World Backup Day is as good as any to back up your data

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger.  That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day, but regularly.
One of the biggest threats to data is ransomware. Organizations, hospitals, and businesses have succumbed to paying attackers – a testament to the importance of key data to business continuity. Unfortunately, these incidents can indicate the absence of effective backup strategies in these organizations, which can make ransomware attacks more lucrative for attackers.
We have observed a decline in ransomware encounters in recent months. In part, we believe this downward trend is a result of enhanced detection of ransomware downloaders by Windows Defender AV via heuristics and improved cloud protection, which are powered by precise machine learning models. The blocking of ransomware downloaders significantly decreased the volume of ransomware that reaches the endpoint. Those that do reach the computer can be detected and removed by generic heuristic-based ransomware detections.
But that doesn’t mean that the threat of ransomware is going away any time soon. If anything, we’re seeing a lot of innovation in malware code in ransomware families like Cerber and Locky, as well as in cybercriminal operations that distribute them. They will continue to be a big threat to companies, especially as they are observed to take on characteristics of targeted attacks. The sad truth is, cybercriminals know they can get significantly better returns from companies.
The other threat to data is data-wiping malware, which delete or replace all files on the computer. These threats are being used in high-profile targeted attacks against large organizations. Given the extent of their damage, they can halt business operations or take services offline.
One such malware is Depriz (aka Shamoon), which has been used in multiple targeted attacks in the Middle East since 2016. Attacks that use Depriz are destructive in nature, so there is barely any chance of restoring damaged files.
In a very curious development, a new version of Depriz was spotted sporting a ransomware component. This combination pointedly emphasizes how much attackers want to go after company data, whether to encrypt them for extortion money as ransomware would, or to delete them for sabotage as data-wipers would.
Ransomware and data-wipers pile on to already existing threats to data: theft, hardware breakdown, natural disasters, or even human mistakes. The general advice is to assume compromise. It takes only one employee falling prey to a social engineering lure to start a chain of infection that will lead to data loss.
The impact of ransomware and data-wiping malware can be minimized by making sound backup plans a critical component of any disaster recovery plan.
The 3-2-1 rule is a generally accepted practice for backing up. By creating three backup copies in at least two different storage media formats, with at least one copy in offline storage, you can have better safeguards to making sure your data is protected against these types of attacks. The 3-2-1 technique increases your chances of recovering from incidents.
Windows 10 has built-in technologies that can help you back up files systematically. You can turn on File History to regularly and automatically save copies of important files in a drive you specify. The best practice is to use an external drive as the backup drive, and to do a periodic offline backup by disconnecting the backup drive. This is because ransomware can encrypt file history backups just like any other files in the computer, including backup drives that are connected at the time of infection. File History can gracefully handle backup drives as they are connected and disconnected. You can then restore files from backup in the event your files are lost or damaged.
Microsoft OneDrive and Microsoft OneDrive for Business, which allow you to store, access, and share files from anywhere using any device, is integrated into Windows 10. On top of being a great collaboration and organization tool, OneDrive can help protect from ransomware and other threats using Version History, which automatically saves the previous version of your Office documents when you save or change them. You can then use your OneDrive backup to restore files.
Needless to say, endpoints and networks should be protected from ransomware and cyberattacks. Windows Defender Antivirus, for instance, uses a combination of heuristic and machine-learning technologies to deliver cloud-based protection against the latest threats. On the other hand, Windows Defender Advanced Threat Protection alerts security operations teams about suspicious activities associated with ransomware, zero-day exploits, targeted attacks, and other threats.
Even with security solutions in place, however, your data may still be exposed to other risks, such as the aforementioned natural disasters, media failure, and human error. Everything must be done to make sure critical data is safe. Backing up is not option – it should be a vital part of any cybersecurity strategy.
Tanmay Ganacharya
Principal Security GM, Windows Defender Research
Follow on Twitter: @tanmayg

Windows 10 Creators Update: ?????????? ???????????? ? ??????????? ??-???????????

