We never take your trust for granted

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Microsoft on the Issues</title> <atom:link href="https://blogs.microsoft.com/on-the-issues/feed/" rel="self" type="application/rss+xml" /> <link>https://blogs.microsoft.com/on-the-issues</link> <description>News and perspectives on legal, public policy and citizenship topics</description> <lastBuildDate>Tue, 17 Jan 2017 14:02:15 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <generator>https://wordpress.org/?v=4.6.1</generator> <item> <title>Calling US teens: Apply to join our new Council for Digital Good</title> <link>https://blogs.microsoft.com/on-the-issues/2017/01/17/calling-us-teens-apply-join-new-council-digital-good/</link> <pubDate>Tue, 17 Jan 2017 14:00:09 +0000</pubDate> <dc:creator><![CDATA[Jacqueline Beauchere]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[education]]></category> <category><![CDATA[Online Safety]]></category> <category><![CDATA[youth]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=49577</guid> <description><![CDATA[<p>Teenagers in the U.S., listen up: here’s a unique opportunity to have your voices heard about digital issues. Effective today, Microsoft is accepting applications for our Council for Digital Good, a one-year pilot program for youths ages 13 to 17 to help lay the groundwork for a new approach to online interactions. Selected council members will be invited to our Microsoft Campus in Redmond, Washington, for a two-day trip in <a href="https://blogs.microsoft.com/on-the-issues/2017/01/17/calling-us-teens-apply-join-new-council-digital-good/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2017/01/17/calling-us-teens-apply-join-new-council-digital-good/">Calling US teens: Apply to join our new Council for Digital Good</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p><a href="https://mscorpmedia.azureedge.net/mscorpmedia/2017/01/Laurel-branches.jpg"><img class="alignleft wp-image-49592 size-medium" src="https://mscorpmedia.azureedge.net/mscorpmedia/2017/01/Laurel-branches-300x217.jpg" alt="Illustration of laurel branches with computer power on button in the center" width="300" height="217" /></a></p> <p>Teenagers in the U.S., listen up: here’s a unique opportunity to have your voices heard about digital issues. Effective today, Microsoft is accepting applications for our <a href="http://www.microsoft.com/cdg">Council for Digital Good</a>, a one-year pilot program for youths ages 13 to 17 to help lay the groundwork for a new approach to online interactions. Selected council members will be invited to our Microsoft Campus in Redmond, Washington, for a two-day trip in early August.</p> <p>Today’s youth are tech-savvy, digitally engaged and resourceful, and we at Microsoft are interested in what they’re doing online, who they’re connecting with, and what they’re sharing and learning. In turn, we’re cognizant that being online presents very real risks, and we want to make sure young people appreciate – and have the skills to help mitigate – those risks. That’s why we’re piloting this council: to gain diverse perspectives from youth in the U.S. on the state of online interactions today, as well as their hopes and ideals for what would make online life healthier, safer and more enjoyable.</p> <p><strong>Apply to join our Council for Digital Good<br /> </strong>Interested teens ages 13 to 17 living in the United States should complete and submit <a href="https://aka.ms/cdgapply">this</a> online application by <strong>Wednesday, March 1</strong>.</p> <p>In addition to some basic information, the application calls for either essay or video responses to questions about life online, expectations for their council experience, and about Microsoft generally.</p> <p><strong>Special two-day event for council members<br /> </strong>Following application reviews and selection, we’ll invite 12 to 15 young people from across the country to join the inaugural council, which will culminate in a two-day trip for each council member and a parent or guardian to attend a council summit at our company headquarters.</p> <p>The summit is expected to include small group and full council discussions, a separate “parent track,” interactive sessions with guest speakers, engagement with Microsoft consumer product and service group representatives, and fun activities. After the summit, we hope council members will serve as ambassadors for <a href="http://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/#sm.0000csshjolt3ebs10bz63rrsshg6">digital civility</a> in their schools and communities, share their experiences and continue their participation in council-specific online forums. For questions about the council or planned activities, contact <a href="mailto:[email protected]">[email protected]</a>.</p> <p>To learn more about Microsoft’s work in online safety generally, visit our <a href="http://www.microsoft.com/about/corporatecitizenship/en-us/youthspark/youthsparkhub/programs/onlinesafety/">website</a> and <a href="http://www.microsoft.com/about/corporatecitizenship/en-us/youthspark/youthsparkhub/programs/onlinesafety/resources/">resources</a> page on the Microsoft YouthSpark Hub, and be on the lookout for our <a href="http://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/#sm.0000csshjolt3ebs10bz63rrsshg6">digital civility release</a> on Safer Internet Day 2017, Feb. 7. And, for more regular news and information about online safety, connect with us on <a href="http://www.facebook.com/saferonline">Facebook</a> and <a href="http://www.twitter.com/safer_online">Twitter</a>.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2017/01/17/calling-us-teens-apply-join-new-council-digital-good/">Calling US teens: Apply to join our new Council for Digital Good</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Next Generation Washington: Our perspective on this year’s state legislative agenda</title> <link>https://blogs.microsoft.com/on-the-issues/2017/01/12/next-generation-washington-perspective-years-state-legislative-agenda/</link> <pubDate>Thu, 12 Jan 2017 18:58:44 +0000</pubDate> <dc:creator><![CDATA[Brad Smith]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=49502</guid> <description><![CDATA[<p>As we begin a new year, lawmakers from across Washington state have been sharing the policy positions they are advocating for during this year’s legislative session.  Increasingly public interest groups have also called for increased transparency by others who “walk the halls” in the state capitol, including companies.  We thought about this and concluded that these groups make a good point; after all, the democratic process benefits from more open <a href="https://blogs.microsoft.com/on-the-issues/2017/01/12/next-generation-washington-perspective-years-state-legislative-agenda/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2017/01/12/next-generation-washington-perspective-years-state-legislative-agenda/">Next Generation Washington: Our perspective on this year’s state legislative agenda</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>As we begin a new year, lawmakers from across Washington state have been sharing the policy positions they are advocating for during this year’s legislative session.  Increasingly public interest groups have also called for increased transparency by others who “walk the halls” in the state capitol, including companies.  We thought about this and concluded that these groups make a good point; after all, the democratic process benefits from more open and public discussion.  I’ve therefore summarized below the issues we want to address this year in Olympia.  Hopefully, you’ll find it helpful.</p> <p>*        *        *</p> <p><strong>A Balanced Agenda to Create Opportunity</strong></p> <p>As one of the largest employers in the state, we at Microsoft have long strived to support a balanced and bipartisan approach to public policy while using our technology and expertise to advance forward-looking initiatives.  Our focus has included the Washington State Opportunity Scholarship, expanded computer science and STEM education, the new SR-520 bridge and last fall’s successful ST3 proposal, to name a few issues.  Recognizing the need for additional state resources, we also worked proactively during the last biennium with legislative leaders on a focused proposal that was adopted and increased tax payments for Microsoft and no other taxpayer in the state.</p> <p>As the legislature starts its 2017 session, the issues in Washington state mirror many of the important topics throughout the nation.  While rapid advances in technology have spurred economic growth and opportunity, these gains have not been shared universally.  While the Puget Sound region boasts an abundance of opportunities for some, many others haven’t prospered.  And the economic expansion taking place in the Seattle region hasn’t taken hold in many communities across the state, driving a divide between affluent and struggling areas.  Across the state, the Washington Roundtable’s <a href="http://www.waroundtable.com/benchmarks-for-a-better-washington/">“Benchmarks for a Better Washington”</a> demonstrate real progress in important areas, but also a lot of room for additional steps to address several indicators that define globally competitive states, including educating our youth.</p> <p>We need a legislative agenda that will enhance economic growth, create new opportunities for more individuals to participate in that growth, and protect and improve the quality of life enjoyed by Washington residents.</p> <p>We know that we don’t have all the answers.  We also appreciate that there are many thoughtful individuals, groups, and companies across the state that have good ideas.  In the coming weeks and months, we’re interested in listening to and learning from others.  As always in every legislative session, ideas will evolve and creative compromises will emerge.  But with all this said, we’re hopeful that this year’s session will include consideration for five public policy pillars that we believe are important for Next Generation Washington:<br /> <strong><br /> Education and Workforce Training</strong></p> <p>It’s obvious to even a casual observer that our lawmakers this year must address a final and very large set of hurdles associated with the Supreme Court’s 2012 <em>McCleary</em> decision and funding for K-12 education.  We look forward to participating in this vital discussion.</p> <p>We believe that one key to this conversation is a recognition of both the recent progress made by the state and the need to do more.  This decade we’ve seen the state’s high school graduation rate rise from 75.4 percent for the class of 2010 to 78.1 percent for the class of 2015.  This progress is a testament to the work not just of the students themselves, but also to many great teachers, strong schools, committed families, and dedicated state officials.  While we obviously can’t afford to spend too much time patting ourselves on the back as a state, we nonetheless should reflect on and thank all the talented people who continue to make progress possible.  They provide some of our best inspiration for the additional, big steps we’ll need to take in the coming months.</p> <p>As we all come together to discuss the <em>McCleary</em> decision’s requirements, we obviously need to address some big questions.  We appreciate that there will be an extended discussion about both the amount of funding needed and where it will come from, including new revenue sources.  We look forward to learning more about the options being considered in Olympia and rolling up our sleeves and participating in a constructive way.  From our perspective, one key goal should be to ensure that we not only invest more money in K-12 education as a state, but that we do so in a manner that will improve outcomes for our students.  For instance, we urge policymakers to consider adopting a student-based budgeting model, as many other states have, to improve equity and outcomes.  Education, after all, is about our kids and their future.</p> <p>But as important and big of a challenge as this is, we hope that the state’s leaders won’t stop there.</p> <p>The state’s educational needs don’t end with high school diplomas.  A recent Boston Consulting Group report found that Washington will have 740,000 new job openings over the next five years, a number that exceeds the state’s historic growth rate and triples the national average for job growth over this period.  Fast-growing middle-wage and high-wage jobs will require post-secondary degrees, certificates, or other credentials.  Therefore, even as we invest in our K-12 system, we also need to address the learning needs of people after high school.  If we don’t, we’re likely to see open jobs persisting side-by-side with unemployment rates that are unacceptably high.</p> <p>As part of a Next Generation Washington, we need to continue to innovate and support new post-high school educational steps.  Some of this should involve our public four-year institutions, such as expanding their capacity in high-demand degree programs and completing investments like the second Computer Science Engineering building at the University of Washington.  In the 2017 session, we’ll support the capital request for an additional $7.5 million for this building, to bring the total state funding for it in line with the original $40 million request.  Especially as the state continues to expand computer science and coding classes for K-12 students (which similarly should be a continuing priority this session), there will need to be expanded opportunities for high school graduates to advance their computer science learning in college in ways that will prepare them for the jobs our state is creating.</p> <p>We also will support new learning and training opportunities for so-called middle-skill jobs.  There are many good jobs that don’t require a four-year college degree, but they do require learning beyond high school.  This area is ripe for innovation and investment, which this <a href="https://vimeo.com/196474273">video</a> we produced with the Markle Foundation illustrates.</p> <p>One important way to expand opportunities for people to pursue this learning is to expand the Washington State Opportunity Scholarship (WSOS) to create new opportunities at community colleges.  As a company, we’re big believers in WSOS, having donated $35 million to it, and I’ve chaired the WSOS Board.  Other companies, including Boeing, have been huge supporters as well.  It’s a trendsetter nationally in matching private scholarship donations with state funds.  In just five years since its inception, more than 5,500 Washington students have received grants of up to $22,500 to pursue degrees in science, technology, and health care fields.  The program is growing, and next year over 5,000 students with these scholarships will be enrolled across the state.  Of the 1,500 who have completed their degrees so far, 90 percent remain in the state.</p> <p>Given the need to increase post-secondary credentials in high-demand fields, we believe this is the year to expand the WSOS model to support students who want to earn an associate’s degree or industry certificate at one of the state’s community and technical colleges.  With Washington’s 34 strong public community and technical colleges serving 386,000 students annually, this is an excellent opportunity to expand the statewide impact of the WSOS program.</p> <p>We should also build on the state’s longstanding and successful track record in vocational apprenticeship programs by developing new youth apprenticeship opportunities, including by learning from successful programs in places such as Colorado and Switzerland.  Today, Washington’s registered apprenticeship programs are underway in virtually every region of the state, but not typically focused on youth or well integrated into high schools.  The average age of an apprentice in our state is 27.</p> <p>Contrast that situation to the one in Switzerland, which has one of the lowest youth unemployment rates in the world.  In Switzerland, 70 percent of young people choose to pursue their education through a Vocational Education and Training (VET) apprenticeship pathway that starts in high school. The VET program offers 230 occupational apprenticeship pathways that incorporate standard high-school curricula, industry-based curricula, and on-the-job training that leads to a credential for immediate employment.</p> <p>While we of course would need to adapt this type of program to our institutions and culture, we can learn a lot from recent efforts in Colorado to do just that.  That state is moving quickly to adapt the Swiss-style career-connected learning model, with $11 million in public, private and foundation funding to develop a comprehensive high school apprenticeship system.</p> <p>This is why one of Microsoft’s priorities this session is to support Governor Inslee’s initiative for Career-Connected Learning, including his funding proposal for $12 million (half public/half private) to engage in-and-out-of-school youth in career-connected learning opportunities, including youth apprenticeships, across the K-12 and youth development sectors.  These efforts would initially focus on low income, rural youth, and youth from populations underrepresented in high-demand fields.  If adopted, Microsoft will help support and fund a strong public-private partnership to define targets, invest in high-impact models, and catalyze systemic changes.<br /> <strong><br /> Improvements to the Criminal Justice System</strong></p> <p>A change for Microsoft this session is our prioritization of potential improvements in the criminal justice system.  Across the country over the past year, we’ve come to appreciate more keenly the importance of criminal justice issues.  Diverse segments of our population can have widely divergent experiences in their interactions with law enforcement, and therefore widely divergent perceptions of the law enforcement community.  There is a need to address these issues, and an expanded conversation across our state is not just timely, but important.</p> <p>We believe there is a common public interest in healthy community policing that both respects the vital role played by our public safety officers and ensures that people of all races and backgrounds have confidence in our law enforcement system.  The time to strengthen our state’s dialogue around these issues is not after a tragedy or crisis.  It is now, and often at a local level, so that we can avoid tragedies and crises in our hometowns.</p> <p>As an employer of a large workforce comprised of deeply talented individuals of every race and from around the world, and with an eye towards the needs of their families, we hope to contribute to new and constructive initiatives in this space.  As we do so, we’re interested in helping to explore how data gathering and analysis and technology tools may improve the effectiveness of public safety officers in serving all segments of our community.  We believe there are important opportunities for the state, local law enforcement agencies, and public-interest groups to work collaboratively and closely together.  This might include, for example, (1) expansion of data collection, storage and analysis to track not only arrests and citations, but stops and investigations; (2) use of data analysis to define best practices and design state-of-the-art police training programs; (3) use of new technological tools like HoloLens in situational training such as de-escalation techniques; and (4) cross-agency data collaboration to allow real-time sharing that improves the incident response effectiveness.  We know this is just a start.  If the state can help promote this type of dialogue, many good people will bring new ideas to the table.</p> <p>We also believe that Washington state should strive to create a national model for a criminal justice system that not only provides strong public safety protections but also creates new opportunities for offenders to lead more productive lives upon release.  To contribute to this effort, we at Microsoft will work with lawmakers to evaluate the potential benefits of offering digital literacy, productivity tools and coding training to some inmates in the corrections system setting.  And we’re prepared to explore ways that our philanthropic resources can contribute as well.</p> <p><strong>Equal Pay in the Workplace</strong></p> <p><strong> </strong>Washington voters have signaled their interest in ensuring that the workplace provides meaningful opportunities for everyone.  Meanwhile, over the last several sessions, some lawmakers have proposed legislation to mandate equal pay.  In general, their proposals have often met with less than support from the business community.</p> <p>We want to work with lawmakers and the business community to pursue strong compromise proposals on equal pay and paid family leave that will provide important protections and predictability to employees and employers alike.  We believe the time has come to find a path that can meet the needs of stakeholders across the economy, and we hope that 2017 can bring a breakthrough in this space.<br /> <strong><br /> A Cascadia Innovation Corridor</strong></p> <p>The Seattle and Vancouver regions’ synergies in research, innovation, and technology development represent a game-changing opportunity to create an innovation corridor that will generate job opportunities and prosperity well beyond what our two cities can achieve separately.  Microsoft is committed to supporting several important efforts to help strengthen this corridor.</p> <p>We hope that one big piece of this will include a strengthening of our transportation systems across the border.  There are multiple ways we can address this.</p> <p>One such opportunity is to build on the fact that, in March 2015, the United States and Canada reached an agreement to expand preclearance to passenger rail facilities as part of the Beyond the Border Agreement.  For the first time, rail preclearance facilities in Canada will allow travelers to pass through U.S. Customs and Border Protection (CBP) inspections prior to traveling, expediting their arrival in the U.S. while also protecting national security.  Microsoft was pleased to see Congress in December enact H.R. 4657, the Promoting Travel, Commerce and national Security Act of 2016, as a necessary initial step toward full implementation of the Agreement.  Now we can build on this further.</p> <p>As an additional step to enhance connections, we also believe it’s important to continue to investigate the feasibility of air service between Lake Washington or Lake Union and Vancouver’s inner Harbor.  Initial conversations with air operators indicate that doing so would require organization of a group of businesses to provide a base level of passengers in the initial phase.  At Microsoft, we’re prepared to support this effort and help make it a success.  Additionally, some financial hurdles exist with Canadian Customs that would have to be overcome to make the service financially viable.  There may be opportunities to align these issues and address the challenges concurrently.</p> <p>Finally, it makes sense in the transportation space to explore high speed rail (HSR) between Seattle and Vancouver.  The governor’s proposed transportation budget provides $1 million to evaluate the feasibility of HSR in Washington state, including potential connections to Vancouver and Portland.  We support this proposed budget request.</p> <p>Of course, it’s important to promote opportunities for people not just to travel across the U.S.-Canadian border, but for our two regions to work more closely together in ways that will promote broad economic growth.  We believe there are a variety of new and important opportunities to advance this, including by promoting more collaborative work by our regions’ great research universities and by our renowned cancer research institutions Fred Hutchinson Cancer Research Center and the BC Cancer Agency.  We look forward to working with Washington state, the province of British Columbia, and others this year to help advance this.</p> <p><strong>A Cloud for Global Good </strong></p> <p>The cloud innovations coming from local companies like Microsoft, Amazon, Zillow and Tableau, among many others, are driving the transformation of businesses and industries around the world.  They are helping our customers create new capabilities, connect with their own customers in deeper ways, solve problems, gain insights, and access new markets.  Our region is leading the world in developing cloud technology, and we should be a leader in unleashing its benefits for our citizens.  We are committed to building a cloud that is trusted, responsible, and inclusive, promising economic and social benefits for both urban and rural communities.</p> <p>We authored a <a href="http://news.microsoft.com/cloudforgood/"><em>Cloud for Global Good</em></a> policy roadmap to help lawmakers and policy influencers navigate the societal implications of technology to ensure that the cloud benefits everyone, not just the fortunate few.  One of the important cloud computing-related opportunities in Washington is the deployment of broadband services to rural areas through public-private partnerships.  Telecom companies and port districts are interested in new legislation to facilitate broadband deployment in rural area through such partnerships.</p> <p>Currently, such arrangements are not authorized under state law.  Government entities may not offer telecom or broadband services on the retail level; they may only offer these services on a wholesale basis with ISP’s offering the retail service to consumers.  Although these latter arrangements exist in a few areas in the state (including Grant County and Tacoma), they are largely unprofitable and require some form of subsidy from the sponsoring utility.</p> <p>Legislation to extend new authority to public ports as an economic development tool is being promoted by the Washington Public Ports Association and by CenturyLink. We believe it’s important to consider this opportunity, including the use of new and less expensive broadband technologies that we are helping to develop, such as TV White Spaces.</p> <p>Microsoft is beginning the technical work on a project to provide TV White Spaces broadband internet access to a few thousand residential customers in Lincoln County, Washington, located in the rural, eastern part of the state.  Our goal is not to enter the connectivity business, but to develop, test, and prove out the technologies that can help bring broadband to communities that don’t have it today.  We believe that broadband deployment is critical for creating additional economic opportunities in rural areas and reducing the divisions between the Central Puget Sound and the rest of the state.  Hence this too should be an important legislative priority.</p> <p>*        *        *</p> <p>As all of this reflects, 2017 can be a busy and important year for Washington state.  We will need leadership, constructive conversation, and ultimately creative compromises to make this potential a reality.  We believe it’s a year for the state to aim high, and for all of us across the business community and the private sector to help make this year a success.  As a company, Microsoft is committed to doing its part.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2017/01/12/next-generation-washington-perspective-years-state-legislative-agenda/">Next Generation Washington: Our perspective on this year’s state legislative agenda</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Year in review: New online safety resources created, 2017 brings focus on digital civility</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/</link> <pubDate>Mon, 19 Dec 2016 14:00:30 +0000</pubDate> <dc:creator><![CDATA[Jacqueline Beauchere]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[Online Safety]]></category> <category><![CDATA[online security]]></category> <category><![CDATA[YouthSpark]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=49439</guid> <description><![CDATA[<p>I recently attended the Family Online Safety Institute’s annual conference in Washington, D.C., where the event theme – “Online Safety in Transition” – prompted me to reflect on my work in online safety and how it has evolved. Looking back on 2016, the online safety landscape has indeed shifted and we at Microsoft will continue to focus on the issue in 2017. When I began working in online safety some <a href="https://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/">Year in review: New online safety resources created, 2017 brings focus on digital civility</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>I recently attended the <a href="http://www.fosi.org/">Family Online Safety Institute</a>’s annual conference in Washington, D.C., where the event theme – “Online Safety in Transition” – prompted me to reflect on my work in online safety and how it has evolved. Looking back on 2016, the online safety landscape has indeed shifted and we at Microsoft will continue to focus on the issue in 2017.</p> <p>When I began working in online safety some 12 years ago, risks like child predation took center stage, more out of fear than fact, and issues such as phishing were just starting to become mainstream. With a code of conduct and robust content moderation practices in place, our responses focused on public awareness-raising, informal educational efforts and collaboration with others in industry and civil society. While being cognizant of existing and emerging risks, we spoke of the transformational power of technology, and the promises to be derived from a connected world. And, while those ideals still hold true, a dozen years later, the face of online safety has changed.