the sheet so that only a certain person/s could delete comments? Thanks! Read More
Data-driven transformation: Successful Microsoft Fabric implementation with Wipfli
Leverage Microsoft Fabric to help your customers improve data literacy and drive business. Find out more in this story about partner Wipfli.
Leverage Microsoft Fabric to help your customers improve data literacy and drive business. Find out more in this story about partner Wipfli.
Français
Español
Português
Read More
Partner Blog | Advancing accessibility impact through global partnerships and community
AI is transforming how people with disabilities access the world by meeting the diverse needs of over one billion individuals worldwide who have a disability.
As Microsoft observes Global Accessibility Awareness Day this year, we’re inspired by new technological advances and expanded capabilities that support digital accessibility. With innovation from our global partner ecosystem, we are accelerating the prioritization of accessibility as a business deliverable, alongside increasing market momentum and customer expectations for inclusion.
Accessibility milestones and solution advancements
With the launch of Microsoft Copilot Accessibility tools, we can now use generative AI to assist everyone in work and life.
One of these features is Ask Microsoft Accessibility, an online Bing AI-powered tool that provides users with information about the accessibility of Microsoft products and services. Users can input their questions and the AI discoverability tool will provide suggestions and resources. If they need technical assistance with accessibility issues, they can also contact the Microsoft Disability Answer Desk.
Continue reading here
Microsoft Tech Community – Latest Blogs –Read More