?????? ??????? Microsoft ?????????? ? ????? ???????? Windows 10 Creators Update, ??????? ??????? ????????????? ??? ????????? ?????????? ? ?????????? ???????. ? ?????????? ?????? ????????? ?????? ??? ?????????? Windows Insider Program, ?? ?????? ?????????? ??? ????? ??????? ? ??????????? ??? ??????????, ??????? ????? ???????? ? ??????? ????? ??????????.

?????? ?????? ?;

ContentPanda: Throwing it back with our Top 5 #SharePoint #Office365 Blog Posts of 2016. #Information #Governance comes in at #5:

ContentPanda: Throwing it back with our Top 5 #SharePoint #Office365 Blog Posts of 2016. #Information #Governance comes in at #5:

Modern public folder deployment best practices

Since the release of Microsoft Exchange Server 2013, we have heard questions regarding the sizing and deployment of modern public folders. It is important to plan migrations for public folders so the client experience with their use is good. In this blog post, we will discuss some of best practices and recommendations regarding modern public folder deployment as well as discuss various related concepts. We will assume that you are already familiar with basic modern public folders concepts so we will not go there (but might link to relevant articles).
There is a lot here as we are going through several examples. Use it as a reference!
How clients connect to the public folder hierarchy mailbox
When the user launches the Outlook desktop client on Windows or Mac, client contacts the Autodiscover service to determine connection settings for the user’s primary mailbox and their archive mailbox if they have one. During the initial response, the Autodiscover service may indicate there are public folders available in the environment by including an XML element named . This element will contain the SMTP address of a public folder mailbox within the environment. An additional Autodiscover request will be made to request connection settings for the SMTP address of the public folder mailbox.
To provide a value for this element during the initial request/response interaction, the Autodiscover service calls a function named GetPublicFolderRecipient. This function gathers information for the available public folder mailboxes in the environment available for serving hierarchy connections.
In most cases the GetPublicFolderRecipient function will (randomly) pick a public folder mailbox from the available list to be handed over to the Autodiscover Service, which in turn gets returned to the client.
Another possibility is that the user’s mailbox has a static DefaultPublicFolderMailbox assigned. When a mailbox has a default public folder mailbox assigned, the client will always attempt to connect to this public folder mailbox for hierarchy connections. If that public folder mailbox is not available for some reason, the client will fall to reach the public folder infrastructure and will not fall back to a random public folder mailbox. Something to keep in mind!
Note: In the case of Outlook on the web (we’ll call it OWA for short) clients accessing public folders, public folder mailbox access does not rely on the Autodiscover service even though the same selection process logic is used. In other words, OWA uses similar functionality that the Get-Mailbox cmdlet uses to get list of available public folder mailboxes the user can utilize. Even if Autodiscover is offline for some reason in the environment, you may see users successfully accessing public folders via OWA, but not Outlook clients.
When are new mailboxes eligible for this process?