</p> <p>In 2016, Microsoft announced <a href="http://blogs.microsoft.com/on-the-issues/2016/08/26/new-resources-report-hate-speech-request-content-reinstatement/">new resources</a> for reporting hate speech on our hosted consumer services, developed a <a href="https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0&amp;wf=0&amp;wfName=capsub&amp;productkey=ReinstateContent&amp;locale=en-us">new form</a> for reporting any type of content that we may have removed (or an account that we may have closed) in error and published <a href="https://blogs.microsoft.com/on-the-issues/2016/05/20/microsofts-approach-terrorist-content-online/">our approach</a> to addressing terrorist content online. We also marked <a href="http://blogs.microsoft.com/on-the-issues/2016/07/22/microsofts-revenge-porn-approach-one-year-later/#sm.0001ar9n19yfzel7yar13786tdux3">one year</a> since our non-consensual pornography (or “revenge porn”) policy went into effect, and we used that milestone to create <a href="https://youtu.be/MHyZ17LM-ss">new guidance</a> to help support victims. We continued our work in the <a href="http://www.weprotect.org/">WePROTECT Global Alliance</a> to End Child Sexual Exploitation Online; stepped up efforts to combat <a href="https://staysafeonline.org/blog/new-data-reveals-two-thirds-of-global-consumers-have-experienced-tech-support-scams">tech support fraud</a>, <a href="https://www.microsoft.com/about/philanthropies/browsepdf.ashx?path=http://download.microsoft.com/download/9/6/F/96F18F7D-FB3B-4242-9C57-2F24AF23C687/Responding%20to%20online%20bullying%20and%20harassment.pdf">online bullying and harassment</a>; and supported groups and causes across the globe focused on safeguarding children’s rights, protecting other vulnerable members of our global online population and evangelizing best practices.</p> <p>In the final months of 2016, we previewed new research (<a href="http://blogs.microsoft.com/on-the-issues/2016/09/06/teens-are-concerned-about-personal-safety-online-pessimistic-about-future-risks/">post #1</a>, <a href="http://blogs.microsoft.com/on-the-issues/2016/11/10/online-risks-real-world-consequences-new-microsoft-research-shows/">post #2</a>) that we will publish in full on Feb. 7, 2017, which is Safer Internet Day. The study, “Civility, Safety and Interaction Online – 2016,” polled teens and adults in 14 countries,<a href="#_ftn1" name="_ftnref1">[1]</a> asking about their experiences and encounters with 17 different online risks across four categories: behavioral, reputational, sexual and personal/intrusive. We hope these findings will serve as an evidentiary base for a global push toward “digital civility” – healthy behaviors for youth and adults alike, both online and off, grounded in respect, constructive interaction and inclusion. Such a shift will mark a further evolution in online safety, combining the focus areas of the early years of the new millennia with the fresh realities of the internet today.</p> <p>In addition to the digital civility research, we plan to release other materials on Safer Internet Day 2017, including suggested smart practices for youth, teens and adults, educators, school officials, new technology companies and others. Watch our digital and social channels for updates and new releases between the start of the new year and Safer Internet Day.</p> <p>While we’re encouraged by our new campaign for digital civility and some favorable early feedback, we don’t profess to have all the answers – not by any stretch. On the contrary, new concerns and fresh twists on age-old internet issues continue to surface regularly, with many problems presenting a delicate balancing of interests. So, as one step, we want to get back to basics and encourage civility and respect in all online interactions.</p> <p>In the meantime ahead of our Safer Internet Day release, continue to visit our <a href="http://www.microsoft.com/about/corporatecitizenship/en-us/youthspark/youthsparkhub/programs/onlinesafety/">website</a> and <a href="http://www.microsoft.com/about/corporatecitizenship/en-us/youthspark/youthsparkhub/programs/onlinesafety/resources/">resources</a> page on the Microsoft YouthSpark Hub.  There, we offer advice and guidance for dealing with almost any online situation. For more regular news and information, “like” us on <a href="http://www.facebook.com/saferonline">Facebook</a> and follow us on <a href="http://www.twitter.com/safer_online">Twitter</a>. We look forward to sharing more on SID, and here’s to making 2017 the safest digital New Year yet.</p> <p>&nbsp;</p> <p><a href="#_ftnref1" name="_ftn1">[1]</a> Countries surveyed: Australia, Belgium, Brazil, Chile, China, France, Germany, India, Mexico, Russia, South Africa, Turkey, the United Kingdom and the United States.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/19/year-review-new-online-safety-resources-created-2017-brings-focus-digital-civility/">Year in review: New online safety resources created, 2017 brings focus on digital civility</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Expanding partnerships and transparency on human rights</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/09/expanding-partnerships-transparency-human-rights/</link> <pubDate>Fri, 09 Dec 2016 17:35:50 +0000</pubDate> <dc:creator><![CDATA[Steve Crown]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[human rights]]></category> <category><![CDATA[International Human Rights Day]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=49379</guid> <description><![CDATA[<p>As our society becomes increasingly interconnected, it is more critical than ever that we foster a strong relationship between business and the protection of human rights. With that in mind, and in honor of Human Rights Day tomorrow, I am pleased to announce an exciting new partnership with UC Berkeley to further embed human rights in business education, as well as share a positive step forward in Microsoft’s own commitment <a href="https://blogs.microsoft.com/on-the-issues/2016/12/09/expanding-partnerships-transparency-human-rights/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/09/expanding-partnerships-transparency-human-rights/">Expanding partnerships and transparency on human rights</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>As our society becomes increasingly interconnected, it is more critical than ever that we foster a strong relationship between business and the protection of human rights. With that in mind, and in honor of <a href="http://www.un.org/en/events/humanrightsday/">Human Rights Day</a> tomorrow, I am pleased to announce an exciting new partnership with UC Berkeley to further embed human rights in business education, as well as share a positive step forward in Microsoft’s own commitment to transparency with an updated Microsoft global human rights statement.</p> <p><iframe class='youtube-player' type='text/html' width='640' height='390' src='https://www.youtube.com/embed/yiNnRF-I1g8?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent' allowfullscreen='true' style='border:0;'></iframe></p> <p>Over the last decade, Microsoft has made significant strides to advance and reaffirm our commitment to the protection of human rights. These initiatives include joining the UN Global Compact, helping establish the Global Network Initiative, and working to align our company with the UN’s Guiding Principles. We also work with some of the world’s leading human rights organizations to apply the power of technology to promote human rights.</p> <p>Today, we are building on that work and have released an updated <a href="https://www.microsoft.com/en-us/about/corporate-responsibility/human-rights-statement">Microsoft Global Human Rights Statement</a> outlining Microsoft’s approach to human rights as we work to ensure that technology plays a positive role across the globe. Key updates to this statement include:</p> <ul> <li>Making explicit Microsoft’s recognition that technology is increasingly an essential gateway to the enjoyment of human rights everywhere;</li> <li>Expanding our human rights commitments to encompass the special consideration we give to vulnerable groups such as children, women and persons with disabilities; and</li> <li>Emphasizing the importance we ascribe to championing the rule of law informed by consideration of international norms.</li> </ul> <p>We must continue to work together to ensure basic human rights for every person.</p> <p>To that end, we recognize that more investment is needed to deepen the connections between the protection of human rights and the core strategy and operations of companies around the world. This is why we are so thrilled to announce our partnership with the Center for Responsible Business at UC Berkeley’s Haas School of Business on the <a href="http://redefiningbusiness.org/human-rights-partnership/">Human Rights &amp; Business Initiative</a>. This initiative aims to integrate key human rights issues such as privacy, inclusion, freedom of expression, education and employment directly into business education. Humanity United, a leading non-profit focused on human rights issues such as forced labor and human trafficking, will also be lending their expertise to the program.</p> <p>We are excited for the opportunities with this program and the insights we hope to gain from it as we work to expand these efforts in the future. Through education, we can empower the next generation of business leaders around the world with a strong foundation in human rights.</p> <p>As you may know, Human Rights Day commemorates the day 68 years ago when the United Nations General Assembly first adopted the Universal Declaration of Human Rights. What a powerful reminder of our common humanity and the need to stand up for the basic rights of all people.</p> <p>Working together, we can promote a safer, more free and more inclusive society for everyone – and a better world for the next generation.  We look forward to doing that with you.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/09/expanding-partnerships-transparency-human-rights/">Expanding partnerships and transparency on human rights</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>European Commission clears Microsoft’s acquisition of LinkedIn; deal to close in coming days</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/06/european-commission-clears-microsofts-acquisition-linkedin-deal-close-coming-days/</link> <pubDate>Tue, 06 Dec 2016 15:45:44 +0000</pubDate> <dc:creator><![CDATA[Microsoft Corporate Blogs]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[LinkedIn]]></category> <category><![CDATA[social media]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40736</guid> <description><![CDATA[<p>The European Commission announced Tuesday in Brussels that it has cleared Microsoft’s acquisition of LinkedIn. Microsoft has now obtained all the regulatory approvals needed to complete the acquisition, and the deal will close in the coming days. Tuesday’s clearance follows similar reviews and approvals in the United States, Canada, Brazil and South Africa. As part of discussions with the European Commission, Microsoft formalized several commitments regarding its support for third-party <a href="https://blogs.microsoft.com/on-the-issues/2016/12/06/european-commission-clears-microsofts-acquisition-linkedin-deal-close-coming-days/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/06/european-commission-clears-microsofts-acquisition-linkedin-deal-close-coming-days/">European Commission clears Microsoft’s acquisition of LinkedIn; deal to close in coming days</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>The European Commission announced Tuesday in Brussels that it has cleared Microsoft’s acquisition of LinkedIn.</p> <p>Microsoft has now obtained all the regulatory approvals needed to complete the acquisition, and the deal will close in the coming days.</p> <p>Tuesday’s clearance follows similar reviews and approvals in the United States, Canada, Brazil and South Africa. As part of discussions with the European Commission, Microsoft formalized several commitments regarding its support for third-party professional social networking services that compete with LinkedIn.</p> <p>“With this regulatory process behind us, we can bring together two great companies and focus on even broader issues for the future,” writes Microsoft President and Chief Legal Officer Brad Smith.</p> <p>Read more on <a href="https://blogs.microsoft.com/?p=73487">The Official Microsoft Blog</a>.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/06/european-commission-clears-microsofts-acquisition-linkedin-deal-close-coming-days/">European Commission clears Microsoft’s acquisition of LinkedIn; deal to close in coming days</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Computer Science Education Week: An opportunity to bring 21st century skills to everyone</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/04/computer-science-education-week-opportunity-bring-21st-century-skills-everyone/</link> <pubDate>Mon, 05 Dec 2016 05:00:03 +0000</pubDate> <dc:creator><![CDATA[Mary Snapp]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[Computer Science Education Week]]></category> <category><![CDATA[education]]></category> <category><![CDATA[inclusion]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40619</guid> <description><![CDATA[<p>Today marks the beginning of Computer Science Education Week (CSEdWeek). This annual initiative mobilizes educators, parents, nonprofits and the industry to inspire all young people to learn computer science and open the door to a promising future. Why does computer science education matter? Right now, fewer than 3 percent of all bachelor’s degrees awarded in the United States are in the field of computer science. Yet, computer programming jobs are <a href="https://blogs.microsoft.com/on-the-issues/2016/12/04/computer-science-education-week-opportunity-bring-21st-century-skills-everyone/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/04/computer-science-education-week-opportunity-bring-21st-century-skills-everyone/">Computer Science Education Week: An opportunity to bring 21st century skills to everyone</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>Today marks the beginning of <a href="http://csedweek.org/">Computer Science Education Week (CSEdWeek)</a>. This annual initiative mobilizes educators, parents, nonprofits and the industry to inspire all young people to learn computer science and open the door to a promising future.</p> <p>Why does computer science education matter? Right now, <a href="http://nces.ed.gov/programs/digest/d15/tables/dt15_322.10.asp?current=yes">fewer than 3</a> percent of all bachelor’s degrees awarded in the United States are in the field of computer science. Yet, computer programming jobs are growing at twice the national average and are among the top paying fields. Our tech fueled world is expected to <a href="https://www.whitehouse.gov/blog/2013/12/11/computer-science-everyone">generate 1.4 million computing jobs in the U.S. alone</a> by 2020. Today, there are already more than 604,000 open computing jobs nationwide. However, only <a href="http://csedu.gallup.com/home.aspx">40 percent of schools in the U.S. teach any form of computer science</a>.</p> <p>With our rising digital economy and the nonstop pace of technological change, we have an imperative to prepare young people to pursue careers that are in demand. Beyond computing jobs, computer science education also provides the computational thinking and problem solving skills that are now required in any field – from music and fashion, to manufacturing, health care and transportation.</p> <p>So why, then, aren’t more young people jumping at the chance to learn skills that will qualify them for rewarding work? The answer is nuanced, but one of the biggest barriers is straightforward – the lack of equitable access to computer science education and related skills essential for 21^st century careers.</p> <p>Our own efforts during CSEdWeek and throughout the year center on making computer science more accessible and inclusive. In partnership with nonprofit <a href="http://www.code.org/">Code.org</a> and other leading tech companies, Microsoft is encouraging millions of young people globally to spend an hour this week – and beyond – getting started on their journey of learning computer science. To that end, the <a href="http://www.code.org/minecraft">Minecraft Hour of Code Designer</a> is a tutorial for students and educators created by Microsoft and <a href="https://mojang.com/">Mojang</a> for <a href="https://code.org/learn">Hour of Code</a>.</p> <p>The tutorial allows players to create their own custom game experience, plugging together blocks of code to control the behaviors of sheep, zombies and other creatures. It includes a set of 12 challenges, followed by free play time so users can create a game using the coding concepts they’ve just learned. Throughout the week, Microsoft will lead hundreds of <a href="https://www.microsoft.com/about/philanthropies/youthspark/youthsparkhub/programs/studentprograms/">free hands-on coding workshops in Microsoft Stores</a> around the world. Our <a href="https://www.microsoft.com/about/philanthropies/youthspark/youthsparkhub/">YouthSpark Hub</a> offers even more resources for finding in-person coding camps, as well as coding tutorials.</p> <p>Additionally, this week, in partnership with the California Academy of Sciences and KQED, Microsoft will host Hacking STEM activities where students will apply coding to a relatable challenge in their own world. In an accessible format, they will learn more about earthquakes by building and coding a functional sensor-enabled seismograph – engineering, equipping and testing prototypes with the potential to help mitigate earthquake damage.</p> <p>Over many years, Microsoft has developed such partnerships and programs that help reach young people who are most likely to be among those without access to computer science education —particularly girls, minorities and those living in rural areas with limited connectivity. We collaborate closely with nonprofits around the world, including <a href="http://www.bgca.org/meetourpartners/Pages/Microsoft.aspx">Boys &amp; Girls Clubs of America</a>, to deliver computer science learning in clubs throughout the U.S., and with <a href="https://coderdojo.com/news/2015/04/19/microsoft-partner-with-the-coderdojo-foundation-and-movement/">Coder Dojo</a> across Europe. Their efforts are critical to reach underrepresented groups and close the skills gap.</p> <p>As part of Microsoft Philanthropies, we also run a program called <a href="http://www.microsoft.com/teals">TEALS</a> (Technology Education and Literacy in Schools), which pairs computer engineers from Microsoft and other tech companies with full-time high school teachers to teach introductory and advanced placement (AP) computer science. In addition to TEALS, the company works with a broad spectrum of educators to help prepare students for the digital future. This week, that includes <a href="https://borntolearn.mslearn.net/b/weblog/posts/the-importance-of-computer-science-curriculum">expanding resources</a> in <a href="https://www.microsoft.com/en-us/education/imagine-academy/default.aspx">Microsoft Imagine Academy</a> – a one-stop shop for digital curriculum, fundamental technology skills certification and teacher training tools.</p> <p>In my role, I’ve had the opportunity to meet with educators and nonprofits eager to collaborate on creative ideas, get kids excited about coding and make positive shifts in public policy to improve accessibility to computer science. From visiting dozens of schools, Boys &amp; Girls Clubs and other programs, I’ve seen firsthand that from the minute kids sit down and start coding, the world around them disappears. When coding is fun, they respond intuitively and love diving in.</p> <p>Expanding access to computer science – for all – is why initiatives like CSEdWeek are so important. Together, we can work to ensure any young person who wants to learn critical computational skills or go on to study computer science in community college or university has these options. And, in just an hour, we can start them on a journey where they gain the skills and knowledge needed to pursue their passions in our increasingly digital world.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/04/computer-science-education-week-opportunity-bring-21st-century-skills-everyone/">Computer Science Education Week: An opportunity to bring 21st century skills to everyone</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Highlights from Microsoft’s annual shareholders meeting</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/02/highlights-microsofts-annual-shareholders-meeting/</link> <pubDate>Fri, 02 Dec 2016 17:07:56 +0000</pubDate> <dc:creator><![CDATA[John Seethoff]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[Accessibility]]></category> <category><![CDATA[shareholders]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40673</guid> <description><![CDATA[<p>I want to thank Microsoft’s shareholders who attended or voted at this year’s Annual Shareholders Meeting. Microsoft shareholders: Re-elected all 11 directors to serve until the next annual meeting of shareholders. All director nominees received a vote of 99 percent of votes cast. Approved, on a nonbinding advisory basis, the fiscal year 2016 compensation of the company’s named executive officers. The advisory measure received 96 percent of votes cast. Ratified <a href="https://blogs.microsoft.com/on-the-issues/2016/12/02/highlights-microsofts-annual-shareholders-meeting/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/02/highlights-microsofts-annual-shareholders-meeting/">Highlights from Microsoft’s annual shareholders meeting</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>I want to thank Microsoft’s shareholders who attended or voted at this year’s Annual Shareholders Meeting. Microsoft shareholders:</p> <ul> <li>Re-elected all 11 directors to serve until the next annual meeting of shareholders. All director nominees received a vote of 99 percent of votes cast.</li> <li>Approved, on a nonbinding advisory basis, the fiscal year 2016 compensation of the company’s named executive officers. The advisory measure received 96 percent of votes cast.</li> <li>Ratified the selection of Deloitte &amp; Touche LLP as the company’s independent auditor for fiscal year 2017, with a vote of almost 99 percent of votes cast.</li> <li>Approved an amendment to Microsoft’s Amended and Restated Articles of Incorporation lowering the threshold for shareholders calling a special meeting from 25 to 15 percent of shares, with a vote of 99 percent of votes cast.</li> <li>Approved a French Sub Plan under the 2001 Stock Plan, with a vote of 97 percent of votes cast.</li> <li>Rejected a shareholder proposal to make amendments to the current Proxy Access for Director Nominations bylaw; the proposal received approximately 26 percent of votes cast.</li> </ul> <p>As Satya Nadella has shared, Microsoft’s mission to empower every person and organization connects in fundamental ways with how we as a company operate, from how we design and develop technology to how we work to serve people with disabilities. A highlight of this year’s meeting was the <a href="https://microsoft.onlineshareholdermeeting.com/vsm/web?pvskey=MSFT16">demonstration</a> by Anne Taylor, Senior Supportability Program Manager, of how our <a href="https://blogs.msdn.microsoft.com/accessibility/2016/12/02/making-microsoft-products-more-accessible-what-to-expect-in-2017/">assistive technologies</a> like Windows Narrator (a screen reader built into Windows 10) make it possible for someone who is blind or visually impaired to access our shareholder materials. Anne showed on stage how, by using Narrator, she was able to have a Word document read back to her at various speeds, call out when comments were made, and provide her own responses through the use of keyboard shortcuts instead of a mouse.</p> <p>In conjunction with providing an online vote via a virtual shareholders meeting, we delivered an interactive version of our <a href="https://iiwisdom.com/msft-2016/?EventID=165966">proxy statement</a> for the second year in a row. A <a href="https://microsoft.onlineshareholdermeeting.com/vsm/web?pvskey=MSFT16">webcast</a> of our annual meeting is available on our <a href="http://www.microsoft.com/investor/Default.aspx">Investor Relations</a> site, along with a detailed breakdown of the vote results.</p> <p>We continually strive to improve. Let us know what you think by sending questions or thoughts you may have to <a href="mailto:[email protected]">[email protected]</a>.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/02/highlights-microsofts-annual-shareholders-meeting/">Highlights from Microsoft’s annual shareholders meeting</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>An opportunity for small businesses expanding affordable internet access: Grant applications open now</title> <link>https://blogs.microsoft.com/on-the-issues/2016/12/02/opportunity-small-businesses-expanding-affordable-internet-access-grant-applications-open-now/</link> <pubDate>Fri, 02 Dec 2016 14:00:13 +0000</pubDate> <dc:creator><![CDATA[Paul Garnett]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[Affordable Access Initiative]]></category> <category><![CDATA[Internet access]]></category> <category><![CDATA[Microsoft Philanthropies]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40592</guid> <description><![CDATA[<p>This post originally appeared on NextBillion.net. New Sun Road is literally lighting up Uganda’s economy. The small business, supported with a grant from Microsoft’s Affordable Access Initiative, provides a critical service, creates jobs and is the kind of enterprise we aim to support with a second round of grants for innovators around the world. Initially conceived at UC Berkeley, New Sun Road designed, built and operated the first 24/7 metered <a href="https://blogs.microsoft.com/on-the-issues/2016/12/02/opportunity-small-businesses-expanding-affordable-internet-access-grant-applications-open-now/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/02/opportunity-small-businesses-expanding-affordable-internet-access-grant-applications-open-now/">An opportunity for small businesses expanding affordable internet access: Grant applications open now</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<div id="attachment_40655" style="width: 650px" class="wp-caption alignnone"><a href="https://mscorpmedia.azureedge.net/mscorpmedia/2016/12/newsunroad2.jpeg"><img class="size-full wp-image-40655" src="https://mscorpmedia.azureedge.net/mscorpmedia/2016/12/newsunroad2.jpeg" alt="Phot of man outdoors installing micro-grid technology on one of Uganda’s Ssese Islands." width="640" height="480" /></a><p class="wp-caption-text">New Sun Road’s micro-grid technology being installed on one of Uganda’s Ssese Islands. Image courtesy of New Sun Road.</p></div> <p><em>This post originally appeared on NextBillion.net.</em></p> <p><a href="http://newsunroad.com/">New Sun Road</a> is literally lighting up Uganda’s economy. The small business, supported with a grant from Microsoft’s <a href="https://www.microsoft.com/en-us/affordable-access-initiative/home">Affordable Access Initiative</a>, provides a critical service, creates jobs and is the kind of enterprise we aim to support with a second round of grants for innovators around the world.</p> <p>Initially conceived at <a href="http://www.berkeley.edu/">UC Berkeley</a>, New Sun Road designed, built and operated the first 24/7 metered electricity service on an off-grid island chain in the southern part of Uganda. Now they are sharing their technology solutions with other entrepreneurs to accelerate development and scale clean, renewable power systems in developing markets such as East Africa and Southeast Asia.</p> <p><strong>A challenge, and an opportunity, in Uganda</strong></p> <p>The 50,000 inhabitants of the Ssese Islands in Uganda depend on an economy largely driven by the fishing industry. Before New Sun Road’s system went online, local businesses had only an intermittent power supply, provided by costly diesel generators, which made it difficult to provide predictable hours of operation. Since the introduction of a solar grid, fishing-adjacent businesses including taverns, restaurants and food processors enjoy improved physical security, due to around-the-clock lighting, and much lower utility fees.</p> <p>Electricity costs – which had previously accounted for up to a third of clients’ daily incomes – have fallen by 50 percent. Extended hours enabled by the new system are allowing businesses to stay open later, increasing earning potential and job creation. Most importantly, New Sun Road’s prototype demonstrated strong local demand for solar micro-grid power, giving new utility companies confidence to build larger systems and expand service throughout the remote Ssese Islands.</p> <p>“While building our micro-grid in the Ssese Islands, we encountered a lot of obstacles stemming from lack of power, water, sanitation and transport infrastructure – and this helped us better understand the daily struggles residents of the islands face,” said Jalel Sager, director at New Sun Road. “We are proud to have provided our early customers with 24-hour reliable clean energy and tablet-based connectivity on the island as a first step toward securing the rest of the services they need for a better future.”</p> <p>New Sun Road’s micro-grid management systems also use various Microsoft Azure cloud-connected tools, such as real-time analytics, automated event notifications and machine learning, to maximize efficiency. The company gathers data on electricity usage and identifies patterns that can predict when there will be outages or potential failures. Once a possible lapse is identified, the system alerts local technicians and keeps customers updated. And New Sun Road systems provide the foundation for broadband internet capabilities in the community.</p> <p><strong>Affordable Access Initiative grants: Year Two</strong></p> <p>Unfortunately, 3.9 billion people worldwide, often in economically disadvantaged, rural and other underserved communities, lack internet connectivity. That’s why Microsoft created the <a href="https://www.microsoft.com/en-us/affordable-access-initiative/home">Affordable Access Initiative</a>, a holistic, partnership-based program that invests in new last-mile access technologies, cloud-based services and business models to reduce the cost of internet access and help more people affordably get online. The initiative is a call to innovate. By using seed grants, mentoring networks and sparking community engagement, we cultivate partner companies that demonstrate promising market-based solutions through hardware, software or infrastructure improvements that deliver connectivity.</p> <p>One important aspect of Microsoft’s Affordable Access Initiative is a grant fund which has, since November 2015, awarded funds to <a href="https://www.microsoft.com/en-us/affordable-access-initiative/winners">12 companies</a> in 11 countries and five continents, offering affordable internet access or cloud-based services in fields such as power generation, health, education, finance and agriculture. The social enterprises we support have inspired us with practical, high-impact and scalable approaches to help close the digital divide. It’s a privilege to see these solutions take shape, and to play a role in helping local entrepreneurs spur job creation and economic growth.</p> <p>This initiative is also connected to the work of <a href="https://www.microsoft.com/en-us/philanthropies">Microsoft Philanthropies</a>, which is helping to bring technology’s benefits to those who need them most. Microsoft Philanthropies is making its digital literacy, online safety and computer science education programs available to grant recipients and the communities they serve.</p> <p>“Too many people around the world lack internet connectivity and the educational, commercial and economic benefits of cloud-based services,” Mary Snapp, corporate vice president and head of Microsoft Philanthropies, told me. “Affordable Access Initiative grants, and the technology ecosystems they help support, empower entrepreneurs to provide connectivity which then enables the creation of critical services for those who need it most.”</p> <p>Businesses wishing to apply for this year’s grants may find a list of criteria, and the application, <a href="https://www.microsoft.com/en-us/affordable-access-initiative/home">here</a>. Applications will be accepted until midnight PT on Jan. 31, 2017.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/12/02/opportunity-small-businesses-expanding-affordable-internet-access-grant-applications-open-now/">An opportunity for small businesses expanding affordable internet access: Grant applications open now</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>ABA Resolution 113: Creating a legal profession that reflects the public it serves</title> <link>https://blogs.microsoft.com/on-the-issues/2016/11/22/aba-resolution-113-creating-legal-profession-reflects-public-serves/</link> <pubDate>Tue, 22 Nov 2016 16:45:38 +0000</pubDate> <dc:creator><![CDATA[Brad Smith]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[diversity]]></category> <category><![CDATA[Law Firm Diversity Program]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40574</guid> <description><![CDATA[<p>Since the United States was founded, the diversity of our nation has continuously grown, a trend that will accelerate in coming years. Unfortunately, the diversity of the legal profession has failed to match this growth. This is why Microsoft has joined legal departments and law firms from across the country to support the American Bar Association (ABA) Resolution 113 and its mission to create a legal profession that better reflects <a href="https://blogs.microsoft.com/on-the-issues/2016/11/22/aba-resolution-113-creating-legal-profession-reflects-public-serves/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/11/22/aba-resolution-113-creating-legal-profession-reflects-public-serves/">ABA Resolution 113: Creating a legal profession that reflects the public it serves</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<p>Since the United States was founded, the diversity of our nation has continuously grown, a trend that will accelerate in coming years. Unfortunately, the diversity of the legal profession has failed to match this growth.</p> <p>This is why Microsoft has joined legal departments and law firms from across the country to support the <a href="http://www.americanbar.org/content/dam/aba/directories/policy/2016_hod_annual_113.docx">American Bar Association (ABA) Resolution 113</a> and its mission to create a legal profession that better reflects the diversity of the nation we serve.</p> <p>At Microsoft, our customer base is as varied as the world itself, representing every background in this country and virtually every country on the planet. As a legal department, we understand that diversity is a business necessity. To be successful as lawyers, we must understand how to connect, communicate with, and persuade people of all races, genders, abilities and cultures. And we can&#8217;t do that unless our diversity mirrors that of our customers.</p> <p><strong>Diversity starts with law firms</strong></p> <p>Based on our experience, we believe that as diversity increases, improvements in decision-making, creativity, innovation and customer engagement follow. Like many corporate legal departments, Microsoft’s Corporate, External and Legal Affairs team views our outside counsel as a partner with and an extension of our own legal team.  As a result, the business rationale that drives us to diversify our overall workforce applies to our law firms.</p> <p>Yet the statistics show that the legal profession has important work to do. We have yet to see diversity gains at the leadership levels of most U.S. law firms. In 2015, only 7 percent of equity partners were minorities<a href="#_ftn1" name="_ftnref1">[1]</a> and just 17 percent of the equity partners were women<a href="#_ftn2" name="_ftnref2">[2]</a>. These numbers don’t reflect the increasing number of diverse graduates that have been coming out of our law schools for more than a decade.<a href="#_ftn3" name="_ftnref3">[3]</a></p> <p>At Microsoft we work closely with our law firms to promote greater diversity and inclusion. Our <a href="http://www.microsoft.com/en-us/Legal/LCADiversity/lawfirmdiversityprogram.aspx">Law Firm Diversity Program</a> (LFDP) and <a href="http://blogs.microsoft.com/on-the-issues/2016/11/01/microsoft-legal-spending-on-women-and-minority-owned-law-firms-tops-100-million-this-decade-toward-aim-of-more-diverse-and-inclusive-legal-profession/#G6SoaOSCPisxxkWU.99">our work with law firms owned by women or minorities</a> – or WMBE firms – have helped grow the diversity of our own legal team and promote diversity within the firms that support our business. While these programs are a step in the right direction, we recognize that we need to do more.</p> <p><strong>The role of ABA Resolution 113</strong></p> <p>We must take new steps together – as a profession – to make significant progress towards increasing diversity. This starts with setting clear, measurable goals based on strong indicators of where we stand, where we want to go and how we will get there.</p> <p>ABA Resolution 113 encourages legal departments to ask law firms to complete the ABA <a href="http://www.americanbar.org/content/dam/aba/administrative/diversity-portal/presidents_diversity_inclusion_model_survey.authcheckdam.pdf">legal model diversity survey</a> and consider the information as a factor in deciding whether to retain a law firm for significant matters. The survey enables legal departments to measure their progress and to review the diversity data of law firms.  By providing a standardized format, the survey also reduces the burden of reporting on law firms and makes it easier to compare progress between law firms and track improvements year-over-year.</p> <p>We are enthusiastic in endorsing ABA Resolution 113 and hope that many other legal departments across the country will pledge their support for use the survey as a factor in managing their law firm relationships.  This new resolution will help encourage new and significant steps toward building greater transparency and accountability relating to diversity.  It should inspire all of us to aim higher and build a legal profession that reflects the populations we serve.</p> <p>&nbsp;</p> <p><a href="#_ftnref1" name="_ftn1">[1]</a> <a href="http://www.law360.com/articles/657725/2015-law360-minority-report">Law360’s 2015 Minority Report</a></p> <p><a href="#_ftnref2" name="_ftn2">[2]</a> <a href="http://www.nawl.org/p/bl/et/blogid=10&amp;blogaid=56">Eighth Annual NAWL National Survey on Retention and Promotion of Women in Law Firms</a></p> <p><a href="#_ftnref3" name="_ftn3">[3]</a> <a href="http://www.law360.com/articles/657725/2015-law360-minority-report">Law360’s 2015 Minority Report</a>, <a href="http://www.nawl.org/p/bl/et/blogid=10&amp;blogaid=56">Eighth Annual NAWL National Survey</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/11/22/aba-resolution-113-creating-legal-profession-reflects-public-serves/">ABA Resolution 113: Creating a legal profession that reflects the public it serves</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> <item> <title>Teaching kids computer science: no computer required</title> <link>https://blogs.microsoft.com/on-the-issues/2016/11/17/teaching-kids-computer-science-no-computer-required/</link> <pubDate>Thu, 17 Nov 2016 14:00:10 +0000</pubDate> <dc:creator><![CDATA[Microsoft Corporate Blogs]]></dc:creator> <category><![CDATA[Microsoft on the Issues]]></category> <category><![CDATA[computer science]]></category> <category><![CDATA[education]]></category> <category><![CDATA[Microsoft Philanthropies]]></category> <category><![CDATA[YouthSpark]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/on-the-issues/?p=40502</guid> <description><![CDATA[<p>Every young person should have the opportunity to learn computer science skills and, by extension, gain a better understanding of how the technology works, since it will impact so many aspects of their lives. A grant announced today will help more youth get that opportunity. Computational thinking is described by Jeannette M. Wing, corporate vice president at Microsoft Research, as the thought processes involved in formulating a problem and expressing <a href="https://blogs.microsoft.com/on-the-issues/2016/11/17/teaching-kids-computer-science-no-computer-required/" class="read-more">Read more &#187;</a></p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/11/17/teaching-kids-computer-science-no-computer-required/">Teaching kids computer science: no computer required</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></description> <content:encoded><![CDATA[<div id="attachment_40514" style="width: 3018px" class="wp-caption alignnone"><a href="https://mscorpmedia.azureedge.net/mscorpmedia/2016/11/DSC_4940-582cd22857112.jpeg"><img class="size-full wp-image-40514" src="https://mscorpmedia.azureedge.net/mscorpmedia/2016/11/DSC_4940-582cd22857112.jpeg" alt="Six girls outside a classroom learning computer science by using CS Unplugged" width="3008" height="2000" /></a><p class="wp-caption-text">Using the CS Unplugged program, students can learn computer science through engaging games and puzzles that rely on cards, string, crayons and physical activity.</p></div> <p>Every young person should have the opportunity to learn computer science skills and, by extension, gain a better understanding of how the technology works, since it will impact so many aspects of their lives. A <a href="http://news.microsoft.com/en-nz/2016/11/17/kiwi-developed-computer-science-education-program-gets-a-big-global-boost-from-microsoft-grant/">grant announced today</a> will help more youth get that opportunity.</p> <p><a href="http://socialissues.cs.toronto.edu/index.html%3Fp=279.html">Computational thinking</a> is described by <a href="https://www.microsoft.com/en-us/research/people/wing/">Jeannette M. Wing</a>, corporate vice president at Microsoft Research, as the thought processes involved in formulating a problem and expressing solutions in a way that a computer – human or machine – can carry out. Wing, who also serves as the president&#8217;s professor of Computer Science at Carnegie Mellon University, wrote in <a href="http://socialissues.cs.toronto.edu/index.html%3Fp=279.html">Social Issues in Computing</a> that computational thinking “will be a fundamental skill – just like reading, writing, and arithmetic – used by everyone by the middle of the 21st century.”</p> <p>Yet not every young person has ready access to technology or the internet. In schools where technology is available, teachers don’t always have curriculum materials that make computational thinking easy and fun to teach. University of Canterbury Computer Science and Engineering Professor Tim Bell, in collaboration with colleagues at other universities, created an innovative solution for teaching computational thinking in these and other settings. <a href="http://www.csunplugged.org/">CS Unplugged</a>, available in about 20 languages and used by educators around the world, is a collection of <a href="http://csunplugged.org/activities">free learning activities</a> to teach core computer science concepts through engaging activities that use everyday items and interaction among youth to facilitate learning. The program’s games and puzzles use cards, string, crayons and physical activity – no technology required.</p> <p>Professor Bell’s important work received a boost from Microsoft Philanthropies today: a Microsoft YouthSpark grant to continue to build and improve his CS Unplugged curriculum to have greater applicability and usability for nonprofit organizations and teachers all around the world.</p> <p>“All youth should have a chance to learn problem-solving skills critical for today’s technology-driven world,” said Mary Snapp, corporate vice president and head of Microsoft Philanthropies. “CS Unplugged is especially useful in demonstrating core concepts in computer science and removes the barrier of technology access so that more young people can gain these important skills. We’re pleased to support Professor Bell and this work.”</p> <div id="attachment_40553" style="width: 5194px" class="wp-caption alignnone"><a href="https://mscorpmedia.azureedge.net/mscorpmedia/2016/11/171116Satya33.jpeg"><img class="wp-image-40553 size-full" src="https://mscorpmedia.azureedge.net/mscorpmedia/2016/11/171116Satya33.jpeg" alt="Microsoft CEO Satya Nadella in a school classroom in New Zealand with children learning computer science without computers." width="5184" height="3456" /></a><p class="wp-caption-text">Microsoft CEO Satya Nadella, who was in New Zealand this week, visited Freemans Bay School in Auckland to see how students at the school learn computer science with the CS Unplugged program.</p></div> <p>New lesson plans will be developed, and new supplementary videos, made possible by this grant, will demonstrate how the material looks when used in a classroom. The material will include tips and explanations to help teachers understand computer science principles behind the activities and how to teach those to students. The material is suitable for people of all ages and backgrounds, from elementary school students to seniors, and will be available free of charge.</p> <p>Today’s announcement coincided with the first visit to New Zealand by Microsoft’s CEO Satya Nadella, who visited Freemans Bay School as the guest of New Zealand Minister of Education Hon Hekia Parata to see how the school uses the CS Unplugged program. Reflecting a growing trend around the world, New Zealand will integrate a digital technologies focus into school curriculums in 2018. The grant will enable the modification of CS Unplugged to be fully integrated into school curricula, building on its initial function as extra content for classes.</p> <p>CS Unplugged may be downloaded in a variety of languages at <a href="http://csunplugged.org/">csunplugged.org</a>. The new versions of the materials, made possible by today’s YouthSpark grant, will be published in the summer of 2017.</p> <p>The post <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues/2016/11/17/teaching-kids-computer-science-no-computer-required/">Teaching kids computer science: no computer required</a> appeared first on <a rel="nofollow" href="https://blogs.microsoft.com/on-the-issues">Microsoft on the Issues</a>.</p> ]]></content:encoded> </item> </channel> </rss>

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>Microsoft Secure Blog</title> <atom:link href="https://blogs.microsoft.com/microsoftsecure/feed/" rel="self" type="application/rss+xml" /> <link>https://blogs.microsoft.com/microsoftsecure</link> <description>In-depth discussion of security, cybersecurity and technology trends affecting trust in computing, as well as timely security news, trends, and practical security guidance</description> <lastBuildDate>Tue, 17 Jan 2017 20:13:26 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <generator>https://wordpress.org/?v=4.6.1</generator> <item> <title>Microsoft’s Cyber Defense Operations Center shares best practices</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/17/microsofts-cyber-defense-operations-center-shares-best-practices/</link> <pubDate>Tue, 17 Jan 2017 18:00:03 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66644</guid> <description><![CDATA[This post is authored by Kristina Laidler, Security Principal, Cyber Security Services and Engineering Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. In 2016 alone, over 3 billion customer data records were breached in several high-profile attacks globally. As we look at current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/17/microsofts-cyber-defense-operations-center-shares-best-practices/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Kristina Laidler, Security Principal, Cyber Security Services and Engineering</em></p> <p>Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. In 2016 alone, over 3 billion customer data records were breached in several high-profile attacks globally. As we look at current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each attack continues to grow and evolve. Cyber adversaries are now changing their tactics and targets based on the current security landscape. For example, as operating systems became more secure, hackers shifted back to credential compromise. As Microsoft Windows continually improves its security, hackers attack other systems and third-party applications.</p> <p>Both the growth of the internet and the Internet of Things (IoT) is creating more connected devices, many of which are unsecure, to carry out larger Distributed Denial-of-Service (DDoS) attacks. Due to the insecure implementation of internet-connected embedded devices, they are routinely being hacked and used in cyberattacks. Smart TVs and even refrigerators have been used to send out millions of malicious spam emails. Printers and set-top-boxes have been used to mine Bitcoins and cybercriminals have targeted CCTV cameras (common IoT devices), to launch DDoS attacks.</p> <p>Microsoft has unique visibility into an evolving threat landscape due to our hyper-scaled cloud footprint of more than 200 cloud services, over 100 datacenters, millions of devices, and over a billion customers around the globe and our investment in security professionals focused on secure development as well as protect, detect and respond functions. In an effort to mitigate attacks, Microsoft has developed an automated platform, as part of Microsoft Azure, that provides a rapid response to a DDoS attack. On our software-defined networks, the data plane can be upgraded to respond and stay ahead of network traffic, even while our service or corporate environment is under attack. Our DDoS protection platform analyzes traffic in real-time and has the capability to respond and mitigate an attack within 90 seconds of the detection.</p> <p><a href="https://i2.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2017/01/Microsoft-Cyber-Defense-Operations-Center.jpg?ssl=1"><img class="size-large wp-image-66656 aligncenter" src="https://i1.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2017/01/Microsoft-Cyber-Defense-Operations-Center-1024x729.jpg?resize=640%2C456&#038;ssl=1" alt="microsoft-cyber-defense-operations-center" data-recalc-dims="1" /></a></p> <p style="text-align: center;"><em>Microsoft Cyber Defense Operations Center operates 24&#215;7 to defend against cyberthreats</em></p> <p>In November 2015, we opened the <strong>Cyber Defense Operations Center</strong> (CDOC) to bring together the company’s cybersecurity specialists and data scientists in a 24&#215;7 facility to combat cyber adversaries.</p> <p>In the year since opening, we have advanced the policies and practices that accelerate the detection, identification and resolution of cybersecurity threats, and have shared our key learnings with the thousands of enterprise customers who have visited the CDOC. Today, we are sharing a Cyber Defense Operations Center <a href="http://download.microsoft.com/download/4/6/8/4680DFC2-7D56-460F-AD41-612F1A131A26/Microsoft_Cyber_Defense_Operations_Center_strategy_brief_EN_US.pdf">strategy brief</a> that details some of our best practices for how we <strong>Protect</strong>, <strong>Detect</strong> and <strong>Respond</strong> to cyberthreats in real time.</p> <p>Microsoft’s first commitment is to protect the computing environment used by our customers and employees to ensure the resiliency of our cloud infrastructure and services, products, devices, and the company’s internal corporate resources.</p> <p>Microsoft’s protect tactics include:</p> <ul> <li><strong>Extensive monitoring and controls</strong> over the physical environment of our global datacenters, including cameras, personnel screening, fences and barriers and multi-factor authentication for physical access.</li> <li><strong>Software-defined networks</strong> that protect our cloud infrastructure from intrusions and distributed denial of service attacks.</li> <li><strong>Multifactor authentication</strong> is employed across our infrastructure to control identity and access management.</li> <li><strong>Non-persistent administration using</strong> just-in-time (JIT) and just-enough administrator (JEA) privileges to engineering staff managing infrastructure and services. This provides a unique set of credentials for elevated access that automatically expires after a pre-designated duration</li> <li><strong>Proper hygiene</strong> is rigorously maintained through up-to-date, anti-malware software and adherence to strict patching and configuration management.</li> <li><strong>Microsoft Malware Protection Center’s</strong> team of researchers identify, reverse engineer and develop malware signatures and then deploy them across our infrastructure for advanced detection and defense. These signatures are available to millions of customers using Microsoft anti-malware solutions.</li> <li><strong>Microsoft Security Development Lifecycle</strong> is used to harden all applications, online services and products, and to routinely validate its effectiveness through penetration testing and vulnerability scanning.</li> <li><strong>Threat modeling and attack surface analysis</strong> ensures that potential threats are assessed, exposed aspects of the service are evaluated, and the attack surface is minimized by restricting services or eliminating unnecessary functions.</li> <li><strong>Classifying data</strong> according to its sensitivity—high, medium or low business impact—and taking the appropriate measures to protect it, including encryption in transit and at rest, and enforcing the principle of least-privilege access provides additional protection.</li> <li><strong>Awareness training</strong> that fosters a trust relationship between the user and the security team to develop an environment where users will report incidents and anomalies without fear of repercussion</li> </ul> <p>Having a rich set of controls and a defense-in-depth strategy helps ensure that should any one area fail, there are compensating controls in other areas to help maintain the security and privacy of our customers, cloud services, and our own infrastructure environment.</p> <p>Microsoft operates under an Assume Breach posture. This simply means that despite the confidence we have in the defensive protections in place, we assume adversaries can and will find a way to penetrate security perimeters. It is then critical to detect an adversary rapidly and evict them from the network.</p> <p>Microsoft’s detect tactics include:</p> <ul> <li><strong>Monitoring network and physical environments</strong> 24x7x365 for potential cybersecurity events. Behavior profiling, based on usage patterns and an understanding of unique threats to our services.</li> <li><strong>Identity and behavioral analytics</strong> are developed to highlight abnormal activity.</li> <li><strong>Machine learning</strong> software tools and techniques are routinely used to discover and flag irregularities.</li> <li><strong>Advanced analytical tools and processes</strong> are deployed to further identify anomalous activity and innovative correlation capabilities. This enables highly-contextualized detections to be created from the enormous volumes of data in near real-time.</li> <li><strong>Automated software-based processes</strong> that are continuously audited and evolved for increased effectiveness.</li> <li><strong>Data scientists and security experts</strong> routinely work side-by-side to address escalated events that exhibit unusual characteristics requiring further analysis of targets. They can then determine potential response and remediation efforts.</li> </ul> <p>When we detect something abnormal in our systems, it triggers our response teams to engage.</p> <p>Microsoft’s respond tactics include:</p> <ul> <li><strong>Automated response systems</strong> using risk-based algorithms to flag events requiring human intervention.</li> <li><strong>Well-defined, documented and scalable incident response processes</strong> within a continuous improvement model helps to keep us ahead of adversaries by making these available to all responders.</li> <li><strong>Subject matter expertise</strong> across our teams, in multiple security areas, including crisis management, forensics, and intrusion analysis, and deep understanding of the platforms, services and applications operating in our cloud datacenters provides a diverse skill set for addressing incidents.</li> <li><strong>Wide enterprise searching</strong> across both cloud, hybrid and on-premises data and systems to determine the scope of the incident.</li> <li><strong>Deep forensic analysis</strong>, for major threats, are performed by specialists to understand incidents and to aid in their containment and eradication.</li> <li><strong>Microsoft’s security software tools, automation and hyper-scale cloud infrastructure</strong> enable our security experts to reduce the time to detect, investigate, analyze, respond, and recover from cyberattacks.</li> </ul> <p>There is a lot of data and tips in this strategy brief that I hope you will find useful. You can download the<a href="http://download.microsoft.com/download/4/6/8/4680DFC2-7D56-460F-AD41-612F1A131A26/Microsoft_Cyber_Defense_Operations_Center_strategy_brief_EN_US.pdf"> Cyber Defense Operations Center strategy brief</a> to gain more insight into how we work to protect, detect and respond to cybersecurity threats. And I encourage you to visit the <a href="https://www.microsoft.com/en-us/security/default.aspx">Microsoft Secure</a> website to learn more about how we build security into Microsoft’s products and services to help you protect your endpoints, move faster to detect threats, and respond to security breaches.</p> ]]></content:encoded> </item> <item> <title>Rules-making in technology: Examining the past and predicting the future</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/17/rules-making-in-technology-examining-the-past-and-predicting-the-future/</link> <pubDate>Tue, 17 Jan 2017 17:00:56 +0000</pubDate> <dc:creator><![CDATA[Paul Nicholas]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66566</guid> <description><![CDATA[Are the rules and regulations being put in place today, from the Chinese cybersecurity law to the EU’s General Data Protection Regulation (GDPR), going to be appropriate for the world 10 years from now? And if not, should this be of concern?  To answer these questions, we need to learn from the past. The technology concerns of 10 years ago are still with us in some ways, e.g. worries about &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/17/rules-making-in-technology-examining-the-past-and-predicting-the-future/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p>Are the rules and regulations being put in place today, from the Chinese cybersecurity law to the EU’s <a href="http://ec.europa.eu/justice/data-protection/reform/index_en.htm">General Data Protection Regulation </a>(GDPR), going to be appropriate for the world 10 years from now? And if not, should this be of concern?  To answer these questions, we need to learn from the past.</p> <p>The technology concerns of 10 years ago are still with us in some ways, e.g. worries about data being accessed by the wrong people and important systems becoming vulnerable to cyberattacks, but much has changed as the technology has continued to develop and spread through our businesses, communities, governments, and private lives. As a result, the regulations in place in 2006 have had to be replaced, e.g. the US-EU <a href="https://iapp.org/resources/article/a-brief-history-of-safe-harbor/">Safe Harbour</a> with <a href="https://www.privacyshield.gov/welcome">Privacy Shield</a>, or have been wholly supplanted, e.g. the emergence of new approaches to <a href="https://www.nist.gov/cyberframework">cybersecurity</a> and <a href="https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive">critical infrastructure</a>. Now that I look at it, the world of 10 years ago seems more distant than I expected. Technology was far from ubiquitous and the services offered more limited, the rules familiar but sometimes at a tangent to today’s.</p> <p>2006 was an important year in technology development: Facebook emerged from university campuses and Google bought YouTube. The policy agendas of governments and regulators were driven by concerns about child online safety, e-skills and lifelong learning, access to broadband, e-commerce and online banking, and, yes, <a href="https://en.wikipedia.org/wiki/Microsoft_Corp_v_Commission">market dominance</a>. This is not to discount the importance of these issues at the time, but cybersecurity then was more often viewed as avoiding exotically named <a href="https://en.wikipedia.org/wiki/Timeline_of_computer_viruses_and_worms#2000.E2.80.932009">viruses</a> rather than combating the organized cybercrime we now face, whilst privacy was seen as protecting the vulnerable from online exploitation rather than through today’s post-Snowden lens.