By default, all public folder mailboxes deployed in the environment can serve hierarchy connections to the clients. However, immediately after creation a new public folder mailbox will not be used by Autodiscover. This is due to the newly created public folder mailbox has not yet completed an initial full hierarchy sync from the primary hierarchy public folder mailbox. This logic is automatically calculated and is reflected in the parameter IsHierarchyReady. By default, the value will be set to $False. If this value remains $False, the GetPublicFolderRecipient function will not return that public folder mailbox to the Autodiscover Service as it is assumed to contain an incomplete copy of the hierarchy (a user connecting to it would not have a complete view of the public folder infrastructure). Once the value of the newly created public folder mailbox’s IsHierarchyReady has changed to $True, the Autodiscover service will be able to hand it out to clients.
Under normal conditions this initial full hierarchy sync should start automatically within 24 hours of the public folder mailbox being created. You may also invoke the hierarchy sync manually if you so choose by using the below command:
Update-PublicFolderMailbox -Identity “Public folder mailbox name” -SuppressStatus -Fullsync -InvokeSynchronizer
The time it takes for the fully hierarchy replication to complete depends on several factors such as (but not limited to) network speed, number of public folders, geographical location of PF mailboxes, and connection load on the primary hierarchy mailbox.
The initial hierarchy sync happens using a pull operation model. The secondary public folder mailboxes will poll the primary hierarchy public folder mailbox to fetch the hierarchy information. Once the initial FullSync is complete, the value of IsHierarchyReady will change to True automatically and the public folder mailbox will be available to serve the hierarchy information to requesting clients.
To confirm, the following command can be run:
Get-Mailbox -PublicFolder | fl name,ishierarchyready
Note: While IsHierarchyReady value can be manually forced to True using PowerShell, this is not supported. Doing this can cause the public folder mailboxes to serve incomplete hierarchy to clients. The recommendation is wait for the initial sync to complete or manually invoke the hierarchy sync to get the hierarchy replicated to the new public folder mailboxes.
Once the initial hierarchy sync is complete for the public folder mailbox, the next hierarchy sync hereon will happen using the push model, where the primary hierarchy mailbox will push the changes to the secondary hierarchy public folder mailbox every 10 minutes.
Another setting an administrator has at their disposal is the attribute IsExcludedFromServingHierarchy. This attribute can be set to $False (default) or $True using the Set-Mailbox cmdlet and will prevent this mailbox from being used by Autodiscover or OWA to serve hierarchy connections to clients. Even after IsHierarchyReady becomes automatically set to $True the public folder mailbox will be excluded from Autodiscover and OWA hierarchy usage if IsExcludedFromServingHierarchy is set to $True. This option is useful when you want a public folder mailbox utilized only for content of public folders and can be set immediately after the public folder mailbox is created.
Note: If DefaultPublicFolderMailbox is populated on a user mailbox it will override the $True value of IsExcludedFromServingHierarchy (on the mailbox they are connecting) and will allow that user to connect to the public folder mailbox specified in DefaultPublicFolderMailbox for hierarchy. We will discuss this later in the post.
Scenario 1: What happens when default public folder mailbox value has not been set on the user mailbox?
Let’s say we have 50 public folder mailboxes in their default state, all of which have sync’d hierarchy, and there are 20,000 users who try to access public folders. The Autodiscover service will provide a random public folder mailbox to each user to service hierarchy requests.
The specific public folder mailbox being returned to the client can change randomly, or if Outlook is closed and reopened, based on what GetPublicFolderRecipient function returns to Autodiscover which in turn returns the data to the client.
On the client side, public folder mailboxes being accessed will appear under the connection status in Outlook, as shown below:

The first public folder GUID value in here is a random primary public folder hierarchy mailbox. The remaining public folders GUIDs are populated and returned when user tries to access individual public folders which reside within those public folder mailboxes.
Scenario 2: Restricting clients to contact a specific public folder mailbox for hierarchy.
It is possible to override the behavior of random selection of default public folder hierarchy mailbox.
First, you need to confirm that the public folder mailbox has IsHierarchyReady populated with value of $True which confirms that it has completed its initial full hierarchy sync with the primary public folder mailbox.
Run the command:
Get-Mailbox -PublicFolder “Public Folder mailbox name” | FL Name,ExchangeGuid,*Hierarchy*

Once the above is confirmed, the next step is to assign the desired public folder mailbox as the DefaultPublicFolderMailbox on the user mailbox. In our example this would be accomplished by running the below command:
Set-Mailbox “user mailbox identiy” -DefaultPublicFolderMailbox “PF-MBX-002” -Verbose
Now, when the client opens Outlook, Autodiscover provides the DefaultPublicFolderMailbox’s SMTP address in the XML element and the client then performs a second Autodiscover request to learn how to connect to this public folder mailbox.
When we check the Outlook connection status, it will list the assigned public folder mailbox.

Scenario 3: Setting the default public folder mailboxes close to the user’s location for better client experience
Our customers deal with communication links that may be highly latent and expectedly inoperable for periods of time. For demonstration purposes let’s consider our favorite company called Contoso which has the following configuration:

Three company sites are listed below:

Hyderabad: India with 23,000 mailboxes. Local servers have 10Gbps LAN connectivity and there are three public folder mailboxes in this site.
Adelaide: Australia with 5,000 mailboxes. Local servers have 10Gbps LAN connectivity and there is one public folder mailbox in this site.
A cruise ship with 500 mailboxes for employees on-board. Local server has 1Gbps LAN connectivity and there is one public folder mailbox per ship.

To maintain communications with their ships at sea, Contoso has established a 384Kbps satellite link to each ship and has also installed a dish at their Hyderabad site. All network routes to/from ships are routed via Hyderabad’s own satellite link.
Contoso has also purchased 1Gbps of bandwidth on a submarine cable link to Australia. All WAN routes to/from Australia site traverse this link.
Challenges with the above deployment
If we were to simply deploy modern public folders with all the default values, we could see some interesting things happen. For example, all users could be offered any of the five public folder mailboxes for hierarchy regardless of their location.
The worst-case scenario here would be a ship based user trying to access PFMBX-AUS-001 for hierarchy information or an Adelaide based user trying to access PFMBX-SHIP-001 for hierarchy information. In either of those scenarios we see client traffic traversing round-trip not only along the longest network path, but also the one with the least bandwidth and most latency. In this extreme example, you would more than likely have clients calling the help desk reporting the Outlook RPC popup after they attempted to expand the public folder tree.
Considering the above problems, we recommend administrators with similar decentralized and complex network topologies consider configuring user mailboxes to access public folder mailboxes located within local or geographically closer sites as their default public folder mailbox.
What would work better?
In an environment like the one in the example, it may make sense to set IsExcludedFromServinginHierarchy to $True for the public folder mailboxes on all cruise ships and Australia. This will remove them from being returned as valid public folder hierarchy endpoints for Autodiscover and OWA, leaving only the three well-connected Hyderabad based public folder mailboxes setup for automatic discovery.
Additionally, the DefaultPublicFolderMailbox attribute at the mailbox level should be utilized for employees based on the cruise ship or the Australia continent to ensure they always attempt to connect to a public folder mailbox that makes sense based on their geolocation. One caveat here is if a user from the Australia office were to visit the cruise ship (for work purposes sadly and not fun in the sun!), their client would continue to connect back to Australia for their PF hierarchy connection. In addition, the Hyderabad office with 23,000 mailboxes would need to monitor user concurrency to determine if they need additional public folder mailboxes or not over time to stay within supported user concurrency limits.
Things to remember and plan during the deployment:

Understand the company topology completely before making any decision to deploy public folders for offices located in different geographical locations. Correct deployment of public folders using the recommended approach will make life easier for administrators and end users.
Make use of the attribute IsExcludedFromServinginHierarchy by setting it to $True when it makes sense to exclude public folder mailboxes from being discovered by Autodiscover for providing hierarchy information to clients and avoid any unwanted connections.
The DefaultPublicFolderMailbox attribute at the mailbox level should be considered when you need to ensure the users in less-connected sites must connect to public folder mailboxes close to their geographical location for hierarchy information. Misconfiguration can lead to serious issues such as latency in accessing public folder information and poor end user experience.
No more than 2000 active connections being made to the same public folder mailbox at any point of time are currently supported. This will require advanced planning, to ensure that the public folders being heavily used by the clients are being distributed across the public folder mailboxes, which are in turn close to the user’s geographical site for better access and experience if necessary.
You can add one or more additional Hierarchy Only Secondary Public Folder Mailboxes (HOSPFM) and Content Only Secondary Public Folder Mailboxes (COSPFM) depending upon the geographical location and identification of commonly used public folder mailboxes by the end users for better end user experience. Yeah, we like our acronyms. Yup, we just made that up.