</p> <p>Could 2006’s policy-makers have prepared better for the issues we now face? That seems unlikely. For one thing, policy-makers would have been hard-pressed to have predicted the direction of technology; self-driving cars were a near-fringe idea (Google’s first major steps were in <a href="https://en.wikipedia.org/wiki/Google_self-driving_car">2005</a>), smartphones had not yet taken off (the iPhone was launched on January 9, <a href="https://www.youtube.com/watch?v=-3gw1XddJuc">2007</a>) and 3D printing was an industrial process (the first commercial printer came out in <a href="https://3dprintingindustry.com/3d-printing-basics-free-beginners-guide/history/">2009</a>). For another thing, these policy-makers were not operating in a vacuum; the rules they were putting in place had to deal with immediate challenges and had to be built on structures and laws that dated to the turn of the millennium.</p> <p>This shortfall may actually have been a good thing for technology in 2016. Regulations and laws define and fix things, disallowing certain behaviors or requiring others. This can be hard enough to do successfully with well-understood issues, but for nascent technologies or business-models it must be exceptionally difficult. Without undue constraints, technology was able to develop “naturally”. They found business models and technical solutions that worked, then built up momentum to emerge at the stage, where today they are robust enough to be more closely scrutinized and, perhaps, regulated.</p> <p>So, following a similar pattern, should our 2016 efforts at rule-making focus on our immediate issues and leave the future to, in some sense, sort itself out? Perhaps. The emergence of advanced machine <a href="https://blogs.microsoft.com/microsoftsecure/2016/11/14/artificial-intelligence-and-cybersecurity-the-future-is-here/">learning</a> or of the Internet of Things mean those technologies can’t really be legislated for right now  because we don’t know what they will mean in practical terms for businesses and consumers, criminals and law enforcers, and so on. And yet, on the other hand, the technology of tomorrow is being shaped by the decisions of today. For example, rules currently being considered about <a href="http://arstechnica.co.uk/tech-policy/2016/11/eu-us-personal-data-flows-explainer/">data localization or cross-border data flows</a> will shape the future of cloud computing, whilst concerns over <a href="http://privacylawblog.fieldfisher.com/2015/getting-to-know-the-gdpr-part-5-your-big-data-analytics-and-profiling-activities-may-be-seriously-curtailed/">privacy</a> or <a href="https://ec.europa.eu/digital-single-market/en/modernisation-eu-copyright-rules">intellectual property</a> will shape big data and machine learning. The wrong choices now could undermine the potential of many technologies and tools.</p> <p>The answer to whether or not today’s rules are going to be appropriate for 2026 is not, therefore, black and white. We need rules today that reflect technology today, because the old rules aren’t necessarily fit for purpose any more. Equally, we have to acknowledge that rules we create today aren’t always going to last long in the face of technological evolution. This could lead us to conclude we need to have a new way of regulating technology, one that might focus on outcomes for example (and that would be a separate blog), but it could also lead us to conclude that ingenuity and innovation can thrive in the gaps we leave and can even be encouraged by imperfect situations.</p> <p>Whilst there can be no excuse for making rules that assume the world and technology won’t change over a decade, we also don’t have to constantly second guess our future at the price of having useful rules today. In 2026 we might look back at today with a similar feeling to that we currently experience on looking back at 2006: familiarity, perhaps nostalgia, combined with a sense that things really have moved. This won’t necessarily be a bad thing.</p> ]]></content:encoded> </item> <item> <title>Cybersecurity’s perfect storm</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/16/cybersecuritys-perfect-storm/</link> <pubDate>Mon, 16 Jan 2017 17:00:30 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Cybersecurity]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66626</guid> <description><![CDATA[The unprecedented scale and sophistication of modern cyberthreats, combined with the rapidly disappearing IT perimeter, means that while preventing an attack from becoming a breach is ideal, it is no longer realistic. Microsoft proactively monitors the threat landscape for those emerging threats, to help better protect our customers. This involves observing the activities of targeted activity groups across billion of machines, which are often the first ones to introduce new &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/16/cybersecuritys-perfect-storm/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p>The unprecedented scale and sophistication of modern cyberthreats, combined with the rapidly disappearing IT perimeter, means that while preventing an attack from becoming a breach is ideal, it is no longer realistic.</p> <p>Microsoft proactively monitors the threat landscape for those emerging threats, to help better protect our customers. This involves observing the activities of targeted activity groups across billion of machines, which are often the first ones to introduce new exploits and techniques that are later used by other attackers.</p> <h3>So how can organizations defend against this triple threat?</h3> <p>Organizations need an approach to security that looks holistically across all critical endpoints, at all stages of a breach—before, during, and after. This means having tools that can not only protect against compromise, but can also detect the early signs of a breach and respond rapidly before it can cause damage to your system.</p> <p>Windows Defender Advanced Threat Protection is a new post-breach security layer, designed to reduce the time it takes to detect, investigate and respond to advanced attacks. This post-breach layer, assumes breach and is designed to complement prevention technologies in the Windows 10 security stack, such as: Windows Defender Antivirus, SmartScreen, and various other OS hardening features.</p> <p>By leveraging a combination of deep behavioral sensors, coupled with powerful cloud security analytics, Windows Defender ATP offers unparalleled detection, investigation and response experience. It uses behavioral analytics proven to detect unknown attacks and security data from over 1B machines to establish what’s normal. This is then coupled with support from our own industry leading hunters. Recordings of activity across all endpoints in the last 6 months allow users to go back in time to understand what happened.</p> <h3>Windows 10 has the protection you need, built-in</h3> <p>Windows Defender ATP is built-in to Windows 10, and provides a comprehensive post-breach solution to help security teams identify suspicious threats on your network that pre-breach solutions might miss.</p> <p>Windows 10 and Windows Defender Advanced Threat Protection give you the future of cybersecurity NOW. Find out more at <a href="https://www.microsoft.com/en-us/security/devices?wt.mc_id=AID574005_QSG_BLOG_134094">Microsoft Secure</a>.</p> <p>&nbsp;</p> ]]></content:encoded> </item> <item> <title>Should we retaliate in cyberspace?</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/12/should-we-retaliate-in-cyberspace/</link> <pubDate>Thu, 12 Jan 2017 17:00:12 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66584</guid> <description><![CDATA[This post is authored by Gene Burrus, Assistant General Counsel The hack of the San Francisco transit system and the subsequent hack back by a third party makes for a twenty-first century morality tale in some ways. The perpetrator of a ransomware blackmail is given a dose of his/her own medicine, undone by his/her own poor security practices. Painted at a larger scale however, is the picture we see equally &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/12/should-we-retaliate-in-cyberspace/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Gene Burrus, Assistant General Counsel</em></p> <p>The hack of the San Francisco <a href="https://techcrunch.com/2016/11/28/san-francisco-transit-system-hit-with-ransomware/">transit system</a> and the subsequent <a href="https://techcrunch.com/2016/11/29/san-francisco-muni-hacker-gets-hacked-back/">hack back</a> by a third party makes for a twenty-first century morality tale in some ways. The perpetrator of a ransomware blackmail is given a dose of his/her own medicine, undone by his/her own poor security practices. Painted at a larger scale however, is the picture we see equally salutary? Recent accusations of state or state-sponsored hacking during the US Presidential campaign led to <a href="http://www.politico.com/story/2016/10/white-house-russia-hacking-retaliate-229622">threats of retaliation</a> between what are arguably the world’s two preeminent nuclear powers.</p> <p>At the heart of most thinking about good behavior you are likely to find the concept of consequences for actions, and even the concept of preemptive deterrence of bad actions. Those concepts of consequence and deterrence have not become embedded in our online expectations and behaviors. This may be because cyberspace is still a new “public space” and people are still working out how to behave. It is also likely, perhaps, because cyberspace allows levels of anonymity and remote actions unprecedented in the real world. People do things because they think there will be no consequences, no “pay back”. There is certainly an argument to be made, then, for hackers and cybercriminals being subject to payback in some, if for no other reason than to begin to build underpin a behavioral system in cyberspace of “<a href="https://en.wikipedia.org/wiki/Golden_Rule">do as you would be done unto</a>”.</p> <p>Is this, however, the way forward that we should collectively take? There are after all existing laws that apply to cybercriminals, and new laws are being brought into existence as both technology and criminality evolve. However, the reality of enforcement is that most cyber criminals will never be caught and operate with near impunity.</p> <p>Is “retaliation” something individuals or even companies should be able to engage in, if there is a functional legal system and a police force to do it in their place? Vigilantism, mob-justice and corporate extra-judicial actions wouldn’t look any more attractive online than they do in the real world. After all, can the retaliator be certain that the right person has been targeted? And if so, what is a proportionate response? If you hack my social media profile, is it fair for me to erase your bank account?</p> <p>Furthermore, could “attack back” policies open another potential cause of state to state conflict in cyberspace? Certainly that risk might exist if State-Owned-Enterprises (SOEs) became involved, as retaliator or retaliated-against. Even carrying out seemingly simple actions against a hacker might inadvertently breach national laws the target’s jurisdiction, thereby involving “real world” police and state institutions when previously they were not.</p> <p>On the other hand, there may be ways to ‘hack back’ that fall short of the ‘tit for tat’ retaliation that is commonly thought of, and instead facilitate catching criminals, disrupt their operations, or deprive them of the fruits of their illegal conduct. The challenge is in making cyberspace a less consequence free realm in which criminal predators can seek victims. A colleague of mine recently mentioned the digital equivalent of the “<a href="https://www.youtube.com/watch?v=3g14UE07RQM">dye packs</a>”; and the ability to trace criminals through what they steal might be helpful. Still, for every measure taken by the forces of law and order, a countermeasure can be developed by criminals and others who operate outside the law. This is not an argument for inaction but for the realization that there is unlikely to be silver bullet to cybercrime through hacking back.</p> <p>If genuine progress is to be made on this issues, the technology industry, law enforcers, lawyers and concerned society groups will have to consider at least three questions about hack back technologies and actions. First, explore what is technically feasible. Second, consider what is legal and for whom. Will law enforcement or private actors be legally allowed to use certain tools or tactics, and should some laws be changed to accommodate technical innovations that might be used to deter, track or punish criminal activity. And against the backdrop of both of these questions will be the question of what policies and tools will be wise to deploy and not do more harm than good. The intersection of these three questions may show the way forward on making cyberspace a place where crime doesn’t pay.</p> ]]></content:encoded> </item> <item> <title>Microsoft Enterprise Threat Detection</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/09/microsoft-enterprise-threat-detection/</link> <pubDate>Mon, 09 Jan 2017 17:00:23 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66539</guid> <description><![CDATA[This post is authored by Joe Faulhaber, Senior Consultant ECG Overview The Microsoft Enterprise Cybersecurity Group (ECG) consists of three pillars: Protect, Detect, and Respond. Protection in depth is always the best defense, and being able to respond to incidents and recover is key to business continuity. Solid protection and rapid response capability are tied together by detection and intelligence, and the Enterprise Threat Detection (ETD) service enables detection in &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/09/microsoft-enterprise-threat-detection/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Joe Faulhaber, Senior Consultant ECG</em></p> <h2>Overview</h2> <p>The Microsoft Enterprise Cybersecurity Group (ECG) consists of three pillars: Protect, Detect, and Respond. Protection in depth is always the best defense, and being able to respond to incidents and recover is key to business continuity. Solid protection and rapid response capability are tied together by detection and intelligence, and the Enterprise Threat Detection (ETD) service enables detection in depth with global intelligence.</p> <p>The detection technologies and intelligence data of ETD are brought together by a dedicated global team of cybersecurity analysts compounded by machine analytics. The analyst team merges deep knowledge of Windows and cyber threats with specific understanding of customer environments, becoming a virtual cybersecurity team for the enterprise. They provide in-depth technical knowledge along with reach-back into the vast resources of Microsoft. The ETD analyst team is tightly integrated with all cybersecurity teams in Microsoft, including ECG Global Incident Response and Recovery, the Microsoft Malware Protection Center, Azure Security Center, and the Microsoft Cyber Defense Operations Center. This brings the enterprise unparalleled access to Microsoft’s entire cyber security organization, enabling best-in-class detection, analysis, and actionable intelligence to detect the latest APT and other attacks.</p> <p>In addition to the analyst team, the ETD service leverages machine analytics which uses built-in Windows features to enable powerful detection that adversaries find very difficult to avoid. These unique detection capabilities are just part of the ETD story, however, customers also benefit from global ecosystem visibility from the largest malware telemetry system in the world, as well as recommended actions specific to each customer environment from Microsoft threat analysts.</p> <p>The service includes immediate alerts in the case of detection of threats. If a determined human adversary is suspected, an ETD analyst contacts the customer to further discuss the identified threat details and response steps, including the Microsoft Global Incident Response and Recovery team if required. Regular summary reports are delivered in discussion meetings with ETD analysts that cover actionable intelligence and insights. Additional analysis support is also provided as needed.</p> <p>Together, these capabilities, alerts and reports provide benefits to enterprises at all levels of cybersecurity sophistication, from those with no dedicated cyber security personnel to enterprises with world-class cybersecurity capabilities.</p> <h2>Components of Enterprise Threat Detection Service</h2> <h4>Corporate Error Reporting</h4> <p>ETD leverages Windows Error Reporting to analyze system error reports to determine if malicious code has been run on the system. This powerful technology has been a core Windows operating system component since Windows XP. It has been used extensively by Microsoft and select customers to detect novel, known, and targeted attacks across the threat lifecycle.</p> <p>ETD also extends error reporting with additional capabilities and attack detection fidelity, even for processes that never generate a Windows error event. And since the feature is built natively into Windows and runs by default, configuring endpoints for ETD is achieved through policy configuration alone.</p> <p><strong>When employed alongside the Enhanced Mitigation Experience Toolkit, ETD can detect attempted exploits at 3 times the normal detection rate.</strong></p> <h4>Cyber Threat Intelligence (CTI)</h4> <p>Cyber Threat Intelligence is a key component of Microsoft’s commitment to defending Windows and Azure customers.  With an ETD subscription, the CTI data is used to provide a view into an enterprise’s security posture and enables discovery and understanding of emerging threat events in the global ecosystem.</p> <p><strong>Microsoft’s threat intelligence includes information from all Microsoft antimalware products, resulting in a vast global data set from over a billion computers and 86 billion files.</strong> It also includes URL intelligence from SmartScreen and Bing, as well as network intelligence and indicators of compromise from the Microsoft Advanced Persistent Threat hunter teams.</p> <p>Personalized information for enterprises from Microsoft’s Digital Crimes Unit’s (DCU) Cyber Threat Intelligence Program is also included in the ETD data set, which includes sinkhole data from DCU botnet takedown operations.</p> <h2>Coordinating Microsoft Products and Services</h2> <h4>Advanced Threat Analytics (ATA)</h4> <p>ATA enables detection across identities in the enterprise, which ETD advises over and enriches with endpoint information to inform even more powerful and actionable detections.</p> <h4>Windows Defender Advanced Threat Protection (WD-ATP)</h4> <p>Microsoft has taken the approach used by ETD in previous versions of Windows and perfected it for Windows 10.  WD-ATP enables full behavioral monitoring in an enterprise with built-in sensors. ETD analysts have deep understanding of the WD-ATP data stream, and can help manage the comprehensive data to separate commodity malware events from targeted events.</p> <h2>Conclusion</h2> <p>ETD provides world-class threat detection capabilities leveraging proprietary technologies and cyber threat data sources that complement any enterprise’s cyber security strategy and deployment.  Along with custom analysis, the service, benefits enterprises at any stage of cybersecurity maturity.</p> ]]></content:encoded> </item> <item> <title>Azure Backup protects against ransomware</title> <link>https://blogs.microsoft.com/microsoftsecure/2017/01/05/azure-backup-protects-against-ransomware/</link> <pubDate>Thu, 05 Jan 2017 20:00:20 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66521</guid> <description><![CDATA[According to the most recent CRN Quarterly Ransomware Report, malicious infrastructure attacks increased 3500% in 2016 and the percentage is expected to increase in 2017. One important way that organizations can help protect against losses in a ransomware attack is to have a backup of business critical information in case other defenses fail. Since ransomware attackers have invested heavily into neutralizing backup applications and operating system features like volume shadow &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2017/01/05/azure-backup-protects-against-ransomware/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p>According to the <a href="https://incisive.cvtr.io/lp/webroot-crn?wp=645&amp;msgid=15099754">most recent CRN Quarterly Ransomware Report</a>, malicious infrastructure attacks increased 3500% in 2016 and the percentage is expected to increase in 2017. One important way that organizations can help protect against losses in a ransomware attack is to have a backup of business critical information in case other defenses fail. Since ransomware attackers have invested heavily into neutralizing backup applications and operating system features like volume shadow copy, it is critical to have backups that are inaccessible to a malicious attacker.</p> <p>The start of a new year is the perfect time to reassess your current backup strategy and policies and the impact to your business if your backup data is compromised. As security remains a high priority for our customers, Operations Management Suite (OMS) continues its commitment to offering holistic security capabilities. To demonstrate our continued investments in OMS, <a href="https://azure.microsoft.com/en-us/blog/azure-backup-security-feature/">Azure Backup released a set of new features</a> to protect your on-premises to cloud backups from ransomware.</p> <p>Your backups need to be protected from sophisticated bot and malware attacks. Permanent loss of data can have significant cost and time implications to your business. To help protect against this, Azure Backup guards against malicious attacks through deeper security, faster notifications, and extended recoverability.</p> <p>For deeper security, only users with valid Azure credentials will receive a security PIN generated by the Azure portal to allow them to backup data. If a critical backup operation is authorized, such as “delete backup data,” a notification is immediately sent so you can engage and minimize the impact to your business. If a hacker does delete backup data, Azure Backup will store the deleted backup data for up to 14 days after deletion.</p> <p>To ensure this year is your data’s most secure year yet, make revisiting your backup policy one of your new year’s resolutions.</p> <p>If you are an IT professional, you can explore the new Azure Backup capabilities by creating a <a href="https://www.microsoft.com/en-us/cloud-platform/operations-management-suite-trial">free Microsoft Operations Management Suite account</a>.</p> <p>Finally, to learn more about ransomware and strategies you can employ to protect against it, watch our webinar <a href="https://info.microsoft.com/Protecting_Against_Ransomware.html?ls=website&amp;lsd=security">Protecting Against Ransomware Threats.</a></p> <p>&nbsp;</p> ]]></content:encoded> </item> <item> <title>Microsoft Security Intelligence Report Volume 21 is now available</title> <link>https://blogs.microsoft.com/microsoftsecure/2016/12/14/microsoft-security-intelligence-report-volume-21-is-now-available/</link> <pubDate>Wed, 14 Dec 2016 15:35:39 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Cybersecurity]]></category> <category><![CDATA[Security Intelligence]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66497</guid> <description><![CDATA[The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions. Our Featured Intelligence content for this volume of the report includes three &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2016/12/14/microsoft-security-intelligence-report-volume-21-is-now-available/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">The latest volume of the Microsoft Security Intelligence Report is now available for free download at </span><a href="http://www.microsoft.com/sir"><span style="margin: 0px; color: #003399; font-family: 'Segoe UI',sans-serif; font-size: 10pt; text-decoration: none;">www.microsoft.com/sir</span></a><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">.</span></p> <p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions.</span></p> <p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Our Featured Intelligence content for this volume of the report includes three deep dive sections:</span></p> <p><i><u><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Protecting cloud infrastructure; detecting and mitigating threats using Azure Security Center:<br /> </span></u></i><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">As organizations move workloads to cloud-based services it is important that security teams keep abreast of changes in their threat posture. New threats can be encountered when adopting solutions that are fully cloud based, or when connecting on-premises environments to cloud services. This section of the report details common threats that organizations may encounter, and explains how security teams can use Azure Security Center to protect, detect, and respond to security threats against Azure cloud-based resources.</span></p> <p><i><u><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">PROMETHIUM and NEODYMIUM: parallel zero-day attacks targeting individuals in Europe:<br /> </span></u></i><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Microsoft proactively monitors the threat landscape for emerging threats, including observing the activities of targeted activity groups. The new report chronicles two activity groups, code-named PROMETHIUM and NEODYMIUM, both of which target individuals in a specific area of Europe. Both attack groups launched attack campaigns in May 2016 using the same zero-day exploit to seek information about specific individuals. Microsoft is sharing information about these groups to raise awareness of their activities, and to help individuals and organizations implement existing mitigation options that significantly reduce risk from these attack groups and other similar groups. </span></p> <p><i><u><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Ten years of exploits: a long-term study of exploitation of vulnerabilities in Microsoft software:<br /> </span></u></i><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Microsoft researchers conducted a study of security vulnerabilities and the exploitation of the most severe vulnerabilities in Microsoft software over a 10-year period ending in 2015. In the past five years vulnerability disclosures have increased across the entire industry. However, the number of remote code execution (RCE) and elevation of privilege (EOP) vulnerabilities in Microsoft software has declined significantly. The results of the study suggest that while the risk posed by vulnerabilities appeared to increase in recent years, the actualized risk of exploited vulnerabilities in Microsoft software has steadily declined.</span></p> <p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">There is a lot of other new data in this report that I hope you’ll find useful.</span></p> <p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">You can download Volume 21 of the Microsoft Security Intelligence Report at </span><a href="http://www.microsoft.com/sir"><span style="margin: 0px; color: #003399; font-family: 'Segoe UI',sans-serif; font-size: 10pt; text-decoration: none;">www.microsoft.com/sir</span></a><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">.</span></p> <p><span style="margin: 0px; color: black; font-family: 'Segoe UI',sans-serif; font-size: 10pt;">Ken Malcolmson<br /> Executive Security Advisor, Microsoft Enterprise Cybersecurity Group</span></p> ]]></content:encoded> </item> <item> <title>Cybersecurity norms challenge remains</title> <link>https://blogs.microsoft.com/microsoftsecure/2016/12/08/cybersecurity-norms-challenge-remains/</link> <pubDate>Thu, 08 Dec 2016 17:00:27 +0000</pubDate> <dc:creator><![CDATA[Paul Nicholas]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=66464</guid> <description><![CDATA[Despite the differences that exist between governments, there is a growing recognition around the world that attacks on the security and stability of the Internet threaten all nations’ interests. The reality driving this alignment is that both emerging and developed economies are internet-dependent and, equally significantly, that malicious actors can use ubiquitous technologies to attack critical systems and infrastructure. While cybercrime by non-state actors must be dealt with, it is &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2016/12/08/cybersecurity-norms-challenge-remains/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p>Despite the differences that exist between governments, there is a growing recognition around the world that attacks on the security and stability of the Internet threaten all nations’ interests. The reality driving this alignment is that both emerging and developed economies are internet-dependent and, equally significantly, that malicious actors can use ubiquitous technologies to attack critical systems and infrastructure.</p> <p>While cybercrime by non-state actors must be dealt with, it is also increasingly clear that governments need to carefully consider the impacts of their own military and intelligence actions in cyberspace, as well as those of their peers. Without some norms of state behavior in cyberspace the world could experience weakening of international security, national security, and even public safety. The potential erosion of trust citizens, consumers, and businesses have in globally interconnected information technology systems could significantly undermine our global economy.