What are those (HOSPFM) and (COSPFM), and why do we require them?

Hierarchy Only Secondary Public Folder Mailbox (HOSPFM): does not contain public folder content and only serves hierarchy. IsExcludedFromServingHierarchy is set to False
Content Only Secondary Public Folder Mailbox (COSPFM): has public folder content in it but is excluded from serving hierarchy. IsExcludedFromServingHierarchy is set to True

There are 2 type of connections being made to the public folder mailbox, when it is accessed.

Hierarchy connection
Content connection

Public folder mailbox connections (both hierarchy and content) should not exceed 2000 to remain within the support boundaries. Given this requirement, you should plan to have enough public folder mailboxes serve hierarchy and/or content so that you maintain a level of less than 2000 active and simultaneous client connections per secondary public folder mailbox.
The primary public folder mailbox must be excluded from providing hierarchy to clients (IsExcludedFromServingHierarchy parameter set to True). This allows the primary public folder mailbox to spend its time maintaining the hierarchy and dealing with hierarchy replication tasks. Overloading this public folder mailbox with client connections can in turn lead to performance and reliability issues with your PF hierarchy.
How to move the public folder data close to the user’s geographical location
Consider another company also called Contoso, which has many offices around the world and modern public folders have been deployed in the environment. Sarah is a user whose mailbox is in a datacenter which is in India and she frequently works with public folders. There is another large group of users who also frequently work with the same set of public folders, but they are in a different geographical location, in Australia.
The public folders being accessed are in the India site, close to Sara’s geographical location, so she has a better experience when accessing public folders.

In contrast, when Australia users try to connect to public folder mailboxes, the local hierarchy public folder mailbox in their datacenter will provide the content location for required public folders. Users will initiate a connection to the actual public folder located in India holding the content for the public folder. Since the actual folder content is in different geographical location, the connection request may be not as performant for the Australian group of users, resulting in user frustration.
This deployment is not recommended. The focus should be on identifying the most frequently used public folders by a common set of users, and moving the public folders with that content closer to users’ location. In this scenario, the content should be moved closer to the larger group of users in Australia.
Note: Moving public folders only moves the physical contents of the public folder; it doesn’t change the logical hierarchy, or layout of folders in the folder tree.
To move the public folder content, run the command:
New-PublicFolderMoveRequest -Folders “path of the public folder to be moved” -TargetMailbox “target public folder mailbox name”
Note: To verify that the PublicFolderMoveRequest is complete, the command Get-PublicFolderMoveRequest can be run.
Like mailbox move requests, completed public folder move request must be removed before any other public folder can be moved to another public folder mailbox. To do this, run the command Remove-PublicFolderMoveRequest. If any other public folder move request is initiated without removing the old request, it will error out like this:

To remove the existing PublicFolderMoveRequest, run the command:
Get-PublicFolderMoveRequest | Remove-PublicFolderMoveRequest

Note: If a parent public folder and its subfolders need to be moved to another public folder mailbox, this can be done using Move-PublicFolderBranch.ps1 script, located in scripts folder.
For more details, see: Move a public folder to a different public folder mailbox
Once the public folder content has been moved to a different public folder mailbox, users in Australia site accessing the public folder will be updated by the local public folder mailbox hierarchy connection to the folder’s new content location and connect to the local public folder mailbox. To continue with our example, Sarah will continue to connect to local public folder mailbox for hierarchy (which has been set by the administrator), but will then get her content from the Australia datacenter. Even though the experience may not be as great for that one user, Sarah can add frequently used public folders to Favorites using Outlook client or OWA to help with latency issues.