</p> <p>Against this background, the United Nations Group of Governmental Experts (UN GGE) began its next round of discussions on cybersecurity norms and confidence building measures in New York at the <a href="http://digitalwatch.giplatform.org/events/un-group-governmental-experts-developments-field-information-and-telecommunications-context"><strong>end of August</strong></a>. This new session, due to report back to the UN General Assembly in September 2017, will have to tackle a wide range of thorny issues, one of which will be the question of applicability of international law to cyberspace. How can concepts such as “use of force” be applied? How should cyberweapons be classified &#8211; as conventional weapons, weapons of mass destruction, or something else? And, as if these questions weren’t complex enough, the UN GGE is going to have to consider valid ways to handle non-state actors or quasi-non-state actors when they threaten a nation’s critical systems.</p> <p>The re-convening of the UN GGE also represents an opportunity to take stock of the norms debate so far, as well as to explore the different roles government and private sector could play in enhancing global online security. Microsoft has for some time argued that a decision-making framework is needed to help governments balance their roles as users, protectors, and exploiters of the internet. This is not an easy task for governments as they can be confronted with seemingly conflicting priorities, e.g. securing immediate economic advantages or ensuring longer-term growth of a digital economy.</p> <p>Two years ago, Microsoft set out our own <a href="http://aka.ms/cybernorms"><strong>proposals around a cyber-norms framework</strong></a>. Our view, then and now, is that government decisions should be interrogated through the lens of the various actors in cyberspace. Each actors’ objectives, the actions they could take in pursuit of those objectives, and the potential impacts of a particular decision all need to be considered. Framed this way, the norms conversation can become more precise, focusing on discussing acceptable and unacceptable objectives, which actions may be taken in pursuit of those objectives, what the possible impacts of those actions are, and whether they are acceptable for a civilized, connected society.</p> <p>Microsoft will, of course, make what contributions we can to the UN GGE and the other processes taking place to build a secure and lasting global approach to cyberspace. Our collective progress towards that goal can, I think, be judged against four key criteria. First, the approach must be practicable, rather than technically very challenging to achieve. Second, risks from complex cyber events and disruptions that could lead to conflict should be demonstrably reduced. Third, observable behavioural change needs to occur, change that clearly enhances the security of cyberspace for states, enterprises, civil society, and individual stakeholders and users. Fourth, and finally, existing risk-management concepts should be harnessed to help mitigate against escalation or to manage the potential actions of involved parties if escalation is unavoidable. Only when these criteria, or ones much like them, are met can the world feel confident in the future of the Internet, and in the economies and societies that are now dependent upon it.</p> ]]></content:encoded> </item> <item> <title>How much time do you spend on false security alerts?</title> <link>https://blogs.microsoft.com/microsoftsecure/2016/12/05/how-much-time-do-you-spend-on-false-security-alerts/</link> <pubDate>Mon, 05 Dec 2016 16:00:50 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=33887</guid> <description><![CDATA[The latest data on global threats—from malicious websites and untrusted IPs to malware and beyond—can help a company detect threats and rapidly respond. The challenge is that threat intelligence feeds are, at best, uneven in quality. Close to 70 percent of information security professionals say current threat feeds have a significant issue with timeliness, and only 31 percent rated their threat intelligence as very accurate. This lack of accuracy means &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2016/12/05/how-much-time-do-you-spend-on-false-security-alerts/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p>The latest data on global threats—from malicious websites and untrusted IPs to malware and beyond—can help a company detect threats and rapidly respond. The challenge is that threat intelligence feeds are, at best, uneven in quality.</p> <p>Close to 70 percent of information security professionals say current threat feeds have a significant issue with timeliness, and only 31 percent rated their threat intelligence as very accurate.</p> <p>This lack of accuracy means IT staff must deal with vetting the feeds themselves. And this not only takes time, it takes IT resources: 68% of security professionals say their time is consumed chasing down false alerts and sifting through more than 17,000 malware alerts each week.</p> <p>The solution to reducing this flood of data to only the most relevant alerts is not less data, it’s better data. There are three key areas to helping your security team become more efficient, and the security solution within Operations Management Suite (OMS) can help you with each.</p> <ul> <li>Increase the diversity, scale, and variety of data</li> <li>Implement machine learning and behavioral analytics</li> <li>Utilize simple tools that make mitigation more efficient</li> </ul> <p><a href="https://i0.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2016/12/Dashboard-Analytics-Mode.jpg?ssl=1"><img class="size-large wp-image-33908 aligncenter" src="https://i1.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2016/12/Dashboard-Analytics-Mode-1024x598.jpg?resize=640%2C374&#038;ssl=1" alt="dashboard-analytics-mode" data-recalc-dims="1" /></a></p> <p style="text-align: center;"><em>The Operations Management Suite dashboard gives you a comprehensive and holistic view of all your environments, helping you turn raw data into actionable insights.</em></p> <h3 style="text-align: left;">Microsoft Threat Intelligence: a global view of the threat landscape</h3> <p>To start, you must have the right data from a diverse spectrum of sources to get a true understanding of what is happening. Microsoft Threat Intelligence gathers data from the entire Microsoft footprint.</p> <blockquote><p>&#8220;<em>We have trillions of data points coming in from billions of endpoints, and it&#8217;s that ability to understand and gain insight and take action based on that data that can make the difference</em>,&#8221; said Brad Smith, President and Chief Legal Officer for Microsoft.</p></blockquote> <p>In addition to this, between our Digital Crimes Unit (DCU), the Cyber Defense Operations Command Center (CDOC), and the greater company, we employ thousands of the smartest security experts to protect our environments like Azure and Office 365. Through OMS, we share the information they gather with you, giving you unparalleled insights into the rapidly evolving threat landscape.</p> <h3>Analytics: Separate the signal from the noise</h3> <p>Operations Management Suite collects data from across your datacenters—Windows, Linux, Azure, on-premises, and AWS—and correlates it with the latest Microsoft threat intelligence to detect attacks targeting your organization. Not a list that is days old, but one that is updated in real time. It also applies behavioral analysis and anomaly detection to identify new threats, which align to known patterns of attack. You are provided with a list of the most pressing issues, immediately actionable and conveniently prioritized by the potential threat they pose.</p> <p><a href="https://i1.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2016/12/OMSS-Threat-Intelligence-Map.jpg?ssl=1"><img class="size-large wp-image-33902 aligncenter" src="https://i2.wp.com/mscorpmedia.azureedge.net/mscorpmedia/2016/12/OMSS-Threat-Intelligence-Map-1024x603.jpg?resize=640%2C377&#038;ssl=1" alt="omss-threat-intelligence-map" data-recalc-dims="1" /></a></p> <p style="text-align: center;"><em>A visual map of network traffic to known malicious IP addresses lets you quickly find and understand where real threats lie.</em></p> <h3 style="text-align: left;">Tools: Take swift and efficient action</h3> <p style="text-align: left;">The demand for qualified information security staff has never been higher. In 2016, one million information security openings are expected worldwide.4 While we can’t directly help you with hiring more security personnel, the threat intelligence within Operations Management Suite empowers your IT resources to be more efficient and helps reduce the time it takes to identify and respond to cyberthreats.</p> <p>For example:</p> <p>Operations Management Suite detects one of your computers communicating with known malicious IPs. The outgoing traffic is particularly alarming. With just a few clicks you can:</p> <ul> <li>Isolate that specific machine</li> <li>Block communication network-wide to the IPs</li> <li>Use rapid search to find other actions taken by the attacker anywhere in your network</li> </ul> <p>Learn more about Operations Management Suite and our <a href="https://www.microsoft.com/en-us/cloud-platform/security-and-compliance">approach to security</a>.</p> <p>To find out how attackers are targeting organizations today, read Anatomy of a Breach.</p> ]]></content:encoded> </item> <item> <title>Security in agile development</title> <link>https://blogs.microsoft.com/microsoftsecure/2016/12/01/security-in-agile-development/</link> <pubDate>Thu, 01 Dec 2016 16:00:53 +0000</pubDate> <dc:creator><![CDATA[Microsoft Secure Blog Staff]]></dc:creator> <category><![CDATA[Cybersecurity]]></category> <guid isPermaLink="false">http://blogs.microsoft.com/microsoftsecure/?p=33935</guid> <description><![CDATA[This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE Most enterprises’ security strategies today are multifaceted &#8211; encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. &#8230; <a href="https://blogs.microsoft.com/microsoftsecure/2016/12/01/security-in-agile-development/" class="read-more">Read more &#187;</a>]]></description> <content:encoded><![CDATA[<p><em>This post is authored by Talhah Mir, Principal PM Manager, WWIT CP ISRM ACE</em></p> <p>Most enterprises’ security strategies today are multifaceted &#8211; encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. It’s here that security can be “built in” to ensure that applications meet the security requirements of enterprises today and are aligned to a holistic, end to end security strategy.</p> <p>We recently published a white paper titled, <a href="http://aka.ms/SecurityForModernEngineering">“Security for Modern Engineering,”</a> which outlines some of the security best practices and learnings we have had on our journey to support modern engineering.  Software engineering teams everywhere are trying to achieve greater effectiveness and efficiency as they face climbing competitive pressures for differentiation, and constantly evolving customer demands. This is driving the need for significantly shorter time-to-market schedules that don’t compromise on the quality of software applications and services. To address this demand, modern engineering teams <a href="https://msdn.microsoft.com/en-us/library/mt709101.aspx">like those in Microsoft IT</a>, are adopting agile development methodologies, embracing DevOps (a merging of development and operations), and maintaining development infrastructure that support continuous integration/continuous delivery. Today, a more secure application can be a differentiator as users of applications are becoming more aware and concerned about security.</p> <p>There has never been a better time to push security automation and develop integrated security services for engineering teams as they think about operating in a modern engineering environment. Similar to how development, test, and operation roles have merged to shape today’s modern engineer, we, at Microsoft, continue to believe that a software security assurance program can yield much better results if the processes are baked seamlessly into the engineering process. This is what we advocated with the development of <a href="http://www.microsoft.com/sdl">Microsoft Security Development Lifecycle (SDL)</a> which to this day, continues to be a priority for a modern engineering practice. Security teams should leverage the momentum of automation to further enhance the security posture of their line-of-business application portfolio within their organization &#8211; helping to drive an effective, efficient, and competitive business.</p> <p>&nbsp;</p> ]]></content:encoded> </item> </channel> </rss>

<?xml version="1.0" encoding="utf-8"?> <rss xmlns:a10="http://www.w3.org/2005/Atom" version="2.0"> <channel xmlns:slash="http://purl.org/rss/1.0/modules/slash/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/"> <title>Microsoft Azure Blog</title> <link>https://azure.microsoft.com/blog/</link> <description /> <language>en-US</language> <lastBuildDate>Wed, 18 Jan 2017 15:57:19 Z</lastBuildDate> <item> <guid isPermaLink="false">azure-automation-available-in-uk-and-west-central-us-regions</guid> <category>Announcements</category> <category>Updates</category> <title>Azure Automation available in UK and West Central US regions</title> <description>Azure Automation is now available in the Azure UK and West Central US regions. </description> <pubDate>Mon, 16 Jan 2017 09:00:15 Z</pubDate> <content:encoded>&lt;p&gt;Azure Automation is now available in the Azure UK and West Central US regions. These new regions give you more options for locating Automation accounts in geographic locations that work best for you.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;You can use Azure Automation to create, monitor, deploy, and maintain resources in your Azure, on-premises, and third-party cloud environments, by using highly scalable and reliable process execution and desired state configuration engines.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;To learn more and get started with a free trial, see the &lt;a href="https://azure.microsoft.com/en-us/documentation/articles/automation-intro/"&gt;Azure Automation overview&lt;/a&gt;.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-automation-available-in-uk-and-west-central-us-regions/#comments</comments> <link>https://azure.microsoft.com/blog/azure-automation-available-in-uk-and-west-central-us-regions/</link> <dc:creator>Andres Juarez</dc:creator> </item> <item> <guid isPermaLink="false">microsoft-azure-government-is-first-commercial-cloud-to-achieve-dod-impact-level-5-provisional-authorization-general-availability-of-dod-regions</guid> <category>Announcements</category> <category>Government</category> <title>Microsoft Azure Government is First Commercial Cloud to Achieve DoD Impact Level 5 Provisional Authorization, General Availability of DoD Regions</title> <description>Furthering our commitment to be the most trusted cloud for Government, today Microsoft is proud to announce two milestone achievements in support of the US Department of Defense.</description> <pubDate>Fri, 13 Jan 2017 06:00:23 Z</pubDate> <content:encoded>&lt;p&gt;Furthering our commitment to be the most trusted cloud for Government, today Microsoft is proud to announce two milestone achievements in support of the US Department of Defense.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Information Impact Level 5 DoD Provisional Authorization by the Defense Information Systems Agency&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;Azure Government is the first commercial cloud service to be awarded an Information Impact Level 5 DoD Provisional Authorization by the Defense Information Systems Agency. This provisional authorization allows all US Department of Defense (DoD) customers to leverage Azure Government for the most sensitive controlled unclassified information (CUI), including CUI of National Security Systems.&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;DoD Authorizing Officials can use this Provisional Authorization as a baseline for input into their authorization decisions on behalf of mission owner systems using the Azure Government cloud DOD Region.&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;This achievement is the result of the collective efforts of Microsoft, DISA and its mission partners to work through requirements pertaining to the adoption of cloud computing for infrastructure, platform and productivity across the DoD enterprise.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;General Availability of DoD Regions&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;Information Impact Level 5 requires processing in dedicated infrastructure that ensures physical separation of DoD customers from non-DoD customers. Over the past few months, we ran a preview program with more than 50 customers across the Department of Defense, including all branches of the military, unified combatant commands and defense agencies.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;We are thrilled to announce the general availability of the DOD Region to all validated DoD customers. Key services covering compute, storage, networking and database are available today with full service level agreements and dedicated Azure Government support.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Dave Milton, Chief Technology Officer for Permuta Technologies, a leading provider of business solutions tailored for the military affirmed the significance of the general availability of the Azure DoD regions, saying:&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&amp;ldquo;Azure Government DOD Regions has given us the ability to deploy our SaaS offering, DefenseReady Cloud, to the US Department of Defense in a scalable, secure, and cost-effective environment. The mission-critical nature of DefenseReady Cloud requires high availability, compliance with DoD&amp;rsquo;s SRG Impact Level 5 requirements, and scalability to support our customers changing demand, with a flexible pricing structure that allow us to offer capability to large enterprises as well as local commands. With Azure Government DOD Region, we are now able to onboard a customer in weeks, not months, allowing for a time-to-value that is unparalleled when compared with on-premises or other government-sponsored options. Through our partnership, Microsoft provided direct access to product group engineers, compliance support, training, and other resources needed to bring our SaaS solution to DoD.&amp;rdquo;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;These accomplishments and the commentary of our customers and partners further reinforce our commitment to, and the strength of, our long-standing partnership with the US Department of Defense. For more information on Microsoft Cloud for Government services with Information Impact Level 5 provision authorization visit the &lt;a href="http://enterprise.microsoft.com/en-us/industries/government/dod-level5-p-ato-granted-microsoft-azure-office-365/" target="_blank"&gt;Microsoft in Government&amp;nbsp;blog&lt;/a&gt;, and for more detail on the Information Impact Level 5 Provision authorization (including in-scope services), please visit our &lt;a href="https://azure.microsoft.com/en-us/support/trust-center/compliance/" target="_blank"&gt;Microsoft Trust Center&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;To get started today, customers and mission partners may request access to our &lt;a href="http://aka.ms/azuregovtrial" target="_blank"&gt;Azure Government Trial program&lt;/a&gt;.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/microsoft-azure-government-is-first-commercial-cloud-to-achieve-dod-impact-level-5-provisional-authorization-general-availability-of-dod-regions/#comments</comments> <link>https://azure.microsoft.com/blog/microsoft-azure-government-is-first-commercial-cloud-to-achieve-dod-impact-level-5-provisional-authorization-general-availability-of-dod-regions/</link> <dc:creator>Tom Keane</dc:creator> </item> <item> <guid isPermaLink="false">new-azure-storage-release-larger-block-blobs-incremental-copy-and-more</guid> <category>Announcements</category> <category>Storage, Backup &amp; Recovery</category> <title>New Azure Storage Release – Larger Block Blobs, Incremental Copy, and more!</title> <description>Announcing new capabilities in the latest Azure Storage Service release and updates to our Storage Client Libraries</description> <pubDate>Thu, 12 Jan 2017 12:00:10 Z</pubDate> <content:encoded>&lt;p&gt;We are pleased to announce new capabilities in the latest Azure Storage Service release and updates to our Storage Client Libraries. This latest release allows users to take advantage of increased block sizes of 100 MB, which allows block blobs up to 4.77 TB, as well as features like incremental copy for page blobs and pop-receipt on add message.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;REST API version 2016-05-31&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;Version 2016-05-31 includes these changes:&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;The maximum blob size has been increased to 4.77 TB with the increase of block size to 100 MB. Check out our &lt;a href="https://azure.microsoft.com/en-us/blog/general-availability-larger-block-blobs-in-azure-storage/"&gt;previous announcement&lt;/a&gt; for more details.&lt;/li&gt;&#xD; &lt;li&gt;The &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/put-message"&gt;Put Message API&lt;/a&gt; now returns information about the message that was just added, including the pop receipt. This enables the you to call &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/update-message"&gt;Update Message&lt;/a&gt; and &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/delete-message2"&gt;Delete Message&lt;/a&gt; on the newly enqueued message.&lt;/li&gt;&#xD; &lt;li&gt;The public access level of a container is now returned from the &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/list-containers2"&gt;List Containers&lt;/a&gt; and &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-container-properties"&gt;Get Container Properties&lt;/a&gt; APIs. Previously this information could only be obtained by calling &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/get-container-acl"&gt;Get Container ACL&lt;/a&gt;.&lt;/li&gt;&#xD; &lt;li&gt;The &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/list-directories-and-files"&gt;List Directories and Files&lt;/a&gt; API now accepts a new parameter that limits the listing to a specified prefix.&lt;/li&gt;&#xD; &lt;li&gt;All Table Storage APIs now accept and enforce the timeout query parameter.&lt;/li&gt;&#xD; &lt;li&gt;The stored Content-MD5 property is now returned when requesting a range of a blob or file. Previously this was only returned for full blob and file downloads.&lt;/li&gt;&#xD; &lt;li&gt;A new &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/incremental-copy-blob"&gt;Incremental Copy Blob&lt;/a&gt; API is now available. This allows efficient copying and backup of page blob snapshots.&lt;/li&gt;&#xD; &lt;li&gt;Using If-None-Match: * will now fail when reading a blob. Previously this header was ignored for blob reads.&lt;/li&gt;&#xD; &lt;li&gt;During authentication, the canonicalized header list now includes headers with empty values. Previously these were omitted from the list.&lt;/li&gt;&#xD; &lt;li&gt;Several error messages have been clarified or made more specific. See the full list of changes in the &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/azure-storage-services-rest-api-reference"&gt;REST API Reference&lt;/a&gt;.&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;Check out the &lt;a href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/azure-storage-services-rest-api-reference"&gt;REST API Reference&lt;/a&gt; documentation to learn more.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;New client library features&lt;/h2&gt;&#xD; &#xD; &lt;h3&gt;.NET Client Library (version 8.0.1)&lt;/h3&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;All the service features listed above&lt;/li&gt;&#xD; &lt;li&gt;Support for portable class library (through the NetStandard 1.0 Fa&amp;ccedil;ade)&lt;/li&gt;&#xD; &lt;li&gt;Key rotation for client side encryption for blobs, tables/ and queues&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;For a complete list of changes, check out the &lt;a href="https://github.com/Azure/azure-storage-net/blob/master/changelog.txt"&gt;change log&lt;/a&gt; in our Github repository.&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;Storage Emulator&lt;/h3&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;All the service features listed above&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;The storage emulator v4.6 is available as part of the latest &lt;a href="https://azure.microsoft.com/downloads/"&gt;Microsoft Azure SDK&lt;/a&gt;. You can also install the storage emulator using the &lt;a href="https://go.microsoft.com/fwlink/?LinkId=717179&amp;amp;clcid=0x409"&gt;standalone installer&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;We&amp;rsquo;ll also be releasing new client libraries for Java, C++, Python and NodeJS to support the latest REST version in the next few weeks along with a new AzCopy release. Stay tuned!&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/new-azure-storage-release-larger-block-blobs-incremental-copy-and-more/#comments</comments> <link>https://azure.microsoft.com/blog/new-azure-storage-release-larger-block-blobs-incremental-copy-and-more/</link> <dc:creator>Sercan Guler</dc:creator> </item> <item> <guid isPermaLink="false">azure-networking-fridays-with-the-azure-black-belt-team-winter-2017</guid> <category>Virtual Machines</category> <category>Cloud Strategy</category> <category>Networking</category> <category>Security</category> <title>Azure Networking Fridays with the Azure Black Belt Team – Winter 2017!</title> <description>Happy 2017 everyone! After wrapped up the Fall 2016 season of Azure Networking Fridays, we're kicking off the 2017 winter edition! With that said, join us for our season's premiere on January 20th!…</description> <pubDate>Thu, 12 Jan 2017 11:00:00 Z</pubDate> <content:encoded>&lt;p&gt;Happy 2017 everyone! After wrapping up the Fall 2016 season of Azure Networking Fridays, we&amp;#39;re kicking off the 2017 Winter edition!&lt;/p&gt;&#xD; &#xD; &lt;p&gt;With that said, join us for our season&amp;#39;s premiere on January 20&lt;sup&gt;th&lt;/sup&gt;!&lt;/p&gt;&#xD; &#xD; &lt;p&gt;This hour long session will occur every other Friday this winter and spring. It is open to all customers and partners to learn more about Azure Networking, including ExpressRoute and Virtual Networking, and how to plan and design their connectivity to the Microsoft Cloud.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;There will be an open Q&amp;amp;A session at the end where customers can ask the experts. Content and partner speakers will vary for each session, but the general agenda is as follows:&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;Azure Networking fundamentals (10 minutes)&lt;/li&gt;&#xD; &lt;li&gt;Deep dive topic of the week (15-20 minutes)&lt;/li&gt;&#xD; &lt;li&gt;Partner spotlight of the week (15-20 minutes)&lt;/li&gt;&#xD; &lt;li&gt;Q&amp;amp;A&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;We&amp;rsquo;re kicking off the winter edition series on &lt;strong&gt;Friday, January 20&lt;sup&gt;th&lt;/sup&gt;, 2017&lt;/strong&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Join the &lt;a href="https://meet.lync.com/microsoft/omartin/JJHKTG25" target="_blank"&gt;Skype Meeting&lt;/a&gt; and make sure you don&amp;rsquo;t miss out on future sessions by adding this the series to your &lt;a href="https://azurenetworkingfridays.blob.core.windows.net/webinar-content/ANF-W2017.ics" target="_blank"&gt;Outlook calendar&lt;/a&gt;. You can also &lt;a href="http://azurenetworkingfridays.blob.core.windows.net/webinar-content/ANF-W2017.ics"&gt;download ICS&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Here are a few links that we&amp;rsquo;re posting for convenience:&lt;/h2&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;Future session recordings will be posted on &lt;a href="http://channel9.msdn.com/Shows/Azure-Networking-Fridays/"&gt;Channel 9&lt;/a&gt;. Previous sessions are already posted on Channel 9.&lt;/li&gt;&#xD; &lt;li&gt;&lt;a href="https://aka.ms/ERCheckList" target="_blank"&gt;https://aka.ms/ERCheckList&lt;/a&gt; for the check list presented in our sessions.&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;h2&gt;January 20&lt;sup&gt;th&lt;/sup&gt;&amp;rsquo;s call agenda:&lt;/h2&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;Deep dive topic with a Microsoft Guest!&lt;/li&gt;&#xD; &lt;li&gt;Partner Spotlight with Cisco&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-networking-fridays-with-the-azure-black-belt-team-winter-2017/#comments</comments> <link>https://azure.microsoft.com/blog/azure-networking-fridays-with-the-azure-black-belt-team-winter-2017/</link> <dc:creator>Olivier Martin</dc:creator> </item> <item> <guid isPermaLink="false">azure-analysis-services-now-available-in-southeast-asia-and-east-us-2</guid> <category>Announcements</category> <category>Data Warehouse</category> <category>Business Intelligence</category> <title>Azure Analysis Services now available in Southeast Asia and East US 2</title> <description>Last year in October we released the preview of Azure Analysis Services, which is built on the proven analytics engine in Microsoft SQL Server Analysis Services. With Azure Analysis Services you can…</description> <pubDate>Thu, 12 Jan 2017 10:00:00 Z</pubDate> <content:encoded>&lt;p&gt;Last year in October we released the preview of Azure Analysis Services, which is built on the proven analytics engine in Microsoft SQL Server Analysis Services. With Azure Analysis Services you can host semantic data models in the cloud. Users in your organization can then connect to your data models using tools like Excel, Power BI, and many others to create reports and perform ad-hoc data analysis.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;We are excited to share with you that the preview of Azure Analysis Services is now available in 2 additional regions: &lt;strong&gt;Southeast Asia&lt;/strong&gt; and &lt;strong&gt;East US 2&lt;/strong&gt;.&amp;nbsp; This means that Azure Analysis Services is available in the following regions: Southeast Asia, North Europe, West Europe, West US, South Central US, East US 2 and West Central US.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;New to Azure Analysis Services? Find out how you can try&amp;nbsp;&lt;a href="https://azure.microsoft.com/en-us/services/analysis-services/"&gt;Azure Analysis Services&lt;/a&gt; or learn how to &lt;a href="https://azure.microsoft.com/en-us/blog/first-azure-as/?utm_content=bufferf7c1b&amp;amp;utm_medium=social&amp;amp;utm_source=twitter.com&amp;amp;utm_campaign=buffer"&gt;create your first data model&lt;/a&gt;.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-analysis-services-now-available-in-southeast-asia-and-east-us-2/#comments</comments> <link>https://azure.microsoft.com/blog/azure-analysis-services-now-available-in-southeast-asia-and-east-us-2/</link> <dc:creator>Josh Caplan</dc:creator> </item> <item> <guid isPermaLink="false">azure-virtual-machine-internals-part-2</guid> <category>IT Pro/DevOps</category> <category>Developer</category> <category>Virtual Machines</category> <title>Azure Virtual Machine Internals – Part 2</title> <description>Peek under the covers of how an Azure VM works and get to know some of the internal details.</description> <pubDate>Thu, 12 Jan 2017 09:00:08 Z</pubDate> <content:encoded>&lt;h2&gt;Continuation from Part 1&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;In &lt;a href="https://azure.microsoft.com/en-us/blog/azure-virtual-machine-internals-part-1/"&gt;Azure Virtual Machine Internals Part 1&lt;/a&gt; we created a vanilla Windows VM and spent some time poking under the covers and following the leads. In this part we will modify the VM that was created earlier.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Add Disk&lt;/h2&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm disk attach-new -g BlogRG -n BlogWindowsVM -z 60 -d newdatadisk -c ReadWrite -o blogrgdisks562 -r newdatadiskc&#xD; &#xD; info: Executing command vm disk attach-new&#xD; &#xD; + Looking up the VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; + Looking up the storage account blogrgdisks562&#xD; &#xD; info: New data disk location: https://blogrgdisks562.blob.core.windows.net/newdatadiskc/newdatadisk.vhd&#xD; &#xD; + Updating VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; info: vm disk attach-new command OK&#xD; &#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm show -g BlogRG -n BlogWindowsVM -d full --json&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Snippet below:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; {&#xD; &#xD; &amp;quot;lun&amp;quot;: 1,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;newdatadisk&amp;quot;,&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/newdatadiskc/newdatadisk.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;Empty&amp;quot;,&#xD; &#xD; &amp;quot;diskSizeGB&amp;quot;: 60&#xD; &#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Note that the caching is by default set to readwrite &amp;ndash; this means that in addition to read transactions, write transactions are cached and lazily flushed to durable storage. So if the VM fails for whatever reason before the data is flushed, data will be lost. The topic of data disks including &lt;a href="http://blogs.msdn.microsoft.com/windowsazurestorage/2012/06/27/exploring-windows-azure-drives-disks-and-images/"&gt;caching is discussed&lt;/a&gt;. Set this option to a value that is appropriate for your application.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;At this stage you would have to RDP into the VM and initialize, partition and format the disk. This can be tedious for large number of VMs or disks. There is an example where you can use &lt;a href="http://blogs.technet.microsoft.com/heyscriptingguy/2013/05/29/use-powershell-to-initialize-raw-disks-and-to-partition-and-format-volumes/"&gt;automation&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Capture&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;RDP to the VM and sysprep, generalize, shutdown.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;img alt="Run Sysprep" border="0" height="252" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/141ddd5b-c3bd-4e96-aa52-6865eee5386a.png" width="342"&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The VM shows as stopped in the Portal, as expected.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;img border="0" height="311" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/97988ee2-2d91-4198-afd7-5008077f5ede.jpeg" width="624"&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The warning about continuing to incur the compute charges is important. Azure charges customers for the usages VM incurs. Sticking to the core resources, VMs can independently incur Compute, Storage and Networking charges.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Compute charge is incurred if a VM is provisioned. The charge is incurred even if VM is in &amp;lsquo;stopped&amp;rsquo; state (as shown by the warning above) because Azure has still provisioned that VM slot for the customer. The only way to avoid incurring the compute charge is to stop-dellocate or to deprovision the VM.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Stop-deallocating a VM deallocates the VM slot so it could be allocated to another customer. However, the definition of the VM along with its state in disks is maintained so that the VM can be re-provisioned at customer&amp;rsquo;s choice. While a Stop-deallocated VM will not accrue Compute charges, it will continue to accrue the Storage charges as the disks are not deleted.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;At this stage we have a generalized VM which means that the OS disk does not have the OS customizations were made when the VM was initially created including settings like locale, timezone, admin credentials, etc. Let&amp;rsquo;s see what happens if we try to &amp;lsquo;start&amp;rsquo; the stopped VM from portal. The &amp;lsquo;start&amp;rsquo; operation does a simple power-start and does not take the VM thru its specialize sequence as part of provisioning.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Clicking &amp;lsquo;Start&amp;rsquo; in Portal and after a few seconds the VM shows a &amp;lsquo;Running&amp;rsquo;. Try to RDP into it &amp;ndash; RDP times out. Boot Diagnostics to rescue.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;img alt="https://blogrgdiag337.blob.core.windows.net/bootdiagnostics-blogwindo-694733ec-46a0-4e0b-a73b-ee0863a0f12c/BlogWindowsVM.694733ec-46a0-4e0b-a73b-ee0863a0f12c.screenshot.bmp" border="0" height="468" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/ee9b7115-de62-4700-b61a-f8c3de2322c7.jpeg" width="624"&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;As expected, this VM has detected that its disk is generalized and is in the &amp;lsquo;specialization&amp;rsquo; sequence waiting for customer input. This VM cannot be started successfully.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;When we sysprep a VM and have generalized its disk, we have to follow thru with following management operations to realize a generalized image that can be used to create one or more new VMs.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;u&gt;Stop VM &lt;/u&gt;&amp;ndash; powers down the VM&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm stop -g BlogRG -n BlogWindowsVM&#xD; &#xD; info: Executing command vm stop&#xD; &#xD; + Looking up the VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; warn: VM shutdown will not release the compute resources so you will be billed for the compute resources that this Virtual Machine uses.&#xD; &#xD; info: To release the compute resources use &amp;quot;azure vm deallocate&amp;quot;.&#xD; &#xD; + Stopping the virtual machine &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; info: vm stop command OK&#xD; &#xD; &lt;u&gt;Generalize &lt;/u&gt;&amp;ndash; meta data change on the VM to mark it generalized&#xD; &#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm generalize -g BlogRG -n BlogWindowsVM&#xD; &#xD; info: Executing command vm generalize&#xD; &#xD; + Looking up the VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; + Generalizing the virtual machine &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; info: vm generalize command OK&#xD; &#xD; &lt;u&gt;Capture &lt;/u&gt;&amp;ndash;&#xD; &#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm capture -g BlogRG -n BlogWindowsVM -p CaptureBlogWVM -R capturecontainer -t C:\temp\CaptureVMTemplate.json&#xD; &#xD; info: Executing command vm capture&#xD; &#xD; + Looking up the VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; + Capturing the virtual machine &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; info: Saved template to file &amp;quot;C:\temp\CaptureVMTemplate.json&amp;quot;&#xD; &#xD; info: vm capture command OK&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The template generated can be used to create new VMs based on the generalized image.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Looking at the storage profile of CaptureVMTemplate.json&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;storageProfile&amp;quot;: {&#xD; &#xD; &amp;quot;osDisk&amp;quot;: {&#xD; &#xD; &amp;quot;osType&amp;quot;: &amp;quot;Windows&amp;quot;,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;FromImage&amp;quot;,&#xD; &#xD; &amp;quot;image&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd"&gt;&lt;u&gt;https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&lt;/u&gt;&lt;/a&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Above is the URL of the generalized image that the capture operation has generated. You will notice that the image is a page blob VHD just like any other disk VHD. From the Visual Studio Cloud Explorer we can see the three captured VHDs for the OS data and two data disks. In storage terms they are blob snapshots of the disk page blobs. You will notice that the blob snapshots are in the same storage account as the original disks &amp;ndash; blogrgdisks562&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;img border="0" height="103" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/3c6c5b9f-27cf-4105-81cf-4a00d0037365.jpeg" width="624"&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Looking at the detail of the generalized OS disk blob (using the command, node azure storage blob list -vv ) we will notice a few things:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; {&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;,&#xD; &#xD; &amp;quot;lastModified&amp;quot;: &amp;quot;Sun, 21 Aug 2016 19:14:25 GMT&amp;quot;,&#xD; &#xD; &amp;quot;etag&amp;quot;: &amp;quot;0x8D3C9F75DB60C73&amp;quot;,&#xD; &#xD; &amp;quot;contentLength&amp;quot;: &amp;quot;136367309312&amp;quot;,&#xD; &#xD; &amp;quot;contentSettings&amp;quot;: {&#xD; &#xD; &amp;quot;contentType&amp;quot;: &amp;quot;application/octet-stream&amp;quot;,&#xD; &#xD; &amp;quot;contentEncoding&amp;quot;: &amp;quot;&amp;quot;,&#xD; &#xD; &amp;quot;contentLanguage&amp;quot;: &amp;quot;&amp;quot;,&#xD; &#xD; &amp;quot;contentMD5&amp;quot;: &amp;quot;en7n+5uiKTbMlrhW59lEGg==&amp;quot;,&#xD; &#xD; &amp;quot;cacheControl&amp;quot;: &amp;quot;&amp;quot;,&#xD; &#xD; &amp;quot;contentDisposition&amp;quot;: &amp;quot;&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;sequenceNumber&amp;quot;: &amp;quot;8&amp;quot;,&#xD; &#xD; &amp;quot;blobType&amp;quot;: &amp;quot;PageBlob&amp;quot;,&#xD; &#xD; &amp;quot;lease&amp;quot;: {&#xD; &#xD; &amp;quot;status&amp;quot;: &amp;quot;unlocked&amp;quot;,&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;This is a generalized image and as such unlocked with no outstanding lease&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;state&amp;quot;: &amp;quot;available&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;copy&amp;quot;: {&#xD; &#xD; &amp;quot;id&amp;quot;: &amp;quot;b069a713-599d-44ad-85d0-e7e255f9a92c&amp;quot;,&#xD; &#xD; &amp;quot;progress&amp;quot;: &amp;quot;136367309312/136367309312&amp;quot;,&#xD; &#xD; &amp;quot;bytesCopied&amp;quot;: 136367309312,&#xD; &#xD; &amp;quot;totalBytes&amp;quot;: 136367309312,&#xD; &#xD; &amp;quot;source&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd?sv=2014-02-14&amp;amp;sr=b&amp;amp;sk=system-1&amp;amp;sig=HTMp66d7wK37Cc12cb2LzDsS6w1YjGyHsIHxPjR2%2F%2F8%3D&amp;amp;st=2016-08-21T18%3A59%3A23Z&amp;amp;se=2016-08-21T20%3A14%3A23Z&amp;amp;sp=rw"&gt;https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd?sv=2014-02-14&amp;amp;sr=b&amp;amp;sk=system-1&amp;amp;sig=HTMp66d7wK37Cc12cb2LzDsS6w1YjGyHsIHxPjR2%2F%2F8%3D&amp;amp;st=2016-08-21T18%3A59%3A23Z&amp;amp;se=2016-08-21T20%3A14%3A23Z&amp;amp;sp=rw&lt;/a&gt;,&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;This is the source blob which is still the OS disk on the stopped VM, BlogWindowsVM. By following the copy trail, you can trace how the blobs are getting copied. BTW, the source blob still has an infinite lease (not shown here) against it since it is attached as a disk to a VM.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;status&amp;quot;: &amp;quot;success&amp;quot;,&#xD; &#xD; &amp;quot;completionTime&amp;quot;: &amp;quot;Sun, 21 Aug 2016 19:14:25 GMT&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;metadata&amp;quot;: {&#xD; &#xD; &amp;quot;microsoftazurecompute_capturedvmkey&amp;quot;: &amp;quot;/Subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/ResourceGroups/BLOGRG/VMs/BLOGWINDOWSVM&amp;quot;,&#xD; &#xD; &amp;quot;microsoftazurecompute_imagetype&amp;quot;: &amp;quot;OSDisk&amp;quot;,&#xD; &#xD; &amp;quot;microsoftazurecompute_osstate&amp;quot;: &amp;quot;Generalized&amp;quot;,&#xD; &#xD; &amp;quot;microsoftazurecompute_ostype&amp;quot;: &amp;quot;Windows&amp;quot;&#xD; &#xD; }&#xD; &#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Continuation of the capture template json-&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/vmcontainerb05604df-5f0f-4ef2-ab18-76ab7b644cfd/osDisk.b05604df-5f0f-4ef2-ab18-76ab7b644cfd.vhd"&gt;&lt;u&gt;https://blogrgdisks562.blob.core.windows.net/vmcontainerb05604df-5f0f-4ef2-ab18-76ab7b644cfd/osDisk.b05604df-5f0f-4ef2-ab18-76ab7b644cfd.vhd&lt;/u&gt;&lt;/a&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The Vhd URI as mentioned above does not exist yet. It will be created when this template is deployed.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;If you intend to create multiple VMs using this template then the VHD uri will have to be changed to be unique from the second VM onwards.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;dataDisks&amp;quot;: [&#xD; &#xD; {&#xD; &#xD; &amp;quot;lun&amp;quot;: 0,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;CaptureBlogWVM-dataDisk-0.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;FromImage&amp;quot;,&#xD; &#xD; &amp;quot;image&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-dataDisk-0.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/vmcontainerb05604df-5f0f-4ef2-ab18-76ab7b644cfd/dataDisk-0.b05604df-5f0f-4ef2-ab18-76ab7b644cfd.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;&#xD; &#xD; },&#xD; &#xD; {&#xD; &#xD; &amp;quot;lun&amp;quot;: 1,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;CaptureBlogWVM-dataDisk-1.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;FromImage&amp;quot;,&#xD; &#xD; &amp;quot;image&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-dataDisk-1.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/vmcontainerb05604df-5f0f-4ef2-ab18-76ab7b644cfd/dataDisk-1.b05604df-5f0f-4ef2-ab18-76ab7b644cfd.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;&#xD; &#xD; }&#xD; &#xD; ]&#xD; &#xD; },&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;At this point of time, the original VM is stopped but still accumulating usage charges for Compute and Storage. If we intend to leave the VM stopped for a length of time, we can save on the Compute charges by stop deallocating the VM &amp;ndash; it will deallocate the VM on the Hyper-V host but retains the VM meta-data and the disk blobs in Storage.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm deallocate -g BlogRG -n BlogWindowsVM&#xD; &#xD; info: Executing command vm deallocate&#xD; &#xD; + Looking up the VM &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; + Deallocating the virtual machine &amp;quot;BlogWindowsVM&amp;quot;&#xD; &#xD; info: vm deallocate command OK&#xD; &#xD; get-instance-view command will show the VM status as deallocated (snippets of result below)&#xD; &#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm get-instance-view -g blogrg -n blogwindowsvm &amp;ndash;json&#xD; &#xD; &amp;quot;osDisk&amp;quot;: {&#xD; &#xD; &amp;quot;osType&amp;quot;: &amp;quot;Windows&amp;quot;,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;BlogWindowsVM&amp;quot;,&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd"&gt;&lt;u&gt;https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd&lt;/u&gt;&lt;/a&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Even when the VM is stop-deallocated, the OS and data disks are retained&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;FromImage&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;dataDisks&amp;quot;: [&#xD; &#xD; {&#xD; &#xD; &amp;quot;lun&amp;quot;: 0,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;BlogWindowsVM-20160814-191501427&amp;quot;,&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM-20160814-191501427.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;Empty&amp;quot;,&#xD; &#xD; &amp;quot;diskSizeGB&amp;quot;: 50&#xD; &#xD; },&#xD; &#xD; {&#xD; &#xD; &amp;quot;lun&amp;quot;: 1,&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;newdatadisk&amp;quot;,&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;https://blogrgdisks562.blob.core.windows.net/newdatadiskc/newdatadisk.vhd&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;Empty&amp;quot;,&#xD; &#xD; &amp;quot;diskSizeGB&amp;quot;: 60&#xD; &#xD; }&#xD; &#xD; ]&#xD; &#xD; &#xD; ---&#xD; &#xD; ---&#xD; &#xD; &amp;quot;statuses&amp;quot;: [&#xD; &#xD; {&#xD; &#xD; &amp;quot;code&amp;quot;: &amp;quot;ProvisioningState/succeeded&amp;quot;,&#xD; &#xD; &amp;quot;level&amp;quot;: &amp;quot;Info&amp;quot;,&#xD; &#xD; &amp;quot;displayStatus&amp;quot;: &amp;quot;Provisioning succeeded&amp;quot;,&#xD; &#xD; &amp;quot;time&amp;quot;: &amp;quot;2016-08-22T02:58:42.797Z&amp;quot;&#xD; &#xD; },&#xD; &#xD; {&#xD; &#xD; &amp;quot;code&amp;quot;: &amp;quot;OSState/generalized&amp;quot;,&#xD; &#xD; &amp;quot;level&amp;quot;: &amp;quot;Info&amp;quot;,&#xD; &#xD; &amp;quot;displayStatus&amp;quot;: &amp;quot;VM generalized&amp;quot;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;OS is generalized, so this VM can be recreated by specializing it&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &#xD; {&#xD; &#xD; &amp;quot;code&amp;quot;: &amp;quot;PowerState/deallocated&amp;quot;,&#xD; &#xD; &amp;quot;level&amp;quot;: &amp;quot;Info&amp;quot;,&#xD; &#xD; &amp;quot;displayStatus&amp;quot;: &amp;quot;VM deallocated&amp;quot;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Compute VM resources are deallocated&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Even when a VM is deallocated, its disk storage blobs are still locked like when the VM was running. This is to prevent them from being accidentally deleted.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Looking at the blob properties of the disk blob you will notice that Azure continues to maintain an infinite lease on the blob.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure storage blob list -vv&#xD; &#xD; name: &amp;#39;BlogWindowsVM-20160814-191501427.vhd&amp;#39;,&#xD; &#xD; lastModified: &amp;#39;Sun, 21 Aug 2016 19:10:50 GMT&amp;#39;,&#xD; &#xD; etag: &amp;#39;0x8D3C9F6DD886DB5&amp;#39;,&#xD; &#xD; contentLength: &amp;#39;53687091712&amp;#39;,&#xD; &#xD; contentSettings: {&#xD; &#xD; contentType: &amp;#39;application/octet-stream&amp;#39;,&#xD; &#xD; contentEncoding: &amp;#39;&amp;#39;,&#xD; &#xD; contentLanguage: &amp;#39;&amp;#39;,&#xD; &#xD; contentMD5: &amp;#39;&amp;#39;,&#xD; &#xD; cacheControl: &amp;#39;&amp;#39;,&#xD; &#xD; contentDisposition: &amp;#39;&amp;#39;&#xD; &#xD; },&#xD; &#xD; sequenceNumber: &amp;#39;1&amp;#39;,&#xD; &#xD; blobType: &amp;#39;PageBlob&amp;#39;,&#xD; &#xD; lease: {&#xD; &#xD; status: &amp;#39;locked&amp;#39;,&#xD; &#xD; state: &amp;#39;leased&amp;#39;,&#xD; &#xD; duration: &amp;#39;infinite&amp;#39;&#xD; &#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;h2&gt;Cloning VMs&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;At this point of time we can clone VMs from the generalized image that we captured. We can either use the capture template json or create a new image using the FromImage option with the generalized image as the parameter value.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;I grabbed a template from Azure Quickstart templates and modified it just enough and deployed it to create a new VM of name CopyBlogVM.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure group deployment create -g BlogRG -n CopyVMDeployment -f &amp;quot;C:\temp\copyvmtemplate\template.json&amp;quot; -e &amp;quot;C:\temp\copyvmtemplate\parameters.json&amp;quot;&#xD; &#xD; info: Executing command group deployment create&#xD; &#xD; + Initializing template configurations and parameters&#xD; &#xD; + Creating a deployment&#xD; &#xD; info: Created template deployment &amp;quot;CopyVMDeployment&amp;quot;&#xD; &#xD; + Waiting for deployment to complete&#xD; &#xD; +&#xD; &#xD; The relevant snippet from the VM template is the storage profile:&#xD; &#xD; &amp;quot;storageProfile&amp;quot;: {&#xD; &#xD; &amp;quot;osDisk&amp;quot;: {&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;[concat(parameters(&amp;#39;virtualMachineName&amp;#39;),&amp;#39;-osDisk&amp;#39;)]&amp;quot;,&#xD; &#xD; &amp;quot;osType&amp;quot;: &amp;quot;[parameters(&amp;#39;osType&amp;#39;)]&amp;quot;,&#xD; &#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;,&#xD; &#xD; &amp;quot;createOption&amp;quot;: &amp;quot;fromImage&amp;quot;,&#xD; &#xD; image&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;[parameters(&amp;#39;osDiskVhdUri&amp;#39;)]&amp;quot;&#xD; &#xD; },&#xD; &#xD; &amp;quot;vhd&amp;quot;: {&#xD; &#xD; &amp;quot;uri&amp;quot;: &amp;quot;[concat(concat(reference(resourceId(&amp;#39;blogrg&amp;#39;, &amp;#39;Microsoft.Storage/storageAccounts&amp;#39;, parameters(&amp;#39;storageAccountName&amp;#39;)), &amp;#39;2015-06-15&amp;#39;).primaryEndpoints[&amp;#39;blob&amp;#39;], &amp;#39;vhds/&amp;#39;), parameters(&amp;#39;virtualMachineName&amp;#39;), &amp;#39;20161228010921.vhd&amp;#39;)]&amp;quot;&#xD; &#xD; }&#xD; &#xD; },&#xD; &#xD; &amp;quot;dataDisks&amp;quot;: []&#xD; &#xD; },&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The OsDiskvhdUri is set in the parameters file to the generalized image file&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;osDiskVhdUri&amp;quot;: {&#xD; &#xD; &amp;quot;value&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd"&gt;&lt;u&gt;https://blogrgdisks562.blob.core.windows.net/system/Microsoft.Compute/Images/capturecontainer/CaptureBlogWVM-osDisk.694733ec-46a0-4e0b-a73b-ee0863a0f12c.vhd&lt;/u&gt;&lt;/a&gt;&#xD; &#xD; },&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The CopyBlogVM creates successfully with an OS disk that starts out as a copy of the generalized OS disk referred to by OsDiskvhdUri. Using the generalized OD disk as a template, any number of new VMs can be stamped out. A common scenario would be to capture a generalized VM with new updates/patches and then create new VMs based on the updated image.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;In Conclusion&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;In the two posts we have covered some of the details on how an Azure VM works under the covers. There are other capabilities that we have not covered including backup, encryption, licensing, planned maintenance and networking details. Time permitting,&amp;nbsp;we will visit these topics in future posts.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-virtual-machine-internals-part-2/#comments</comments> <link>https://azure.microsoft.com/blog/azure-virtual-machine-internals-part-2/</link> <dc:creator>Yunus Mohammed</dc:creator> </item> <item> <guid isPermaLink="false">azure-sql-database-is-increasing-the-read-and-write-performance</guid> <category>Announcements</category> <category>Developer</category> <category>Database</category> <title>Azure SQL Database is increasing read and write performance</title> <description>Azure SQL Database is increasing the read and writer performance</description> <pubDate>Wed, 11 Jan 2017 10:00:05 Z</pubDate> <content:encoded>&lt;p&gt;It is our pleasure to announce that we have doubled the write performance across all Azure SQL Database offers and additionally have doubled the read performance for our Premium databases. These performance upgrades come with no price change and are available world-wide.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The increased performance will allow for price optimization of existing workloads as well as for onboarding of even more demanding workloads to the platform.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Especially heavy OLTP workloads in Premium database with random read patterns will benefit from the increases read performance and may fit into a smaller performance tier than they are running in today. In general, if your Premium workload is below 50% DTU utilization now, you may be able to run in the next lower Premium performance level.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The increase in write performance will benefit bulk inserts, heavy batched data manipulation and index maintenance operations. You may notice up to double the logical insert throughput or 1/2 of the previous response times.&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;Learn More:&lt;/h3&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;&#xD; &lt;p&gt;&lt;a href="https://azure.microsoft.com/en-us/services/sql-database/"&gt;What is Azure SQL Database&lt;/a&gt;&lt;/p&gt;&#xD; &lt;/li&gt;&#xD; &lt;li&gt;&#xD; &lt;p&gt;&lt;a href="https://portal.azure.com/#create/Microsoft.SQLDatabase"&gt;Create a SQL Database&lt;/a&gt; or an &lt;a href="https://portal.azure.com/#create/Microsoft.SQLElasticDatabasePool"&gt;Elastic Database Pool&lt;/a&gt;&lt;/p&gt;&#xD; &lt;/li&gt;&#xD; &lt;li&gt;&#xD; &lt;p&gt;&lt;a href="https://azure.microsoft.com/en-us/pricing/details/sql-database/"&gt;Azure SQL Database Pricing&lt;/a&gt;&lt;/p&gt;&#xD; &lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-sql-database-is-increasing-the-read-and-write-performance/#comments</comments> <link>https://azure.microsoft.com/blog/azure-sql-database-is-increasing-the-read-and-write-performance/</link> <dc:creator>Jan Engelsberg</dc:creator> </item> <item> <guid isPermaLink="false">azure-virtual-machine-internals-part-1</guid> <category>Virtual Machines</category> <title>Azure Virtual Machine Internals – Part 1</title> <description>Peek under the covers of how an Azure VM works and get to know some of the internal details.</description> <pubDate>Wed, 11 Jan 2017 09:00:05 Z</pubDate> <content:encoded>&lt;h2&gt;Introduction&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The Azure cloud services are composed of elements from Compute, Storage, and Networking. The compute building block is a Virtual Machine (VM), which is the subject of discussion in this post. Web search will yield large amounts of documentation regarding the commands, APIs and UX for creating and managing VMs. This is not a 101 or &amp;lsquo;How to&amp;rsquo; and the reader is for the most part expected to already be familiar with the topics of VM creation and management. The goal of this series is to look at what is happening under the covers as a VM goes thru its various states.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Azure provides IaaS and PaaS VMs; in this post when we refer to a VM we mean the IaaS VM. There are two control plane stacks in Azure, Azure Service Management (ASM) and Azure Resource Manager (ARM). We will be limiting ourselves to ARM since it is the forward looking control plane.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;ARM exposes resources like VM, NIC but in reality ARM is a thin frontend layer and the resources themselves are exposed by lower level resource providers like Compute Resource Provider (CRP), Network Resource Provider (NRP) and Storage Resource Provider (SRP). Portal calls ARM which in turn calls the resource providers.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Getting Started&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;For most of the customers, their first experience creating a VM is in the &lt;a href="http://portal.azure.com/"&gt;Azure Portal&lt;/a&gt;. I did the same and created a VM of size &amp;lsquo;Standard DS1 v2&amp;rsquo; in the West US region. I mostly stayed with the defaults that the UI presented but chose to add a &amp;lsquo;CustomScript&amp;rsquo; extension. When prompted I provided a local file &amp;lsquo;Sample.ps&amp;rsquo; as the PowerShell script for the &amp;lsquo;CustomScript&amp;rsquo; extension. The PS script itself is a single line Get-Process.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The VM provisioned successfully but the overall ARM template deployment failed (bright red on my Portal dashboard). Couple clicks showed that the &amp;lsquo;CustomScript&amp;rsquo; extension had failed and the Portal showed this message:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; {&#xD; &amp;quot;status&amp;quot;: &amp;quot;Failed&amp;quot;,&#xD; &amp;quot;error&amp;quot;: {&#xD; &amp;quot;code&amp;quot;: &amp;quot;ResourceDeploymentFailure&amp;quot;,&#xD; &amp;quot;message&amp;quot;: &amp;quot;The resource operation completed with terminal provisioning state &amp;#39;Failed&amp;#39;.