Looking at the above example, it becomes very important to determine network latency and bandwidth before you start deployment of public folder mailboxes in geographically dispersed environment to avoid any latency issues when accessed by end users. In such situations, the recommendation will be to use tools like Netmon which can help in determining the connections happening to public folder mailboxes. There is a great tool written by Mark Russinovich called Psping, which can be helpful in determining the round-trip latency. Based on the results customers can decide whether the current network is suitable for their environment or if there are any changes that needs to be done.
Summary: deployment considerations
Considerations when deploying public folder mailboxes in the organization, to ensure they are protected and readily available to the clients:

Public folder mailboxes, both hierarchy and content, should be protected by placing them in databases protected by multiple copies in a Database Availability Group. By doing this, mailboxes will remain protected in case of any outage and be available to end users.
There should be no public folders hosted within the primary public folder mailbox. This way we dedicate the primary public folder mailbox to specifically focus on its job of replicating hierarchy changes to other public folder mailboxes.
You should exclude the primary public folder mailbox from serving hierarchy to clients. This is done by setting the IsExcludedFromServingHierachy to $True.
The recommendation is to activate database copies hosting public folder mailboxes on mailbox servers which are geographically located close to the client location.
The general recommendation is having one public folder hierarchy mailbox for every 2000 users accessing public folders. Additional hierarchy only public folder mailboxes can always be created to divide the connection load among users to ensure that the 2000 connection limit is not reached.
Plan and create more secondary hierarchy public folder mailboxes and content mailboxes to ensure there are fewer than 2000 active and concurrent connections to public folders and that they are close to the users geographical location to ensure there are no latency issues and users have good experience.
Since Exchange Server 2016 CU3 has released, you can make use of up to 1,000 public folder mailboxes. Of the 1,000 public folder mailboxes, 100 of them can be used for hierarchy (or 99 once you exclude the primary PF) and the remaining 900 can be used for content storage.

Post summary
In the above post, we have provided information on how public folder mailboxes are accessed, and the importance of correctly deploying them in a geographically dispersed environment. In upcoming posts, we will discuss topics related to public folder logging analysis, management and quota related information
We would like to say thanks to Public Folders Feature Crew team for their valuable inputs while this blog post was being written.
Special Thanks to Ross Smith IV, Nasir Ali, Scott Oseychik for reviewing this content and validating the guidance mentioned in the blog post and Charlotte Raymundo, Nino Bilic for helping us to get this blog post ready!
Siddhesh Dalvi and Brian Day

DaveWShanahan: #Microsoft #HomeHub #information surfaces on #software rival 4 #Amazon #Echo #Google #Home @onmsft #Alexa #Windows10

DaveWShanahan: #Microsoft #HomeHub #information surfaces on #software rival 4 #Amazon #Echo #Google #Home @onmsft #Alexa #Windows10

QuBitCon: Worried about #Windows 10 #snooping? Here's how you can stop it – TechRepublic #windows10 #privacy #information

QuBitCon: Worried about #Windows 10 #snooping? Here’s how you can stop it – TechRepublic #windows10 #privacy #information

jenstirrup: RT @Alan_D_Duncan: The Information Action Daily is out! #Information Strategy | #DataGoverance | #Analytics | Bette…

jenstirrup: RT @Alan_D_Duncan: The Information Action Daily is out! #Information Strategy | #DataGoverance | #Analytics | Bette…

MortenJP: As #Exselo, @Microsoft promotes #sharing of #information as 1 of their new #features coming to #Windows10…

MortenJP: As #Exselo, @Microsoft promotes #sharing of #information as 1 of their new #features coming to #Windows10…

Office 2013 can now block macros to help prevent infection

In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet.
This feature was documented back in March: New feature in Office 2016 can block macros and help prevent infection, and the predominant customer request we received was for this feature to be added to Office 2013.
We are pleased to announce that, as of September 2016, this feature is now part of Office 2013 – and it works in the same way as it does in Office 2016.
Administrators can enable this feature for Word, Excel, and PowerPoint by configuring it under the respective application’s Group Policy Administrative Templates for Office 2013.
For more information on how this feature works, and some background information on how macros can be abused for malware, see our blog from March 2016.