&amp;quot;,&#xD; &amp;quot;details&amp;quot;: [&#xD; {&#xD; &amp;quot;code&amp;quot;: &amp;quot;DeploymentFailed&amp;quot;,&#xD; &amp;quot;message&amp;quot;: &amp;quot;At least one resource deployment operation failed. Please list deployment operations for details. Please see &lt;a href="https://aka.ms/arm-debug"&gt;https://aka.ms/arm-debug&lt;/a&gt; for usage details.&amp;quot;,&#xD; &amp;quot;details&amp;quot;: [&#xD; {&#xD; &amp;quot;code&amp;quot;: &amp;quot;Conflict&amp;quot;,&#xD; &amp;quot;message&amp;quot;: &amp;quot;{\r\n \&amp;quot;status\&amp;quot;: \&amp;quot;Failed\&amp;quot;,\r\n \&amp;quot;error\&amp;quot;: {\r\n \&amp;quot;code\&amp;quot;: \&amp;quot;ResourceDeploymentFailure\&amp;quot;,\r\n \&amp;quot;message\&amp;quot;: \&amp;quot;The resource operation completed with terminal provisioning state &amp;#39;Failed&amp;#39;.\&amp;quot;,\r\n \&amp;quot;details\&amp;quot;: [\r\n {\r\n \&amp;quot;code\&amp;quot;: \&amp;quot;VMExtensionProvisioningError\&amp;quot;,\r\n \&amp;quot;message\&amp;quot;: \&amp;quot;VM has reported a failure when processing extension &amp;#39;CustomScriptExtension&amp;#39;. Error message: \\\&amp;quot;Finished executing command\\\&amp;quot;.\&amp;quot;\r\n }\r\n ]\r\n }\r\n}&amp;quot;&#xD; }&#xD; ]&#xD; }&#xD; ]&#xD; }&#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;It wasn&amp;rsquo;t immediately clear what had gone wrong. We can dig from here and as is often true, failures teach us more than successes.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;I RDPed to the just provisioned VM. The logs for the VM Agent are in C:\WindowsAzure\Logs. The VM Agent is a system agent that runs in all IaaS VMs (customers can opt out if they would like). The VM Agent is necessary to run extensions. Let&amp;rsquo;s peek into the logs for the CustomScript Extension:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\1.8\CustomScriptHandler&#xD; &#xD; [1732+00000001] [08/14/2016 06:19:17.77] [INFO] Command execution task started. Awaiting completion...&#xD; &#xD; [1732+00000001] [08/14/2016 06:19:18.80] [ERROR] Command execution finished. Command exited with code: -196608&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The fact that the failure logs are cryptic hinted that something catastrophic had happened. So I re-looked at my input and realized that I had the file extension for the PS script wrong. I had it as Sample.ps when it should have been Sample.ps1. I updated the VM this time specifying the script file with the right extension. This succeeded as shown by more records appended to the log file mentioned above.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; [3732+00000001] [08/14/2016 08:42:24.04] [INFO] HandlerSettings = ProtectedSettingsCertThumbprint: , ProtectedSettings: {}, PublicSettings: {FileUris: [https://iaasv2tempstorewestus.blob.core.windows.net/vmextensionstemporary-10033fff801becb5-20160814084130535/simple.ps1?sv=2015-04-05&amp;amp;sr=c&amp;amp;sig=M3qa7lS%2BZwp%2B8Tytqf1VEew4YaAKvvYn1yzGrPfSwyw%3D&amp;amp;se=2016-08-15T08%3A41%3A30Z&amp;amp;sp=rw], CommandToExecute: powershell -ExecutionPolicy Unrestricted -File simple.ps1 }&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.04] [INFO] Downloading files specified in configuration...&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.05] [INFO] DownloadFiles: fileUri = https://iaasv2tempstorewestus.blob.core.windows.net/vmextensionstemporary-10033fff801becb5-20160814084130535/simple.ps1?sv=2015-04-05&amp;amp;sr=c&amp;amp;sig=M3qa7lS+Zwp+8Tytqf1VEew4YaAKvvYn1yzGrPfSwyw=&amp;amp;se=2016-08-15T08:41:30Z&amp;amp;sp=rw&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.05] [INFO] DownloadFiles: Initializing CloudBlobClient with baseUri = https://iaasv2tempstorewestus.blob.core.windows.net/&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.22] [INFO] DownloadFiles: fileDownloadPath = Downloads\0&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.22] [INFO] DownloadFiles: asynchronously downloading file to fileDownloadLocation = Downloads\0\simple.ps1&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.24] [INFO] Waiting for all async file download tasks to complete...&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.29] [INFO] Files downloaded. Asynchronously executing command: &amp;#39;powershell -ExecutionPolicy Unrestricted -File simple.ps1 &amp;#39;&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:24.29] [INFO] Command execution task started. Awaiting completion...&#xD; &#xD; [3732+00000001] [08/14/2016 08:42:25.29] [INFO] Command execution finished. Command exited with code: 0&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The CustomScript extension takes a script file which can be provided as a file in a Storage blob. Portal offers a convenience where it accepts a file from the local machine. I had provided Simple.ps1 which was in my \temp folder. Behind the scenes Portal uploads the file to a blob, generates a shared access signature (SAS) and passes it on to CRP. From the logs above you can see that &lt;a href="https://iaasv2tempstorewestus.blob.core.windows.net/vmextensionstemporary-10033fff801becb5-20160814084130535/simple.ps1?sv=2015-04-05&amp;amp;sr=c&amp;amp;sig=M3qa7lS+Zwp+8Tytqf1VEew4YaAKvvYn1yzGrPfSwyw=&amp;amp;se=2016-08-15T08:41:30Z&amp;amp;sp=rw"&gt;URI&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;This URI is worth understanding. It is a Storage blob SAS with the following attributes for an account in West US (which is the same region where my VM is deployed):&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;se=2016-08-15T08:41:30Z means that the SAS is valid until that time (UTC). Comparing it to the timestamp on the corresponding record in log (08/14/2016 08:42:24.05) it is clear that the SAS is being generated for a period of 24 hours.&lt;/li&gt;&#xD; &lt;li&gt;Sr=c means that this is container level policy.&lt;/li&gt;&#xD; &lt;li&gt;Sp=rw means that the access is for both read and write.&lt;/li&gt;&#xD; &lt;li&gt;The &lt;a href="https://azure.microsoft.com/en-us/documentation/articles/storage-dotnet-shared-access-signature-part-1/"&gt;shared access signature (SAS)&lt;/a&gt; has the full descriptions&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;I asserted above that this is a storage account in West US. That may be apparent from the naming of the storage account (iaasv2tempstorewestus) but is not a guarantee. So how can you verify that this storage account (or any other storage account) is in the region it claims to be in?&lt;/p&gt;&#xD; &#xD; &lt;p&gt;A simple nslookup on the blob DNS URL reveals this&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Users\yunusm&amp;gt;nslookup iaasv2tempstorewestus.blob.core.windows.net&#xD; &#xD; Server: PK5001Z.PK5001Z&#xD; &#xD; Address: 192.168.0.1&#xD; &#xD; Non-authoritative answer:&#xD; &#xD; Name: blob.by4prdstr03a.store.core.windows.net&#xD; &#xD; Address: 40.78.112.72&#xD; &#xD; Aliases: iaasv2tempstorewestus.blob.core.windows.net&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The blob URL is a CNAME to a canonical DNS blob.by4prdstr03a.store.core.windows.net. Experimentation will show that more than one storage accounts maps to a single canonical DNS URL. The &amp;lsquo;by4&amp;rsquo; in the name gives a hint to what region it is located. As per the &lt;a href="https://azure.microsoft.com/en-us/regions/"&gt;Azure Regions&lt;/a&gt; page, the West US region is in California. Looking up the geo location of the IP address (40.78.112.72) indicates a more specific area within California.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Understanding the VM&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;Now that we have a healthy VM, let&amp;rsquo;s understand it more. As per the Azure VM Sizes page, this is the VM that I just created:&lt;/p&gt;&#xD; &#xD; &lt;table border="1" cellpadding="0" cellspacing="3"&gt;&#xD; &lt;tbody&gt;&#xD; &lt;tr&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Size&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;CPU cores&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Memory&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;NICs (Max)&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Max. disk size&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Max. data disks (1023 GB each)&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Max. IOPS (500 per disk)&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Max network bandwidth&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Standard_D1_v2&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;1&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;3.5 GB&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;1&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;Temporary (SSD) =50 GB&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;2&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;2x500&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;td valign="top"&gt;&#xD; &lt;p&gt;moderate&lt;/p&gt;&#xD; &lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;/tbody&gt;&#xD; &lt;/table&gt;&#xD; &#xD; &lt;p&gt;This information can be fetched programmatically by doing a &lt;a href="https://management.azure.com/subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Compute/virtualMachines/BlogWindowsVM/vmSizes?api-version=2016-03-30"&gt;GET&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Returns this:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; {&#xD; &#xD; &amp;quot;name&amp;quot;: &amp;quot;Standard_DS1_v2&amp;quot;,&#xD; &#xD; &amp;quot;numberOfCores&amp;quot;: 1,&#xD; &#xD; &amp;quot;osDiskSizeInMB&amp;quot;: 1047552,&#xD; &#xD; &amp;quot;resourceDiskSizeInMB&amp;quot;: 7168,&#xD; &#xD; &amp;quot;memoryInMB&amp;quot;: 3584,&#xD; &#xD; &amp;quot;maxDataDiskCount&amp;quot;: 2&#xD; &#xD; }&#xD; &#xD; Doing a &lt;a href="https://management.azure.com/subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Compute/virtualMachines/BlogWindowsVM?api-version=2016-03-30"&gt;GET on the VM&lt;/a&gt; we created&#xD; Returns the following. Let&amp;rsquo;s understand this response in some detail. I have annotated inline comments &lt;em&gt;preceded and followed by //&lt;/em&gt;&#xD; {&#xD; &amp;quot;properties&amp;quot;: {&#xD; &amp;quot;vmId&amp;quot;: &amp;quot;694733ec-46a0-4e0b-a73b-ee0863a0f12c&amp;quot;,&#xD; &amp;quot;hardwareProfile&amp;quot;: {&#xD; &amp;quot;vmSize&amp;quot;: &amp;quot;Standard_DS1_v2&amp;quot;&#xD; },&#xD; &amp;quot;storageProfile&amp;quot;: {&#xD; &amp;quot;imageReference&amp;quot;: {&#xD; &amp;quot;publisher&amp;quot;: &amp;quot;MicrosoftWindowsServer&amp;quot;,&#xD; &amp;quot;offer&amp;quot;: &amp;quot;WindowsServer&amp;quot;,&#xD; &amp;quot;sku&amp;quot;: &amp;quot;2012-R2-Datacenter&amp;quot;,&#xD; &amp;quot;version&amp;quot;: &amp;quot;latest&amp;quot;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The interesting field here is the version. Publishers can have multiple versions of the same image at any point of time. Popular images are revved typically on a monthly frequency with the security patches. Major new versions are released as new SKUs. The Portal has defaulted me to the latest version. As a customer, I can chose to pick a specific version as well, whether I deploy thru Portal or thru an ARM template using the CLI or REST API; the latter being the preferred method for automated scenarios. The problem with specifying a particular version is that it can render the ARM template fragile. The deployment will break if the publisher unpublishes that specific version in one or more regions, as a publisher can do. So unless there is a good reason not to, the preferred value for the version setting is latest. As an example, the following images of the SKU 2012-R2-Datacenter are currently in the WestUS region, as returned by the CLI command azure vm image list.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20151120&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20151120&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20151214&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20151214&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20160126&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20160126&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20160229&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20160229&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20160430&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20160430&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20160617&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20160617&lt;br&gt;&#xD; MicrosoftWindowsServer&amp;nbsp; WindowsServer&amp;nbsp; 2012-R2-Datacenter&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; Windows&amp;nbsp; 4.0.20160721&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; westus&amp;nbsp;&amp;nbsp;&amp;nbsp; MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20160721&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &amp;quot;osDisk&amp;quot;: {&#xD; &amp;quot;osType&amp;quot;: &amp;quot;Windows&amp;quot;,&#xD; &amp;quot;name&amp;quot;: &amp;quot;BlogWindowsVM&amp;quot;,&#xD; &amp;quot;createOption&amp;quot;: &amp;quot;FromImage&amp;quot;,&#xD; &amp;quot;vhd&amp;quot;: {&#xD; &amp;quot;uri&amp;quot;: &lt;a href="https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd"&gt;https://blogrgdisks562.blob.core.windows.net/vhds/BlogWindowsVM2016713231120.vhd&lt;/a&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The OS disk is a page blob and starts out as a copy of the source image that the Publisher has published. Looking at the meta data of this blob and correlating it to what the VM itself has is instructive. Using the Cloud Explorer in Microsoft Visual Studio the blob&amp;rsquo;s property window:&lt;br&gt;&#xD; &lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/4e10e0b5-c266-4c51-ba75-6e5767a27f39.png"&gt;&lt;img alt="1" border="0" height="686" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/128643e7-4a67-4b74-b446-379975c63585.png" style="border: 0px currentColor; border-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; display: inline; background-image: none;" title="1" width="1239"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;This is a regular page blob that is functioning as an OS disk over the network. You will observe that the Last Modified date pretty much stays with NOW() most of the time &amp;ndash; the reason being as long as the VM is running there are some flushes happening to the disk regularly. The size of the OS disk is 127 GB; the max allowed OS disk in Azure is 1 TB.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="http://azurestorageexplorer.codeplex.com"&gt;Azure Storage Explorer&lt;/a&gt; shows more properties for the same blob than the VS Cloud Explorer.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/4d2146a2-f2e7-44ba-8eee-f5a1639705f5.png"&gt;&lt;img alt="image" border="0" height="642" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/4c830573-c8ad-480f-b5ad-55411454b6a0.png" style="border: 0px currentColor; border-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; display: inline; background-image: none;" title="image" width="1261"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The interesting properties are the Lease properties. It shows the blob as leased with an infinite duration. Internally to VM creation, when a page blob is configured to be an OS/data disk for a VM, we take a lease on that blob before attaching it to the VM. This is so that the blob for a running VM is not deleted out of band. If you see a disk-backing blob has no lease while it shows as attached to a VM then that would be an inconsistent state and will need to be repaired.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;RDPing in the VM itself, we can see two drives mounted and the OS drive is about the same size as the page blob in Storage. The pagefile is on D drive; so that faulted pages are fetched locally rather than over the network from Blob Storage. The temporary storage can be lost in case of events that case a VM to be relocated to a different node.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/c58399a3-cc72-4443-83e1-f129c9616db6.png"&gt;&lt;img alt="image" border="0" height="602" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/ba3a6fae-87d6-4b17-80ac-659d3b0b2573.png" style="border: 0px currentColor; border-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; display: inline; background-image: none;" title="image" width="1256"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &amp;quot;caching&amp;quot;: &amp;quot;ReadWrite&amp;quot;&#xD; },&#xD; &amp;quot;dataDisks&amp;quot;: []&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;there are no data disks yet but we will add some soon&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &amp;quot;osProfile&amp;quot;: {&#xD; &amp;quot;computerName&amp;quot;: &amp;quot;BlogWindowsVM&amp;quot;,&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The name we chose for the VM in Portal is the hostname as well. The VM is DHCP enabled and gains its DIP address thru DHCP. The VM is registered in an internal DNS and has a generated FQDN.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &lt;em&gt;C:\Users\yunusm&amp;gt;ipconfig /all&lt;/em&gt;&#xD; &#xD; &lt;em&gt;Windows IP Configuration&lt;/em&gt;&#xD; &#xD; &lt;em&gt; Host Name . . . . . . . . . . . . : BlogWindowsVM&#xD; Primary Dns Suffix . . . . . . . :&#xD; Node Type . . . . . . . . . . . . : Hybrid&#xD; IP Routing Enabled. . . . . . . . : No&#xD; WINS Proxy Enabled. . . . . . . . : No&#xD; DNS Suffix Search List. . . . . . : qkqr4ajgme4etgyuajvm1sfy3h.dx.internal.cl&#xD; oudapp.net&lt;/em&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Ethernet adapter:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &lt;em&gt; &lt;/em&gt;Connection-specific DNS Suffix . : qkqr4ajgme4etgyuajvm1sfy3h.dx.internal.cl&#xD; oudapp.net&#xD; Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter&#xD; Physical Address. . . . . . . . . : 00-0D-3A-33-81-01&#xD; DHCP Enabled. . . . . . . . . . . : Yes&#xD; Autoconfiguration Enabled . . . . : Yes&#xD; Link-local IPv6 Address . . . . . : fe80::980c:bf29:b2de:8a05%12(Preferred)&#xD; IPv4 Address. . . . . . . . . . . : 10.1.0.4(Preferred)&#xD; Subnet Mask . . . . . . . . . . . : 255.255.255.0&#xD; Lease Obtained. . . . . . . . . . : Saturday, August 13, 2016 11:14:58 PM&#xD; Lease Expires . . . . . . . . . . : Wednesday, September 20, 2152 6:24:34 PM&#xD; Default Gateway . . . . . . . . . : 10.1.0.1&#xD; DHCP Server . . . . . . . . . . . : 168.63.129.16&#xD; DHCPv6 IAID . . . . . . . . . . . : 301993274&#xD; DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-41-C4-70-00-0D-3A-33-81-01&#xD; &#xD; DNS Servers . . . . . . . . . . . : 168.63.129.16&#xD; NetBIOS over Tcpip. . . . . . . . : Enabled&#xD; &#xD; &amp;quot;adminUsername&amp;quot;: &amp;quot;yunusm&amp;quot;,&#xD; &amp;quot;windowsConfiguration&amp;quot;: {&#xD; &amp;quot;provisionVMAgent&amp;quot;: true,&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;This is a hint to install a guest agent that does a bunch of config and runs the extensions. The guest agent binaries are here - C:\WindowsAzure\Packages&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;enableAutomaticUpdates&amp;quot;: true&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Windows VMs by default are set to receive auto updates from Windows Update Service. There is a nuance to grasp here regarding availability and auto updates. If you have an Availability Set with multiple VMs with the purpose of getting high SLA against unexpected faults, then you do not want to have correlated actions (like Windows Updates) that can take down VMs across the Availability Set.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/a465d7ac-11c5-453d-ac8a-e212e05dd041.png"&gt;&lt;img alt="image" border="0" height="392" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/ce389ebe-a664-48f1-8ea3-b9ca517db447.png" style="border: 0px currentColor; border-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; display: inline; background-image: none;" title="image" width="969"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; },&#xD; &#xD; &amp;quot;secrets&amp;quot;: []&#xD; &#xD; },&#xD; &#xD; &amp;quot;networkProfile&amp;quot;: {&#xD; &#xD; &amp;quot;networkInterfaces&amp;quot;: [&#xD; &#xD; {&#xD; &#xD; &amp;quot;id&amp;quot;: &amp;quot;/subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Network/networkInterfaces/blogwindowsvm91&amp;quot;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;NIC is a standalone resource, we are not discussing networking resources yet.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; }&#xD; ]&#xD; },&#xD; &amp;quot;diagnosticsProfile&amp;quot;: {&#xD; &amp;quot;bootDiagnostics&amp;quot;: {&#xD; &amp;quot;enabled&amp;quot;: true,&#xD; &amp;quot;storageUri&amp;quot;: &amp;quot;&lt;a href="https://blogrgdiag337.blob.core.windows.net/&amp;quot;"&gt;https://blogrgdiag337.blob.core.windows.net/&amp;quot;&lt;/a&gt;&#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;Boot diagnostics have been enabled. Portal has a way of viewing the screenshot. You can get the URL for the screenshot from CLI:&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; C:\Program Files (x86)\Microsoft SDKs\Azure\CLI\bin&amp;gt;node azure vm get-serial-output&#xD; &#xD; info: Executing command vm get-serial-output&#xD; &#xD; Resource group name: blogrg&#xD; &#xD; Virtual machine name: blogwindowsvm&#xD; &#xD; + Getting instance view of virtual machine &amp;quot;blogwindowsvm&amp;quot;&#xD; &#xD; info: Console Screenshot Blob Uri:&#xD; &#xD; https://blogrgdiag337.blob.core.windows.net/bootdiagnostics-blogwindo-694733ec-46a0-4e0b-a73b-ee0863a0f12c/BlogWindowsVM.694733ec-46a0-4e0b-a73b-ee0863a0f12c.screenshot.bmp&#xD; &#xD; info: vm get-serial-output command OK&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;The boot screenshot can be &lt;a href="http://blogrgdiag337.blob.core.windows.net/bootdiagnostics-blogwindo-694733ec-46a0-4e0b-a73b-ee0863a0f12c/BlogWindowsVM.694733ec-46a0-4e0b-a73b-ee0863a0f12c.screenshot.bmp"&gt;viewed in Portal&lt;/a&gt;. However, the URL for the screenshot bmp file does not render in a browser.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;What gives? It is due to the authentication on the storage account which blocks anonymous access. For any blob or container in Azure Storage it is possible to &lt;a href="https://azure.microsoft.com/en-us/documentation/articles/storage-manage-access-to-resources/"&gt;configure anonymous read access&lt;/a&gt;. Please do this with caution and only in cases where secrets will not be exposed. It is a useful capability for sharing data that is not confidential without having to generate SAS signatures. Once anonymous access is enabled on the container the screenshot renders in any browser outside of the portal.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/df121718-855a-4a0d-a6fc-a6038586b61a.png"&gt;&lt;img alt="image" border="0" height="675" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/750bf908-68e3-4803-b338-16b9f8e37437.png" style="border: 0px currentColor; border-image: none; padding-top: 0px; padding-right: 0px; padding-left: 0px; display: inline; background-image: none;" title="image" width="1059"&gt;&lt;/a&gt;&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp; },&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;provisioningState&amp;quot;: &amp;quot;Succeeded&amp;quot;&lt;br&gt;&#xD; &amp;nbsp; },&lt;br&gt;&#xD; &amp;nbsp; &amp;quot;resources&amp;quot;: [&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp; {&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;properties&amp;quot;: {&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;publisher&amp;quot;: &amp;quot;Microsoft.Compute&amp;quot;,&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;type&amp;quot;: &amp;quot;CustomScriptExtension&amp;quot;,&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;typeHandlerVersion&amp;quot;: &amp;quot;1.7&amp;quot;,&lt;br&gt;&#xD; &amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;quot;autoUpgradeMinorVersion&amp;quot;: true,&lt;/p&gt;&#xD; &#xD; &lt;p&gt;It is usually safe for extensions to be auto updated on the minor version. There have been very few surprises in this regard though you have an option to not auto update.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; &amp;quot;settings&amp;quot;: {&#xD; &amp;quot;fileUris&amp;quot;: [&#xD; &lt;a href="https://iaasv2tempstorewestus.blob.core.windows.net/vmextensionstemporary-10033fff801becb5-20160814084130535/simple.ps1?sv=2015-04-05&amp;amp;sr=c&amp;amp;sig=M3qa7lS%2BZwp%2B8Tytqf1VEew4YaAKvvYn1yzGrPfSwyw%3D&amp;amp;se=2016-08-15T08%3A41%3A30Z&amp;amp;sp=rw"&gt;https://iaasv2tempstorewestus.blob.core.windows.net/vmextensionstemporary-10033fff801becb5-20160814084130535/simple.ps1?sv=2015-04-05&amp;amp;sr=c&amp;amp;sig=M3qa7lS%2BZwp%2B8Tytqf1VEew4YaAKvvYn1yzGrPfSwyw%3D&amp;amp;se=2016-08-15T08%3A41%3A30Z&amp;amp;sp=rw&lt;/a&gt;&lt;/pre&gt;&#xD; &#xD; &lt;p&gt;As discussed earlier this is the SAS key for the powershell script. You will see this as a commonly used pattern to sharing files and data &amp;ndash; upload to a blob, generate a SAS key and pass around.&lt;/p&gt;&#xD; &#xD; &lt;pre&gt;&#xD; ],&#xD; &amp;quot;commandToExecute&amp;quot;: &amp;quot;powershell -ExecutionPolicy Unrestricted -File simple.ps1 &amp;quot;&#xD; },&#xD; &amp;quot;provisioningState&amp;quot;: &amp;quot;Succeeded&amp;quot;&#xD; },&#xD; &amp;quot;id&amp;quot;: &amp;quot;/subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Compute/virtualMachines/BlogWindowsVM/extensions/CustomScriptExtension&amp;quot;,&#xD; &amp;quot;name&amp;quot;: &amp;quot;CustomScriptExtension&amp;quot;,&#xD; &amp;quot;type&amp;quot;: &amp;quot;Microsoft.Compute/virtualMachines/extensions&amp;quot;,&#xD; &amp;quot;location&amp;quot;: &amp;quot;westus&amp;quot;&#xD; },&#xD; {&#xD; &amp;quot;properties&amp;quot;: {&#xD; &amp;quot;publisher&amp;quot;: &amp;quot;Microsoft.Azure.Diagnostics&amp;quot;,&#xD; &amp;quot;type&amp;quot;: &amp;quot;IaaSDiagnostics&amp;quot;,&#xD; &amp;quot;typeHandlerVersion&amp;quot;: &amp;quot;1.5&amp;quot;,&#xD; &amp;quot;autoUpgradeMinorVersion&amp;quot;: true,&#xD; &amp;quot;settings&amp;quot;: {&#xD; &amp;quot;xmlCfg&amp;quot;: &amp;lt;trimmed&amp;gt;,&#xD; &amp;quot;StorageAccount&amp;quot;: &amp;quot;blogrgdiag337&amp;quot;&#xD; },&#xD; &amp;quot;provisioningState&amp;quot;: &amp;quot;Succeeded&amp;quot;&#xD; },&#xD; &amp;quot;id&amp;quot;: &amp;quot;/subscriptions/f028f547-f912-42b0-8892&amp;not;-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Compute/virtualMachines/BlogWindowsVM/extensions/Microsoft.Insights.VMDiagnosticsSettings&amp;quot;,&#xD; &amp;quot;name&amp;quot;: &amp;quot;Microsoft.Insights.VMDiagnosticsSettings&amp;quot;,&#xD; &amp;quot;type&amp;quot;: &amp;quot;Microsoft.Compute/virtualMachines/extensions&amp;quot;,&#xD; &amp;quot;location&amp;quot;: &amp;quot;westus&amp;quot;&#xD; }&#xD; ],&#xD; &amp;quot;id&amp;quot;: &amp;quot;/subscriptions/f028f547-f912-42b0-8892-89ea6eda4c5e/resourceGroups/BlogRG/providers/Microsoft.Compute/virtualMachines/BlogWindowsVM&amp;quot;,&#xD; &amp;quot;name&amp;quot;: &amp;quot;BlogWindowsVM&amp;quot;,&#xD; &amp;quot;type&amp;quot;: &amp;quot;Microsoft.Compute/virtualMachines&amp;quot;,&#xD; &amp;quot;location&amp;quot;: &amp;quot;westus&amp;quot;&#xD; }&lt;/pre&gt;&#xD; &#xD; &lt;h2&gt;To Be Continued&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;We will carry on with what we can learn from a single VM and then move on to other topics.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-virtual-machine-internals-part-1/#comments</comments> <link>https://azure.microsoft.com/blog/azure-virtual-machine-internals-part-1/</link> <dc:creator>Yunus Mohammed</dc:creator> </item> <item> <guid isPermaLink="false">azure-media-services-live-monitoring-dashboard-open-source-release</guid> <category>Media Services &amp; CDN</category> <title>Azure Media Services Live Monitoring Dashboard open-source release</title> <description>We are excited to announce the open-source release of the Azure Media Services (AMS) Live Monitoring Dashboard on GitHub. The Live Monitoring Dashboard is a .NET C# web app that enables Azure Media…</description> <pubDate>Wed, 11 Jan 2017 08:00:04 Z</pubDate> <content:encoded>&lt;p&gt;We are excited to announce the open-source release of the Azure Media Services (AMS) &lt;a href="https://github.com/Azure-Samples/media-services-dotnet-live-monitoring-dashboard" target="_blank"&gt;Live Monitoring Dashboard&lt;/a&gt; on GitHub.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;The Live Monitoring Dashboard is a .NET C# web app that enables Azure Media Services (AMS) customers to view the health of their channel and origin deployments. The dashboard captures the state of ingest, archive, encode, and origin telemetry entities, enabling customers to quantify the health of their services with low latency. The dashboard supplies data on the incoming data rate for video stream ingestion, dropped data in storage archive, encoding data rate, and origin HTTP error statuses and latencies.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;em&gt;Special thanks to &lt;a href="https://github.com/duggaraju" target="_blank"&gt;Prakash Duggaraju&lt;/a&gt; for his help and contributions to this project.&lt;/em&gt;&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Dashboard overview&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The image below illustrates the account-level view of the Live Monitoring Dashboard. The upper left pane highlights each deployment&amp;rsquo;s health status with a different status code color. Ingest, archive, origin, and encode telemetry entities are denoted by i, a, o, and e abbreviations respectively. Each color of theindicator summarizes whether an entity is currently impacted. Green denotes healthy, orange indicates mildly impacted, red indicates unhealthy, and gray indicates inactive. You can modify the thresholds for which these flags are raised from the storage account JSON configuration file. From the right pane, you can drill down into the detailed views for each deployment by clicking on the active status squares.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;This dashboard is backed by a SQL database that reads telemetry data from your Azure storage account. Our &lt;a href="https://azure.microsoft.com/en-au/blog/telemetry-platform-features-in-azure-media-services/" target="_blank"&gt;telemetry release announcement blog post&lt;/a&gt; details the types of telemetry data supported today. Every 30 seconds all views within the dashboard are automatically refreshed with the latest telemetric data.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/af8ec6a2-cf2a-4e4c-b9b1-de1b556f60ef.png"&gt;&lt;img alt="Home Page" border="0" height="1309" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/dc9482f6-96e6-4916-b321-ab40175c5228.png" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" title="Home Page" width="2156"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Channel Detailed View&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The channel detailed view provides incoming bitrate, discontinuity count, overlap count, and bitrate ratio data for a given channel. In this view, these fields represent the following:&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;&lt;strong&gt;Bitrate&lt;/strong&gt;: the expected bitrate for a given track and incoming bitrate is the bitrate that the channel receives&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Discontinuity&lt;/strong&gt; &lt;strong&gt;count&lt;/strong&gt;: the count of instances where a fragment was missing in the stream&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Overlap count&lt;/strong&gt;: the count of instances where the channel receives fragments with the same or overlapping stream timestamp&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Bitrate ratio&lt;/strong&gt;: the ratio of incoming bitrate to expected bitrate&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;Optimally, a channel should have no discontinuities, no overlaps, and a bitrate ratio of one. Flags are set to raise when these dimensions deviate from normal values.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/48e78d28-1ace-4751-ac01-d1f566c1554f.png"&gt;&lt;img alt="Channel Detailed View" border="0" height="543" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/417d8b8b-57ba-4ca2-bdce-9e27f093dc13.png" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" title="Channel Detailed View" width="898"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Archive Detailed View&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The archive detailed view provides bitrate, dropped fragment count, and dropped fragment rate for the archive entities backing each track. In this view, these fields represent the following:&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;&lt;strong&gt;Bitrate&lt;/strong&gt;: the expected bitrate of the given track&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Dropped fragment count&lt;/strong&gt;: the number of fragments dropped in the program&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Dropped fragment ratio&lt;/strong&gt;: the number of fragments dropped per minute&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;Optimally, the dropped fragment count and dropped fragment ratio should be zero.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/cb81caf9-ddb0-447f-b0a7-4e1ca42f0b0c.png"&gt;&lt;img alt="Archive Detailed View" border="0" height="434" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/c7557ec5-37f1-4bc6-9ab3-c9a2a9407cc8.png" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" title="Archive Detailed View" width="896"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Origin Detailed View&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The origin detailed view provides request count, bytes sent, server latency, end-to-end (E2E) latency, request ratio, bandwidth, and data output utilization ratio for a given origin. In this view, these fields represent the following:&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;&lt;strong&gt;Request count&lt;/strong&gt;: the number of times a client requested data from the origin, categorized by the HTTP status code&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Bytes sent&lt;/strong&gt;: the number of bytes returned to the client&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Server latency&lt;/strong&gt;: the server latency component for responding to a request&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;End-to-end latency&lt;/strong&gt;: the total latency for responding to a request&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Request rate&lt;/strong&gt;: the number of requests the origin receives per minute&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Bandwidth&lt;/strong&gt;: the origin response throughput&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Request ratio&lt;/strong&gt;: the percentage of requests for a given HTTP status code&lt;/li&gt;&#xD; &lt;li&gt;&lt;strong&gt;Data output utilization ratio&lt;/strong&gt;: the percentage of maximum throughput that the origin utilizes&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;p&gt;Optimally, origin requests should return only HTTP 200 status codes and there should be no failed requests (HTTP 4XX + 5XX &amp;ndash; 412). The data out utilization should preferably not exceed 90 - 95% of the maximum available throughput.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/a80e8928-d1d7-450a-bd99-492e49d339a3.png"&gt;&lt;img alt="Origin Detailed View" border="0" height="805" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/90269702-fce9-4101-8f07-b7272a9b1d88.png" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" title="Origin Detailed View" width="898"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Encode Detailed View&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;The encode detailed view provides the health status for inputs, transcoders, output, and overall health.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;a href="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/7c15e2a3-adfb-444b-8739-d3b07a1bb5a0.png"&gt;&lt;img alt="Encode Detailed View" border="0" height="296" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/f47e13b1-d459-4396-9098-5f21af6379c0.png" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" title="Encode Detailed View" width="895"&gt;&lt;/a&gt;&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Optimally, the encoder detailed view should reflect overall healthy status.&lt;/p&gt;&#xD; &#xD; &lt;h2&gt;Providing feedback &amp;amp; feature requests&lt;/h2&gt;&#xD; &#xD; &lt;p&gt;We love to hear from our customers and better understand your needs! To help serve you better, we are always open to feedback, new ideas, and appreciate any bug reports so that we can continue to provide an amazing service with the latest technologies. To request new features, provide ideas or feedback, please submit to &lt;strong&gt;&lt;a href="http://aka.ms/amsvoice/" target="_blank"&gt;User Voice for Azure Media Services&lt;/a&gt;&lt;/strong&gt;. If you have any specific issues, questions, or find any bugs, please post your question or feedback to our &lt;a href="https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=MediaServices"&gt;forum&lt;/a&gt;.&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/azure-media-services-live-monitoring-dashboard-open-source-release/#comments</comments> <link>https://azure.microsoft.com/blog/azure-media-services-live-monitoring-dashboard-open-source-release/</link> <dc:creator>Dwyane George</dc:creator> </item> <item> <guid isPermaLink="false">standardstreamingendpoint</guid> <category>Announcements</category> <category>Media Services &amp; CDN</category> <title>Announcing: New Auto-Scaling Standard Streaming Endpoint and Enhanced Azure CDN Integration</title> <description>We are excited to announce Standard Streaming Endpoint and additional Azure CDN provider integration in Azure Media Services. </description> <pubDate>Tue, 10 Jan 2017 14:00:16 Z</pubDate> <content:encoded>&lt;p&gt;Since the launch of Azure Media Services our streaming services have been one of the biggest things that has attracted customers to our platform.&amp;nbsp; It offers the scale and robustness to handle the largest events on the web including &lt;a href="https://customers.microsoft.com/en-US/story/provider-uses-the-cloud-to-serve-25-million-world-cup"&gt;FIFA World Cup matches&lt;/a&gt;, &lt;a href="http://blogs.microsoft.com/blog/2014/02/06/going-for-gold-windows-azure-media-services-provide-live-and-on-demand-streaming-of-2014-olympic-winter-games-on-nbc/#sm.00000utvcbvqfpfc6zmlhrhqd00qd"&gt;streaming coverage of Olympic events&lt;/a&gt;, and Super Bowls.&amp;nbsp; It also offers features that greatly reduce workflow complexity and cost through &lt;a href="https://docs.microsoft.com/en-us/azure/media-services/media-services-dynamic-packaging-overview"&gt;dynamic packaging&lt;/a&gt; into HLS, MPEG-DASH, and Smooth Streaming as well as &lt;a href="https://docs.microsoft.com/en-us/azure/media-services/media-services-content-protection-overview"&gt;dynamic encryption&lt;/a&gt; for Microsoft PlayReady, Google Widevine, Apple Fairplay, and AES128.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;However, our origin services (aka Streaming Endpoints) have always been plagued with the usability issue of needing to provision them with Streaming Units (each one provides 200Mbps of egress capacity) based on scale needs.&amp;nbsp; We continually receive questions from customers and partners asking &amp;ldquo;how many Streaming Units do I need?&amp;rdquo;, &amp;ldquo;how do I know when I need more&amp;rdquo;, &amp;ldquo;can I get dynamic packaging without Streaming Units&amp;rdquo;, etc.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Thus, we&amp;rsquo;re very excited to announce that we have a new Streaming Endpoint option called a &lt;strong&gt;Standard Streaming Endpoint&lt;/strong&gt; which eliminates this complexity by giving you the scale and robustness you need without needing to worry about Streaming Units.&amp;nbsp; Behind the scenes we monitor the bandwidth requirements on your Streaming Endpoint and scale out as needed.&amp;nbsp; This means a Standard Streaming Endpoint can be used to deliver your streams to a large range of audience sizes, from very small audiences&amp;nbsp;to thousands of concurrent viewers using the integration of Azure CDN services (more on that further below).&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;strong&gt;More good news!&lt;/strong&gt; We also heard your request to have a free trial period to get familiar with Azure Media Services streaming capabilities. When a new Media Services account gets created, a default Standard Streaming Endpoint also automatically gets provisioned under the account. This endpoint includes a 15-day free trial period and trial period starts when the Endpoint gets started for the first time.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;In addition to Standard Streaming Endpoints, we are also pleased to announce enhanced Azure CDN integration. With a single click you can integrate all the available Azure CDN providers (Akamai and Verizon) to your Streaming Endpoint including their Standard and Premium products and you can manage and configure all the related features through the Azure CDN portal. When Azure CDN is enabled for a Streaming Endpoint using Azure Media Services, &lt;a href="https://azure.microsoft.com/en-us/pricing/details/bandwidth/"&gt;data transfer charges&lt;/a&gt; between the Streaming Endpoint and CDN do not apply. Data transferred is instead charged at the CDN edge using &lt;a href="https://azure.microsoft.com/en-us/pricing/details/cdn/"&gt;CDN pricing&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/e41d85ce-7005-48f6-b6b4-da6617a97595.png"&gt;&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;Comparing Streaming Endpoint Types&lt;/h3&gt;&#xD; &#xD; &lt;p&gt;Our previous Streaming Endpoints are not going away, meaning there are now multiple options&amp;nbsp;so let&amp;rsquo;s discuss their attributes.&amp;nbsp; But before I do let&amp;nbsp;me first jump to the punch line and give you our&amp;nbsp;recommendation for which Streaming Endpoint type you should use.&amp;nbsp; We have analyzed current customer usage and have determined that the streaming needs of 98% of our customers can be met with Standard Streaming Endpoint and CDN integration.&amp;nbsp; The remaining 2% are customers like &lt;a href="https://customers.microsoft.com/en-US/story/on-demand-servers-for-on-demand-video"&gt;Xbox Movies&lt;/a&gt;&amp;nbsp;and &lt;a href="https://customers.microsoft.com/en-US/story/streaming-service-partners-with-microsoft-to-build-a-powerful-distribution-platform"&gt;Rakuten Showtime&lt;/a&gt;&amp;nbsp;that have extremely large catalogs, massive audiences, and origin load profiles that are very unique.&amp;nbsp; Thus, unless you feel your service will be in that stratosphere our recommendation is that you migrate to a Standard Streaming Endpoint.&amp;nbsp; If you have any concerns that you may fall into that 2% please &lt;a href="mailto:[email protected]?subject=Azure%20Media%20Services%20Streaming%20Question"&gt;contact us&lt;/a&gt; and we can provide additional guidance. A good guide post is to contact us if you expect a concurrent audience size larger than 50,000 viewers.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;With that out of the way, here&amp;rsquo;s some finer grained details on the types and how they can be provisioned.&lt;/p&gt;&#xD; &#xD; &lt;ul&gt;&#xD; &lt;li&gt;Our existing Streaming Units have now been renamed to &amp;quot;Premium Streaming Units&amp;quot; and any streaming endpoint that have a Premium Streaming Unit will be named a &amp;ldquo;Premium Streaming Endpoint&amp;rdquo;.&amp;nbsp; These Streaming Endpoints behave exactly as they did before and require you to provision them with Streaming Units based on your anticipated load.&amp;nbsp; As mentioned above almost everyone should be using a Standard Streaming Endpoint and you should contact us if you think you need a Premium Streaming Endpoint.&lt;/li&gt;&#xD; &lt;li&gt;Any newly created Azure Media Services account will by default have a Standard Streaming Endpoint with Azure CDN (S1 Verizon Standard) integrated created&amp;nbsp;and placed&amp;nbsp;in a stopped state.&amp;nbsp; It is put into a stopped state so that it doesn&amp;rsquo;t incur any charges until you are ready to begin streaming.&lt;/li&gt;&#xD; &lt;li&gt;New Streaming Endpoints can also be created as Standard Streaming Endpoints.&lt;/li&gt;&#xD; &lt;li&gt;Previously, when a new Azure Media Services account was created a Streaming Endpoint was created with no Streaming Units(aka Classic Streaming Endpoint)&amp;nbsp;. This was a free service intended to give developers time to develop services before incurring any costs.&amp;nbsp; However, Streaming Units were needed to turn on many of our critical services such as dynamic packaging and encryption so the value was very limited.&amp;nbsp; Some customers may still have one of these &amp;ldquo;Classic&amp;rdquo; Streaming Endpoints in their account.&amp;nbsp; We recommend customers migrate these to Standard as well, they will not be migrated automatically.&amp;nbsp; The migration can be done using Azure management portal or Azure Media Services APIs.&amp;nbsp; For more information, please check &amp;quot;&lt;a href="https://docs.microsoft.com/en-us/azure/media-services/media-services-streaming-endpoints-overview"&gt;Streaming endpoints overview&lt;/a&gt;&amp;quot;.&amp;nbsp; As mentioned above we are offering a 15-day free trial on Standard which provides developers with the same ability to develop services without incurring streaming costs.&lt;/li&gt;&#xD; &lt;/ul&gt;&#xD; &#xD; &lt;table style="width: 888px; color: rgb(51, 51, 51); text-transform: none; text-indent: 0px; letter-spacing: normal; overflow: auto; font-family: -apple-system, BlinkMacSystemFont, &amp;quot;Segoe UI&amp;quot;, Helvetica, Arial, sans-serif, &amp;quot;Apple Color Emoji&amp;quot;, &amp;quot;Segoe UI Emoji&amp;quot;, &amp;quot;Segoe UI Symbol&amp;quot;; font-size: 16px; font-style: normal; font-weight: normal; margin-top: 0px; margin-bottom: 16px; word-spacing: 0px; display: block; white-space: normal; border-collapse: collapse; box-sizing: border-box; border-spacing: 0px; orphans: 2; widows: 2; font-variant-ligatures: normal; font-variant-caps: normal; -webkit-text-stroke-width: 0px;"&gt;&#xD; &lt;thead style="box-sizing: border-box;"&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;th style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; font-weight: bold; box-sizing: border-box;"&gt;Feature&lt;/th&gt;&#xD; &lt;th style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; font-weight: bold; box-sizing: border-box;"&gt;Standard&lt;/th&gt;&#xD; &lt;th style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; font-weight: bold; box-sizing: border-box;"&gt;Premium&lt;/th&gt;&#xD; &lt;/tr&gt;&#xD; &lt;/thead&gt;&#xD; &lt;tbody style="box-sizing: border-box;"&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Free first 15 days*&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;No&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(248, 248, 248);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Streaming Scale&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Up to 600 Mbps when Azure CDN is not used; With Azure CDN turned on Standard will scale to thousands of concurrent viewers&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;200 Mbps per streaming unit (SU) and scales with CDN.&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;SLA&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;99.9&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;99.9 (200 Mbps per SU).&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(248, 248, 248);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;CDN&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Azure CDN, third party CDN, or no CDN.&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Azure CDN, third party CDN, or no CDN.&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Billing is prorated&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Daily&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Daily&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(248, 248, 248);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Dynamic encryption&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Dynamic packaging&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;IP filtering/G20/Custom host&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(248, 248, 248);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Progressive download&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Yes&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;tr style="border-top-color: rgb(204, 204, 204); border-top-width: 1px; border-top-style: solid; box-sizing: border-box; background-color: rgb(255, 255, 255);"&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Recommended usage&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;Recommended for the vast majority of streaming scenarios, contact us if you think you may have needs beyond Standard&lt;/td&gt;&#xD; &lt;td style="padding: 6px 13px; border: 1px solid rgb(221, 221, 221); border-image: none; box-sizing: border-box;"&gt;&lt;a href="mailto:[email protected]?subject=Azure%20Media%20Services%20Streaming%20Question"&gt;Contact Us&lt;/a&gt;&lt;/td&gt;&#xD; &lt;/tr&gt;&#xD; &lt;/tbody&gt;&#xD; &lt;/table&gt;&#xD; &#xD; &lt;p&gt;&lt;em&gt;*Note: Free trial doesn&amp;rsquo;t apply to existing accounts and end date doesn&amp;rsquo;t change with state transitions such as stop/start. Free trial starts the first time you start the streaming endpoint and ends after 15 calendar days. The free trial only applies to the default streaming endpoint and doesn&amp;#39;t apply to additional streaming endpoints.&lt;/em&gt;&lt;br&gt;&#xD; &amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;When to Use Azure CDN?&lt;/h3&gt;&#xD; &#xD; &lt;p&gt;As mentioned above all new Media Services accounts by default have a Standard Streaming Endpoint with Azure CDN (S1 Verizon Standard) integrated. In most cases you should keep CDN enabled. However, if you are anticipating max concurrency lower than 500 viewers then it is recommended to disable&amp;nbsp;CDN since CDN scales best with concurrency.&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;To migrate your Classic or Premium&amp;nbsp;endpoint to Standard&lt;/h3&gt;&#xD; &#xD; &lt;ol&gt;&#xD; &lt;li&gt;Navigate to streaming endpoint settings&lt;br&gt;&#xD; Toggle your type from Premium to Classic. (If your endpoint doesn&amp;#39;t have any streaming units Classic type will be highlighted)&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/98107694-623d-4e5a-b687-07c1dfd3e58b.png"&gt;&lt;/li&gt;&#xD; &lt;li&gt;Click &amp;quot;&lt;em&gt;&lt;strong&gt;Classic&lt;/strong&gt;&lt;/em&gt;&amp;quot; and save&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/007114a3-24fb-4107-b2b7-85dba58f5961.png"&gt;&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/62e88348-8627-46da-8011-61f83c6f09e2.png"&gt;&lt;br&gt;&#xD; &amp;nbsp;&lt;/li&gt;&#xD; &lt;li&gt;After saving the changes &amp;quot;&lt;strong&gt;&lt;em&gt;Opt-in to Standard&lt;/em&gt;&lt;/strong&gt;&amp;quot; button should be visible&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/b70e798b-7ea0-4da3-864e-f63fe6c7abd9.png"&gt;&lt;/li&gt;&#xD; &lt;li&gt;Click &amp;quot;&lt;strong&gt;&lt;em&gt;Opt-in to Standard&lt;/em&gt;&lt;/strong&gt;&amp;quot;&lt;br&gt;&#xD; Read the details&amp;nbsp;and click YES.&amp;nbsp; (&lt;strong&gt;Note&lt;/strong&gt;: Migrating from classic to standard endpoints cannot be rolled back and has a pricing impact. Please check &lt;a href="https://azure.microsoft.com/en-us/pricing/details/media-services/"&gt;Azure Media Services pricing page&lt;/a&gt;. After migration, it can take up to 30 minutes for full propagation and dynamic packaging and streaming requests might fail during this period)&lt;br&gt;&#xD; When operation is completed your classic endpoint will be migrated to &amp;quot;&lt;em&gt;Standard&lt;/em&gt;&amp;quot;&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/4829e2be-498f-45f5-bbe5-c6c7192c1bcf.png"&gt;&lt;/li&gt;&#xD; &lt;/ol&gt;&#xD; &#xD; &lt;h3&gt;To migrate legacy CDN integration to new CDN integration&lt;/h3&gt;&#xD; &#xD; &lt;ol&gt;&#xD; &lt;li&gt;To migrate to new CDN integration you need to stop your streaming endpoint. Navigate to&amp;nbsp;streaming endpoint details and click stop&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/0c953da6-b01b-46ce-b1de-60476696ec6d.png"&gt;&lt;br&gt;&#xD; &lt;strong&gt;Note: &lt;/strong&gt;Stopping the endpoint will delete existing&amp;nbsp;CDN configuration and stop streaming. Any manually configured setting using CDN management portal will also be deleted and needs to be reconfigured after enabling new CDN integration. Please also note that legacy CDN integrated streaming endpoints doesn&amp;#39;t have the &amp;quot;Manage CDN&amp;quot; action button in the menu.&lt;/li&gt;&#xD; &lt;li&gt;Click &amp;quot;Disable CDN&amp;quot;&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/8a2df846-0278-4113-a5e5-5d73a2c72438.png"&gt;&lt;/li&gt;&#xD; &lt;li&gt;Click &amp;quot;Enable CDN&amp;quot; which will trigger new CDN integration workflow&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/d7c9f7b2-5204-44c8-987a-452b24f0a118.png"&gt;&lt;/li&gt;&#xD; &lt;li&gt;Follow the steps and select your CDN provider and pricing tiers based on your streaming endpoint type&lt;br&gt;&#xD; &lt;img height="497" src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/1540f125-993e-4e9b-b830-d2a3a4776944.png" style="width: 773px; height: 368px;" width="1107"&gt;&lt;/li&gt;&#xD; &lt;li&gt;Click &amp;quot;Start&amp;quot;&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/92ca0fc9-19a9-4cca-b1ac-ceccf126adef.png"&gt;&lt;br&gt;&#xD; &lt;strong&gt;Note:&lt;/strong&gt; Starting the streaming endpoint and full CDN provisioning might take up to 2 hours. During this period, you might use your streaming endpoint however, it will operate in degraded mode.&lt;/li&gt;&#xD; &lt;li&gt;Manage CDN; after streaming endpoint is started and CDN is fully provisioned you can access CDN management.&lt;br&gt;&#xD; Click &amp;quot;Manage CDN&amp;quot;&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/f0c3e7af-fc8f-44f8-8b0e-9761ad333a71.png"&gt;&lt;br&gt;&#xD; This will open CDN management section and you can manage and configure your streaming integrated CDN endpoint as a regular CDN endpoint.&lt;br&gt;&#xD; &lt;img src="https://azurecomcdn.azureedge.net/mediahandler/acomblog/media/Default/blog/da0a5b77-ae7c-4d8d-991a-eba04baeba0f.png"&gt;&lt;br&gt;&#xD; &lt;strong&gt;Note:&lt;/strong&gt; Data charges from streaming endpoint to CDN only gets disabled if the CDN is enabled over streaming endpoint APIs or using Azure management portal&amp;#39;s&amp;nbsp;streaming endpoint section. Manual integration or directly creating an&amp;nbsp;CDN endpoint using CDN APIs or portal section will not disable the data charges.&amp;nbsp;&lt;/li&gt;&#xD; &lt;/ol&gt;&#xD; &#xD; &lt;p style="margin: 0in 0in 0pt;"&gt;Finally; with the release of standard streaming endpoints you will also get access to all CDN providers and can enable your desired CDN provider such as Verizon Standard, Verizon Premium and Akamai Standard with the simple enable CDN check box on the streaming endpoints.&lt;/p&gt;&#xD; &#xD; &lt;p style="margin: 0in 0in 0pt;"&gt;&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p style="margin: 0in 0in 0pt;"&gt;You can get more information on Streaming Endpoint from &amp;quot;&lt;a href="https://docs.microsoft.com/en-us/azure/media-services/media-services-streaming-endpoints-overview"&gt;Streaming endpoints overview&lt;/a&gt;&amp;quot; and &amp;quot;&lt;a href="https://docs.microsoft.com/en-us/rest/api/media/operations/streamingendpoint"&gt;StreamingEndpoint REST&lt;/a&gt;&amp;quot;&lt;/p&gt;&#xD; &#xD; &lt;p style="margin: 0in 0in 0pt;"&gt;&amp;nbsp;&lt;/p&gt;&#xD; &#xD; &lt;p style="margin: 0in 0in 0pt;"&gt;We&amp;nbsp;hope you will enjoy our new standard streaming endpoint and the other features.&lt;/p&gt;&#xD; &#xD; &lt;h3&gt;Common questions related to streaming&lt;/h3&gt;&#xD; &#xD; &lt;p&gt;1) How to monitor streaming endpoints?&lt;/p&gt;&#xD; &#xD; &lt;p&gt;For the&amp;nbsp;last couple of months, we were running a private preview program for our&amp;nbsp;&amp;ldquo;telemetry APIs&amp;rdquo;.&amp;nbsp;I know some of you already used the private APIs, but from general usage there was no public data and&amp;nbsp;our streaming endpoints was a black box.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Good news is, we just released our &lt;strong&gt;&lt;em&gt;&amp;ldquo;Telemetry APIs&amp;rdquo;&lt;/em&gt;&lt;/strong&gt;. &amp;nbsp;With this APIs, you can monitor your streaming endpoint as well as your live channels. For streaming endpoint, you can get the throughput, latency, request count and errors count almost in real-time and act based on the values. Please check this blog post &lt;a href="https://azure.microsoft.com/en-us/blog/telemetry-platform-features-in-azure-media-services/"&gt;&lt;u&gt;&amp;ldquo;Telemetry Platform Features in Azure Media Services&amp;rdquo;&lt;/u&gt;&lt;/a&gt;&amp;nbsp;for details. You can also get more information from the &lt;a href="https://docs.microsoft.com/en-us/azure/media-services/media-services-telemetry-overview"&gt;API documentation&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;2) How to determine the count of&amp;nbsp;streaming units?&lt;/p&gt;&#xD; &#xD; &lt;p&gt;Unfortunately, there is no simple answer for this question.&amp;nbsp;The answers depend on various factors such as&amp;nbsp;your catalog size, CDN cache hit ratio, CDN node count, simultaneous connections, aggregated bitrate, protocol counts, DRM count&amp;nbsp;etc. Based on these values, you need to make the math and calculate the required streaming unit count.&amp;nbsp; Good news is, standard streaming endpoint and&amp;nbsp;Azure CDN integration combination will be sufficient enough for most of the work loads. If you&amp;nbsp;have an advanced workload or you are not sure if&amp;nbsp;standard endpoint is suitable for you&amp;nbsp;or you want to get more insights on the throughput, you can use the&amp;nbsp;Telemetry APIs and monitor your streaming&amp;nbsp;endpoints. If your load is more than the standard endpoint targeted values or you want to&amp;nbsp;use the&amp;nbsp;premium streaming units, you need to make the math based on telemetry values and define the streaming unit count and scale accordingly. You can start with a high number, but after that you can monitor the system and fine tune it and based on the throughput, request/sec and latency numbers.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;3) I don&amp;rsquo;t see CDN analytics for my existing streaming endpoints in the new portal.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;CDN management portal for existing CDN integrated streaming endpoints are not available in the new management portal and depriciated. To access the CDN management, you&amp;nbsp;should&amp;nbsp;migrate your streaming endpoint to new CDN integration. &amp;nbsp;Please see migration steps above.&lt;/p&gt;&#xD; &#xD; &lt;h3 style="margin: 0in 0in 0pt;"&gt;Providing Feedback and Feature Requests&lt;/h3&gt;&#xD; &#xD; &lt;p&gt;Azure Media Services will continue to grow and evolve, adding more features, and enabling more scenarios.&amp;nbsp; To help serve you better, we are always open to feedback, new ideas&amp;nbsp;and appreciate any bug reports so that we can continue to provide an amazing service with the latest technologies.&amp;nbsp;To request new features, provide ideas or feedback, please submit to &lt;a href="http://aka.ms/amsvoice/"&gt;&lt;strong&gt;&lt;u&gt;User Voice for Azure Media Services&lt;/u&gt;&lt;/strong&gt;&lt;/a&gt;. If you have and specific&amp;nbsp;issues, questions&amp;nbsp;or find any bugs, please post your question to our &lt;a href="https://social.msdn.microsoft.com/forums/azure/en-US/home?forum=MediaServices"&gt;forum&lt;/a&gt;.&lt;/p&gt;&#xD; &#xD; &lt;p&gt;&amp;nbsp;&lt;/p&gt;&#xD; </content:encoded> <comments>https://azure.microsoft.com/blog/standardstreamingendpoint/#comments</comments> <link>https://azure.microsoft.com/blog/standardstreamingendpoint/</link> <dc:creator>Cenk Dingiloglu</dc:creator> </item> </channel> </rss>